extlib-simplesaml: backport mods to extlib.

update location of post.js and post.css d in post.php. fixes #204

Issue #235 - DB Session not being saved on shutdown.

Rely only on moodle registered shutdown handlers to save the session (#327)

Issue #206 - Backporting modifications for auth_saml2

auth.php

@@ -914,7 +914,7 @@ public function test_settings() {
      */
     public function get_ssp_version() {
         require('setup.php');
-        $config = new SimpleSAML_Configuration(array(), '');
+        $config = new SimpleSAML\Configuration(array(), '');
         return $config->getVersion();
     }
 

debug.php

@@ -27,7 +27,7 @@
 require_login();
 require_capability('moodle/site:config', context_system::instance());
 
-$config = SimpleSAML_Configuration::getInstance();
+$config = SimpleSAML\Configuration::getInstance();
 
 $PAGE->set_url("$CFG->httpswwwroot/auth/saml2/debug.php");
 $PAGE->set_course($SITE);

extlib/simplesamlphp/lib/SimpleSAML/Session.php

@@ -147,8 +147,17 @@ class Session implements \Serializable, Utils\ClearableState
      */
     private function __construct($transient = false)
     {
+
         $this->setConfiguration(Configuration::getInstance());
 
+        // Moodle custom: Try saving session BEFORE $DB gets destroyed. The __destructor() call to save will be clean.
+        \core_shutdown_manager::register_function(
+            function($session) {
+                $session->save();
+            },
+            [$this]
+        );
+
         if (php_sapi_name() === 'cli' || defined('STDIN')) {
             $this->trackid = 'CL'.bin2hex(openssl_random_pseudo_bytes(4));
             Logger::setTrackId($this->trackid);
@@ -494,6 +503,10 @@ public function markDirty()
 
         $this->dirty = true;
 
+        // Moodle auth_saml2 hack, because we register a shutdown handler in
+        // moodle in the constructor we don't need to register a callback here.
+        return;
+
         if ($this->callback_registered) {
             // we already have a shutdown callback registered for this object, no need to add another one
             return;
@@ -509,7 +522,9 @@ public function markDirty()
      */
     public function __destruct()
     {
-        $this->save();
+        // Moodle auth_saml2 hack, we don't need to save here because we have
+        // a custom shutdown handle registered with moodle.
+        // $this->save();
     }
 
     /**

extlib/simplesamlphp/lib/SimpleSAML/Utils/HTTP.php

@@ -993,6 +993,13 @@ public static function redirectTrustedURL($url, $parameters = [])
         }
 
         $url = self::normalizeURL($url);
+
+        // This is a Moodle hack. Both moodle and SSPHP rely on automatic
+        // destructors to cleanup the $DB var and the SSPHP session but
+        // this order is not guaranteed, so we force session saving here.
+        $session = \SimpleSAML\Session::getSessionFromRequest();
+        $session->save();
+
         self::redirect($url, $parameters);
     }
 

extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php

@@ -443,6 +443,7 @@ private function getSLOEndpoints()
      */
     private function startSSO1(\SimpleSAML\Configuration $idpMetadata, array $state)
     {
+        global $CFG;
         $idpEntityId = $idpMetadata->getString('entityid');
 
         $state['saml:idp'] = $idpEntityId;
@@ -453,6 +454,8 @@ private function startSSO1(\SimpleSAML\Configuration $idpMetadata, array $state)
         $id = State::saveState($state, 'saml:sp:sso');
         $ar->setRelayState($id);
 
+        $shire = $CFG->wwwroot . '/auth/saml2/sp/saml1-acs.php/' . $this->authId;
+        /* MOODLE CHANGE;
         $useArtifact = $idpMetadata->getBoolean('saml1.useartifact', null);
         if ($useArtifact === null) {
             $useArtifact = $this->metadata->getBoolean('saml1.useartifact', false);
@@ -463,7 +466,7 @@ private function startSSO1(\SimpleSAML\Configuration $idpMetadata, array $state)
         } else {
             $shire = \SimpleSAML\Module::getModuleURL('saml/sp/saml1-acs.php/'.$this->authId);
         }
-
+       */
         $url = $ar->createRedirect($idpEntityId, $shire);
 
