|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace SimpleSAML\Module\monitor\TestSuite; |
|
4
|
|
|
|
|
5
|
|
|
use \SimpleSAML_Configuration as ApplicationConfiguration; |
|
6
|
|
|
use \SimpleSAML\Module\monitor\TestConfiguration as TestConfiguration; |
|
7
|
|
|
use \SimpleSAML\Module\monitor\TestData as TestData; |
|
8
|
|
|
|
|
9
|
|
|
final class AuthSources extends \SimpleSAML\Module\monitor\TestSuiteFactory |
|
10
|
|
|
{ |
|
11
|
|
|
/** |
|
12
|
|
|
* @var array|bool |
|
13
|
|
|
*/ |
|
14
|
|
|
private $checkAuthSources = true; |
|
15
|
|
|
|
|
16
|
|
|
/** |
|
17
|
|
|
* @var ApplicationConfiguration |
|
18
|
|
|
*/ |
|
19
|
|
|
private $authSourceConfig; |
|
20
|
|
|
|
|
21
|
|
|
|
|
22
|
|
|
/** |
|
23
|
|
|
* @param TestConfiguration $configuration |
|
24
|
|
|
*/ |
|
25
|
|
|
public function __construct($configuration) |
|
26
|
|
|
{ |
|
27
|
|
|
$moduleConfig = $configuration->getModuleConfig(); |
|
28
|
|
|
|
|
29
|
|
|
$this->authSourceConfig = $configuration->getAuthSourceConfig(); |
|
30
|
|
|
$this->checkAuthSources = $moduleConfig->getValue('checkAuthSources', true); |
|
31
|
|
|
|
|
32
|
|
|
parent::__construct($configuration); |
|
33
|
|
|
} |
|
34
|
|
|
|
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* @return void |
|
38
|
|
|
*/ |
|
39
|
|
|
protected function invokeTestSuite() |
|
40
|
|
|
{ |
|
41
|
|
|
if ($this->checkAuthSources === true) { |
|
42
|
|
|
$authSources = $this->authSourceConfig->getOptions(); |
|
43
|
|
|
} else if (is_array($this->checkAuthSources)) { |
|
44
|
|
|
$authSources = array_intersect($this->authSourceConfig->getOptions(), $this->checkAuthSources); |
|
45
|
|
|
} else { // false or invalid value |
|
46
|
|
|
return; |
|
47
|
|
|
} |
|
48
|
|
|
|
|
49
|
|
|
$configuration = $this->getConfiguration(); |
|
50
|
|
|
foreach ($authSources as $authSourceId) { |
|
51
|
|
|
$authSourceData = $this->authSourceConfig->getValue($authSourceId); |
|
52
|
|
|
$input = array( |
|
53
|
|
|
'authSourceId' => $authSourceId, |
|
54
|
|
|
'authSourceData' => $authSourceData |
|
55
|
|
|
); |
|
56
|
|
|
$testData = new TestData($input); |
|
57
|
|
|
|
|
58
|
|
|
switch ($authSourceData[0]) { |
|
59
|
|
|
case 'ldap:LDAP': |
|
60
|
|
|
$test = new AuthSource\Ldap($configuration, $testData); |
|
61
|
|
|
$this->addTestResult($test->getTestResult()); |
|
62
|
|
|
//$this->addMessages($test->getMessages(), $authSourceId); |
|
|
|
|
|
|
63
|
|
|
break; |
|
64
|
|
|
case 'negotiate:Negotiate': |
|
65
|
|
|
$test = new AuthSource\Negotiate($configuration, $testData); |
|
66
|
|
|
$this->addTestResult($test->getTestResult()); |
|
67
|
|
|
//$this->addMessages($test->getMessages(), $authSourceId); |
|
|
|
|
|
|
68
|
|
|
|
|
69
|
|
|
// We need to do some convertions from Negotiate > LDAP |
|
70
|
|
|
$this->convertAuthSourceData($authSourceData); |
|
71
|
|
|
$testData->setInput($authSourceData, 'authSourceData'); |
|
72
|
|
|
|
|
73
|
|
|
$ldapTest = new AuthSource\Ldap($configuration, $testData); |
|
|
|
|
|
|
74
|
|
|
$this->addTestResult($test->getTestResult()); |
|
75
|
|
|
//$this->addMessages($ldapTest->getMessages(), $authSourceId); |
|
|
|
|
|
|
76
|
|
|
break; |
|
77
|
|
|
case 'multiauth:MultiAuth': |
|
78
|
|
|
// Relies on other authSources |
|
79
|
|
|
continue 2; |
|
80
|
|
|
default: |
|
81
|
|
|
// Not implemented |
|
82
|
|
|
continue 2; |
|
83
|
|
|
} |
|
84
|
|
|
} |
|
85
|
|
|
|
|
86
|
|
|
$this->calculateState(); |
|
87
|
|
|
} |
|
88
|
|
|
|
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* @param array $authSourceData |
|
92
|
|
|
* |
|
93
|
|
|
* @return void |
|
94
|
|
|
*/ |
|
95
|
|
|
private function convertAuthSourceData(&$authSourceData) |
|
96
|
|
|
{ |
|
97
|
|
|
// LDAP and Negotiate authSources use different names for equal properties |
|
98
|
|
|
// Hopefully this function can go away in SSP 2.0 |
|
99
|
|
|
if (isSet($authSourceData['debugLDAP'])) { |
|
100
|
|
|
$authSourceData['debug'] = $authSourceData['debugLDAP']; |
|
101
|
|
|
unset($authSourceData['debugLDAP']); |
|
102
|
|
|
} |
|
103
|
|
|
if (isSet($authSourceData['adminUser'])) { |
|
104
|
|
|
$authSourceData['search.username'] = $authSourceData['adminUser']; |
|
105
|
|
|
unset($authSourceData['adminUser']); |
|
106
|
|
|
} |
|
107
|
|
|
if (isSet($authSourceData['adminPassword'])) { |
|
108
|
|
|
$authSourceData['search.password'] = $authSourceData['adminPassword']; |
|
109
|
|
|
unset($authSourceData['adminPassword']); |
|
110
|
|
|
} |
|
111
|
|
|
if (isSet($authSourceData['base'])) { |
|
112
|
|
|
$authSourceData['search.base'] = $authSourceData['base']; |
|
113
|
|
|
unset($authSourceData['base']); |
|
114
|
|
|
} |
|
115
|
|
|
} |
|
116
|
|
|
} |
|
117
|
|
|
|
tvdijen /
simplesamlphp-module-monitor
Loading history...
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.