Commit 22c9458a authored by Alex ORLUC's avatar Alex ORLUC
Browse files

FEAT #22782 TIME 1:30 Update SAMLphp to 1.19.6

parent c3675f07
#!/usr/bin/env php
<?php
use SimpleSAML\Console\Application;
use SimpleSAML\Kernel;
use Symfony\Component\Console\Input\ArgvInput;
umask(000);
set_time_limit(0);
require __DIR__.'/../vendor/autoload.php';
$input = new ArgvInput();
$module = $input->getParameterOption(['--modules', '-m'], 'core');
$kernel = new Kernel($module);
$application = new Application($kernel);
$application->run($input);
import sphinx_rtd_theme
extensions = [
'sphinx_rtd_theme',
]
html_theme = "sphinx_rtd_theme"
Upgrade notes for SimpleSAMLphp 1.19
====================================
The minimum PHP version required is now PHP 7.1.
SAML 1 / Shib 1.3 support is now deprecated and will start logging notices
when used. It will be removed in SimpleSAMLphp 2.0.
SimpleSAMLphp 1.19 will automatically try to determine whether to set the sameSite-flag on cookies.
Some browser require to set the Secure-flag as well for sameSite to work. Therefore, the default for
the `session.cookie.secure` setting has been changed to TRUE. This will be the right setting for most
setups anyway, however if you really need to use insecure cookies, you have to manually set it to false and
figure out a value for `session.cookie.samesite` that works for your environment.
SimpeSAMLphp Upgrade Notes
==========================
See the following pages for important information for users upgrading
from older versions of SimpleSAMLphp:
* [Upgrade notes for version 1.19](simplesamlphp-upgrade-notes-1.19)
* [Upgrade notes for version 1.18](simplesamlphp-upgrade-notes-1.18)
* [Upgrade notes for version 1.17](simplesamlphp-upgrade-notes-1.17)
* [Upgrade notes for version 1.16](simplesamlphp-upgrade-notes-1.16)
* [Upgrade notes for version 1.15](simplesamlphp-upgrade-notes-1.15)
* [Upgrade notes for version 1.14](simplesamlphp-upgrade-notes-1.14)
* [Upgrade notes for version 1.13](simplesamlphp-upgrade-notes-1.13)
* [Upgrade notes for version 1.12](simplesamlphp-upgrade-notes-1.12)
* [Upgrade notes for version 1.11](simplesamlphp-upgrade-notes-1.11)
* [Upgrade notes for version 1.10](simplesamlphp-upgrade-notes-1.10)
* [Upgrade notes for version 1.9](simplesamlphp-upgrade-notes-1.9)
* [Upgrade notes for version 1.8](simplesamlphp-upgrade-notes-1.8)
* [Upgrade notes for version 1.7](simplesamlphp-upgrade-notes-1.7)
* [Upgrade notes for version 1.6](simplesamlphp-upgrade-notes-1.6)
A detailed list of changes in each release can be found in the
[Changelog](simplesamlphp-changelog).
