adding after gitignore removal

Author: jay-oswald

.extlib/simplesamlphp/modules/authorize/LICENSE

@@ -0,0 +1,27 @@
+# Authorize
+
+![Build Status](https://github.com/simplesamlphp/simplesamlphp-module-authorize/workflows/CI/badge.svg?branch=master)
+[![Coverage Status](https://codecov.io/gh/simplesamlphp/simplesamlphp-module-authorize/branch/master/graph/badge.svg)](https://codecov.io/gh/simplesamlphp/simplesamlphp-module-authorize)
+[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/simplesamlphp/simplesamlphp-module-authorize/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/simplesamlphp/simplesamlphp-module-authorize/?branch=master)
+[![Type Coverage](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-authorize/coverage.svg)](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-authorize)
+[![Psalm Level](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-authorize/level.svg)](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-authorize)
+
+## Install
+
+Install with composer
+
+```bash
+    vendor/bin/composer require simplesamlphp/simplesamlphp-module-authorize
+```
+
+## Configuration
+
+Next thing you need to do is to enable the module: in `config.php`,
+search for the `module.enable` key and set `authorize` to true:
+
+```php
+    'module.enable' => [
+        'authorize' => true,
+        …
+    ],
+```

.extlib/simplesamlphp/modules/authorize/README.md

@@ -0,0 +1,49 @@
+{
+    "name": "simplesamlphp/simplesamlphp-module-authorize",
+    "description": "This module provides a user authorization filter based on attribute matching",
+    "type": "simplesamlphp-module",
+    "keywords": ["simplesamlphp", "authorize"],
+    "license": "LGPL-2.1-or-later",
+    "authors": [
+        {
+            "name": "Ernesto Revilla",
+            "email": "erny@yaco.es"
+        }
+    ],
+    "config": {
+        "preferred-install": {
+            "simplesamlphp/simplesamlphp": "source",
+            "*": "dist"
+        },
+        "allow-plugins": {
+            "composer/package-versions-deprecated": true,
+            "dealerdirect/phpcodesniffer-composer-installer": true,
+            "phpstan/extension-installer": true,
+            "simplesamlphp/composer-module-installer": true
+        }
+    },
+    "autoload": {
+        "psr-4": {
+            "SimpleSAML\\Module\\authorize\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "SimpleSAML\\Module\\Authorize\\Tests\\Utils\\": "tests/Utils",
+            "SimpleSAML\\Test\\Utils\\": "vendor/simplesamlphp/simplesamlphp/tests/Utils"
+        }
+    },
+    "require": {
+        "php": "^8.1",
+        "simplesamlphp/assert": "^1.0",
+        "simplesamlphp/simplesamlphp": "^2.1",
+        "symfony/http-foundation": "^6.4"
+    },
+    "require-dev": {
+        "simplesamlphp/simplesamlphp-test-framework": "^1.5"
+    },
+    "support": {
+        "issues": "https://github.com/simplesamlphp/simplesamlphp-module-authorize/issues",
+        "source": "https://github.com/simplesamlphp/simplesamlphp-module-authorize"
+    }
+}

