RCNdev
diff --git a/‎composer.json‎
Lines changed: 1 addition & 1 deletion b/‎composer.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/core/src/Auth/Process/AttributeLimit.php‎
Lines changed: 1 addition & 1 deletion b/‎modules/core/src/Auth/Process/AttributeLimit.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/core/src/Controller/Exception.php‎
Lines changed: 2 additions & 2 deletions b/‎modules/core/src/Controller/Exception.php‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎modules/core/src/Storage/SQLPermanentStorage.php‎
Lines changed: 2 additions & 1 deletion b/‎modules/core/src/Storage/SQLPermanentStorage.php‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎modules/saml/src/Auth/Source/SP.php‎
Lines changed: 4 additions & 4 deletions b/‎modules/saml/src/Auth/Source/SP.php‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎modules/saml/src/Error.php‎
Lines changed: 8 additions & 5 deletions b/‎modules/saml/src/Error.php‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎modules/saml/src/IdP/SQLNameID.php‎
Lines changed: 2 additions & 2 deletions b/‎modules/saml/src/IdP/SQLNameID.php‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎modules/saml/src/Message.php‎
Lines changed: 8 additions & 6 deletions b/‎modules/saml/src/Message.php‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎modules/saml/src/SP/LogoutStore.php‎
Lines changed: 1 addition & 1 deletion b/‎modules/saml/src/SP/LogoutStore.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/SimpleSAML/Auth/State.php‎
Lines changed: 2 additions & 2 deletions b/‎src/SimpleSAML/Auth/State.php‎
Lines changed: 2 additions & 2 deletions
@@ -44,7 +44,7 @@
         "files": ["tests/_autoload_modules.php"]
     },
     "require": {
-        "php": "^8.1",
+        "php": "^8.2",
         "ext-date": "*",
         "ext-dom": "*",
         "ext-fileinfo": "*",
 
@@ -245,7 +245,7 @@ private function filterAttributeValues(array $values, ?array $allowedConfigValue
      * @param array|null  Array with regular expressions to test against. null is equivalent to an empty array.
      * @return string|null  Regular expression that matched, or null if no match.
      */
-    private static function matchAnyRegex(string $needle, ?array $regexps = null): string | null
+    private static function matchAnyRegex(string $needle, ?array $regexps = null): string|null
     {
         if ($regexps !== null) {
             foreach ($regexps as $x => $y) {
 
@@ -34,8 +34,8 @@ class Exception
      *
      * It initializes the global configuration and auth source configuration for the controllers implemented here.
      *
-     * @param \SimpleSAML\Configuration              $config The configuration to use by the controllers.
-     * @param \SimpleSAML\Session                    $session The session to use by the controllers.
+     * @param \SimpleSAML\Configuration $config The configuration to use by the controllers.
+     * @param \SimpleSAML\Session $session The session to use by the controllers.
      *
      * @throws \Exception
      */
 
@@ -218,7 +218,7 @@ public function exists(string $type, string $key1, string $key2): bool
      * @param string|null $key2
      * @return array|false
      */
-    public function getList(?string $type = null, ?string $key1 = null, ?string $key2 = null)
+    public function getList(?string $type = null, ?string $key1 = null, ?string $key2 = null): array|false
     {
         $conditions = $this->getCondition($type, $key1, $key2);
         $query = 'SELECT * FROM data WHERE ' . $conditions;
@@ -303,6 +303,7 @@ public function removeExpired(): int
         return $prepared->rowCount();
     }
 
+
     /**
      * Create a SQL condition statement based on parameters
      *
 
@@ -738,7 +738,7 @@ public function sendSAML2AuthnRequest(Binding $binding, AuthnRequest $ar): Respo
      * This function does not return.
      *
      * @param \SAML2\Binding $binding  The binding.
-     * @param \SAML2\LogoutRequest  $ar  The logout request.
+     * @param \SAML2\LogoutRequest $ar  The logout request.
      */
     public function sendSAML2LogoutRequest(Binding $binding, LogoutRequest $lr): Response
     {
@@ -1010,7 +1010,7 @@ public static function askForIdPChange(array &$state): RedirectResponse
      * - 'saml:sp:AuthId': the identifier of the current authentication source.
      * @throws \SAML2\Exception\Protocol\NoPassiveException In case the authentication request was passive.
      */
-    public static function tryStepUpAuth(array &$state): void
+    public static function tryStepUpAuth(array &$state): never
     {
         Assert::keyExists($state, 'saml:idp');
         Assert::keyExists($state, 'saml:sp:AuthId');
@@ -1025,7 +1025,6 @@ public static function tryStepUpAuth(array &$state): void
         /** @var \SimpleSAML\Module\saml\Auth\Source\SP $as */
         $as = new Auth\Simple($state['saml:sp:AuthId']);
         $as->login($state);
-        Assert::true(false);
     }
 
