HDK/hyperf-saml
1
0
Fork 0
mirror of http://124.126.16.154:8888/singularity/hyperf-saml.git synced 2026-01-15 02:05:05 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

build: 增加lint/prettier/unitTest

Browse Source
This commit is contained in:
李东云
2023-12-25 17:10:21 +08:00
parent 03e717138d
commit 1013894cca
30 changed files with 654 additions and 1506 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,6 +1,7 @@
/vendor/
*.cache
*.log
runtime/
# IDE support
.idea/

99
.php-cs-fixer.php
View File

@@ -1,89 +1,16 @@
<?php
$header = <<<'EOF'
This file is part of Hyperf.
$finder = PhpCsFixer\Finder::create()->in([
__DIR__ . '/publish',
__DIR__ . '/src',
__DIR__ . '/tests',
]);
@link https://www.hyperf.io
@document https://hyperf.wiki
@contact group@hyperf.io
@license https://github.com/hyperf/hyperf/blob/master/LICENSE
EOF;
return (new PhpCsFixer\Config())
->setRiskyAllowed(true)
->setRules([
'@PSR2' => true,
'@Symfony' => true,
'@DoctrineAnnotation' => true,
'@PhpCsFixer' => true,
'header_comment' => [
'comment_type' => 'PHPDoc',
'header' => $header,
'separate' => 'none',
'location' => 'after_declare_strict',
],
'array_syntax' => [
'syntax' => 'short'
],
'list_syntax' => [
'syntax' => 'short'
],
'concat_space' => [
'spacing' => 'one'
],
'blank_line_before_statement' => [
'statements' => [
'declare',
],
],
'general_phpdoc_annotation_remove' => [
'annotations' => [
'author'
],
],
'ordered_imports' => [
'imports_order' => [
'class', 'function', 'const',
],
'sort_algorithm' => 'alpha',
],
'single_line_comment_style' => [
'comment_types' => [
],
],
'yoda_style' => [
'always_move_variable' => false,
'equal' => false,
'identical' => false,
],
'phpdoc_align' => [
'align' => 'left',
],
'multiline_whitespace_before_semicolons' => [
'strategy' => 'no_multi_line',
],
'constant_case' => [
'case' => 'lower',
],
'class_attributes_separation' => true,
'combine_consecutive_unsets' => true,
'declare_strict_types' => true,
'linebreak_after_opening_tag' => true,
'lowercase_static_reference' => true,
'no_useless_else' => true,
'no_unused_imports' => true,
'not_operator_with_successor_space' => true,
'not_operator_with_space' => false,
'ordered_class_elements' => true,
'php_unit_strict' => false,
'phpdoc_separation' => false,
'single_quote' => true,
'standardize_not_equals' => true,
'multiline_comment_opening_closing' => true,
])
->setFinder(
PhpCsFixer\Finder::create()
->exclude('vendor')
->in(__DIR__)
)
->setUsingCache(false);
$config = new PhpCsFixer\Config();
return $config->setRules([
'@PSR12' => true,
'strict_param' => true,
'array_syntax' => ['syntax' => 'short'],
])
->setUsingCache(false)
->setFinder($finder);

20
composer.json
View File

@@ -19,6 +19,7 @@
},
"require": {
"php": ">=8.1",
"ext-redis": "*",
"hyperf/config": "3.1.*",
"hyperf/constants": "3.1.*",
"hyperf/di": "3.1.*",
@@ -28,8 +29,7 @@
"litesaml/lightsaml": "~3.0.0",
"singularity/hdk-core": "^1.0.0",
"singularity/hdk-auth": "^1.0.0",
"teapot/status-code": "^1.1",
"ext-redis": "*"
"teapot/status-code": "^1.1"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3.0",
@@ -51,9 +51,19 @@
}
},
"scripts": {
"test": "phpunit -c phpunit.xml --colors=always",
"analyse": "phpstan analyse --memory-limit 1024M -l 0 ./src",
"cs-fix": "php-cs-fixer fix $1"
"test": [
"rm -rf runtime",
"Composer\\Config::disableProcessTimeout",
"pest --coroutine --prepend tests/bootstrap.php --colors=always"
],
"cs-fix": "php-cs-fixer fix $1 --rules=@PSR12 --allow-risky=yes",
"analyse": "phpstan analyse $1",
"ci": [
"@analyse publish/ src/ tests/",
"@cs-fix",
"@test",
"echo CI Success"
]
},
"extra": {
"hyperf": {

