Merge pull request #401 from nextcloud/backport/396/stable-2.4

[stable-2.4] Add setting to specify a different signature algorithm

Author: blizzz

js/admin.js

@@ -322,6 +322,18 @@ $(function() {
 		});
 	});
 
+	$('#user-saml-security input[type="text"], #user-saml-security textarea').change(function(e) {
+		var el = $(this);
+		$.when(el.focusout()).then(function() {
+			var key = $(this).attr('name');
+			OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val());
+		});
+		if (e.keyCode === 13) {
+			var key = $(this).attr('name');
+			OCA.User_SAML.Admin.setSamlConfigValue('security', key, $(this).val());
+		}
+	});
+
 	$('#user-saml-attribute-mapping input[type="text"], #user-saml-attribute-mapping textarea').change(function(e) {
 		var el = $(this);
 		$.when(el.focusout()).then(function() {

lib/SAMLSettings.php

@@ -119,6 +119,7 @@ public function getOneLoginSettingsArray($idp) {
 				'wantXMLValidation' => ($this->config->getAppValue('user_saml', $prefix . 'security-wantXMLValidation', '0') === '1') ? true : false,
 				'requestedAuthnContext' => false,
 				'lowercaseUrlencoding' => ($this->config->getAppValue('user_saml', $prefix . 'security-lowercaseUrlencoding', '0') === '1') ? true : false,
+				'signatureAlgorithm' => $this->config->getAppValue('user_saml', $prefix . 'security-signatureAlgorithm', null)
 			],
 			'sp' => [
 				'entityId' => $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.getMetadata'),

lib/Settings/Admin.php

@@ -75,7 +75,7 @@ public function getForm() {
 			'authnRequestsSigned' => $this->l10n->t('Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]'),
 			'logoutRequestSigned' => $this->l10n->t('Indicates whether the  <samlp:logoutRequest> messages sent by this SP will be signed.'),
 			'logoutResponseSigned' => $this->l10n->t('Indicates whether the  <samlp:logoutResponse> messages sent by this SP will be signed.'),
-			'signMetadata' => $this->l10n->t('Whether the metadata should be signed.'),
+			'signMetadata' => $this->l10n->t('Whether the metadata should be signed.')
 		];
 		$securityRequiredFields = [
 			'wantMessagesSigned' => $this->l10n->t('Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed.'),
@@ -87,6 +87,10 @@ public function getForm() {
 		];
 		$securityGeneral = [
 			'lowercaseUrlencoding' =>  $this->l10n->t('ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.'),
+			'signatureAlgorithm' => [
+				'type' => 'line',
+				'text' => $this->l10n->t('Algorithm that the toolkit will use on signing process.')
+			]
 		];
 		$generalSettings = [
 			'uid_mapping' => [

templates/admin.php

@@ -177,11 +177,20 @@
 					</p>
 				<?php endforeach; ?>
 				<h4><?php p($l->t('General')) ?></h4>
-				<?php foreach($_['security-general'] as $key => $text): ?>
-					<p>
-						<input type="checkbox" id="user-saml-<?php p($key)?>" name="<?php p($key)?>" value="<?php p(\OC::$server->getConfig()->getAppValue('user_saml', 'security-'.$key, '0')) ?>" class="checkbox">
-						<label for="user-saml-<?php p($key)?>"><?php p($text) ?></label>
-					</p>
+				<?php foreach($_['security-general'] as $key => $attribute): ?>
+					<?php if (is_array($attribute) && $attribute['type'] === 'line') { ?>
+						<?php $text = $attribute['text'] ?>
+						<p>
+							<label><?php p($attribute['text']) ?></label><br />
+							<input data-key="<?php p($key)?>" name="<?php p($key) ?>" value="<?php p(\OC::$server->getConfig()->getAppValue('user_saml', 'security-'.$key, '')) ?>" type="text" <?php if(isset($attribute['required']) && $attribute['required'] === true): ?>class="required"<?php endif;?> placeholder="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+						</p>
+					<?php } else { ?>
+						<?php $text = $attribute ?>
+						<p>
+							<input type="checkbox" id="user-saml-<?php p($key)?>" name="<?php p($key)?>" value="<?php p(\OC::$server->getConfig()->getAppValue('user_saml', 'security-'.$key, '0')) ?>" class="checkbox">
+							<label for="user-saml-<?php p($key)?>"><?php p($text) ?></label><br/>
+						</p>
+					<?php } ?>
 				<?php endforeach; ?>
 			</div>
 		</div>

tests/unit/Settings/AdminTest.php

@@ -80,6 +80,10 @@ public function formDataProvider() {
 		];
 		$securityGeneral = [
 			'lowercaseUrlencoding' => 'ADFS URL-Encodes SAML data as lowercase, and the toolkit by default uses uppercase. Enable for ADFS compatibility on signature verification.',
+			'signatureAlgorithm' => [
+				'type' => 'line',
+				'text' => 'Algorithm that the toolkit will use on signing process.'
+			]
 		];
 		$generalSettings = [
 			'idp0_display_name' => [