Commit 213539e7 authored by Robert Lyon's avatar Robert Lyon Committed by Cecilia Vela Gurovic
Browse files

Bug 1754237: Updating custom SimpleSAMLphp files



To be more in tune with their original counterparts. This means adding
new namespace way of calling things and other fixes to make them wok
as expected for version 1.15

behatnotneeded

Change-Id: If70569de61cbc1425283b68e9389ca8359b85286
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 1d68ffca
......@@ -19,7 +19,7 @@
* Infrastructure Group in the Faculty of Engineering, Architecture
* and Information Technology.
*/
class sspmod_memcached_Store_Store extends SimpleSAML_Store {
class sspmod_memcached_Store_Store extends SimpleSAML\Store {
/**
* Initialize the memcache datastore.
*/
......
......@@ -58,7 +58,7 @@ if ($store_type == 'phpsession' || $session_handler == 'phpsession' || (empty($s
// do we have a logout request?
if (param_variable("logout", false)) {
// logout the saml session
$as = new SimpleSAML_Auth_Simple($sp);
$as = new SimpleSAML\Auth\Simple($sp);
$as->logout($CFG->wwwroot);
}
......@@ -88,7 +88,7 @@ if (!validateUrlSyntax($wantsurl, 's?H?S?F?E?u-P-a?I?p?f?q?r?')) {
// trim off any reference to login and stash
$SESSION->wantsurl = preg_replace('/\&login$/', '', $wantsurl);
$as = new SimpleSAML_Auth_Simple($sp);
$as = new SimpleSAML\Auth\Simple($sp);
$idp_entityid = null;
if (! $as->isAuthenticated()) {
if (param_variable("idpentityid", false)) {
......@@ -117,7 +117,7 @@ if (! $as->isAuthenticated()) {
// reinitialise config to pickup idp entityID
SimpleSAML_Configuration::init(get_config('docroot') . 'auth/saml/config');
$as = new SimpleSAML_Auth_Simple('default-sp');
$as = new SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth(array('ReturnTo' => get_config('wwwroot') . "auth/saml/index.php"));
// ensure that $_SESSION is cleared for simplesamlphp
......
......@@ -55,29 +55,30 @@ if ($config->getBoolean('admin.protectmetadata', false)) {
$sourceId = 'default-sp';
$source = SimpleSAML_Auth_Source::getById($sourceId);
if ($source === null) {
throw new SimpleSAML_Error_NotFound('Could not find authentication source with id ' . $sourceId);
throw new SimpleSAML_Error_AuthSource($sourceId, 'Could not find authentication source.');
}
if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
throw new SimpleSAML_Error_NotFound('Source isn\'t a SAML SP: ' . var_export($sourceId, true));
throw new SimpleSAML_Error_AuthSource($sourceId,
'The authentication source is not a SAML Service Provider.');
}
$entityId = $source->getEntityId();
$spconfig = $source->getMetadata();
$store = SimpleSAML_Store::getInstance();
$store = \SimpleSAML\Store::getInstance();
$metaArray20 = array();
$slosvcdefault = array(
SAML2_Const::BINDING_HTTP_REDIRECT,
SAML2_Const::BINDING_SOAP,
\SAML2\Constants::BINDING_HTTP_REDIRECT,
\SAML2\Constants::BINDING_SOAP,
);
$slob = $spconfig->getArray('SingleLogoutServiceBinding', $slosvcdefault);
$slol = get_config('wwwroot') . "auth/saml/sp/module.php/saml/sp/saml2-logout.php/{$sourceId}";
foreach ($slob as $binding) {
if ($binding == SAML2_Const::BINDING_SOAP && !($store instanceof SimpleSAML_Store_SQL)) {
if ($binding == \SAML2\Constants::BINDING_SOAP && !($store instanceof \SimpleSAML\Store\SQL)) {
// we cannot properly support SOAP logout
continue;
}
......@@ -107,7 +108,7 @@ foreach ($assertionsconsumerservices as $services) {
$acsArray = array('index' => $index);
switch ($services) {
case 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':
$acsArray['Binding'] = SAML2_Const::BINDING_HTTP_POST;
$acsArray['Binding'] = \SAML2\Constants::BINDING_HTTP_POST;
$acsArray['Location'] = get_config('wwwroot') . "auth/saml/sp/module.php/saml/sp/saml2-acs.php/{$sourceId}";
break;
case 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post':
......@@ -125,7 +126,7 @@ foreach ($assertionsconsumerservices as $services) {
case 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser':
$acsArray['Binding'] = 'urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser';
$acsArray['Location'] = get_config('wwwroot') . "auth/saml/sp/module.php/saml/sp/saml2-acs.php/{$sourceId}";
$acsArray['hoksso:ProtocolBinding'] = SAML2_Const::BINDING_HTTP_REDIRECT;
$acsArray['hoksso:ProtocolBinding'] = \SAML2\Constants::BINDING_HTTP_REDIRECT;
break;
}
$eps[] = $acsArray;
......
......@@ -11,95 +11,163 @@
require_once('../extlib/simplesamlphp/www/_include.php');
$moduleDir = '../';
// index pages - file names to attempt when accessing directories
$indexFiles = array('index.php', 'index.html', 'index.htm', 'index.txt');
// MIME types - key is file extension, value is MIME type
$mimeTypes = array(
'bmp' => 'image/x-ms-bmp',
'css' => 'text/css',
'gif' => 'image/gif',
'htm' => 'text/html',
'html' => 'text/html',
'shtml' => 'text/html',
'ico' => 'image/vnd.microsoft.icon',
'jpe' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'jpg' => 'image/jpeg',
'js' => 'text/javascript',
'pdf' => 'application/pdf',
'png' => 'image/png',
'svg' => 'image/svg+xml',
'svgz' => 'image/svg+xml',
'swf' => 'application/x-shockwave-flash',
'swfl' => 'application/x-shockwave-flash',
'txt' => 'text/plain',
'xht' => 'application/xhtml+xml',
'xhtml' => 'application/xhtml+xml',
);
if (empty($_SERVER['PATH_INFO'])) {
throw new SimpleSAML_Error_NotFound('No PATH_INFO to module.php');
}
try {
$url = $_SERVER['PATH_INFO'];
assert('substr($url, 0, 1) === "/"');
if (empty($_SERVER['PATH_INFO'])) {
throw new SimpleSAML_Error_NotFound('No PATH_INFO to module.php');
}
/* clear the PATH_INFO option, so that a script can detect whether it is called with anything following the
*'.php'-ending.
*/
unset($_SERVER['PATH_INFO']);
$url = $_SERVER['PATH_INFO'];
assert('substr($url, 0, 1) === "/"');
$modEnd = strpos($url, '/', 1);
if ($modEnd === false) {
// the path must always be on the form /module/
throw new SimpleSAML_Error_NotFound('The URL must at least contain a module name followed by a slash.');
}
/* clear the PATH_INFO option, so that a script can detect whether it is called with anything following the
*'.php'-ending.
*/
unset($_SERVER['PATH_INFO']);
$module = substr($url, 1, $modEnd - 1);
$url = substr($url, $modEnd + 1);
if ($url === false) {
$url = '';
}
$modEnd = strpos($url, '/', 1);
if ($modEnd === false) {
// the path must always be on the form /module/
throw new SimpleSAML_Error_NotFound('The URL must at least contain a module name followed by a slash.');
}
if (!SimpleSAML\Module::isModuleEnabled($module)) {
throw new SimpleSAML_Error_NotFound('The module \''.$module.'\' was either not found, or wasn\'t enabled.');
}
$module = substr($url, 1, $modEnd - 1);
$url = substr($url, $modEnd + 1);
if ($url === false) {
$url = '';
}
/* Make sure that the request isn't suspicious (contains references to current directory or parent directory or
* anything like that. Searching for './' in the URL will detect both '../' and './'. Searching for '\' will detect
* attempts to use Windows-style paths.
*/
if (strpos($url, '\\') !== false) {
throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.');
}
else if (strpos($url, './') !== false) {
throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.');
}
if (!SimpleSAML_Module::isModuleEnabled($module)) {
throw new SimpleSAML_Error_NotFound('The module \''.$module.'\' was either not found, or wasn\'t enabled.');
}
$moduleDir = '../';
/* Make sure that the request isn't suspicious (contains references to current directory or parent directory or
* anything like that. Searching for './' in the URL will detect both '../' and './'. Searching for '\' will detect
* attempts to use Windows-style paths.