<?php
declare(strict_types=1);
namespace SimpleSAML\Command;
use Closure;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Helper\Table;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Routing\RouterInterface;
class RouterDebugCommand extends Command
{
/**
* @var string
*/
protected static $defaultName = 'debug:router';
/**
* @var RouterInterface
*/
private $router;
/**
* {@inheritdoc}
*/
public function __construct(RouterInterface $router)
{
parent::__construct();
$this->router = $router;
}
/**
* {@inheritDoc}
* @return void
*/
protected function configure()
{
$this
->setDescription('Displays current routes for a module')
->setHelp(
<<<'EOF'
The <info>%command.name%</info> displays the configured routes for a module:
<info>php %command.full_name%</info>
EOF
)
;
}
/**
* {@inheritdoc}
* @psalm-suppress InvalidReturnType
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$io = new SymfonyStyle($input, $output);
$routes = $this->router->getRouteCollection();
$tableHeaders = array('Name', 'Method', 'Scheme', 'Host', 'Path', 'Controller');
$tableRows = array();
foreach ($routes->all() as $name => $route) {
$row = [
$name,
$route->getMethods() ? implode('|', $route->getMethods()) : 'ANY',
$route->getSchemes() ? implode('|', $route->getSchemes()) : 'ANY',
'' !== $route->getHost() ? $route->getHost() : 'ANY',
$route->getPath(),
];
$controller = $route->getDefault('_controller');
if ($controller instanceof Closure) {
$controller = 'Closure';
} elseif (is_object($controller)) {
$controller = get_class($controller);
}
$row[] = $controller;
$tableRows[] = $row;
}
$table = new Table($io);
$table->setHeaders($tableHeaders)->setRows($tableRows);
$table->setStyle('compact');
$table->render();
}
}
<?php
declare(strict_types=1);
namespace SimpleSAML\Console;
use SimpleSAML\Kernel;
use Symfony\Bundle\FrameworkBundle\Console\Application as BaseApplication;
use Symfony\Component\Console\Input\InputOption;
class Application extends BaseApplication
{
/**
* @param \SimpleSAML\Kernel $kernel
*/
public function __construct(Kernel $kernel)
{
parent::__construct($kernel);
$inputDefinition = $this->getDefinition();
$inputDefinition->addOption(
new InputOption('--module', '-m', InputOption::VALUE_REQUIRED, 'The module name', $kernel->getModule())
);
}
}
<?php
declare(strict_types=1);
namespace SimpleSAML;
use SimpleSAML\Utils\System;
use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
use Symfony\Component\Config\Exception\FileLocatorFileNotFoundException;
use Symfony\Component\Config\FileLocator;
use Symfony\Component\Config\Loader\LoaderInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Definition;
use Symfony\Component\DependencyInjection\Loader\DirectoryLoader;
use Symfony\Component\HttpKernel\Kernel as BaseKernel;
use Symfony\Component\Routing\RouteCollectionBuilder;
/**
* A class to create the container and handle a given request.
*/
class Kernel extends BaseKernel
{
use MicroKernelTrait;
public const CONFIG_EXTS = '.{php,xml,yaml,yml}';
/**
* @var string
*/
private $module;
/**
* @param string $module
*/
public function __construct($module)
{
$this->module = $module;
$env = getenv('APP_ENV') ?: (getenv('SYMFONY_ENV') ?: 'prod');
parent::__construct($env, false);
}
/**
* @return string
*/
public function getCacheDir()
{
$configuration = Configuration::getInstance();
$cachePath = $configuration->getString('tempdir') . '/cache/' . $this->module;
if (System::isAbsolutePath($cachePath)) {
return $cachePath;
}
return $configuration->getBaseDir() . '/' . $cachePath;
}
/**
* @return string
*/
public function getLogDir()
{
$configuration = Configuration::getInstance();
$loggingPath = $configuration->getString('loggingdir');
if (System::isAbsolutePath($loggingPath)) {
return $loggingPath;
}
return $configuration->getBaseDir() . '/' . $loggingPath;
}
/**
* {@inheritdoc}
*/
public function registerBundles()
{
return [
new FrameworkBundle(),
];
}
/**
* Get the module loaded in this kernel.
*
* @return string
*/
public function getModule()
{
return $this->module;
}
/**
* Configures the container.
*
* @param ContainerBuilder $container
* @param LoaderInterface $loader
* @return void
*/
protected function configureContainer(ContainerBuilder $c, LoaderInterface $loader)
{
$configuration = Configuration::getInstance();
$baseDir = $configuration->getBaseDir();
$loader->load($baseDir . '/routing/services/*' . self::CONFIG_EXTS, 'glob');
$confDir = Module::getModuleDir($this->module) . '/routing/services';
if (is_dir($confDir)) {
$loader->load($confDir . '/**/*' . self::CONFIG_EXTS, 'glob');
}
$c->loadFromExtension('framework', [
'secret' => Configuration::getInstance()->getString('secretsalt'),
]);
$this->registerModuleControllers($c);
}
/**
* Import routes.
