github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-11-29 04:10:09 +08:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Prevented saml2 autodiscovery on metadata load

Browse Source 
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
This commit is contained in:
Dan Brown 2022-10-16 09:50:08 +01:00
parent 0269f5122e
commit f0ac454be1
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
2 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/Auth/Access/Saml2Service.php
View File

@ -20,14 +20,11 @@ use OneLogin\Saml2\ValidationError;
*/ */
class Saml2Service class Saml2Service
{ {
protected $config; protected array $config;
protected $registrationService; protected RegistrationService $registrationService;
protected $loginService; protected LoginService $loginService;
protected $groupSyncService; protected GroupSyncService $groupSyncService;
/**
* Saml2Service constructor.
*/
public function __construct( public function __construct(
RegistrationService $registrationService, RegistrationService $registrationService,
LoginService $loginService, LoginService $loginService,
@ -169,7 +166,7 @@ class Saml2Service
*/ */
public function metadata(): string public function metadata(): string
{ {
$toolKit = $this->getToolkit(); $toolKit = $this->getToolkit(true);
$settings = $toolKit->getSettings(); $settings = $toolKit->getSettings();
$metadata = $settings->getSPMetadata(); $metadata = $settings->getSPMetadata();
$errors = $settings->validateMetadata($metadata); $errors = $settings->validateMetadata($metadata);
@ -190,7 +187,7 @@ class Saml2Service
* @throws Error * @throws Error
* @throws Exception * @throws Exception
*/ */
protected function getToolkit(): Auth protected function getToolkit(bool $spOnly = false): Auth
{ {
$settings = $this->config['onelogin']; $settings = $this->config['onelogin'];
$overrides = $this->config['onelogin_overrides'] ?? []; $overrides = $this->config['onelogin_overrides'] ?? [];
@ -200,14 +197,14 @@ class Saml2Service
} }
$metaDataSettings = []; $metaDataSettings = [];
if ($this->config['autoload_from_metadata']) { if (!$spOnly && $this->config['autoload_from_metadata']) {
$metaDataSettings = IdPMetadataParser::parseRemoteXML($settings['idp']['entityId']); $metaDataSettings = IdPMetadataParser::parseRemoteXML($settings['idp']['entityId']);
} }
$spSettings = $this->loadOneloginServiceProviderDetails(); $spSettings = $this->loadOneloginServiceProviderDetails();
$settings = array_replace_recursive($settings, $spSettings, $metaDataSettings, $overrides); $settings = array_replace_recursive($settings, $spSettings, $metaDataSettings, $overrides);
return new Auth($settings); return new Auth($settings, $spOnly);
} }
/** /**

14
tests/Auth/Saml2Test.php
View File

@ -41,6 +41,20 @@ class Saml2Test extends TestCase
$req->assertSee(url('/saml2/acs')); $req->assertSee(url('/saml2/acs'));
} }
public function test_metadata_endpoint_loads_when_autoloading_with_bad_url_set()
{
config()->set([
'saml2.autoload_from_metadata' => true,
'saml2.onelogin.idp.entityId' => 'http://192.168.1.1:9292',
'saml2.onelogin.idp.singleSignOnService.url' => null,
]);
$req = $this->get('/saml2/metadata');
$req->assertOk();
$req->assertHeader('Content-Type', 'text/xml; charset=UTF-8');
$req->assertSee('md:EntityDescriptor');
}
public function test_onelogin_overrides_functions_as_expected() public function test_onelogin_overrides_functions_as_expected()
{ {
$json = '{"sp": {"assertionConsumerService": {"url": "https://example.com/super-cats"}}, "contactPerson": {"technical": {"givenName": "Barry Scott", "emailAddress": "barry@example.com"}}}'; $json = '{"sp": {"assertionConsumerService": {"url": "https://example.com/super-cats"}}, "contactPerson": {"technical": {"givenName": "Barry Scott", "emailAddress": "barry@example.com"}}}';