Skip to content

Commit 9b465bd

Browse files
cicnavicicnavi
committed
Merge with master
2 parents ff5692e + def18ef commit 9b465bd

8 files changed

Lines changed: 94 additions & 37 deletions

File tree

.gitattributes

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,4 @@ phpunit.xml export-ignore
2222
.markdownlint.yml export-ignore
2323
.markdownlintrc export-ignore
2424
*.php.dist linguist-language=php
25-
.phive
25+
.phive export-ignore

composer.json

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@
100100
"gettext/php-scanner": "~2.0",
101101
"mikey179/vfsstream": "~1.6",
102102
"predis/predis": "~3.3",
103-
"simplesamlphp/simplesamlphp-test-framework": "~1.11",
103+
"simplesamlphp/simplesamlphp-test-framework": "~1.11 || dev-master",
104104
"symfony/translation": "~7.4"
105105
},
106106
"suggest": {
@@ -145,6 +145,5 @@
145145
"post-install-cmd": [
146146
"echo 'Post-install tasks completed!'"
147147
]
148-
},
149-
"version": "v2.5.0"
148+
}
150149
}

composer.lock

Lines changed: 28 additions & 24 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

modules/saml/docs/filterscopes.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,9 @@ Here are the options available for the filter:
3131
: An array containing a list of attributes that are scoped and therefore should be evaluated.
3232
Defaults to _eduPersonPrincipalName_ and _eduPersonScopedAffiliation_.
3333

34+
`allowNonScoped`
35+
: Boolean defaults to true. Set to false to avoid copying attributes without a scope.
36+
3437
Examples
3538
--------
3639

modules/saml/src/Auth/Process/FilterScopes.php

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,16 @@ class FilterScopes extends ProcessingFilter
2424
'eduPersonPrincipalName',
2525
];
2626

27+
/**
28+
* Whether to allow values without a scope.
29+
*
30+
* - true = keep non-scoped values (backwards-compatible default)
31+
* - false = remove non-scoped values
32+
*
33+
* @var bool
34+
*/
35+
private bool $allowNonScoped = true;
36+
2737

2838
/**
2939
* Constructor for the processing filter.
@@ -38,6 +48,10 @@ public function __construct(array &$config, $reserved)
3848
if (array_key_exists('attributes', $config) && !empty($config['attributes'])) {
3949
$this->scopedAttributes = $config['attributes'];
4050
}
51+
52+
if (\array_key_exists('allowNonScoped', $config) && \is_bool($config['allowNonScoped'])) {
53+
$this->allowNonScoped = $config['allowNonScoped'];
54+
}
4155
}
4256

4357

@@ -69,8 +83,10 @@ public function process(array &$state): void
6983
foreach ($values as $value) {
7084
@list(, $scope) = explode('@', $value, 2);
7185
if ($scope === null) {
72-
$newValues[] = $value;
73-
continue; // there's no scope
86+
if ($this->allowNonScoped) {
87+
$newValues[] = $value; // there's no scope, but keep as-is
88+
}
89+
continue;
7490
}
7591

7692
if (in_array($scope, $validScopes, true)) {

src/SimpleSAML/Configuration.php

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -38,11 +38,6 @@
3838
*/
3939
class Configuration implements Utils\ClearableState
4040
{
41-
/**
42-
* The release version of this package
43-
*/
44-
public const string VERSION = '2.5.0';
45-
4641
/**
4742
* A default value which means that the given option is required.
4843
*/
@@ -384,7 +379,14 @@ public static function getInstance(string $instancename = 'simplesaml'): Configu
384379
*/
385380
public function getVersion(): string
386381
{
387-
return self::VERSION;
382+
$version = \Composer\InstalledVersions::getRootPackage()['pretty_version'];
383+
// If the returned version is in format `vX.Y.Z`, remove leading
384+
// `v` to keep the compatibility with the previously used
385+
// format `X.Y.Z`.
386+
if (preg_match('/^v\d+\.\d+\.\d+/', $version)) {
387+
return substr($version, 1);
388+
}
389+
return $version;
388390
}
389391

390392

tests/modules/saml/src/Auth/Process/FilterScopesTest.php

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -222,4 +222,33 @@ public function testAttributeValueMultipleAt(): void
222222
$result = $this->processFilter($config, $request);
223223
$this->assertEquals($request['Attributes'], $result['Attributes']);
224224
}
225+
226+
227+
/**
228+
* Test that non-scoped values pass or not depending on default or filter config setting.
229+
*/
230+
public function testNonScopedValuesRemovedWhenDisallowed(): void
231+
{
232+
$config = [
233+
// Explicitly disallow non-scoped values
234+
'allowNonScoped' => false,
235+
];
236+
237+
$request = [
238+
'Source' => [
239+
'SingleSignOnService' => [
240+
[
241+
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
242+
'Location' => 'https://example.org/saml2/idp/SSOService.php',
243+
],
244+
],
245+
],
246+
'Attributes' => [
247+
'eduPersonPrincipalName' => ['jdoe'], // no scope part
248+
],
249+
];
250+
251+
$result = $this->processFilter($config, $request);
252+
$this->assertEquals([], $result['Attributes']);
253+
}
225254
}

tests/src/SimpleSAML/ConfigurationTest.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,11 @@ class ConfigurationTest extends ClearStateTestCase
2424
public function testGetVersion(): void
2525
{
2626
$c = Configuration::getOptionalConfig();
27-
$this->assertEquals($c->getVersion(), Configuration::VERSION);
27+
$version = \Composer\InstalledVersions::getRootPackage()['pretty_version'];
28+
if (preg_match('/^v\d+\.\d+\.\d+/', $version)) {
29+
$version = substr($version, 1);
30+
}
31+
$this->assertEquals($c->getVersion(), $version);
2832
}
2933

3034

0 commit comments

Comments
 (0)