 
@@ -1218,6 +1217,7 @@ public function handleResponse(array $state, string $idp, array $attributes): Re
         if (isset($state['saml:sp:NameID'])) {
             $authProcState['saml:sp:NameID'] = $state['saml:sp:NameID'];
         }
+
         if (isset($state['saml:sp:SessionIndex'])) {
             $authProcState['saml:sp:SessionIndex'] = $state['saml:sp:SessionIndex'];
         }
@@ -1255,7 +1255,7 @@ public function handleLogout(string $idpEntityId): ?Response
      * manually check the URL on beforehand. Please refer to the 'trusted.url.domains'
      * configuration directive for more information about allowing (or disallowing) URLs.
      */
-    public static function handleUnsolicitedAuth(string $authId, array $state, string $redirectTo): void
+    public static function handleUnsolicitedAuth(string $authId, array $state, string $redirectTo): never
     {
         $session = Session::getSessionFromRequest();
         $session->doLogin($authId, Auth\State::getPersistentAuthData($state));
 
@@ -5,6 +5,9 @@
 namespace SimpleSAML\Module\saml;
 
 use SimpleSAML\SAML2\Constants as C;
+use SimpleSAML\Error as SSPError;
+use SimpleSAML\Module\saml\Error as SAMLError;
+use SimpleSAML\Module\saml\Error\NoPassive;
 use Throwable;
 
 use function strlen;
@@ -16,7 +19,7 @@
  * @package SimpleSAMLphp
  */
 
-class Error extends \SimpleSAML\Error\Exception
+class Error extends SSPError\Exception
 {
     /**
      * Create a SAML 2 error.
@@ -87,9 +90,9 @@ public function getStatusMessage(): ?string
      * @param \Throwable $e  The original exception.
      * @return \SimpleSAML\Error\Exception  The new exception.
      */
-    public static function fromException(Throwable $e): \SimpleSAML\Error\Exception
+    public static function fromException(Throwable $e): SSPError\Exception
     {
-        if ($e instanceof \SimpleSAML\Module\saml\Error) {
+        if ($e instanceof SAMLError) {
             // Return the original exception unchanged
             return $e;
         } else {
@@ -116,15 +119,15 @@ public static function fromException(Throwable $e): \SimpleSAML\Error\Exception
      *
      * @return \SimpleSAML\Error\Exception  An exception representing this error.
      */
-    public function toException(): \SimpleSAML\Error\Exception
+    public function toException(): SSPError\Exception
     {
         $e = null;
 
         switch ($this->status) {
             case C::STATUS_RESPONDER:
                 switch ($this->subStatus) {
                     case C::STATUS_NO_PASSIVE:
-                        $e = new \SimpleSAML\Module\saml\Error\NoPassive(
+                        $e = new NoPassive(
                             C::STATUS_RESPONDER,
                             $this->statusMessage,
                         );
 
@@ -51,7 +51,7 @@ private static function read(string $query, array $params = [], array $config =
      * @param array $config
      * @return int|false The number of rows affected by the query or false on error.
      */
-    private static function write(string $query, array $params = [], array $config = [])
+    private static function write(string $query, array $params = [], array $config = []): int|false
     {
         if (!empty($config)) {
             $database = Database::getInstance(Configuration::loadFromArray($config));
@@ -119,7 +119,7 @@ private static function createAndRead(string $query, array $params = [], array $
      * @param array $config
      * @return int|false The number of rows affected by the query or false on error.
      */
-    private static function createAndWrite(string $query, array $params = [], array $config = [])
+    private static function createAndWrite(string $query, array $params = [], array $config = []): int|false
     {
         self::create($config);
         return self::write($query, $params, $config);
 
