From 608f9704479038c128970282c89a4a2e6c5b9fe1 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 5 Aug 2024 19:10:15 +0800 Subject: [PATCH 1/2] remove unused code --- .../src/Auth/Process/ExpiryDate.php | 73 ------------------- modules/expirychecker/src/Utilities.php | 44 +---------- modules/mfa/src/Auth/Process/Mfa.php | 18 ----- .../src/Auth/Source/auth/AuthError.php | 1 - .../src/Auth/Source/auth/Authenticator.php | 13 +--- .../silauth/src/Auth/Source/auth/IdBroker.php | 12 --- 6 files changed, 4 insertions(+), 157 deletions(-) diff --git a/modules/expirychecker/src/Auth/Process/ExpiryDate.php b/modules/expirychecker/src/Auth/Process/ExpiryDate.php index 93f88a9..4aa6d11 100644 --- a/modules/expirychecker/src/Auth/Process/ExpiryDate.php +++ b/modules/expirychecker/src/Auth/Process/ExpiryDate.php @@ -5,11 +5,9 @@ use Exception; use Psr\Log\LoggerInterface; use Sil\Psr3Adapters\Psr3SamlLogger; -use SimpleSAML\Auth\ProcessingChain; use SimpleSAML\Auth\ProcessingFilter; use SimpleSAML\Auth\State; use SimpleSAML\Module; -use SimpleSAML\Module\expirychecker\Utilities; use SimpleSAML\Module\expirychecker\Validator; use SimpleSAML\Session; use SimpleSAML\Utils\HTTP; @@ -215,77 +213,6 @@ public function isTimeToWarn(int $expiryTimestamp, int $warnDaysBefore): bool return ($daysLeft <= $warnDaysBefore); } - /** - * Redirect the user to the change password url if they haven't gone - * there in the last 10 minutes - * @param array $state - * @param string $accountName - * @param string $passwordChangeUrl - * @param string $change_pwd_session - * @param int $expiryTimestamp The timestamp when the password will expire. - */ - public function redirect2PasswordChange( - array &$state, - string $accountName, - string $passwordChangeUrl, - string $change_pwd_session, - int $expiryTimestamp - ): void { - $sessionType = 'expirychecker'; - /* Save state and redirect. */ - $id = State::saveState( - $state, - 'expirychecker:redirected_to_password_change_url' - ); - $ignoreMinutes = 60; - - $session = Session::getSessionFromRequest(); - $idpExpirySession = $session->getData($sessionType, $change_pwd_session); - - // If the session shows that the User already passed this way, - // don't redirect to change password page - if ($idpExpirySession !== null) { - ProcessingChain::resumeProcessing($state); - } else { - // Otherwise, set a value to tell us they've probably changed - // their password, in order to allow password to get propagated - $session->setData( - $sessionType, - $change_pwd_session, - 1, - (60 * $ignoreMinutes) - ); - $session->save(); - } - - - /* If state already has the change password url, go straight there to - * avoid eternal loop between that and the idp. Otherwise add the - * original destination url as a parameter. */ - if (array_key_exists('saml:RelayState', $state)) { - $relayState = $state['saml:RelayState']; - if (strpos($relayState, $passwordChangeUrl) !== false) { - ProcessingChain::resumeProcessing($state); - } else { - $returnTo = Utilities::getUrlFromRelayState( - $relayState - ); - if (!empty($returnTo)) { - $passwordChangeUrl .= '?returnTo=' . $returnTo; - } - } - } - - $this->logger->warning(json_encode([ - 'event' => 'expirychecker: redirecting to change password', - 'accountName' => $accountName, - 'passwordChangeUrl' => $passwordChangeUrl, - ])); - - $httpUtils = new HTTP(); - $httpUtils->redirectTrustedURL($passwordChangeUrl, array()); - } - /** * @inheritDoc */ diff --git a/modules/expirychecker/src/Utilities.php b/modules/expirychecker/src/Utilities.php index d013ee4..8f08f9e 100644 --- a/modules/expirychecker/src/Utilities.php +++ b/modules/expirychecker/src/Utilities.php @@ -4,48 +4,6 @@ class Utilities { - - /** - * Expects three strings for a url and what marks out the beginning - * and end of the domain. - * - * Returns a string with the domain portion of the url (e.g. www.insitehome.org) - */ - public static function getUrlDomain(string $in_url, string $start_marker = '//', string $end_marker = '/'): string - { - $sm_len = strlen($start_marker); - $em_len = strlen($end_marker); - $start_pos = strpos($in_url, $start_marker); - $domain = substr($in_url, $start_pos + $sm_len); - - $end_pos = strpos($domain, $end_marker); - $domain = substr($domain, 0, $end_pos); - return $domain; - } - - /** - * Expects six strings for a url and what marks out the beginning - * and end of its domain and then the same again for a second url. - * - * Returns 1 if the domains of the two urls are the same and 0 otherwise. - */ - public static function haveSameDomain( - string $url1, - string $start_marker1, - string $end_marker1, - string $url2, - string $start_marker2 = '//', - string $end_marker2 = '/' - ): int { - $domain1 = self::getUrlDomain($url1, $start_marker1, $end_marker1); - $domain2 = self::getUrlDomain($url2, $start_marker2, $end_marker2); - - if ($domain1 === $domain2) { - return 1; - } - return 0; - } - /** * If the $relayState begins with "http", returns it. * Otherwise, returns empty string. @@ -54,7 +12,7 @@ public static function haveSameDomain( **/ public static function getUrlFromRelayState(string $relayState): string { - if (strpos($relayState, "http") === 0) { + if (str_starts_with($relayState, "http")) { return $relayState; } diff --git a/modules/mfa/src/Auth/Process/Mfa.php b/modules/mfa/src/Auth/Process/Mfa.php index e423567..5835bce 100644 --- a/modules/mfa/src/Auth/Process/Mfa.php +++ b/modules/mfa/src/Auth/Process/Mfa.php @@ -860,24 +860,6 @@ public static function getManagerEmail(array $state): ?string return self::maskEmail($managerEmail[0]); } - /** - * Get the manager MFA, if it exists. Otherwise, return null. - * - * @param array[] $mfaOptions The available MFA options. - * @return array The manager MFA. - * @throws InvalidArgumentException - */ - public static function getManagerMfa(array $mfaOptions): ?array - { - foreach ($mfaOptions as $mfaOption) { - if ($mfaOption['type'] === 'manager') { - return $mfaOption; - } - } - - return null; - } - /** * @param string $email an email address * @return string with most letters changed to asterisks diff --git a/modules/silauth/src/Auth/Source/auth/AuthError.php b/modules/silauth/src/Auth/Source/auth/AuthError.php index c173de8..1e0f7b7 100644 --- a/modules/silauth/src/Auth/Source/auth/AuthError.php +++ b/modules/silauth/src/Auth/Source/auth/AuthError.php @@ -12,7 +12,6 @@ class AuthError const CODE_USERNAME_REQUIRED = 'username_required'; const CODE_PASSWORD_REQUIRED = 'password_required'; const CODE_INVALID_LOGIN = 'invalid_login'; - const CODE_NEED_TO_SET_ACCT_PASSWORD = 'need_to_set_acct_password'; const CODE_RATE_LIMIT_SECONDS = 'rate_limit_seconds'; const CODE_RATE_LIMIT_1_MINUTE = 'rate_limit_1_minute'; const CODE_RATE_LIMIT_MINUTES = 'rate_limit_minutes'; diff --git a/modules/silauth/src/Auth/Source/auth/Authenticator.php b/modules/silauth/src/Auth/Source/auth/Authenticator.php index 926cbfa..b73bab7 100644 --- a/modules/silauth/src/Auth/Source/auth/Authenticator.php +++ b/modules/silauth/src/Auth/Source/auth/Authenticator.php @@ -4,14 +4,12 @@ use Exception; use Psr\Log\LoggerInterface; -use SimpleSAML\Module\silauth\Auth\Source\auth\AuthError; -use SimpleSAML\Module\silauth\Auth\Source\auth\IdBroker; use SimpleSAML\Module\silauth\Auth\Source\captcha\Captcha; -use SimpleSAML\Module\silauth\Auth\Source\time\UtcTime; -use SimpleSAML\Module\silauth\Auth\Source\time\WaitTime; +use SimpleSAML\Module\silauth\Auth\Source\http\Request; use SimpleSAML\Module\silauth\Auth\Source\models\FailedLoginIpAddress; use SimpleSAML\Module\silauth\Auth\Source\models\FailedLoginUsername; -use SimpleSAML\Module\silauth\Auth\Source\http\Request; +use SimpleSAML\Module\silauth\Auth\Source\time\UtcTime; +use SimpleSAML\Module\silauth\Auth\Source\time\WaitTime; /** * An immutable class for making a single attempt to authenticate using a given @@ -339,11 +337,6 @@ protected function setErrorInvalidLogin(): void $this->setError(AuthError::CODE_INVALID_LOGIN); } - protected function setErrorNeedToSetAcctPassword(): void - { - $this->setError(AuthError::CODE_NEED_TO_SET_ACCT_PASSWORD); - } - protected function setErrorPasswordRequired(): void { $this->setError(AuthError::CODE_PASSWORD_REQUIRED); diff --git a/modules/silauth/src/Auth/Source/auth/IdBroker.php b/modules/silauth/src/Auth/Source/auth/IdBroker.php index 1c8f86f..5a6938a 100644 --- a/modules/silauth/src/Auth/Source/auth/IdBroker.php +++ b/modules/silauth/src/Auth/Source/auth/IdBroker.php @@ -95,16 +95,4 @@ public function getAuthenticatedUser(string $username, string $password): ?array $userInfo['member'] ?? [] ); } - - /** - * Ping the /site/status URL. If the ID Broker's status is fine, the - * response string is returned. If not, an exception is thrown. - * - * @return string "OK" - * @throws Exception - */ - public function getSiteStatus(): string - { - return $this->client->getSiteStatus(); - } } From ffcac366d9c8b844b6622c77904b9395056838c3 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 11 Sep 2024 18:36:24 +0800 Subject: [PATCH 2/2] add CODEOWNERS file --- .github/workflows/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/workflows/CODEOWNERS diff --git a/.github/workflows/CODEOWNERS b/.github/workflows/CODEOWNERS new file mode 100644 index 0000000..d7646b1 --- /dev/null +++ b/.github/workflows/CODEOWNERS @@ -0,0 +1 @@ +* @silinternational/php-devs