├── .editorconfig ├── .github └── ISSUE_TEMPLATE │ └── bug_report.md ├── .gitignore ├── .lando.env ├── .lando.yml ├── .travis.yml ├── CHANGELOG ├── LICENSE.md ├── README.md ├── composer.json ├── phpcs.xml ├── phpunit.xml ├── public └── resume.php ├── scripts ├── phpunit.sh ├── style-fix.sh └── style-lint.sh ├── src ├── Auth │ └── Source │ │ ├── External.php │ │ └── UserPass.php ├── ConfigHelper.php └── DrupalHelper.php └── tests ├── DrupalHelperTest.php ├── Field.php ├── FieldList.php ├── FieldListTest.php ├── FieldTest.php ├── PropertyDefinition.php ├── PropertyDefinitionTest.php ├── User.php └── UserTest.php /.editorconfig: -------------------------------------------------------------------------------- 1 | # Editor configuration normalization 2 | # @see http://editorconfig.org/ 3 | 4 | # This is the top-most .editorconfig file; do not search in parent directories. 5 | root = true 6 | 7 | # All files. 8 | [*] 9 | end_of_line = LF 10 | indent_style = space 11 | indent_size = 4 12 | charset = utf-8 13 | trim_trailing_whitespace = true 14 | insert_final_newline = true 15 | 16 | [{*.yml,*yaml}] 17 | indent_size = 2 18 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Please complete the following information:** 27 | 28 | - PHP version in use 29 | - Drupal core version 30 | - SimpleSAMLphp version 31 | - webserver version and configuration 32 | - drupalauth/simplesamlphp-module-drupalauth version 33 | - authentication source plugin used 34 | - drupalauth4ssp module version, if used 35 | 36 | **Additional context** 37 | Add any other context about the problem here. 38 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | composer.phar 2 | /vendor/ 3 | composer.lock 4 | .bash_history 5 | /.phpunit.result.cache 6 | -------------------------------------------------------------------------------- /.lando.env: -------------------------------------------------------------------------------- 1 | # Lando specific - uses user home directory to store Composer cache and other stuff 2 | # Helps to re-use Composer cache between projects. 3 | COMPOSER_HOME=/user/.composer 4 | # https://xdebug.org/docs/step_debug 5 | # https://xdebug.org/docs/step_debug#client_host 6 | # https://docs.lando.dev/config/php.html#configuration 7 | PHP_IDE_CONFIG=serverName=drupalauth.lndo.site 8 | # Ignore commands starting with space and duplicates. 9 | HISTCONTROL=ignoreboth 10 | HOME=/app 11 | -------------------------------------------------------------------------------- /.lando.yml: -------------------------------------------------------------------------------- 1 | name: drupalauth 2 | 3 | services: 4 | php80: 5 | type: php:8.0 6 | via: cli 7 | xdebug: "off" 8 | composer_version: 2 9 | php81: 10 | type: php:8.1 11 | via: cli 12 | xdebug: "off" 13 | composer_version: 2 14 | php82: 15 | type: php:8.2 16 | via: cli 17 | xdebug: "off" 18 | composer_version: 2 19 | 20 | 21 | 22 | 23 | env_file: 24 | - .lando.env 25 | 26 | tooling: 27 | style-lint: 28 | cmd: ./scripts/style-lint.sh 29 | service: :service 30 | options: 31 | service: 32 | default: php80 33 | describe: Run phpcs in different service 34 | alias: 35 | - s 36 | style-fix: 37 | cmd: ./scripts/style-fix.sh 38 | service: :service 39 | options: 40 | service: 41 | default: php80 42 | describe: Run phpcs in different service 43 | alias: 44 | - s 45 | phpunit: 46 | cmd: ./scripts/phpunit.sh 47 | service: :service 48 | options: 49 | service: 50 | default: php80 51 | describe: Run phpunit in different service 52 | alias: 53 | - s 54 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | os: linux 2 | language: php 3 | jobs: 4 | include: 5 | - php: '8.0' 6 | dist: focal 7 | - php: '8.1' 8 | dist: jammy 9 | - php: '8.2' 10 | dist: jammy 11 | - php: '8.3' 12 | dist: jammy 13 | 14 | before_script: composer install 15 | script: 16 | - ./vendor/bin/phpcs 17 | - ./vendor/bin/phpunit 18 | -------------------------------------------------------------------------------- /CHANGELOG: -------------------------------------------------------------------------------- 1 | 20131210 Steve Moitozo 2 | 3 | Resolved security issue (defect #9 - identified by alanabarrett0). 4 | 5 | Expanded the use of the salted hash to ensure that an attacker cannot change the uid of the authenticated Drupal user by manipulating the value of a cookie. 6 | 7 | Modified files: 8 | drupal_module/drupalauth4ssp/drupalauth4ssp.module - concatenate uid with salt before hashing 9 | lib/Auth/Source/External.php - concatenate uid with salt before hashing and minor adjustments 10 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | drupalauth is a SimpleSAMLphp module that provides an Authentication 2 | Source for authenticating users against a local Drupal site. 3 | 4 | Copyright 2011-2012 SIL International http://www.sil.org 5 | Written by Steve Moitozo 6 | 7 | drupalauth is licensed under the CC-GNU LGPL version 2.1. 8 | http://creativecommons.org/licenses/LGPL/2.1/ 9 | 10 | This library is free software; you can redistribute it and/or 11 | modify it under the terms of the GNU Lesser General Public 12 | License as published by the Free Software Foundation; either 13 | version 2.1 of the License, or (at your option) any later version. 14 | 15 | This library is distributed in the hope that it will be useful, 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | Lesser General Public License below for more details. 19 | 20 | -- 21 | GNU LESSER GENERAL PUBLIC LICENSE 22 | Version 2.1, February 1999 23 | 24 | Copyright (C) 1991, 1999 Free Software Foundation, Inc. 25 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 26 | Everyone is permitted to copy and distribute verbatim copies 27 | of this license document, but changing it is not allowed. 28 | 29 | [This is the first released version of the Lesser GPL. It also counts 30 | as the successor of the GNU Library Public License, version 2, hence 31 | the version number 2.1.] 32 | 33 | Preamble 34 | 35 | The licenses for most software are designed to take away your 36 | freedom to share and change it. By contrast, the GNU General Public 37 | Licenses are intended to guarantee your freedom to share and change 38 | free software--to make sure the software is free for all its users. 39 | 40 | This license, the Lesser General Public License, applies to some 41 | specially designated software packages--typically libraries--of the 42 | Free Software Foundation and other authors who decide to use it. You 43 | can use it too, but we suggest you first think carefully about whether 44 | this license or the ordinary General Public License is the better 45 | strategy to use in any particular case, based on the explanations below. 46 | 47 | When we speak of free software, we are referring to freedom of use, 48 | not price. Our General Public Licenses are designed to make sure that 49 | you have the freedom to distribute copies of free software (and charge 50 | for this service if you wish); that you receive source code or can get 51 | it if you want it; that you can change the software and use pieces of 52 | it in new free programs; and that you are informed that you can do 53 | these things. 54 | 55 | To protect your rights, we need to make restrictions that forbid 56 | distributors to deny you these rights or to ask you to surrender these 57 | rights. These restrictions translate to certain responsibilities for 58 | you if you distribute copies of the library or if you modify it. 59 | 60 | For example, if you distribute copies of the library, whether gratis 61 | or for a fee, you must give the recipients all the rights that we gave 62 | you. You must make sure that they, too, receive or can get the source 63 | code. If you link other code with the library, you must provide 64 | complete object files to the recipients, so that they can relink them 65 | with the library after making changes to the library and recompiling 66 | it. And you must show them these terms so they know their rights. 67 | 68 | We protect your rights with a two-step method: (1) we copyright the 69 | library, and (2) we offer you this license, which gives you legal 70 | permission to copy, distribute and/or modify the library. 71 | 72 | To protect each distributor, we want to make it very clear that 73 | there is no warranty for the free library. Also, if the library is 74 | modified by someone else and passed on, the recipients should know 75 | that what they have is not the original version, so that the original 76 | author's reputation will not be affected by problems that might be 77 | introduced by others. 78 | 79 | Finally, software patents pose a constant threat to the existence of 80 | any free program. We wish to make sure that a company cannot 81 | effectively restrict the users of a free program by obtaining a 82 | restrictive license from a patent holder. Therefore, we insist that 83 | any patent license obtained for a version of the library must be 84 | consistent with the full freedom of use specified in this license. 85 | 86 | Most GNU software, including some libraries, is covered by the 87 | ordinary GNU General Public License. This license, the GNU Lesser 88 | General Public License, applies to certain designated libraries, and 89 | is quite different from the ordinary General Public License. We use 90 | this license for certain libraries in order to permit linking those 91 | libraries into non-free programs. 92 | 93 | When a program is linked with a library, whether statically or using 94 | a shared library, the combination of the two is legally speaking a 95 | combined work, a derivative of the original library. The ordinary 96 | General Public License therefore permits such linking only if the 97 | entire combination fits its criteria of freedom. The Lesser General 98 | Public License permits more lax criteria for linking other code with 99 | the library. 100 | 101 | We call this license the "Lesser" General Public License because it 102 | does Less to protect the user's freedom than the ordinary General 103 | Public License. It also provides other free software developers Less 104 | of an advantage over competing non-free programs. These disadvantages 105 | are the reason we use the ordinary General Public License for many 106 | libraries. However, the Lesser license provides advantages in certain 107 | special circumstances. 108 | 109 | For example, on rare occasions, there may be a special need to 110 | encourage the widest possible use of a certain library, so that it becomes 111 | a de-facto standard. To achieve this, non-free programs must be 112 | allowed to use the library. A more frequent case is that a free 113 | library does the same job as widely used non-free libraries. In this 114 | case, there is little to gain by limiting the free library to free 115 | software only, so we use the Lesser General Public License. 116 | 117 | In other cases, permission to use a particular library in non-free 118 | programs enables a greater number of people to use a large body of 119 | free software. For example, permission to use the GNU C Library in 120 | non-free programs enables many more people to use the whole GNU 121 | operating system, as well as its variant, the GNU/Linux operating 122 | system. 123 | 124 | Although the Lesser General Public License is Less protective of the 125 | users' freedom, it does ensure that the user of a program that is 126 | linked with the Library has the freedom and the wherewithal to run 127 | that program using a modified version of the Library. 128 | 129 | The precise terms and conditions for copying, distribution and 130 | modification follow. Pay close attention to the difference between a 131 | "work based on the library" and a "work that uses the library". The 132 | former contains code derived from the library, whereas the latter must 133 | be combined with the library in order to run. 134 | 135 | GNU LESSER GENERAL PUBLIC LICENSE 136 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 137 | 138 | 0. This License Agreement applies to any software library or other 139 | program which contains a notice placed by the copyright holder or 140 | other authorized party saying it may be distributed under the terms of 141 | this Lesser General Public License (also called "this License"). 142 | Each licensee is addressed as "you". 143 | 144 | A "library" means a collection of software functions and/or data 145 | prepared so as to be conveniently linked with application programs 146 | (which use some of those functions and data) to form executables. 147 | 148 | The "Library", below, refers to any such software library or work 149 | which has been distributed under these terms. A "work based on the 150 | Library" means either the Library or any derivative work under 151 | copyright law: that is to say, a work containing the Library or a 152 | portion of it, either verbatim or with modifications and/or translated 153 | straightforwardly into another language. (Hereinafter, translation is 154 | included without limitation in the term "modification".) 155 | 156 | "Source code" for a work means the preferred form of the work for 157 | making modifications to it. For a library, complete source code means 158 | all the source code for all modules it contains, plus any associated 159 | interface definition files, plus the scripts used to control compilation 160 | and installation of the library. 161 | 162 | Activities other than copying, distribution and modification are not 163 | covered by this License; they are outside its scope. The act of 164 | running a program using the Library is not restricted, and output from 165 | such a program is covered only if its contents constitute a work based 166 | on the Library (independent of the use of the Library in a tool for 167 | writing it). Whether that is true depends on what the Library does 168 | and what the program that uses the Library does. 169 | 170 | 1. You may copy and distribute verbatim copies of the Library's 171 | complete source code as you receive it, in any medium, provided that 172 | you conspicuously and appropriately publish on each copy an 173 | appropriate copyright notice and disclaimer of warranty; keep intact 174 | all the notices that refer to this License and to the absence of any 175 | warranty; and distribute a copy of this License along with the 176 | Library. 177 | 178 | You may charge a fee for the physical act of transferring a copy, 179 | and you may at your option offer warranty protection in exchange for a 180 | fee. 181 | 182 | 2. You may modify your copy or copies of the Library or any portion 183 | of it, thus forming a work based on the Library, and copy and 184 | distribute such modifications or work under the terms of Section 1 185 | above, provided that you also meet all of these conditions: 186 | 187 | a) The modified work must itself be a software library. 188 | 189 | b) You must cause the files modified to carry prominent notices 190 | stating that you changed the files and the date of any change. 191 | 192 | c) You must cause the whole of the work to be licensed at no 193 | charge to all third parties under the terms of this License. 194 | 195 | d) If a facility in the modified Library refers to a function or a 196 | table of data to be supplied by an application program that uses 197 | the facility, other than as an argument passed when the facility 198 | is invoked, then you must make a good faith effort to ensure that, 199 | in the event an application does not supply such function or 200 | table, the facility still operates, and performs whatever part of 201 | its purpose remains meaningful. 202 | 203 | (For example, a function in a library to compute square roots has 204 | a purpose that is entirely well-defined independent of the 205 | application. Therefore, Subsection 2d requires that any 206 | application-supplied function or table used by this function must 207 | be optional: if the application does not supply it, the square 208 | root function must still compute square roots.) 209 | 210 | These requirements apply to the modified work as a whole. If 211 | identifiable sections of that work are not derived from the Library, 212 | and can be reasonably considered independent and separate works in 213 | themselves, then this License, and its terms, do not apply to those 214 | sections when you distribute them as separate works. But when you 215 | distribute the same sections as part of a whole which is a work based 216 | on the Library, the distribution of the whole must be on the terms of 217 | this License, whose permissions for other licensees extend to the 218 | entire whole, and thus to each and every part regardless of who wrote 219 | it. 220 | 221 | Thus, it is not the intent of this section to claim rights or contest 222 | your rights to work written entirely by you; rather, the intent is to 223 | exercise the right to control the distribution of derivative or 224 | collective works based on the Library. 225 | 226 | In addition, mere aggregation of another work not based on the Library 227 | with the Library (or with a work based on the Library) on a volume of 228 | a storage or distribution medium does not bring the other work under 229 | the scope of this License. 230 | 231 | 3. You may opt to apply the terms of the ordinary GNU General Public 232 | License instead of this License to a given copy of the Library. To do 233 | this, you must alter all the notices that refer to this License, so 234 | that they refer to the ordinary GNU General Public License, version 2, 235 | instead of to this License. (If a newer version than version 2 of the 236 | ordinary GNU General Public License has appeared, then you can specify 237 | that version instead if you wish.) Do not make any other change in 238 | these notices. 239 | 240 | Once this change is made in a given copy, it is irreversible for 241 | that copy, so the ordinary GNU General Public License applies to all 242 | subsequent copies and derivative works made from that copy. 243 | 244 | This option is useful when you wish to copy part of the code of 245 | the Library into a program that is not a library. 246 | 247 | 4. You may copy and distribute the Library (or a portion or 248 | derivative of it, under Section 2) in object code or executable form 249 | under the terms of Sections 1 and 2 above provided that you accompany 250 | it with the complete corresponding machine-readable source code, which 251 | must be distributed under the terms of Sections 1 and 2 above on a 252 | medium customarily used for software interchange. 253 | 254 | If distribution of object code is made by offering access to copy 255 | from a designated place, then offering equivalent access to copy the 256 | source code from the same place satisfies the requirement to 257 | distribute the source code, even though third parties are not 258 | compelled to copy the source along with the object code. 259 | 260 | 5. A program that contains no derivative of any portion of the 261 | Library, but is designed to work with the Library by being compiled or 262 | linked with it, is called a "work that uses the Library". Such a 263 | work, in isolation, is not a derivative work of the Library, and 264 | therefore falls outside the scope of this License. 265 | 266 | However, linking a "work that uses the Library" with the Library 267 | creates an executable that is a derivative of the Library (because it 268 | contains portions of the Library), rather than a "work that uses the 269 | library". The executable is therefore covered by this License. 270 | Section 6 states terms for distribution of such executables. 271 | 272 | When a "work that uses the Library" uses material from a header file 273 | that is part of the Library, the object code for the work may be a 274 | derivative work of the Library even though the source code is not. 275 | Whether this is true is especially significant if the work can be 276 | linked without the Library, or if the work is itself a library. The 277 | threshold for this to be true is not precisely defined by law. 278 | 279 | If such an object file uses only numerical parameters, data 280 | structure layouts and accessors, and small macros and small inline 281 | functions (ten lines or less in length), then the use of the object 282 | file is unrestricted, regardless of whether it is legally a derivative 283 | work. (Executables containing this object code plus portions of the 284 | Library will still fall under Section 6.) 285 | 286 | Otherwise, if the work is a derivative of the Library, you may 287 | distribute the object code for the work under the terms of Section 6. 288 | Any executables containing that work also fall under Section 6, 289 | whether or not they are linked directly with the Library itself. 290 | 291 | 6. As an exception to the Sections above, you may also combine or 292 | link a "work that uses the Library" with the Library to produce a 293 | work containing portions of the Library, and distribute that work 294 | under terms of your choice, provided that the terms permit 295 | modification of the work for the customer's own use and reverse 296 | engineering for debugging such modifications. 297 | 298 | You must give prominent notice with each copy of the work that the 299 | Library is used in it and that the Library and its use are covered by 300 | this License. You must supply a copy of this License. If the work 301 | during execution displays copyright notices, you must include the 302 | copyright notice for the Library among them, as well as a reference 303 | directing the user to the copy of this License. Also, you must do one 304 | of these things: 305 | 306 | a) Accompany the work with the complete corresponding 307 | machine-readable source code for the Library including whatever 308 | changes were used in the work (which must be distributed under 309 | Sections 1 and 2 above); and, if the work is an executable linked 310 | with the Library, with the complete machine-readable "work that 311 | uses the Library", as object code and/or source code, so that the 312 | user can modify the Library and then relink to produce a modified 313 | executable containing the modified Library. (It is understood 314 | that the user who changes the contents of definitions files in the 315 | Library will not necessarily be able to recompile the application 316 | to use the modified definitions.) 317 | 318 | b) Use a suitable shared library mechanism for linking with the 319 | Library. A suitable mechanism is one that (1) uses at run time a 320 | copy of the library already present on the user's computer system, 321 | rather than copying library functions into the executable, and (2) 322 | will operate properly with a modified version of the library, if 323 | the user installs one, as long as the modified version is 324 | interface-compatible with the version that the work was made with. 325 | 326 | c) Accompany the work with a written offer, valid for at 327 | least three years, to give the same user the materials 328 | specified in Subsection 6a, above, for a charge no more 329 | than the cost of performing this distribution. 330 | 331 | d) If distribution of the work is made by offering access to copy 332 | from a designated place, offer equivalent access to copy the above 333 | specified materials from the same place. 334 | 335 | e) Verify that the user has already received a copy of these 336 | materials or that you have already sent this user a copy. 337 | 338 | For an executable, the required form of the "work that uses the 339 | Library" must include any data and utility programs needed for 340 | reproducing the executable from it. However, as a special exception, 341 | the materials to be distributed need not include anything that is 342 | normally distributed (in either source or binary form) with the major 343 | components (compiler, kernel, and so on) of the operating system on 344 | which the executable runs, unless that component itself accompanies 345 | the executable. 346 | 347 | It may happen that this requirement contradicts the license 348 | restrictions of other proprietary libraries that do not normally 349 | accompany the operating system. Such a contradiction means you cannot 350 | use both them and the Library together in an executable that you 351 | distribute. 352 | 353 | 7. You may place library facilities that are a work based on the 354 | Library side-by-side in a single library together with other library 355 | facilities not covered by this License, and distribute such a combined 356 | library, provided that the separate distribution of the work based on 357 | the Library and of the other library facilities is otherwise 358 | permitted, and provided that you do these two things: 359 | 360 | a) Accompany the combined library with a copy of the same work 361 | based on the Library, uncombined with any other library 362 | facilities. This must be distributed under the terms of the 363 | Sections above. 364 | 365 | b) Give prominent notice with the combined library of the fact 366 | that part of it is a work based on the Library, and explaining 367 | where to find the accompanying uncombined form of the same work. 368 | 369 | 8. You may not copy, modify, sublicense, link with, or distribute 370 | the Library except as expressly provided under this License. Any 371 | attempt otherwise to copy, modify, sublicense, link with, or 372 | distribute the Library is void, and will automatically terminate your 373 | rights under this License. However, parties who have received copies, 374 | or rights, from you under this License will not have their licenses 375 | terminated so long as such parties remain in full compliance. 376 | 377 | 9. You are not required to accept this License, since you have not 378 | signed it. However, nothing else grants you permission to modify or 379 | distribute the Library or its derivative works. These actions are 380 | prohibited by law if you do not accept this License. Therefore, by 381 | modifying or distributing the Library (or any work based on the 382 | Library), you indicate your acceptance of this License to do so, and 383 | all its terms and conditions for copying, distributing or modifying 384 | the Library or works based on it. 385 | 386 | 10. Each time you redistribute the Library (or any work based on the 387 | Library), the recipient automatically receives a license from the 388 | original licensor to copy, distribute, link with or modify the Library 389 | subject to these terms and conditions. You may not impose any further 390 | restrictions on the recipients' exercise of the rights granted herein. 391 | You are not responsible for enforcing compliance by third parties with 392 | this License. 393 | 394 | 11. If, as a consequence of a court judgment or allegation of patent 395 | infringement or for any other reason (not limited to patent issues), 396 | conditions are imposed on you (whether by court order, agreement or 397 | otherwise) that contradict the conditions of this License, they do not 398 | excuse you from the conditions of this License. If you cannot 399 | distribute so as to satisfy simultaneously your obligations under this 400 | License and any other pertinent obligations, then as a consequence you 401 | may not distribute the Library at all. For example, if a patent 402 | license would not permit royalty-free redistribution of the Library by 403 | all those who receive copies directly or indirectly through you, then 404 | the only way you could satisfy both it and this License would be to 405 | refrain entirely from distribution of the Library. 406 | 407 | If any portion of this section is held invalid or unenforceable under any 408 | particular circumstance, the balance of the section is intended to apply, 409 | and the section as a whole is intended to apply in other circumstances. 410 | 411 | It is not the purpose of this section to induce you to infringe any 412 | patents or other property right claims or to contest validity of any 413 | such claims; this section has the sole purpose of protecting the 414 | integrity of the free software distribution system which is 415 | implemented by public license practices. Many people have made 416 | generous contributions to the wide range of software distributed 417 | through that system in reliance on consistent application of that 418 | system; it is up to the author/donor to decide if he or she is willing 419 | to distribute software through any other system and a licensee cannot 420 | impose that choice. 421 | 422 | This section is intended to make thoroughly clear what is believed to 423 | be a consequence of the rest of this License. 424 | 425 | 12. If the distribution and/or use of the Library is restricted in 426 | certain countries either by patents or by copyrighted interfaces, the 427 | original copyright holder who places the Library under this License may add 428 | an explicit geographical distribution limitation excluding those countries, 429 | so that distribution is permitted only in or among countries not thus 430 | excluded. In such case, this License incorporates the limitation as if 431 | written in the body of this License. 432 | 433 | 13. The Free Software Foundation may publish revised and/or new 434 | versions of the Lesser General Public License from time to time. 435 | Such new versions will be similar in spirit to the present version, 436 | but may differ in detail to address new problems or concerns. 437 | 438 | Each version is given a distinguishing version number. If the Library 439 | specifies a version number of this License which applies to it and 440 | "any later version", you have the option of following the terms and 441 | conditions either of that version or of any later version published by 442 | the Free Software Foundation. If the Library does not specify a 443 | license version number, you may choose any version ever published by 444 | the Free Software Foundation. 445 | 446 | 14. If you wish to incorporate parts of the Library into other free 447 | programs whose distribution conditions are incompatible with these, 448 | write to the author to ask for permission. For software which is 449 | copyrighted by the Free Software Foundation, write to the Free 450 | Software Foundation; we sometimes make exceptions for this. Our 451 | decision will be guided by the two goals of preserving the free status 452 | of all derivatives of our free software and of promoting the sharing 453 | and reuse of software generally. 454 | 455 | NO WARRANTY 456 | 457 | 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO 458 | WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. 459 | EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR 460 | OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY 461 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE 462 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 463 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE 464 | LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME 465 | THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 466 | 467 | 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN 468 | WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY 469 | AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU 470 | FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR 471 | CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE 472 | LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING 473 | RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A 474 | FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF 475 | SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 476 | DAMAGES. 477 | 478 | END OF TERMS AND CONDITIONS -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Introduction 2 | 3 | [![Build Status](https://app.travis-ci.com/drupalauth/simplesamlphp-module-drupalauth.svg?branch=main)](https://app.travis-ci.com/drupalauth/simplesamlphp-module-drupalauth) 4 | 5 | Drupal + SimpleSAMLphp + drupalauth = Complete SAML Identity Provider (IdP) 6 | 7 | Users interact with Drupal to create accounts, manage accounts, and authenticate. SAML SPs interact with [SimpleSAMLphp](https://simplesamlphp.org/). Drupalauth ties Drupal to SimpleSAMLphp. 8 | 9 | The drupalauth module for simpleSAMLphp makes it easy to create a SAML or Shibboleth identity provider (IdP) by enabling authentication of users against a Drupal site on the same server. This allows the administrator to leverage the user management and integration capabilities of [Drupal](http://drupal.org) for managing the identity life cycle. 10 | 11 | **NOTE:** This is software establishes a SAML identity provider (IdP) using Drupal as the user database instead of LDAP. If you want to establish your Drupal site as a SAML service provider (SP) connected to a SAML or Shibboleth IdP, see the [simplesamlphp_auth](https://www.drupal.org/project/simplesamlphp_auth) module for Drupal. 12 | 13 | ### simpleSAMLphp module 14 | 15 | This module for SimpleSAMLphp provides an Authentication Source for authenticating users against a local Drupal site. This allows the administrator to leverage the user management and integration capabilities of Drupal for managing the identity life cycle and the power of SimpleSAMLphp for identity integration. This is a simpleSAMLphp module, NOT a Drupal module. 16 | Download this module only if you want to use Drupal as Identity Provider. 17 | 18 | 19 | ### Drupal modules 20 | 21 | If you want to use Drupal as Identity Provide you should also install [drupalauth4ssp](https://www.drupal.org/project/drupalauth4ssp) that is available on Drupal.org. Please note that all issues related to Drupal functionality should be reported there. 22 | 23 | If you want to connect your Drupal site as Service Provider to a SAML or Shibboleth IdP, use the [simplesamlphp_auth](http://drupal.org/project/simplesamlphp_auth) module for Drupal. 24 | 25 | ## Branch and version naming 26 | 27 | Following [Semantic Versioning](https://semver.org/) is hard when you have multiple upstream dependencies. 28 | 29 | So in a X.Y.Z version: 30 | 31 | - X - major SimpleSAMLphp version 32 | - Y - major Drupal version 33 | - Z - inthis module incremental version 34 | 35 | Example: for SimpleSAMLphp version 1.15.4 with Drupal version 8.5.6 and this module version 1 we will have tag 1.8.1. 36 | Same thing for Drupal 7 will be 1.7.1. 37 | 38 | `main` at the moment corresponds to `2.10.*`. Branch `1.7` is respectfully for Drupal 7 (no Composer integration). 39 | 40 | ## Note on Drupal configuration 41 | 42 | Disabling `discovery` cache will prevent this module from functioning. 43 | 44 | See this issue , specifically 45 | [this comment](https://github.com/drupalauth/simplesamlphp-module-drupalauth/issues/71#issuecomment-815725363). 46 | 47 | ## Installation 48 | 49 | ### Requirements 50 | 51 | 1. Install Drupal 10.x 52 | 2. Install simpleSAMLphp 53 | 3. Install drupalauth - `composer require drupalauth/simplesamlphp-module-drupalauth` 54 | 4. Configure SimpleSAMLphp to use something other than `phpsession` for session storage, e.g., SQL or memcache (See: `store.type` in `simplesamlphp/config/config.php`). 55 | 5. Configure the authentication source in `simplesamlphp/config/authsources.php` as described below. 56 | 57 | #### Authenticate against Drupal but use the SimpleSAMLphp login page 58 | 59 | The advantage of this approach is that there is no obvious connection between SimpleSAMLphp IdP and the Drupal site. 60 | 61 | **Details** 62 | 63 | Configure the authentication source by putting following code into `simplesamlphp/config/authsources.php` 64 | 65 | ```php 66 | 'drupal-userpass' => array( 67 | 'drupalauth:UserPass', 68 | 69 | // The filesystem path of the Drupal directory. 70 | 'drupalroot' => '/var/www/drupal', 71 | 72 | // Whether to turn on debug 73 | 'debug' => true, 74 | 75 | // Which attributes should be retrieved from the Drupal site. 76 | 'attributes' => array( 77 | array('field_name' => 'uid', 'attribute_name' => 'uid'), 78 | array('field_name' => 'roles', 'attribute_name' => 'roles', 'field_property' => 'target_id'), 79 | array('field_name' => 'name', 'attribute_name' => 'cn'), 80 | array('field_name' => 'mail', 'attribute_name' => 'mail'), 81 | array('field_name' => 'field_first_name', 'attribute_name' => 'givenName'), 82 | array('field_name' => 'field_last_name', 'attribute_name' => 'sn'), 83 | array('field_name' => 'field_organization', 'attribute_name' => 'ou', 'field_property' => 'target_id'), 84 | ), 85 | ), 86 | ``` 87 | 88 | Leave 'attributes' empty or unset to get all available field values. Attribute names in this case would be "$field_name:$property_name". 89 | 90 | #### Authenticate against Drupal but use the Drupal login page 91 | 92 | The advantage of this approach is that the SimpleSAMLphp IdP session is tied to a Drupal session. This allows the user who is already logged into the Drupal site to then navigate to a SAML SP that uses the IdP without the need to authenticate again. 93 | 94 | **Details** 95 | 96 | Configure the authentication source by putting following code into `simplesamlphp/config/authsources.php` 97 | 98 | ```php 99 | 'drupal-userpass' => array('drupalauth:External', 100 | 101 | // The filesystem path of the Drupal directory. 102 | 'drupalroot' => '/var/www/drupal', 103 | 104 | // Whether to turn on debug 105 | 'debug' => true, 106 | 107 | // the URL of the Drupal logout page 108 | 'drupal_logout_url' => 'https://www.example.com/drupal/user/logout', 109 | 110 | // the URL of the Drupal login page 111 | 'drupal_login_url' => 'https://www.example.com/drupal/user/login', 112 | 113 | // Which attributes should be retrieved from the Drupal site. 114 | 'attributes' => array( 115 | array('field_name' => 'uid', 'attribute_name' => 'uid'), 116 | array('field_name' => 'roles', 'attribute_name' => 'roles', 'field_property' => 'target_id'), 117 | array('field_name' => 'name', 'attribute_name' => 'cn'), 118 | array('field_name' => 'mail', 'attribute_name' => 'mail'), 119 | array('field_name' => 'field_first_name', 'attribute_name' => 'givenName'), 120 | array('field_name' => 'field_last_name', 'attribute_name' => 'sn'), 121 | array('field_name' => 'field_organization', 'attribute_name' => 'ou', 'field_property' => 'target_id'), 122 | ), 123 | ), 124 | ``` 125 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "drupalauth/simplesamlphp-module-drupalauth", 3 | "description": "A SimpleSAMLphp module adding support for Drupal as the authentication source.", 4 | "homepage": "https://github.com/drupalauth/simplesamlphp-module-drupalauth", 5 | "type": "simplesamlphp-module", 6 | "keywords": [ 7 | "SimpleSAMLphp", 8 | "Drupal", 9 | "Authentication" 10 | ], 11 | "license": "LGPL-2.1", 12 | "authors": [ 13 | { 14 | "name": "Steve Moitozo", 15 | "email": "smoitozo@gmail.com" 16 | }, 17 | { 18 | "name": "Contributors", 19 | "homepage": "https://github.com/drupalauth/simplesamlphp-module-drupalauth/graphs/contributors", 20 | "role": "Contributors" 21 | } 22 | ], 23 | "require": { 24 | "php": "^8.0", 25 | "simplesamlphp/simplesamlphp": "^2.1", 26 | "simplesamlphp/composer-module-installer": "~1.0" 27 | }, 28 | "require-dev": { 29 | "phpunit/phpunit": "^9.0 | ^10.0", 30 | "squizlabs/php_codesniffer": "^3.0" 31 | }, 32 | "autoload-dev": { 33 | "classmap": ["src/", "tests/"] 34 | }, 35 | "extra": { 36 | "branch-alias": { 37 | "dev-main": "2.10.x-dev" 38 | } 39 | }, 40 | "config": { 41 | "allow-plugins": { 42 | "simplesamlphp/composer-module-installer": true, 43 | "composer/installers": true, 44 | "dealerdirect/phpcodesniffer-composer-installer": true, 45 | "simplesamlphp/composer-xmlprovider-installer": true 46 | } 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /phpcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | The coding standard for drupalauth. 4 | 5 | 6 | ./src 7 | ./public 8 | 9 | -------------------------------------------------------------------------------- /phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | tests/ 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /public/resume.php: -------------------------------------------------------------------------------- 1 | array( 41 | * 'drupalauth:External', 42 | * 43 | * // The filesystem path of the Drupal directory. 44 | * 'drupalroot' => '/var/www/drupal-8.0', 45 | * 46 | * // Whether to turn on debug 47 | * 'debug' => true, 48 | * 49 | * // URL of the Drupal logout page. 50 | * 'drupal_logout_url' => 'https://www.example.com/drupal7/user/logout', 51 | * 52 | * // URL of the Drupal login page. 53 | * 'drupal_login_url' => 'https://www.example.com/drupal7/user', 54 | * 55 | * // Which attributes should be retrieved from the Drupal site. 56 | * 'attributes' => array( 57 | * array('field_name' => 'uid', 'attribute_name' => 'uid'), 58 | * array('field_name' => 'roles', 'attribute_name' => 'roles', 'field_property' => 'target_id'), 59 | * array('field_name' => 'name', 'attribute_name' => 'cn'), 60 | * array('field_name' => 'mail', 'attribute_name' => 'mail'), 61 | * array('field_name' => 'field_first_name', 'attribute_name' => 'givenName'), 62 | * array('field_name' => 'field_last_name', 'attribute_name' => 'sn'), 63 | * array('field_name' => 'field_organization', 'attribute_name' => 'ou', 'field_property' => 'target_id'), 64 | * ), 65 | * ), 66 | * 67 | * Format of the 'attributes' array explained: 68 | * - field_name - name of the Drupal field. 69 | * - field_property - name of the field property. "value" by default. 70 | * - attribute_name - name of the attribute to place field component value in. 71 | * 72 | * Leave 'attributes' empty or unset to get all available field values. 73 | * Attribute names in this case would be "$field_name:$property_name". 74 | */ 75 | class External extends Source 76 | { 77 | /** 78 | * The string used to identify Drupal user ID. 79 | */ 80 | public const DRUPALAUTH_EXTERNAL_USER_ID = 'drupalauth:External:UserID'; 81 | 82 | /** 83 | * The string used to identify authentication source. 84 | */ 85 | public const DRUPALAUTH_AUTH_ID = 'drupalauth:AuthID'; 86 | 87 | /** 88 | * The string used to identify our states. 89 | */ 90 | public const DRUPALAUTH_EXTERNAL = 'drupalauth:External'; 91 | 92 | /** 93 | * Configuration object. 94 | * 95 | * @var \SimpleSAML\Module\drupalauth\ConfigHelper 96 | */ 97 | private ConfigHelper $config; 98 | 99 | /** 100 | * Constructor for this authentication source. 101 | * 102 | * @param array $info Information about this authentication source. 103 | * @param array $config Configuration. 104 | */ 105 | public function __construct(array $info, array $config) 106 | { 107 | assert(is_array($info)); 108 | assert(is_array($config)); 109 | 110 | /* Call the parent constructor first, as required by the interface. */ 111 | parent::__construct($info, $config); 112 | 113 | /* Get the configuration for this module */ 114 | $drupalAuthConfig = new ConfigHelper( 115 | $config, 116 | 'Authentication source ' . $this->getAuthId() 117 | ); 118 | 119 | $this->config = $drupalAuthConfig; 120 | } 121 | 122 | /** 123 | * Retrieve attributes for the user. 124 | * 125 | * @return array|NULL The user's attributes, or NULL if the user isn't 126 | * authenticated. 127 | */ 128 | private function getUser($drupalUid): ?array 129 | { 130 | if (!empty($drupalUid)) { 131 | $drupalHelper = new DrupalHelper(); 132 | $drupalHelper->bootDrupal($this->config->getDrupalRoot()); 133 | 134 | // Load the user object from Drupal. 135 | $drupalUser = User::load($drupalUid); 136 | if ($drupalUser->isBlocked()) { 137 | throw new Error('NOACCESS'); 138 | } 139 | 140 | $requestedAttributes = $this->config->getAttributes(); 141 | 142 | return $drupalHelper->getAttributes($drupalUser, $requestedAttributes); 143 | } 144 | 145 | return null; 146 | } 147 | 148 | /** 149 | * Log in using an external authentication helper. 150 | * 151 | * @param array &$state Information about the current authentication. 152 | */ 153 | public function authenticate(array &$state): void 154 | { 155 | assert(is_array($state)); 156 | 157 | /* 158 | * The user is already authenticated. 159 | * 160 | * Add the users attributes to the $state-array, and return control 161 | * to the authentication process. 162 | */ 163 | if (!empty($state[self::DRUPALAUTH_EXTERNAL_USER_ID])) { 164 | $state['Attributes'] = $this->getUser($state[self::DRUPALAUTH_EXTERNAL_USER_ID]); 165 | return; 166 | } 167 | 168 | /* 169 | * The user isn't authenticated. We therefore need to 170 | * send the user to the login page. 171 | */ 172 | 173 | /* 174 | * First we add the identifier of this authentication source 175 | * to the state array, so that we know where to resume. 176 | */ 177 | $state[self::DRUPALAUTH_AUTH_ID] = $this->getAuthId(); 178 | 179 | /* 180 | * We need to save the $state-array, so that we can resume the 181 | * login process after authentication. 182 | * 183 | * Note the second parameter to the saveState-function. This is a 184 | * unique identifier for where the state was saved, and must be used 185 | * again when we retrieve the state. 186 | * 187 | * The reason for it is to prevent 188 | * attacks where the user takes a $state-array saved in one location 189 | * and restores it in another location, and thus bypasses steps in 190 | * the authentication process. 191 | */ 192 | $stateId = State::saveState($state, self::DRUPALAUTH_EXTERNAL); 193 | 194 | /* 195 | * Now we generate a URL the user should return to after authentication. 196 | * We assume that whatever authentication page we send the user to has an 197 | * option to return the user to a specific page afterwards. 198 | */ 199 | $returnTo = Module::getModuleURL('drupalauth/resume.php', [ 200 | 'State' => $stateId, 201 | ]); 202 | 203 | /* 204 | * Get the URL of the authentication page. 205 | * 206 | * Here we use the getModuleURL function again, since the authentication page 207 | * is also part of this module, but in a real example, this would likely be 208 | * the absolute URL of the login page for the site. 209 | */ 210 | $authPage = $this->config->getDrupalLoginUrl(); 211 | 212 | /* 213 | * The redirect to the authentication page. 214 | * 215 | * Note the 'ReturnTo' parameter. This must most likely be replaced with 216 | * the real name of the parameter for the login page. 217 | */ 218 | $http = new HTTP(); 219 | $http->redirectTrustedURL($authPage, [ 220 | 'ReturnTo' => $returnTo, 221 | ]); 222 | 223 | /* 224 | * The redirect function never returns, so we never get this far. 225 | */ 226 | assert(false); 227 | } 228 | 229 | /** 230 | * Resume authentication process. 231 | * 232 | * This function resumes the authentication process after the user has 233 | * entered his or her credentials. 234 | * 235 | * @param array &$state The authentication state. 236 | */ 237 | public static function resume($stateID) 238 | { 239 | /* 240 | * First we need to restore the $state-array. We should have the identifier for 241 | * it in the 'State' request parameter. 242 | */ 243 | if (!isset($stateID)) { 244 | throw new BadRequest('Missing "State" parameter.'); 245 | } 246 | 247 | /* 248 | * Once again, note the second parameter to the loadState function. This must 249 | * match the string we used in the saveState-call above. 250 | */ 251 | $state = State::loadState($stateID, self::DRUPALAUTH_EXTERNAL); 252 | 253 | /* 254 | * Now we have the $state-array, and can use it to locate the authentication 255 | * source. 256 | */ 257 | $source = Source::getById($state[self::DRUPALAUTH_AUTH_ID]); 258 | if ($source === null) { 259 | /* 260 | * The only way this should fail is if we remove or rename the authentication source 261 | * while the user is at the login page. 262 | */ 263 | throw new Exception('Could not find authentication source with ID: ' . $state[self::DRUPALAUTH_AUTH_ID]); 264 | } 265 | 266 | /* 267 | * Make sure that we haven't switched the source type while the 268 | * user was at the authentication page. This can only happen if we 269 | * change config/authsources.php while an user is logging in. 270 | */ 271 | if (!($source instanceof self)) { 272 | throw new Exception('Authentication source type changed.'); 273 | } 274 | 275 | /* 276 | * First we check that the user is acutally logged in, and didn't simply skip the login page. 277 | */ 278 | if (empty($state[self::DRUPALAUTH_EXTERNAL_USER_ID])) { 279 | throw new Exception('User ID is missing.'); 280 | } 281 | 282 | /* 283 | * OK, now we know that our current state is sane. Time to actually log the user in. 284 | */ 285 | $attributes = $source->getUser($state[self::DRUPALAUTH_EXTERNAL_USER_ID]); 286 | if ($attributes === null) { 287 | /* 288 | * The user isn't authenticated. 289 | * 290 | * Here we simply throw an exception, but we could also redirect the user back to the 291 | * login page. 292 | */ 293 | throw new Exception('User not authenticated after login page.'); 294 | } 295 | 296 | /* 297 | * So, we have a valid user. Time to resume the authentication process where we 298 | * paused it in the authenticate()-function above. 299 | */ 300 | 301 | $state['Attributes'] = $attributes; 302 | Source::completeAuth($state); 303 | 304 | /* 305 | * The completeAuth-function never returns, so we never get this far. 306 | */ 307 | assert(false); 308 | } 309 | 310 | /** 311 | * This function is called when the user start a logout operation, for 312 | * example by logging out of a SP that supports single logout. 313 | * 314 | * @param array &$state The logout state array. 315 | */ 316 | public function logout(array &$state): void 317 | { 318 | assert(is_array($state)); 319 | 320 | if (!session_id()) { 321 | // session_start not called before. Do it here 322 | session_start(); 323 | } 324 | 325 | $logoutUrl = $this->config->getDrupalLogoutUrl(); 326 | $parameters = []; 327 | if (!empty($state['ReturnTo'])) { 328 | $parameters['ReturnTo'] = $state['ReturnTo']; 329 | } 330 | 331 | $http = new HTTP(); 332 | $http->redirectTrustedURL($logoutUrl, $parameters); 333 | } 334 | } 335 | -------------------------------------------------------------------------------- /src/Auth/Source/UserPass.php: -------------------------------------------------------------------------------- 1 | array( 30 | * 'drupalauth:UserPass', 31 | * 32 | * // The filesystem path of the Drupal directory. 33 | * 'drupalroot' => '/var/www/drupal-8.0', 34 | * 35 | * // Whether to turn on debug 36 | * 'debug' => true, 37 | * 38 | * // Which attributes should be retrieved from the Drupal site. 39 | * 'attributes' => array( 40 | * array('field_name' => 'uid', 'attribute_name' => 'uid'), 41 | * array('field_name' => 'roles', 'attribute_name' => 'roles', 'field_property' => 'target_id'), 42 | * array('field_name' => 'name', 'attribute_name' => 'cn'), 43 | * array('field_name' => 'mail', 'attribute_name' => 'mail'), 44 | * array('field_name' => 'field_first_name', 'attribute_name' => 'givenName'), 45 | * array('field_name' => 'field_last_name', 'attribute_name' => 'sn'), 46 | * array('field_name' => 'field_organization', 'attribute_name' => 'ou', 'field_property' => 'target_id'), 47 | * ), 48 | * ), 49 | * 50 | * Format of the 'attributes' array explained: 51 | * - field_name - name of the Drupal field. 52 | * - field_property - name of the field property. "value" by default. 53 | * - attribute_name - name of the attribute to place field component value in. 54 | * 55 | * Leave 'attributes' empty or unset to get all available field values. 56 | * Attribute names in this case would be "$field_name:$property_name". 57 | */ 58 | class UserPass extends UserPassBase 59 | { 60 | /** 61 | * Configuration object. 62 | * 63 | * @var \SimpleSAML\Module\drupalauth\ConfigHelper 64 | */ 65 | private ConfigHelper $config; 66 | 67 | /** 68 | * Constructor for this authentication source. 69 | * 70 | * @param array $info Information about this authentication source. 71 | * @param array $config Configuration. 72 | */ 73 | public function __construct(array $info, array $config) 74 | { 75 | assert(is_array($info)); 76 | assert(is_array($config)); 77 | 78 | /* Call the parent constructor first, as required by the interface. */ 79 | parent::__construct($info, $config); 80 | 81 | /* Get the configuration for this module */ 82 | $drupalAuthConfig = new ConfigHelper( 83 | $config, 84 | 'Authentication source ' . $this->getAuthId() 85 | ); 86 | 87 | $this->config = $drupalAuthConfig; 88 | } 89 | 90 | 91 | /** 92 | * Attempt to log in using the given username and password. 93 | * 94 | * On a successful login, this function should return the users attributes. 95 | * On failure, it should throw an exception. If the error was caused by the 96 | * user entering the wrong username or password, a 97 | * SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown. 98 | * 99 | * Note that both the username and the password are UTF-8 encoded. 100 | * 101 | * @param string $username The username the user wrote. 102 | * @param string $password The password the user wrote. 103 | * 104 | * @return array Associative array with the users attributes. 105 | */ 106 | protected function login(string $username, string $password): array 107 | { 108 | assert(is_string($username)); 109 | assert(is_string($password)); 110 | 111 | $drupalHelper = new DrupalHelper(); 112 | $drupalHelper->bootDrupal($this->config->getDrupalRoot()); 113 | 114 | /* @value \Drupal\user\UserAuth $userAuth */ 115 | $userAuth = \Drupal::service('user.auth'); 116 | 117 | // Authenticate the user. 118 | $uid = $userAuth->authenticate($username, $password); 119 | if ($uid === false) { 120 | throw new Error('WRONGUSERPASS'); 121 | } 122 | 123 | // Load the user object from Drupal. 124 | $drupalUser = User::load($uid); 125 | if ($drupalUser->isBlocked()) { 126 | throw new Error('NOACCESS'); 127 | } 128 | 129 | $requestedAttributes = $this->config->getAttributes(); 130 | 131 | return $drupalHelper->getAttributes($drupalUser, $requestedAttributes); 132 | } 133 | } 134 | -------------------------------------------------------------------------------- /src/ConfigHelper.php: -------------------------------------------------------------------------------- 1 | config = Configuration::loadFromArray($config, $location); 26 | } 27 | 28 | /** 29 | * Returns debug mode. 30 | * 31 | * @return bool 32 | */ 33 | public function getDebug(): bool 34 | { 35 | return $this->config->getOptionalBoolean('debug', false); 36 | } 37 | 38 | /** 39 | * Returns Drupal root directory. 40 | * 41 | * @return string 42 | */ 43 | public function getDrupalRoot(): string 44 | { 45 | return $this->config->getString('drupalroot'); 46 | } 47 | 48 | /** 49 | * Return the attributes 50 | * 51 | * @return array 52 | */ 53 | public function getAttributes(): ?array 54 | { 55 | return $this->config->getOptionalArray('attributes', null); 56 | } 57 | 58 | 59 | /** 60 | * Returns Drupal logout URL. 61 | * 62 | * @return string 63 | */ 64 | public function getDrupalLogoutUrl(): string 65 | { 66 | return $this->config->getString('drupal_logout_url'); 67 | } 68 | 69 | /** 70 | * Returns Drupal login URL. 71 | * 72 | * @return string 73 | */ 74 | public function getDrupalLoginUrl(): string 75 | { 76 | return $this->config->getString('drupal_login_url'); 77 | } 78 | } 79 | -------------------------------------------------------------------------------- /src/DrupalHelper.php: -------------------------------------------------------------------------------- 1 | boot(); 25 | $kernel->loadLegacyIncludes(); 26 | chdir($originalDir); 27 | } 28 | 29 | /** 30 | * @param $drupaluser 31 | * @param $requested_attributes 32 | * @param $forbiddenAttributes 33 | * @return array 34 | */ 35 | public function getAttributes($drupaluser, $requested_attributes): array 36 | { 37 | $attributes = []; 38 | $forbiddenAttributes = $this->forbiddenAttributes; 39 | 40 | if (empty($requested_attributes)) { 41 | return $this->getAllAttributes($drupaluser, $forbiddenAttributes); 42 | } else { 43 | foreach ($requested_attributes as $attribute) { 44 | $field_name = $attribute['field_name']; 45 | if ($drupaluser->hasField($field_name)) { 46 | if (!in_array($field_name, $forbiddenAttributes, true)) { 47 | $property_name = $this->getPropertyName($attribute); 48 | 49 | $field = $drupaluser->{$field_name}; 50 | 51 | $field_properties = $field 52 | ->getFieldDefinition() 53 | ->getFieldStorageDefinition() 54 | ->getPropertyDefinitions(); 55 | if (array_key_exists($property_name, $field_properties)) { 56 | if (isset($attribute['field_index'])) { 57 | if ($field->get($attribute['field_index'])) { 58 | $property_value = $field->get($attribute['field_index'])->{$property_name}; 59 | if (!empty($property_value)) { 60 | $attribute_name = $this->getAttributeName($attribute); 61 | $attributes[$attribute_name][] = $property_value; 62 | } 63 | } 64 | } else { 65 | $index = 0; 66 | $count = $field->count(); 67 | while ($index < $count) { 68 | $property_value = $field->get($index)->{$property_name}; 69 | if (!empty($property_value)) { 70 | $attribute_name = $this->getAttributeName($attribute); 71 | $attributes[$attribute_name][] = $property_value; 72 | } 73 | $index++; 74 | } 75 | } 76 | } 77 | } 78 | } 79 | } 80 | } 81 | 82 | return $attributes; 83 | } 84 | 85 | /** 86 | * @param $drupaluser 87 | * @param $forbiddenAttributes 88 | * @return array 89 | */ 90 | protected function getAllAttributes($drupaluser, $forbiddenAttributes): array 91 | { 92 | $attributes = []; 93 | foreach ($drupaluser as $field_name => $field) { 94 | if (!in_array($field_name, $forbiddenAttributes, true)) { 95 | $count = $field->count(); 96 | 97 | $field_properties = $field 98 | ->getFieldDefinition() 99 | ->getFieldStorageDefinition() 100 | ->getPropertyDefinitions(); 101 | foreach ($field_properties as $property_name => $property_definition) { 102 | if (!$property_definition->isComputed() && !$property_definition->isInternal()) { 103 | $index = 0; 104 | while ($index < $count) { 105 | $property_value = $field->get($index)->{$property_name}; 106 | if (!empty($property_value) && is_scalar($property_value)) { 107 | $attributes["$field_name:$index:$property_name"][] = $property_value; 108 | } 109 | $index++; 110 | } 111 | } 112 | } 113 | } 114 | } 115 | 116 | return $attributes; 117 | } 118 | 119 | protected function getPropertyName($attribute_definition) 120 | { 121 | $property_name = 'value'; 122 | if (!empty($attribute_definition['field_property'])) { 123 | $property_name = $attribute_definition['field_property']; 124 | } 125 | 126 | return $property_name; 127 | } 128 | 129 | protected function getAttributeName($attribute_definition) 130 | { 131 | if (!empty($attribute_definition['attribute_name'])) { 132 | return $attribute_definition['attribute_name']; 133 | } 134 | 135 | $index = null; 136 | $field_name = $attribute_definition['field_name']; 137 | $property_name = $this->getPropertyName($attribute_definition); 138 | 139 | if (isset($attribute_definition['field_index'])) { 140 | $index = $attribute_definition['field_index']; 141 | } 142 | 143 | return isset($index) ? "$field_name:$index:$property_name" : "$field_name:$property_name"; 144 | } 145 | } 146 | -------------------------------------------------------------------------------- /tests/DrupalHelperTest.php: -------------------------------------------------------------------------------- 1 | stub = $this->createMock(DrupalHelper::class); 23 | $this->class = new \ReflectionClass($this->stub); 24 | } 25 | 26 | 27 | public static function getPropertyNameProvider(): array 28 | { 29 | return [ 30 | [[], 'value'], 31 | [['field_property' => 'target_id'], 'target_id'], 32 | [['field_property' => 'arbitrary_name'], 'arbitrary_name'], 33 | ]; 34 | } 35 | 36 | /** 37 | * @dataProvider getPropertyNameProvider 38 | */ 39 | public function testGetPropertyName($attribute_definition, $expected_property_name) 40 | { 41 | $method = $this->class->getMethod('getPropertyName'); 42 | $method->setAccessible(true); 43 | 44 | $property_name = $method->invokeArgs($this->stub, [$attribute_definition]); 45 | $this->assertEquals($expected_property_name, $property_name, 'Expected property name returned'); 46 | } 47 | 48 | 49 | public static function getAttributeNameProvider(): array 50 | { 51 | return [ 52 | [['field_name' => 'some_field'], 'some_field:value'], 53 | [['field_name' => 'some_field', 'field_index' => 0], 'some_field:0:value'], 54 | [['field_name' => 'some_field', 'field_property' => 'target_id'], 'some_field:target_id'], 55 | [['field_name' => 'some_field', 'field_property' => 'target_id', 'field_index' => 0], 'some_field:0:target_id'], 56 | [['field_name' => 'some_field', 'field_property' => 'target_id', 'field_index' => 0, 'attribute_name' => ''], 'some_field:0:target_id'], 57 | [['field_name' => 'some_field', 'field_property' => 'target_id', 'field_index' => 0, 'attribute_name' => 'someAttr'], 'someAttr'], 58 | [['field_name' => 'some_field', 'field_property' => 'target_id', 'attribute_name' => 'someAttr'], 'someAttr'], 59 | [['field_name' => 'some_field', 'attribute_name' => 'someAttr'], 'someAttr'], 60 | ]; 61 | } 62 | 63 | /** 64 | * @dataProvider getAttributeNameProvider 65 | */ 66 | public function testGetAttributeName($attribute_definition, $expected_attribute_name) 67 | { 68 | $method = $this->class->getMethod('getAttributeName'); 69 | $method->setAccessible(true); 70 | 71 | $attribute_name = $method->invokeArgs($this->stub, [$attribute_definition]); 72 | 73 | $this->assertEquals($expected_attribute_name, $attribute_name, 'Expected attribute name returned'); 74 | } 75 | 76 | public static function getAllAttributesDataProvider(): array 77 | { 78 | return [ 79 | // Set #0. 80 | [ 81 | // Values 82 | [ 83 | 'field_name' => [ 84 | 0 => [ 85 | 'property_1' => 'property_0_1_value', 86 | 'property_2' => 'property_0_2_value', 87 | ], 88 | 1 => [ 89 | 'property_1' => 'property_1_1_value', 90 | 'property_2' => '', 91 | ], 92 | 2 => [ 93 | 'property_1' => null, 94 | 'property_2' => 'property_2_2_value', 95 | ], 96 | ], 97 | ], 98 | // Forbidden attributes. 99 | [], 100 | // Expected attributes. 101 | [ 102 | 'field_name:0:property_1' => ['property_0_1_value'], 103 | 'field_name:0:property_2' => ['property_0_2_value'], 104 | 'field_name:1:property_1' => ['property_1_1_value'], 105 | 'field_name:2:property_2' => ['property_2_2_value'], 106 | ], 107 | ], 108 | // Set #1. 109 | [ 110 | // Values 111 | [ 112 | 'field_name' => [ 113 | 0 => [ 114 | 'property_1' => 'property_1_value', 115 | 'property_2' => 'property_2_value', 116 | ] 117 | ], 118 | 'forbidden_field' => [ 119 | 0 => [ 120 | 'value' => 'secret', 121 | ] 122 | ], 123 | ], 124 | // Forbidden attributes. 125 | ['forbidden_field'], 126 | // Expected attributes. 127 | [ 128 | 'field_name:0:property_1' => ['property_1_value'], 129 | 'field_name:0:property_2' => ['property_2_value'], 130 | ], 131 | ], 132 | // Set #2. 133 | [ 134 | // Values 135 | [ 136 | 'field_name' => [ 137 | 0 => [ 138 | 'property_1' => 'property_1_value', 139 | 'property_2' => 'property_2_value', 140 | ] 141 | ], 142 | 'field_name_2' => [ 143 | 0 => [ 144 | 'property_0_1' => 'property_0_1_value', 145 | 'property_0_2' => 'property_0_2_value', 146 | ], 147 | 1 => [ 148 | 'property_1_1' => 'property_1_1_value', 149 | 'property_1_2' => 'property_1_2_value', 150 | ] 151 | ], 152 | ], 153 | // Forbidden attributes. 154 | [], 155 | // Expected attributes. 156 | [ 157 | 'field_name:0:property_1' => ['property_1_value'], 158 | 'field_name:0:property_2' => ['property_2_value'], 159 | 'field_name_2:0:property_0_1' => ['property_0_1_value'], 160 | 'field_name_2:0:property_0_2' => ['property_0_2_value'], 161 | 'field_name_2:1:property_1_1' => ['property_1_1_value'], 162 | 'field_name_2:1:property_1_2' => ['property_1_2_value'], 163 | ], 164 | ], 165 | ]; 166 | } 167 | 168 | /** 169 | * @dataProvider getAllAttributesDataProvider 170 | */ 171 | public function testGetAllAttributes($values, $forbidden_attributes, $expected_attributes) 172 | { 173 | $method = $this->class->getMethod('getAllAttributes'); 174 | $method->setAccessible(true); 175 | 176 | $user = new User($values); 177 | 178 | $attributes = $method->invokeArgs($this->stub, [$user, $forbidden_attributes]); 179 | 180 | $this->assertEquals($expected_attributes, $attributes, 'Expected attributes returned'); 181 | } 182 | 183 | public static function getAttributesDataProvider(): array 184 | { 185 | $field_values = [ 186 | 'field_name' => [ 187 | 0 => [ 188 | 'property_1' => 'property_1_value', 189 | 'property_2' => 'property_2_value', 190 | ] 191 | ], 192 | 'field_name_2' => [ 193 | 0 => [ 194 | 'property_2_1' => 'property_2_1_0_value', 195 | 'property_2_2' => 'property_2_2_0_value', 196 | ], 197 | 1 => [ 198 | 'property_2_1' => 'property_2_1_1_value', 199 | 'property_2_2' => 'property_2_2_1_value', 200 | ], 201 | ], 202 | ]; 203 | 204 | return [ 205 | // Set #0. 206 | [ 207 | // Values 208 | $field_values, 209 | // Requested attributes. 210 | [], 211 | // Expected attributes. 212 | [ 213 | 'field_name:0:property_1' => ['property_1_value'], 214 | 'field_name:0:property_2' => ['property_2_value'], 215 | 'field_name_2:0:property_2_1' => ['property_2_1_0_value'], 216 | 'field_name_2:1:property_2_1' => ['property_2_1_1_value'], 217 | 'field_name_2:0:property_2_2' => ['property_2_2_0_value'], 218 | 'field_name_2:1:property_2_2' => ['property_2_2_1_value'], 219 | ], 220 | ], 221 | // Set #1. 222 | [ 223 | // Values 224 | $field_values, 225 | // Requested attributes. 226 | [ 227 | ['field_name' => 'forbidden_field'], 228 | ['field_name' => 'field_name'], 229 | ['field_name' => 'field_name', 'field_property' => 'property_1'], 230 | ['field_name' => 'field_name', 'field_property' => 'property_1', 'field_index' => 1], 231 | ['field_name' => 'field_name', 'field_property' => 'property_1', 'field_index' => 1, 'attribute_name' => 'someAttr'], 232 | ], 233 | // Expected attributes. 234 | [ 235 | 'field_name:property_1' => ['property_1_value'], 236 | ], 237 | ], 238 | // Set #2. 239 | [ 240 | // Values 241 | $field_values, 242 | // Requested attributes. 243 | [ 244 | ['field_name' => 'field_name', 'field_property' => 'property_2'], 245 | ['field_name' => 'field_name_2', 'field_property' => 'property_2_1'], 246 | ['field_name' => 'field_name_2', 'field_property' => 'property_2_1', 'attribute_name' => 'someAttr'], 247 | ['field_name' => 'field_name_2', 'field_property' => 'property_2_2', 'field_index' => 1], 248 | ], 249 | // Expected attributes. 