Remove deprecated modules and options

Signed-off-by: Ivan Kanakarakis <[email protected]>

Author: c00kiemon5ter

README.md

@@ -2,7 +2,7 @@
 [![Build Status](https://travis-ci.org/IdentityPython/SATOSA.svg?branch=travis)](https://travis-ci.org/IdentityPython/SATOSA)
 [![PyPI](https://img.shields.io/pypi/v/SATOSA.svg)](https://pypi.python.org/pypi/SATOSA)
 
-A configurable proxy for translating between different authentication protocols such as SAML2, 
+A configurable proxy for translating between different authentication protocols such as SAML2,
 OpenID Connect and OAuth2.
 
 # Table of Contents
@@ -19,7 +19,6 @@ OpenID Connect and OAuth2.
         - [attributes](doc/README.md#attributes)
         - [user_id_from_attrs](doc/README.md#user_id_from_attrs)
         - [user_id_to_attr](doc/README.md#user_id_to_attr)
-        - [hash](doc/README.md#hash)
 - [Plugins](doc/README.md#plugins)
     - [SAML2 plugins](doc/README.md#saml_plugin)
         - [Metadata](doc/README.md#metadata)
@@ -36,26 +35,26 @@ OpenID Connect and OAuth2.
 
 
 # Use cases
-In this section a set of use cases for the proxy is presented. 
+In this section a set of use cases for the proxy is presented.
 
 ## SAML2<->SAML2
-There are SAML2 service providers for example Box which is not able to handle multiple identity 
-providers. For more information about how to set up, configure and run such a proxy instance 
+There are SAML2 service providers for example Box which is not able to handle multiple identity
+providers. For more information about how to set up, configure and run such a proxy instance
 please visit [Single Service Provider<->Multiple Identity providers](doc/one-to-many.md)
 
-If an identity provider can not communicate with service providers in for example a federation the 
+If an identity provider can not communicate with service providers in for example a federation the
 can convert request and make the communication possible.
 
 ## SAML2<->Social logins
-This setup makes it possible to connect a SAML2 service provider to multiple social media identity 
-providers such as Google and Facebook. The proxy makes it possible to mirror a identity provider by 
-generating SAML2 metadata corresponding that provider and create dynamic endpoint which 
+This setup makes it possible to connect a SAML2 service provider to multiple social media identity
+providers such as Google and Facebook. The proxy makes it possible to mirror a identity provider by
+generating SAML2 metadata corresponding that provider and create dynamic endpoint which
 are connected to a single identity provider.
-For more information about how to set up, configure and run such a proxy instance please visit 
+For more information about how to set up, configure and run such a proxy instance please visit
 [SAML2<->Social logins](doc/SAML2-to-Social_logins.md)
 
 ## SAML2<->OIDC
-The proxy is able to act as a proxy between a SAML2 service provider and a OpenID connect provider 
+The proxy is able to act as a proxy between a SAML2 service provider and a OpenID connect provider
 [SAML2<->OIDC](doc/saml2-to-oidc.md)
 
 # Contact

doc/README.md

@@ -44,7 +44,6 @@ in the [example directory](../example).
 | `BACKEND_MODULES` | string[] | `[openid_connect_backend.yaml, saml2_backend.yaml]` | list of plugin configuration file paths, describing enabled backends |
 | `FRONTEND_MODULES` | string[] | `[saml2_frontend.yaml, openid_connect_frontend.yaml]` | list of plugin configuration file paths, describing enabled frontends |
 | `MICRO_SERVICES` | string[] | `[statistics_service.yaml]` | list of plugin configuration file paths, describing enabled microservices |
-| `USER_ID_HASH_SALT` | string | `61a89d2db0b9e1e2` | **DEPRECATED - use the hasher micro-service** salt used when creating the persistent user identifier, will be overridden by the environment variable `SATOSA_USER_ID_HASH_SALT` if it is set |
 | `LOGGING` | dict | see [Python logging.conf](https://docs.python.org/3/library/logging.config.html) | optional configuration of application logging |
 
 
@@ -120,13 +119,6 @@ linking, the `user_id_to_attr` configuration parameter should be set, since that
 service will overwrite the subject identifier generated by the proxy.
 
 
-### hash **DEPRECATED - use the hasher micro-service**
-The proxy can hash any attribute value (e.g., for obfuscation) before passing
-it on to the client. The `hash` key should contain a list of all attribute names
-for which the corresponding attribute values should be hashed before being
-returned to the client.
-
-
 ## Plugins
 The authentication protocol specific communication is handled by different plugins,
 divided into frontends (receiving requests from clients) and backends (sending requests

doc/mod_wsgi.md

@@ -110,8 +110,6 @@ BASE: https://some.host.org
 
 STATE_ENCRYPTION_KEY: fazmC8yELv38f9PF0kbS
 
-USER_ID_HASH_SALT: i7tmt34rzb2QRDgN1Ggy
-
 INTERNAL_ATTRIBUTES: "/etc/satosa/internal_attributes.yaml"
 
 COOKIE_STATE_NAME: "SATOSA_STATE"

src/satosa/backends/saml2.py

@@ -30,7 +30,6 @@
     MetadataDescription, OrganizationDesc, ContactPersonDesc, UIInfoDesc
 )
 from satosa.backends.base import BackendModule
-from satosa.deprecated import SAMLInternalResponse
 
 
 logger = logging.getLogger(__name__)

src/satosa/base.py

@@ -4,7 +4,6 @@
 import json
 import logging
 import uuid
-import warnings as _warnings
 
 from saml2.s_utils import UnknownSystemEntity
 
@@ -17,10 +16,9 @@
 from .routing import ModuleRouter, SATOSANoBoundEndpointError
 from .state import cookie_to_state, SATOSAStateError, State, state_to_cookie
 
-from satosa.deprecated import hash_attributes
-
 import satosa.logging_util as lu
 
+
 logger = logging.getLogger(__name__)
 
 STATE_KEY = "SATOSA_BASE"
@@ -41,22 +39,6 @@ def __init__(self, config):
         """
         self.config = config
 
-        for option in ["USER_ID_HASH_SALT"]:
-            if option in self.config:
-                msg = (
-                    "'{opt}' configuration option is deprecated."
-                    " Use the hasher microservice instead."
-                ).format(opt=option)
-                _warnings.warn(msg, DeprecationWarning)
-
-        for option in ["hash"]:
-            if option in self.config["INTERNAL_ATTRIBUTES"]:
-                msg = (
-                    "'{opt}' configuration option is deprecated."
-                    " Use the hasher microservice instead."
-                ).format(opt=option)
-                _warnings.warn(msg, DeprecationWarning)
-
         logger.info("Loading backend modules...")
         backends = load_backends(self.config, self._auth_resp_callback_func,
                                  self.config["INTERNAL_ATTRIBUTES"])
@@ -130,12 +112,6 @@ def _auth_resp_finish(self, context, internal_response):
         if user_id_to_attr:
             internal_response.attributes[user_id_to_attr] = [internal_response.subject_id]
 
-        hash_attributes(
-            self.config["INTERNAL_ATTRIBUTES"].get("hash", []),
-            internal_response.attributes,
-            self.config.get("USER_ID_HASH_SALT", ""),
-        )
-
         # remove all session state unless CONTEXT_STATE_DELETE is False
         context.state.delete = self.config.get("CONTEXT_STATE_DELETE", True)
         context.request = None