Skip to content

Commit

Permalink
adding after gitignore removal
Browse files Browse the repository at this point in the history
  • Loading branch information
@jay-oswald
jay-oswald committed Nov 20, 2024
1 parent b0803ba commit 376431b
Show file tree
Hide file tree
Showing 272 changed files with 28,241 additions and 0 deletions.
459 changes: 459 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/LICENSE
View file

Large diffs are not rendered by default.

27 changes: 27 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Authorize

![Build Status](https://github.com/simplesamlphp/simplesamlphp-module-authorize/workflows/CI/badge.svg?branch=master)
[![Coverage Status](https://codecov.io/gh/simplesamlphp/simplesamlphp-module-authorize/branch/master/graph/badge.svg)](https://codecov.io/gh/simplesamlphp/simplesamlphp-module-authorize)
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/simplesamlphp/simplesamlphp-module-authorize/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/simplesamlphp/simplesamlphp-module-authorize/?branch=master)
[![Type Coverage](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-authorize/coverage.svg)](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-authorize)
[![Psalm Level](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-authorize/level.svg)](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-authorize)

## Install

Install with composer

```bash
vendor/bin/composer require simplesamlphp/simplesamlphp-module-authorize
```

## Configuration

Next thing you need to do is to enable the module: in `config.php`,
search for the `module.enable` key and set `authorize` to true:

```php
'module.enable' => [
'authorize' => true,
],
```
49 changes: 49 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/composer.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"name": "simplesamlphp/simplesamlphp-module-authorize",
"description": "This module provides a user authorization filter based on attribute matching",
"type": "simplesamlphp-module",
"keywords": ["simplesamlphp", "authorize"],
"license": "LGPL-2.1-or-later",
"authors": [
{
"name": "Ernesto Revilla",
"email": "[email protected]"
}
],
"config": {
"preferred-install": {
"simplesamlphp/simplesamlphp": "source",
"*": "dist"
},
"allow-plugins": {
"composer/package-versions-deprecated": true,
"dealerdirect/phpcodesniffer-composer-installer": true,
"phpstan/extension-installer": true,
"simplesamlphp/composer-module-installer": true
}
},
"autoload": {
"psr-4": {
"SimpleSAML\\Module\\authorize\\": "src/"
}
},
"autoload-dev": {
"psr-4": {
"SimpleSAML\\Module\\Authorize\\Tests\\Utils\\": "tests/Utils",
"SimpleSAML\\Test\\Utils\\": "vendor/simplesamlphp/simplesamlphp/tests/Utils"
}
},
"require": {
"php": "^8.1",
"simplesamlphp/assert": "^1.0",
"simplesamlphp/simplesamlphp": "^2.1",
"symfony/http-foundation": "^6.4"
},
"require-dev": {
"simplesamlphp/simplesamlphp-test-framework": "^1.5"
},
"support": {
"issues": "https://github.com/simplesamlphp/simplesamlphp-module-authorize/issues",
"source": "https://github.com/simplesamlphp/simplesamlphp-module-authorize"
}
}
158 changes: 158 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/docs/authorize.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
# authorize Module

* Author: Ernesto Revilla <[email protected]>, Yaco Sistemas, Ryan Panning
* Package: SimpleSAMLphp

This module provides a user authorization filter based on attribute matching
for those applications that do not cleanly separate authentication from
authorization and set some default permissions for authenticated users.

`authorize:Authorize`
: Authorize certain users based on attribute matching

## `authorize:Authorize`

There are three configuration options that can be defined: `deny`, `regex`,
and `reject_msg`. All other filter configuration options are considered
attribute matching rules.

Unauthorized users will be shown a 403 Forbidden page.

### `deny`

The default action of the filter is to authorize only if an attribute match
is found (default allow). When set to TRUE, this option reverses that rule and
authorizes the user unless an attribute match is found (default deny), causing
an unauthorized action.

**Note**: This option needs to be boolean (TRUE/FALSE) else it will be considered
an attribute matching rule.

### `regex`

Turn regex pattern matching on or off for the attribute values defined. For
backwards compatibility, this option defaults to TRUE, but can be turned off
by setting it to FALSE.