1547
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

15
phpstan.dist.neon Normal file
View File

@@ -0,0 +1,15 @@
parameters:
level: 1
reportUnmatchedIgnoredErrors: false
checkGenericClassInNonGenericObjectType: false
paths:
- publish
- src
- tests
ignoreErrors:
- '#Constant BASE_PATH not found#'
- '#Unknown parameter \$[a-zA-Z0-9]+ in call to callable Closure\.#'
- '#Property [a-zA-Z0-9\\_]+::\$[a-zA-Z0-9]+ is never written, only read\.#'
- '#Method [a-zA-Z0-9\\_]+::[a-zA-Z0-9]+\(\) is unused\.#'
- '#Method [a-zA-Z0-9\\_]+::[a-zA-Z0-9]+\(\) has parameter \$response with no value type specified in iterable type array\.#'
- '#Undefined variable: \$this#'

33
phpunit.xml
View File

@@ -1,15 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit bootstrap="tests/bootstrap.php"
backupGlobals="false"
backupStaticAttributes="false"
verbose="true"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false">
<testsuite name="Testsuite">
<directory>./tests/</directory>
</testsuite>
</phpunit>
<phpunit
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
bootstrap="tests/bootstrap.php"
colors="true"
stopOnFailure="true"
xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.4/phpunit.xsd"
cacheDirectory=".phpunit.cache"
>
<testsuites>
<testsuite name="Testsuite">
<directory>./tests/</directory>
</testsuite>
</testsuites>
<source>
<include>
<directory>./src</directory>
</include>
</source>
</phpunit>

2
publish/languages/en/saml_error.php
View File

@@ -14,4 +14,4 @@ return [
'saml_request' => 'SAMLRequest is required',
'saml_response' => 'SAMLResponse is required',
],
];
];

2
publish/languages/zh_CN/saml_error.php
View File

@@ -14,4 +14,4 @@ return [
'saml_request' => 'SAMLRequest 参数不能为空',
'saml_response' => 'SAMLResponse 参数不能为空',
],
];
];

18
publish/saml.php
View File

@@ -2,21 +2,23 @@
declare(strict_types=1);
use function Hyperf\Support\env;
return [
// 当前项目类型
'type' => 'sp', // 可选值sp/idp
// 是否支持多用户同时在线
'allow_multi_online' => true,
// IDP 相关配置
'server' => [
// common config
'idp_id' => env('IDP_ID', 'https://test-accountx.luxcreo.cn/api/v1/auth'),
// 单点登录
// idp config
// sp config
// 以下内容向服务端申请
'idp_assertion_url' => env('IDP_ASSERTION_URL', 'https://test-accountx.luxcreo.cn/api/v1/auth/assertion'),
@@ -24,16 +26,16 @@ return [
'idp_logout_url' => env('IDP_LOGOUT_URL', 'https://test-accountx.luxcreo.cn/api/v1/slo'),
//单点退出
],
// SP 相关配置
'client' => [
// sp config
// 以下内容向服务端申请
'entity_id' => env('ENTITY_ID', ''), // TODO 业务系统唯一标识
'acs_url' => env('ACS_URL', ''), // TODO 回调地址
'landing_host' =>env('LANDING_HOST', ''), // TODO 站点 host
'landing_host' => env('LANDING_HOST', ''), // TODO 站点 host
],
// 证书
'credential' => [
'enable' => false,
@@ -42,4 +44,4 @@ return [
'crt' => 'saml.crt',
'pem' => 'saml.pem',
],
];
];

12
src/Constants/SamlErrorCode.php
View File

@@ -7,6 +7,7 @@
* Created on 2022/4/25
*/
declare(strict_types=1);
namespace Singularity\HyperfSaml\Constants;
use Hyperf\Constants\AbstractConstants;
@@ -23,27 +24,26 @@ use Hyperf\Constants\Annotation\Constants;
*/
class SamlErrorCode extends AbstractConstants
{
// 203 SAML 鉴权
/**
* @Message("saml_error.default")
*/
public const AUTH_SAML_ERROR = 203000;
// 20301 验证
/**
* @Message("saml_error.params.default")
*/
public const AUTH_SAML_REQUEST_PARAMS_ERROR = 2030100;
/**
* @Message("saml_error.params.saml_request")
*/
public const AUTH_SAML_REQUEST_PARAMS_SAML_REQUEST = 2030101;
/**
* @Message("saml_error.params.saml_response")
*/
public const AUTH_SAML_REQUEST_PARAMS_SAML_RESPONSE = 2030102;
}
}

