First commit

Author: sgomez

.gitignore

@@ -0,0 +1,3 @@
+/build/
+composer.lock
+/vendor/

.php_cs.dist

@@ -0,0 +1,36 @@
+<?php
+
+$fileHeaderComment = <<<COMMENT
+This file is part of the simplesamlphp-module-authchain.
+
+Copyright (C) 2018 by Sergio Gómez <sergio@uco.es>
+
+This code was developed by Universidad de Córdoba (UCO https://www.uco.es)
+
+For the full copyright and license information, please view the LICENSE
+file that was distributed with this source code.
+COMMENT;
+$finder = PhpCsFixer\Finder::create()
+    ->in(__DIR__)
+;
+return PhpCsFixer\Config::create()
+    ->setRiskyAllowed(true)
+    ->setRules([
+        '@Symfony' => true,
+        '@Symfony:risky' => true,
+        'array_syntax' => ['syntax' => 'short'],
+        'header_comment' => ['header' => $fileHeaderComment, 'separate' => 'both'],
+        'linebreak_after_opening_tag' => true,
+        'mb_str_functions' => true,
+        'no_php4_constructor' => true,
+        'no_unreachable_default_argument_value' => true,
+        'no_useless_else' => true,
+        'no_useless_return' => true,
+        'ordered_imports' => true,
+        'phpdoc_order' => true,
+        'semicolon_after_instruction' => true,
+        'strict_comparison' => true,
+        'strict_param' => true,
+    ])
+    ->setFinder($finder)
+;

LICENSE

@@ -0,0 +1,24 @@
+
+The MIT License (MIT)
+
+Copyright (C) 2018 by Sergio Gómez <sergio@uco.es>
+
+This code was developed by Universidad de Córdoba (UCO https://www.uco.es)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,34 @@
+# SimpleSAMLphp Module UCOFilter
+
+This module try to identify an user with multiple AuthSources in chain. 
+
+## Requirements
+
+* PHP>=5.5
+
+## Installation
+
+Installation can be as easy as executing:
+
+```bash
+bash$ composer require informaticauco/simplesamlphp-module-authchain
+```
+
+## Usage
+
+Edit `config/authsources.php` and add the next _authsource_:
+
+```php
+<?php
+
+use SimpleSAML\Modules\AuthChain\Auth\Source\AuthChain;
+
+$config['as1'] = [/*...*/];
+$config['as2'] = [/*...*/];
+
+$config['chained'] = [AuthChain::class,
+    'sources' => ['as1', 'as2'],
+];
+```
+    
+_AuthSources_ defined in sources section must support `array function login(string $username, string $password)` method or will be ignored. The first AuthSource to identify the user will be used.

composer.json

@@ -0,0 +1,37 @@
+{
+    "name": "informaticauco/simplesamlphp-module-authchain",
+    "description": "AuthSource Chain Authentication",
+    "type": "simplesamlphp-module",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Sergio Gómez",
+            "email": "sergio@uco.es"
+        }
+    ],
+    "autoload": {
+        "psr-4": {
+            "SimpleSAML\\Modules\\AuthChain\\": "lib"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Tests\\SimpleSAML\\Modules\\AuthChain\\": "tests/"
+        }
+    },
+    "require": {
+        "php": ">=5.5.9",
+        "simplesamlphp/composer-module-installer": "^1.0"
+    },
+    "require-dev": {
+        "simplesamlphp/simplesamlphp": "^1.15",
+        "phpunit/phpunit": "^7.4",
+        "friendsofphp/php-cs-fixer": "^2.13",
+        "roave/security-advisories": "dev-master"
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "1.0.x-dev"
+        }
+    }
+}

lib/Auth/Source/AuthChain.php

@@ -0,0 +1,74 @@
+<?php
+
+/*
+ * This file is part of the simplesamlphp-module-authchain.
+ *
+ * Copyright (C) 2018 by Sergio Gómez <sergio@uco.es>
+ *
+ * This code was developed by Universidad de Córdoba (UCO https://www.uco.es)
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace SimpleSAML\Modules\AuthChain\Auth\Source;
+
+use Webmozart\Assert\Assert;
+
+class AuthChain extends \sspmod_core_Auth_UserPassBase
+{
+    /**
+     * @var array
+     */
+    private $sources;
+
+    public function __construct(array $info, array $config)
+    {
+        parent::__construct($info, $config);
+
+        if (!array_key_exists('sources', $config)) {
+            throw new \SimpleSAML_Error_Exception('The required "sources" config option was not found');
+        }
+
+        $this->sources = $config['sources'];
+    }
+
+    protected function login($username, $password)
+    {
+        Assert::string($username, 'username must be a string');
+        Assert::string($password, 'password must be a string');
+
+        $lastError = false;
+
+        foreach ($this->sources as $authId) {
+            $as = \SimpleSAML_Auth_Source::getById($authId);
+
+            if (null === $as) {
+                throw new \SimpleSAML_Error_Exception("Invalid authentication source: $authId");
+            }
+
+            if (!method_exists($as, 'login')) {
+                \SimpleSAML\Logger::error('Could not use {$authId}, trying next');
+                continue;
+            }
+
+            try {
+                return $as->login($username, $password);
+            } catch (\SimpleSAML_Error_AuthSource $e) {
+                \SimpleSAML\Logger::error("Could not connect to {$authId}, trying next");
+            } catch (\SimpleSAML_Error_Error $e) {
+                if ('WRONGUSERPASS' === $e->getErrorCode()) {
+                    \SimpleSAML\Logger::debug('Failed one source, trying next');
+                } else {
+                    $lastError = $e;
+                }
+            }
+        }
+
+        if ($lastError) {
+            throw $lastError;
+        }
+
+        throw new \SimpleSAML_Error_Error('WRONGUSERPASS');
+    }
+}

