Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v.0.6.0 #26

Open
wants to merge 114 commits into
base: main
Choose a base branch
from
Open

v.0.6.0 #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
114 commits
Select commit Hold shift + click to select a range
443ee78
Merge pull request #1 from italia/main
rglauco May 23, 2023
fa3feb4
chore(deps): allow PHP 8
melanger Jul 28, 2023
609b9ae
chore(deps): add missing extensions into composer.json
melanger Jul 28, 2023
143e861
feat: more configurable AuthenticationRequest and EntityStatement
melanger Aug 29, 2023
7fdcc9c
fix: corrected trust_ancor URL
rglauco Nov 1, 2023
80ed1cf
fix: minor corrections in Dockerfiles
rglauco Nov 1, 2023
c598fa7
fix: updated Dockerfile drupal version and dependancies
rglauco Nov 1, 2023
97c3576
fix: removed arguments error exception in TrustChain
rglauco Nov 1, 2023
e844fd0
fix: use of $PREFIX/fiscal_code, fixed wordpress example
rglauco Nov 2, 2023
8c95789
fix: test with aprropriate userinfo fiscal_number
rglauco Nov 2, 2023
9d5f1fd
fix: updated proxy Dockerfile
rglauco Nov 8, 2023
d046fd7
Update README.md
rglauco Feb 7, 2024
d002080
fix cie wip
damikael Mar 5, 2024
e5e93e4
fix setup
damikael Mar 12, 2024
58af15d
fix setup
damikael Mar 12, 2024
9fdf4f5
feat: first commit towards CIE federation compatibility
rglauco Mar 14, 2024
f024496
Merge branch 'main' of github.com:rglauco/spid-cie-oidc-php
rglauco Mar 14, 2024
5e996ca
fix: commented x5c etc.. in RevocationRequest
rglauco Mar 14, 2024
591c90c
feat: Dockerfile for local deployment
rglauco Mar 14, 2024
052f470
fix: Dockerfile.test
rglauco Mar 14, 2024
f083624
chore: updated links
Mar 15, 2024
e5ba24e
fix: aud
Mar 15, 2024
6190606
fix: JWT EC Authz
Mar 15, 2024
eca880e
fix: enc in EC
Mar 15, 2024
4ae39b7
fix: kid
Mar 15, 2024
6edb58b
fix: ES
Mar 15, 2024
9e047b2
fix: ES
Mar 15, 2024
8955df0
fix: missing kid in authreq
rglauco Mar 15, 2024
e88ec99
fix: authreq scope
rglauco Mar 15, 2024
8403047
fix: typ authreq
rglauco Mar 15, 2024
ea8c5d6
fix: TM in EC
rglauco Mar 15, 2024
b4f9321
fix: TM in Setup.php
rglauco Mar 15, 2024
9704604
fix: authreq jwt
rglauco Mar 15, 2024
8b11245
fix: use of appropriate sig and enc keys in token operations
rglauco Mar 15, 2024
d71dd31
fix: sig keys for Token Request
rglauco Mar 15, 2024
3d850a5
fix: unnecessary claim from header
rglauco Mar 15, 2024
56ac6a7
fix: OP redirect uri urldecoded
rglauco Mar 15, 2024
0b8ec4d
fix: aud from EC
rglauco Mar 19, 2024
f19dff1
fix: docs
rglauco Mar 19, 2024
54feb0d
chore: deletes Test Dockerfiles
rglauco Mar 19, 2024
b61626e
fix: userinfo test and aud array in auth req
rglauco Mar 19, 2024
b356626
fix: issuer instead of client_id
rglauco Mar 19, 2024
cf90cc6
fix: issuer in index.php
rglauco Mar 19, 2024
d405bcd
fix: jti format, typos
rglauco Mar 19, 2024
34a36e6
Update AuthenticationEndpoint.php
damikael Mar 20, 2024
c872023
fix: CIE Federation and logon process
damikael Mar 20, 2024
3673efc
fix undefineds
damikael Mar 21, 2024
36c2a52
fix cie wip
damikael Mar 5, 2024
3582411
fix setup