25
src/Exceptions/Handler/SamlIdpHandler.php
View File

@@ -1,6 +1,7 @@
<?php
declare(strict_types=1);
namespace Singularity\HyperfSaml\Exceptions\Handler;
use Hyperf\Di\Annotation\Inject;
@@ -16,6 +17,8 @@ use Singularity\HyperfSaml\Services\Idp\AbstractLoginService;
use Singularity\HyperfSaml\Services\Idp\AbstractLogoutService;
use Throwable;
use function Hyperf\Config\config;
/**
* IDP 相关错误捕获
* Singularity\HyperfSaml\Exceptions\Handler\SamlIdpHandler@HyperfSaml
@@ -31,31 +34,31 @@ class SamlIdpHandler extends ExceptionHandler
* @var \Singularity\HyperfSaml\Services\Base
*/
private Base $base;
/**
* @Inject
* @var \Singularity\HyperfSaml\Services\Idp\AbstractLoginService
*/
private AbstractLoginService $loginService;
/**
* @Inject
* @var \Singularity\HyperfSaml\Services\Idp\AbstractLogoutService
*/
private AbstractLogoutService $logoutService;
/**
* @Inject
* @var \Hyperf\Framework\Logger\StdoutLogger
*/
private StdoutLogger $logger;
/**
* @Inject(required=false)
* @var \Hyperf\HttpServer\Contract\RequestInterface|null
*/
private ?RequestInterface $request;
/**
* @param RuntimeException $throwable
* @param \Psr\Http\Message\ResponseInterface $response
@@ -67,7 +70,7 @@ class SamlIdpHandler extends ExceptionHandler
{
// 阻止异常冒泡
$this->stopPropagation();
// IDP 相关
if ($throwable instanceof ValidationException) {
$SAMLResponse = $this->logoutService->createLogoutResponse(
@@ -84,7 +87,7 @@ class SamlIdpHandler extends ExceptionHandler
messageId: $throwable->getMessageId(),
);
}
$error_type = get_class($throwable);
$data = [
'errorCode' => $throwable->getCode(),
@@ -98,7 +101,7 @@ class SamlIdpHandler extends ExceptionHandler
'sp' => config('saml.client.entity_id'),
'messageId' => $throwable->getMessageId(),
], JSON_UNESCAPED_UNICODE);
$this->logger->error(
<<<ERROR_LOG
TYPE: $error_type
@@ -136,13 +139,13 @@ ERROR_LOG
$throwable->getRelayState(),
[]
);
$this->logger->error("location: $url");
return $response
->withStatus(302)
->withAddedHeader('Location', $url);
}
/**
* @inheritDoc
*/
@@ -150,4 +153,4 @@ ERROR_LOG
{
return $throwable instanceof RuntimeException;
}
}
}

52
src/Exceptions/Handler/SamlSpHandler.php
View File

@@ -1,14 +1,16 @@
<?php
declare(strict_types=1);
namespace Singularity\HyperfSaml\Exceptions\Handler;
use Exception;
use Hyperf\Codec\Json;
use Hyperf\Di\Annotation\Inject;
use Hyperf\ExceptionHandler\ExceptionHandler;
use Hyperf\Framework\Logger\StdoutLogger;
use Hyperf\HttpMessage\Stream\SwooleStream;
use Hyperf\HttpServer\Contract\RequestInterface;
use Hyperf\Utils\Codec\Json;
use Lmc\HttpConstants\Header;
use Psr\Http\Message\ResponseInterface;
use Singularity\HyperfSaml\Constants\SamlErrorCode;
@@ -17,6 +19,8 @@ use Singularity\HyperfSaml\Exceptions\ValidationException;
use Teapot\StatusCode\RFC\RFC7231;
use Throwable;
use function Hyperf\Config\config;
/**
* SP 相关错误捕获
* Singularity\HyperfSaml\Exceptions\Handler\SamlIdpHandler@HyperfSaml
@@ -29,45 +33,45 @@ class SamlSpHandler extends ExceptionHandler
{
/**
* @Inject
* @var \Hyperf\Framework\Logger\StdoutLogger
* @var StdoutLogger
*/
private StdoutLogger $logger;
/**
* @Inject(required=false)
* @var \Hyperf\HttpServer\Contract\RequestInterface|null
* @var RequestInterface|null
*/
private ?RequestInterface $request;
/**
* @param RuntimeException $throwable
* @param \Psr\Http\Message\ResponseInterface $response
* @param RuntimeException $throwable
* @param ResponseInterface $response
*
* @return \Psr\Http\Message\ResponseInterface
* @throws \Exception
* @return ResponseInterface
* @throws Exception
*/
public function handle(Throwable $throwable, ResponseInterface $response): ResponseInterface
{
// 阻止异常冒泡
$this->stopPropagation();
$restful = config('common.response.restful');
$code_name = config('common.response.code_name');
$message_name = config('common.response.message_name');
$this->request?->url();
$error_type = get_class($throwable);
$is_testing = config('app_status') === true;
$is_debug = $this->request?->hasHeader('Postman-Token')
|| $this->request?->header('User-Agent') === 'apifox/2.1.8 (https://www.apifox.cn)';
$data = [
$code_name => $throwable->getCode(),
$message_name => $throwable->getMessage(),
];
// 验证失败
if ($throwable instanceof ValidationException) {
$code = $throwable->getCode();
@@ -82,8 +86,8 @@ class SamlSpHandler extends ExceptionHandler
$data['availableValue'] = $throwable->getAvailableValue();
}
}
// 整理日志所需的数据
$request_time = date('Y-m-d H:i:s');
$request_headers = $this->request->getHeaders();
@@ -93,20 +97,19 @@ class SamlSpHandler extends ExceptionHandler
'sp' => config('saml.client.entity_id'),
'messageId' => $throwable->getMessageId(),
], JSON_UNESCAPED_UNICODE);
$response = $response->withHeader(
Header::CONTENT_TYPE,
'application/json; charset=utf-8'
);
if ($is_debug && $is_testing) {
$data['trace'] = [
'errorType' => $error_type,
'errorTrack' => $throwable->getTrace(),
];
}
$cookies = json_encode($this->request->getCookieParams(), JSON_UNESCAPED_UNICODE);
$this->logger->error(
<<<ERROR_LOG
TYPE: $error_type
@@ -139,11 +142,10 @@ TRACE:
ERROR_LOG
);
$data = Json::encode($data);
if ($restful) {
$response = $response->withStatus(
$status_code ??
$throwable->status ??
$throwable->statusCode ??
RFC7231::INTERNAL_SERVER_ERROR
@@ -154,7 +156,7 @@ ERROR_LOG
new SwooleStream($data)
);
}
/**
* @inheritDoc
*/
@@ -162,4 +164,4 @@ ERROR_LOG
{
return $throwable instanceof RuntimeException;
}
}
}

4
src/Exceptions/Logout/ValidationException.php
View File

@@ -1,11 +1,11 @@
<?php
declare(strict_types=1);
namespace Singularity\HyperfSaml\Exceptions\Logout;
use Singularity\HyperfSaml\Exceptions\ValidationException as SAMLValidationException;
class ValidationException extends SAMLValidationException
{
}
}

9
src/Exceptions/RuntimeException.php
View File

@@ -1,6 +1,7 @@
<?php
declare(strict_types=1);
namespace Singularity\HyperfSaml\Exceptions;
use Throwable;
@@ -17,7 +18,7 @@ class RuntimeException extends \RuntimeException
) {
parent::__construct($message, $code, $previous);
}
/**
* @return string
*/
@@ -25,7 +26,7 @@ class RuntimeException extends \RuntimeException
{
return $this->statusCode;
}
/**
* @return string
*/
@@ -33,7 +34,7 @@ class RuntimeException extends \RuntimeException
{
return $this->relayState;
}
/**
* @return string
*/
@@ -41,4 +42,4 @@ class RuntimeException extends \RuntimeException
{
return $this->messageId;
}
}
}

11
src/Exceptions/ValidationException.php
View File

@@ -1,6 +1,7 @@
<?php
declare(strict_types=1);
namespace Singularity\HyperfSaml\Exceptions;
// use App\Model\ServiceProvider;
@@ -29,17 +30,17 @@ class ValidationException extends RuntimeException
SamlConstants::STATUS_INVALID_NAME_ID_POLICY,
$messageId,
$relayState,
$message ?? SamlErrorCode::getMessage($code) ,
$message ?? SamlErrorCode::getMessage($code),
$code,
$previous
);
}
public function getFieldName(): string
{
return $this->field;
}
/**
* @return mixed
*/
@@ -47,7 +48,7 @@ class ValidationException extends RuntimeException
{
return $this->currentValue;
}
/**
* @return array
*/
@@ -55,4 +56,4 @@ class ValidationException extends RuntimeException
{
return $this->availableValue;
}
}
}

