From f0ac454be1e234ad157d3a400f593495b7a35727 Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Sun, 16 Oct 2022 09:50:08 +0100 Subject: [PATCH] Prevented saml2 autodiscovery on metadata load Fixes issue where metadata cannot be viewed if autload is active and entityid url is not active. For #2480 --- app/Auth/Access/Saml2Service.php | 19 ++++++++----------- tests/Auth/Saml2Test.php | 14 ++++++++++++++ 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/app/Auth/Access/Saml2Service.php b/app/Auth/Access/Saml2Service.php index b0bf39995e6..a95e3b1d2e8 100644 --- a/app/Auth/Access/Saml2Service.php +++ b/app/Auth/Access/Saml2Service.php @@ -20,14 +20,11 @@ */ class Saml2Service { - protected $config; - protected $registrationService; - protected $loginService; - protected $groupSyncService; + protected array $config; + protected RegistrationService $registrationService; + protected LoginService $loginService; + protected GroupSyncService $groupSyncService; - /** - * Saml2Service constructor. - */ public function __construct( RegistrationService $registrationService, LoginService $loginService, @@ -169,7 +166,7 @@ protected function actionLogout() */ public function metadata(): string { - $toolKit = $this->getToolkit(); + $toolKit = $this->getToolkit(true); $settings = $toolKit->getSettings(); $metadata = $settings->getSPMetadata(); $errors = $settings->validateMetadata($metadata); @@ -190,7 +187,7 @@ public function metadata(): string * @throws Error * @throws Exception */ - protected function getToolkit(): Auth + protected function getToolkit(bool $spOnly = false): Auth { $settings = $this->config['onelogin']; $overrides = $this->config['onelogin_overrides'] ?? []; @@ -200,14 +197,14 @@ protected function getToolkit(): Auth } $metaDataSettings = []; - if ($this->config['autoload_from_metadata']) { + if (!$spOnly && $this->config['autoload_from_metadata']) { $metaDataSettings = IdPMetadataParser::parseRemoteXML($settings['idp']['entityId']); } $spSettings = $this->loadOneloginServiceProviderDetails(); $settings = array_replace_recursive($settings, $spSettings, $metaDataSettings, $overrides); - return new Auth($settings); + return new Auth($settings, $spOnly); } /** diff --git a/tests/Auth/Saml2Test.php b/tests/Auth/Saml2Test.php index 885adf9e0a4..4c8d14dd5c8 100644 --- a/tests/Auth/Saml2Test.php +++ b/tests/Auth/Saml2Test.php @@ -41,6 +41,20 @@ public function test_metadata_endpoint_displays_xml_as_expected() $req->assertSee(url('/saml2/acs')); } + public function test_metadata_endpoint_loads_when_autoloading_with_bad_url_set() + { + config()->set([ + 'saml2.autoload_from_metadata' => true, + 'saml2.onelogin.idp.entityId' => 'http://192.168.1.1:9292', + 'saml2.onelogin.idp.singleSignOnService.url' => null, + ]); + + $req = $this->get('/saml2/metadata'); + $req->assertOk(); + $req->assertHeader('Content-Type', 'text/xml; charset=UTF-8'); + $req->assertSee('md:EntityDescriptor'); + } + public function test_onelogin_overrides_functions_as_expected() { $json = '{"sp": {"assertionConsumerService": {"url": "https://example.com/super-cats"}}, "contactPerson": {"technical": {"givenName": "Barry Scott", "emailAddress": "barry@example.com"}}}';