diff --git a/.coveralls.yml b/.coveralls.yml index 173ff356..cb6cdeb2 100644 --- a/.coveralls.yml +++ b/.coveralls.yml @@ -1,4 +1,4 @@ -service_name: travis-ci +service_name: github src_dir: lib diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index c6a00fcc..00000000 --- a/.travis.yml +++ /dev/null @@ -1,28 +0,0 @@ -language: php -dist: bionic -php: - - 7.3 - - 7.4 - - 8.0 - -before_install: - - composer self-update || true - - composer install --prefer-source --no-interaction - -before_script: - - phpenv config-rm xdebug.ini - - export XDEBUG_MODE=coverage - -script: - - vendor/bin/phpunit - - php vendor/bin/phpcpd --exclude tests --exclude vendor . - - php vendor/bin/phploc src/. - - mkdir -p tests/build/dependences - - php vendor/bin/pdepend --summary-xml=tests/build/logs/dependence-summary.xml --jdepend-chart=tests/build/dependences/jdepend.svg --overview-pyramid=tests/build/dependences/pyramid.svg src/. - - php vendor/bin/phpcs --standard=tests/ZendModStandard src/Saml2 demo1 demo2 endpoints tests/src - -after_script: - - export TRAVIS=https://travis-ci.org/onelogin/php-saml - - echo $TRAVIS - - echo $TRAVIS_JOB_ID - - php vendor/bin/coveralls --config .coveralls.yml -v diff --git a/src/Saml2/Auth.php b/src/Saml2/Auth.php index a860b358..86629a04 100644 --- a/src/Saml2/Auth.php +++ b/src/Saml2/Auth.php @@ -171,7 +171,7 @@ class Auth * @throws Exception * @throws Error */ - public function __construct(?array $settings = null, bool $spValidationOnly = false) + public function __construct(array|null $settings, bool $spValidationOnly = false) { $this->_settings = new Settings($settings, $spValidationOnly); } @@ -224,7 +224,7 @@ public function setSchemasPath($path) * @throws Error * @throws ValidationError */ - public function processResponse($requestId = null) + public function processResponse(string|null $requestId) { $this->_errors = array(); $this->_lastError = $this->_lastErrorException = null; @@ -274,7 +274,7 @@ public function processResponse($requestId = null) * * @throws Error */ - public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false, $cbDeleteSession = null, $stay = false) + public function processSLO($keepLocalSession = false, string|null $requestId, $retrieveParametersFromServer = false, callable|null $cbDeleteSession, $stay = false) { $this->_errors = array(); $this->_lastError = $this->_lastErrorException = null; @@ -539,7 +539,7 @@ public function getAttributeWithFriendlyName($friendlyName) * * @throws Error */ - public function login($returnTo = null, array $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true, $nameIdValueReq = null) + public function login(string|null $returnTo, array $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true, string|null $nameIdValueReq) { $authnRequest = $this->buildAuthnRequest($this->_settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq); @@ -580,7 +580,7 @@ public function login($returnTo = null, array $parameters = array(), $forceAuthn * * @throws Error */ - public function logout($returnTo = null, array $parameters = array(), $nameId = null, $sessionIndex = null, $stay = false, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null) + public function logout(string|null $returnTo, array $parameters = array(), string|null $nameId, string|null $sessionIndex, $stay = false, string|null $nameIdFormat, string|null $nameIdNameQualifier, string|null $nameIdSPNameQualifier) { $sloUrl = $this->getSLOurl(); if (empty($sloUrl)) { @@ -673,7 +673,7 @@ public function getLastRequestID() * * @return AuthnRequest The AuthnRequest object */ - public function buildAuthnRequest(Settings $settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq = null) + public function buildAuthnRequest(Settings $settings, $forceAuthn, $isPassive, $setNameIdPolicy, string|null $nameIdValueReq) { return new AuthnRequest($settings, $forceAuthn, $isPassive, $setNameIdPolicy, $nameIdValueReq); } @@ -689,7 +689,7 @@ public function buildAuthnRequest(Settings $settings, $forceAuthn, $isPassive, $ * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest. * @param string|null $nameIdSPNameQualifier The NameID SP NameQualifier will be set in the LogoutRequest. */ - public function buildLogoutRequest(Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null) + public function buildLogoutRequest(Settings $settings, string|null $request, string|null $nameId, string|null $sessionIndex, string|null $nameIdFormat, string|null $nameIdNameQualifier, string|null $nameIdSPNameQualifier) { return new LogoutRequest($settings, $request, $nameId, $sessionIndex, $nameIdFormat, $nameIdNameQualifier, $nameIdSPNameQualifier); } @@ -704,7 +704,7 @@ public function buildLogoutRequest(Settings $settings, $request = null, $nameId * @throws Error * @throws Exception */ - public function buildLogoutResponse(Settings $settings, $response = null) + public function buildLogoutResponse(Settings $settings, string|null $response) { return new LogoutResponse($settings, $response); } diff --git a/src/Saml2/AuthnRequest.php b/src/Saml2/AuthnRequest.php index cea20fc7..0d09fc66 100644 --- a/src/Saml2/AuthnRequest.php +++ b/src/Saml2/AuthnRequest.php @@ -48,7 +48,7 @@ class AuthnRequest * @param bool $setNameIdPolicy When true the AuthNReuqest will set a nameIdPolicy * @param string $nameIdValueReq Indicates to the IdP the subject that should be authenticated */ - public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = false, $isPassive = false, $setNameIdPolicy = true, $nameIdValueReq = null) + public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = false, $isPassive = false, $setNameIdPolicy = true, string|null nameIdValueReq) { $this->_settings = $settings; @@ -174,7 +174,7 @@ public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = fa * * @return string */ - public function getRequest($deflate = null) + public function getRequest(bool|null $deflate) { $subject = $this->_authnRequest; diff --git a/src/Saml2/IdPMetadataParser.php b/src/Saml2/IdPMetadataParser.php index 58c7a410..ec50b59f 100644 --- a/src/Saml2/IdPMetadataParser.php +++ b/src/Saml2/IdPMetadataParser.php @@ -28,19 +28,19 @@ class IdPMetadataParser * make sure to validate it properly before use it in the parseRemoteXML * method in order to avoid security issues like SSRF attacks. * - * @param string $url URL where the IdP metadata is published - * @param string $entityId Entity Id of the desired IdP, if no - * entity Id is provided and the XML - * metadata contains more than one - * IDPSSODescriptor, the first is returned - * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat - * @param string $desiredSSOBinding Parse specific binding SSO endpoint - * @param string $desiredSLOBinding Parse specific binding SLO endpoint - * @param bool $validatePeer Enable or disable validate peer SSL certificate + * @param string $url URL where the IdP metadata is published + * @param string|null $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string|null $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string|null $desiredSSOBinding Parse specific binding SSO endpoint + * @param string|null $desiredSLOBinding Parse specific binding SLO endpoint + * @param bool $validatePeer Enable or disable validate peer SSL certificate * * @return array metadata info in php-saml settings format */ - public static function parseRemoteXML($url, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT, $validatePeer = false) + public static function parseRemoteXML($url, string|null $entityId, string|null $desiredNameIdFormat, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT, $validatePeer = false) { $metadataInfo = array(); @@ -70,18 +70,18 @@ public static function parseRemoteXML($url, $entityId = null, $desiredNameIdForm /** * Get IdP Metadata Info from File * - * @param string $filepath File path - * @param string $entityId Entity Id of the desired IdP, if no - * entity Id is provided and the XML - * metadata contains more than one - * IDPSSODescriptor, the first is returned - * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat - * @param string $desiredSSOBinding Parse specific binding SSO endpoint - * @param string $desiredSLOBinding Parse specific binding SLO endpoint + * @param string $filepath File path + * @param string|null $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string|null $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string $desiredSSOBinding Parse specific binding SSO endpoint + * @param string $desiredSLOBinding Parse specific binding SLO endpoint * * @return array metadata info in php-saml settings format */ - public static function parseFileXML($filepath, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) + public static function parseFileXML($filepath, string|null $entityId, string|null $desiredNameIdFormat, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) { $metadataInfo = array(); @@ -99,20 +99,20 @@ public static function parseFileXML($filepath, $entityId = null, $desiredNameIdF /** * Get IdP Metadata Info from URL * - * @param string $xml XML that contains IdP metadata - * @param string $entityId Entity Id of the desired IdP, if no - * entity Id is provided and the XML - * metadata contains more than one - * IDPSSODescriptor, the first is returned - * @param string $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat - * @param string $desiredSSOBinding Parse specific binding SSO endpoint - * @param string $desiredSLOBinding Parse specific binding SLO endpoint + * @param string $xml XML that contains IdP metadata + * @param string|null $entityId Entity Id of the desired IdP, if no + * entity Id is provided and the XML + * metadata contains more than one + * IDPSSODescriptor, the first is returned + * @param string|null $desiredNameIdFormat