diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2017-01-03 13:14:35 +0300 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2017-01-03 13:14:35 +0300 |
commit | 13df88274e3cbfc84e568f88c03fd84a75c97949 (patch) | |
tree | 1db68a4aa04a9f35129a3c6713039ac5ab5c2372 /3rdparty | |
parent | 220fe7c66216738fea4a6ac2de552c77e0052331 (diff) |
Updates onelogin/php-saml to v2.10.2
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to '3rdparty')
-rw-r--r-- | 3rdparty/composer.lock | 11 | ||||
-rw-r--r-- | 3rdparty/vendor/autoload.php | 2 | ||||
-rw-r--r-- | 3rdparty/vendor/composer/ClassLoader.php | 48 | ||||
-rw-r--r-- | 3rdparty/vendor/composer/autoload_real.php | 2 | ||||
-rw-r--r-- | 3rdparty/vendor/composer/installed.json | 12 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/CHANGELOG | 5 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/README.md | 31 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/composer.json | 2 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php | 23 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutRequest.php | 21 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutResponse.php | 6 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/lib/Saml2/Response.php | 36 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/lib/Saml2/Settings.php | 27 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/lib/Saml2/Utils.php | 184 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/lib/Saml2/version.json | 4 | ||||
-rw-r--r-- | 3rdparty/vendor/onelogin/php-saml/settings_example.php | 6 |
16 files changed, 370 insertions, 50 deletions
diff --git a/3rdparty/composer.lock b/3rdparty/composer.lock index 1922438e..f6587280 100644 --- a/3rdparty/composer.lock +++ b/3rdparty/composer.lock @@ -4,21 +4,20 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "993f6c41684d235f66993e52d9b7dce0", "content-hash": "bf3d6d016eca22c120719d73eb98378d", "packages": [ { "name": "onelogin/php-saml", - "version": "2.10.1", + "version": "2.10.2", "source": { "type": "git", "url": "https://github.com/onelogin/php-saml.git", - "reference": "1017afe7fe6da1def37cc92af37434fbba893d03" + "reference": "f9543a05494633671ec587ae1611238dae6edfd4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/onelogin/php-saml/zipball/1017afe7fe6da1def37cc92af37434fbba893d03", - "reference": "1017afe7fe6da1def37cc92af37434fbba893d03", + "url": "https://api.github.com/repos/onelogin/php-saml/zipball/f9543a05494633671ec587ae1611238dae6edfd4", + "reference": "f9543a05494633671ec587ae1611238dae6edfd4", "shasum": "" }, "require": { @@ -59,7 +58,7 @@ "onelogin", "saml" ], - "time": "2016-10-26 11:31:56" + "time": "2016-11-15T15:34:53+00:00" } ], "packages-dev": [], diff --git a/3rdparty/vendor/autoload.php b/3rdparty/vendor/autoload.php index c4b92730..0c178cde 100644 --- a/3rdparty/vendor/autoload.php +++ b/3rdparty/vendor/autoload.php @@ -2,6 +2,6 @@ // autoload.php @generated by Composer -require_once __DIR__ . '/composer' . '/autoload_real.php'; +require_once __DIR__ . '/composer/autoload_real.php'; return ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getLoader(); diff --git a/3rdparty/vendor/composer/ClassLoader.php b/3rdparty/vendor/composer/ClassLoader.php index ff6ecfb8..4626994f 100644 --- a/3rdparty/vendor/composer/ClassLoader.php +++ b/3rdparty/vendor/composer/ClassLoader.php @@ -53,8 +53,9 @@ class ClassLoader private $useIncludePath = false; private $classMap = array(); - private $classMapAuthoritative = false; + private $missingClasses = array(); + private $apcuPrefix; public function getPrefixes() { @@ -272,6 +273,26 @@ class ClassLoader } /** + * APCu prefix to use to cache found/not-found classes, if the extension is enabled. + * + * @param string|null $apcuPrefix + */ + public function setApcuPrefix($apcuPrefix) + { + $this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null; + } + + /** + * The APCu prefix in use, or null if APCu caching is not enabled. + * + * @return string|null + */ + public function getApcuPrefix() + { + return $this->apcuPrefix; + } + + /** * Registers this instance as an autoloader. * * @param bool $prepend Whether to prepend the autoloader or not @@ -313,29 +334,34 @@ class ClassLoader */ public function findFile($class) { - // work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731 - if ('\\' == $class[0]) { - $class = substr($class, 1); - } - // class map lookup if (isset($this->classMap[$class])) { return $this->classMap[$class]; } - if ($this->classMapAuthoritative) { + if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) { return false; } + if (null !