RCNdev
diff --git a/‎modules/exampleauth/lib/Auth/Process/RedirectTest.php‎
Lines changed: 2 additions & 2 deletions b/‎modules/exampleauth/lib/Auth/Process/RedirectTest.php‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎modules/exampleauth/lib/Auth/Source/External.php‎
Lines changed: 22 additions & 25 deletions b/‎modules/exampleauth/lib/Auth/Source/External.php‎
Lines changed: 22 additions & 25 deletions
diff --git a/‎modules/exampleauth/lib/Controller/ExampleAuth.php‎
Lines changed: 213 additions & 0 deletions b/‎modules/exampleauth/lib/Controller/ExampleAuth.php‎
Lines changed: 213 additions & 0 deletions
diff --git a/‎modules/exampleauth/routing/routes/routes.yml‎
Lines changed: 9 additions & 0 deletions b/‎modules/exampleauth/routing/routes/routes.yml‎
Lines changed: 9 additions & 0 deletions
@@ -13,7 +13,7 @@
  * A simple processing filter for testing that redirection works as it should.
  *
  */
-class RedirectTest extends \SimpleSAML\Auth\ProcessingFilter
+class RedirectTest extends Auth\ProcessingFilter
 {
     /**
      * Initialize processing of the redirect test.
@@ -29,7 +29,7 @@ public function process(array &$state): void
 
         // Save state and redirect
         $id = Auth\State::saveState($state, 'exampleauth:redirectfilter-test');
-        $url = Module::getModuleURL('exampleauth/redirecttest.php');
+        $url = Module::getModuleURL('exampleauth/redirecttest');
 
         $httpUtils = new Utils\HTTP();
         $httpUtils->redirectTrustedURL($url, ['StateId' => $id]);
 
@@ -9,6 +9,7 @@
 use SimpleSAML\Error;
 use SimpleSAML\Module;
 use SimpleSAML\Utils;
+use Symfony\Component\HttpFoundation\Session\Session as SymfonySession;
 
 /**
  * Example external authentication source.
@@ -19,9 +20,8 @@
  * To adapt this to your own web site, you should:
  * 1. Create your own module directory.
  * 2. Enable to module in the config by adding '<module-dir>' => true to the $config['module.enable'] array.
- * 3. Copy this file and modules/exampleauth/www/resume.php to their corresponding
- *    location in the new module.
- * 4. Replace all occurrences of "exampleauth" in this file and in resume.php with the name of your module.
+ * 3. Copy this file to its corresponding location in the new module.
+ * 4. Replace all occurrences of "exampleauth" in this file with the name of your module.
  * 5. Adapt the getUser()-function, the authenticate()-function and the logout()-function to your site.
  * 6. Add an entry in config/authsources.php referencing your module. E.g.:
  *        'myauth' => [
@@ -65,13 +65,12 @@ private function getUser(): ?array
          * stored in the users PHP session, but this could be replaced
          * with anything.
          */
-
-        if (!session_id()) {
-            // session_start not called before. Do it here
-            session_start();
+        $session = new SymfonySession();
+        if (!$session->getId()) {
+            $session->start();
         }
 
-        if (!isset($_SESSION['uid'])) {
+        if (!$session->has('uid')) {
             // The user isn't authenticated
             return null;
         }
@@ -81,16 +80,15 @@ private function getUser(): ?array
          * Note that all attributes in SimpleSAMLphp are multivalued, so we need
          * to store them as arrays.
          */
-
         $attributes = [
-            'uid' => [$_SESSION['uid']],
-            'displayName' => [$_SESSION['name']],
-            'mail' => [$_SESSION['mail']],
+            'uid' => [$session->get('uid')],
+            'displayName' => [$session->get('name')],
+            'mail' => [$session->get('mail')],
         ];
 
         // Here we generate a multivalued attribute based on the account type
         $attributes['eduPersonAffiliation'] = [
-            $_SESSION['type'], /* In this example, either 'student' or 'employee'. */
+            $session->get('type'), /* In this example, either 'student' or 'employee'. */
             'member',
         ];
 
@@ -148,7 +146,7 @@ public function authenticate(array &$state): void
          * We assume that whatever authentication page we send the user to has an
          * option to return the user to a specific page afterwards.
          */
-        $returnTo = Module::getModuleURL('exampleauth/resume.php', [
+        $returnTo = Module::getModuleURL('exampleauth/resume', [
             'State' => $stateId,
         ]);
 
@@ -159,7 +157,7 @@ public function authenticate(array &$state): void
          * is also part of this module, but in a real example, this would likely be
          * the absolute URL of the login page for the site.
          */
-        $authPage = Module::getModuleURL('exampleauth/authpage.php');
+        $authPage = Module::getModuleURL('exampleauth/authpage');
 
         /*
          * The redirect to the authentication page.
@@ -185,16 +183,18 @@ public function authenticate(array &$state): void
      * This function resumes the authentication process after the user has
      * entered his or her credentials.
      *
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     *
      * @throws \SimpleSAML\Error\BadRequest
      * @throws \SimpleSAML\Error\Exception
      */
-    public static function resume(): void
+    public static function resume(Request $request): void
     {
         /*
          * First we need to restore the $state-array. We should have the identifier for
          * it in the 'State' request parameter.
          */
-        if (!isset($_REQUEST['State'])) {
+        if (!$request->has('State')) {
             throw new Error\BadRequest('Missing "State" parameter.');
         }
 
@@ -203,7 +203,7 @@ public static function resume(): void
          * match the string we used in the saveState-call above.
          */
         /** @var array $state */
-        $state = Auth\State::loadState($_REQUEST['State'], 'exampleauth:External');
+        $state = Auth\State::loadState($request->get('State'), 'exampleauth:External');
 
         /*
          * Now we have the $state-array, and can use it to locate the authentication
@@ -266,15 +266,12 @@ public static function resume(): void
      */
     public function logout(array &$state): void
     {
-        if (!session_id()) {
-            // session_start not called before. Do it here
-            session_start();
+        $session = new SymfonySession();
+        if (!$session->getId()) {
+            $session->start();
         }
 
-        /*
-         * In this example we simply remove the 'uid' from the session.
-         */
-        unset($_SESSION['uid']);
+        $session->clear();
 
         /*
          * If we need to do a redirect to a different page, we could do this
 
@@ -0,0 +1,213 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\exampleauth\Controller;
+
+use SimpleSAML\Auth;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error;
+use SimpleSAML\HTTP\RunnableResponse;
+use SimpleSAML\Module\exampleauth\Auth\Source\External;
+use SimpleSAML\Session;
+use SimpleSAML\Utils;
+use SimpleSAML\XHTML\Template;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Session\Session as SymfonySession;
+
+use function array_key_exists;
+use function preg_match;
+use function session_id;
+use function session_start;
+use function urldecode;
+
+/**
+ * Controller class for the exampleauth module.
+ *
+ * This class serves the different views available in the module.
+ *
+ * @package simplesamlphp/simplesamlphp
+ */
+class ExampleAuth
+{
+    /** @var \SimpleSAML\Configuration */
+    protected Configuration $config;
+
+    /** @var \SimpleSAML\Session */
+    protected Session $session;
+
+    /**
+     * @var \SimpleSAML\Auth\State|string
+     * @psalm-var \SimpleSAML\Auth\State|class-string
+     */
+    protected $authState = Auth\State::class;
+
+
+    /**
+     * Controller constructor.
+     *
+     * It initializes the global configuration and session for the controllers implemented here.
+     *
+     * @param \SimpleSAML\Configuration $config The configuration to use by the controllers.
+     * @param \SimpleSAML\Session $session The session to use by the controllers.
+     *
+     * @throws \Exception
+     */
+    public function __construct(
+        Configuration $config,
+        Session $session
+    ) {
+        $this->config = $config;
+        $this->session = $session;
+    }
+
+
+    /**
+     * Inject the \SimpleSAML\Auth\State dependency.
+     *
+     * @param \SimpleSAML\Auth\State $authState
+     */
+    public function setAuthState(Auth\State $authState): void
+    {
+        $this->authState = $authState;
+    }
+
+
+    /**
+     * Auth testpage.
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request The current request.
+     *
+     * @return \SimpleSAML\XHTML\Template|\SimpleSAML\HTTP\RunnableResponse
+     */
+    public function authpage(Request $request)
+    {
+        /**
+         * This page serves as a dummy login page.
+         *
+         * Note that we don't actually validate the user in this example. This page
+         * just serves to make the example work out of the box.
+         */
+        $returnTo = $request->get('ReturnTo');
+        if ($returnTo === null) {
+            throw new Error\Exception('Missing ReturnTo parameter.');
+        }
+
+        $httpUtils = new Utils\HTTP();
+        $returnTo = $httpUtils->checkURLAllowed($returnTo);
+
+        /**
+         * The following piece of code would never be found in a real authentication page. Its
+         * purpose in this example is to make this example safer in the case where the
+         * administrator of the IdP leaves the exampleauth-module enabled in a production
+         * environment.
+         *
+         * What we do here is to extract the $state-array identifier, and check that it belongs to
+         * the exampleauth:External process.
+         */
+        if (!preg_match('@State=(.*)@', $returnTo, $matches)) {
+            throw new Error\Exception('Invalid ReturnTo URL for this example.');
+        }
+
+        /**
+         * The loadState-function will not return if the second parameter does not
+         * match the parameter passed to saveState, so by now we know that we arrived here
+         * through the exampleauth:External authentication page.
+         */
+        $this->authState::loadState(urldecode($matches[1]), 'exampleauth:External');
+
+        // our list of users.
+        $users = [
+            'student' => [
+                'password' => 'student',
+                'uid' => 'student',
+                'name' => 'Student Name',
+                'mail' => 'somestudent@example.org',
+                'type' => 'student',
+            ],
+            'admin' => [
+                'password' => 'admin',
+                'uid' => 'admin',
+                'name' => 'Admin Name',
+                'mail' => 'someadmin@example.org',
+                'type' => 'employee',
+            ],
+        ];
+
+        // time to handle login responses; since this is a dummy example, we accept any data
+        $badUserPass = false;
+        if ($request->getMethod() === 'POST') {
+            $username = $request->get('username');
+            $password = $request->get('password');
+
+            if (!isset($users[$username]) || $users[$username]['password'] !== $password) {
+                $badUserPass = true;
+            } else {
+                $user = $users[$username];
+
+                $session = new SymfonySession();
+                if (!$session->getId()) {
+                    $session->start();
+                }
+
+                $session->set('uid', $user['uid']);
+                $session->set('name', $user['name']);
+                $session->set('mail', $user['mail']);
+                $session->set('type', $user['type']);
+
+                return new RunnableResponse([$httpUtils, 'redirectTrustedURL'], [$returnTo]);
+            }
+        }
+
+        // if we get this far, we need to show the login page to the user
+        $t = new Template($this->config, 'exampleauth:authenticate.twig');
+        $t->data['badUserPass'] = $badUserPass;
+        $t->data['returnTo'] = $returnTo;
+
+        return $t;
+    }
+
+
+    /**
+     * Redirect testpage.
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request The current request.
+     *
+     * @return \SimpleSAML\HTTP\RunnableResponse
+     */
+    public function redirecttest(Request $request): RunnableResponse
+    {
+        /**
+         * Request handler for redirect filter test.
+         */
+        $stateId = $request->get('StateId');
+        if ($stateId === null) {
+            throw new Error\BadRequest('Missing required StateId query parameter.');
+        }
+
+        /** @var array $state */
+        $state = $this->authState::loadState($stateId, 'exampleauth:redirectfilter-test');
+        $state['Attributes']['RedirectTest2'] = ['OK'];
+
+        return new RunnableResponse([Auth\ProcessingChain::class, 'resumeProcessing'], [$state]);
+    }
+
+
+    /**
+     * Resume testpage.
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request The current request.
+     *
+     * @return \SimpleSAML\HTTP\RunnableResponse
+     */
+    public function resume(Request $request): RunnableResponse
+    {
+        /**
+         * This page serves as the point where the user's authentication
+         * process is resumed after the login page.
+         *
+         * It simply passes control back to the class.
+         */
+        return new RunnableResponse([External::class, 'resume'], [$request]);
+    }
+}
@@ -0,0 +1,9 @@
+exampleauth-authpage:
+    path:       /authpage
+    defaults:   { _controller: 'SimpleSAML\Module\exampleauth\Controller\ExampleAuth::authpage' }
+exampleauth-redirecttest:
+    path:       /redirecttest
+    defaults:   { _controller: 'SimpleSAML\Module\exampleauth\Controller\ExampleAuth::redirecttest' }
+exampleauth-resume:
+    path:       /resume
+    defaults:   { _controller: 'SimpleSAML\Module\exampleauth\Controller\ExampleAuth::resume' }