**Note**: This option needs to be boolean (TRUE/FALSE) else it will be
considered an attribute matching rule.

### `reject_msg`

This option can be used to provide a localised, custom message to an
unauthorised user. For example: tailored instructions on how to fix the
authorisation issue, specific contact details, etc.

It should be an array of key/value pairs, with the keys as the language code.
You can use HTML in the message. See below for an example.

### `errorURL`

If the identity provider includes an `errorURL` in metadata, this option turns
on or off the generation of a context-specific errorURL in accordance with the
REFEDS SAML2 Metadata Deployment Profile for errorURL. Defaults to TRUE.

**Note**: This option needs to be boolean (TRUE/FALSE) else it will be
considered an attribute matching rule.

### `allow_reauthentication`

This option can be used to allow users to re-authenticate if they are
unauthorized. If set to TRUE, the user will be shown a button to re-authenticate.
If set to FALSE, the user will not be shown a button to re-authenticate.

**Note**: This option needs to be boolean (TRUE/FALSE) else it will be
considered FALSE.

### `show_user_attribute`

This option can be used to show the user attribute, to inform the with which
account they are logged in. If set to a valid attribute, the user will see
the first value of that attribute.

**Note**: This option needs to be a string else it will be considered disabled.
Default value is NULL.

## Attribute Rules

Each additional filter configuration option is considered an attribute matching
rule. For each attribute, you can specify a string or array of strings to match.
If one of those attributes match one of the rules (OR operator), the user is
authorized/unauthorized (depending on the deny config option).

**Note**: If regex is enabled, you must use the preg_match format, i.e. you have
to enclose it with a delimiter that does not appear inside the regex
(e.g. slash (/), at sign (@), number sign (#) or underscore (`_`)).

### Problems

* Once you get the forbidden page, you can't logout at the IdP directly,
(as far as I know), you have to close the browser.

### Examples

To use this filter configure it in `config/config.php`.
For unstructured attributes use `^` and `$` to anchor your regex as necessary:

```php
'authproc.sp' => [
60 => [
'class' => 'authorize:Authorize',
'uid' => [
'/^.*@example.com$/',
/*
* Use anchors to prevent matching
* '[email protected]'
*/
'/^(user1|user2|user3)@example.edu$/',
],
'schacUserStatus' => '@urn:mace:terena.org:userStatus:' .
'example.org:service:active.*@',
]
]
```

An alternate way of using this filter is to deny certain users. Or even use
multiple filters to create a simple ACL, by first allowing a group of users but
then denying a "black list" of users.

```php
'authproc.sp' => [
60 => array[
'class' => 'authorize:Authorize',
'deny' => true,
'uid' => [
'/.*@students.example.edu$/',
'/^(stu1|stu2|stu3)@example.edu$/',
]
]
]
```

The regex pattern matching can be turned off, allowing for exact attribute
matching rules. This can be helpful in cases where you know what the value
should be. An example of this is with the memberOf attribute or using the
ldap:AttributeAddUsersGroups filter with the group attribute.

Additionally, some helpful instructions are shown.

```php
'authproc.sp' => [
60 => [
'class' => 'authorize:Authorize',
'regex' => false,
'group' => [
'CN=SimpleSAML Students,CN=Users,DC=example,DC=edu',
'CN=All Teachers,OU=Staff,DC=example,DC=edu',
],
'reject_msg' => [
'en' => 'This service is only available to students and' .
' teachers. Please contact ' .
'<a href="mailto:[email protected]">support</a>.',
'nl' => 'Deze dienst is alleen beschikbaar voor studenten en ' .
'docenten. Neem contact op met ' .
'<a href="mailto:[email protected]">support</a>.',
],
],
],
```
27 changes: 27 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/locales/af/LC_MESSAGES/authorize.po
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@

#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: SimpleSAMLphp 1.15\n"
"Report-Msgid-Bugs-To: [email protected]\n"
"POT-Creation-Date: 2016-10-12 09:23+0200\n"
"PO-Revision-Date: 2016-10-14 12:14+0200\n"
"Last-Translator: \n"
"Language: af\n"
"Language-Team: \n"
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.3.4\n"

msgid "Access forbidden"
msgstr "Toegang verbode"

msgid ""
"You don't have the needed privileges to access this application. Please "
"contact the administrator if you find this to be incorrect."
msgstr ""
"Jy het nie die nodige regte vir toegang na die aansoek nie. Kontak "
"asseblief die administrateur indien dit inkorrek is."

28 changes: 28 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/locales/ar/LC_MESSAGES/authorize.po
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@

#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: SimpleSAMLphp 1.15\n"
"Report-Msgid-Bugs-To: [email protected]\n"
"POT-Creation-Date: 2016-10-12 09:23+0200\n"
"PO-Revision-Date: 2016-10-14 12:14+0200\n"
"Last-Translator: \n"
"Language: ar\n"
"Language-Team: \n"
"Plural-Forms: nplurals=6; plural=(n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n>=3 "
"&& n<=10 ? 3 : n>=11 && n<=99 ? 4 : 5)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.3.4\n"

msgid "Access forbidden"
msgstr "ممنوع الدخول"

msgid ""
"You don't have the needed privileges to access this application. Please "
"contact the administrator if you find this to be incorrect."
msgstr ""
"لا يمكنك الدخول لهذا التطبيق. قم بأخطار إدارة الموقع ان كنت تظن ان هذا "
"غير صحيح"

28 changes: 28 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/locales/cs/LC_MESSAGES/authorize.po
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@

#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: SimpleSAMLphp 1.15\n"
"Report-Msgid-Bugs-To: [email protected]\n"
"POT-Creation-Date: 2016-10-12 09:23+0200\n"
"PO-Revision-Date: 2016-10-14 12:14+0200\n"
"Last-Translator: \n"
"Language: cs\n"
"Language-Team: \n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.3.4\n"

msgid "Access forbidden"
msgstr "Přístup odmítnut"

msgid ""
"You don't have the needed privileges to access this application. Please "
"contact the administrator if you find this to be incorrect."
msgstr ""
"Nemáte dostatečná práva pro přístup k této aplikaci. Prosím, kontaktujte "
"administrátora, pokud toto omezení shledáváte nesprávné."

27 changes: 27 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/locales/da/LC_MESSAGES/authorize.po
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@

#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: SimpleSAMLphp 1.15\n"
"Report-Msgid-Bugs-To: [email protected]\n"
"POT-Creation-Date: 2016-10-12 09:23+0200\n"
"PO-Revision-Date: 2016-10-14 12:14+0200\n"
"Last-Translator: \n"
"Language: da\n"
"Language-Team: \n"
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.3.4\n"

msgid "Access forbidden"
msgstr "Adgang forbudt"

msgid ""
"You don't have the needed privileges to access this application. Please "
"contact the administrator if you find this to be incorrect."
msgstr ""
"Du har ikke de nødvendige privilegier til at tilgå applikationen. Kontakt"
" administratoren hvis du mener at dette ikke er korrekt."

28 changes: 28 additions & 0 deletions .extlib/simplesamlphp/modules/authorize/locales/de/LC_MESSAGES/authorize.po
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@

#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: SimpleSAMLphp 1.15\n"
"Report-Msgid-Bugs-To: [email protected]\n"
"POT-Creation-Date: 2016-10-12 09:23+0200\n"
"PO-Revision-Date: 2016-10-14 12:14+0200\n"
"Last-Translator: \n"
"Language: de\n"
"Language-Team: \n"
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.3.4\n"

msgid "Access forbidden"
msgstr "Zugriff verboten"

msgid ""
"You don't have the needed privileges to access this application. Please "
"contact the administrator if you find this to be incorrect."
msgstr ""
"Sie haben nicht die erforderlichen Berechtigungen um auf diese Anwendung "
"zuzugreifen. Bitte kontaktieren Sie einen Administrator, wenn Sie dies "
"ungerechtfertigt finden."

Loading

0 comments on commit 376431b

Please sign in to comment.