Merge master into release-5.x

Author: tvdijen

.github/workflows/php.yml

@@ -52,7 +52,7 @@ jobs:
         with:
           # Should be the higest supported version, so we can use the newest tools
           php-version: '8.3'
-          tools: composer, composer-require-checker, composer-unused, phpcs
+          tools: composer, composer-require-checker, composer-unused:0.9.2, phpcs
           extensions: ctype, date, dom, filter, hash, mbstring, openssl, pcre, soap, spl, xml
           coverage: none
 

README-DEV.md

@@ -11,9 +11,9 @@ Test with the PHPCS configuration in `tools/phpcs/ruleset.xml`
 Use PHPUnit for Unit Testing.
 Test with the 2 known users: [SimpleSAMLphp][1] and [OpenConext-engineblock][2].
 
-## Using Tests in Development
+### Using Tests in Development
 
-In order to run the unittests, use `vendor/bin/phpunit -c tools/phpunit`
+In order to run the unittests, use `vendor/bin/phpunit`
 
 ## Contributing
 
@@ -26,5 +26,5 @@ Also when introducing a BC breaking change, please update the [UPGRADING.md](UPG
 
 [1]: https://www.simplesamlphp.org
 [2]: https://www.openconext.org
-[3]: https://github.com/simplesamlphp/saml2/wiki/SAML2-v1.0-Technical-Design
-[4]: https://github.com/simplesamlphp/saml2/wiki/Background
+[3]: https://github.com/simplesamlphp/saml2/wiki/Background
+[4]: https://github.com/simplesamlphp/saml2/wiki/SAML2-v1.0-Technical-Design

README.md

@@ -1,10 +1,14 @@
 # SimpleSAMLphp SAML2 library
 
-[![Build Status](https://travis-ci.org/simplesamlphp/saml2.png?branch=feature/fix-build)](https://travis-ci.org/simplesamlphp/saml2) [![Coverage Status](https://img.shields.io/coveralls/simplesamlphp/saml2.svg)](https://coveralls.io/r/simplesamlphp/saml2)
+![CI](https://github.com/simplesamlphp/saml2/actions/workflows/php.yml/badge.svg)
+[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/simplesamlphp/saml2/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/simplesamlphp/saml2/?branch=master)
+[![Coverage Status](https://codecov.io/gh/simplesamlphp/saml2/branch/master/graph/badge.svg)](https://codecov.io/gh/simplesamlphp/saml2)
+[![Type coverage](https://shepherd.dev/github/simplesamlphp/saml2/coverage.svg)](https://shepherd.dev/github/simplesamlphp/saml2)
+[![Psalm Level](https://shepherd.dev/github/simplesamlphp/saml2/level.svg)](https://shepherd.dev/github/simplesamlphp/saml2)
 
-A PHP library for SAML2 related functionality. Extracted from [SimpleSAMLphp](https://www.simplesamlphp.org),
-used by [OpenConext](https://www.openconext.org).
-This library started as a collaboration between [UNINETT](https://www.uninett.no) and [SURFnet](https://www.surfnet.nl) but everyone is invited to contribute.
+A PHP library for SAML2 related functionality.
+
+It is used by several products, most notably [SimpleSAMLphp](https://www.simplesamlphp.org) and [OpenConext](https://www.openconext.org).
 
 ## Before you use it
 
@@ -17,23 +21,25 @@ Note that the **HTTP Artifact Binding and SOAP client do not work** outside of S
 
 ## Which version to pick?
 
-The latest released version (`5.x` range) is the _only supported version_.
+The latest released version (`4.x` range) is the _preferred version_.
+The `3.x branch` is our LTS branch and will be supported as long as supported releases of [SimpleSAMLphp](https://www.simplesamlphp.org) are using this branch.
 
-All other branches (`4.x` and earlier) are no longer supported and will not receive any maintenance or
+All other branches (`3.x` and earlier) are no longer supported and will not receive any maintenance or
 (security) fixes. Do not use these versions.
 
-Also be sure to check the [UPGRADING.md](UPGRADING.md) file if you are upgrading from an older version to `>= 5.x`. Here
+We conform to [Semantic Versioning](https://semver.org/).
+Be sure to check the [UPGRADING.md](UPGRADING.md) file if you are upgrading from an older version. Here
 you will find instructions on how to deal with BC breaking changes between versions.
 
 ## Usage
 
 * Install with [Composer](https://getcomposer.org/doc/00-intro.md), run the following command in your project:
 
 ```bash
-composer require simplesamlphp/saml2:^5.0
+composer require simplesamlphp/saml2:^4.0
 ```
 
-* Provide the required external dependencies by extending and implementing the ```SAML2\Compat\AbstractContainer```
+* Provide the required external dependencies by extending and implementing the ```\SimpleSAML\SAML2\Compat\AbstractContainer```
   then injecting it in the ContainerSingleton (see example below).
 
 * **Make sure you've read the security section below**.
@@ -43,37 +49,32 @@ composer require simplesamlphp/saml2:^5.0
 Example:
 
 ```php
-// Use Composers autoloading
-require 'vendor/autoload.php';
-
-// Implement the Container interface (out of scope for example)
-require 'container.php';
-SimpleSAML\SAML2\Compat\ContainerSingleton::setContainer($container);
-
-// Set up an AuthnRequest
-$id = $container->generateId();
-$issuer = new SimpleSAML\SAML2\XML\saml\Issuer('https://sp.example.edu');
-$destination = 'https://idp.example.edu';
-$request = new SimpleSAML\SAML2\XML\samlp\AuthnRequest(
-    id: $id,
-    issuer: $issuer,
-    destination: $destination,
-);
-
-
-// Send it off using the HTTP-Redirect binding
-$binding = new SimpleSAML\SAML2\HTTPRedirect();
-$binding->send($request);
+    // Use Composers autoloading
+    require 'vendor/autoload.php';
+
+    // Implement the Container interface (out of scope for example)
+    require 'container.php';
+    \SimpleSAML\SAML2\Compat\ContainerSingleton::setContainer($container);
+
+    // Create Issuer
+    $issuer = new \SimpleSAML\SAML2\XML\saml\Issuer('https://sp.example.edu');
+
+    // Instantiate XML Random utils
+    $randomUtils = new \SimpleSAML\XML\Utils\Random();
+
+    // Set up an AuthnRequest
+    $request = new \SimpleSAML\SAML2\XML\samlp\AuthnRequest(
+        $issuer,
+        $randomUtils->generateId(),
+        null,
+        'https://idp.example.edu'
+    );
+
+    // Send it off using the HTTP-Redirect binding
+    $binding = new \SimpleSAML\SAML2\HTTPRedirect();
+    $binding->send($request);
 ```
 
-## Security
-
-* Should you need to create a DOMDocument instance, use the `SimpleSAML\XML\DOMDocumentFactory` to create DOMDocuments from
-  either a string (`SimpleSAML\XML\DOMDocumentFactory::fromString($theXmlAsString)`), a file (`SimpleSAML\XML\DOMDocumentFactory::fromFile($pathToTheFile)`)
-  or just a new instance (`SimpleSAML\XML\DOMDocumentFactory::create()`). This in order to protect yourself against the
-  [XXE Processing Vulnerability](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing), as well as
-  [XML Entity Expansion](https://phpsecurity.readthedocs.org/en/latest/Injection-Attacks.html#defenses-against-xml-entity-expansion) attacks
-
 ## License
 
 This library is licensed under the LGPL license version 2.1.

UPGRADING.md

@@ -2,13 +2,19 @@
 
 ## 4.x to 5.0
 
-### Namespaces have changed
+### Namespace migration
 
-All classes have been renamed from `SAML2\MyClass` to `SimpleSAML\SAML2\MyClass`.
+All the classes had their namespace changed from SAML2 to SimpleSAML\SAML2.
 
-### Bindings now implement PSR-7
+### NameIDPolicy BC breaking change
 
-The bindings now take a PSR-7 request and will respond with a PSR-7 response.
+The NameIDPolicy can no longer be represented as an array, but has to be handled using
+the newly added NameIDPolicy-class.
+
+### StatusResponse BC breaking change
+
+The API of the StatusResponse-class has been slightly changed; getStatus/setStatus will now handle Status-objects
+instead of the previous array
 
 ## 4.0 to 4.1
 
@@ -30,9 +36,9 @@ This problem was fixed in [#120](https://github.com/simplesamlphp/saml2/pull/120
 If you are using the assertion processor as a stand-alone component, then you will have to update your code to reflect this
 change, see: [e6c01fa](https://github.com/simplesamlphp/saml2/commit/e6c01fa9b0e815682e24916f03a84d245480c4a0).
 
-### NameID's and Issuers
+### NameIDs and Issuers
 
-In pre 4.0 releases we allowed both objects and arrays to be used for Issuers and nameID's. We know only support objects.
+In pre 4.0 releases we allowed both objects and arrays to be used for Issuers and nameIDs. We know only support objects.
 If in your code you use something like this:
 
 ```php

codecov.yml

@@ -0,0 +1,18 @@
+---
+
+coverage:
+  status:
+    project:
+      default:
+        target: 0%
+        threshold: 2%
+    patch: false
+comment:
+  layout: "diff"
+  behavior: once
+  require_changes: true
+  require_base: false
+  require_head: true
+  branches: null
+github_checks:
+  annotations: false

phpcs.xml

@@ -7,79 +7,42 @@
     <!-- Use this to exclude paths. You can have multiple patterns -->
     <!--<exclude-pattern>*/tests/*</exclude-pattern>-->
     <!--<exclude-pattern>*/other/*</exclude-pattern>-->
+
     <file>src</file>
     <file>tests</file>
 
     <!-- This is the rule we inherit from. If you want to exlude some specific rules, see the docs on how to do that -->
     <rule ref="PSR12"/>
+    <rule ref="vendor/simplesamlphp/simplesamlphp-test-framework/phpcs-simplesamlphp.xml"/>
 
-    <!-- Ignore files with side effects that we cannot fix -->
-    <rule ref="PSR1.Files.SideEffects">
-        <exclude-pattern>tests/SAML2/XML/md/RoleDescriptorTest.php</exclude-pattern>
+    <rule ref="Generic.PHP.RequireStrictTypes">
+        <exclude-pattern>tests/bin/**</exclude-pattern>
     </rule>
 
-    <rule ref="PSR1.Methods.CamelCapsMethodName"> 
-        <exclude-pattern>tests/SAML2/Assertion/ProcessorTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/NotBeforeTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/NotOnOrAfterTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/SessionNotOnOrAfterTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/SpIsValidAudienceTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationMethodTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotBeforeTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationNotOnOrAfterTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationRecipientMathchesTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationResponseToMatchesTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Certificate/KeyTest.php</exclude-pattern> <exclude-pattern>tests/SAML2/Certificate/KeyLoaderTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Certificate/PrivateKeyLoaderTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Certificate/PrivateKeyTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Certificate/X509Test.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Utilities/ArrayCollectionTest.php</exclude-pattern> 
-        <exclude-pattern>tests/SAML2/Utilities/FileTest.php</exclude-pattern>
+    <rule ref="PSR1.Files.SideEffects">
+        <exclude-pattern>src/_autoload.php</exclude-pattern>
     </rule>
 
     <rule ref="Generic.NamingConventions.UpperCaseConstantName.ConstantNotUpperCase">
-        <exclude-pattern>src/SAML2/Assertion.php</exclude-pattern>
-        <exclude-pattern>src/SAML2/LogoutRequest.php</exclude-pattern>
-        <exclude-pattern>src/SAML2/EncryptedAssertion.php</exclude-pattern>
+        <exclude-pattern>**/Assertion.php</exclude-pattern>
+        <exclude-pattern>**/LogoutRequest.php</exclude-pattern>
+        <exclude-pattern>**/EncryptedAssertion.php</exclude-pattern>
     </rule>
 
     <!-- Lines can be a little bit longer before they break the build -->
     <rule ref="Generic.Files.LineLength">
-        <properties>
-            <property name="lineLimit" value="120"/>
-            <property name="absoluteLineLimit" value="130"/>
-        </properties>
-        <exclude-pattern>tests/SAML2/AssertionTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/Assertion/ProcessorTest.php</exclude-pattern>
+        <exclude-pattern>**/BindingTest.php</exclude-pattern>
+        <exclude-pattern>**/HTTPPostTest.php</exclude-pattern>
+        <exclude-pattern>**/HTTPRedirectTest.php</exclude-pattern>
+        <exclude-pattern>**/SOAPTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/Assertion/Validation/AssertionValidatorTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/AttributeQueryTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/AuthnRequestTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/BindingTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/Certificate/KeyLoaderTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/CertificatesMock.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/HTTPPostTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/HTTPRedirectTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/LogoutRequestTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/ResponseTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/SOAPTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/Utilities/ArrayCollectionTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/UtilsTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/XML/md/AffiliationDescriptorTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/XML/md/ContactPersonTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/XML/md/EndpointTypeTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/XML/md/EntityDescriptorTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/XML/mdattr/EntityAttributesTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/XML/mdui/LogoTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/XML/saml/AssertionTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/XML/saml/AttributeValueTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/XML/saml/AuthnContextTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/XML/saml/EncryptedAssertionTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/XML/saml/EncryptedIDTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/XML/saml/IssuerXMLShowAllTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/XML/saml/NameIDTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/XML/samlp/RequestedAuthnContextTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/XML/samlp/StatusDetailTest.php</exclude-pattern>
         <exclude-pattern>tests/SAML2/XML/shibmd/KeyAuthorityTest.php</exclude-pattern>
-        <exclude-pattern>tests/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationResponseToMatchesTest.php</exclude-pattern>
     </rule>
 </ruleset>

phpstan-baseline-dev.neon

@@ -30,11 +30,6 @@ parameters:
 			count: 3
 			path: tests/SAML2/Assertion/Validation/ConstraintValidator/SpIsValidAudienceTest.php
 
-		-
-			message: "#^Call to an undefined method Mockery\\\\ExpectationInterface\\|Mockery\\\\HigherOrderMessage\\:\\:andReturnNull\\(\\)\\.$#"
-			count: 2
-			path: tests/SAML2/Assertion/Validation/ConstraintValidator/SubjectConfirmationResponseToMatchesTest.php
-
 		-
 			message: "#^Parameter \\#1 \\$response of class SimpleSAML\\\\SAML2\\\\Assertion\\\\Validation\\\\ConstraintValidator\\\\SubjectConfirmationResponseToMatches constructor expects SimpleSAML\\\\SAML2\\\\XML\\\\samlp\\\\Response, Mockery\\\\MockInterface given\\.$#"
 			count: 5
@@ -56,45 +51,20 @@ parameters:
 			path: tests/SAML2/Certificate/KeyCollectionTest.php
 
 		-
-			message: "#^Call to an undefined method Mockery\\\\ExpectationInterface\\|Mockery\\\\HigherOrderMessage\\:\\:atMost\\(\\)\\.$#"
-			count: 2
-			path: tests/SAML2/Certificate/KeyLoaderTest.php
-
-		-
-			message: "#^Call to an undefined method Mockery\\\\ExpectationInterface\\|Mockery\\\\HigherOrderMessage\\:\\:once\\(\\)\\.$#"
-			count: 1
+			message: "#^Call to an undefined method Mockery\\\\Expectation\\:\\:shouldReceive\\(\\)\\.$#"
+			count: 3
 			path: tests/SAML2/Certificate/KeyLoaderTest.php
 
 		-
 			message: "#^Parameter \\#1 \\$config of method SimpleSAML\\\\SAML2\\\\Certificate\\\\KeyLoader\\:\\:loadKeysFromConfiguration\\(\\) expects SimpleSAML\\\\SAML2\\\\Configuration\\\\CertificateProvider, Mockery\\\\MockInterface given\\.$#"
 			count: 3
 			path: tests/SAML2/Certificate/KeyLoaderTest.php
 
-		-
-			message: "#^Call to an undefined method Mockery\\\\ExpectationInterface\\|Mockery\\\\HigherOrderMessage\\:\\:once\\(\\)\\.$#"
-			count: 8
-			path: tests/SAML2/Response/SignatureValidationTest.php
-
-		-
-			message: "#^Call to method shouldReceive\\(\\) on an unknown class alias\\:SimpleSAML\\\\SAML2\\\\Assertion\\\\ProcessorBuilder\\.$#"
-			count: 1
-			path: tests/SAML2/Response/SignatureValidationTest.php
-
-		-
-			message: "#^Call to an undefined method Mockery\\\\ExpectationInterface\\|Mockery\\\\HigherOrderMessage\\:\\:once\\(\\)\\.$#"
-			count: 2
-			path: tests/SAML2/Response/Validation/ConstraintValidator/DestinationMatchesTest.php
-
 		-
 			message: "#^Parameter \\#1 \\$response of method SimpleSAML\\\\SAML2\\\\Response\\\\Validation\\\\ConstraintValidator\\\\DestinationMatches\\:\\:validate\\(\\) expects SimpleSAML\\\\SAML2\\\\XML\\\\samlp\\\\Response, Mockery\\\\MockInterface given\\.$#"
 			count: 2
 			path: tests/SAML2/Response/Validation/ConstraintValidator/DestinationMatchesTest.php
 
-		-
-			message: "#^Call to an undefined method Mockery\\\\ExpectationInterface\\|Mockery\\\\HigherOrderMessage\\:\\:once\\(\\)\\.$#"
-			count: 3
-			path: tests/SAML2/Response/Validation/ConstraintValidator/IsSuccessfulTest.php
-
 		-
 			message: "#^Parameter \\#1 \\$response of method SimpleSAML\\\\SAML2\\\\Response\\\\Validation\\\\ConstraintValidator\\\\IsSuccessful\\:\\:validate\\(\\) expects SimpleSAML\\\\SAML2\\\\XML\\\\samlp\\\\Response, Mockery\\\\MockInterface given\\.$#"
 			count: 2