.extlib/simplesamlphp/modules/authorize/composer.json

@@ -0,0 +1,158 @@
+# authorize Module
+
+* Author: Ernesto Revilla <erny@yaco.es>, Yaco Sistemas, Ryan Panning
+* Package: SimpleSAMLphp
+
+This module provides a user authorization filter based on attribute matching
+for those applications that do not cleanly separate authentication from
+authorization and set some default permissions for authenticated users.
+
+`authorize:Authorize`
+: Authorize certain users based on attribute matching
+
+## `authorize:Authorize`
+
+There are three configuration options that can be defined: `deny`, `regex`,
+and `reject_msg`. All other filter configuration options are considered
+attribute matching rules.
+
+Unauthorized users will be shown a 403 Forbidden page.
+
+### `deny`
+
+The default action of the filter is to authorize only if an attribute match
+is found (default allow). When set to TRUE, this option reverses that rule and
+authorizes the user unless an attribute match is found (default deny), causing
+an unauthorized action.
+
+**Note**: This option needs to be boolean (TRUE/FALSE) else it will be considered
+          an attribute matching rule.
+
+### `regex`
+
+Turn regex pattern matching on or off for the attribute values defined. For
+backwards compatibility, this option defaults to TRUE, but can be turned off
+by setting it to FALSE.
+
+**Note**: This option needs to be boolean (TRUE/FALSE) else it will be
+          considered an attribute matching rule.
+
+### `reject_msg`
+
+This option can be used to provide a localised, custom message to an
+unauthorised user. For example: tailored instructions on how to fix the
+authorisation issue, specific contact details, etc.
+
+It should be an array of key/value pairs, with the keys as the language code.
+You can use HTML in the message. See below for an example.
+
+### `errorURL`
+
+If the identity provider includes an `errorURL` in metadata, this option turns
+on or off the generation of a context-specific errorURL in accordance with the
+REFEDS SAML2 Metadata Deployment Profile for errorURL. Defaults to TRUE.
+
+**Note**: This option needs to be boolean (TRUE/FALSE) else it will be
+          considered an attribute matching rule.
+
+### `allow_reauthentication`
+
+This option can be used to allow users to re-authenticate if they are
+unauthorized. If set to TRUE, the user will be shown a button to re-authenticate.
+If set to FALSE, the user will not be shown a button to re-authenticate.
+
+**Note**: This option needs to be boolean (TRUE/FALSE) else it will be
+          considered FALSE.
+
+### `show_user_attribute`
+
+This option can be used to show the user attribute, to inform the with which
+account they are logged in. If set to a valid attribute, the user will see
+the first value of that attribute.
+
+**Note**: This option needs to be a string else it will be considered disabled.
+          Default value is NULL.
+
+## Attribute Rules
+
+Each additional filter configuration option is considered an attribute matching
+rule. For each attribute, you can specify a string or array of strings to match.
+If one of those attributes match one of the rules (OR operator), the user is
+authorized/unauthorized (depending on the deny config option).
+
+**Note**: If regex is enabled, you must use the preg_match format, i.e. you have
+          to enclose it with a delimiter that does not appear inside the regex
+          (e.g. slash (/), at sign (@), number sign (#) or underscore (`_`)).
+
+### Problems
+
+* Once you get the forbidden page, you can't logout at the IdP directly,
+  (as far as I know), you have to close the browser.
+
+### Examples
+
+To use this filter configure it in `config/config.php`.
+For unstructured attributes use `^` and `$` to anchor your regex as necessary:
+
+```php
+'authproc.sp' => [
+    60 => [
+        'class' => 'authorize:Authorize',
+        'uid'   =>  [
+            '/^.*@example.com$/',
+            /*
+             * Use anchors to prevent matching
+             * 'wronguser1@example.edu.attacker.com'
+             */
+            '/^(user1|user2|user3)@example.edu$/',
+        ],
+        'schacUserStatus' => '@urn:mace:terena.org:userStatus:' .
+        'example.org:service:active.*@',
+    ]
+]
+```
+
+An alternate way of using this filter is to deny certain users. Or even use
+multiple filters to create a simple ACL, by first allowing a group of users but
+then denying a "black list" of users.
+
+```php
+'authproc.sp' => [
+    60 => array[
+        'class' => 'authorize:Authorize',
+        'deny'  => true,
+        'uid'   =>  [
+            '/.*@students.example.edu$/',
+            '/^(stu1|stu2|stu3)@example.edu$/',
+        ]
+    ]
+]
+```
+
+The regex pattern matching can be turned off, allowing for exact attribute
+matching rules. This can be helpful in cases where you know what the value
+should be. An example of this is with the memberOf attribute or using the
+ldap:AttributeAddUsersGroups filter with the group attribute.
+
+Additionally, some helpful instructions are shown.
+
+```php
+'authproc.sp' => [
+    60 => [
+        'class' => 'authorize:Authorize',
+        'regex' => false,
+        'group' => [
+            'CN=SimpleSAML Students,CN=Users,DC=example,DC=edu',
+            'CN=All Teachers,OU=Staff,DC=example,DC=edu',
+        ],
+        'reject_msg' => [
+            'en' => 'This service is only available to students and' .
+                ' teachers. Please contact ' .
+                '<a href="mailto:support@example.edu">support</a>.',
+            'nl' => 'Deze dienst is alleen beschikbaar voor studenten en ' .
+                'docenten. Neem contact op met ' .
+                '<a href="mailto:support@example.edu">support</a>.',
+        ],
+    ],
+],
+```

.extlib/simplesamlphp/modules/authorize/docs/authorize.md

@@ -0,0 +1,27 @@
+
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: SimpleSAMLphp 1.15\n"
+"Report-Msgid-Bugs-To: simplesamlphp-translation@googlegroups.com\n"
+"POT-Creation-Date: 2016-10-12 09:23+0200\n"
+"PO-Revision-Date: 2016-10-14 12:14+0200\n"
+"Last-Translator: \n"
+"Language: af\n"
+"Language-Team: \n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.3.4\n"
+
+msgid "Access forbidden"
+msgstr "Toegang verbode"
+
+msgid ""
+"You don't have the needed privileges to access this application. Please "
+"contact the administrator if you find this to be incorrect."
+msgstr ""
+"Jy het nie die nodige regte vir toegang na die aansoek nie. Kontak "
+"asseblief die administrateur indien dit inkorrek is."
+

.extlib/simplesamlphp/modules/authorize/locales/af/LC_MESSAGES/authorize.po

@@ -0,0 +1,28 @@
+
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: SimpleSAMLphp 1.15\n"
+"Report-Msgid-Bugs-To: simplesamlphp-translation@googlegroups.com\n"
+"POT-Creation-Date: 2016-10-12 09:23+0200\n"
+"PO-Revision-Date: 2016-10-14 12:14+0200\n"
+"Last-Translator: \n"
+"Language: ar\n"
+"Language-Team: \n"
+"Plural-Forms: nplurals=6; plural=(n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n>=3 "
+"&& n<=10 ? 3 : n>=11 && n<=99 ? 4 : 5)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.3.4\n"
+
+msgid "Access forbidden"
+msgstr "ممنوع الدخول"
+
+msgid ""
+"You don't have the needed privileges to access this application. Please "
+"contact the administrator if you find this to be incorrect."
+msgstr ""
+"لا يمكنك الدخول لهذا التطبيق. قم بأخطار إدارة الموقع ان كنت تظن ان هذا "
+"غير صحيح"
+

.extlib/simplesamlphp/modules/authorize/locales/ar/LC_MESSAGES/authorize.po

@@ -0,0 +1,28 @@
+
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: SimpleSAMLphp 1.15\n"
+"Report-Msgid-Bugs-To: simplesamlphp-translation@googlegroups.com\n"
+"POT-Creation-Date: 2016-10-12 09:23+0200\n"
+"PO-Revision-Date: 2016-10-14 12:14+0200\n"
+"Last-Translator: \n"
+"Language: cs\n"
+"Language-Team: \n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
+"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.3.4\n"
+
+msgid "Access forbidden"
+msgstr "Přístup odmítnut"
+
+msgid ""
+"You don't have the needed privileges to access this application. Please "
+"contact the administrator if you find this to be incorrect."
+msgstr ""
+"Nemáte dostatečná práva pro přístup k této aplikaci. Prosím, kontaktujte "
+"administrátora, pokud toto omezení shledáváte nesprávné."
+

.extlib/simplesamlphp/modules/authorize/locales/cs/LC_MESSAGES/authorize.po

@@ -0,0 +1,27 @@
+
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: SimpleSAMLphp 1.15\n"
+"Report-Msgid-Bugs-To: simplesamlphp-translation@googlegroups.com\n"
+"POT-Creation-Date: 2016-10-12 09:23+0200\n"
+"PO-Revision-Date: 2016-10-14 12:14+0200\n"
+"Last-Translator: \n"
+"Language: da\n"
+"Language-Team: \n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.3.4\n"
+
+msgid "Access forbidden"
+msgstr "Adgang forbudt"
+
+msgid ""
+"You don't have the needed privileges to access this application. Please "
+"contact the administrator if you find this to be incorrect."
+msgstr ""
+"Du har ikke de nødvendige privilegier til at tilgå applikationen. Kontakt"
+" administratoren hvis du mener at dette ikke er korrekt."
+

.extlib/simplesamlphp/modules/authorize/locales/da/LC_MESSAGES/authorize.po

@@ -0,0 +1,28 @@
+
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: SimpleSAMLphp 1.15\n"
+"Report-Msgid-Bugs-To: simplesamlphp-translation@googlegroups.com\n"
+"POT-Creation-Date: 2016-10-12 09:23+0200\n"
+"PO-Revision-Date: 2016-10-14 12:14+0200\n"
+"Last-Translator: \n"
+"Language: de\n"
+"Language-Team: \n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: Babel 2.3.4\n"
+
+msgid "Access forbidden"
+msgstr "Zugriff verboten"
+
+msgid ""
+"You don't have the needed privileges to access this application. Please "
+"contact the administrator if you find this to be incorrect."
+msgstr ""
+"Sie haben nicht die erforderlichen Berechtigungen um auf diese Anwendung "
+"zuzugreifen. Bitte kontaktieren Sie einen Administrator, wenn Sie dies "
+"ungerechtfertigt finden."
+