Add SAML support

Author: Brian Retterer

.travis.yml

@@ -1,26 +1,23 @@
 language: php
-
 php:
 - 5.6
 - 5.5
 - 5.4
-
 sudo: false
-
 services:
-  - redis-server
-  - memcached
-
+- redis-server
+- memcached
 before_script:
 - composer self-update
 - travis_retry composer install --prefer-dist --no-interaction
 - mkdir -p ~/.phpenv/versions/$(phpenv version-name)/etc
 - echo "extension = memcached.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
 - echo "extension = redis.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
-
 script:
-  - travis_retry vendor/bin/phpunit --coverage-clover build/logs/clover.xml
-
+- travis_retry vendor/bin/phpunit --coverage-clover build/logs/clover.xml
 after_success:
-  - bash <(curl -s https://codecov.io/bash)
-
+- bash <(curl -s https://codecov.io/bash)
+notifications:
+  hipchat:
+    rooms:
+      secure: DN61iUJL9kBtBfPqdHZk67IvadLdSR8+X2dV79qxx/OAFjhu+rW/K0PQp2VEgpUwHwROJxPhxiwXO8OLaA8v7rD7yp9diYwG8gjrmbOcLOphPhMuRlxSfDddWS7Eo7C177KfB2/WEbFhXhav4rDeso8xRUvGJwxqe1TYLQ7cwZo=

src/DataStore/DefaultDataStore.php

@@ -151,7 +151,7 @@ public function save(Resource $resource, $returnType = null)
 
         if (!strlen($href))
         {
-            throw new InvalidArgumentException('save may only be called on objects that have already been persisted (i.e. they have an existing href).');
+            throw new \InvalidArgumentException('save may only be called on objects that have already been persisted (i.e. they have an existing href).');
         }
 
         if ($this->needsToBeFullyQualified($href))
@@ -298,7 +298,6 @@ private function applyDefaultRequestHeaders(Request $request)
                                                   ->setPhpVersion(phpversion())
                                                   ->build();
 
-
         if ($body = $request->getBody())
         {
             $headers['Content-Type'] = 'application/json';
@@ -351,12 +350,30 @@ private function toStdClass(Resource $resource, $customData = false)
                 $property = $this->toStdClass($property);
             }
 
+            $properties->$name = $property;
+        }
 
+        return $properties;
+    }
 
-            $properties->$name = $property;
+    private function objectArrayToStdClass($property)
+    {
+        $properties = new \stdClass();
+
+        $class = new \ReflectionClass($property);
+
+        $classProperties = $class->getProperties();
+
+        foreach($classProperties as $prop) {
+            $method = 'get'.ucfirst($prop->name);
+            if(method_exists($property, $method)) {
+
+                $properties->{$prop->name} = $property->$method();
+            }
         }
 
         return $properties;
+
     }
 
     private function toSimpleReference($propertyName, \stdClass $properties)

src/DataStore/DefaultResourceFactory.php

@@ -17,6 +17,9 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+use Stormpath\Saml\AttributeStatementMappingRuleBuilder;
+use Stormpath\Saml\AttributeStatementMappingRulesBuilder;
+
 class DefaultResourceFactory implements ResourceFactory
 {
 
@@ -43,11 +46,19 @@ public function instantiate($className, array $constructorArgs)
             $newClass->customData;
         }
 
+        if($newClass instanceof \Stormpath\Resource\SamlProvider) {
+            $newClass = $this->convertSamlAttributeStatementMappingRules($newClass);
+        }
+
         return $newClass;
     }
 
     private function qualifyClassName($className)
     {
+        if (class_exists($className) && strstr($className, 'Stormpath')) {
+            return $className;
+        }
+
         if (strpos($className, self::RESOURCE_PATH) === false)
         {
             return self::RESOURCE_PATH .$className;
@@ -57,4 +68,26 @@ private function qualifyClassName($className)
 
     }
 
+    private function convertSamlAttributeStatementMappingRules($newClass)
+    {
+        $mappingRules = $newClass->getAttributeStatementMappingRules();
+        if(null === $mappingRules) {
+            return $newClass;
+        }
+
+        $items = $mappingRules->getItems();
+        $newItems = [];
+
+        $itemBuilder = new AttributeStatementMappingRuleBuilder();
+        foreach($items as $item) {
+            $newItems[] = $itemBuilder->setName($item->name)
+                ->setNameFormat($item->nameFormat)
+                ->setAccountAttributes($item->accountAttributes)
+                ->build();
+        }
+
+        $newClass->getAttributeStatementMappingRules()->items = $newItems;
+        return $newClass;
+    }
+
 }

src/Http/HttpClientRequestExecutor.php

@@ -42,6 +42,7 @@ public function __construct(RequestSigner $signer = null)
     public function executeRequest(Request $request, $redirectsLimit = 10)
     {
         $requestHeaders = $request->getHeaders();
+
         $apiKey = $request->getApiKey();
 
         if ($apiKey)

src/Resource/Application.php

@@ -46,6 +46,7 @@ class Application extends InstanceResource implements Deletable
     const LOGIN_ATTEMPTS                = "loginAttempts";
     const OAUTH_POLICY                  = "oAuthPolicy";
     const CUSTOM_DATA                   = "customData";
+    const AUTHORIZED_CALLBACK_URIS      = "authorizedCallbackUris";
 
     const PATH                          = "applications";
 
@@ -112,6 +113,32 @@ public function setStatus($status)
         }
     }
 
+    /**
+     * Array that defines the authorized URIs that the IdP can return your
+     * user to. These should be URIs that you host yourself.
+     *
+     * @since 1.13.0
+     * @param array $uris
+     * @return self
+     */
+    public function setAuthorizedCallbackUris(array $uris = [])
+    {
+        $this->setProperty(self::AUTHORIZED_CALLBACK_URIS, $uris);
+        return $this;
+    }
+
+    /**
+     * Returns Array that defines the authorized URIs that the IdP can return
+     * your user to. These should be URIs that you host yourself.
+     *
+     * @since 1.13.0
+     * @return array
+     */
+    public function getAuthorizedCallbackUris()
+    {
+        return (array) $this->getProperty(self::AUTHORIZED_CALLBACK_URIS);
+    }
+
     public function getTenant(array $options = array())
     {
         return $this->getResourceProperty(self::TENANT, Stormpath::TENANT, $options);

src/Resource/SamlProvider.php

@@ -19,17 +19,26 @@
 
 use Stormpath\Client;
 use Stormpath\DataStore\InternalDataStore;
+use Stormpath\Saml\AttributeStatementMappingRules;
 use Stormpath\Stormpath;
 
 /** @since 1.13.0 */
-class SamlProvider extends Provider
+class SamlProvider extends Provider implements Saveable
 {
-    const SSO_LOGIN_URL                 = "ssoLoginUrl";
-    const SSO_LOGOUT_URL                = "ssoLogoutUrl";
-    const ENCODED_X509_SIGNING_CERT     = "encodedX509SigningCert";
-    const REQUEST_SIGNATURE_ALGOITHM    = "requestSignatureAlgorithm";
-    const SAML_PROVIDER_METADATA        = "serviceProviderMetadata";
-    const SAML_PROVIDER_ID              = "saml";
+    const SSO_LOGIN_URL                         = "ssoLoginUrl";
+    const SSO_LOGOUT_URL                        = "ssoLogoutUrl";
+    const ENCODED_X509_SIGNING_CERT             = "encodedX509SigningCert";
+    const REQUEST_SIGNATURE_ALGOITHM            = "requestSignatureAlgorithm";
+    const ATTRIBUTE_STATEMENT_MAPPING_RULES     = "attributeStatementMappingRules";
+    const SAML_PROVIDER_METADATA                = "serviceProviderMetadata";
+
+    const SAML_PROVIDER_ID                      = "saml";
+
+    public function __construct(InternalDataStore $dataStore = null, \stdClass $properties = null)
+    {
+        parent::__construct($dataStore, $properties);
+        $this->setProperty(self::PROVIDER_ID, self::SAML_PROVIDER_ID);
+    }
 
     /**
      * Retreive a SAML Provider based on the Href.
@@ -46,27 +55,21 @@ public static function get($href, array $options = [])
             $href = $href.'/'.self::PATH;
         }
 
-        return Client::get($href, Stormpath::SAML_PROVIDER, Directory::PATH, $options);
+        return Client::get($href, Stormpath::SAML_PROVIDER, null, $options);
     }
 
     /**
-     * Create an instance of SAML Provider.
+     * Create a new SAML Provider instance with properties.
      *
      * @since 1.13.0
-     * @param null|array $properties
+     * @param array|null $properties
      * @return \Stormpath\Resource\SamlProvider
      */
     public static function instantiate($properties = null)
     {
         return Client::instantiate(Stormpath::SAML_PROVIDER, $properties);
     }
 