damikael Mar 12, 2024
865f550
fix setup
damikael Mar 12, 2024
b435788
merge: #17
damikael Jun 3, 2024
8b35174
fix undefineds
damikael Mar 21, 2024
f07dcb2
merge: #17
damikael Jun 3, 2024
579210d
fix: add properties declaration for php 8.2 compatibility
damikael Jun 3, 2024
0a1b3f0
Merge branch 'dev' into main
damikael Jun 3, 2024
1858dfc
Update config.json
damikael Jun 3, 2024
7d58faf
Update config.json
damikael Jun 3, 2024
c604474
Merge branch 'dev' into main
damikael Jun 3, 2024
0ce2129
Merge pull request #19 from rglauco/main
damikael Jun 3, 2024
c5bdf91
fix: add properties declaration for php 8.2 compatibility
damikael Jun 3, 2024
1f1a438
- upd: README
damikael Jun 3, 2024
22d6516
upd gitignore
damikael Jun 3, 2024
5c0fef8
fix: coding style
damikael Jun 3, 2024
c0fcf6b
fix: coding style
damikael Jun 3, 2024
04df515
fix: tests
damikael Jun 3, 2024
910433f
Update ci.yml
damikael Jun 3, 2024
dbd8c99
upd sample config
damikael Jun 3, 2024
91ab111
fix JWT isValid when exp is not present
damikael Jun 18, 2024
82774d2
feat: SA funcs
damikael Jun 18, 2024
2906354
feat: add make entity statement for rp from sa
damikael Jun 18, 2024
023d171
fix: undeclared properties
damikael Jun 18, 2024
ae5c460
feat: add FetchEntityStatementEndpoint
damikael Jun 18, 2024
1078ba5
feat: add /fetch
damikael Jun 18, 2024
18cd18f
fix: SA ES
damikael Jun 19, 2024
24c9291
fix: GET TM for id
damikael Jun 19, 2024
3b2dfbc
fix: POST TM
damikael Jun 19, 2024
6b6fbec
fix: domain based redirect_uri into RP Entity Configuration
damikael Jun 19, 2024
e8bcef7
todo: resolve endpoint
damikael Jun 19, 2024
5386778
fix: undeclared properties
damikael Jun 19, 2024
f4bc5f8
fix: domain based redirect_uri
damikael Jun 19, 2024
03db9b2
fix: introspection undeclared and configs
damikael Jun 19, 2024
1648ca7
fix: revocation undeclared and configs
damikael Jun 19, 2024
c07f05b
fix: tokenrequest undeclared and configs
damikael Jun 19, 2024
ffa6c6c
fix: userinforequest undeclared and configs
damikael Jun 19, 2024
2a3b2f8
fix: undeclared properties
damikael Jun 19, 2024
c677f0a
fix: domain based redirect_uri, proxy_redirect_uri
damikael Jun 19, 2024
479cb65
fix: undefined var
damikael Jun 19, 2024
35f0ea2
v.0.5.0
damikael Jun 19, 2024
66dc22f
feat: log management
damikael Jun 20, 2024
7ba3471
fix: config
damikael Jun 20, 2024
9bd388a
fix: AuthenticationRequest log
damikael Jun 20, 2024
36f2134
add end_session_endpoint to OP discovery
damikael Jun 20, 2024
cc9fc8e
fix: ResponseHandler
damikael Jun 20, 2024
95162d4
fix: change STRING to VARCHAR to avoid issue with string starting wit…
damikael Jun 20, 2024
084f2c8
fix log, fix null auth header
damikael Jun 20, 2024
a7664ad
fix fiscal_number claim
damikael Jun 20, 2024
ead18ff
add useful logs
damikael Jun 20, 2024
d068b28
fix session end point when null parameters
damikael Jun 20, 2024
62a0a80
add rp_proxy_client configuration
damikael Jun 21, 2024
d6ba7ac
Merge pull request #1 from rglauco/main
Zhigalin Jul 9, 2024
8d9fa36
Added a dummy file in the data dir to fix DB access error at first in…
Zhigalin Jul 9, 2024
8310f4e
Saving the configuration with pretty format to make it easier to read…
Zhigalin Jul 9, 2024
67e6ab1
Added a confirmation message before deleting the www root if no servi…
Zhigalin Jul 9, 2024
2823fcb
Added missing logger dependency
Zhigalin Jul 10, 2024
95954a6
Allow complete cleanup with the uninstall script
Zhigalin Jul 10, 2024
16436a2
Merge pull request #20 from Zhigalin/fix-data
damikael Jul 25, 2024
8e2a726
Merge pull request #21 from Zhigalin/feature-pretty-config
damikael Jul 25, 2024
c45e2e1
Merge pull request #22 from Zhigalin/feature-protect-webdir
damikael Jul 25, 2024
1cca7ab
Merge pull request #24 from Zhigalin/feature-cleanup
damikael Jul 25, 2024
32cebe3
Merge pull request #23 from Zhigalin/fix-logger
damikael Jul 25, 2024
9dce6cb
feat: add azure log handler
damikael Sep 4, 2024
156a065
fix: fix logout if not client_id
damikael Sep 4, 2024
80e4d83
v.0.6.0
damikael Sep 4, 2024
9561b44
fix: AzureHandler
damikael Sep 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 7.4
php-version: 8.3

- name: Validate composer.json and composer.lock
run: composer validate
Expand Down
5 changes: 5 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,12 @@ error_log
/data/
/www/assets/spid-sp-access-button/
/www/doc
/www/stats
/www/test.php
/.phpdoc/
/.phpunit.cache/
tests.sqlite

/www/assets
/www/view
/log
11 changes: 11 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,17 @@ SPID/CIE OIDC PHP is:
- Proxy functions
- Ready to use

## Requirements

- Web server
- php >= 8.0.28
- ^7.4 || ^8.0
- php-gmp
- php-mbstring
- php-simplexml
- php-sqlite3
- php-zip

## Setup

```
Expand Down
20 changes: 13 additions & 7 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"license": "Apache-2.0",
"type": "project",
"config": {
"version": "0.1.0"
"version": "0.6.0"
},
"repositories": {
"spid-sp-access-button": {
Expand All @@ -27,13 +27,15 @@
}
},
"require": {
"php": "~7.4.1",
"php": "^7.4 || ^8.0",
"ext-mbstring": "*",
"ext-gmp": "*",
"ext-openssl": "*",
"ext-readline": "*",
"lib-openssl": ">=1.1.1",
"symfony/filesystem": "^5.2.6",
"italia/spid-sp-access-button": "^1.0.0",
"bcosca/fatfree": "^3.7",
"bcosca/fatfree": "^3.8",
"guzzlehttp/guzzle": "^7.0",
"web-token/jwt-core": "^2.2.11",
"web-token/jwt-key-mgmt": "^2.2.11",
Expand All @@ -47,7 +49,8 @@
"web-token/jwt-encryption-algorithm-rsa": "^2.2.11",
"web-token/jwt-encryption-algorithm-pbes2": "^2.2.11",
"web-token/jwt-encryption-algorithm-aesgcm": "^2.2.11",
"web-token/jwt-encryption-algorithm-aescbc": "^2.2.11"
"web-token/jwt-encryption-algorithm-aescbc": "^2.2.11",
"monolog/monolog": "^3.7"
},
"require-dev": {
"squizlabs/php_codesniffer": "3.*",
Expand All @@ -61,11 +64,14 @@
"post-update-cmd": [
"SPID_CIE_OIDC_PHP\\Setup\\Setup::setup"
],
"uninstall": [
"scop-uninstall": [
"SPID_CIE_OIDC_PHP\\Setup\\Setup::remove"
]
],
"phpcs": "php vendor/bin/phpcs --ignore=*/spid-sp-access-button/* --standard=PSR12 --warning-severity=0 lib www",
"phpcbf": "php vendor/bin/phpcbf --ignore=*/spid-sp-access-button/* --standard=PSR12 --warning-severity=0 lib www",