*
* @param RouteCollectionBuilder $routes
* @return void
*/
protected function configureRoutes(RouteCollectionBuilder $routes)
{
$configuration = Configuration::getInstance();
$baseDir = $configuration->getBaseDir();
$routes->import($baseDir . '/routing/routes/*' . self::CONFIG_EXTS, '/', 'glob');
$confDir = Module::getModuleDir($this->module) . '/routing/routes';
if (is_dir($confDir)) {
$routes->import($confDir . '/**/*' . self::CONFIG_EXTS, $this->module, 'glob');
} else {
// Remain backwards compatible by checking for routers in the old location (1.18 style)
$confDir = Module::getModuleDir($this->module);
$routes->import($confDir . '/routes' . self::CONFIG_EXTS, $this->module, 'glob');
}
}
/**
* @param ContainerBuilder $container
* @return void
*/
private function registerModuleControllers(ContainerBuilder $container): void
{
try {
$definition = new Definition();
$definition->setAutowired(true);
$definition->setPublic(true);
$controllerDir = Module::getModuleDir($this->module) . '/lib/Controller';
if (!is_dir($controllerDir)) {
return;
}
$loader = new DirectoryLoader(
$container,
new FileLocator($controllerDir . '/')
);
$loader->registerClasses(
$definition,
'SimpleSAML\\Module\\' . $this->module . '\\Controller\\',
$controllerDir . '/*'
);
} catch (FileLocatorFileNotFoundException $e) {
}
}
}
This diff is collapsed.
This diff is collapsed.
# Ignore any file or directory in this directory
/*
!/.gitignore
# Explicitly include modules that ship with simplesamlphp
!/admin/
!/core/
!/cron/
!/exampleauth/
!/multiauth/
!/portal/
!/saml/
<?php
declare(strict_types=1);
namespace SimpleSAML\Module\admin\Controller;
use SimpleSAML\Configuration;
use SimpleSAML\HTTP\RunnableResponse;
use SimpleSAML\Locale\Translate;
use SimpleSAML\Module;
use SimpleSAML\Session;
use SimpleSAML\Utils;
use SimpleSAML\XHTML\Template;
use Symfony\Component\HttpFoundation\Request;
/**
* Controller class for the admin module.
*
* This class serves the configuration views available in the module.
*
* @package SimpleSAML\Module\admin
*/
class Config
{
public const LATEST_VERSION_STATE_KEY = 'core:latest_simplesamlphp_version';
public const RELEASES_API = 'https://api.github.com/repos/simplesamlphp/simplesamlphp/releases/latest';
/** @var \SimpleSAML\Configuration */
protected $config;
/** @var Menu */
protected $menu;
/** @var \SimpleSAML\Session */
protected $session;
/**
* ConfigController constructor.
*
* @param \SimpleSAML\Configuration $config The configuration to use.
* @param \SimpleSAML\Session $session The current user session.
*/
public function __construct(Configuration $config, Session $session)
{
$this->config = $config;
$this->session = $session;
$this->menu = new Menu();
}
/**
* Display basic diagnostic information on hostname, port and protocol.
*
* @param Request $request The current request.