== $this->apcuPrefix) { + $file = apcu_fetch($this->apcuPrefix.$class, $hit); + if ($hit) { + return $file; + } + } $file = $this->findFileWithExtension($class, '.php'); // Search for Hack files if we are running on HHVM - if ($file === null && defined('HHVM_VERSION')) { + if (false === $file && defined('HHVM_VERSION')) { $file = $this->findFileWithExtension($class, '.hh'); } - if ($file === null) { + if (null !== $this->apcuPrefix) { + apcu_add($this->apcuPrefix.$class, $file); + } + + if (false === $file) { // Remember that this class does not exist. - return $this->classMap[$class] = false; + $this->missingClasses[$class] = true; } return $file; @@ -399,6 +425,8 @@ class ClassLoader if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) { return $file; } + + return false; } } diff --git a/3rdparty/vendor/composer/autoload_real.php b/3rdparty/vendor/composer/autoload_real.php index a2cf9baa..251a560a 100644 --- a/3rdparty/vendor/composer/autoload_real.php +++ b/3rdparty/vendor/composer/autoload_real.php @@ -23,7 +23,7 @@ class ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc self::$loader = $loader = new \Composer\Autoload\ClassLoader(); spl_autoload_unregister(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader')); - $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION'); + $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); if ($useStaticLoader) { require_once __DIR__ . '/autoload_static.php'; diff --git a/3rdparty/vendor/composer/installed.json b/3rdparty/vendor/composer/installed.json index d865c265..6327c252 100644 --- a/3rdparty/vendor/composer/installed.json +++ b/3rdparty/vendor/composer/installed.json @@ -1,17 +1,17 @@ [ { "name": "onelogin/php-saml", - "version": "2.10.1", - "version_normalized": "2.10.1.0", + "version": "2.10.2", + "version_normalized": "2.10.2.0", "source": { "type": "git", "url": "https://github.com/onelogin/php-saml.git", - "reference": "1017afe7fe6da1def37cc92af37434fbba893d03" + "reference": "f9543a05494633671ec587ae1611238dae6edfd4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/onelogin/php-saml/zipball/1017afe7fe6da1def37cc92af37434fbba893d03", - "reference": "1017afe7fe6da1def37cc92af37434fbba893d03", + "url": "https://api.github.com/repos/onelogin/php-saml/zipball/f9543a05494633671ec587ae1611238dae6edfd4", + "reference": "f9543a05494633671ec587ae1611238dae6edfd4", "shasum": "" }, "require": { @@ -33,7 +33,7 @@ "ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption", "lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)" }, - "time": "2016-10-26 11:31:56", + "time": "2016-11-15T15:34:53+00:00", "type": "library", "installation-source": "dist", "autoload": { diff --git a/3rdparty/vendor/onelogin/php-saml/CHANGELOG b/3rdparty/vendor/onelogin/php-saml/CHANGELOG index 329ba626..f09ebc97 100644 --- a/3rdparty/vendor/onelogin/php-saml/CHANGELOG +++ b/3rdparty/vendor/onelogin/php-saml/CHANGELOG @@ -1,5 +1,10 @@ CHANGELOG ========= +v.2.10.2 +* [#175](https://github.com/onelogin/php-saml/pull/175) Allow overriding of host, port, protocol and url path for URL building +* [#173](https://github.com/onelogin/php-saml/pull/173) Provide better support to NameIdFormat +* Fix another issue on Assertion Signature validation when the assertion contains no namespace, container has saml2 namespace and it was encrypted + v.2.10.1 * Fix error message on SignMetadata process * Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted diff --git a/3rdparty/vendor/onelogin/php-saml/README.md b/3rdparty/vendor/onelogin/php-saml/README.md index 16244529..157fbad9 100644 --- a/3rdparty/vendor/onelogin/php-saml/README.md +++ b/3rdparty/vendor/onelogin/php-saml/README.md @@ -279,6 +279,12 @@ $settings = array ( // Enable debug mode (to print errors). 'debug' => false, + // Set a BaseURL to be used instead of try to guess + // the BaseURL of the view that process the SAML Message. + // Ex http://sp.example.com/ + // http://example.com/sp/ + 'baseurl' => null, + // Service Provider Data that we are deploying. 'sp' => array ( // Identifier of the SP entity (must be a URI) @@ -1035,6 +1041,26 @@ if (isset($_SESSION['samlUserdata'])) { // If there is user data we print it. } ``` +#### URL-guessing methods #### + +php-saml toolkit uses a bunch of methods in OneLogin_Saml2_Utils that try to guess the URL where the SAML messages are processed. + +* `getSelfHost` Returns the current host. +* `getSelfPort` Return the port number used for the request +* `isHTTPS` Checks if the protocol is https or http. +* `getSelfURLhost` Returns the protocol + the current host + the port (if different than common ports). +* `getSelfURL` Returns the URL of the current host + current view + query. +* `getSelfURLNoQuery` Returns the URL of the current host + current view. +* `getSelfRoutedURLNoQuery` Returns the routed URL of the current host + current view. + +getSelfURLNoQuery and getSelfRoutedURLNoQuery are used to calculate the currentURL in order to valdate SAML elements like Destination or Recipient. + +When the PHP application is behind a proxy or a load balancer we can execute setProxyVars(true) and getSelfPort and isHTTPS will take care of the $_SERVER["HTTP_X_FORWARDED_PORT"] and $_SERVER['HTTP_X_FORWARDED_PROTO'] vars (otherwise they are ignored). + +Also a developer can use setSelfProtocol, setSelfHost, setSelfPort and getBaseURLPath to define a specific value to be returned by isHTTPS, getSelfHost, getSelfPort and getBaseURLPath. And define a setBasePath to be used on the getSelfURL and getSelfRoutedURLNoQuery to replace the data extracted from $_SERVER["REQUEST_URI"]. + +At the settings the developer will be able to set a 'baseurl' parameter that automatically will use setBaseURL to set values for setSelfProtocol, setSelfHost, setSelfPort and setBaseURLPath. + ### Main classes and methods ### Described below are the main classes and methods that can be invoked. @@ -1131,6 +1157,7 @@ SAML 2 Authentication Response class * `getNameIdData` - Gets the NameID Data provided by the SAML response from the IdP. * `getNameId` - Gets the NameID provided by the SAML response from the IdP. + * `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP. * `getSessionNotOnOrAfter` - Gets the SessionNotOnOrAfter from the AuthnStatement * `getSessionIndex` - Gets the SessionIndex from the AuthnStatement. @@ -1196,7 +1223,9 @@ Configuration of the OneLogin PHP Toolkit * `formatSPKey` - Formats the SP private key. * `getErrors` - Returns an array with the errors, the array is empty when the settings is ok. - * `getLastErrorReason`* Returns the reason of the last error + * `getLastErrorReason` - Returns the reason of the last error + * `getBaseURL` - Returns the baseurl set on the settings if any. + * `setBaseURL` - Set a baseurl value * `setStrict` - Activates or deactivates the strict mode. * `isStrict` - Returns if the 'strict' mode is active. * `isDebugActive` - Returns if the debug is active. diff --git a/3rdparty/vendor/onelogin/php-saml/composer.json b/3rdparty/vendor/onelogin/php-saml/composer.json index ca0f315a..fb0c56dd 100644 --- a/3rdparty/vendor/onelogin/php-saml/composer.json +++ b/3rdparty/vendor/onelogin/php-saml/composer.json @@ -2,7 +2,7 @@ "name": "onelogin/php-saml", "description": "OneLogin PHP SAML Toolkit", "license": "MIT", - "version": "2.10.1", + "version": "2.10.2", "homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits", "keywords": ["saml", "saml2", "onelogin"], "autoload": { diff --git a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php index 22479259..0dbdcedc 100644 --- a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php +++ b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php @@ -29,6 +29,13 @@ class OneLogin_Saml2_Auth private $_nameid; /** + * NameID Format + * + * @var string + */ + private $_nameidFormat; + + /** * If user is authenticated. * * @var bool @@ -126,6 +133,7 @@ class OneLogin_Saml2_Auth if ($response->isValid($requestId)) { $this->_attributes = $response->getAttributes(); $this->_nameid = $response->getNameId(); + $this->_nameidFormat = $response->getNameIdFormat(); $this->_authenticated = true; $this->_sessionIndex = $response->getSessionIndex(); $this->_sessionExpiration = $response->getSessionNotOnOrAfter(); @@ -266,6 +274,16 @@ class OneLogin_Saml2_Auth } /** + * Returns the nameID Format + * + * @return string The nameID Format of the assertion + */ + public function getNameIdFormat() + { + return $this->_nameidFormat; + } + + /** * Returns the SessionIndex * * @return string|null The SessionIndex of the assertion @@ -369,12 +387,13 @@ class OneLogin_Saml2_Auth * @param string|null $nameId The NameID that will be set in the LogoutRequest. * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). * @param bool $stay True if we want to stay (returns the url string) False to redirect + * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest. * * @return If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters * * @throws OneLogin_Saml2_Error */ - public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null, $stay=false) + public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null, $stay=false, $nameIdFormat = null) { assert('is_array($parameters)'); @@ -390,7 +409,7 @@ class OneLogin_Saml2_Auth $nameId = $this->_nameid; } - $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, null, $nameId, $sessionIndex); + $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat); $this->_lastRequestID = $logoutRequest->id; diff --git a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutRequest.php b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutRequest.php index f0814db3..2aabb0b8 100644 --- a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutRequest.php +++ b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutRequest.php @@ -34,16 +34,21 @@ class OneLogin_Saml2_LogoutRequest /** * Constructs the Logout Request object. * - * @param OneLogin_Saml2_Settings $settings Settings - * @param string|null $request A UUEncoded Logout Request. - * @param string|null $nameId The NameID that will be set in the LogoutRequest. - * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). + * @param OneLogin_Saml2_Settings $settings Settings + * @param string|null $request A UUEncoded Logout Request. + * @param string|null $nameId The NameID that will be set in the LogoutRequest. + * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). + * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest. */ - public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null) + public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null) { - $this->_settings = $settings; + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + OneLogin_Saml2_Utils::setBaseURL($baseURL); + } + if (!isset($request) || empty($request)) { $spData = $this->_settings->getSPData(); @@ -62,7 +67,9 @@ class OneLogin_Saml2_LogoutRequest } if (!empty($nameId)) { - $nameIdFormat = $spData['NameIDFormat']; + if (empty($nameIdFormat)) { + $nameIdFormat = $spData['NameIDFormat']; + } $spNameQualifier = null; } else { $nameId = $idpData['entityId']; diff --git a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutResponse.php b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutResponse.php index 01cacab2..d8c2f4ac 100644 --- a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutResponse.php +++ b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutResponse.php @@ -41,6 +41,12 @@ class OneLogin_Saml2_LogoutResponse public function __construct(OneLogin_Saml2_Settings $settings, $response = null) { $this->_settings = $settings; + + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + OneLogin_Saml2_Utils::setBaseURL($baseURL); + } + if ($response) { $decoded = base64_decode($response); $inflated = @gzinflate($decoded); diff --git a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Response.php b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Response.php index ae6faae0..da9a3f29 100644 --- a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Response.php +++ b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Response.php @@ -56,6 +56,11 @@ class OneLogin_Saml2_Response { $this->_settings = $settings; + $baseURL = $this->_settings->getBaseURL(); + if (!empty($baseURL)) { + OneLogin_Saml2_Utils::setBaseURL($baseURL); + } + $this->response = base64_decode($response); $this->document = new DOMDocument(); @@ -480,6 +485,21 @@ class OneLogin_Saml2_Response } /** + * Gets the NameID Format provided by the SAML response from the IdP. + * + * @return string Name ID Format + */ + public function getNameIdFormat() + { + $nameIdFormat = null; + $nameIdData = $this->getNameIdData(); + if (!empty($nameIdData) && isset($nameIdData['Format'])) { + $nameIdFormat = $nameIdData['Format']; + } + return $nameIdFormat; + } + + /** * Gets the SessionNotOnOrAfter from the AuthnStatement. * Could be used to set the local session expiration * @@ -844,9 +864,21 @@ class OneLogin_Saml2_Response # Fix possible issue with saml namespace if (!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') && + !$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') && !$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns') && - !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml')) { - $decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns', OneLogin_Saml2_Constants::NS_SAML); + !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') && + !$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') + ) { + + if (strpos($encryptedAssertion->tagName, 'saml2:') !== false) { + $ns = 'xmlns:saml2'; + } else if (strpos($encryptedAssertion->tagName, 'saml:') != false) { + $ns = 'xmlns:saml'; + } else { + $ns = 'xmlns'; + } + + $decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', $ns, OneLogin_Saml2_Constants::NS_SAML); } $container->replaceChild($decrypted, $encryptedAssertion); diff --git a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Settings.php b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Settings.php index 668aa444..ee1631d6 100644 --- a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Settings.php +++ b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Settings.php @@ -15,6 +15,11 @@ class OneLogin_Saml2_Settings private $_paths = array(); /** + * @var string + */ + private $_baseurl; + + /** * Strict. If active, PHP Toolkit will reject unsigned or unencrypted messages * if it expects them signed or encrypted. If not, the messages will be accepted * and some security issues will be also relaxed. @@ -240,6 +245,10 @@ class OneLogin_Saml2_Settings $this->_debug = $settings['debug']; } + if (isset($settings['baseurl'])) { + $this->_baseurl = $settings['baseurl']; + } + if (isset($settings['compress'])) { $this->_compress = $settings['compress']; } @@ -941,6 +950,24 @@ class OneLogin_Saml2_Settings } /** + * Set a baseurl value. + */ + public function setBaseURL($baseurl) + { + $this->_baseurl = $baseurl; + } + + /** + * Returns the baseurl set on the settings if any. + * + * @return null|string The baseurl + */ + public function getBaseURL() + { + return $this->_baseurl; + } + + /** * Sets the IdP certificate. * * @param string $value IdP certificate diff --git a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Utils.php b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Utils.php index ecab0525..e8dd80fc 100644 --- a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Utils.php +++ b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Utils.php @@ -16,6 +16,28 @@ class OneLogin_Saml2_Utils */ private static $_proxyVars = false; + + /** + * @var string + */ + private static $_host; + + /** + * @var string + */ + private static $_protocol; + + /** + * @var int + */ + private static $_port; + + /** + * @var string + */ + private static $_baseurlpath; + + /** * Translates any string. Accepts args * @@ -233,7 +255,7 @@ class OneLogin_Saml2_Utils } /* Verify that the URL is to a http or https site. */ - if (!preg_match('@^https?://@i', $url)) { + if (!preg_match('@^https?:\/\/@i', $url)) { throw new OneLogin_Saml2_Error( 'Redirect to invalid URL: ' . $url, OneLogin_Saml2_Error::REDIRECT_INVALID_URL @@ -281,6 +303,41 @@ class OneLogin_Saml2_Utils } /** + * @param $baseurl string The base url to be used when constructing URLs + */ + public static function setBaseURL($baseurl) + { + if (!empty($baseurl)) { + $baseurlpath = '/'; + if (preg_match('#^https?:\/\/([^\/]*)\/?(.*)#i', $baseurl, $matches)) { + if (strpos($baseurl, 'https://') === false) { + self::setSelfProtocol('http'); + $port = '80'; + } else { + self::setSelfProtocol('https'); + $port = '443'; + } + + $currentHost = $matches[1]; + if (false !== strpos($currentHost, ':')) { + list($currentHost, $possiblePort) = explode(':', $matches[1], 2); + if (is_numeric($possiblePort)) { + $port = $possiblePort; + } + } + + if (isset($matches[2]) && !empty($matches[2])) { + $baseurlpath = $matches[2]; + } + + self::setSelfHost($currentHost); + self::setSelfPort($port); + self::setBaseURLPath($baseurlpath); + } + } + } + + /** * @param $proxyVars bool Whether to use `X-Forwarded-*` headers to determine port/domain/protocol */ public static function setProxyVars($proxyVars) @@ -324,11 +381,43 @@ class OneLogin_Saml2_Utils } /** + * @param $host string The host to use when constructing URLs + */ + public static function setSelfHost($host) + { + self::$_host = $host; + } + + /** + * @param $baseurlpath string The baseurl path to use when constructing URLs + */ + public static function setBaseURLPath($baseurlpath) + { + if (empty($baseurlpath) || $baseurlpath == '/') { + $baseurlpath = '/'; + } else { + self::$_baseurlpath = '/' . trim($baseurlpath, '/') . '/'; + } + } + + /** + * return string The baseurlpath to be used when constructing URLs + */ + public static function getBaseURLPath() + { + return self::$_baseurlpath; + } + + /** * @return string The raw host name */ protected static function getRawHost() { - if (array_key_exists('HTTP_HOST', $_SERVER)) { + if (self::$_host) { + $currentHost = self::$_host; + } elseif (self::getProxyVars() && array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER)) { + $currentHost = $_SERVER['HTTP_X_FORWARDED_HOST']; + } elseif (array_key_exists('HTTP_HOST', $_SERVER)) { $currentHost = $_SERVER['HTTP_HOST']; } elseif (array_key_exists('SERVER_NAME', $_SERVER)) { $currentHost = $_SERVER['SERVER_NAME']; @@ -343,6 +432,40 @@ class OneLogin_Saml2_Utils } /** + * @param $port int The port number to use when constructing URLs + */ + public static function setSelfPort($port) + { + self::$_port = $port; + } + + /** + * @param $protocol string The protocol to identify as using, usually http or https + */ + public static function setSelfProtocol($protocol) + { + self::$_protocol = $protocol; + } + + /** + * @return string http|https + */ + public static function getSelfProtocol() + { + $protocol = 'http'; + if (self::$_protocol) { + $protocol = self::$_protocol; + } elseif (self::getSelfPort() == 443) { + $protocol = 'https'; + } elseif (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + $protocol = $_SERVER['HTTP_X_FORWARDED_PROTO']; + } elseif (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { + $protocol = 'https'; + } + return $protocol; + } + + /** * Returns the current host. * * @return string $currentHost The current host @@ -365,7 +488,9 @@ class OneLogin_Saml2_Utils public static function