@@ -8,11 +8,13 @@
 use RobRichards\XMLSecLibs\XMLSecurityKey;
 use SAML2\{Assertion, EncryptedAssertion}; // Assertions
 use SAML2\{AuthnRequest, LogoutRequest, LogoutResponse, Response, StatusResponse}; // Messages
+use SAML2\Message as SAMLMessage;
 use SimpleSAML\{Configuration, Error as SSP_Error, Logger, Utils};
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\SAML2\{Constants as C, SignedElement};
 use SimpleSAML\SAML2\XML\saml\Issuer;
 use SimpleSAML\SAML2\XML\saml\AuthnContextClassRef;
+use SimpleSAML\SAML2\XML\samlp\AbstractMessage;
 use SimpleSAML\SAML2\XML\samlp\RequestedAuthnContext;
 use SimpleSAML\SAML2\XML\samlp\{StatusCode, StatusMessage}; // Status
 use SimpleSAML\XMLSecurity\XML\ds\{KeyInfo, X509Certificate, X509Data};
@@ -102,7 +104,7 @@ public static function addSign(
     private static function addRedirectSign(
         Configuration $srcMetadata,
         Configuration $dstMetadata,
-        \SAML2\Message $message,
+        SAMLMessage $message,
     ): void {
         $signingEnabled = null;
         if ($message instanceof LogoutRequest || $message instanceof LogoutResponse) {
@@ -209,7 +211,7 @@ public static function checkSign(Configuration $srcMetadata, SignedElement $elem
     public static function validateMessage(
         Configuration $srcMetadata,
         Configuration $dstMetadata,
-        \SimpleSAML\SAML2\XML\samlp\AbstractMessage $message,
+        AbstractMessage $message,
     ): bool {
         $enabled = null;
         if ($message instanceof LogoutRequest || $message instanceof LogoutResponse) {
@@ -262,7 +264,7 @@ public static function validateMessage(
     public static function getDecryptionKeys(
         Configuration $srcMetadata,
         Configuration $dstMetadata,
-        $encryptionMethod = null,
+        ?string $encryptionMethod = null,
     ): array {
         $sharedKey = $srcMetadata->getOptionalString('sharedkey', null);
         if ($sharedKey !== null) {
@@ -414,7 +416,6 @@ private static function decryptAssertion(
      * @param \SimpleSAML\SAML2\Assertion|\SimpleSAML\SAML2\Assertion $assertion
      *   The assertion containing any possibly encrypted attributes.
      *
-     *
      * @throws \SimpleSAML\Error\Exception if we cannot get the decryption keys or decryption fails.
      */
     private static function decryptAttributes(
@@ -458,10 +459,11 @@ private static function decryptAttributes(
      *
      * @return \SimpleSAML\Module\saml\Error The error.
      */
-    public static function getResponseError(StatusResponse $response): \SimpleSAML\Module\saml\Error
+    public static function getResponseError(StatusResponse $response): SAMLError
     {
         $status = $response->getStatus();
         $subcode = null;
+
         if (!empty($status->getStatusCode()->getSubCodes())) {
             $subcodes = array_map(
                 function (StatusCode $code) {
@@ -472,7 +474,7 @@ function (StatusCode $code) {
             $subcode = implode(' / ', $subcodes);
         }
 
-        return new \SimpleSAML\Module\saml\Error(
+        return new SAMLError(
             $status->getStatusCode()->getValue(),
             $subcode,
             $status->getStatusMessage()?->getContent(),
 
@@ -323,7 +323,7 @@ public static function addSession(string $authId, NameID $nameId, ?string $sessi
      * @param array $sessionIndexes  The SessionIndexes we should log out of. Logs out of all if this is empty.
      * @return int|false  Number of sessions logged out, or FALSE if not supported.
      */
-    public static function logoutSessions(string $authId, NameID $nameId, array $sessionIndexes)
+    public static function logoutSessions(string $authId, NameID $nameId, array $sessionIndexes): int|false
     {
         $config = Configuration::getInstance();
         $storeType = $config->getOptionalString('store.type', 'phpsession');
 
@@ -89,15 +89,13 @@ class State
      */
     public const EXCEPTION_STAGE = '\SimpleSAML\Auth\State.exceptionStage';
 
-
     /**
      * The URL parameter which contains the exception state id.
      * Note that this does not contain a "." since it's used in the
      * _REQUEST superglobal that does not allow dots.
      */
     public const EXCEPTION_PARAM = '\SimpleSAML\Auth\State_exceptionId';
 
