Prevented saml2 autodiscovery on metadata load

Fixes issue where metadata cannot be viewed if autload is active and entityid url is not active. For #2480
2024-07-04 18:41:19 +00:00 · 2022-10-16 09:50:08 +01:00 · 2022-10-16 09:50:08 +01:00 · f0ac454be1
commit f0ac454be1
parent 0269f5122e
2 changed files with 22 additions and 11 deletions
--- a/app/Auth/Access/Saml2Service.php
+++ b/app/Auth/Access/Saml2Service.php
@ -20,14 +20,11 @@ use OneLogin\Saml2\ValidationError;
 */
 class Saml2Service
 {
-    protected $config;
-    protected $registrationService;
-    protected $loginService;
-    protected $groupSyncService;
+    protected array $config;
+    protected RegistrationService $registrationService;
+    protected LoginService $loginService;
+    protected GroupSyncService $groupSyncService;

-    /**
-     * Saml2Service constructor.
-     */
    public function __construct(
        RegistrationService $registrationService,
        LoginService $loginService,
@ -169,7 +166,7 @@ class Saml2Service
     */
    public function metadata(): string
    {
-        $toolKit = $this->getToolkit();
+        $toolKit = $this->getToolkit(true);
        $settings = $toolKit->getSettings();
        $metadata = $settings->getSPMetadata();
        $errors = $settings->validateMetadata($metadata);
@ -190,7 +187,7 @@ class Saml2Service
     * @throws Error
     * @throws Exception
     */
-    protected function getToolkit(): Auth
+    protected function getToolkit(bool $spOnly = false): Auth
    {
        $settings = $this->config['onelogin'];
        $overrides = $this->config['onelogin_overrides'] ?? [];
@ -200,14 +197,14 @@ class Saml2Service
        }

        $metaDataSettings = [];
-        if ($this->config['autoload_from_metadata']) {
+        if (!$spOnly && $this->config['autoload_from_metadata']) {
            $metaDataSettings = IdPMetadataParser::parseRemoteXML($settings['idp']['entityId']);
        }

        $spSettings = $this->loadOneloginServiceProviderDetails();
        $settings = array_replace_recursive($settings, $spSettings, $metaDataSettings, $overrides);

-        return new Auth($settings);
+        return new Auth($settings, $spOnly);
    }

    /**
--- a/tests/Auth/Saml2Test.php
+++ b/tests/Auth/Saml2Test.php
@ -41,6 +41,20 @@ class Saml2Test extends TestCase
        $req->assertSee(url('/saml2/acs'));
    }

+    public function test_metadata_endpoint_loads_when_autoloading_with_bad_url_set()
+    {
+        config()->set([
+            'saml2.autoload_from_metadata' => true,
+            'saml2.onelogin.idp.entityId' => 'http://192.168.1.1:9292',
+            'saml2.onelogin.idp.singleSignOnService.url' => null,
+        ]);
+
+        $req = $this->get('/saml2/metadata');
+        $req->assertOk();
+        $req->assertHeader('Content-Type', 'text/xml; charset=UTF-8');
+        $req->assertSee('md:EntityDescriptor');
+    }
+
    public function test_onelogin_overrides_functions_as_expected()
    {
        $json = '{"sp": {"assertionConsumerService": {"url": "https://example.com/super-cats"}}, "contactPerson": {"technical": {"givenName": "Barry Scott", "emailAddress": "barry@example.com"}}}';