"test": "php ./vendor/bin/phpunit"
},
"scripts-descriptions": {
"uninstall": "Remove all packages and custom configurations"
"scop-uninstall": "Remove all packages and custom configurations"
}
}
188 changes: 152 additions & 36 deletions config_sample/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,44 +3,152 @@
"install_dir": "/home/spid-cie-oidc-php",
"www_dir": "/var/www/html",
"service_name": "",
"homepage": "/test.php",
"default_domain": "default",

"log_handler": "stream",
"log_stream_path": "./log/spid-cie-oidc-php.log",
"log_azure_tenantId": "",
"log_azure_appId": "",
"log_azure_appSecret": "",
"log_azure_dceURI": "",
"log_azure_dcrImmutableId": "",
"log_azure_table": "",

"sa": {
"client_id": "http://relying-party-php.org:8003/",
"client_name": "Soggetto Aggregatore",
"organization_name": "Soggetto Aggregatore",
"authority_hint": "http://trust-anchor.org:8000",
"contacts": [
"info@sa.org"
],
"is_pa": false,
"code_type": "VATNumber",
"code": "000",
"organization_identifier": "VATIT-000",
"fpa_id_paese": "IT",
"fpa_id_codice": "000",
"fpa_denominazione": "Soggetto Aggregatore",
"fpa_indirizzo": "indirizzo",
"fpa_numero_civico": "01",
"fpa_cap": "00000",
"fpa_comune": "Comune",
"fpa_provincia": "Roma",
"fpa_nazione": "IT",
"fpa_organization_name": "Soggetto Aggregatore",
"fpa_organization_email_address": "info@sa.org",
"fpa_organization_telephone_number": "+39000",
"country_name": "IT",
"locality_name": "locality",
"email": "info@sa.org",
"telephone": "+39000",
"homepage_uri": "http://relying-party-php.org:8003/homepage_uri",
"logo_uri": "http://relying-party-php.org:8003/logo_uri",
"policy_uri": "http://relying-party-php.org:8003/policy_uri",
"requested_acr": [
2,
1
],
"spid_user_attributes": [
"given_name",
"family_name",
"https://attributes.eid.gov.it/fiscal_number"
],
"trust_marks": [

],
"response_handler": "SPID_CIE_OIDC_PHP\\Response\\ResponseHandlerPlain",
"cert_private_fed": "/home/spid-cie-oidc-php/cert/rp-fed.pem",
"cert_public_fed": "/home/spid-cie-oidc-php/cert/rp-fed.crt",
"cert_private": "/home/spid-cie-oidc-php/cert/rp.pem",
"cert_public": "/home/spid-cie-oidc-php/cert/rp.crt",
"cert_enc_private": "/home/spid-cie-oidc-php/cert/rp-enc.pem",
"cert_enc_public": "/home/spid-cie-oidc-php/cert/rp-enc.crt"
},
"rp_proxy_clients": {
"default": {
"trust_mark": "",
"cert_private": "/home/spid-cie-oidc-php/cert/rp.pem",
"cert_public": "/home/spid-cie-oidc-php/cert/rp.crt",
"client_id": "http://relying-party-php.org:8003/",
"client_name": "Relying Party PHP",
"authority_hint": "http://trust-anchor.org:8000/",
"contact": "info@relying-party-php.org",
"organization_name": "Relying Party PHP Organization",
"authority_hint": "http://trust-anchor.org:8000",
"contacts": [
"info@relying-party-php.org"
],
"is_pa": true,
"code": "ipa",
"code_type": "IPACode",
"code": "ipa",
"organization_identifier": "PA:IT-ipa",
"fpa_id_paese": "IT",
"fpa_id_codice": "000",
"fpa_denominazione": "Soggetto Aggregatore",
"fpa_indirizzo": "indirizzo",