32
src/Services/AbstractService.php
View File

@@ -52,14 +52,14 @@ abstract class AbstractService
try {
$bindingFactory = new BindingFactory();
$binding = $bindingFactory->getBindingByRequest($requestInstance);
// We prepare a message context to receive our SAML Request message.
$messageContext = new MessageContext();
// The received method fills in the messageContext with the SAML Request data.
/** @var \LightSaml\Model\Protocol\Response $response */
$binding->receive($requestInstance, $messageContext);
return $messageContext;
} catch (InvalidArgumentException $exception) {
throw new ValidationException(
@@ -68,7 +68,7 @@ abstract class AbstractService
);
}
}
/**
* 响应给 ACS
*
@@ -93,10 +93,10 @@ abstract class AbstractService
}
$messageContext = new MessageContext();
$messageContext->setMessage($responseInstance);
$bindingFactory = new BindingFactory();
$redirectBinding = $bindingFactory->create($bindingType);
// Ensure we include the RelayState.
$message = $messageContext->getMessage();
$rs = $message->getRelayState();
@@ -104,29 +104,29 @@ abstract class AbstractService
$message->setRelayState($relayState);
$messageContext->setMessage($message);
}
// Return the Response.
/** @var \Symfony\Component\HttpFoundation\RedirectResponse $httpResponse */
$httpResponse = $redirectBinding->send($messageContext);
$url_parts = parse_url($httpResponse->getTargetUrl());
$query = [];
parse_str($url_parts['query'], $query);
// $query['Signature'] = $this->base64Wrapper->encode($query['Signature']);
$query += $extraParams;
$url_parts['query'] = http_build_query($query);
$url_parts['port'] ??= '80';
if ($url_parts['port'] !== '80') {
$url_parts['host'] .= ':' . $url_parts['port'];
}
$url = $url_parts['scheme'] . '://' . $url_parts['host'] . $url_parts['path'] . '?' . $url_parts['query'];
if (!$returnHtml) {
return $url;
}
return sprintf(
'<!DOCTYPE html>
<html lang="">
@@ -142,7 +142,7 @@ abstract class AbstractService
);
// return $httpResponse->setTargetUrl($url)->getContent();
}
public function requestParser($request): Request
{
$params = $request->getQueryParams();
@@ -152,7 +152,7 @@ abstract class AbstractService
$params,
);
}
/**
* Retrieves the certificate from the IdP.
*
@@ -162,7 +162,7 @@ abstract class AbstractService
{
return X509Certificate::fromFile('cert/server.crt');
}
/**
* Retrieves the private key from the Idp.
*
@@ -172,4 +172,4 @@ abstract class AbstractService
{
return KeyHelper::createPrivateKey('cert/server.key', '', true);
}
}
}

4
src/Services/Base.php
View File

@@ -37,6 +37,8 @@ use RobRichards\XMLSecLibs\XMLSecurityKey;
use Singularity\HDK\Auth\Resource\User;
use Throwable;
use function Hyperf\Config\config;
/**
* Singularity\HyperfSaml\Lib\Base@HyperfSaml
*
@@ -424,4 +426,4 @@ class Base extends AbstractService
{
return $response->getRelayState();
}
}
}

