Skip to content

Commit 9cce52a

Browse files
cicnavitvdijen
cicnavi
and
tvdijen
authored
Make error codes easier to extend (simplesamlphp#1870)
* For descriptions, check error code existance in descriptions rather than in titles * Prepare error code constants * Propagate error codes through the codebase * Make error codes more extendable * Fix spell check errors from CICD * Fix phpcs errors * Move from static to instance methods --------- Co-authored-by: Marko Ivančić <marko.ivancic@srce.hr> Co-authored-by: Tim van Dijen <tvdijen@gmail.com>
1 parent 9d74b28 commit 9cce52a

29 files changed

Lines changed: 755 additions & 144 deletions

docs/simplesamlphp-authproc.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -31,15 +31,15 @@ The configuration of *Auth Proc Filters* is a list of filters with priority as *
3131
```php
3232
'authproc.idp' => [
3333
10 => [
34-
'class' => 'core:AttributeMap',
34+
'class' => 'core:AttributeMap',
3535
'addurnprefix'
3636
],
3737
20 => 'core:TargetedID',
3838
50 => 'core:AttributeLimit',
3939
90 => [
40-
'class' => 'consent:Consent',
41-
'store' => 'consent:Cookie',
42-
'focus' => 'yes',
40+
'class' => 'consent:Consent',
41+
'store' => 'consent:Cookie',
42+
'focus' => 'yes',
4343
'checked' => true
4444
],
4545
],
@@ -73,9 +73,9 @@ Some *Auth Proc Filters* have optional or required *parameters*. To send paramet
7373

7474
```php
7575
90 => [
76-
'class' => 'consent:Consent',
77-
'store' => 'consent:Cookie',
78-
'focus' => 'yes',
76+
'class' => 'consent:Consent',
77+
'store' => 'consent:Cookie',
78+
'focus' => 'yes',
7979
'checked' => true,
8080
],
8181
```

docs/simplesamlphp-authsource.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ The only function you need to implement is the `login($username, $password)`-fun
3737
This function receives the username and password the user entered, and is expected to return the attributes of that user.
3838
If the username or password is incorrect, it should throw an error saying so:
3939

40-
throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
40+
throw new \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS);
4141

4242
"[Implementing custom username/password authentication](./simplesamlphp-customauth)" describes how to implement username/password authentication using that base class.
4343

docs/simplesamlphp-customauth.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ class MyAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
4444
protected function login($username, $password)
4545
{
4646
if ($username !== 'theusername' || $password !== 'thepassword') {
47-
throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
47+
throw new \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS);
4848
}
4949

5050
return [
@@ -206,7 +206,7 @@ class MyAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
206206
protected function login($username, $password)
207207
{
208208
if ($username !== $this->username || $password !== $this->password) {
209-
throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
209+
throw new \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS);
210210
}
211211

212212
return [
@@ -357,14 +357,14 @@ class MyAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
357357
if (!$row) {
358358
/* User not found. */
359359
SimpleSAML\Logger::warning('MyAuth: Could not find user ' . var_export($username, true) . '.');
360-
throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
360+
throw new \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS);
361361
}
362362

363363
/* Check the password. */
364364
if (!$this->checkPassword($row['password_hash'], $password)) {
365365
/* Invalid password. */
366366
SimpleSAML\Logger::warning('MyAuth: Wrong password for user ' . var_export($username, true) . '.');
367-
throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
367+
throw new \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS);
368368
}
369369

370370
/* Create the attribute array of the user. */

docs/simplesamlphp-googleapps.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -35,12 +35,12 @@ The certificate above will be valid for 10 years.
3535
Here is an example of typical user input when creating a certificate request:
3636

3737
```bash
38-
Country Name (2 letter code) [AU]: NO
39-
State or Province Name (full name) [Some-State]: Trondheim
40-
Locality Name (eg, city) []: Trondheim
41-
Organization Name (eg, company) [Internet Widgits Pty Ltd]: UNINETT
38+
Country Name (2 letter code) [AU]:NO
39+
State or Province Name (full name) [Some-State]:Trondheim
40+
Locality Name (eg, city) []:Trondheim
41+
Organization Name (eg, company) [Internet Widgits Pty Ltd]:UNINETT
4242
Organizational Unit Name (eg, section) []:
43-
Common Name (eg, YOUR name) []: dev2.andreas.feide.no
43+
Common Name (eg, YOUR name) []:dev2.andreas.feide.no
4444
Email Address []:
4545

4646
Please enter the following 'extra' attributes

modules/core/src/Auth/Source/AdminPassword.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public function __construct(array $info, array $config)
3737
*
3838
* On a successful login, this function should return the users attributes. On failure,
3939
* it should throw an exception. If the error was caused by the user entering the wrong
40-
* username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
40+
* username or password, a \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS) should be thrown.
4141
*
4242
* Note that both the username and the password are UTF-8 encoded.
4343
*
@@ -51,16 +51,16 @@ protected function login(string $username, string $password): array
5151
$adminPassword = $config->getString('auth.adminpassword');
5252
if ($adminPassword === '123') {
5353
// We require that the user changes the password
54-
throw new Error\Error('NOTSET');
54+
throw new Error\Error(Error\ErrorCodes::NOTSET);
5555
}
5656

5757
if ($username !== "admin") {
58-
throw new Error\Error('WRONGUSERPASS');
58+
throw new Error\Error(Error\ErrorCodes::WRONGUSERPASS);
5959
}
6060

6161
$cryptoUtils = new Utils\Crypto();
6262
if (!$cryptoUtils->pwValid($adminPassword, $password)) {
63-
throw new Error\Error('WRONGUSERPASS');
63+
throw new Error\Error(Error\ErrorCodes::WRONGUSERPASS);
6464
}
6565
return ['user' => ['admin']];
6666
}

modules/core/src/Auth/UserPassBase.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -219,7 +219,7 @@ public function authenticate(Request $request, array &$state): ?Response
219219
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
220220
Logger::error("ECP AuthnRequest did not contain Basic Authentication header");
221221
// TODO Return a SOAP fault instead of using the current binding?
222-
throw new Error\Error("WRONGUSERPASS");
222+
throw new Error\Error(Error\ErrorCodes::WRONGUSERPASS);
223223
}
224224

225225
$username = $_SERVER['PHP_AUTH_USER'];
@@ -255,7 +255,7 @@ public function authenticate(Request $request, array &$state): ?Response
255255
*
256256
* On a successful login, this function should return the users attributes. On failure,
257257
* it should throw an exception/error. If the error was caused by the user entering the wrong
258-
* username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
258+
* username or password, a \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS) should be thrown.
259259
*
260260
* Note that both the username and the password are UTF-8 encoded.
261261
*

modules/core/src/Auth/UserPassOrgBase.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,7 @@ public function authenticate(Request $request, array &$state): ?Response
229229
*
230230
* On a successful login, this function should return the users attributes. On failure,
231231
* it should throw an exception/error. If the error was caused by the user entering the wrong
232-
* username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
232+
* username or password, a \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS) should be thrown.
233233
*
234234
* Note that both the username and the password are UTF-8 encoded.
235235
*
@@ -293,7 +293,7 @@ public static function handleLogin(
293293
} else {
294294
if ($orgMethod === 'force') {
295295
/* The organization should be a part of the username, but isn't. */
296-
throw new Error\Error('WRONGUSERPASS');
296+
throw new Error\Error(Error\ErrorCodes::WRONGUSERPASS);
297297
}
298298
}
299299
}

modules/exampleauth/src/Auth/Source/UserPass.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ public function __construct(array $info, array $config)
8282
*
8383
* On a successful login, this function should return the users attributes. On failure,
8484
* it should throw an exception. If the error was caused by the user entering the wrong
85-
* username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
85+
* username or password, a \SimpleSAML\Error\Error(\SimpleSAML\Error\ErrorCodes::WRONGUSERPASS) should be thrown.
8686
*
8787
* Note that both the username and the password are UTF-8 encoded.
8888
*
@@ -94,7 +94,7 @@ protected function login(string $username, string $password): array
9494
{
9595
$userpass = $username . ':' . $password;
9696
if (!array_key_exists($userpass, $this->users)) {
97-
throw new Error\Error('WRONGUSERPASS');
97+
throw new Error\Error(Error\ErrorCodes::WRONGUSERPASS);
9898
}
9999

100100
return $this->users[$userpass];

modules/saml/src/Controller/Metadata.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ public function setMetadataStorageHandler(MetadataStorageHandler $mdHandler): vo
6969
public function metadata(Request $request): Response
7070
{
7171
if ($this->config->getBoolean('enable.saml20-idp') === false || !Module::isModuleEnabled('saml')) {
72-
throw new Error\Error('NOACCESS', null, 403);
72+
throw new Error\Error(Error\ErrorCodes::NOACCESS, null, 403);
7373
}
7474

7575
// check if valid local session exists
@@ -109,7 +109,7 @@ public function metadata(Request $request): Response
109109

110110
return $response;
111111
} catch (Exception $exception) {
112-
throw new Error\Error('METADATA', $exception);
112+
throw new Error\Error(Error\ErrorCodes::METADATA, $exception);
113113
}
114114
}
115115
}

modules/saml/src/Controller/ServiceProvider.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -189,7 +189,7 @@ public function assertionConsumerService(Request $request, string $sourceId): Re
189189
try {
190190
$b = Binding::getCurrentBinding($psrRequest);
191191
} catch (UnsupportedBindingException $e) {
192-
throw new Error\Error('ACSPARAMS', $e, 400);
192+
throw new Error\Error(Error\ErrorCodes::ACSPARAMS, $e, 400);
193193
}
194194

195195
if ($b instanceof HTTPArtifact) {
@@ -466,7 +466,7 @@ public function singleLogoutService(Request $request, string $sourceId): Respons
466466
try {
467467
$binding = Binding::getCurrentBinding($psrRequest);
468468
} catch (UnsupportedBindingException $e) {
469-
throw new Error\Error('SLOSERVICEPARAMS', $e, 400);
469+
throw new Error\Error(Error\ErrorCodes::SLOSERVICEPARAMS, $e, 400);
470470
}
471471
$message = $binding->receive($psrRequest);
472472

0 commit comments

Comments
 (0)