"fpa_numero_civico": "01",
"fpa_cap": "00000",
"fpa_comune": "Comune",
"fpa_provincia": "Roma",
"fpa_nazione": "IT",
"fpa_organization_name": "Soggetto Aggregatore",
"fpa_organization_email_address": "info@sa.org",
"fpa_organization_telephone_number": "+39000",
"country_name": "IT",
"locality_name": "Rome",
"email": "info@relying-party-php.org",
"telephone": "+3912345678",
"homepage_uri": "http://relying-party-php.org:8003/homepage_uri",
"logo_uri": "http://relying-party-php.org:8003/logo_uri",
"policy_uri": "http://relying-party-php.org:8003/policy_uri",
"requested_acr": [
2,
1
"https://www.spid.gov.it/SpidL1",
"http://eidas.europa.eu/LoA/low"
],
"spid_user_attributes": [
"name",
"familyName",
"email",
"fiscalNumber"
"given_name",
"family_name",
"birthdate",
"https://attributes.eid.gov.it/fiscal_number"
],
"trust_marks": [
{
"trust_mark": "",
"iss": "https://oidc.registry.servizicie.interno.gov.it",
"id": "https://oidc.registry.servizicie.interno.gov.it/openid_relying_party/public"
},
{
"trust_mark": "",
"iss": "https://preprod.oidc.registry.servizicie.interno.gov.it",
"id": "https://preprod.oidc.registry.servizicie.interno.gov.it/openid_relying_party/public"
}
],
"redirect_uri": "http://relying-party-php.org:8003/test.php",
"response_handler": "SPID_CIE_OIDC_PHP\\Response\\ResponseHandlerPlain"
"proxy_redirect_uri": "/test.php",
"proxy_response_handler": "SPID_CIE_OIDC_PHP\\Response\\ResponseHandlerPlain",
"cert_private_fed": "./cert/rp-fed.pem",
"cert_public_fed": "./cert/rp-fed.crt",
"cert_private": "./cert/rp.pem",
"cert_public": "./cert/rp.crt",
"cert_enc_private": "./cert/rp-enc.pem",
"cert_enc_public": "./cert/rp-enc.crt",
"application_type": "web",
"client_registration_types": ["automatic"],
"subject_type": "pairwise",
"scope": "openid",
"code_challenge_method": "S256",
"prompt": "consent login"
},
"2b4601ab-9e1b-4f5b-8b1e-3ae27beb9fdb": {
"cert_private": "/home/spid-cie-oidc-php/cert/rp.pem",
"cert_public": "/home/spid-cie-oidc-php/cert/rp.crt",
"cert_private": "./cert/rp.pem",
"cert_public": "./cert/rp.crt",
"cert_enc_private": "./cert/rp-enc.pem",
"cert_enc_public": "./cert/rp-enc.crt",
"cert_private_fed": "./cert/rp-fed.pem",
"cert_public_fed": "./cert/rp-fed.crt",
"client_id": "http://relying-party-php.org:8003/",
"client_name": "Relying Party PHP Wordpress",
"authority_hint": "http://trust-anchor.org:8000/",
"contact": "info@relying-party-php.org",
"authority_hint": "http://trust-anchor.org:8000",
"contacts": [
"info@relying-party-php.org"
],
"is_pa": true,
"code": "ipa",
"code_type": "IPACode",
Expand All @@ -54,21 +162,27 @@
1
],
"spid_user_attributes": [
"name",
"familyName",
"email",
"fiscalNumber"
"given_name",
"family_name",
"birthdate",
"https://attributes.eid.gov.it/fiscal_number"
],
"redirect_uri": "http://relying-party-php.org:8003/oidc/proxy/callback",
"response_handler": "SPID_CIE_OIDC_PHP\\Response\\ResponseHandlerPlain"
"proxy_redirect_uri": "http://relying-party-php.org:8003/oidc/proxy/callback",
"proxy_response_handler": "SPID_CIE_OIDC_PHP\\Response\\ResponseHandlerPlain"
