Changes to project structure and code cleanup

.editorconfig

@@ -0,0 +1,16 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.yml]
+indent_style = space
+indent_size = 2

.travis.yml

@@ -1,13 +1,31 @@
 language: php
 
-php:
-  - 5.4
-  - 5.5
-  - 5.6
+env:
+  global:
+    - setup=stable
 
+matrix:
+  fast_finish: true
+  include:
+    - php: 7.1
+    - php: 7.1
+      env: setup=lowest
+    - php: 7.2
+    - php: 7.2
+      env: setup=lowest
 
-before_script:
+sudo: false
+
+cache:
+  directories:
+    - $HOME/.composer/cache
+
+before_install:
+  - phpenv config-rm xdebug.ini || true
   - travis_retry composer self-update
-  - travis_retry composer install --prefer-source --no-interaction --dev
 
-script: phpunit
+install:
+  - if [[ $setup = 'stable' ]]; then travis_retry composer update --prefer-dist --no-interaction --prefer-stable --no-suggest; fi
+  - if [[ $setup = 'lowest' ]]; then travis_retry composer update --prefer-dist --no-interaction --prefer-lowest --prefer-stable --no-suggest; fi
+
+script: vendor/bin/phpunit

README.md

@@ -33,25 +33,13 @@ For older versions of Laravel (<5.5), you have to add the service provider and a
 ]
 ```
 
-Then publish the config file with `php artisan vendor:publish`. This will add the file `app/config/saml2_settings.php`. This config is handled almost directly by  [OneLogin](https://github.com/onelogin/php-saml) so you may get further references there, but will cover here what's really necessary. There are some other config about routes you may want to check, they are pretty straightforward.
+Then publish the config file with `php artisan vendor:publish`. This will add the file `app/config/saml2.php`. This config is handled almost directly by  [OneLogin](https://github.com/onelogin/php-saml) so you may get further references there, but will cover here what's really necessary. There are some other config about routes you may want to check, they are pretty straightforward.
 
 ### Configuration
 
-Once you publish your saml2_settings.php to your own files, you need to configure your sp and IDP (remote server). The only real difference between this config and the one that OneLogin uses, is that the SP entityId, assertionConsumerService url and singleLogoutService URL are injected by the library. They are taken from routes 'saml_metadata', 'saml_acs' and 'saml_sls' respectively.
-
-Remember that you don't need to implement those routes, but you'll need to add them to your IDP configuration. For example, if you use simplesamlphp, add the following to /metadata/sp-remote.php
-
-```php
-$metadata['http://laravel_url/saml2/metadata'] = array(
-    'AssertionConsumerService' => 'http://laravel_url/saml2/acs',
-    'SingleLogoutService' => 'http://laravel_url/saml2/sls',
-    //the following two affect what the $Saml2user->getUserId() will return
-    'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
-    'simplesaml.nameidattribute' => 'uid' 
-);
-```
-You can check that metadata if you actually navigate to 'http://laravel_url/saml2/metadata'
+Once you publish your saml2.php to your own files, you need to configure your sp and IDP (remote server). The only real difference between this config and the one that OneLogin uses, is that the SP entityId, assertionConsumerService url and singleLogoutService URL are injected by the library. They are taken from routes 'saml_metadata', 'saml_acs' and 'saml_sls' respectively.
 
+Remember that you don't need to implement those routes, but you'll need to add them to your IDP configuration.
 
 ### Usage
 

composer.json

@@ -12,19 +12,25 @@
         }
     ],
     "require": {
-        "php": ">=5.4.0",
+        "php": "^7.1.3",
         "ext-openssl": "*",
-        "illuminate/support": ">=5.0.0",
+        "illuminate/support": "~5.6",
         "onelogin/php-saml": "3.0.0.x-dev"
     },
     "require-dev": {
-        "mockery/mockery": "0.9.*"
+        "mockery/mockery": "~1.0",
+        "phpunit/phpunit": "~7.0"
     },
     "autoload": {
-        "psr-0": {
+        "psr-4": {
             "Aacotroneo\\Saml2\\": "src/"
         }
     },
+    "autoload-dev": {
+        "psr-4": {
+            "Tests\\": "tests/"
+        }
+    },
     "extra": {
         "laravel": {
             "providers": [
@@ -35,12 +41,6 @@
             }
         }
     },
-    "repositories": [
-        {
-            "type": "vcs",
-            "url": "https://github.com/onelogin/php-saml"
-        }
-    ],
     "minimum-stability": "dev",
     "prefer-stable": true
 }

src/config/saml2_settings.php → config/saml2.php

@@ -1,31 +1,9 @@
 <?php
 
-//This is variable is an example - Just make sure that the urls in the 'idp' config are ok.
-$idp_host = env('SAML2_IDP_HOST', 'http://localhost:8000/simplesaml');
-
-return $settings = array(
-
-    /**
-     * If 'useRoutes' is set to true, the package defines five new routes:
-     *
-     *    Method | URI                      | Name
-     *    -------|--------------------------|------------------
-     *    POST   | {routesPrefix}/acs       | saml_acs
-     *    GET    | {routesPrefix}/login     | saml_login
-     *    GET    | {routesPrefix}/logout    | saml_logout
-     *    GET    | {routesPrefix}/metadata  | saml_metadata
-     *    GET    | {routesPrefix}/sls       | saml_sls
-     */
-    'useRoutes' => true,
-
-    'routesPrefix' => '/saml2',
-
-    /**
-     * which middleware group to use for the saml routes
-     * Laravel 5.2 will need a group which includes StartSession
-     */
-    'routesMiddleware' => [],
+// TODO: this seems questionable at best...
+$idp_host = env('SAML2_IDP_HOST');
 
+return [
     /**
      * Indicates how the parameters will be
      * retrieved from the sls request for signature validation
@@ -42,21 +20,17 @@
      */
     'loginRoute' => '/',
 
-
     /**
      * Where to redirect after login if no other option was provided
      */
     'errorRoute' => '/',
 
-
-
-
-    /*****
-     * One Login Settings
+    /**
+     *
+     *  OneLogin settings
+     *
      */
 
-
-
     // If 'strict' is True, then the PHP Toolkit will reject unsigned
     // or unencrypted messages if it expects them signed or encrypted
     // Also will reject the messages if not strictly follow the SAML
@@ -73,77 +47,45 @@
     'proxyVars' => false,
 
     // Service Provider Data that we are deploying
-    'sp' => array(
-
+    'sp' => [
         // Specifies constraints on the name identifier to be used to
         // represent the requested subject.
         // Take a look on lib/Saml2/Constants.php to see the NameIdFormat supported
         'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
 
         // Usually x509cert and privateKey of the SP are provided by files placed at
         // the certs folder. But we can also provide them with the following parameters
-        'x509cert' => env('SAML2_SP_x509',''),
-        'privateKey' => env('SAML2_SP_PRIVATEKEY',''),
-
-        // Identifier (URI) of the SP entity.
-        // Leave blank to use the 'saml_metadata' route.
-        'entityId' => env('SAML2_SP_ENTITYID',''),
-
-        // Specifies info about where and how the <AuthnResponse> message MUST be
-        // returned to the requester, in this case our SP.
-        'assertionConsumerService' => array(
-            // URL Location where the <Response> from the IdP will be returned,
-            // using HTTP-POST binding.
-            // Leave blank to use the 'saml_acs' route
-            'url' => '',
-        ),
-        // Specifies info about where and how the <Logout Response> message MUST be
-        // returned to the requester, in this case our SP.
-        // Remove this part to not include any URL Location in the metadata.
-        'singleLogoutService' => array(
-            // URL Location where the <Response> from the IdP will be returned,
-            // using HTTP-Redirect binding.
-            // Leave blank to use the 'saml_sls' route
-            'url' => '',
-        ),
-    ),
+        'x509cert' => env('SAML2_SP_x509'),
+
+        'privateKey' => env('SAML2_SP_PRIVATEKEY'),
+    ],
 
     // Identity Provider Data that we want connect with our SP
-    'idp' => array(
+    'idp' => [
         // Identifier of the IdP entity  (must be a URI)
         'entityId' => env('SAML2_IDP_ENTITYID', $idp_host . '/saml2/idp/metadata.php'),
         // SSO endpoint info of the IdP. (Authentication Request protocol)
-        'singleSignOnService' => array(
+        'singleSignOnService' => [
             // URL Target of the IdP where the SP will send the Authentication Request Message,
             // using HTTP-Redirect binding.
-            'url' => $idp_host . '/saml2/idp/SSOService.php',
-        ),
+            'url' => env('SAML2_IDP_SSO', $idp_host . '/saml2/idp/SSOService.php'),
+        ],
         // SLO endpoint info of the IdP.
-        'singleLogoutService' => array(
+        'singleLogoutService' => [
             // URL Location of the IdP where the SP will send the SLO Request,
             // using HTTP-Redirect binding.
-            'url' => $idp_host . '/saml2/idp/SingleLogoutService.php',
-        ),
+            'url' => env('SAML2_IDP_SLO', $idp_host . '/saml2/idp/SingleLogoutService.php'),
+        ],
         // Public x509 certificate of the IdP
-        'x509cert' => env('SAML2_IDP_x509', 'MIID/TCCAuWgAwIBAgIJAI4R3WyjjmB1MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJBUjEVMBMGA1UECAwMQnVlbm9zIEFpcmVzMRUwEwYDVQQHDAxCdWVub3MgQWlyZXMxDDAKBgNVBAoMA1NJVTERMA8GA1UECwwIU2lzdGVtYXMxFDASBgNVBAMMC09yZy5TaXUuQ29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbmlAc2l1LmVkdS5hcjAeFw0xNDEyMDExNDM2MjVaFw0yNDExMzAxNDM2MjVaMIGUMQswCQYDVQQGEwJBUjEVMBMGA1UECAwMQnVlbm9zIEFpcmVzMRUwEwYDVQQHDAxCdWVub3MgQWlyZXMxDDAKBgNVBAoMA1NJVTERMA8GA1UECwwIU2lzdGVtYXMxFDASBgNVBAMMC09yZy5TaXUuQ29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbmlAc2l1LmVkdS5hcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbzW/EpEv+qqZzfT1Buwjg9nnNNVrxkCfuR9fQiQw2tSouS5X37W5h7RmchRt54wsm046PDKtbSz1NpZT2GkmHN37yALW2lY7MyVUC7itv9vDAUsFr0EfKIdCKgxCKjrzkZ5ImbNvjxf7eA77PPGJnQ/UwXY7W+cvLkirp0K5uWpDk+nac5W0JXOCFR1BpPUJRbz2jFIEHyChRt7nsJZH6ejzNqK9lABEC76htNy1Ll/D3tUoPaqo8VlKW3N3MZE0DB9O7g65DmZIIlFqkaMH3ALd8adodJtOvqfDU/A6SxuwMfwDYPjoucykGDu1etRZ7dF2gd+W+1Pn7yizPT1q8CAwEAAaNQME4wHQYDVR0OBBYEFPsn8tUHN8XXf23ig5Qro3beP8BuMB8GA1UdIwQYMBaAFPsn8tUHN8XXf23ig5Qro3beP8BuMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGu60odWFiK+DkQekozGnlpNBQz5lQ/bwmOWdktnQj6HYXu43e7sh9oZWArLYHEOyMUekKQAxOK51vbTHzzw66BZU91/nqvaOBfkJyZKGfluHbD0/hfOl/D5kONqI9kyTu4wkLQcYGyuIi75CJs15uA03FSuULQdY/Liv+czS/XYDyvtSLnu43VuAQWN321PQNhuGueIaLJANb2C5qq5ilTBUw6PxY9Z+vtMjAjTJGKEkE/tQs7CvzLPKXX3KTD9lIILmX5yUC3dLgjVKi1KGDqNApYGOMtjr5eoxPQrqDBmyx3flcy0dQTdLXud3UjWVW3N0PYgJtw5yBsS74QTGD4='),
-        /*
