New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow overriding of host, port, protocol nsdr url path for URL building #175

Merged
merged 6 commits into from Nov 15, 2016

Conversation

Projects
None yet
3 participants
@pitbulk
Contributor

pitbulk commented Nov 13, 2016

A developer can use setSelfProtocol, setSelfHost, setSelfPort and getBaseURLPath to define a specific value to be returned by isHTTPS, getSelfHost, getSelfPort and getBaseURLPath. And define a setBasePath to be used on the getSelfURL and getSelfRoutedURLNoQuery to replace the data extracted from $_SERVER["REQUEST_URI"].

At the settings the developer will be able to set a 'baseurl' parameter that automatically will use setBaseURL to set values for setSelfProtocol, setSelfHost, setSelfPort and setBaseURLPath.

dhensby and others added some commits Sep 6, 2016

NEW Allow overriding of host, port and protocol for URL building
- Added ability to set custom host/port/protocol
- Updated test coverage to include testing HTTP_X_FORWARDED_PORT
- Split port detection into its own method
Let the developer set by methods at the Utils class or by a 'baseurl'…
… parameter on the settings the Base URL to be used instead of guessing the URL of the currentURL where SAML messages are processed.
@pitbulk

This comment has been minimized.

Show comment
Hide comment
@pitbulk

pitbulk Nov 13, 2016

Contributor

@dhensby, sorry for the delay, can you review this PR?

Contributor

pitbulk commented Nov 13, 2016

@dhensby, sorry for the delay, can you review this PR?

@dhensby

One blocker and a few other suggestions

Show outdated Hide outdated lib/Saml2/Utils.php Outdated
Show outdated Hide outdated lib/Saml2/Utils.php Outdated
Show outdated Hide outdated lib/Saml2/Utils.php Outdated
Show outdated Hide outdated lib/Saml2/Utils.php Outdated
Show outdated Hide outdated lib/Saml2/Utils.php Outdated
@pitbulk

This comment has been minimized.

Show comment
Hide comment
@pitbulk

pitbulk Nov 13, 2016

Contributor

Thanks, I will fix that.

Contributor

pitbulk commented Nov 13, 2016

Thanks, I will fix that.

@pitbulk

This comment has been minimized.

Show comment
Hide comment
@pitbulk

pitbulk Nov 14, 2016

Contributor

any scenario we are not covering? Are we now ready to merge?

Contributor

pitbulk commented Nov 14, 2016

any scenario we are not covering? Are we now ready to merge?

@dhensby

Looks good to me

@pitbulk pitbulk merged commit a18bb25 into master Nov 15, 2016

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
@patricknelson

This comment has been minimized.

Show comment
Hide comment
@patricknelson

patricknelson Aug 18, 2017

For the life of me, I can't seem to really figure out why on earth why Util::getSelfRoutedURLNoQuery() was setup to call ::buildWithBaseURLPath() here.

Also, why is it that ::getSelfRoutedURLNoQuery() strips out the entire request URI except for the last URL segment? This causes URL's like: https://domain/saml/acs to be converted to https://domain/acs (i.e. request URI becomes just that last segment) simply because your base path is / and thus you end up with an error resulting during response validation:

A valid SubjectConfirmation was not found on this Response

This is because the $currentURL (from here) now contains https://domain/acs even though the Recipient in SubjectConfirmationData contains the full URL and fails the check on this line: https://github.com/onelogin/php-saml/blob/master/lib/Saml2/Response.php#L306

It seems as if this is missing a thorough explanation for the thought process behind changing the request URI like this when generating the current URL. What am I missing here?

patricknelson commented Aug 18, 2017

For the life of me, I can't seem to really figure out why on earth why Util::getSelfRoutedURLNoQuery() was setup to call ::buildWithBaseURLPath() here.

Also, why is it that ::getSelfRoutedURLNoQuery() strips out the entire request URI except for the last URL segment? This causes URL's like: https://domain/saml/acs to be converted to https://domain/acs (i.e. request URI becomes just that last segment) simply because your base path is / and thus you end up with an error resulting during response validation:

A valid SubjectConfirmation was not found on this Response

This is because the $currentURL (from here) now contains https://domain/acs even though the Recipient in SubjectConfirmationData contains the full URL and fails the check on this line: https://github.com/onelogin/php-saml/blob/master/lib/Saml2/Response.php#L306

It seems as if this is missing a thorough explanation for the thought process behind changing the request URI like this when generating the current URL. What am I missing here?

@patricknelson

This comment has been minimized.

Show comment
Hide comment
@patricknelson

patricknelson Aug 18, 2017

p.s. I first mentioned this here on this comment and tracked it down to this issue. silverstripe/silverstripe-activedirectory#104 (comment)

patricknelson commented Aug 18, 2017

p.s. I first mentioned this here on this comment and tracked it down to this issue. silverstripe/silverstripe-activedirectory#104 (comment)

patricknelson added a commit to patricknelson/silverstripe-saml that referenced this pull request Aug 18, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment