Skip to content

Commit

Permalink
Introduce installation script (#214)
Browse files Browse the repository at this point in the history
* Introduce installation script to support automatic deployments
* Update readme

---------

Co-authored-by: Marko Ivančić <[email protected]>
  • Loading branch information
cicnavi and cicnavi authored Feb 9, 2024
1 parent fe6f648 commit c42edce
Show file tree
Hide file tree
Showing 7 changed files with 61 additions and 7 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@ The module comes with some default SQL migrations which set up needed tables in
open the _Federation_ tab from your _SimpleSAMLphp_ installation and select the option _OpenID Connect Installation_
inside the _Tools_ section. Once there, all you need to do is press the _Install_ button and the schema will be created.

Alternatively, in case of automatic / scripted deployments, you can run the 'install.php' script from the command line:

php modules/oidc/bin/install.php

### Relying Party (RP) Administration

The module lets you manage (create, read, update and delete) approved RPs from the module user interface itself.
Expand Down
39 changes: 39 additions & 0 deletions bin/install.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/usr/bin/env php
<?php

declare(strict_types=1);

/**
* Script which can be run to do the module installation which includes running database migrations.
*/

use SimpleSAML\Database;
use SimpleSAML\Module\oidc\Services\DatabaseMigration;

// This is the base directory of the SimpleSAMLphp installation
$baseDir = dirname(__FILE__, 4);

// Add library autoloader and configuration
require_once $baseDir . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . '_autoload.php';

echo 'Starting with module installation.' . PHP_EOL;

try {
$database = Database::getInstance();
$databaseMigration = new DatabaseMigration($database);

if ($databaseMigration->isUpdated()) {
echo 'Database is up to date, skipping.' . PHP_EOL;
return 0;
}

echo 'Running database migrations.' . PHP_EOL;

$databaseMigration->migrate();

echo 'Done running migrations.';
return 0;
} catch (Throwable $exception) {
echo 'There was an error while trying run database migrations: ' . $exception->getMessage();
return 1;
}
3 changes: 2 additions & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@
},
"sort-packages": true,
"allow-plugins": {
"simplesamlphp/composer-module-installer": true
"simplesamlphp/composer-module-installer": true,
"dealerdirect/phpcodesniffer-composer-installer": true
},
"cache-dir": "build/composer"
},
Expand Down
3 changes: 3 additions & 0 deletions psalm.xml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@
<UnusedClass errorLevel="suppress" />
<PossiblyUnusedMethod errorLevel="suppress" />
<PossiblyUnusedReturnValue errorLevel="suppress" />

<!-- Ignore RiskyTruthyFalsyComparison -->
<RiskyTruthyFalsyComparison errorLevel="suppress" />
</issueHandlers>
</psalm>

14 changes: 10 additions & 4 deletions src/Forms/ClientForm.php
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,16 @@
namespace SimpleSAML\Module\oidc\Forms;

use Exception;
use Nette\Forms\Container;
use Nette\Forms\Form;
use SimpleSAML\Auth\Source;
use SimpleSAML\Module\oidc\ModuleConfig;
use SimpleSAML\Module\oidc\Forms\Controls\CsrfProtection;
use Traversable;

/**
* @psalm-suppress PropertyNotSetInConstructor Raised for $httpRequest which is marked as internal, so won't handle.
*/
class ClientForm extends Form
{
protected const TYPE_ARRAY = 'array';
Expand Down Expand Up @@ -123,7 +127,7 @@ protected function validateByMatchingRegex(
}
}

public function getValues($returnType = null, ?array $controls = null): array
public function getValues(string|object|bool|null $returnType = null, ?array $controls = null): array
{
/** @var array $values */
$values = parent::getValues(self::TYPE_ARRAY);
Expand Down Expand Up @@ -157,7 +161,7 @@ public function getValues($returnType = null, ?array $controls = null): array
/**
* @throws Exception
*/
public function setDefaults($data, bool $erase = false): ClientForm
public function setDefaults(object|array $data, bool $erase = false): static
{
if (! is_array($data)) {
if ($data instanceof Traversable) {
Expand Down Expand Up @@ -187,7 +191,9 @@ public function setDefaults($data, bool $erase = false): ClientForm
$scopes = is_array($data['scopes']) ? $data['scopes'] : [];
$data['scopes'] = array_intersect($scopes, array_keys($this->getScopes()));

return parent::setDefaults($data, $erase);
parent::setDefaults($data, $erase);

return $this;
}

/**
Expand All @@ -203,7 +209,7 @@ protected function buildForm(): void
$this->onValidate[] = $this->validateBackChannelLogoutUri(...);

$this->setMethod('POST');
$this->addComponent(new CsrfProtection('{oidc:client:csrf_error}'), Form::PROTECTOR_ID);
$this->addComponent(new CsrfProtection('{oidc:client:csrf_error}'), Form::ProtectorId);

$this->addText('name', '{oidc:client:name}')
->setMaxLength(255)
Expand Down
3 changes: 2 additions & 1 deletion src/Forms/Controls/CsrfProtection.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
use Nette\InvalidStateException;
use Nette\Utils\Random;
use SimpleSAML\Session;
use Stringable;

class CsrfProtection extends BaseCsrfProtection
{
Expand All @@ -32,7 +33,7 @@ class CsrfProtection extends BaseCsrfProtection
/**
* @throws Exception
*/
public function __construct(object|string $errorMessage)
public function __construct(string|Stringable|null $errorMessage)
{
// Instead of calling CsrfProtection parent class constructor, go to it's parent (HiddenField), and call
// its constructor. This is to avoid setting a Nette session in CsrfProtection parent, and use the SSP one.
Expand Down
2 changes: 1 addition & 1 deletion src/Utils/ClaimTranslatorExtractor.php
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ public function addClaimSet(ClaimSetEntityInterface $claimSet): self
{
$scope = $claimSet->getScope();

if (in_array($scope, $this->protectedClaims) && !empty($this->claimSets[$scope])) {
if (in_array($scope, $this->protectedClaims) && isset($this->claimSets[$scope])) {
throw OidcServerException::serverError(
sprintf("%s is a protected scope and is pre-defined by the OpenID Connect specification.", $scope)
);
Expand Down

0 comments on commit c42edce

Please sign in to comment.