-         *  Instead of use the whole x509cert you can use a fingerprint
-         *  (openssl x509 -noout -fingerprint -in "idp.crt" to generate it)
-         */
-        // 'certFingerprint' => '',
-    ),
-
-
+        'x509cert' => env('SAML2_IDP_x509'),
+    ],
 
-    /***
+    /**
      *
      *  OneLogin advanced settings
      *
-     *
      */
-    // Security settings
-    'security' => array(
-
+    'security' => [
         /** signatures and encryptions offered */
 
         // Indicates that the nameID of the <samlp:logoutRequest> sent by this SP
@@ -170,7 +112,6 @@
         */
         'signMetadata' => false,
 
-
         /** signatures and encryptions required **/
 
         // Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and
@@ -190,36 +131,26 @@
         // Set true or don't present thi parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
         // Set an array with the possible auth context values: array ('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509'),
         'requestedAuthnContext' => true,
-    ),
+    ],
 
     // Contact information template, it is recommended to suply a technical and support contacts
-    'contactPerson' => array(
-        'technical' => array(
+    'contactPerson' => [
+        'technical' => [
             'givenName' => 'name',
-            'emailAddress' => '[email protected]'
-        ),
-        'support' => array(
+            'emailAddress' => '[email protected]',
+        ],
+        'support' => [
             'givenName' => 'Support',
-            'emailAddress' => '[email protected]'
-        ),
-    ),
+            'emailAddress' => '[email protected]',
+        ],
+    ],
 
     // Organization information template, the info in en_US lang is recomended, add more if required
-    'organization' => array(
-        'en-US' => array(
+    'organization' => [
+        'en-US' => [
             'name' => 'Name',
             'displayname' => 'Display Name',
-            'url' => 'http://url'
-        ),
-    ),
-
-/* Interoperable SAML 2.0 Web Browser SSO Profile [saml2int]   http://saml2int.org/profile/current
-
-   'authnRequestsSigned' => false,    // SP SHOULD NOT sign the <samlp:AuthnRequest>,
-                                      // MUST NOT assume that the IdP validates the sign
-   'wantAssertionsSigned' => true,
-   'wantAssertionsEncrypted' => true, // MUST be enabled if SSL/HTTPs is disabled
-   'wantNameIdEncrypted' => false,
-*/
-
-);
+            'url' => 'http://url',
+        ],
+    ],
+];

phpunit.xml

@@ -7,12 +7,15 @@
          convertNoticesToExceptions="true"
          convertWarningsToExceptions="true"
          processIsolation="false"
-         stopOnFailure="false"
-         syntaxCheck="false"
->
+         stopOnFailure="false">
     <testsuites>
-        <testsuite name="Package Test Suite">
-            <directory suffix=".php">./tests/</directory>
+        <testsuite name="Package Tests">
+            <directory suffix="Test.php">./tests</directory>
         </testsuite>
     </testsuites>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">./src</directory>
+        </whitelist>
+    </filter>
 </phpunit>

routes/web.php

@@ -0,0 +1,9 @@
+<?php
+
+use Illuminate\Support\Facades\Route;
+
+Route::get('/logout', 'Saml2Controller@logout')->name('saml2.logout');
+Route::get('/login', 'Saml2Controller@login')->name('saml2.login');
+Route::get('/metadata', 'Saml2Controller@metadata')->name('saml2.metadata');
+Route::post('/acs', 'Saml2Controller@acs')->name('saml2.acs');
+Route::get('/sls', 'Saml2Controller@sls')->name('saml2.sls');