NB-Public/user_saml
14
0
Fork 0
mirror of https://github.com/netzbegruenung/user_saml.git synced 2024-05-04 10:03:42 +02:00
Code Issues Projects Releases Wiki Activity

Updates onelogin/php-saml to v2.10.2

Browse source 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2017-01-02 17:17:40 +01:00
parent c05d85efd9
commit f0b99ce500
No known key found for this signature in database
GPG key ID: B9F6980CF6E759B1
16 changed files with 370 additions and 50 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
3rdparty/composer.lock generated vendored
View file

@ -4,21 +4,20 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "993f6c41684d235f66993e52d9b7dce0",
"content-hash": "bf3d6d016eca22c120719d73eb98378d",
"packages": [
{
"name": "onelogin/php-saml",
"version": "2.10.1",
"version": "2.10.2",
"source": {
"type": "git",
"url": "https://github.com/onelogin/php-saml.git",
"reference": "1017afe7fe6da1def37cc92af37434fbba893d03"
"reference": "f9543a05494633671ec587ae1611238dae6edfd4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/1017afe7fe6da1def37cc92af37434fbba893d03",
"reference": "1017afe7fe6da1def37cc92af37434fbba893d03",
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/f9543a05494633671ec587ae1611238dae6edfd4",
"reference": "f9543a05494633671ec587ae1611238dae6edfd4",
"shasum": ""
},
"require": {
@ -59,7 +58,7 @@
"onelogin",
"saml"
],
"time": "2016-10-26 11:31:56"
"time": "2016-11-15T15:34:53+00:00"
}
],
"packages-dev": [],

2
3rdparty/vendor/autoload.php vendored
View file

@ -2,6 +2,6 @@
// autoload.php @generated by Composer
require_once __DIR__ . '/composer' . '/autoload_real.php';
require_once __DIR__ . '/composer/autoload_real.php';
return ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc::getLoader();

48
3rdparty/vendor/composer/ClassLoader.php vendored
View file

@ -53,8 +53,9 @@ class ClassLoader
private $useIncludePath = false;
private $classMap = array();
private $classMapAuthoritative = false;
private $missingClasses = array();
private $apcuPrefix;
public function getPrefixes()
{
@ -271,6 +272,26 @@ class ClassLoader
return $this->classMapAuthoritative;
}
/**
* APCu prefix to use to cache found/not-found classes, if the extension is enabled.
*
* @param string|null $apcuPrefix
*/
public function setApcuPrefix($apcuPrefix)
{
$this->apcuPrefix = function_exists('apcu_fetch') && ini_get('apc.enabled') ? $apcuPrefix : null;
}
/**
* The APCu prefix in use, or null if APCu caching is not enabled.
*
* @return string|null
*/
public function getApcuPrefix()
{
return $this->apcuPrefix;
}
/**
* Registers this instance as an autoloader.
*
@ -313,29 +334,34 @@ class ClassLoader
*/
public function findFile($class)
{
// work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
if ('\\' == $class[0]) {
$class = substr($class, 1);
}
// class map lookup
if (isset($this->classMap[$class])) {
return $this->classMap[$class];
}
if ($this->classMapAuthoritative) {
if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) {
return false;
}
if (null !== $this->apcuPrefix) {
$file = apcu_fetch($this->apcuPrefix.$class, $hit);
if ($hit) {
return $file;
}
}
$file = $this->findFileWithExtension($class, '.php');
// Search for Hack files if we are running on HHVM
if ($file === null && defined('HHVM_VERSION')) {
if (false === $file && defined('HHVM_VERSION')) {
$file = $this->findFileWithExtension($class, '.hh');
}
if ($file === null) {
if (null !== $this->apcuPrefix) {
apcu_add($this->apcuPrefix.$class, $file);
}
if (false === $file) {
// Remember that this class does not exist.
return $this->classMap[$class] = false;
$this->missingClasses[$class] = true;
}
return $file;
@ -399,6 +425,8 @@ class ClassLoader
if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
return $file;
}
return false;
}
}

2
3rdparty/vendor/composer/autoload_real.php vendored
View file

@ -23,7 +23,7 @@ class ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
spl_autoload_unregister(array('ComposerAutoloaderInitcc75f134f7630c1ee3a8e4d7c86f3bcc', 'loadClassLoader'));
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION');
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
if ($useStaticLoader) {
require_once __DIR__ . '/autoload_static.php';

12
3rdparty/vendor/composer/installed.json vendored
View file

@ -1,17 +1,17 @@
[
{
"name": "onelogin/php-saml",
"version": "2.10.1",
"version_normalized": "2.10.1.0",
"version": "2.10.2",
"version_normalized": "2.10.2.0",
"source": {
"type": "git",
"url": "https://github.com/onelogin/php-saml.git",
"reference": "1017afe7fe6da1def37cc92af37434fbba893d03"
"reference": "f9543a05494633671ec587ae1611238dae6edfd4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/1017afe7fe6da1def37cc92af37434fbba893d03",
"reference": "1017afe7fe6da1def37cc92af37434fbba893d03",
"url": "https://api.github.com/repos/onelogin/php-saml/zipball/f9543a05494633671ec587ae1611238dae6edfd4",
"reference": "f9543a05494633671ec587ae1611238dae6edfd4",
"shasum": ""
},
"require": {
@ -33,7 +33,7 @@
"ext-mcrypt": "Install mcrypt and php5-mcrypt libs in order to support encryption",
"lib-openssl": "Install openssl lib in order to handle with x509 certs (require to support sign and encryption)"
},
"time": "2016-10-26 11:31:56",
"time": "2016-11-15T15:34:53+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {

5
3rdparty/vendor/onelogin/php-saml/CHANGELOG vendored
View file

@ -1,5 +1,10 @@
CHANGELOG
=========
v.2.10.2
* [#175](https://github.com/onelogin/php-saml/pull/175) Allow overriding of host, port, protocol and url path for URL building
* [#173](https://github.com/onelogin/php-saml/pull/173) Provide better support to NameIdFormat
* Fix another issue on Assertion Signature validation when the assertion contains no namespace, container has saml2 namespace and it was encrypted
v.2.10.1
* Fix error message on SignMetadata process
* Fix issue on Assertion Signature validation when the assertion contains no namespace and it was encrypted

31
3rdparty/vendor/onelogin/php-saml/README.md vendored
View file

@ -279,6 +279,12 @@ $settings = array (
// Enable debug mode (to print errors).
'debug' => false,
// Set a BaseURL to be used instead of try to guess
// the BaseURL of the view that process the SAML Message.
// Ex http://sp.example.com/
// http://example.com/sp/
'baseurl' => null,
// Service Provider Data that we are deploying.
'sp' => array (
// Identifier of the SP entity (must be a URI)
@ -1035,6 +1041,26 @@ if (isset($_SESSION['samlUserdata'])) { // If there is user data we print it.
}
```
#### URL-guessing methods ####
php-saml toolkit uses a bunch of methods in OneLogin_Saml2_Utils that try to guess the URL where the SAML messages are processed.
* `getSelfHost` Returns the current host.
* `getSelfPort` Return the port number used for the request
* `isHTTPS` Checks if the protocol is https or http.
* `getSelfURLhost` Returns the protocol + the current host + the port (if different than common ports).
* `getSelfURL` Returns the URL of the current host + current view + query.
* `getSelfURLNoQuery` Returns the URL of the current host + current view.
* `getSelfRoutedURLNoQuery` Returns the routed URL of the current host + current view.
getSelfURLNoQuery and getSelfRoutedURLNoQuery are used to calculate the currentURL in order to valdate SAML elements like Destination or Recipient.
When the PHP application is behind a proxy or a load balancer we can execute setProxyVars(true) and getSelfPort and isHTTPS will take care of the $_SERVER["HTTP_X_FORWARDED_PORT"] and $_SERVER['HTTP_X_FORWARDED_PROTO'] vars (otherwise they are ignored).
Also a developer can use setSelfProtocol, setSelfHost, setSelfPort and getBaseURLPath to define a specific value to be returned by isHTTPS, getSelfHost, getSelfPort and getBaseURLPath. And define a setBasePath to be used on the getSelfURL and getSelfRoutedURLNoQuery to replace the data extracted from $_SERVER["REQUEST_URI"].
At the settings the developer will be able to set a 'baseurl' parameter that automatically will use setBaseURL to set values for setSelfProtocol, setSelfHost, setSelfPort and setBaseURLPath.
### Main classes and methods ###
Described below are the main classes and methods that can be invoked.
@ -1131,6 +1157,7 @@ SAML 2 Authentication Response class
* `getNameIdData` - Gets the NameID Data provided by the SAML response from the
IdP.
* `getNameId` - Gets the NameID provided by the SAML response from the IdP.
* `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP.
* `getSessionNotOnOrAfter` - Gets the SessionNotOnOrAfter from the
AuthnStatement
* `getSessionIndex` - Gets the SessionIndex from the AuthnStatement.
@ -1196,7 +1223,9 @@ Configuration of the OneLogin PHP Toolkit
* `formatSPKey` - Formats the SP private key.
* `getErrors` - Returns an array with the errors, the array is empty when
the settings is ok.
* `getLastErrorReason`* Returns the reason of the last error
* `getLastErrorReason` - Returns the reason of the last error
* `getBaseURL` - Returns the baseurl set on the settings if any.
* `setBaseURL` - Set a baseurl value
* `setStrict` - Activates or deactivates the strict mode.
* `isStrict` - Returns if the 'strict' mode is active.
* `isDebugActive` - Returns if the debug is active.

2
3rdparty/vendor/onelogin/php-saml/composer.json vendored
View file

@ -2,7 +2,7 @@
"name": "onelogin/php-saml",
"description": "OneLogin PHP SAML Toolkit",
"license": "MIT",
"version": "2.10.1",
"version": "2.10.2",
"homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
"keywords": ["saml", "saml2", "onelogin"],
"autoload": {

23
3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php vendored
View file

@ -28,6 +28,13 @@ class OneLogin_Saml2_Auth
*/
private $_nameid;
/**
* NameID Format
*
* @var string
*/
private $_nameidFormat;
/**
* If user is authenticated.
*
@ -126,6 +133,7 @@ class OneLogin_Saml2_Auth
if ($response->isValid($requestId)) {
$this->_attributes = $response->getAttributes();
$this->_nameid = $response->getNameId();
$this->_nameidFormat = $response->getNameIdFormat();
$this->_authenticated = true;
$this->_sessionIndex = $response->getSessionIndex();
$this->_sessionExpiration = $response->getSessionNotOnOrAfter();
@ -265,6 +273,16 @@ class OneLogin_Saml2_Auth
return $this->_nameid;