},
"9798f8ca-2682-49bc-ac2f-67b568b86b74": {
"cert_private": "/home/spid-cie-oidc-php/cert/rp.pem",
"cert_public": "/home/spid-cie-oidc-php/cert/rp.crt",
"cert_private": "./cert/rp.pem",
"cert_public": "./cert/rp.crt",
"cert_enc_private": "./cert/rp-enc.pem",
"cert_enc_public": "./cert/rp-enc.crt",
"cert_private_fed": "./cert/rp-fed.pem",
"cert_public_fed": "./cert/rp-fed.crt",
"client_id": "http://relying-party-php.org:8003/",
"client_name": "Relying Party PHP Drupal",
"authority_hint": "http://trust-anchor.org:8000/",
"contact": "info@relying-party-php.org",
"authority_hint": "http://trust-anchor.org:8000",
"contacts": [
"info@relying-party-php.org"
],
"is_pa": true,
"code": "ipa",
"code_type": "IPACode",
Expand All @@ -82,25 +196,26 @@
1
],
"spid_user_attributes": [
"name",
"familyName",
"email",
"fiscalNumber"
"given_name",
"family_name",
"birthdate",
"https://attributes.eid.gov.it/fiscal_number"
],
"redirect_uri": "http://relying-party-php.org:8003/oidc/proxy/callback",
"response_handler": "SPID_CIE_OIDC_PHP\\Response\\ResponseHandlerPlain"
"proxy_redirect_uri": "http://relying-party-php.org:8003/oidc/proxy/callback",
"proxy_response_handler": "SPID_CIE_OIDC_PHP\\Response\\ResponseHandlerPlain"
}
},

"op_proxy_client_id": "http://relying-party-php.org:8003/oidc/proxy/",
"op_proxy_cert_private": "/home/spid-cie-oidc-php/cert/op.pem",
"op_proxy_cert_public": "/home/spid-cie-oidc-php/cert/op.crt",
"op_proxy_cert_private": "./cert/op.pem",
"op_proxy_cert_public": "./cert/op.crt",
"op_proxy_clients": {
"2b4601ab-9e1b-4f5b-8b1e-3ae27beb9fdb": {
"name": "TEST",
"description": "TEST WordPress",
"technical_reference": "technical reference",
"technical_contact": "contact@email",
"rp_proxy_client": "2b4601ab-9e1b-4f5b-8b1e-3ae27beb9fdb",
"client_id": "2b4601ab-9e1b-4f5b-8b1e-3ae27beb9fdb",
"client_secret": "389451f0-dc60-4fba-8c03-eea4adb340b6",
"redirect_uri": [
Expand All @@ -117,6 +232,7 @@
"description": "TEST Drupal",
"technical_reference": "technical reference",
"technical_contact": "contact@email",
"rp_proxy_client": "9798f8ca-2682-49bc-ac2f-67b568b86b74",
"client_id": "9798f8ca-2682-49bc-ac2f-67b568b86b74",
"client_secret": "59764f55-eb1e-49a6-80f7-0efc7edeeeb2",
"redirect_uri": [
Expand All @@ -129,4 +245,4 @@
"token_endpoint_auth_method": "client_secret_basic"
}
}
}
}
9 changes: 7 additions & 2 deletions config_sample/federation-authority.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
{
{ "https://preprod.oidc.registry.servizicie.interno.gov.it": {
"organization_name": "Federazione CIE preproduzione"
},
"https://oidc.registry.servizicie.interno.gov.it": {
"organization_name": "Federazione CIE"
},
"https://registry.spid.gov.it": {
"organization_name": "Federazione SPID"
},
Expand All @@ -8,7 +13,7 @@
"http://localhost:8000": {
"organization_name": "Federazione test local"
},
"http://trust-anchor.org:8000/": {
"http://trust-anchor.org:8000": {
"organization_name": "Federazione test oidcfed"
}
}
Empty file added data/.dummy
View file
Open in desktop
Empty file.
Loading
Loading