*/
if (strpos($url, '\\') !== false) {
throw new SimpleSAML_Error_BadRequest('Requested URL contained a backslash.');
}
else if (strpos($url, './') !== false) {
throw new SimpleSAML_Error_BadRequest('Requested URL contained \'./\'.');
}
// check for '.php/' in the path, the presence of which indicates that another php-script should handle the request
for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, '.php/', $phpPos + 1)) {
// check for '.php/' in the path, the presence of which indicates that another php-script should handle the request
for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, '.php/', $phpPos + 1)) {
$newURL = substr($url, 0, $phpPos + 4);
$param = substr($url, $phpPos + 4);
if (is_file($moduleDir.$newURL)) {
/* $newPath points to a normal file. Point execution to that file, and
* save the remainder of the path in PATH_INFO.
*/
$url = $newURL;
$_SERVER['PATH_INFO'] = $param;
break;
}
}
$newURL = substr($url, 0, $phpPos + 4);
$param = substr($url, $phpPos + 4);
$path = $moduleDir.$url;
if (is_file($moduleDir.$newURL)) {
/* $newPath points to a normal file. Point execution to that file, and
* save the remainder of the path in PATH_INFO.
*/
$url = $newURL;
$_SERVER['PATH_INFO'] = $param;
if ($path[strlen($path) - 1] === '/') {
// path ends with a slash - directory reference. Attempt to find index file in directory
foreach ($indexFiles as $if) {
if (file_exists($path.$if)) {
$path .= $if;
break;
}
}
}
$path = $moduleDir.$url;
if (is_dir($path)) {
/* Path is a directory - maybe no index file was found in the previous step, or maybe the path didn't end with
* a slash. Either way, we don't do directory listings.
*/
throw new SimpleSAML_Error_NotFound('Directory listing not available.');
}
if (is_dir($path)) {
/* Path is a directory - maybe no index file was found in the previous step, or maybe the path didn't end with
* a slash. Either way, we don't do directory listings.
*/
throw new SimpleSAML_Error_NotFound('Directory listing not available.');
}
if (!file_exists($path)) {
// file not found
SimpleSAML\Logger::info('Could not find file \''.$path.'\'.');
throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
}
if (!file_exists($path)) {
// file not found
SimpleSAML\Logger::info('Could not find file \''.$path.'\'.');
throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
}
if (preg_match('#\.php$#D', $path)) {
// PHP file - attempt to run it
if (preg_match('#\.php$#D', $path)) {
// PHP file - attempt to run it
/* In some environments, $_SERVER['SCRIPT_NAME'] is already set with $_SERVER['PATH_INFO']. Check for that case,
* and append script name only if necessary.
*
* Contributed by Travis Hegner.
*/
$script = "/$module/$url";
if (stripos($_SERVER['SCRIPT_NAME'], $script) === false) {
$_SERVER['SCRIPT_NAME'] .= '/'.$module.'/'.$url;
require($path);
exit();
}
throw new SimpleSAML_Error_NotFound('The URL wasn\'t found in the module.');
require($path);
exit();
}
catch (SimpleSAML_Error_Error $e) {
$e->show();
// some other file type - attempt to serve it
// find MIME type for file, based on extension
$contentType = null;
if (preg_match('#\.([^/\.]+)$#D', $path, $type)) {
$type = strtolower($type[1]);
if (array_key_exists($type, $mimeTypes)) {
$contentType = $mimeTypes[$type];
}
}
catch (Exception $e) {
$e = new SimpleSAML_Error_Error('UNHANDLEDEXCEPTION', $e);
$e->show();
if ($contentType === null) {
/* We were unable to determine the MIME type from the file extension. Fall back to mime_content_type (if it
* exists).
*/
if (function_exists('mime_content_type')) {
$contentType = mime_content_type($path);
}
else {
// mime_content_type doesn't exist. Return a default MIME type
SimpleSAML\Logger::warning('Unable to determine mime content type of file: '.$path);
$contentType = 'application/octet-stream';
}
}
$contentLength = sprintf('%u', filesize($path)); // force filesize to an unsigned number
header('Content-Type: '.$contentType);
header('Content-Length: '.$contentLength);
header('Cache-Control: public,max-age=86400');
header('Expires: '.gmdate('D, j M Y H:i:s \G\M\T', time() + 10 * 60));
header('Last-Modified: '.gmdate('D, j M Y H:i:s \G\M\T', filemtime($path)));
readfile($path);
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment