Commit 9c2c3b3e authored by Cecilia Vela Gurovic's avatar Cecilia Vela Gurovic Committed by Robert Lyon

Bug 1712711: Adding checks to ask for 1.14.16 saml lib upgrade

behatnotneeded

Change-Id: If1e267fb551faff3be2537b14a6b8917b263dddd
parent 30f1da0e
......@@ -62,7 +62,7 @@ ifdef simplesamlphp
@echo "SimpleSAMLphp already exists - doing nothing"
else
@echo "Pulling SimpleSAMLphp from download ..."
@curl -sSL https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.14.7/simplesamlphp-1.14.7.tar.gz | tar --transform 's/simplesamlphp-[0-9]+\.[0-9]+\.[0-9]+/simplesamlphp/x1' -C htdocs/auth/saml/extlib -xzf -
@curl -sSL https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.14.16/simplesamlphp-1.14.16.tar.gz | tar --transform 's/simplesamlphp-[0-9]+\.[0-9]+\.[0-9]+/simplesamlphp/x1' -C htdocs/auth/saml/extlib -xzf -
# SimpleSAMLPHP release tarball already has all composer dependencies.
# @php external/composer.phar --working-dir=htdocs/auth/saml/extlib/simplesamlphp update --no-dev
@echo "Deleting unneeded files ..."
......
......@@ -365,6 +365,21 @@ abstract class Auth {
/******************************************************************************/
// End of Auth base-class
/******************************************************************************/
/*
* Checks all the available auth types and executes 'install_auth_default' method
* if they have one
*/
function install_auth_default() {
$plugins = auth_get_available_auth_types();
foreach ($plugins as $key => $value) {
$classname = 'PluginAuth' . ucfirst(strtolower($value->name));
$methodname = 'install_auth_default';
if (method_exists($classname, $methodname)) {
call_static_method($classname, $methodname);
}
}
}
/**
* Handles authentication by setting up a session for a user if they are logged
......
......@@ -13,12 +13,16 @@ function xmldb_auth_saml_upgrade($oldversion=0) {
$status = true;
/**
*/
if ($oldversion < 2017071800) {
//For legacy installs we default to rsa-sha1 as that was the default previously, although we would
//ideally like them to use rsa-256
set_config_plugin('auth', 'saml', 'sigalgo', 'http://www.w3.org/2000/09/xmldsig#rsa-sha1');
}
if ($oldversion < 2017082900) {
// Set library version to download
set_config_plugin('auth', 'saml', 'version', '1.14.16');
}
return $status;
}
......@@ -28,6 +28,7 @@ $string['errorretryexceeded'] = 'Maximum number of retries exceeded (%s): There
$string['errnosamluser'] = 'No user found';
$string['errorssphpsetup'] = 'SAML is not set up correctly. You Need to run "make ssphp" from the commandline first.';
$string['errorbadlib'] = 'The SimpleSAMLPHP library\'s "autoloader" file was not found at %s.<br>Make sure you install SimpleSAMLphp via "make ssphp" and the file is readable.';
$string['errorupdatelib'] = 'Your current SimpleSAMLPHP library version is out of date. You need to run "make cleanssphp && make ssphp"';
$string['errornomcrypt'] = 'The PHP library "mcrypt" must be installed for auth/saml. Make sure you install and activate mcrypt, e.g.:<br>sudo apt-get install php5-mcrypt<br>sudo php5enmod mcrypt<br>Then restart your web server.';
$string['errornomcrypt7php'] = 'The PHP library "mcrypt" must be installed for auth/saml. Make sure you install and activate mcrypt, e.g.:<br>sudo apt-get install php7.0-mcrypt<br>sudo phpenmod mcrypt<br>Then restart your web server.';
$string['errornomemcache'] = 'A memcache server is needed for auth/saml. Either list the paths to your memcache servers in the $cfg->memcacheservers config variable or install memcache locally.<br>To install the PHP library "memcache" locally:<br>sudo apt-get install php5-memcache<br>sudo php5enmod memcache<br>Then restart you web server.';
......
......@@ -361,6 +361,11 @@ class PluginAuthSaml extends PluginAuth {
return true;
}
public static function install_auth_default() {
// Set library version to download
set_config_plugin('auth', 'saml', 'version', '1.14.16');
}
private static function create_certificates($numberofdays = 3650) {
global $CFG;
// Get the details of the first site admin and use it for setting up the certificate
......@@ -566,6 +571,17 @@ class PluginAuthSaml extends PluginAuth {
if (!file_exists(get_config('docroot') .'auth/saml/extlib/simplesamlphp/vendor/autoload.php')) {
$libchecks .= '<li>' . get_string('errorbadlib', 'auth.saml', get_config('docroot') .'auth/saml/extlib/simplesamlphp/vendor/autoload.php') . '</li>';
}
else {
require(get_config('docroot') .'auth/saml/extlib/simplesamlphp/vendor/autoload.php');
$config = SimpleSAML_Configuration::getInstance();
//simplesaml version we install with 'make ssphp'
$libversion = get_config_plugin('auth', 'saml', 'version');
if (!empty($libversion) && $config->getVersion() != $libversion) {
$libchecks .= '<li>' . get_string('errorupdatelib', 'auth.saml') . '</li>';
}
}
// Make sure we can use 'memcache' with simplesamlphp as 'phpsession' doesn't work correctly in many situations
$memcacheservers_config = get_config('memcacheservers');
if (empty($memcacheservers_config) && !extension_loaded('memcache')) {
......@@ -591,7 +607,7 @@ class PluginAuthSaml extends PluginAuth {
}
public static function save_config_options(Pieform $form, $values) {
delete_records('auth_config', 'plugin', 'saml');
delete_records_select('auth_config', 'plugin = ? AND field NOT LIKE ?', array('saml', 'version'));
$configs = array('spentityid', 'sigalgo');
foreach ($configs as $config) {
set_config_plugin('auth', 'saml', $config, $values[$config]);
......
......@@ -11,8 +11,8 @@
defined('INTERNAL') || die();
$config = new StdClass;
$config->version = 2017071800;
$config->release = '1.2.0';
$config->version = 2017082900;
$config->release = '1.2.1';
$config->name = 'saml';
$config->requires_config = 1;
$config->requires_parent = 0;
......@@ -784,6 +784,8 @@ function core_install_lastcoredata_defaults() {
require_once('skin.php');
install_skins_default();
install_auth_default();
// Remove admin privs from root user as it doesn't need it now
$user->admin = 0;
update_record('usr', $user, array('id' => 0));
......@@ -1529,6 +1531,18 @@ function site_warnings() {
$warnings[] = get_string('obsoletesamlinstance', 'auth.saml', get_config('wwwroot') . 'admin/users/addauthority.php?id=' . $saml->id . '&edit=1&i=' . $saml->name . '&p=saml', $saml->instancename, $saml->displayname);
}
}
// Check if the library is updated to the latest version Mahara supports
$autoload = get_config('docroot') .'auth/saml/extlib/simplesamlphp/vendor/autoload.php';
if (file_exists($autoload)) {
require(get_config('docroot') .'auth/saml/extlib/simplesamlphp/vendor/autoload.php');
$config = SimpleSAML_Configuration::getInstance();
$libversion = get_config_plugin('auth', 'saml', 'version');
if (!empty($libversion) && $config->getVersion() != $libversion) {
$warnings[] = get_string('errorupdatelib', 'auth.saml');
}
}
}
// Check that the GD library has support for jpg, png and gif at least
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment