Merge

Author: pitbulk

lib/Saml2/Auth.php

@@ -137,6 +137,8 @@ class OneLogin_Saml2_Auth
      * Initializes the SP SAML instance.
      *
      * @param array|object|null $oldSettings Setting data (You can provide a OneLogin_Saml_Settings, the settings object of the Saml folder implementation)
+     *
+     * @throws OneLogin_Saml2_Error
      */
     public function __construct($oldSettings = null)
     {
@@ -157,11 +159,12 @@ public function getSettings()
      * Set the strict mode active/disable
      *
      * @param bool $value Strict parameter
+     *
      * @throws OneLogin_Saml2_Error
      */
     public function setStrict($value)
     {
-        if (! (is_bool($value))) {
+        if (!is_bool($value)) {
             throw new OneLogin_Saml2_Error(
                 'Invalid value passed to setStrict()',
                 OneLogin_Saml2_Error::SETTINGS_INVALID_SYNTAX
@@ -177,12 +180,13 @@ public function setStrict($value)
      * @param string|null $requestId The ID of the AuthNRequest sent by this SP to the IdP
      *
      * @throws OneLogin_Saml2_Error
+     * @throws OneLogin_Saml2_ValidationError
      */
     public function processResponse($requestId = null)
     {
         $this->_errors = array();
         $this->_errorReason = null;
-        if (isset($_POST) && isset($_POST['SAMLResponse'])) {
+        if (isset($_POST['SAMLResponse'])) {
             // AuthnResponse -- HTTP_POST Binding
             $response = new OneLogin_Saml2_Response($this->_settings, $_POST['SAMLResponse']);
             $this->_lastResponse = $response->getXMLDocument();
@@ -229,7 +233,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie
     {
         $this->_errors = array();
         $this->_errorReason = null;
-        if (isset($_GET) && isset($_GET['SAMLResponse'])) {
+        if (isset($_GET['SAMLResponse'])) {
             $logoutResponse = new OneLogin_Saml2_LogoutResponse($this->_settings, $_GET['SAMLResponse']);
             $this->_lastResponse = $logoutResponse->getXML();
             if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) {
@@ -247,7 +251,7 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie
                     }
                 }
             }
-        } else if (isset($_GET) && isset($_GET['SAMLRequest'])) {
+        } else if (isset($_GET['SAMLRequest'])) {
             $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, $_GET['SAMLRequest']);
             $this->_lastRequest = $logoutRequest->getXML();
             if (!$logoutRequest->isValid($retrieveParametersFromServer)) {
@@ -296,10 +300,13 @@ public function processSLO($keepLocalSession = false, $requestId = null, $retrie
      * Redirects the user to the url past by parameter
      * or to the url that we defined in our SSO Request.
      *
-     * @param string $url        The target URL to redirect the user.
-     * @param array  $parameters Extra parameters to be passed as part of the url
-     * @param bool   $stay       True if we want to stay (returns the url string) False to redirect
+     * @param string $url The target URL to redirect the user.
+     * @param array $parameters Extra parameters to be passed as part of the url
+     * @param bool $stay True if we want to stay (returns the url string) False to redirect
+     *
      * @return string|null
+     *
+     * @throws OneLogin_Saml2_Error
      */
     public function redirectTo($url = '', $parameters = array(), $stay = false)
     {
@@ -452,14 +459,16 @@ public function getAttributeWithFriendlyName($friendlyName)
     /**
      * Initiates the SSO process.
      *
-     * @param string|null $returnTo        The target URL the user should be returned to after login.
-     * @param array       $parameters      Extra parameters to be added to the GET
-     * @param bool        $forceAuthn      When true the AuthNRequest will set the ForceAuthn='true'
-     * @param bool        $isPassive       When true the AuthNRequest will set the Ispassive='true'
-     * @param bool        $stay            True if we want to stay (returns the url string) False to redirect
-     * @param bool        $setNameIdPolicy When true the AuthNRueqest will set a nameIdPolicy element
+     * @param string|null $returnTo The target URL the user should be returned to after login.
+     * @param array $parameters Extra parameters to be added to the GET
+     * @param bool $forceAuthn When true the AuthNRequest will set the ForceAuthn='true'
+     * @param bool $isPassive When true the AuthNRequest will set the Ispassive='true'
+     * @param bool $stay True if we want to stay (returns the url string) False to redirect
+     * @param bool $setNameIdPolicy When true the AuthNRueqest will set a nameIdPolicy element
      *
      * @return string|null If $stay is True, it return a string with the SLO URL + LogoutRequest + parameters
+     *
+     * @throws OneLogin_Saml2_Error
      */
     public function login($returnTo = null, $parameters = array(), $forceAuthn = false, $isPassive = false, $stay = false, $setNameIdPolicy = true)
     {
@@ -591,7 +600,6 @@ public function getLastRequestID()
      *
      * @return string A base64 encoded signature
      *
-     * @throws Exception
      * @throws OneLogin_Saml2_Error
      */
     public function buildRequestSignature($samlRequest, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA1)
@@ -634,7 +642,6 @@ public function buildRequestSignature($samlRequest, $relayState, $signAlgorithm
      *
      * @return string A base64 encoded signature
      *
-     * @throws Exception
      * @throws OneLogin_Saml2_Error
      */
     public function buildResponseSignature($samlResponse, $relayState, $signAlgorithm = XMLSecurityKey::RSA_SHA1)

lib/Saml2/IdPMetadataParser.php

@@ -85,7 +85,8 @@ public static function parseFileXML($filepath, $entityId = null, $desiredNameIdF
      * @param string $desiredSLOBinding     Parse specific binding SLO endpoint.
      *
      * @return array metadata info in php-saml settings format
-     * @throws \Exception
+     *
+     * @throws Exception
      */
     public static function parseXML($xml, $entityId = null, $desiredNameIdFormat = null, $desiredSSOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT, $desiredSLOBinding = OneLogin_Saml2_Constants::BINDING_HTTP_REDIRECT)
     {

lib/Saml2/LogoutRequest.php

@@ -33,12 +33,14 @@ class OneLogin_Saml2_LogoutRequest
     /**
      * Constructs the Logout Request object.
      *
-     * @param OneLogin_Saml2_Settings $settings     Settings
-     * @param string|null             $request      A UUEncoded Logout Request.
-     * @param string|null             $nameId       The NameID that will be set in the LogoutRequest.
-     * @param string|null             $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
-     * @param string|null             $nameIdFormat The NameID Format will be set in the LogoutRequest.
-     * @param string|null             $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest.
+     * @param OneLogin_Saml2_Settings $settings Settings
+     * @param string|null $request A UUEncoded Logout Request.
+     * @param string|null $nameId The NameID that will be set in the LogoutRequest.
+     * @param string|null $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process).
+     * @param string|null $nameIdFormat The NameID Format will be set in the LogoutRequest.
+     * @param string|null $nameIdNameQualifier The NameID NameQualifier will be set in the LogoutRequest.
+     *
+     * @throws OneLogin_Saml2_Error
      */
     public function __construct(OneLogin_Saml2_Settings $settings, $request = null, $nameId = null, $sessionIndex = null, $nameIdFormat = null, $nameIdNameQualifier = null)
     {
@@ -177,11 +179,12 @@ public static function getID($request)
      * Gets the NameID Data of the the Logout Request.
      *
      * @param string|DOMDocument $request Logout Request Message
-     * @param string|null        $key     The SP key
+     * @param string|null $key The SP key
      *
      * @return array Name ID Data (Value, Format, NameQualifier, SPNameQualifier)
      *
-     * @throws Exception
+     * @throws OneLogin_Saml2_Error
+     * @throws OneLogin_Saml2_ValidationError
      */
     public static function getNameIdData($request, $key = null)
     {
@@ -239,9 +242,12 @@ public static function getNameIdData($request, $key = null)
      * Gets the NameID of the Logout Request.
      *
      * @param string|DOMDocument $request Logout Request Message
-     * @param string|null        $key     The SP key
+     * @param string|null $key The SP key
      *
      * @return string Name ID Value
+     *
+     * @throws OneLogin_Saml2_Error
+     * @throws OneLogin_Saml2_ValidationError
      */
     public static function getNameId($request, $key = null)
     {
@@ -255,6 +261,7 @@ public static function getNameId($request, $key = null)
      * @param string|DOMDocument $request Logout Request Message
      *
      * @return string|null $issuer The Issuer
+     * @throws Exception
      */
     public static function getIssuer($request)
     {
@@ -282,6 +289,8 @@ public static function getIssuer($request)
      * @param string|DOMDocument $request Logout Request Message
      *
      * @return array The SessionIndex value
+     *
+     * @throws Exception
      */
     public static function getSessionIndexes($request)
     {
@@ -303,6 +312,8 @@ public static function getSessionIndexes($request)
     /**
      * Checks if the Logout Request recieved is valid.
      *
+     * @param bool $retrieveParametersFromServer
+     *
      * @return bool If the Logout Request is or not valid
      */
     public function isValid($retrieveParametersFromServer = false)
@@ -344,34 +355,30 @@ public function isValid($retrieveParametersFromServer = false)
                 // Check destination
                 if ($dom->documentElement->hasAttribute('Destination')) {
                     $destination = $dom->documentElement->getAttribute('Destination');
-                    if (!empty($destination)) {
-                        if (strpos($destination, $currentURL) === false) {
-                            throw new OneLogin_Saml2_ValidationError(
-                                "The LogoutRequest was received at $currentURL instead of $destination",
-                                OneLogin_Saml2_ValidationError::WRONG_DESTINATION
-                            );
-                        }
+                    if (!empty($destination) && strpos($destination, $currentURL) === false) {
+                        throw new OneLogin_Saml2_ValidationError(
+                            "The LogoutRequest was received at $currentURL instead of $destination",
+                            OneLogin_Saml2_ValidationError::WRONG_DESTINATION
+                        );
                     }
                 }
 
-                $nameId = $this->getNameId($dom, $this->_settings->getSPkey());
+                $nameId = static::getNameId($dom, $this->_settings->getSPkey());
 
                 // Check issuer
-                $issuer = $this->getIssuer($dom);
+                $issuer = static::getIssuer($dom);
                 if (!empty($issuer) && $issuer != $idPEntityId) {
                     throw new OneLogin_Saml2_ValidationError(
                         "Invalid issuer in the Logout Request",
                         OneLogin_Saml2_ValidationError::WRONG_ISSUER
                     );
                 }
 
-                if ($security['wantMessagesSigned']) {
-                    if (!isset($_GET['Signature'])) {
-                        throw new OneLogin_Saml2_ValidationError(
-                            "The Message of the Logout Request is not signed and the SP require it",
-                            OneLogin_Saml2_ValidationError::NO_SIGNED_MESSAGE
-                        );
-                    }
+                if ($security['wantMessagesSigned'] && !isset($_GET['Signature'])) {
+                    throw new OneLogin_Saml2_ValidationError(
+                        "The Message of the Logout Request is not signed and the SP require it",
+                        OneLogin_Saml2_ValidationError::NO_SIGNED_MESSAGE
+                    );
                 }
             }
 
@@ -396,7 +403,8 @@ public function isValid($retrieveParametersFromServer = false)
         }
     }
 
-    /* After execute a validation process, if fails this method returns the cause
+    /**
+     * After execute a validation process, if fails this method returns the cause
      *
      * @return string Cause
      */

lib/Saml2/LogoutResponse.php

@@ -115,8 +115,6 @@ public function getStatus()
      * @param bool $retrieveParametersFromServer
      *
      * @return bool Returns if the SAML LogoutResponse is or not valid
-     *
-     * @throws Exception
      */
     public function isValid($requestId = null, $retrieveParametersFromServer = false)
     {
@@ -163,24 +161,20 @@ public function isValid($requestId = null, $retrieveParametersFromServer = false
                 // Check destination
                 if ($this->document->documentElement->hasAttribute('Destination')) {
                     $destination = $this->document->documentElement->getAttribute('Destination');
-                    if (!empty($destination)) {
-                        if (strpos($destination, $currentURL) === false) {
-                            throw new OneLogin_Saml2_ValidationError(
-                                "The LogoutResponse was received at $currentURL instead of $destination",
-                                OneLogin_Saml2_ValidationError::WRONG_DESTINATION
-                            );
-                        }
-                    }
-                }
-
-                if ($security['wantMessagesSigned']) {
-                    if (!isset($_GET['Signature'])) {
+                    if (!empty($destination) && strpos($destination, $currentURL) === false) {
                         throw new OneLogin_Saml2_ValidationError(
-                            "The Message of the Logout Response is not signed and the SP requires it",
-                            OneLogin_Saml2_ValidationError::NO_SIGNED_MESSAGE
+                            "The LogoutResponse was received at $currentURL instead of $destination",
+                            OneLogin_Saml2_ValidationError::WRONG_DESTINATION
                         );
                     }
                 }
+
+                if ($security['wantMessagesSigned'] && !isset($_GET['Signature'])) {
+                    throw new OneLogin_Saml2_ValidationError(
+                        "The Message of the Logout Response is not signed and the SP requires it",
+                        OneLogin_Saml2_ValidationError::NO_SIGNED_MESSAGE
+                    );
+                }
             }
 
             if (isset($_GET['Signature'])) {
@@ -270,7 +264,8 @@ public function getResponse($deflate = null)
         return base64_encode($subject);
     }
 
-    /* After execute a validation process, if fails this method returns the cause.
+    /**
+     * After execute a validation process, if fails this method returns the cause.
      *
      * @return string Cause
      */

lib/Saml2/Metadata.php

@@ -21,6 +21,7 @@ class OneLogin_Saml2_Metadata
      * @param array         $contacts      Contacts info
      * @param array         $organization  Organization ingo
      * @param array         $attributes
+     *
      * @return string SAML Metadata XML
      */
     public static function builder($sp, $authnsign = false, $wsign = false, $validUntil = null, $cacheDuration = null, $contacts = array(), $organization = array(), $attributes = array())
@@ -173,13 +174,15 @@ public static function builder($sp, $authnsign = false, $wsign = false, $validUn
     /**
      * Signs the metadata with the key/cert provided
      *
-     * @param string $metadata          SAML Metadata XML
-     * @param string $key               x509 key
-     * @param string $cert              x509 cert
-     * @param string $signAlgorithm     Signature algorithm method
-     * @param string $digestAlgorithm   Digest algorithm method
+     * @param string $metadata SAML Metadata XML
+     * @param string $key x509 key
+     * @param string $cert x509 cert
+     * @param string $signAlgorithm Signature algorithm method
+     * @param string $digestAlgorithm Digest algorithm method
      *
      * @return string Signed Metadata
+     *
+     * @throws Exception
      */
     public static function signMetadata($metadata, $key, $cert, $signAlgorithm = XMLSecurityKey::RSA_SHA1, $digestAlgorithm = XMLSecurityDSig::SHA1)
     {
@@ -190,11 +193,13 @@ public static function signMetadata($metadata, $key, $cert, $signAlgorithm = XML
      * Adds the x509 descriptors (sign/encriptation) to the metadata
      * The same cert will be used for sign/encrypt
      *
-     * @param string $metadata       SAML Metadata XML
-     * @param string $cert           x509 cert
-     * @param bool   $wantsEncrypted Whether to include the KeyDescriptor for encryption
+     * @param string $metadata SAML Metadata XML
+     * @param string $cert x509 cert
+     * @param bool $wantsEncrypted Whether to include the KeyDescriptor for encryption
      *
      * @return string Metadata with KeyDescriptors
+     *
+     * @throws Exception
      */
     public static function addX509KeyDescriptors($metadata, $cert, $wantsEncrypted = true)
     {