diff --git a/development/UserPass.php b/development/UserPass.php index 8c3b6b3..e55c91f 100644 --- a/development/UserPass.php +++ b/development/UserPass.php @@ -13,7 +13,6 @@ use SimpleSAML\Error; use SimpleSAML\Logger; use SimpleSAML\Module\core\Auth\UserPassBase; -use SimpleSAML\Utils; /** * Example authentication source - username & password. @@ -23,7 +22,7 @@ * * @package SimpleSAMLphp */ -class UserPass extends \SimpleSAML\Module\core\Auth\UserPassBase // GTIS +class UserPass extends UserPassBase // GTIS { /** * Our users, stored in an associative array. The key of the array is ":", diff --git a/dockerbuild/config/config.php b/dockerbuild/config/config.php index bfcd5e8..2ceed2f 100644 --- a/dockerbuild/config/config.php +++ b/dockerbuild/config/config.php @@ -8,8 +8,9 @@ use Sil\PhpEnv\Env; use Sil\PhpEnv\EnvVarNotFoundException; +use SimpleSAML\Utils; -$httpUtils = new \SimpleSAML\Utils\HTTP(); +$httpUtils = new Utils\HTTP(); /* * Get config settings from ENV vars or set defaults diff --git a/features/bootstrap/LoginContext.php b/features/bootstrap/LoginContext.php index 2aea676..531ad8a 100644 --- a/features/bootstrap/LoginContext.php +++ b/features/bootstrap/LoginContext.php @@ -153,7 +153,7 @@ public function iShouldNotBeAllowedThrough() function () use ($authenticator) { $authenticator->getUserAttributes(); }, - \Exception::class, + Exception::class, 'The call to getUserAttributes() should have thrown an exception.' ); } diff --git a/features/bootstrap/SilDiscoContext.php b/features/bootstrap/SilDiscoContext.php index 66da5f8..4774047 100644 --- a/features/bootstrap/SilDiscoContext.php +++ b/features/bootstrap/SilDiscoContext.php @@ -26,7 +26,7 @@ public function iLogInUsingMyIdpCredentials($idp) break; default: - throw new \Exception('credential name not recognized'); + throw new Exception('credential name not recognized'); } $this->iLogIn(); } diff --git a/modules/expirychecker/src/Auth/Process/ExpiryDate.php b/modules/expirychecker/src/Auth/Process/ExpiryDate.php index c055a20..3efd9e6 100644 --- a/modules/expirychecker/src/Auth/Process/ExpiryDate.php +++ b/modules/expirychecker/src/Auth/Process/ExpiryDate.php @@ -2,6 +2,7 @@ namespace SimpleSAML\Module\expirychecker\Auth\Process; +use Exception; use Psr\Log\LoggerInterface; use Sil\Psr3Adapters\Psr3SamlLogger; use SimpleSAML\Auth\ProcessingChain; @@ -132,7 +133,7 @@ protected function getDaysLeftBeforeExpiry(int $expiryTimestamp): int * expiration date (as a string) is stored. * @param array $state The state data. * @return int The expiration timestamp. - * @throws \Exception + * @throws Exception */ protected function getExpiryTimestamp(string $expiryDateAttr, array $state): int { @@ -141,7 +142,7 @@ protected function getExpiryTimestamp(string $expiryDateAttr, array $state): int // Ensure that EVERY user login provides a usable password expiration date. $expiryTimestamp = strtotime($expiryDateString) ?: null; if (empty($expiryTimestamp)) { - throw new \Exception(sprintf( + throw new Exception(sprintf( "We could not understand the expiration date (%s, from %s) for " . "the user's password, so we do not know whether their " . "password is still valid.", @@ -178,7 +179,7 @@ protected function initLogger(array $config): void $loggerClass = $config['loggerClass'] ?? Psr3SamlLogger::class; $this->logger = new $loggerClass(); if (!$this->logger instanceof LoggerInterface) { - throw new \Exception(sprintf( + throw new Exception(sprintf( 'The specified loggerClass (%s) does not implement ' . '\\Psr\\Log\\LoggerInterface.', var_export($loggerClass, true) diff --git a/modules/mfa/public/prompt-for-mfa.php b/modules/mfa/public/prompt-for-mfa.php index 89197b9..6eff864 100644 --- a/modules/mfa/public/prompt-for-mfa.php +++ b/modules/mfa/public/prompt-for-mfa.php @@ -42,7 +42,7 @@ // This condition should never return ProcessingChain::resumeProcessing($state); - throw new \Exception('Failed to resume processing auth proc chain.'); + throw new Exception('Failed to resume processing auth proc chain.'); } $mfaId = filter_input(INPUT_GET, 'mfaId'); diff --git a/modules/mfa/src/Auth/Process/Mfa.php b/modules/mfa/src/Auth/Process/Mfa.php index 734e773..8cb8b5c 100644 --- a/modules/mfa/src/Auth/Process/Mfa.php +++ b/modules/mfa/src/Auth/Process/Mfa.php @@ -2,6 +2,8 @@ namespace SimpleSAML\Module\mfa\Auth\Process; +use Exception; +use InvalidArgumentException; use Psr\Log\LoggerInterface; use Sil\Idp\IdBroker\Client\BaseClient; use Sil\PhpEnv\Env; @@ -52,7 +54,7 @@ class Mfa extends ProcessingFilter * * @param array $config Configuration