53
src/Services/Idp/AbstractLoginService.php
View File

@@ -1,6 +1,7 @@
<?php
declare(strict_types=1);
namespace Singularity\HyperfSaml\Services\Idp;
use DateTime;
@@ -35,7 +36,7 @@ class AbstractLoginService extends AbstractService
* @var \Hyperf\Framework\Logger\StdoutLogger
*/
private StdoutLogger $logger;
/**
* Constructs a SAML Response.
*
@@ -55,7 +56,7 @@ class AbstractLoginService extends AbstractService
$statusCode = isset($user)
? SamlConstants::STATUS_SUCCESS
: SamlConstants::STATUS_NO_PASSIVE;
$response = new Response();
// 生成断言
$assertion = $this->assertionBuilder(
@@ -64,12 +65,12 @@ class AbstractLoginService extends AbstractService
$messageId,
$sp?->acsUrl ?? ''
);
// 加密
$certificate = (new X509Certificate())->loadPem($sp->secret);
$encryptedAssertion = new EncryptedAssertionWriter();
$encryptedAssertion->encrypt($assertion, KeyHelper::createPublicKey($certificate));
$response
// ->addAssertion($assertion)
->addEncryptedAssertion($encryptedAssertion)
@@ -79,21 +80,21 @@ class AbstractLoginService extends AbstractService
->setID(Helper::generateID())
->setIssueInstant(new DateTime())
->setDestination($sp->acsUrl);
// Sign the response.
// $response->setSignature(
// new SignatureWriter($this->getCertificate(), $this->getPrivateKey())
// );
// Preparing the response XML
$serializationContext = new SerializationContext();
// Serialize to XML.
$response->serialize($serializationContext->getDocument(), $serializationContext);
return $response;
}
/**
* 断言构建器
*
@@ -111,33 +112,33 @@ class AbstractLoginService extends AbstractService
string $acsUrl = ''
): Assertion {
$assertion = new Assertion();
$this->logger->info('生成 NameID: ' . $user?->uid ?? 'nil');
// 构建基本信息
$name_id = new NameID(
$user?->uid ?? 'nil',
SamlConstants::NAME_ID_FORMAT_PERSISTENT
);
$subject = new Subject();
$subject_confirmation = new SubjectConfirmation();
$subject_confirmation_data = new SubjectConfirmationData();
$subject_confirmation_data = $subject_confirmation_data
->setInResponseTo($messageId) # SAML 请求的标识
->setNotOnOrAfter(new DateTime('+1 MINUTE')) # 有效期 1 分钟内
->setRecipient($acsUrl); # 断言消费服务的地址
/** @var SubjectConfirmation 验证数据 $subject_confirmation */
$subject_confirmation = $subject_confirmation
->setMethod(SamlConstants::CONFIRMATION_METHOD_BEARER)
->setSubjectConfirmationData($subject_confirmation_data);
/** @var Subject 主题/标题 $subject */
$subject = $subject
->setNameID($name_id)
->addSubjectConfirmation($subject_confirmation);
// 配置生效条件
$conditions = new Conditions();
$conditions = $conditions
@@ -146,18 +147,18 @@ class AbstractLoginService extends AbstractService
->addItem(
new AudienceRestriction([$issuerId])# 受众限制
);
$assertion = $assertion
->setId(Helper::generateID()) # 本次的 MessageID
->setIssueInstant(new DateTime()) # 当前时间戳
->setIssuer(new Issuer($this->idpId)) # 发信人——IDP的entityID
->setSubject($subject)# 设置主题/标题
->setConditions($conditions);
// 补充更多内容
if (isset($user)) {
$attribute_statement = new AttributeStatement();
// uid
$attribute_statement = $attribute_statement
->addAttribute(
@@ -172,7 +173,7 @@ class AbstractLoginService extends AbstractService
$user->uid ?? null
)
);
// secEmail
$attribute_statement = $attribute_statement
->addAttribute(
@@ -187,7 +188,7 @@ class AbstractLoginService extends AbstractService
$user->secEmail ?? null
)
);
// username
$attribute_statement = $attribute_statement
->addAttribute(
@@ -202,7 +203,7 @@ class AbstractLoginService extends AbstractService
$user->username ?? null
)
);
// 密码
$attribute_statement = $attribute_statement
->addAttribute(
@@ -216,7 +217,7 @@ class AbstractLoginService extends AbstractService
!empty($user->password)
)
);
//其他
$attribute_statement = $attribute_statement
->addAttribute(
@@ -236,11 +237,11 @@ class AbstractLoginService extends AbstractService
$user->avatar
)
);
$assertion->addItem($attribute_statement);
}
return $assertion;
}
}
}

4
src/Services/Idp/AbstractLogoutService.php
View File

@@ -16,6 +16,8 @@ use Singularity\HDK\Core\Constants\CommonErrorCode;
use Singularity\HyperfSaml\Exceptions\Logout\ValidationException;
use Singularity\HyperfSaml\Services\AbstractService;
use function Hyperf\Config\config;
class AbstractLogoutService extends AbstractService
{
/**
@@ -153,4 +155,4 @@ class AbstractLogoutService extends AbstractService
return $user;
}
}
}

4
src/Services/Sp/Assertion.php
View File

@@ -31,6 +31,8 @@ use Singularity\HyperfSaml\Exceptions\RuntimeException;
use Singularity\HyperfSaml\Exceptions\ValidationException;
use Singularity\HyperfSaml\Services\Base;
use function Hyperf\Config\config;
/**
* 断言操作类
* 用于获取用户登录状态
@@ -181,4 +183,4 @@ class Assertion
)->withHeader(Header::CONTENT_TYPE, 'text/html');
// return $this->response->redirect($landing_url, RFC7231::FOUND);
}
}
}

4
src/Services/Sp/MetadataProfile.php
View File

@@ -8,9 +8,9 @@
*/
declare(strict_types=1);
namespace Singularity\HyperfSaml\Services\Sp;
class MetadataProfile
{
}
}