-
     /**
      * State timeout.
      */
@@ -171,6 +169,7 @@ public static function getStateId(array &$state, bool $rawId = false): string
         return $id . ':' . $state[self::RESTART];
     }
 
+
     /**
      * Perform syntactic validation of an incoming state ID.
      *
@@ -188,6 +187,7 @@ public static function validateStateId(string $stateId): void
         }
     }
 
+
     /**
      * Retrieve state timeout.
      *
Original file line number	Diff line number	Diff line change
`@@ -245,7 +245,7 @@ private function filterAttributeValues(array $values, ?array $allowedConfigValue`
`245`	`245`	`* @param array\|null Array with regular expressions to test against. null is equivalent to an empty array.`
`246`	`246`	`* @return string\|null Regular expression that matched, or null if no match.`
`247`	`247`	`*/`
`248`		`- private static function matchAnyRegex(string $needle, ?array $regexps = null): string \| null`
	`248`	`+ private static function matchAnyRegex(string $needle, ?array $regexps = null): string\|null`
`249`	`249`	`{`
`250`	`250`	`if ($regexps !== null) {`
`251`	`251`	`foreach ($regexps as $x => $y) {`
Original file line number	Diff line number	Diff line change
`@@ -34,8 +34,8 @@ class Exception`
`34`	`34`	`*`
`35`	`35`	`* It initializes the global configuration and auth source configuration for the controllers implemented here.`
`36`	`36`	`*`
`37`		`- * @param \SimpleSAML\Configuration $config The configuration to use by the controllers.`
`38`		`- * @param \SimpleSAML\Session $session The session to use by the controllers.`
	`37`	`+ * @param \SimpleSAML\Configuration $config The configuration to use by the controllers.`
	`38`	`+ * @param \SimpleSAML\Session $session The session to use by the controllers.`
`39`	`39`	`*`
`40`	`40`	`* @throws \Exception`
`41`	`41`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -218,7 +218,7 @@ public function exists(string $type, string $key1, string $key2): bool`
`218`	`218`	`* @param string\|null $key2`
`219`	`219`	`* @return array\|false`
`220`	`220`	`*/`
`221`		`- public function getList(?string $type = null, ?string $key1 = null, ?string $key2 = null)`
	`221`	`+ public function getList(?string $type = null, ?string $key1 = null, ?string $key2 = null): array\|false`
`222`	`222`	`{`
`223`	`223`	`$conditions = $this->getCondition($type, $key1, $key2);`
`224`	`224`	`$query = 'SELECT * FROM data WHERE ' . $conditions;`
`@@ -303,6 +303,7 @@ public function removeExpired(): int`
`303`	`303`	`return $prepared->rowCount();`
`304`	`304`	`}`
`305`	`305`
	`306`	`+`
`306`	`307`	`/**`
`307`	`308`	`* Create a SQL condition statement based on parameters`
`308`	`309`	`*`
Original file line number	Diff line number	Diff line change
`@@ -738,7 +738,7 @@ public function sendSAML2AuthnRequest(Binding $binding, AuthnRequest $ar): Respo`
`738`	`738`	`* This function does not return.`
`739`	`739`	`*`
`740`	`740`	`* @param \SAML2\Binding $binding The binding.`
`741`		`- * @param \SAML2\LogoutRequest $ar The logout request.`
	`741`	`+ * @param \SAML2\LogoutRequest $ar The logout request.`
`742`	`742`	`*/`
`743`	`743`	`public function sendSAML2LogoutRequest(Binding $binding, LogoutRequest $lr): Response`
`744`	`744`	`{`
`@@ -1010,7 +1010,7 @@ public static function askForIdPChange(array &$state): RedirectResponse`
`1010`	`1010`	`* - 'saml:sp:AuthId': the identifier of the current authentication source.`
`1011`	`1011`	`* @throws \SAML2\Exception\Protocol\NoPassiveException In case the authentication request was passive.`
`1012`	`1012`	`*/`