250 | [ 251 | 'field_name:property_2' => ['property_2_value'], 252 | 'field_name_2:property_2_1' => ['property_2_1_0_value', 'property_2_1_1_value'], 253 | 'someAttr' => ['property_2_1_0_value', 'property_2_1_1_value'], 254 | 'field_name_2:1:property_2_2' => ['property_2_2_1_value'], 255 | ], 256 | ], 257 | ]; 258 | } 259 | 260 | /** 261 | * @dataProvider getAttributesDataProvider 262 | */ 263 | public function testGetAttributes($values, $requested_attributes, $expected_attributes) 264 | { 265 | $user = new User($values); 266 | $dh = new DrupalHelper(); 267 | $attributes = $dh->getAttributes($user, $requested_attributes); 268 | 269 | $this->assertEquals($expected_attributes, $attributes, 'Expected attributes returned'); 270 | } 271 | } 272 | -------------------------------------------------------------------------------- /tests/Field.php: -------------------------------------------------------------------------------- 1 | properties[$name] = $value; 17 | } 18 | 19 | public function __get($name) 20 | { 21 | return $this->properties[$name] ?? null; 22 | } 23 | 24 | 25 | public function getProperties(): array 26 | { 27 | return array_keys($this->properties); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /tests/FieldList.php: -------------------------------------------------------------------------------- 1 | list[$index] ?? null; 20 | } 21 | 22 | public function set($index, $properties) 23 | { 24 | if (!is_int($index)) { 25 | throw new \InvalidArgumentException('Unable to set a value with a non-numeric delta in a list.'); 26 | } 27 | 28 | if (!is_array($properties)) { 29 | throw new \InvalidArgumentException('Properties must be an array.'); 30 | } 31 | 32 | if (!isset($this->list[$index])) { 33 | $this->list[$index] = new Field(); 34 | } 35 | 36 | foreach ($properties as $property_name => $property_value) { 37 | if (!is_string($property_name)) { 38 | throw new \InvalidArgumentException('Unable to set a value of a property with a non string name.'); 39 | } 40 | 41 | $this->list[$index]->{$property_name} = $property_value; 42 | } 43 | } 44 | 45 | public function count() 46 | { 47 | return count($this->list); 48 | } 49 | 50 | public function getFieldDefinition() 51 | { 52 | return $this; 53 | } 54 | 55 | public function getFieldStorageDefinition() 56 | { 57 | return $this; 58 | } 59 | 60 | public function getPropertyDefinitions() 61 | { 62 | $definition = new PropertyDefinition(); 63 | $definitions = []; 64 | foreach ($this->list as $field) { 65 | foreach ($field->getProperties() as $property) { 66 | $definitions[$property] = $definition; 67 | } 68 | } 69 | 70 | return $definitions; 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /tests/FieldListTest.php: -------------------------------------------------------------------------------- 1 | expectException(InvalidArgumentException::class); 17 | $field = new FieldList(); 18 | $field->get('sdfkjskljdf'); 19 | } 20 | 21 | public function testGet() 22 | { 23 | $field = new FieldList(); 24 | $this->assertEquals(null, $field->get(0), 'Null returned for the empty index.'); 25 | $this->assertEquals(null, $field->get(1), 'Null returned for the empty index.'); 26 | } 27 | 28 | public function testSetIndexException() 29 | { 30 | $this->expectException(InvalidArgumentException::class); 31 | $this->expectExceptionMessage('Unable to set a value with a non-numeric delta in a list.'); 32 | $field = new FieldList(); 33 | $field->set('bad_index', 'something'); 34 | } 35 | 36 | public function testSetBadPropertiesException() 37 | { 38 | $this->expectException(InvalidArgumentException::class); 39 | $this->expectExceptionMessage('Properties must be an array.'); 40 | $field = new FieldList(); 41 | $field->set(0, 'something'); 42 | } 43 | 44 | public function testSetBadPropertyNameException() 45 | { 46 | $this->expectException(InvalidArgumentException::class); 47 | $this->expectExceptionMessage('Unable to set a value of a property with a non string name.'); 48 | $field = new FieldList(); 49 | $field->set(0, ['value']); 50 | } 51 | 52 | 53 | public function testSet() 54 | { 55 | $field = new FieldList(); 56 | $this->assertEquals(null, $field->get(0), 'Null returned for the empty index.'); 57 | $field->set(0, ['value' => 1]); 58 | $this->assertEquals(1, $field->get(0)->value, 'Returned expected property value'); 59 | } 60 | 61 | public function testCount() 62 | { 63 | $field = new FieldList(); 64 | $this->assertEquals(null, $field->get(0), 'Null returned for the empty index.'); 65 | $field->set(0, ['value' => 1]); 66 | $this->assertEquals(1, $field->get(0)->value, 'Returned expected property value at index 0'); 67 | $field->set(1, ['value' => 2]); 68 | $this->assertEquals(2, $field->get(1)->value, 'Returned expected property value at index 1'); 69 | $this->assertEquals(2, $field->count(), 'Returned expected quantity'); 70 | } 71 | 72 | public function testGetFieldDefinition() 73 | { 74 | $field = new FieldList(); 75 | $this->assertEquals($field, $field->getFieldDefinition(), 'Returned $this for getFieldDefinition()'); 76 | } 77 | 78 | public function testGetFieldStorageDefinition() 79 | { 80 | $field = new FieldList(); 81 | $this->assertEquals($field, $field->getFieldStorageDefinition(), 'Returned $this for getFieldStorageDefinition()'); 82 | } 83 | 84 | public function testGetPropertyDefinitions() 85 | { 86 | $field = new FieldList(); 87 | $field->set(0, ['property_1' => 0, 'property_2' => true]); 88 | $field->set(1, ['property_1' => 0]); 89 | $field->set(2, ['property_2' => true]); 90 | 91 | $propertyDefinitions = $field->getPropertyDefinitions(); 92 | $this->assertEquals(2, count($propertyDefinitions), 'Returned expected amount of property definitions'); 93 | $this->assertTrue(array_key_exists('property_1', $propertyDefinitions), 'Returned definition for expected property 1'); 94 | $this->assertTrue(is_a($propertyDefinitions['property_1'], PropertyDefinition::class), 'Returned definition for property 1'); 95 | $this->assertTrue(array_key_exists('property_2', $propertyDefinitions), 'Returned definition for expected property 2'); 96 | $this->assertTrue(is_a($propertyDefinitions['property_2'], PropertyDefinition::class), 'Returned definition for property 2'); 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /tests/FieldTest.php: -------------------------------------------------------------------------------- 1 | assertEquals(null, $field->random, 'Returns nothing for undefined property'); 18 | 19 | $field->some_property = 'somevalue'; 20 | $this->assertEquals('somevalue', $field->some_property, 'Returns expected property value'); 21 | } 22 | 23 | public function testGetProperties() 24 | { 25 | $field = new Field(); 26 | $properties = [ 27 | 'property_1' => '1', 28 | 'property_2' => '2', 29 | 'property_3' => '3', 30 | ]; 31 | $expected = [ 32 | 'property_1', 33 | 'property_2', 34 | 'property_3', 35 | ]; 36 | 37 | foreach ($properties as $name => $value) { 38 | $field->{$name} = $value; 39 | } 40 | 41 | $this->assertEquals($expected, $field->getProperties(), 'Returns expected list of property names'); 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /tests/PropertyDefinition.php: -------------------------------------------------------------------------------- 1 | assertFalse($property->isComputed(), 'Returns false for isComputed check.'); 18 | $this->assertFalse($property->isInternal(), 'Returns false for isInternal check.'); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /tests/User.php: -------------------------------------------------------------------------------- 1 | $field_value) { 17 | $this->fields[$field_name] = new FieldList(); 18 | if (is_scalar($field_value)) { 19 | $this->fields[$field_name]->set(0, ['value' => $field_value]); 20 | } elseif (is_array($field_value)) { 21 | foreach ($field_value as $index => $properties) { 22 | $this->fields[$field_name]->set($index, $properties); 23 | } 24 | } 25 | } 26 | } 27 | 28 | public function getIterator() 29 | { 30 | return new ArrayIterator($this->fields); 31 | } 32 | 33 | public function hasField($field_name) 34 | { 35 | return isset($this->fields[$field_name]); 36 | } 37 | 38 | public function __get($field_name) 39 | { 40 | return $this->fields[$field_name] ?? null; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /tests/UserTest.php: -------------------------------------------------------------------------------- 1 | [ 20 | 0 => [ 21 | 'property_1' => 'property_0_1_value', 22 | 'property_2' => 'property_0_2_value', 23 | ], 24 | 1 => [ 25 | 'property_1' => 'property_1_1_value', 26 | 'property_2' => '', 27 | ], 28 | ], 29 | ], 30 | 1 31 | ], 32 | [ 33 | [ 34 | 'field_1' => [ 35 | 0 => [ 36 | 'property_1' => 'property_1_value', 37 | 'property_2' => 'property_2_value', 38 | ] 39 | ], 40 | 'field_2' => [ 41 | 0 => [ 42 | 'value' => 'secret', 43 | ] 44 | ], 45 | 'field_3' => 'value', 46 | ], 47 | 3 48 | ], 49 | ]; 50 | } 51 | 52 | /** 53 | * @dataProvider userDataProvider 54 | */ 55 | public function testUser($values, $count) 56 | { 57 | $user = new User($values); 58 | $this->assertEquals($count, count($user->getIterator()), 'Returned expected quantity of fields'); 59 | } 60 | 61 | public static function userHasFieldDataProvider() 62 | { 63 | return [ 64 | [ 65 | [ 66 | 'field_name' => [ 67 | 0 => [ 68 | 'property_1' => 'property_0_1_value', 69 | 'property_2' => 'property_0_2_value', 70 | ], 71 | 1 => [ 72 | 'property_1' => 'property_1_1_value', 73 | 'property_2' => '', 74 | ], 75 | ], 76 | ], 77 | [ 78 | 'field_name' => true, 79 | 'missing_field' => false, 80 | ], 81 | ], 82 | [ 83 | [ 84 | 'field_1' => [ 85 | 0 => [ 86 | 'property_1' => 'property_1_value', 87 | 'property_2' => 'property_2_value', 88 | ] 89 | ], 90 | 'field_2' => [ 91 | 0 => [ 92 | 'value' => 'secret', 93 | ] 94 | ], 95 | 'field_3' => 'value', 96 | ], 97 | [ 98 | 'field_1' => true, 99 | 'field_2' => true, 100 | 'field_3' => true, 101 | ], 102 | ], 103 | ]; 104 | } 105 | 106 | /** 107 | * @dataProvider userHasFieldDataProvider 108 | */ 109 | public function testHasField($values, $checks) 110 | { 111 | $user = new User($values); 112 | foreach ($checks as $field_name => $result) { 113 | $this->assertEquals($result, $user->hasField($field_name), 'Field check returns expected result'); 114 | } 115 | } 116 | 117 | /** 118 | * @dataProvider userHasFieldDataProvider 119 | */ 120 | public function test__get($values, $checks) 121 | { 122 | $user = new User($values); 123 | foreach ($checks as $field_name => $result) { 124 | if ($result) { 125 | $this->assertNotEmpty($user->{$field_name}, 'Returned not empty value for field'); 126 | } else { 127 | $this->assertEmpty($user->{$field_name}, 'Returned empty value for field'); 128 | } 129 | } 130 | } 131 | } 132 | --------------------------------------------------------------------------------