}
/**
* Returns the nameID Format
*
* @return string The nameID Format of the assertion
*/
public function getNameIdFormat()
{
return $this->_nameidFormat;
}
/**
* Returns the SessionIndex
*
@ -369,12 +387,13 @@ class OneLogin_Saml2_Auth
* @param string|null $nameId The NameID that will be set in the LogoutRequest.
* @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
* @param bool $stay True if we want to stay (returns the url string) False to redirect
* @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
*
* @return If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
*
* @throws OneLogin_Saml2_Error
*/
public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null, $stay=false)
public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null, $stay=false, $nameIdFormat = null)
{
assert('is_array($parameters)');
@ -390,7 +409,7 @@ class OneLogin_Saml2_Auth
$nameId = $this->_nameid;
}
$logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, null, $nameId, $sessionIndex);
$logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, null, $nameId, $sessionIndex, $nameIdFormat);
$this->_lastRequestID = $logoutRequest->id;

21
3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutRequest.php vendored
View file

@ -34,16 +34,21 @@ class OneLogin_Saml2_LogoutRequest
/**
* Constructs the Logout Request object.
*
* @param OneLogin_Saml2_Settings $settings Settings
* @param string|null $request A UUEncoded Logout Request.
* @param string|null $nameId The NameID that will be set in the LogoutRequest.
* @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
* @param OneLogin_Saml2_Settings $settings Settings
* @param string|null $request A UUEncoded Logout Request.
* @param string|null $nameId The NameID that will be set in the LogoutRequest.
* @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
* @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
*/
public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null)
public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null)
{
$this->_settings = $settings;
$baseURL = $this->_settings->getBaseURL();
if (!empty($baseURL)) {
OneLogin_Saml2_Utils::setBaseURL($baseURL);
}
if (!isset($request) || empty($request)) {
$spData = $this->_settings->getSPData();
@ -62,7 +67,9 @@ class OneLogin_Saml2_LogoutRequest
}
if (!empty($nameId)) {
$nameIdFormat = $spData['NameIDFormat'];
if (empty($nameIdFormat)) {
$nameIdFormat = $spData['NameIDFormat'];
}
$spNameQualifier = null;
} else {
$nameId = $idpData['entityId'];

6
3rdparty/vendor/onelogin/php-saml/lib/Saml2/LogoutResponse.php vendored
View file

@ -41,6 +41,12 @@ class OneLogin_Saml2_LogoutResponse
public function __construct(OneLogin_Saml2_Settings $settings, $response = null)
{
$this->_settings = $settings;
$baseURL = $this->_settings->getBaseURL();
if (!empty($baseURL)) {
OneLogin_Saml2_Utils::setBaseURL($baseURL);
}
if ($response) {
$decoded = base64_decode($response);
$inflated = @gzinflate($decoded);

36
3rdparty/vendor/onelogin/php-saml/lib/Saml2/Response.php vendored
View file

@ -56,6 +56,11 @@ class OneLogin_Saml2_Response
{
$this->_settings = $settings;
$baseURL = $this->_settings->getBaseURL();
if (!empty($baseURL)) {
OneLogin_Saml2_Utils::setBaseURL($baseURL);
}
$this->response = base64_decode($response);
$this->document = new DOMDocument();
@ -479,6 +484,21 @@ class OneLogin_Saml2_Response
return $nameIdvalue;
}
/**
* Gets the NameID Format provided by the SAML response from the IdP.
*
* @return string Name ID Format
*/
public function getNameIdFormat()
{
$nameIdFormat = null;
$nameIdData = $this->getNameIdData();
if (!empty($nameIdData) && isset($nameIdData['Format'])) {
$nameIdFormat = $nameIdData['Format'];
}
return $nameIdFormat;
}
/**
* Gets the SessionNotOnOrAfter from the AuthnStatement.
* Could be used to set the local session expiration
@ -844,9 +864,21 @@ class OneLogin_Saml2_Response
# Fix possible issue with saml namespace
if (!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') &&
!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2') &&
!$decrypted->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns') &&
!$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml')) {
$decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns', OneLogin_Saml2_Constants::NS_SAML);
