Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSP-2030_OIDC_module_switch_to_ProcessingChain_for_authproc_support_consent_mod #228

Merged
merged 40 commits into from
Jul 11, 2024
Merged

SSP-2030_OIDC_module_switch_to_ProcessingChain_for_authproc_support_consent_mod #228

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
7455667
Switch to processing chain for authproc filters
ioigoume Jun 11, 2024
d6f0aff
Remove obsolete code
ioigoume Jun 11, 2024
089be26
remove obsolete code
ioigoume Jun 12, 2024
e94ef0b
ReturnURL to use the new authorization endpoint
ioigoume Jun 12, 2024
ae6a7bf
Refactored AuthorizationControllerTest.php and AuthenticationServiceT…
ioigoume Jun 12, 2024
d4860a5
Fix psalm. Fix unit tests.
ioigoume Jun 17, 2024
409c6f5
Decouple authentication from getAuthenticateUser and handleState
ioigoume Jun 21, 2024
b2095a9
AuthenticationServiceTest::testItAuthenticates improve
ioigoume Jun 21, 2024
ca5942f
Remove unused parameters
ioigoume Jun 21, 2024
ec9c1db
rename hanldeState to processRequest
ioigoume Jun 21, 2024
92172b6
Merge branch 'wip-version-6' into SSP-2030_OIDC_module_switch_to_Proc…
cicnavi Jun 23, 2024
ad6d2b3
Fix db migration other warnings (#230)
pradtke Jun 21, 2024
b5811a2
Update docker run to use newer ssp image
pradtke Jun 21, 2024
7a55b03
Remove redirect when not required by the ProcessingChain
ioigoume Jun 24, 2024
fb7f643
push authSourceId to state before the ProcessingChain redirect
ioigoume Jun 24, 2024
036151b
fix psalm errors
ioigoume Jun 24, 2024
6859770
Merge branch 'SSP-2030_OIDC_module_switch_to_ProcessingChain_for_auth…
cicnavi Jun 27, 2024
f9a905d
Merge branch 'wip-version-6' into SSP-2030_OIDC_module_switch_to_Proc…
cicnavi Jun 27, 2024
8ef0d03
psaml issue
ioigoume Jun 27, 2024
4dc8323
test AuthenticationService::prepareState
ioigoume Jun 27, 2024
9f65162
fix psalm errors
ioigoume Jun 27, 2024
99576ae
change function visibility
ioigoume Jun 27, 2024
4c539b4
Extend AuthenticationServiceTest unit tests
ioigoume Jun 27, 2024
3fa7447
Add more tests.
ioigoume Jun 28, 2024
d281346
test AuthenticationServiceTest::RunAuthProcs
ioigoume Jun 28, 2024
650116d
Fix psalm errors
ioigoume Jun 28, 2024
0ab3afe
Add AuthenticationService tests
ioigoume Jun 29, 2024
9a8a756
Add missing dot
ioigoume Jun 29, 2024
f9b6bea
AuthenticationService::getAuthorizationRequestFromState tests
ioigoume Jun 29, 2024
07263af
AuthenticationServiceTest.php improvements
ioigoume Jun 30, 2024
feadf35
AuthorizationControllerTests::test invoke for queryParameters differe…
ioigoume Jul 3, 2024
17b750a
Add ProcessingChainFactory
ioigoume Jul 3, 2024
9991045
Add ProcessingChainFactory test class
ioigoume Jul 3, 2024
3819f38
Wrap SimpleSaml\Auth\State to a service
ioigoume Jul 4, 2024
d58f8f2
Wrap SimpleSaml\Auth\State to a service
ioigoume Jul 4, 2024
3c9c6d5
Wrap SimpleSaml\Auth\State to a service
ioigoume Jul 4, 2024
bd8df30
Wrap SimpleSaml\Auth\State to a service
ioigoume Jul 4, 2024
d450ad1
fix ambiquous getAuthorizationRequestFromState return value
ioigoume Jul 5, 2024
9fd8f79
Add some manual testing tips for authproc testing; run an authproc as…
pradtke Jul 10, 2024
d5e7997
Update documentation
pradtke Jul 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 37 additions & 4 deletions src/Services/AuthenticationService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,20 @@
{
use GetClientFromRequestTrait;

/**
* @var \SimpleSAML\Auth\State|string
* @psalm-var \SimpleSAML\Auth\State|class-string
*/
protected string|State $authState = \SimpleSAML\Auth\State::class;

/**
* ID of auth source used during authn.
*/
private ?string $authSourceId = null;

/**
* @var string
*/
private string $userIdAttr;

/**
Expand Down Expand Up @@ -86,7 +96,7 @@
$this->authSourceId = $authSimple->getAuthSource()->getAuthId();

if (! $authSimple->isAuthenticated()) {
$this->authenticate($request);

Check warning on line 99 in src/Services/AuthenticationService.php

View check run for this annotation

Codecov / codecov/patch

src/Services/AuthenticationService.php#L99 

Added line #L99 was not covered by tests
} elseif ($this->sessionService->getIsAuthnPerformedInPreviousRequest()) {
$this->sessionService->setIsAuthnPerformedInPreviousRequest(false);

Expand Down Expand Up @@ -145,7 +155,7 @@
}

if (empty($state['Oidc']['RelyingPartyMetadata']['id'])) {
throw new Error\Exception('OIDC RelyingPartyMetadata ID does not exist in state');
throw new Error\Exception('OIDC RelyingPartyMetadata ID does not exist in state.');
}

$client = $this->clientRepository->findById((string)$state['Oidc']['RelyingPartyMetadata']['id']);
Expand All @@ -167,8 +177,11 @@

public function getAuthorizationRequestFromState(array $state): AuthorizationRequest
{
if (!($state['authorizationRequest'] instanceof AuthorizationRequest)) {
throw new Exception('Authorization Request is not valid');
if (
!isset($state['authorizationRequest'])
|| !($state['authorizationRequest'] instanceof AuthorizationRequest)
) {
throw new Exception('Authorization Request is not valid.');
}
return $state['authorizationRequest'];
}
Expand Down Expand Up @@ -221,16 +234,35 @@
return $state;
}

/**
* Inject the \SimpleSAML\Auth\State dependency.
*
* @param State $authState
*/
public function setAuthState(State $authState): void
{
$this->authState = $authState;
}

/**
* @return bool
*/
public function isCookieBasedAuthn(): bool
{
return (bool) $this->sessionService->getIsCookieBasedAuthn();
}

/**
* @return string|null
*/
public function getAuthSourceId(): ?string
{
return $this->authSourceId;
}

/**
* @return string|null
*/
public function getSessionId(): ?string
{
return $this->sessionService->getCurrentSession()->getSessionId();
Expand Down Expand Up @@ -295,7 +327,8 @@
}

$stateId = (string)$queryParameters[ProcessingChain::AUTHPARAM];
$state = State::loadState($stateId, ProcessingChain::COMPLETED_STAGE);
\assert($this->authState instanceof State);
$state = $this->authState::loadState($stateId, ProcessingChain::COMPLETED_STAGE);

$this->authSourceId = (string)$state['authSourceId'];
unset($state['authSourceId']);
Expand Down
Loading
Loading