phpunit.xml.dist

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ This file is part of the simplesamlphp-module-oidc
+  ~
+  ~ (c) Sergio Gómez <sergio@uco.es>
+  ~
+  ~ For the full copyright and license information, please view the LICENSE
+  ~ file that was distributed with this source code.
+  -->
+
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/7.4/phpunit.xsd"
+         backupGlobals="false"
+         colors="true"
+         bootstrap="vendor/autoload.php"
+         failOnRisky="true"
+         failOnWarning="true"
+>
+    <php>
+        <ini name="error_reporting" value="-1" />
+    </php>
+
+    <testsuites>
+        <testsuite name="AuthChain SimpleSAMLphp Module Test Suite">
+            <directory>./tests/</directory>
+        </testsuite>
+    </testsuites>
+
+    <filter>
+        <whitelist>
+            <directory>./lib</directory>
+        </whitelist>
+    </filter>
+
+    <logging>
+        <log type="coverage-php" target="build/cov/phpunit.cov"/>
+    </logging>
+</phpunit>

tests/Auth/Source/AuthChainTest.php

@@ -0,0 +1,84 @@
+<?php
+
+/*
+ * This file is part of the simplesamlphp-module-authchain.
+ *
+ * Copyright (C) 2018 by Sergio Gómez <sergio@uco.es>
+ *
+ * This code was developed by Universidad de Córdoba (UCO https://www.uco.es)
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Tests\SimpleSAML\Modules\AuthChain\Auth\Source;
+
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\Modules\AuthChain\Auth\Source\AuthChain;
+
+class AuthChainTest extends TestCase
+{
+    /**
+     * @test
+     */
+    public function it_does_chained_login()
+    {
+        \SimpleSAML_Configuration::setConfigDir(__DIR__.'/../../fixtures/config');
+
+        $authChain = new AuthChain([
+            'AuthId' => 'chained',
+        ], [
+            'sources' => ['dummy-as', 'success-as'],
+        ]);
+
+        $login = function ($username, $password) {
+            return $this->login($username, $password);
+        };
+        $bindedAuthChain = $login->bindTo($authChain, $authChain);
+
+        $this->assertArraySubset(['uid' => ['username']], $bindedAuthChain('username', 'password'));
+    }
+
+    /**
+     * @test
+     */
+    public function it_tries_all_auth_sources()
+    {
+        \SimpleSAML_Configuration::setConfigDir(__DIR__.'/../../fixtures/config');
+
+        $authChain = new AuthChain([
+            'AuthId' => 'chained',
+        ], [
+            'sources' => ['failure-as', 'success-as'],
+        ]);
+
+        $login = function ($username, $password) {
+            return $this->login($username, $password);
+        };
+        $bindedAuthChain = $login->bindTo($authChain, $authChain);
+
+        $this->assertArraySubset(['uid' => ['username']], $bindedAuthChain('username', 'password'));
+    }
+
+    /**
+     * @test
+     * @expectedException \SimpleSAML_Error_Error
+     * @expectedExceptionMessage WRONGUSERPASS
+     */
+    public function it_launch_exception_if_all_auth_sources_fail()
+    {
+        \SimpleSAML_Configuration::setConfigDir(__DIR__.'/../../fixtures/config');
+
+        $authChain = new AuthChain([
+            'AuthId' => 'chained',
+        ], [
+            'sources' => ['failure-as', 'failure-as'],
+        ]);
+
+        $login = function ($username, $password) {
+            return $this->login($username, $password);
+        };
+        $bindedAuthChain = $login->bindTo($authChain, $authChain);
+        $bindedAuthChain('username', 'password');
+    }
+}

tests/fixtures/Source/DummyAuthSource.php

@@ -0,0 +1,21 @@
+<?php
+
+/*
+ * This file is part of the simplesamlphp-module-authchain.
+ *
+ * Copyright (C) 2018 by Sergio Gómez <sergio@uco.es>
+ *
+ * This code was developed by Universidad de Córdoba (UCO https://www.uco.es)
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Tests\SimpleSAML\Modules\AuthChain\fixtures\Source;
+
+class DummyAuthSource extends \SimpleSAML_Auth_Source
+{
+    public function authenticate(&$state)
+    {
+    }
+}

tests/fixtures/Source/FailureAuthSource.php

@@ -0,0 +1,22 @@
+<?php
+
+/*
+ * This file is part of the simplesamlphp-module-authchain.
+ *
+ * Copyright (C) 2018 by Sergio Gómez <sergio@uco.es>
+ *
+ * This code was developed by Universidad de Córdoba (UCO https://www.uco.es)
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Tests\SimpleSAML\Modules\AuthChain\fixtures\Source;
+
+class FailureAuthSource extends \sspmod_core_Auth_UserPassBase
+{
+    protected function login($username, $password)
+    {
+        throw new \SimpleSAML_Error_Error('WRONGUSERPASS');
+    }
+}