Prevented saml2 autodiscovery on metadata load

Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
This commit is contained in:
Dan Brown 2022-10-16 09:50:08 +01:00
parent 0269f5122e
commit f0ac454be1
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
2 changed files with 22 additions and 11 deletions

View file

@ -20,14 +20,11 @@ use OneLogin\Saml2\ValidationError;
*/
class Saml2Service
{
protected $config;
protected $registrationService;
protected $loginService;
protected $groupSyncService;
protected array $config;
protected RegistrationService $registrationService;
protected LoginService $loginService;
protected GroupSyncService $groupSyncService;
/**
* Saml2Service constructor.
*/
public function __construct(
RegistrationService $registrationService,
LoginService $loginService,
@ -169,7 +166,7 @@ class Saml2Service
*/
public function metadata(): string
{
$toolKit = $this->getToolkit();
$toolKit = $this->getToolkit(true);
$settings = $toolKit->getSettings();
$metadata = $settings->getSPMetadata();
$errors = $settings->validateMetadata($metadata);
@ -190,7 +187,7 @@ class Saml2Service
* @throws Error
* @throws Exception
*/
protected function getToolkit(): Auth
protected function getToolkit(bool $spOnly = false): Auth
{
$settings = $this->config['onelogin'];
$overrides = $this->config['onelogin_overrides'] ?? [];
@ -200,14 +197,14 @@ class Saml2Service
}
$metaDataSettings = [];
if ($this->config['autoload_from_metadata']) {
if (!$spOnly && $this->config['autoload_from_metadata']) {
$metaDataSettings = IdPMetadataParser::parseRemoteXML($settings['idp']['entityId']);
}
$spSettings = $this->loadOneloginServiceProviderDetails();
$settings = array_replace_recursive($settings, $spSettings, $metaDataSettings, $overrides);
return new Auth($settings);
return new Auth($settings, $spOnly);
}
/**

View file

@ -41,6 +41,20 @@ class Saml2Test extends TestCase
$req->assertSee(url('/saml2/acs'));
}
public function test_metadata_endpoint_loads_when_autoloading_with_bad_url_set()
{
config()->set([
'saml2.autoload_from_metadata' => true,
'saml2.onelogin.idp.entityId' => 'http://192.168.1.1:9292',
'saml2.onelogin.idp.singleSignOnService.url' => null,
]);
$req = $this->get('/saml2/metadata');
$req->assertOk();
$req->assertHeader('Content-Type', 'text/xml; charset=UTF-8');
$req->assertSee('md:EntityDescriptor');
}
public function test_onelogin_overrides_functions_as_expected()
{
$json = '{"sp": {"assertionConsumerService": {"url": "https://example.com/super-cats"}}, "contactPerson": {"technical": {"givenName": "Barry Scott", "emailAddress": "barry@example.com"}}}';