`1013`		`- public static function tryStepUpAuth(array &$state): void`
	`1013`	`+ public static function tryStepUpAuth(array &$state): never`
`1014`	`1014`	`{`
`1015`	`1015`	`Assert::keyExists($state, 'saml:idp');`
`1016`	`1016`	`Assert::keyExists($state, 'saml:sp:AuthId');`
`@@ -1025,7 +1025,6 @@ public static function tryStepUpAuth(array &$state): void`
`1025`	`1025`	`/** @var \SimpleSAML\Module\saml\Auth\Source\SP $as */`
`1026`	`1026`	`$as = new Auth\Simple($state['saml:sp:AuthId']);`
`1027`	`1027`	`$as->login($state);`
`1028`		`- Assert::true(false);`
`1029`	`1028`	`}`
`1030`	`1029`
`1031`	`1030`
`@@ -1218,6 +1217,7 @@ public function handleResponse(array $state, string $idp, array $attributes): Re`
`1218`	`1217`	`if (isset($state['saml:sp:NameID'])) {`
`1219`	`1218`	`$authProcState['saml:sp:NameID'] = $state['saml:sp:NameID'];`
`1220`	`1219`	`}`
	`1220`	`+`
`1221`	`1221`	`if (isset($state['saml:sp:SessionIndex'])) {`
`1222`	`1222`	`$authProcState['saml:sp:SessionIndex'] = $state['saml:sp:SessionIndex'];`
`1223`	`1223`	`}`
`@@ -1255,7 +1255,7 @@ public function handleLogout(string $idpEntityId): ?Response`
`1255`	`1255`	`* manually check the URL on beforehand. Please refer to the 'trusted.url.domains'`
`1256`	`1256`	`* configuration directive for more information about allowing (or disallowing) URLs.`
`1257`	`1257`	`*/`
`1258`		`- public static function handleUnsolicitedAuth(string $authId, array $state, string $redirectTo): void`
	`1258`	`+ public static function handleUnsolicitedAuth(string $authId, array $state, string $redirectTo): never`
`1259`	`1259`	`{`
`1260`	`1260`	`$session = Session::getSessionFromRequest();`
`1261`	`1261`	`$session->doLogin($authId, Auth\State::getPersistentAuthData($state));`
Original file line number	Diff line number	Diff line change
`@@ -323,7 +323,7 @@ public static function addSession(string $authId, NameID $nameId, ?string $sessi`
`323`	`323`	`* @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty.`
`324`	`324`	`* @return int\|false Number of sessions logged out, or FALSE if not supported.`
`325`	`325`	`*/`
`326`		`- public static function logoutSessions(string $authId, NameID $nameId, array $sessionIndexes)`
	`326`	`+ public static function logoutSessions(string $authId, NameID $nameId, array $sessionIndexes): int\|false`
`327`	`327`	`{`
`328`	`328`	`$config = Configuration::getInstance();`
`329`	`329`	`$storeType = $config->getOptionalString('store.type', 'phpsession');`
Original file line number	Diff line number	Diff line change
`@@ -89,15 +89,13 @@ class State`
`89`	`89`	`*/`
`90`	`90`	`public const EXCEPTION_STAGE = '\SimpleSAML\Auth\State.exceptionStage';`
`91`	`91`
`92`		`-`
`93`	`92`	`/**`
`94`	`93`	`* The URL parameter which contains the exception state id.`
`95`	`94`	`* Note that this does not contain a "." since it's used in the`
`96`	`95`	`* _REQUEST superglobal that does not allow dots.`
`97`	`96`	`*/`
`98`	`97`	`public const EXCEPTION_PARAM = '\SimpleSAML\Auth\State_exceptionId';`
`99`	`98`
`100`		`-`
`101`	`99`	`/**`
`102`	`100`	`* State timeout.`
`103`	`101`	`*/`
`@@ -171,6 +169,7 @@ public static function getStateId(array &$state, bool $rawId = false): string`
`171`	`169`	`return $id . ':' . $state[self::RESTART];`
`172`	`170`	`}`
`173`	`171`
	`172`	`+`
`174`	`173`	`/**`
`175`	`174`	`* Perform syntactic validation of an incoming state ID.`
`176`	`175`	`*`
`@@ -188,6 +187,7 @@ public static function validateStateId(string $stateId): void`
`188`	`187`	`}`
`189`	`188`	`}`
`190`	`189`
	`190`	`+`
`191`	`191`	`/**`
`192`	`192`	`* Retrieve state timeout.`
`193`	`193`	`*`