getSelfPort() { $portnumber = null; - if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) { + if (self::$_port) { + $portnumber = self::$_port; + } else if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) { $portnumber = $_SERVER["HTTP_X_FORWARDED_PORT"]; } else if (isset($_SERVER["SERVER_PORT"])) { $portnumber = $_SERVER["SERVER_PORT"]; @@ -390,10 +515,7 @@ class OneLogin_Saml2_Utils */ public static function isHTTPS() { - $isHttps = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') - || (self::getSelfPort() == 443) - || (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); - return $isHttps; + return self::getSelfProtocol() == 'https'; } /** @@ -403,12 +525,19 @@ class OneLogin_Saml2_Utils */ public static function getSelfURLNoQuery() { + $selfURLNoQuery = self::getSelfURLhost(); + + $infoWithBaseURLPath = self::buildWithBaseURLPath($_SERVER['SCRIPT_NAME']); + if (!empty($infoWithBaseURLPath)) { + $selfURLNoQuery .= $infoWithBaseURLPath; + } else { + $selfURLNoQuery .= $_SERVER['SCRIPT_NAME']; + } - $selfURLhost = self::getSelfURLhost(); - $selfURLNoQuery = $selfURLhost . $_SERVER['SCRIPT_NAME']; if (isset($_SERVER['PATH_INFO'])) { $selfURLNoQuery .= $_SERVER['PATH_INFO']; } + return $selfURLNoQuery; } @@ -419,9 +548,9 @@ class OneLogin_Saml2_Utils */ public static function getSelfRoutedURLNoQuery() { - $selfURLhost = self::getSelfURLhost(); $route = ''; + if (!empty($_SERVER['REQUEST_URI'])) { $route = $_SERVER['REQUEST_URI']; if (!empty($_SERVER['QUERY_STRING'])) { @@ -432,6 +561,11 @@ class OneLogin_Saml2_Utils } } + $infoWithBaseURLPath = self::buildWithBaseURLPath($route); + if (!empty($infoWithBaseURLPath)) { + $route = $infoWithBaseURLPath; + } + $selfRoutedURLNoQuery = $selfURLhost . $route; return $selfRoutedURLNoQuery; } @@ -449,15 +583,43 @@ class OneLogin_Saml2_Utils if (!empty($_SERVER['REQUEST_URI'])) { $requestURI = $_SERVER['REQUEST_URI']; if ($requestURI[0] !== '/') { - if (preg_match('#^https?://[^/]*(/.*)#i', $requestURI, $matches)) { + if (preg_match('#^https?:\/\/[^\/]*(\/.*)#i', $requestURI, $matches)) { $requestURI = $matches[1]; } } } + + $infoWithBaseURLPath = self::buildWithBaseURLPath($requestURI); + if (!empty($infoWithBaseURLPath)) { + $requestURI = $infoWithBaseURLPath; + } + return $selfURLhost . $requestURI; } /** + * Returns the part of the URL with the BaseURLPath. + * + * @return string + */ + protected static function buildWithBaseURLPath($info) + { + $result = ''; + $baseURLPath = self::getBaseURLPath(); + if (!empty($baseURLPath)) { + $result = $baseURLPath; + if (!empty($info)) { + $path = explode('/', $info); + $extractedInfo = array_pop($path); + if (!empty($extractedInfo)) { + $result .= $extractedInfo; + } + } + } + return $result; + } + + /** * Extract a query param - as it was sent - from $_SERVER[QUERY_STRING] * * @param string $name The param to-be extracted diff --git a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/version.json b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/version.json index 76578489..b4101bef 100644 --- a/3rdparty/vendor/onelogin/php-saml/lib/Saml2/version.json +++ b/3rdparty/vendor/onelogin/php-saml/lib/Saml2/version.json @@ -1,6 +1,6 @@ { "php-saml": { - "version": "2.10.1", - "released": "26/10/2016" + "version": "2.10.2", + "released": "15/11/2016" } } diff --git a/3rdparty/vendor/onelogin/php-saml/settings_example.php b/3rdparty/vendor/onelogin/php-saml/settings_example.php index c637edf2..ff665e97 100644 --- a/3rdparty/vendor/onelogin/php-saml/settings_example.php +++ b/3rdparty/vendor/onelogin/php-saml/settings_example.php @@ -10,6 +10,12 @@ $settings = array ( // Enable debug mode (to print errors) 'debug' => false, + // Set a BaseURL to be used instead of try to guess + // the BaseURL of the view that process the SAML Message. + // Ex. http://sp.example.com/ + // http://example.com/sp/ + 'baseurl' => null, + // Service Provider Data that we are deploying 'sp' => array ( // Identifier of the SP entity (must be a URI) |