refactor generateUserId.fix error of calling deprecated static method.

rciam · Dec 4, 2023 · 4734759 · 4734759
1 parent 6da3c4b
commit 4734759
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 21 deletions.
diff --git a/locales/en/LC_MESSAGES/error.po → locales/en/LC_MESSAGES/userid.po b/locales/en/LC_MESSAGES/error.po → locales/en/LC_MESSAGES/userid.po
diff --git a/routing/routes/routes.yml b/routing/routes/routes.yml
@@ -1,8 +1,8 @@
 ---
 
-userid-error-report:
-  path: /userid/errorReport
+userid-error:
+  path: /error
   defaults: {
-    _controller: '\SimpleSAML\Module\userid\Controller\ErrorReport::main'
+    _controller: 'SimpleSAML\Module\userid\Controller\ErrorReport::main'
   }
-  methods: [POST]
+  methods: [POST,GET]
diff --git a/src/Auth/Process/OpaqueSmartID.php b/src/Auth/Process/OpaqueSmartID.php
@@ -8,8 +8,7 @@
 use SimpleSAML\Auth\{ProcessingFilter, State};
 use SimpleSAML\Error\Exception;
 use SimpleSAML\Metadata\MetaDataStorageHandler;
-use SimpleSAML\Utils\Config;
-use SimpleSAML\XHTML\Template;
+use SimpleSAML\Utils;
 
 /**
  * This filter is based on the `smartattributes:SmartID` authentication
@@ -20,6 +19,11 @@
  */
 class OpaqueSmartID extends ProcessingFilter
 {
+    /**
+     * @var \SimpleSAML\Utils\Config
+     */
+    protected Utils\Config $configUtils;
+
     /**
      * @var \SimpleSAML\Logger|string
      * @psalm-var \SimpleSAML\Logger|class-string
@@ -219,6 +223,8 @@ public function __construct(array $config, $reserved)
                 );
             }
         }
+
+        $this->configUtils = new Utils\Config();
     }
 
     /**
@@ -294,14 +300,20 @@ public function process(array &$request): void
      */
     private function generateUserId(array $request): ?string
     {
-        $authority = $this->getAuthority($request);
-        if (empty($authority)) {
-            // This should never happen
-            throw new Exception(
-                'Could not generate user identifier: Unknown authenticating authority'
-            );
+        $authority = null;
+        if ($this->addAuthority) {
+            $authority = $this->getAuthority($request);
+
+            if (empty($authority)) {
+                // This should never happen
+                throw new Exception(
+                   'Could not generate user identifier: Unknown authenticating authority'
+                );
+            }
         }
-        if (!empty($this->authorityCandidateMap[$authority])) {
+
+        if (isset($authority)
+            && !empty($this->authorityCandidateMap[$authority])) {
             $idCandidates = $this->authorityCandidateMap[$authority];
         } else {
             $idCandidates = $this->candidates;
@@ -335,7 +347,7 @@ private function generateUserId(array $request): ?string
             } else {
                 $smartId = ($this->addCandidate ? $idCandidate . ':' : '') . $idValue;
             }
-            $salt = Config::getSecretSalt();
+            $salt = $this->configUtils->getSecretSalt();
             $hashedUid = hash("sha256", $smartId . '!' . $salt);
             if (isset($this->scope)) {
                 $hashedUid .= '@' . $this->scope;
@@ -429,7 +441,7 @@ private function parseUserId($attribute): string
     /**
      * @param   array  $idpMetadata
      *
-     * @return string
+     * @return  string  IdPs list of emails
      */
     private function getIdPEmailAddress(array $idpMetadata): string
     {
@@ -555,10 +567,12 @@ public function setLogger(Logger $logger): void
     private function showError(string $errorCode, array $parameters): void
     {
         // Save state and redirect
-        $url = Module::getModuleURL('/userid/errorReport');
+        // The path matches the name of the route
+        $url = Module::getModuleURL('userid/error');
         $params = [
           'errorCode' => $errorCode,
-          'parameters' => $parameters
+          // Serialize the parameters
+          'parameters' => urlencode(base64_encode(json_encode($parameters)))
         ];
 
         $httpUtils = new Utils\HTTP();

diff --git a/src/Controller/ErrorReport.php b/src/Controller/ErrorReport.php
@@ -2,19 +2,20 @@
 
 declare(strict_types=1);
 
+namespace SimpleSAML\Module\userid\Controller;
 
 use SAML2\Constants as C;
 use SimpleSAML\Assert\Assert;
 use SimpleSAML\Configuration;
-use SimpleSAML\HTTP\RunnableResponse;
-use SimpleSAML\Locale\Translate;
+use SimpleSAML\Logger;
 use SimpleSAML\Module\adfs\IdP\ADFS as ADFS_IdP;
 use SimpleSAML\Session;
 use SimpleSAML\XHTML\Template;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;
 use Symfony\Component\VarExporter\VarExporter;
+use Twig\TwigFunction;
 
 /**
  * Controller class for the admin module.
@@ -44,9 +45,13 @@ public function __construct(
      */
     public function main(Request $request, string $as = null): Template
     {
-        $errorCode = $request->request->get('errorCode');
-        $parameters = $request->request->get('parameters');
+        $errorCode = $request->query->get('errorCode');
+        $parameters = $request->query->get('parameters');
 
+        $parameters = json_decode(base64_decode(urldecode($parameters)));
+
+        Logger::debug('parameters:' . var_export($parameters, true));
+
         // redirect the user back to this page to clear the POST request
         $t = new Template($this->config, 'userid:errorreport.twig');
         $t->data['errorCode'] = $errorCode;