         \SimpleSAML\Logger::debug('Starting SAML 1 SSO to '.var_export($idpEntityId, true).
@@ -488,7 +491,10 @@ private function startSSO2(\SimpleSAML\Configuration $idpMetadata, array $state)
 
         $ar = \SimpleSAML\Module\saml\Message::buildAuthnRequest($this->metadata, $idpMetadata);
 
-        $ar->setAssertionConsumerServiceURL(\SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/'.$this->authId));
+        // auth_saml2 modification
+        $baseurl = \SimpleSAML\Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId);
+        $baseurl = str_replace('module.php/saml/sp/', '', $baseurl);
+        $ar->setAssertionConsumerServiceURL($baseurl);
 
         if (isset($state['\SimpleSAML\Auth\Source.ReturnURL'])) {
             $ar->setRelayState($state['\SimpleSAML\Auth\Source.ReturnURL']);
@@ -648,6 +654,11 @@ private function startSSO2(\SimpleSAML\Configuration $idpMetadata, array $state)
 
         $b = \SAML2\Binding::getBinding($dst['Binding']);
 
+        // This is a Moodle hack. Both moodle and SSPHP rely on automatic
+        // destructors to cleanup the $DB var and the SSPHP session but
+        // this order is not guaranteed, so we force session saving here.
+        $session = \SimpleSAML\Session::getSessionFromRequest();
+        $session->save();
         $this->sendSAML2AuthnRequest($state, $b, $ar);
 
         assert(false);

extlib/simplesamlphp/templates/post.php

@@ -4,8 +4,8 @@
 <head>
     <meta http-equiv="content-type" content="text/html; charset=utf-8" />
     <title>POST data</title>
-    <script src="/<?php echo $this->data['baseurlpath']; ?>resources/post.js"></script>
-    <link type="text/css" rel="stylesheet" href="/<?php echo $this->data['baseurlpath']; ?>resources/post.css" />
+    <script src="/<?php echo $this->data['baseurlpath']; ?>../extlib/simplesamlphp/www/resources/post.js"></script>
+    <link type="text/css" rel="stylesheet" href="/<?php echo $this->data['baseurlpath']; ?>../extlib/simplesamlphp/www/resources/post.css" />
 </head>
 <body>
 

locallib.php

@@ -43,14 +43,14 @@ function auth_saml2_get_sp_metadata() {
         return $xml;
     }
 
-    $config = SimpleSAML_Configuration::getInstance();
-    $source = SimpleSAML_Auth_Source::getById($sourceId);
+    $config = SimpleSAML\Configuration::getInstance();
+    $source = SimpleSAML\Auth\Source::getById($sourceId);
     if ($source === NULL) {
-        throw new SimpleSAML_Error_NotFound('Could not find authentication source with id ' . $sourceId);
+        throw new SimpleSAML\Error\NotFound('Could not find authentication source with id ' . $sourceId);
     }
 
     if (!($source instanceof sspmod_saml_Auth_Source_SP)) {
-        throw new SimpleSAML_Error_NotFound('Source isn\'t a SAML SP: ' . var_export($sourceId, TRUE));
+        throw new SimpleSAML\Error\NotFound('Source isn\'t a SAML SP: ' . var_export($sourceId, TRUE));
     }
 
     $entityId = $source->getEntityId();

setup.php

@@ -50,4 +50,4 @@
     }
 }
 
-SimpleSAML_Configuration::setConfigDir("$CFG->dirroot/auth/saml2/config");
+SimpleSAML\Configuration::setConfigDir("$CFG->dirroot/auth/saml2/config");

tests/phpunit/autoloader_test.php

@@ -36,7 +36,7 @@ public function test_it_loads_classes() {
         $classes = [
             \Psr\Log\LoggerInterface::class,
             \SAML2\Utils::class,
-            SimpleSAML_Configuration::class,
+            \SimpleSAML\Configuration::class,
             \RobRichards\XMLSecLibs\XMLSecEnc::class,
             Twig_Loader_Filesystem::class,
         ];