information about this filter. * @param mixed $reserved For future use. - * @throws \Exception + * @throws Exception */ public function __construct(array $config, mixed $reserved) { @@ -98,12 +100,12 @@ protected function loadValuesFromConfig(array $config, array $attributes): void * @param string $attribute The name of the attribute. * @param mixed $value The value to check. * @param LoggerInterface $logger The logger. - * @throws \Exception + * @throws Exception */ public static function validateConfigValue(string $attribute, mixed $value, LoggerInterface $logger): void { if (empty($value) || !is_string($value)) { - $exception = new \Exception(sprintf( + $exception = new Exception(sprintf( 'The value we have for %s (%s) is empty or is not a string', $attribute, var_export($value, true) @@ -184,13 +186,13 @@ protected static function getIdBrokerClient(array $idBrokerConfig): IdBrokerClie * @param array[] $mfaOptions The available MFA options. * @param int $mfaId The ID of the desired MFA option. * @return array The MFA option to use. - * @throws \InvalidArgumentException - * @throws \Exception + * @throws InvalidArgumentException + * @throws Exception */ public static function getMfaOptionById(array $mfaOptions, int $mfaId): array { if (empty($mfaId)) { - throw new \Exception('No MFA ID was provided.'); + throw new Exception('No MFA ID was provided.'); } foreach ($mfaOptions as $mfaOption) { @@ -199,7 +201,7 @@ public static function getMfaOptionById(array $mfaOptions, int $mfaId): array } } - throw new \Exception( + throw new Exception( 'No MFA option has an ID of ' . var_export($mfaId, true) ); } @@ -211,13 +213,13 @@ public static function getMfaOptionById(array $mfaOptions, int $mfaId): array * @param string $userAgent The User-Agent sent by the user's browser, used * for detecting WebAuthn support. * @return array The MFA option to use. - * @throws \InvalidArgumentException - * @throws \Exception + * @throws InvalidArgumentException + * @throws Exception */ public static function getMfaOptionToUse(array $mfaOptions, string $userAgent): array { if (empty($mfaOptions)) { - throw new \Exception('No MFA options were provided.'); + throw new Exception('No MFA options were provided.'); } $recentMfa = self::getMostRecentUsedMfaOption($mfaOptions); @@ -292,7 +294,7 @@ public static function getNumBackupCodesUserHad(array $mfaOptions): int * * @param string $mfaType The desired MFA type, such as 'webauthn', 'totp', or 'backupcode'. * @return string - * @throws \InvalidArgumentException + * @throws InvalidArgumentException */ public static function getTemplateFor(string $mfaType): string { @@ -305,7 +307,7 @@ public static function getTemplateFor(string $mfaType): string $template = $mfaOptionTemplates[$mfaType] ?? null; if ($template === null) { - throw new \InvalidArgumentException(sprintf( + throw new InvalidArgumentException(sprintf( 'No %s MFA template is available.', var_export($mfaType, true) ), 1507219338); @@ -515,14 +517,14 @@ public static function validateMfaSubmission( if ($numBackupCodesRemaining <= 0) { self::redirectToOutOfBackupCodesMessage($state, $employeeId); - throw new \Exception('Failed to send user to out-of-backup-codes page.'); + throw new Exception('Failed to send user to out-of-backup-codes page.'); } elseif ($numBackupCodesRemaining < 4) { self::redirectToLowOnBackupCodesNag( $state, $employeeId, $numBackupCodesRemaining ); - throw new \Exception('Failed to send user to low-on-backup-codes page.'); + throw new Exception('Failed to send user to low-on-backup-codes page.'); } } @@ -537,7 +539,7 @@ public static function validateMfaSubmission( // The following function call will never return. ProcessingChain::resumeProcessing($state); - throw new \Exception('Failed to resume processing auth proc chain.'); + throw new Exception('Failed to resume processing auth proc chain.'); } /** @@ -647,7 +649,7 @@ protected function redirectToMfaNeededMessage(array &$state, string $employeeId, * @param array $state The state data. * @param string $employeeId The Employee ID of the user account. * @param array $mfaOptions Array of MFA options - * @throws \Exception + * @throws Exception */ protected function redirectToMfaPrompt(array &$state, string $employeeId, array $mfaOptions): void { @@ -884,7 +886,7 @@ public static function getManagerEmail(array $state): ?string * * @param array[] $mfaOptions The available MFA options. * @return array The manager MFA. - * @throws \InvalidArgumentException + * @throws InvalidArgumentException */ public static function getManagerMfa(array $mfaOptions): ?array { @@ -958,7 +960,7 @@ protected static function updateStateWithNewMfaData(array &$state, LoggerInterfa try { $newMfaOptions = $idBrokerClient->mfaList($state['employeeId']); - } catch (\Exception $e) { + } catch (Exception $e) { $log['status'] = 'failed: id-broker exception'; $logger->error(json_encode($log)); return; diff --git a/modules/profilereview/src/Auth/Process/ProfileReview.php b/modules/profilereview/src/Auth/Process/ProfileReview.php index 64b452a..5a4cb9b 100644 --- a/modules/profilereview/src/Auth/Process/ProfileReview.php +++ b/modules/profilereview/src/Auth/Process/ProfileReview.php @@ -2,6 +2,7 @@ namespace SimpleSAML\Module\profilereview\Auth\Process; +use Exception; use Psr\Log\LoggerInterface; use Sil\Psr3Adapters\Psr3SamlLogger; use SimpleSAML\Auth\ProcessingFilter; @@ -38,7 +39,7 @@ class ProfileReview extends ProcessingFilter * * @param array $config Configuration information about this filter. * @param mixed $reserved For future use. - * @throws \Exception + * @throws Exception */ public function __construct(array $config, mixed $reserved) { @@ -61,7 +62,7 @@ public function __construct(array $config, mixed $reserved) /** * @param $config * @param $attributes - * @throws \Exception + * @throws Exception */ protected function loadValuesFromConfig(array $config, array $attributes): void { @@ -82,12 +83,12 @@ protected function loadValuesFromConfig(array $config, array $attributes): void * @param string $attribute The name of the attribute. * @param mixed $value The value to check. * @param LoggerInterface $logger The logger. - * @throws \Exception + * @throws Exception */ public static function validateConfigValue($attribute, $value, $logger) { if (empty($value) || !is_string($value)) { - $exception = new \Exception(sprintf( + $exception = new Exception(sprintf( 'The value we have for %s (%s) is empty or is not a string', $attribute, var_export($value, true) diff --git a/modules/silauth/public/status.php b/modules/silauth/public/status.php index 9b34535..4f5573f 100644 --- a/modules/silauth/public/status.php +++ b/modules/silauth/public/status.php @@ -28,5 +28,5 @@ $t->getMessage(), $t->getCode() ); - \http_response_code(500); + http_response_code(500); } diff --git a/modules/silauth/src/Auth/Source/auth/Authenticator.php b/modules/silauth/src/Auth/Source/auth/Authenticator.php index 7350178..926cbfa 100644 --- a/modules/silauth/src/Auth/Source/auth/Authenticator.php +++ b/modules/silauth/src/Auth/Source/auth/Authenticator.php @@ -2,6 +2,7 @@ namespace SimpleSAML\Module\silauth\Auth\Source\auth; +use Exception; use Psr\Log\LoggerInterface; use SimpleSAML\Module\silauth\Auth\Source\auth\AuthError; use SimpleSAML\Module\silauth\Auth\Source\auth\IdBroker; @@ -95,7 +96,7 @@ public function __construct( $username, $password ); - } catch (\Exception $e) { + } catch (Exception $e) { $logger->critical(json_encode([ 'event' => 'Problem communicating with ID Broker', 'errorCode' => $e->getCode(), @@ -211,12 +212,12 @@ public static function getSecondsUntilUnblocked( * // ... * ] * - * @throws \Exception + * @throws Exception */ public function getUserAttributes(): array { if ($this->userAttributes === null) { - throw new \Exception( + throw new Exception( "You cannot get the user's attributes until you have authenticated the user.", 1482270373 ); diff --git a/modules/silauth/src/Auth/Source/captcha/Captcha.php b/modules/silauth/src/Auth/Source/captcha/Captcha.php index 33b29cb..d825b7d 100644 --- a/modules/silauth/src/Auth/Source/captcha/Captcha.php +++ b/modules/silauth/src/Auth/Source/captcha/Captcha.php @@ -2,6 +2,8 @@ namespace SimpleSAML\Module\silauth\Auth\Source\captcha; +use ReCaptcha\ReCaptcha; +use RuntimeException; use SimpleSAML\Module\silauth\Auth\Source\http\Request; class Captcha @@ -16,13 +18,13 @@ public function __construct(?string $secret = null) public function isValidIn(Request $request): bool { if (empty($this->secret)) { - throw new \RuntimeException('No captcha secret available.', 1487342411); + throw new RuntimeException('No captcha secret available.', 1487342411); } $captchaResponse = $request->getCaptchaResponse(); $ipAddress = $request->getMostLikelyIpAddress(); - $recaptcha = new \ReCaptcha\ReCaptcha($this->secret); + $recaptcha = new ReCaptcha($this->secret); $rcResponse = $recaptcha->verify($captchaResponse, $ipAddress); return $rcResponse->isSuccess(); diff --git a/modules/silauth/src/Auth/Source/config/ConfigManager.php b/modules/silauth/src/Auth/Source/config/ConfigManager.php index a6c7b25..9cb0954 100644 --- a/modules/silauth/src/Auth/Source/config/ConfigManager.php +++ b/modules/silauth/src/Auth/Source/config/ConfigManager.php @@ -3,7 +3,8 @@ namespace SimpleSAML\Module\silauth\Auth\Source\config; use SimpleSAML\Module\silauth\Auth\Source\text\Text; -use yii\console\Application; +use yii\console\Application as ConsoleApplication; +use yii\web\Application as WebApplication; class ConfigManager { @@ -78,11 +79,11 @@ private static function initializeYiiClass(): void } } - public static function getYii2ConsoleApp(array $customConfig): Application + public static function getYii2ConsoleApp(array $customConfig): ConsoleApplication { self::initializeYiiClass(); $mergedYii2Config = self::getMergedYii2Config($customConfig); - return new Application($mergedYii2Config); + return new ConsoleApplication($mergedYii2Config); } public static function initializeYii2WebApp(array $customConfig = []): void @@ -93,7 +94,7 @@ public static function initializeYii2WebApp(array $customConfig = []): void * here, since we don't want Yii to handle the HTTP request. We just * want the Yii classes available for use (including database * models). */ - $app = new \yii\web\Application(self::getMergedYii2Config($customConfig)); + $app = new WebApplication(self::getMergedYii2Config($customConfig)); /* * Initialize the Yii logger. It doesn't want to initialize itself for some reason. diff --git a/modules/silauth/src/Auth/Source/http/Request.php b/modules/silauth/src/Auth/Source/http/Request.php index 14e3bbc..5ef36af 100644 --- a/modules/silauth/src/Auth/Source/http/Request.php +++ b/modules/silauth/src/Auth/Source/http/Request.php @@ -2,6 +2,7 @@ namespace SimpleSAML\Module\silauth\Auth\Source\http; +use InvalidArgumentException; use IP; use IPBlock; use SimpleSAML\Module\silauth\Auth\Source\text\Text; @@ -197,7 +198,7 @@ public static function sanitizeInputString(int $inputType, string $variableName) public function trustIpAddress(string $ipAddress): void { if (!self::isValidIpAddress($ipAddress)) { - throw new \InvalidArgumentException(sprintf( + throw new InvalidArgumentException(sprintf( '%s is not a valid IP address.', var_export($ipAddress, true) )); diff --git a/modules/silauth/src/Auth/Source/models/FailedLoginIpAddress.php b/modules/silauth/src/Auth/Source/models/FailedLoginIpAddress.php index fd443ea..e72fbe9 100644 --- a/modules/silauth/src/Auth/Source/models/FailedLoginIpAddress.php +++ b/modules/silauth/src/Auth/Source/models/FailedLoginIpAddress.php @@ -2,19 +2,22 @@ namespace SimpleSAML\Module\silauth\Auth\Source\models; +use Exception; +use InvalidArgumentException; use Psr\Log\LoggerAwareInterface; use Psr\Log\LoggerInterface; use SimpleSAML\Module\silauth\Auth\Source\auth\Authenticator; use SimpleSAML\Module\silauth\Auth\Source\behaviors\CreatedAtUtcBehavior; use SimpleSAML\Module\silauth\Auth\Source\http\Request; use SimpleSAML\Module\silauth\Auth\Source\time\UtcTime; +use SimpleSAML\Module\silauth\Auth\Source\traits\LoggerAwareTrait; +use Yii; use yii\base\Model; use yii\helpers\ArrayHelper; -use Yii; class FailedLoginIpAddress extends FailedLoginIpAddressBase implements LoggerAwareInterface { - use \SimpleSAML\Module\silauth\Auth\Source\traits\LoggerAwareTrait; + use LoggerAwareTrait; /** * @inheritdoc @@ -47,7 +50,7 @@ public static function countRecentFailedLoginsFor(string $ipAddress): int '>=', 'occurred_at_utc', UtcTime::format('-60 minutes') ])->count(); if (!is_numeric($count)) { - throw new \Exception('expected a numeric value for recent failed logins by IP address, got ' . $count); + throw new Exception('expected a numeric value for recent failed logins by IP address, got ' . $count); } return (int)$count; } @@ -55,7 +58,7 @@ public static function countRecentFailedLoginsFor(string $ipAddress): int public static function getFailedLoginsFor(string $ipAddress): array { if (!Request::isValidIpAddress($ipAddress)) { - throw new \InvalidArgumentException(sprintf( + throw new InvalidArgumentException(sprintf( '%s is not a valid IP address.', var_export($ipAddress, true) )); diff --git a/modules/silauth/src/Auth/Source/models/FailedLoginIpAddressBase.php b/modules/silauth/src/Auth/Source/models/FailedLoginIpAddressBase.php index 25f2b5b..5f1f9e2 100644 --- a/modules/silauth/src/Auth/Source/models/FailedLoginIpAddressBase.php +++ b/modules/silauth/src/Auth/Source/models/FailedLoginIpAddressBase.php @@ -3,6 +3,7 @@ namespace SimpleSAML\Module\silauth\Auth\Source\models; use Yii; +use yii\db\ActiveRecord; /** * This is the model class for table "failed_login_ip_address". @@ -11,7 +12,7 @@ * @property string $ip_address * @property string $occurred_at_utc */ -class FailedLoginIpAddressBase extends \yii\db\ActiveRecord +class FailedLoginIpAddressBase extends ActiveRecord { /** * @inheritdoc diff --git a/modules/silauth/src/Auth/Source/models/FailedLoginUsername.php b/modules/silauth/src/Auth/Source/models/FailedLoginUsername.php index e1bc4ff..1391b6a 100644 --- a/modules/silauth/src/Auth/Source/models/FailedLoginUsername.php +++ b/modules/silauth/src/Auth/Source/models/FailedLoginUsername.php @@ -2,18 +2,20 @@ namespace SimpleSAML\Module\silauth\Auth\Source\models; +use Exception; use Psr\Log\LoggerAwareInterface; use Psr\Log\LoggerInterface; use SimpleSAML\Module\silauth\Auth\Source\auth\Authenticator; use SimpleSAML\Module\silauth\Auth\Source\behaviors\CreatedAtUtcBehavior; use SimpleSAML\Module\silauth\Auth\Source\time\UtcTime; +use SimpleSAML\Module\silauth\Auth\Source\traits\LoggerAwareTrait; +use Yii; use yii\base\Model; use yii\helpers\ArrayHelper; -use Yii; class FailedLoginUsername extends FailedLoginUsernameBase implements LoggerAwareInterface { - use \SimpleSAML\Module\silauth\Auth\Source\traits\LoggerAwareTrait; + use LoggerAwareTrait; /** * @inheritdoc @@ -45,7 +47,7 @@ public static function countRecentFailedLoginsFor(string $username): int '>=', 'occurred_at_utc', UtcTime::format('-60 minutes') ])->count(); if (!is_numeric($count)) { - throw new \Exception('expected a numeric value for recent failed logins by username, got ' . $count); + throw new Exception('expected a numeric value for recent failed logins by username, got ' . $count); } return (int)$count; } diff --git a/modules/silauth/src/Auth/Source/models/FailedLoginUsernameBase.php b/modules/silauth/src/Auth/Source/models/FailedLoginUsernameBase.php index a3c32ca..d7b79d3 100644 --- a/modules/silauth/src/Auth/Source/models/FailedLoginUsernameBase.php +++ b/modules/silauth/src/Auth/Source/models/FailedLoginUsernameBase.php @@ -3,6 +3,7 @@ namespace SimpleSAML\Module\silauth\Auth\Source\models; use Yii; +use yii\db\ActiveRecord; /** * This is the model class for table "failed_login_username". @@ -11,7 +12,7 @@ * @property string $username * @property string $occurred_at_utc */ -class FailedLoginUsernameBase extends \yii\db\ActiveRecord +class FailedLoginUsernameBase extends ActiveRecord { /** * @inheritdoc diff --git a/modules/silauth/src/Auth/Source/system/System.php b/modules/silauth/src/Auth/Source/system/System.php index fb8d558..d7dd282 100644 --- a/modules/silauth/src/Auth/Source/system/System.php +++ b/modules/silauth/src/Auth/Source/system/System.php @@ -2,6 +2,7 @@ namespace SimpleSAML\Module\silauth\Auth\Source\system; +use Exception; use Psr\Log\LoggerInterface; use Psr\Log\NullLogger; use SimpleSAML\Configuration; @@ -57,7 +58,7 @@ protected function isRequiredConfigPresent(): bool * show to the public) if any serious error conditions are found. Log any * problems, even if recoverable. * - * @throws \Exception + * @throws Exception */ public function reportStatus(): void { @@ -88,11 +89,11 @@ protected function logError(string $message): void * * @param string $message The error message. * @param int $code An error code. - * @throws \Exception + * @throws Exception */ protected function reportError(string $message, int $code): void { $this->logError($message); - throw new \Exception($message, $code); + throw new Exception($message, $code); } } diff --git a/modules/silauth/src/Auth/Source/tests/unit/http/DummyRequest.php b/modules/silauth/src/Auth/Source/tests/unit/http/DummyRequest.php index a375e42..c0c808d 100644 --- a/modules/silauth/src/Auth/Source/tests/unit/http/DummyRequest.php +++ b/modules/silauth/src/Auth/Source/tests/unit/http/DummyRequest.php @@ -2,6 +2,7 @@ namespace SimpleSAML\Module\silauth\Auth\Source\tests\unit\http; +use InvalidArgumentException; use SimpleSAML\Module\silauth\Auth\Source\http\Request; class DummyRequest extends Request @@ -21,7 +22,7 @@ public function getIpAddresses(): array public function setDummyIpAddress(string $dummyIpAddress): void { if (!self::isValidIpAddress($dummyIpAddress)) { - throw new \InvalidArgumentException(sprintf( + throw new InvalidArgumentException(sprintf( '%s is not a valid IP address.', var_export($dummyIpAddress, true) )); diff --git a/modules/silauth/src/Auth/Source/time/UtcTime.php b/modules/silauth/src/Auth/Source/time/UtcTime.php index 20f69f8..04c5543 100644 --- a/modules/silauth/src/Auth/Source/time/UtcTime.php +++ b/modules/silauth/src/Auth/Source/time/UtcTime.php @@ -2,6 +2,10 @@ namespace SimpleSAML\Module\silauth\Auth\Source\time; +use