From 7811034952084844fdada52d8a8735c187f06c55 Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Wed, 6 May 2026 13:15:23 +0000 Subject: [PATCH 1/3] Fix Random utility import to use SimpleSAML\Utils\Random --- src/Cas/Factories/TicketFactory.php | 2 +- src/Shib13/AuthnResponse.php | 2 +- tests/src/TicketValidatorTest.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Cas/Factories/TicketFactory.php b/src/Cas/Factories/TicketFactory.php index f40cbeb5..8629cac6 100644 --- a/src/Cas/Factories/TicketFactory.php +++ b/src/Cas/Factories/TicketFactory.php @@ -26,7 +26,7 @@ namespace SimpleSAML\Module\casserver\Cas\Factories; use SimpleSAML\Configuration; -use SimpleSAML\XML\Utils\Random; +use SimpleSAML\Utils\Random; class TicketFactory { diff --git a/src/Shib13/AuthnResponse.php b/src/Shib13/AuthnResponse.php index afa17a38..2f32e1be 100644 --- a/src/Shib13/AuthnResponse.php +++ b/src/Shib13/AuthnResponse.php @@ -15,9 +15,9 @@ use SimpleSAML\Error; use SimpleSAML\Metadata\MetaDataStorageHandler; use SimpleSAML\Utils; +use SimpleSAML\Utils\Random; use SimpleSAML\XML\DOMDocumentFactory; use SimpleSAML\XML\Utils as XMLUtils; -use SimpleSAML\XML\Utils\Random; use SimpleSAML\XML\Validator; use SimpleXMLElement; diff --git a/tests/src/TicketValidatorTest.php b/tests/src/TicketValidatorTest.php index 8907aa59..5202aa9d 100644 --- a/tests/src/TicketValidatorTest.php +++ b/tests/src/TicketValidatorTest.php @@ -12,7 +12,7 @@ use SimpleSAML\Module\casserver\Cas\Ticket\FileSystemTicketStore; use SimpleSAML\Module\casserver\Cas\Ticket\TicketStore; use SimpleSAML\Module\casserver\Cas\TicketValidator; -use SimpleSAML\XML\Utils\Random; +use SimpleSAML\Utils\Random; class TicketValidatorTest extends TestCase { From b29dd842796655aace9e9cb43a12e3e17326b02e Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Wed, 6 May 2026 17:34:47 +0000 Subject: [PATCH 2/3] Use IDValue::generateID() for ticket IDs (previous ID generation approaches are deprecated) --- src/Cas/Factories/TicketFactory.php | 16 ++++++---------- src/Shib13/AuthnResponse.php | 9 ++++----- tests/src/TicketValidatorTest.php | 5 ++--- 3 files changed, 12 insertions(+), 18 deletions(-) diff --git a/src/Cas/Factories/TicketFactory.php b/src/Cas/Factories/TicketFactory.php index 8629cac6..27f2abb3 100644 --- a/src/Cas/Factories/TicketFactory.php +++ b/src/Cas/Factories/TicketFactory.php @@ -26,7 +26,7 @@ namespace SimpleSAML\Module\casserver\Cas\Factories; use SimpleSAML\Configuration; -use SimpleSAML\Utils\Random; +use SimpleSAML\XMLSchema\Type\IDValue; class TicketFactory { @@ -58,11 +58,10 @@ public function __construct(Configuration $config) */ public function createSessionTicket(string $sessionId, int $expiresAt): array { - $randomUtils = new Random(); return [ 'id' => $sessionId, 'validBefore' => $expiresAt, - 'renewId' => $randomUtils->generateID(), + 'renewId' => (string) IDValue::generateID(), ]; } @@ -73,8 +72,7 @@ public function createSessionTicket(string $sessionId, int $expiresAt): array */ public function createServiceTicket(array $content): array { - $randomUtils = new Random(); - $id = str_replace('_', 'ST-', $randomUtils->generateID()); + $id = str_replace('_', 'ST-', (string) IDValue::generateID()); $expiresAt = time() + $this->serviceTicketExpireTime; return array_merge(['id' => $id, 'validBefore' => $expiresAt], $content); @@ -87,9 +85,8 @@ public function createServiceTicket(array $content): array */ public function createProxyGrantingTicket(array $content): array { - $randomUtils = new Random(); - $id = str_replace('_', 'PGT-', $randomUtils->generateID()); - $iou = str_replace('_', 'PGTIOU-', $randomUtils->generateID()); + $id = str_replace('_', 'PGT-', (string) IDValue::generateID()); + $iou = str_replace('_', 'PGTIOU-', (string) IDValue::generateID()); $expireAt = time() + $this->proxyGrantingTicketExpireTime; @@ -103,8 +100,7 @@ public function createProxyGrantingTicket(array $content): array */ public function createProxyTicket(array $content): array { - $randomUtils = new Random(); - $id = str_replace('_', 'PT-', $randomUtils->generateID()); + $id = str_replace('_', 'PT-', (string) IDValue::generateID()); $expiresAt = time() + $this->proxyTicketExpireTime; return array_merge(['id' => $id, 'validBefore' => $expiresAt], $content); diff --git a/src/Shib13/AuthnResponse.php b/src/Shib13/AuthnResponse.php index 2f32e1be..bf323661 100644 --- a/src/Shib13/AuthnResponse.php +++ b/src/Shib13/AuthnResponse.php @@ -15,10 +15,10 @@ use SimpleSAML\Error; use SimpleSAML\Metadata\MetaDataStorageHandler; use SimpleSAML\Utils; -use SimpleSAML\Utils\Random; use SimpleSAML\XML\DOMDocumentFactory; use SimpleSAML\XML\Utils as XMLUtils; use SimpleSAML\XML\Validator; +use SimpleSAML\XMLSchema\Type\IDValue; use SimpleXMLElement; /** @@ -362,17 +362,16 @@ public function generate(Configuration $idp, Configuration $sp, string $shire, ? $scopedAttributes = []; } - $randomUtils = new Random(); $timeUtils = new Utils\Time(); - $id = $randomUtils->generateID(); + $id = (string) IDValue::generateID(); $issueInstant = $timeUtils->generateTimestamp(); // 30 seconds timeskew back in time to allow differing clocks $notBefore = $timeUtils->generateTimestamp(time() - 30); $assertionExpire = $timeUtils->generateTimestamp(time() + 300); // 5 minutes - $assertionid = $randomUtils->generateID(); + $assertionid = (string) IDValue::generateID(); $spEntityId = $sp->getString('entityid'); @@ -380,7 +379,7 @@ public function generate(Configuration $idp, Configuration $sp, string $shire, ? $base64 = $sp->getOptionalBoolean('base64attributes', false); $namequalifier = $sp->getOptionalString('NameQualifier', $spEntityId); - $nameid = $randomUtils->generateID(); + $nameid = (string)IDValue::generateID(); $subjectNode = '' . 'generateID(); + $id = (string) IDValue::generateID(); $serviceTicket = [ 'id' => $id, 'validBefore' => time() + $expiration, From cb2b3da4fdd24388544302bcd874128469358fbd Mon Sep 17 00:00:00 2001 From: Ioannis Igoumenos Date: Thu, 7 May 2026 07:00:42 +0000 Subject: [PATCH 3/3] Refactor ticket ID generation to pass prefixes to generateID instead of str_replace --- src/Cas/Factories/TicketFactory.php | 10 +++++----- src/Shib13/AuthnResponse.php | 4 ++-- tests/src/TicketValidatorTest.php | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/Cas/Factories/TicketFactory.php b/src/Cas/Factories/TicketFactory.php index 27f2abb3..fe99aec0 100644 --- a/src/Cas/Factories/TicketFactory.php +++ b/src/Cas/Factories/TicketFactory.php @@ -61,7 +61,7 @@ public function createSessionTicket(string $sessionId, int $expiresAt): array return [ 'id' => $sessionId, 'validBefore' => $expiresAt, - 'renewId' => (string) IDValue::generateID(), + 'renewId' => IDValue::generateID()->getValue(), ]; } @@ -72,7 +72,7 @@ public function createSessionTicket(string $sessionId, int $expiresAt): array */ public function createServiceTicket(array $content): array { - $id = str_replace('_', 'ST-', (string) IDValue::generateID()); + $id = IDValue::generateID('ST-')->getValue(); $expiresAt = time() + $this->serviceTicketExpireTime; return array_merge(['id' => $id, 'validBefore' => $expiresAt], $content); @@ -85,8 +85,8 @@ public function createServiceTicket(array $content): array */ public function createProxyGrantingTicket(array $content): array { - $id = str_replace('_', 'PGT-', (string) IDValue::generateID()); - $iou = str_replace('_', 'PGTIOU-', (string) IDValue::generateID()); + $id = IDValue::generateID('PGT-')->getValue(); + $iou = IDValue::generateID('PGTIOU-')->getValue(); $expireAt = time() + $this->proxyGrantingTicketExpireTime; @@ -100,7 +100,7 @@ public function createProxyGrantingTicket(array $content): array */ public function createProxyTicket(array $content): array { - $id = str_replace('_', 'PT-', (string) IDValue::generateID()); + $id = IDValue::generateID('PT-')->getValue(); $expiresAt = time() + $this->proxyTicketExpireTime; return array_merge(['id' => $id, 'validBefore' => $expiresAt], $content); diff --git a/src/Shib13/AuthnResponse.php b/src/Shib13/AuthnResponse.php index bf323661..a90d5b24 100644 --- a/src/Shib13/AuthnResponse.php +++ b/src/Shib13/AuthnResponse.php @@ -364,14 +364,14 @@ public function generate(Configuration $idp, Configuration $sp, string $shire, ? $timeUtils = new Utils\Time(); - $id = (string) IDValue::generateID(); + $id = IDValue::generateID()->getValue(); $issueInstant = $timeUtils->generateTimestamp(); // 30 seconds timeskew back in time to allow differing clocks $notBefore = $timeUtils->generateTimestamp(time() - 30); $assertionExpire = $timeUtils->generateTimestamp(time() + 300); // 5 minutes - $assertionid = (string) IDValue::generateID(); + $assertionid = IDValue::generateID()->getValue(); $spEntityId = $sp->getString('entityid'); diff --git a/tests/src/TicketValidatorTest.php b/tests/src/TicketValidatorTest.php index 3bac29dc..ac057456 100644 --- a/tests/src/TicketValidatorTest.php +++ b/tests/src/TicketValidatorTest.php @@ -170,7 +170,7 @@ public static function urlSanitizationProvider(): array */ private function createTicket(string $serviceUrl, int $expiration = 0): array { - $id = (string) IDValue::generateID(); + $id = IDValue::generateID()->getValue(); $serviceTicket = [ 'id' => $id, 'validBefore' => time() + $expiration,