From a5d3af2ee18e08736250c23e2f040c87303cddc5 Mon Sep 17 00:00:00 2001 From: Rebecca Blundell Date: Fri, 13 Sep 2019 11:54:00 +1200 Subject: [PATCH] Bug 1840109: Update simplesamlphp to 1.17.6 Upgrade to latest release of ssphp. This includes security update 1.17.3 and some bug fixes behatnotneeded Change-Id: I283b3e11b67bfdba3ca428bb53605a9cd764b6f4 --- Makefile | 2 +- htdocs/auth/saml/db/upgrade.php | 3 +++ htdocs/auth/saml/lib.php | 30 ++++++++++++++++++++---------- htdocs/auth/saml/sp/metadata.php | 2 +- htdocs/auth/saml/version.php | 2 +- 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 3814f946d9..e5e7608985 100644 --- a/Makefile +++ b/Makefile @@ -62,7 +62,7 @@ ifdef simplesamlphp @echo "SimpleSAMLphp already exists - doing nothing" else @echo "Pulling SimpleSAMLphp from download ..." - @curl -sSL https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.16.3/simplesamlphp-1.16.3.tar.gz | tar --transform 's/simplesamlphp-[0-9]+\.[0-9]+\.[0-9]+/simplesamlphp/x1' -C htdocs/auth/saml/extlib -xzf - # SimpleSAMLPHP release tarball already has all composer dependencies. + @curl -sSL https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.17.6/simplesamlphp-1.17.6.tar.gz | tar --transform 's/simplesamlphp-[0-9]+\.[0-9]+\.[0-9]+/simplesamlphp/x1' -C htdocs/auth/saml/extlib -xzf - # SimpleSAMLPHP release tarball already has all composer dependencies. @php external/composer.phar --working-dir=htdocs/auth/saml/extlib/simplesamlphp require predis/predis @echo "Copying www/resources/* files to sp/resources/ ..." @cp -R htdocs/auth/saml/extlib/simplesamlphp/www/resources/ htdocs/auth/saml/sp/ diff --git a/htdocs/auth/saml/db/upgrade.php b/htdocs/auth/saml/db/upgrade.php index 35ba3ed2e0..5c57191665 100644 --- a/htdocs/auth/saml/db/upgrade.php +++ b/htdocs/auth/saml/db/upgrade.php @@ -44,6 +44,9 @@ function xmldb_auth_saml_upgrade($oldversion=0) { if ($oldversion < 2019011100) { set_config_plugin('auth', 'saml', 'version', '1.16.3'); } + if ($oldversion < 2019091600) { + set_config_plugin('auth', 'saml', 'version', '1.17.6'); + } return $status; } diff --git a/htdocs/auth/saml/lib.php b/htdocs/auth/saml/lib.php index 7e9d63f02a..cbe8194a61 100644 --- a/htdocs/auth/saml/lib.php +++ b/htdocs/auth/saml/lib.php @@ -393,7 +393,7 @@ class PluginAuthSaml extends PluginAuth { public static function install_auth_default() { // Set library version to download - set_config_plugin('auth', 'saml', 'version', '1.16.3'); + set_config_plugin('auth', 'saml', 'version', '1.17.6'); } private static function delete_old_certificates() { @@ -793,6 +793,9 @@ class PluginAuthSaml extends PluginAuth { } public static function idptable($list, $preferred = array(), $institutions = array(), $showdelete = false) { + if (empty($list)) { + return array(0, ''); + } $idps = array(); $lang = current_language(); $lang = explode('.', $lang); @@ -968,9 +971,12 @@ class PluginAuthSaml extends PluginAuth { } public static function get_raw_disco_list() { - PluginAuthSaml::init_simplesamlphp(); - $discoHandler = new PluginAuthSaml_IdPDisco(array('saml20-idp-remote', 'shib13-idp-remote'), 'saml'); - return $discoHandler->getTheIdPs(); + if (class_exists('PluginAuthSaml_IdPDisco')) { + PluginAuthSaml::init_simplesamlphp(); + $discoHandler = new PluginAuthSaml_IdPDisco(array('saml20-idp-remote', 'shib13-idp-remote'), 'saml'); + return $discoHandler->getTheIdPs(); + } + return array('list' => 0); } public static function get_disco_list($lang = null, $entityidps = array()) { @@ -992,7 +998,7 @@ class PluginAuthSaml extends PluginAuth { } public static function get_instance_config_options($institution, $instance = 0) { - if (!class_exists('SimpleSAML_XHTML_IdPDisco')) { + if (!class_exists('SimpleSAML\XHTML\IdPDisco')) { return array( 'error' => get_string('errorssphpsetup', 'auth.saml') ); @@ -1481,8 +1487,9 @@ function auth_saml_openssl_x509_fingerprint($cert, $hash) { if (file_exists(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/lib/SimpleSAML/XHTML/IdPDisco.php')) { require_once(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/lib/SimpleSAML/XHTML/IdPDisco.php'); - - class PluginAuthSaml_IdPDisco extends SimpleSAML_XHTML_IdPDisco +} +if (class_exists('SimpleSAML\XHTML\IdPDisco')) { + class PluginAuthSaml_IdPDisco extends SimpleSAML\XHTML\IdPDisco { /** @@ -1514,7 +1521,10 @@ if (file_exists(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/lib/Simp } } } - +else { + global $SESSION; + $SESSION->add_msg_once(get_string('errorupdatelib', 'auth.saml'), 'error', false); +} /* * Provides any mahara specific wrappers for the metarefresh plugin from simplesamlphp that is used to refresh IDP metadata @@ -1607,8 +1617,8 @@ class Metarefresh { 'type' => $outputFormat, 'directory' => $outputDir, )); - - $metaloader = new sspmod_metarefresh_MetaLoader($expire, $stateFile, $oldMetadataSrc); + require_once(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/modules/metarefresh/lib/MetaLoader.php'); + $metaloader = new SimpleSAML\Module\metarefresh\MetaLoader($expire, $stateFile, $oldMetadataSrc); # Get global blacklist, whitelist and caching info $blacklist = $mconfig->getArray('blacklist', array()); diff --git a/htdocs/auth/saml/sp/metadata.php b/htdocs/auth/saml/sp/metadata.php index 1734012f2a..402305ecca 100644 --- a/htdocs/auth/saml/sp/metadata.php +++ b/htdocs/auth/saml/sp/metadata.php @@ -54,7 +54,7 @@ if ($source === null) { throw new SimpleSAML_Error_AuthSource($sourceId, 'Could not find authentication source.'); } -if (!($source instanceof sspmod_saml_Auth_Source_SP)) { +if (!($source instanceof \SimpleSAML\Module\saml\Auth\Source\SP)) { throw new SimpleSAML_Error_AuthSource($sourceId, 'The authentication source is not a SAML Service Provider.'); } diff --git a/htdocs/auth/saml/version.php b/htdocs/auth/saml/version.php index 733627e218..7bcd8bf240 100644 --- a/htdocs/auth/saml/version.php +++ b/htdocs/auth/saml/version.php @@ -11,7 +11,7 @@ defined('INTERNAL') || die(); $config = new stdClass(); -$config->version = 2019011100; +$config->version = 2019091600; $config->release = '1.5.0'; $config->name = 'saml'; $config->requires_config = 1; -- GitLab