36
src/Services/Sp/Slo.php
View File

@@ -15,10 +15,13 @@ use Hyperf\HttpServer\Contract\RequestInterface;
use Hyperf\HttpServer\Contract\ResponseInterface;
use Hyperf\Redis\Redis;
use Psr\Http\Message\ResponseInterface as PsrResponseInterface;
use RedisException;
use Singularity\HDK\Auth\Services\AuthenticationInterface;
use Singularity\HyperfSaml\Services\Base;
use Teapot\StatusCode\RFC\RFC7231;
use function Hyperf\Config\config;
/**
* 单点退出登录
* Singularity\HyperfSaml\Services\Sp\Slo@HyperfSaml
@@ -30,30 +33,30 @@ use Teapot\StatusCode\RFC\RFC7231;
class Slo
{
public function __construct(
private Base $base,
private RequestInterface $request,
private ResponseInterface $response,
private AuthenticationInterface $authentication,
private Redis $redis
private readonly Base $base,
private readonly RequestInterface $request,
private readonly ResponseInterface $response,
private readonly AuthenticationInterface $authentication,
private readonly Redis $redis
) {
}
/**
* 重定向方式退出单点登录
*
* @param string $uid
* @param string $originToken
*
* @return \Psr\Http\Message\ResponseInterface
* @return PsrResponseInterface
*/
public function redirect(string $uid, string $originToken): PsrResponseInterface
{
$idpId = config('saml.server.idp_logout_url');
$issuer = config('saml.client.entity_id');
$this->authentication->invalidByToken();
$relayState = $this->request->query('RelayState', '');
$url = $this->base->createLogoutRequest(
uid: $uid,
token: $originToken,
@@ -61,27 +64,28 @@ class Slo
issuer: $issuer,
relayState: $relayState
);
return $this->response->redirect($url, RFC7231::FOUND);
}
/**
* 回调方式退出单点登录IDP 通知 SP)
*
* @return \Psr\Http\Message\ResponseInterface Account 只根据 StatusCode 判断, 符合 [200, 300) 即可
* @return PsrResponseInterface Account 只根据 StatusCode 判断, 符合 [200, 300) 即可
* @throws RedisException
*/
public function callback(): PsrResponseInterface
{
$redis_prefix = config('common.redis.prefix');
$uid = $this->request->query('uid');
$originToken = $this->request->query('token');
if (empty($originToken)) {
$this->authentication->invalidByUser($uid);
} else {
$key = "{$redis_prefix}user:token_map:$uid";
$token = $this->redis->hGet($key, $originToken);
$this->redis->hDel($key, $originToken);
if ($token) {
@@ -90,4 +94,4 @@ class Slo
}
return $this->response->raw('')->withStatus(RFC7231::NO_CONTENT);
}
}
}

26
src/Services/Sp/Sso.php
View File

@@ -11,7 +11,7 @@ declare(strict_types=1);
namespace Singularity\HyperfSaml\Services\Sp;
use Hyperf\Utils\Codec\Json;
use Hyperf\Codec\Json;
use Singularity\HDK\Core\Constants\CommonErrorCode;
use Singularity\HDK\Core\Exceptions\Forbidden;
use Swoole\Exception;
@@ -24,6 +24,8 @@ use Psr\Http\Message\ResponseInterface as PsrResponseInterface;
use Singularity\HyperfSaml\Services\Base;
use Teapot\StatusCode\RFC\RFC7231;
use function Hyperf\Config\config;
/**
* SP 单点登录
* Singularity\HyperfSaml\Sp\Sso@HyperfSaml
@@ -38,7 +40,7 @@ class Sso
private string $idpAssertionUrl;
private string $acsUrl;
private string $issuer;
public function __construct(
private Base $base,
private RequestInterface $request,
@@ -48,11 +50,11 @@ class Sso
) {
$this->idpId = config('saml.server.idp_id');
$this->idpAssertionUrl = config('saml.server.idp_assertion_url');
$this->issuer = config('saml.client.entity_id');
$this->acsUrl = config('saml.client.acs_url');
}
/**
* 自动重定向获取用户登录状态
*
@@ -67,7 +69,7 @@ class Sso
);
return $this->response->redirect($url, RFC7231::FOUND);
}
/**
* 自动重定向到单点登录
*
@@ -77,7 +79,7 @@ class Sso
{
$language = $this->request->query('language') ?? config('language') ?? 'zh_CN';
$relayState = $this->request->query('RelayState', '');
$url = $this->base->createSamlRequest(
idpID: $this->idpId,
acsUrl: $this->acsUrl,
@@ -89,7 +91,7 @@ class Sso
);
return $this->response->redirect($url, RFC7231::FOUND);
}
/**
* 验证用户同时在多个设备登录
*
@@ -104,7 +106,7 @@ class Sso
public function checkMultiDeviceOnline($uid, $token): void
{
$allow_multi_online = config('saml.allow_multi_online');
// 只对限制为单设备登录的业务进行验证
if ($allow_multi_online) {
return;
@@ -112,7 +114,7 @@ class Sso
$redis_prefix = config('common.redis.prefix');
$key = "{$redis_prefix}user:token_map:{$uid}";
$type = $this->redis->type($key);
try {
$this->stdoutLogger->info('user_token redis type: ' . $type);
switch ($type) {
@@ -131,7 +133,7 @@ class Sso
$this->stdoutLogger->info('user_token redis key: ' . $origin_token);
$latest_token = $this->redis->hGet($key, $origin_token);
$this->stdoutLogger->info('user_token redis value isset: ' . $latest_token);
if (empty($latest_token) || $latest_token !== $token) {
throw new Exception(code: CommonErrorCode::AUTH_SESSION_CREATED_AT_ERROR);
}
@@ -144,8 +146,8 @@ class Sso
} catch (Exception $e) {
$code = $e->getCode();
$message = CommonErrorCode::getMessage($code);
throw new Forbidden(code: $code, message: $message);
}
}
}
}

21
tests/Cases/AbstractTestCase.php
View File

@@ -1,21 +0,0 @@
<?php
declare(strict_types=1);
/**
* This file is part of Hyperf.
*
* @link https://www.hyperf.io
* @document https://hyperf.wiki
* @contact group@hyperf.io
* @license https://github.com/hyperf/hyperf/blob/master/LICENSE
*/
namespace HyperfTest\Cases;
use PHPUnit\Framework\TestCase;
/**
* Class AbstractTestCase.
*/
abstract class AbstractTestCase extends TestCase
{
}

24
tests/Cases/ExampleTest.php
View File

@@ -1,24 +0,0 @@
<?php
declare(strict_types=1);
/**
* This file is part of Hyperf.
*
* @link https://www.hyperf.io
* @document https://hyperf.wiki
* @contact group@hyperf.io
* @license https://github.com/hyperf/hyperf/blob/master/LICENSE
*/
namespace HyperfTest\Cases;
/**
* @internal
* @coversNothing
*/
class ExampleTest extends AbstractTestCase
{
public function testExample()
{
$this->assertTrue(true);
}
}

5
tests/Feature/ExampleTest.php Normal file
View File

@@ -0,0 +1,5 @@
<?php
test('example', function () {
expect(true)->toBeTrue();
});

45
tests/Pest.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
/*
|--------------------------------------------------------------------------
| Test Case
|--------------------------------------------------------------------------
|
| The closure you provide to your test functions is always bound to a specific PHPUnit test
| case class. By default, that class is "PHPUnit\Framework\TestCase". Of course, you may
| need to change it using the "uses()" function to bind a different classes or traits.
|
*/
// uses(Tests\TestCase::class)->in('Feature');
/*
|--------------------------------------------------------------------------
| Expectations
|--------------------------------------------------------------------------
|
| When you're writing tests, you often need to check that values meet certain conditions. The
| "expect()" function gives you access to a set of "expectations" methods that you can use
| to assert different things. Of course, you may extend the Expectation API at any time.
|
*/
expect()->extend('toBeOne', function () {
return $this->toBe(1);
});
/*
|--------------------------------------------------------------------------
| Functions
|--------------------------------------------------------------------------
|
| While Pest is very powerful out-of-the-box, you may have some testing code specific to your
| project that you don't want to repeat in every file. Here you can also expose helpers as
| global functions to help you to reduce the number of lines of code in your test files.
|
*/
/*function something()
{
// ..
}*/

10
tests/TestCase.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
namespace Tests;
use PHPUnit\Framework\TestCase as BaseTestCase;
abstract class TestCase extends BaseTestCase
{
//
}

5
tests/Unit/ExampleTest.php Normal file
View File

@@ -0,0 +1,5 @@
<?php
test('example', function () {
expect(true)->toBeTrue();
});

37
tests/bootstrap.php
View File

@@ -1,12 +1,31 @@
<?php
declare(strict_types=1);
/**
* This file is part of Hyperf.
*
* @link https://www.hyperf.io
* @document https://hyperf.wiki
* @contact group@hyperf.io
* @license https://github.com/hyperf/hyperf/blob/master/LICENSE
*/
require_once dirname(dirname(__FILE__)) . '/vendor/autoload.php';
use Hyperf\Context\ApplicationContext;
use Hyperf\Di\ClassLoader;
use Hyperf\Di\Container;
use Hyperf\Di\Definition\DefinitionSource;
use Psr\Container\ContainerInterface;
use Swoole\Runtime;
ini_set('display_errors', 'on');
ini_set('display_startup_errors', 'on');
error_reporting(E_ALL);
date_default_timezone_set('Asia/Shanghai');
!defined('BASE_PATH') && define('BASE_PATH', dirname(__DIR__, 1));
!defined('SWOOLE_HOOK_FLAGS') && define('SWOOLE_HOOK_FLAGS', SWOOLE_HOOK_ALL);
Runtime::enableCoroutine(true);
require BASE_PATH . '/vendor/autoload.php';
ClassLoader::init();
$container = new Container(new DefinitionSource([]));
if (!$container instanceof ContainerInterface) {
throw new RuntimeException('The dependency injection container is invalid.');
}
$container = ApplicationContext::setContainer($container);