If available on IdP metadata, use that nameIdFormat + * @param string $desiredSSOBinding Parse specific binding SSO endpoint + * @param string $desiredSLOBinding Parse specific binding SLO endpoint * * @return array metadata info in php-saml settings format * * @throws Exception */ - public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) + public static function parseXML($xml, string|null $entityId, string|null $desiredNameIdFormat, $desiredSSOBinding = Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = Constants::BINDING_HTTP_REDIRECT) { $metadataInfo = array(); diff --git a/src/Saml2/LogoutRequest.php b/src/Saml2/LogoutRequest.php index 1e539105..2fd7d1d4 100644 --- a/src/Saml2/LogoutRequest.php +++ b/src/Saml2/LogoutRequest.php @@ -61,7 +61,7 @@ class LogoutRequest * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest. * @param string|null $nameIdSPNameQualifier The NameID SP NameQualifier will be set in the LogoutRequest. */ - public function __construct(\OneLogin\Saml2\Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null, $nameIdNameQualifier = null, $nameIdSPNameQualifier = null) + public function __construct(\OneLogin\Saml2\Settings $settings, string|null $request, string|null $nameId, string|null $sessionIndex, string|null $nameIdFormat, string|null $nameIdNameQualifier, string|null $nameIdSPNameQualifier) { $this->_settings = $settings; @@ -161,7 +161,7 @@ public function __construct(\OneLogin\Saml2\Settings $settings, $request = null, * * @return string Deflated base64 encoded Logout Request */ - public function getRequest($deflate = null) + public function getRequest(bool|null $deflate) { $subject = $this->_logoutRequest; @@ -218,7 +218,7 @@ public static function getID($request) * @throws Exception * @throws ValidationError */ - public static function getNameIdData($request, $key = null) + public static function getNameIdData($request, string|null $key) { if ($request instanceof DOMDocument) { $dom = $request; @@ -282,7 +282,7 @@ public static function getNameIdData($request, $key = null) * @throws Exception * @throws ValidationError */ - public static function getNameId($request, $key = null) + public static function getNameId($request, string|null $key) { $nameId = self::getNameIdData($request, $key); return $nameId['Value']; diff --git a/src/Saml2/LogoutResponse.php b/src/Saml2/LogoutResponse.php index 64e373c1..69c20d5e 100644 --- a/src/Saml2/LogoutResponse.php +++ b/src/Saml2/LogoutResponse.php @@ -67,7 +67,7 @@ class LogoutResponse * @throws Error * @throws Exception */ - public function __construct(\OneLogin\Saml2\Settings $settings, $response = null) + public function __construct(\OneLogin\Saml2\Settings $settings, string|null $response) { $this->_settings = $settings; @@ -140,7 +140,7 @@ public function getStatus() * * @throws ValidationError */ - public function isValid($requestId = null, $retrieveParametersFromServer = false) + public function isValid(string|null $requestId, $retrieveParametersFromServer = false) { $this->_error = null; try { @@ -286,7 +286,7 @@ public function build($inResponseTo) * * @return string Logout Response deflated and base64 encoded */ - public function getResponse($deflate = null) + public function getResponse(bool|null $deflate) { $logoutResponse = $this->_logoutResponse; diff --git a/src/Saml2/Metadata.php b/src/Saml2/Metadata.php index 0057c175..ac8703e4 100644 --- a/src/Saml2/Metadata.php +++ b/src/Saml2/Metadata.php @@ -42,7 +42,7 @@ class Metadata * * @return string SAML Metadata XML */ - public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array(), $ignoreValidUntil = false) + public static function builder($sp, $authnsign = false, $wsign = false, int|null $validUntil, int|null $cacheDuration, $contacts = array(), $organization = array(), $attributes = array(), $ignoreValidUntil = false) { if (!isset($validUntil)) { diff --git a/src/Saml2/Response.php b/src/Saml2/Response.php index a3c1859a..f5bff5e2 100644 --- a/src/Saml2/Response.php +++ b/src/Saml2/Response.php @@ -130,7 +130,7 @@ public function __construct(\OneLogin\Saml2\Settings $settings, $response) * @throws Exception * @throws ValidationError */ - public function isValid($requestId = null) + public function isValid(string|null $requestId) { $this->_error = null; try { diff --git a/src/Saml2/Settings.php b/src/Saml2/Settings.php index 53261ffb..08d441dd 100644 --- a/src/Saml2/Settings.php +++ b/src/Saml2/Settings.php @@ -120,7 +120,7 @@ class Settings * @throws Error If any settings parameter is invalid * @throws Exception If Settings is incorrectly supplied */ - public function __construct(?array $settings = null,bool $spValidationOnly = false) + public function __construct(array|null $settings,bool $spValidationOnly = false) { $this->_spValidationOnly = $spValidationOnly; $this->_loadPaths(); @@ -872,20 +872,20 @@ public function getIdPSLOResponseUrl() /** * Gets the SP metadata. The XML representation. * - * @param bool $alwaysPublishEncryptionCert When 'true', the returned - * metadata will always include an 'encryption' KeyDescriptor. Otherwise, - * the 'encryption' KeyDescriptor will only be included if - * $advancedSettings['security']['wantNameIdEncrypted'] or - * $advancedSettings['security']['wantAssertionsEncrypted'] are enabled. - * @param int|null $validUntil Metadata's valid time - * @param int|null $cacheDuration Duration of the cache in seconds - * @param bool $ignoreValidUntil exclude the validUntil tag from metadata + * @param bool $alwaysPublishEncryptionCert When 'true', the returned + * metadata will always include an 'encryption' KeyDescriptor. Otherwise, + * the 'encryption' KeyDescriptor will only be included if + * $advancedSettings['security']['wantNameIdEncrypted'] or + * $advancedSettings['security']['wantAssertionsEncrypted'] are enabled. + * @param int|null $validUntil Metadata's valid time + * @param int|null $cacheDuration Duration of the cache in seconds + * @param bool $ignoreValidUntil Exclude the validUntil tag from metadata * * @return string SP metadata (xml) * @throws Exception * @throws Error */ - public function getSPMetadata($alwaysPublishEncryptionCert = false, $validUntil = null, $cacheDuration = null, $ignoreValidUntil = false) + public function getSPMetadata($alwaysPublishEncryptionCert = false, int|null $validUntil, int|null $cacheDuration, $ignoreValidUntil = false) { $metadata = Metadata::builder($this->_sp, $this->_security['authnRequestsSigned'], $this->_security['wantAssertionsSigned'], $validUntil, $cacheDuration, $this->getContacts(), $this->getOrganization(), [], $ignoreValidUntil); diff --git a/src/Saml2/Utils.php b/src/Saml2/Utils.php index 5742a063..08e5132a 100644 --- a/src/Saml2/Utils.php +++ b/src/Saml2/Utils.php @@ -111,16 +111,16 @@ public static function loadXML(DOMDocument $dom, $xml) * * It will parse the string into a DOMDocument and validate this document against the schema. * - * @param string|DOMDocument $xml The XML string or document which should be validated. - * @param string $schema The schema filename which should be used. - * @param bool $debug To disable/enable the debug mode - * @param string $schemaPath Change schema path + * @param string|DOMDocument $xml The XML string or document which should be validated. + * @param string $schema The schema filename which should be used. + * @param bool $debug To disable/enable the debug mode + * @param string|null $schemaPath Change schema path * * @return string|DOMDocument $dom string that explains the problem or the DOMDocument * * @throws Exception */ - public static function validateXML($xml, $schema, $debug = false, $schemaPath = null) + public static function validateXML($xml, $schema, $debug = false, string|null $schemaPath) { assert(is_string($xml) || $xml instanceof DOMDocument); assert(is_string($schema)); @@ -834,7 +834,7 @@ public static function parseSAML2Time($time) * * @throws Exception */ - public static function parseDuration($duration, $timestamp = null) + public static function parseDuration($duration, int|null $timestamp) { assert(is_string($duration)); assert(is_null($timestamp) || is_int($timestamp)); @@ -922,7 +922,7 @@ public static function parseDuration($duration, $timestamp = null) * * @throws Exception */ - public static function getExpireTime($cacheDuration = null, $validUntil = null) + public static function getExpireTime(string|null $cacheDuration, string|int|null $validUntil) { $expireTime = null; @@ -954,7 +954,7 @@ public static function getExpireTime($cacheDuration = null, $validUntil = null) * * @return DOMNodeList The queried nodes */ - public static function query(DOMDocument $dom, $query, ?DOMElement $context = null) + public static function query(DOMDocument $dom, $query, DOMElement|null $context) { $xpath = new DOMXPath($dom); $xpath->registerNamespace('samlp', Constants::NS_SAMLP); @@ -1086,7 +1086,7 @@ public static function formatFingerPrint($fingerprint) * * @throws Exception */ - public static function generateNameId($value, $spnq, $format = null, $cert = null, $nq = null, $encAlg = XMLSecurityKey::AES128_CBC) + public static function generateNameId($value, $spnq, string|null $format, string|null $cert, string|null $nq, $encAlg = XMLSecurityKey::AES128_CBC) { $doc = new DOMDocument(); @@ -1439,7 +1439,7 @@ public static function addSign($xml, $key, $cert, $signAlgorithm = XMLSecurityKe * * @throws Exception */ - public static function validateSign($xml, $cert = null, $fingerprint = null, $fingerprintalg = 'sha1', $xpath = null, $multiCerts = null) + public static function validateSign($xml, string|null $cert, string|null $fingerprint, $fingerprintalg = 'sha1', string|null $xpath, array|null $multiCerts) { if ($xml instanceof DOMDocument) { $dom = clone $xml;