!$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml') &&
!$container->hasAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:saml2')
) {
if (strpos($encryptedAssertion->tagName, 'saml2:') !== false) {
$ns = 'xmlns:saml2';
} else if (strpos($encryptedAssertion->tagName, 'saml:') != false) {
$ns = 'xmlns:saml';
} else {
$ns = 'xmlns';
}
$decrypted->setAttributeNS('http://www.w3.org/2000/xmlns/', $ns, OneLogin_Saml2_Constants::NS_SAML);
}
$container->replaceChild($decrypted, $encryptedAssertion);

27
3rdparty/vendor/onelogin/php-saml/lib/Saml2/Settings.php vendored
View file

@ -14,6 +14,11 @@ class OneLogin_Saml2_Settings
*/
private $_paths = array();
/**
* @var string
*/
private $_baseurl;
/**
* Strict. If active, PHP Toolkit will reject unsigned or unencrypted messages
* if it expects them signed or encrypted. If not, the messages will be accepted
@ -240,6 +245,10 @@ class OneLogin_Saml2_Settings
$this->_debug = $settings['debug'];
}
if (isset($settings['baseurl'])) {
$this->_baseurl = $settings['baseurl'];
}
if (isset($settings['compress'])) {
$this->_compress = $settings['compress'];
}
@ -940,6 +949,24 @@ class OneLogin_Saml2_Settings
return $this->_debug;
}
/**
* Set a baseurl value.
*/
public function setBaseURL($baseurl)
{
$this->_baseurl = $baseurl;
}
/**
* Returns the baseurl set on the settings if any.
*
* @return null|string The baseurl
*/
public function getBaseURL()
{
return $this->_baseurl;
}
/**
* Sets the IdP certificate.
*

184
3rdparty/vendor/onelogin/php-saml/lib/Saml2/Utils.php vendored
View file

@ -16,6 +16,28 @@ class OneLogin_Saml2_Utils
*/
private static $_proxyVars = false;
/**
* @var string
*/
private static $_host;
/**
* @var string
*/
private static $_protocol;
/**
* @var int
*/
private static $_port;
/**
* @var string
*/
private static $_baseurlpath;
/**
* Translates any string. Accepts args
*
@ -233,7 +255,7 @@ class OneLogin_Saml2_Utils
}
/* Verify that the URL is to a http or https site. */
if (!preg_match('@^https?://@i', $url)) {
if (!preg_match('@^https?:\/\/@i', $url)) {
throw new OneLogin_Saml2_Error(
'Redirect to invalid URL: ' . $url,
OneLogin_Saml2_Error::REDIRECT_INVALID_URL
@ -280,6 +302,41 @@ class OneLogin_Saml2_Utils
exit();
}
/**
* @param $baseurl string The base url to be used when constructing URLs
*/
public static function setBaseURL($baseurl)
{
if (!empty($baseurl)) {
$baseurlpath = '/';
if (preg_match('#^https?:\/\/([^\/]*)\/?(.*)#i', $baseurl, $matches)) {
if (strpos($baseurl, 'https://') === false) {
self::setSelfProtocol('http');
$port = '80';
} else {
self::setSelfProtocol('https');
$port = '443';
}
$currentHost = $matches[1];
if (false !== strpos($currentHost, ':')) {
list($currentHost, $possiblePort) = explode(':', $matches[1], 2);
if (is_numeric($possiblePort)) {
$port = $possiblePort;
}
}
if (isset($matches[2]) && !empty($matches[2])) {
$baseurlpath = $matches[2];
}
self::setSelfHost($currentHost);
self::setSelfPort($port);
self::setBaseURLPath($baseurlpath);
}
}
}
/**
* @param $proxyVars bool Whether to use `X-Forwarded-*` headers to determine port/domain/protocol
*/
@ -323,12 +380,44 @@ class OneLogin_Saml2_Utils
return $protocol."://" . $currenthost . $port;
}
/**
* @param $host string The host to use when constructing URLs
*/
public static function setSelfHost($host)
{
self::$_host = $host;
}
/**
* @param $baseurlpath string The baseurl path to use when constructing URLs
*/
public static function setBaseURLPath($baseurlpath)
{
if (empty($baseurlpath) || $baseurlpath == '/') {
$baseurlpath = '/';
} else {
self::$_baseurlpath = '/' . trim($baseurlpath, '/') . '/';
}
}
/**
* return string The baseurlpath to be used when constructing URLs
*/
public static function getBaseURLPath()
{
return self::$_baseurlpath;
}
/**
* @return string The raw host name
*/
protected static function getRawHost()
{
if (array_key_exists('HTTP_HOST', $_SERVER)) {
if (self::$_host) {
$currentHost = self::$_host;
} elseif (self::getProxyVars() && array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER)) {
$currentHost = $_SERVER['HTTP_X_FORWARDED_HOST'];
} elseif (array_key_exists('HTTP_HOST', $_SERVER)) {
$currentHost = $_SERVER['HTTP_HOST'];
} elseif (array_key_exists('SERVER_NAME', $_SERVER)) {
$currentHost = $_SERVER['SERVER_NAME'];
@ -342,6 +431,40 @@ class OneLogin_Saml2_Utils