-    public function __construct(InternalDataStore $dataStore = null, \stdClass $properties = null)
-    {
-        parent::__construct($dataStore, $properties);
-        $this->setProperty(self::PROVIDER_ID, self::SAML_PROVIDER_ID);
-    }
-
     /**
      * The URL at the IdP to which SAML authentication requests should be sent.
      * This is often called an “SSO URL”, “Login URL” or “Sign-in URL”
@@ -121,13 +124,26 @@ public function getRequestSignatureAlgorithm()
      *
      * @since 1.13.0
      * @param array $options
-     * @return null|\Stormpath\DataStore\a
+     * @return \Stormpath\Resource\SamlProviderData
      */
     public function getServiceProviderMetadata(array $options = [])
     {
-        return $this->getResourceProperty(self::SAML_PROVIDER_METADATA, Stormpath::SAML_PROVIDER_METADATA, $options);
+        return $this->getResourceProperty(self::SAML_PROVIDER_METADATA, Stormpath::SAML_PROVIDER_DATA, $options);
     }
 
+    /**
+     * Get the Attribute Statement Mapping Rules for the SAML Provider.
+     *
+     * @since 1.13.0
+     * @param array $options
+     * @return \Stormpath\Saml\AttributeStatementMappingRules
+     */
+    public function getAttributeStatementMappingRules(array $options = [])
+    {
+        return $this->getResourceProperty(self::ATTRIBUTE_STATEMENT_MAPPING_RULES, Stormpath::ATTRIBUTE_STATEMENT_MAPPING_RULES, $options);
+    }
+
+
     /**
      * Set the URL at the IdP to which SAML authentication requests should be sent.
      * This is often called an “SSO URL”, “Login URL” or “Sign-in URL”
@@ -185,4 +201,21 @@ public function setRequestSignatureAlgorithm($requestSignatureAlgorithm)
         return $this;
     }
 
+    /**
+     * Set the Attribute Statement Mapping Rules for the SAML Provider.
+     *
+     * @since 1.13.0
+     * @param AttributeStatementMappingRules $attributeStatementMappingRules
+     * @return self
+     */
+    public function setAttributeStatementMappingRules(AttributeStatementMappingRules $attributeStatementMappingRules)
+    {
+        $this->setProperty(self::ATTRIBUTE_STATEMENT_MAPPING_RULES, $attributeStatementMappingRules);
+        return $this;
+    }
+
+    public function save()
+    {
+        $this->getDataStore()->save($this);
+    }
 }

src/Resource/SamlProviderData.php

@@ -1,8 +1,66 @@
 <?php
+/*
+ * Copyright 2016 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
-namespace Resource;
+namespace Stormpath\Resource;
 
-class SamlProviderData
+use Stormpath\Stormpath;
+
+/** @since 1.13.0 */
+class SamlProviderData extends InstanceResource
 {
+    const ENTITY_ID                                 = 'entityId';
+    const X509_SIGNING_CERT                         = 'x509SigningCert';
+    const ASSERTION_CONSUMER_SERVICE_POST_ENDPOINT  = 'assertionConsumerServicePostEndpoint';
+
+    /**
+     * This returns the value of the Entity Id from the IdP XML
+     *
+     * @since 1.13.0
+     * @return string
+     */
+    public function getEntityId()
+    {
+        return $this->getProperty(self::ENTITY_ID);
+    }
+
+    /**
+     * The certificate that is used to sign the requests sent to the IdP. If
+     * you retrieve XML, the certificate will be embedded. If you retrieve
+     * JSON, you’ll have to follow a further /x509certificates link to
+     * retrieve it.
+     *
+     * @since 1.13.0
+     * @param array $options
+     * @return null|\Stormpath\Resource\X509SigningCert
+     */
+    public function getX509SigningCert(array $options = [])
+    {
+        return $this->getResourceProperty(self::X509_SIGNING_CERT, Stormpath::X509_SIGNING_CERT, $options);
+    }
 
+    /**
+     * This is the location the IdP will send its response to.
+     *
+     * @since 1.13.0
+     * @param array $options
+     * @return null|\Stormpath\Resource\AssertionConsumerServicePostEndpoint
+     */
+    public function getAssertionConsumerServicePostEndpoint(array $options = [])
+    {
+        return $this->getResourceProperty(self::ASSERTION_CONSUMER_SERVICE_POST_ENDPOINT, Stormpath::ASSERTION_CONSUMER_SERVICE_POST_ENDPOINT);
+    }
 }