DateTime; +use DateTimeZone; +use InvalidArgumentException; + class UtcTime { const DATE_TIME_FORMAT = 'Y-m-d H:i:s'; @@ -21,8 +25,8 @@ class UtcTime */ public function __construct(string $dateTimeString = 'now') { - $this->utc = new \DateTimeZone('UTC'); - $this->dateTime = new \DateTime($dateTimeString, $this->utc); + $this->utc = new DateTimeZone('UTC'); + $this->dateTime = new DateTime($dateTimeString, $this->utc); } public function __toString() @@ -84,12 +88,12 @@ public function getSecondsSince(UtcTime $otherUtcTime): int * @return int The number of seconds that have elapsed since that date/time. * @throws Exception If an invalid date/time string is provided, an * \Exception will be thrown. - * @throws \InvalidArgumentException + * @throws InvalidArgumentException */ public static function getSecondsSinceDateTime(string $dateTimeString): int { if (empty($dateTimeString)) { - throw new \InvalidArgumentException(sprintf( + throw new InvalidArgumentException(sprintf( 'The given value (%s) is not a date/time string.', var_export($dateTimeString, true) )); diff --git a/modules/silauth/src/Auth/Source/time/WaitTime.php b/modules/silauth/src/Auth/Source/time/WaitTime.php index baac827..d43a3d2 100644 --- a/modules/silauth/src/Auth/Source/time/WaitTime.php +++ b/modules/silauth/src/Auth/Source/time/WaitTime.php @@ -2,6 +2,8 @@ namespace SimpleSAML\Module\silauth\Auth\Source\time; +use InvalidArgumentException; + /** * Class to enable assembling a human-friendly description of approximately how * long the user must wait before (at least) the given number of seconds have @@ -52,7 +54,7 @@ public function getFriendlyNumber(): int public static function getLongestWaitTime(array $durationsInSeconds): WaitTime { if (empty($durationsInSeconds)) { - throw new \InvalidArgumentException('No durations given.', 1487605801); + throw new InvalidArgumentException('No durations given.', 1487605801); } return new WaitTime(max($durationsInSeconds)); } diff --git a/modules/sildisco/public/betatest.php b/modules/sildisco/public/betatest.php index b4facf8..fd15942 100644 --- a/modules/sildisco/public/betatest.php +++ b/modules/sildisco/public/betatest.php @@ -1,11 +1,14 @@ setData($sessionType, $sessionKey, 1, \SimpleSAML\Session::DATA_TIMEOUT_SESSION_END); +$session = Session::getSessionFromRequest(); +$session->setData($sessionType, $sessionKey, 1, Session::DATA_TIMEOUT_SESSION_END); echo "

Start Beta Testing

"; echo "

You have been given a cookie to allow you to test beta-enabled IDPs.

"; diff --git a/modules/sildisco/public/metadata.php b/modules/sildisco/public/metadata.php index 23b965b..656d269 100644 --- a/modules/sildisco/public/metadata.php +++ b/modules/sildisco/public/metadata.php @@ -6,14 +6,19 @@ require_once('../public/_include.php'); use SAML2\Constants; +use SimpleSAML\Configuration; +use SimpleSAML\Error; +use SimpleSAML\Metadata\MetaDataStorageHandler; +use SimpleSAML\Metadata\SAMLBuilder; +use SimpleSAML\Metadata\Signer; use SimpleSAML\Utils; // load SimpleSAMLphp, configuration and metadata -$config = \SimpleSAML\Configuration::getInstance(); -$metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler(); +$config = Configuration::getInstance(); +$metadata = MetaDataStorageHandler::getMetadataHandler(); if (!$config->getOptionalBoolean('enable.saml20-idp', false)) { - throw new \SimpleSAML\Error\Error('NOACCESS'); + throw new Error\Error('NOACCESS'); } // check if valid local session exists @@ -145,7 +150,7 @@ ); if (!$idpmeta->hasValue('OrganizationURL')) { - throw new \SimpleSAML\Error\Exception('If OrganizationName is set, OrganizationURL must also be set.'); + throw new Error\Exception('If OrganizationName is set, OrganizationURL must also be set.'); } $metaArray['OrganizationURL'] = $idpmeta->getLocalizedString('OrganizationURL'); } @@ -200,7 +205,7 @@ $metaArray['contacts'][] = $metadataUtils->getContact($techcontact); } - $metaBuilder = new \SimpleSAML\Metadata\SAMLBuilder($idpentityid); + $metaBuilder = new SAMLBuilder($idpentityid); $metaBuilder->addMetadataIdP20($metaArray); $metaBuilder->addOrganizationInfo($metaArray); @@ -209,7 +214,7 @@ $metaflat = '$metadata[' . var_export($idpentityid, true) . '] = ' . var_export($metaArray, true) . ';'; // sign the metadata if enabled - $metaxml = \SimpleSAML\Metadata\Signer::sign($metaxml, $idpmeta->toArray(), 'SAML 2 IdP'); + $metaxml = Signer::sign($metaxml, $idpmeta->toArray(), 'SAML 2 IdP'); if (array_key_exists('format', $_GET) && $_GET['format'] == 'xml') { header('Content-Type: application/xml'); @@ -224,5 +229,5 @@ exit(0); } } catch (Exception $exception) { - throw new \SimpleSAML\Error\Error('METADATA', $exception); + throw new Error\Error('METADATA', $exception); } diff --git a/modules/sildisco/src/Auth/Process/AddIdp2NameId.php b/modules/sildisco/src/Auth/Process/AddIdp2NameId.php index 80c29eb..0a29cb9 100644 --- a/modules/sildisco/src/Auth/Process/AddIdp2NameId.php +++ b/modules/sildisco/src/Auth/Process/AddIdp2NameId.php @@ -4,6 +4,9 @@ use SAML2\XML\saml\NameID; use Sil\SspUtils\Metadata; +use SimpleSAML\Auth\ProcessingFilter; +use SimpleSAML\Error; +use SimpleSAML\Logger; /** * Attribute filter for appending IDPNamespace to the NameID. @@ -17,7 +20,7 @@ * ], * */ -class AddIdp2NameId extends \SimpleSAML\Auth\ProcessingFilter +class AddIdp2NameId extends ProcessingFilter { const IDP_KEY = "saml:sp:IdP"; // the key that points to the entity id in the state @@ -124,7 +127,7 @@ public function process(array &$state): void $samlIDP = $state[self::IDP_KEY]; if (empty($state[self::SP_NAMEID_ATTR])) { - \SimpleSAML\Logger::warning( + Logger::warning( self::SP_NAMEID_ATTR . ' attribute not available from ' . $samlIDP . '.' ); @@ -138,25 +141,25 @@ public function process(array &$state): void if (isset($state['metadataPath'])) { $metadataPath = $state['metadataPath']; } - $idpEntries = \Sil\SspUtils\Metadata::getIdpMetadataEntries($metadataPath); + $idpEntries = Metadata::getIdpMetadataEntries($metadataPath); $idpEntry = $idpEntries[$samlIDP]; // The IDP metadata must have an IDPNamespace entry if (!isset($idpEntry[self::IDP_CODE_KEY])) { - throw new \SimpleSAML\Error\Exception(self::ERROR_PREFIX . "Missing required metadata entry: " . + throw new Error\Exception(self::ERROR_PREFIX . "Missing required metadata entry: " . self::IDP_CODE_KEY . "."); } // IDPNamespace must be a non-empty string if (!is_string($idpEntry[self::IDP_CODE_KEY])) { - throw new \SimpleSAML\Error\Exception(self::ERROR_PREFIX . "Required metadata " . + throw new Error\Exception(self::ERROR_PREFIX . "Required metadata " . "entry, " . self::IDP_CODE_KEY . ", must be a non-empty string."); } // IDPNamespace must not have special characters in it if (!preg_match("/^[A-Za-z0-9_-]+$/", $idpEntry[self::IDP_CODE_KEY])) { - throw new \SimpleSAML\Error\Exception(self::ERROR_PREFIX . "Required metadata " . + throw new Error\Exception(self::ERROR_PREFIX . "Required metadata " . "entry, " . self::IDP_CODE_KEY . ", must not be empty or contain anything except " . "letters, numbers, hyphens and underscores."); } diff --git a/modules/sildisco/src/Auth/Process/LogUser.php b/modules/sildisco/src/Auth/Process/LogUser.php index 8fa5544..c13f1c1 100644 --- a/modules/sildisco/src/Auth/Process/LogUser.php +++ b/modules/sildisco/src/Auth/Process/LogUser.php @@ -4,6 +4,9 @@ use Aws\DynamoDb\Marshaler; use Aws\Sdk; +use Sil\SspUtils\Metadata; +use SimpleSAML\Auth\ProcessingFilter; +use SimpleSAML\Logger; /** * This Auth Proc logs information about each successful login to an AWS Dynamodb table. @@ -16,7 +19,7 @@ * 'DynamoEndpoint' ex. http://dynamo:8000 * */ -class LogUser extends \SimpleSAML\Auth\ProcessingFilter +class LogUser extends ProcessingFilter { const AWS_ACCESS_KEY_ID_ENV = "DYNAMO_ACCESS_KEY_ID"; @@ -75,12 +78,12 @@ public function process(array &$state): void $awsKey = getenv(self::AWS_ACCESS_KEY_ID_ENV); if (!$awsKey) { - \SimpleSAML\Logger::error(self::AWS_ACCESS_KEY_ID_ENV . " environment variable is required for LogUser."); + Logger::error(self::AWS_ACCESS_KEY_ID_ENV . " environment variable is required for LogUser."); return; } $awsSecret = getenv(self::AWS_SECRET_ACCESS_KEY_ENV); if (!$awsSecret) { - \SimpleSAML\Logger::error(self::AWS_SECRET_ACCESS_KEY_ENV . " environment variable is required for LogUser."); + Logger::error(self::AWS_SECRET_ACCESS_KEY_ENV . " environment variable is required for LogUser."); return; } @@ -135,7 +138,7 @@ public function process(array &$state): void try { $result = $dynamodb->putItem($params); } catch (\Exception $e) { - \SimpleSAML\Logger::error("Unable to add item: " . $e->getMessage()); + Logger::error("Unable to add item: " . $e->getMessage()); } } @@ -144,12 +147,12 @@ private function configsAreValid(): bool $msg = ' config value not provided to LogUser.'; if (empty($this->dynamoRegion)) { - \SimpleSAML\Logger::error(self::DYNAMO_REGION_KEY . $msg); + Logger::error(self::DYNAMO_REGION_KEY . $msg); return false; } if (empty($this->dynamoLogTable)) { - \SimpleSAML\Logger::error(self::DYNAMO_LOG_TABLE_KEY . $msg); + Logger::error(self::DYNAMO_LOG_TABLE_KEY . $msg); return false; } @@ -171,7 +174,7 @@ private function getIdp(array &$state) if (isset($state['metadataPath'])) { $metadataPath = $state['metadataPath']; } - $idpEntries = \Sil\SspUtils\Metadata::getIdpMetadataEntries($metadataPath); + $idpEntries = Metadata::getIdpMetadataEntries($metadataPath); // Get the IDPNamespace or else just use the IDP's entity ID $idpEntry = $idpEntries[$samlIDP]; diff --git a/modules/sildisco/src/Auth/Process/TagGroup.php b/modules/sildisco/src/Auth/Process/TagGroup.php index 3328c20..354244b 100644 --- a/modules/sildisco/src/Auth/Process/TagGroup.php +++ b/modules/sildisco/src/Auth/Process/TagGroup.php @@ -3,12 +3,13 @@ namespace SimpleSAML\Module\sildisco\Auth\Process; use Sil\SspUtils\Metadata; +use SimpleSAML\Auth\ProcessingFilter; /** * Attribute filter for prefixing group names * */ -class TagGroup extends \SimpleSAML\Auth\ProcessingFilter +class TagGroup extends ProcessingFilter { const IDP_NAME_KEY = 'name'; // the metadata key for the IDP's name @@ -57,7 +58,7 @@ public function process(array &$state): void $metadataPath = $state['metadataPath']; } - $idpEntries = \Sil\SspUtils\Metadata::getIdpMetadataEntries($metadataPath); + $idpEntries = Metadata::getIdpMetadataEntries($metadataPath); $samlIDP = $state["saml:sp:IdP"]; diff --git a/modules/sildisco/src/Auth/Process/TrackIdps.php b/modules/sildisco/src/Auth/Process/TrackIdps.php index 7903f56..e14a415 100644 --- a/modules/sildisco/src/Auth/Process/TrackIdps.php +++ b/modules/sildisco/src/Auth/Process/TrackIdps.php @@ -2,11 +2,14 @@ namespace SimpleSAML\Module\sildisco\Auth\Process; +use SimpleSAML\Auth\ProcessingFilter; +use SimpleSAML\Session; + /** * Attribute filter for adding Idps to the session * */ -class TrackIdps extends \SimpleSAML\Auth\ProcessingFilter +class TrackIdps extends ProcessingFilter { /** @@ -17,7 +20,7 @@ class TrackIdps extends \SimpleSAML\Auth\ProcessingFilter public function process(array &$state): void { // get the authenticating Idp and add it to the list of previous ones - $session = \SimpleSAML\Session::getSessionFromRequest(); + $session = Session::getSessionFromRequest(); $sessionDataType = "sildisco:authentication"; $sessionKey = "authenticated_idps"; diff --git a/modules/sildisco/src/IdPDisco.php b/modules/sildisco/src/IdPDisco.php index 3c0dfe7..eefdd9f 100644 --- a/modules/sildisco/src/IdPDisco.php +++ b/modules/sildisco/src/IdPDisco.php @@ -6,7 +6,11 @@ use Sil\SspUtils\DiscoUtils; use Sil\SspUtils\Metadata; use SimpleSAML\Auth; +use SimpleSAML\Logger; +use SimpleSAML\Session; use SimpleSAML\Utils\HTTP; +use SimpleSAML\XHTML\IdPDisco as SSPIdPDisco; +use SimpleSAML\XHTML\Template; /** * This class implements a custom IdP discovery service, for use with a ssp hub (proxy) @@ -16,7 +20,7 @@ * @author Steve Bagwell SIL GTIS * @package SimpleSAMLphp */ -class IdPDisco extends \SimpleSAML\XHTML\IdPDisco +class IdPDisco extends SSPIdPDisco { /* The session type for this class */ @@ -36,7 +40,7 @@ class IdPDisco extends \SimpleSAML\XHTML\IdPDisco */ protected function log(string $message): void { - \SimpleSAML\Logger::info('SildiscoIdPDisco.' . $this->instance . ': ' . $message); + Logger::info('SildiscoIdPDisco.' . $this->instance . ': ' . $message); } /* Path to the folder with the SP and IdP metadata */ @@ -104,7 +108,7 @@ public function handleRequest(): void $spEntries = Metadata::getSpMetadataEntries($this->getMetadataPath()); $sp = $spEntries[$spEntityId]; - $t = new \SimpleSAML\XHTML\Template($this->config, 'selectidp-links', 'disco'); + $t = new Template($this->config, 'selectidp-links', 'disco'); // in order to bypass some built-in simplesaml behavior, an extra idp // might've been added. It's not meant to be displayed. @@ -144,7 +148,7 @@ public static function enableBetaEnabled(array $idpList, ?bool $isBetaTester = n { if ($isBetaTester === null) { - $session = \SimpleSAML\Session::getSessionFromRequest(); + $session = Session::getSessionFromRequest(); $isBetaTester = $session->getData( self::$sessionType, self::$betaTesterSessionKey diff --git a/modules/sildisco/tests/AddIdpTest.php b/modules/sildisco/tests/AddIdpTest.php index 699003a..fa8930c 100644 --- a/modules/sildisco/tests/AddIdpTest.php +++ b/modules/sildisco/tests/AddIdpTest.php @@ -1,6 +1,8 @@ process($request); return $request; } diff --git a/modules/sildisco/tests/TagGroupTest.php b/modules/sildisco/tests/TagGroupTest.php index cd67dc6..89bab5c 100644 --- a/modules/sildisco/tests/TagGroupTest.php +++ b/modules/sildisco/tests/TagGroupTest.php @@ -1,5 +1,6 @@ process($request); return $request; }