return $currentHost;
}
/**
* @param $port int The port number to use when constructing URLs
*/
public static function setSelfPort($port)
{
self::$_port = $port;
}
/**
* @param $protocol string The protocol to identify as using, usually http or https
*/
public static function setSelfProtocol($protocol)
{
self::$_protocol = $protocol;
}
/**
* @return string http|https
*/
public static function getSelfProtocol()
{
$protocol = 'http';
if (self::$_protocol) {
$protocol = self::$_protocol;
} elseif (self::getSelfPort() == 443) {
$protocol = 'https';
} elseif (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
$protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'];
} elseif (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
$protocol = 'https';
}
return $protocol;
}
/**
* Returns the current host.
*
@ -365,7 +488,9 @@ class OneLogin_Saml2_Utils
public static function getSelfPort()
{
$portnumber = null;
if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
if (self::$_port) {
$portnumber = self::$_port;
} else if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
$portnumber = $_SERVER["HTTP_X_FORWARDED_PORT"];
} else if (isset($_SERVER["SERVER_PORT"])) {
$portnumber = $_SERVER["SERVER_PORT"];
@ -390,10 +515,7 @@ class OneLogin_Saml2_Utils
*/
public static function isHTTPS()
{
$isHttps = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|| (self::getSelfPort() == 443)
|| (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
return $isHttps;
return self::getSelfProtocol() == 'https';
}
/**
@ -403,12 +525,19 @@ class OneLogin_Saml2_Utils
*/
public static function getSelfURLNoQuery()
{
$selfURLNoQuery = self::getSelfURLhost();
$infoWithBaseURLPath = self::buildWithBaseURLPath($_SERVER['SCRIPT_NAME']);
if (!empty($infoWithBaseURLPath)) {
$selfURLNoQuery .= $infoWithBaseURLPath;
} else {
$selfURLNoQuery .= $_SERVER['SCRIPT_NAME'];
}
$selfURLhost = self::getSelfURLhost();
$selfURLNoQuery = $selfURLhost . $_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['PATH_INFO'])) {
$selfURLNoQuery .= $_SERVER['PATH_INFO'];
}
return $selfURLNoQuery;
}
@ -419,9 +548,9 @@ class OneLogin_Saml2_Utils
*/
public static function getSelfRoutedURLNoQuery()
{
$selfURLhost = self::getSelfURLhost();
$route = '';
if (!empty($_SERVER['REQUEST_URI'])) {
$route = $_SERVER['REQUEST_URI'];
if (!empty($_SERVER['QUERY_STRING'])) {
@ -432,6 +561,11 @@ class OneLogin_Saml2_Utils
}
}
$infoWithBaseURLPath = self::buildWithBaseURLPath($route);
if (!empty($infoWithBaseURLPath)) {
$route = $infoWithBaseURLPath;
}
$selfRoutedURLNoQuery = $selfURLhost . $route;
return $selfRoutedURLNoQuery;
}
@ -449,14 +583,42 @@ class OneLogin_Saml2_Utils
if (!empty($_SERVER['REQUEST_URI'])) {
$requestURI = $_SERVER['REQUEST_URI'];
if ($requestURI[0] !== '/') {
if (preg_match('#^https?://[^/]*(/.*)#i', $requestURI, $matches)) {
if (preg_match('#^https?:\/\/[^\/]*(\/.*)#i', $requestURI, $matches)) {
$requestURI = $matches[1];
}
}
}
$infoWithBaseURLPath = self::buildWithBaseURLPath($requestURI);
if (!empty($infoWithBaseURLPath)) {
$requestURI = $infoWithBaseURLPath;
}
return $selfURLhost . $requestURI;
}
/**
* Returns the part of the URL with the BaseURLPath.
*
* @return string
*/
protected static function buildWithBaseURLPath($info)
{
$result = '';
$baseURLPath = self::getBaseURLPath();
if (!empty($baseURLPath)) {
$result = $baseURLPath;
if (!empty($info)) {
$path = explode('/', $info);
$extractedInfo = array_pop($path);
if (!empty($extractedInfo)) {
$result .= $extractedInfo;
}
}
}
return $result;
}
/**
* Extract a query param - as it was sent - from $_SERVER[QUERY_STRING]
*

4
3rdparty/vendor/onelogin/php-saml/lib/Saml2/version.json vendored
View file

@ -1,6 +1,6 @@
{
"php-saml": {
"version": "2.10.1",
"released": "26/10/2016"
"version": "2.10.2",
"released": "15/11/2016"
}
}

6
3rdparty/vendor/onelogin/php-saml/settings_example.php vendored
View file

@ -10,6 +10,12 @@ $settings = array (
// Enable debug mode (to print errors)
'debug' => false,
// Set a BaseURL to be used instead of try to guess
// the BaseURL of the view that process the SAML Message.
// Ex. http://sp.example.com/
// http://example.com/sp/
'baseurl' => null,
// Service Provider Data that we are deploying
'sp' => array (
// Identifier of the SP entity (must be a URI)