*
* @return \SimpleSAML\XHTML\Template
*/
public function diagnostics(Request $request)
{
Utils\Auth::requireAdmin();
$t = new Template($this->config, 'admin:diagnostics.twig');
$t->data = [
'remaining' => $this->session->getAuthData('admin', 'Expire') - time(),
'logouturl' => Utils\Auth::getAdminLogoutURL(),
'items' => [
'HTTP_HOST' => [$request->getHost()],
'HTTPS' => $request->isSecure() ? ['on'] : [],
'SERVER_PROTOCOL' => [$request->getProtocolVersion()],
'getBaseURL()' => [Utils\HTTP::getBaseURL()],
'getSelfHost()' => [Utils\HTTP::getSelfHost()],
'getSelfHostWithNonStandardPort()' => [Utils\HTTP::getSelfHostWithNonStandardPort()],
'getSelfURLHost()' => [Utils\HTTP::getSelfURLHost()],
'getSelfURLNoQuery()' => [Utils\HTTP::getSelfURLNoQuery()],
'getSelfHostWithPath()' => [Utils\HTTP::getSelfHostWithPath()],
'getFirstPathElement()' => [Utils\HTTP::getFirstPathElement()],
'getSelfURL()' => [Utils\HTTP::getSelfURL()],
],
];
$this->menu->addOption('logout', $t->data['logouturl'], Translate::noop('Log out'));
return $this->menu->insert($t);
}
/**
* Display the main admin page.
*
* @return \SimpleSAML\XHTML\Template
*/
public function main()
{
Utils\Auth::requireAdmin();
$t = new Template($this->config, 'admin:config.twig');
$t->data = [
'warnings' => $this->getWarnings(),
'directory' => $this->config->getBaseDir(),
'version' => $this->config->getVersion(),
'links' => [
[
'href' => Module::getModuleURL('admin/diagnostics'),
'text' => Translate::noop('Diagnostics on hostname, port and protocol')
],
[
'href' => Module::getModuleURL('admin/phpinfo'),
'text' => Translate::noop('Information on your PHP installation')
]
],
'enablematrix' => [
'saml20idp' => $this->config->getBoolean('enable.saml20-idp', false),
'shib13idp' => $this->config->getBoolean('enable.shib13-idp', false),
],
'funcmatrix' => $this->getPrerequisiteChecks(),
'logouturl' => Utils\Auth::getAdminLogoutURL(),
];
Module::callHooks('configpage', $t);
$this->menu->addOption('logout', Utils\Auth::getAdminLogoutURL(), Translate::noop('Log out'));
return $this->menu->insert($t);
}
/**
* Display the output of phpinfo().
*
* @return RunnableResponse
*/
public function phpinfo()
{
Utils\Auth::requireAdmin();
return new RunnableResponse('phpinfo');
}
/**
* Perform a list of checks on the current installation, and return the results as an array.
*
* The elements in the array returned are also arrays with the following keys:
*
* - required: Whether this prerequisite is mandatory or not. One of "required" or "optional".
* - descr: A translatable text that describes the prerequisite. If the text uses parameters, the value must be an
* array where the first value is the text to translate, and the second is a hashed array containing the
* parameters needed to properly translate the text.
* - enabled: True if the prerequisite is met, false otherwise.
*
* @return array
*/
protected function getPrerequisiteChecks()
{
$matrix = [
[
'required' => 'required',
'descr' => [
Translate::noop('PHP %minimum% or newer is needed. You are running: %current%'),
[
'%minimum%' => '7.1',
'%current%' => explode('-', phpversion())[0]
]
],
'enabled' => version_compare(phpversion(), '7.1', '>=')
]
];
$store = $this->config->getString('store.type', '');
// check dependencies used via normal functions
$functions = [
'time' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('Date/Time Extension'),
]
],
'hash' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('Hashing function'),
]
],
'gzinflate' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('ZLib'),
]
],
'openssl_sign' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('OpenSSL'),
]
],
'dom_import_simplexml' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('XML DOM'),
]
],
'preg_match' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('Regular expression support'),
]
],
'json_decode' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('JSON support'),
]
],
'class_implements' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('Standard PHP library (SPL)'),
]
],
'mb_strlen' => [
'required' => 'required',
'descr' => [
'required' => Translate::noop('Multibyte String extension'),
]
],
'curl_init' => [
'required' => $this->config->getBoolean('admin.checkforupdates', true) ? 'required' : 'optional',
'descr' => [
'optional' => Translate::noop(
'cURL (might be required by some modules)'
),