add patches result

Author: jay-oswald

composer.lock

@@ -1207,7 +1207,12 @@
                     "dev-master": "2.4.0.x-dev"
                 },
                 "patches_applied": {
-                    "Multiple older changes re-done, check patch file for details": "patches/0001-WR-333356-Manually-apply-below-patch-due-to-dir-chan.patch"
+                    "Multiple older changes re-done, check patch file for details": "patches/0001-WR-333356-Manually-apply-below-patch-due-to-dir-chan.patch",
+                    "Issue #768: Remove unnecessary param being sent to sendSAML2AuthnRequest()": "patches/0002-Issue-768-Remove-unnecessary-param-being-sent-to-sen.patch",
+                    "Issue #768: Force de-prioritisation of BINDING_HTTP_ARTIFACT": "patches/0003-Issue-768-Force-de-prioritisation-of-BINDING_HTTP_AR.patch",
+                    "Update post.twig to point to publicly available post files (#793)": "patches/0004-Update-post.twig-to-point-to-publicly-available-post.patch",
+                    "[#801] fix issue with IdP initiated login after upgrade to v2.0.5 (#802)": "patches/0005-801-fix-issue-with-IdP-initiated-login-after-upgrade.patch",
+                    "set SESSION->saml2idp during unsolicited logins": "patches/0006-set-SESSION-saml2idp-during-unsolicited-logins.patch"
                 }
             },
             "installation-source": "dist",

vendor/composer/installed.json

@@ -5,3 +5,23 @@ Multiple older changes re-done, check patch file for details
 Source: patches/0001-WR-333356-Manually-apply-below-patch-due-to-dir-chan.patch
 
 
+Issue #768: Remove unnecessary param being sent to sendSAML2AuthnRequest()
+Source: patches/0002-Issue-768-Remove-unnecessary-param-being-sent-to-sen.patch
+
+
+Issue #768: Force de-prioritisation of BINDING_HTTP_ARTIFACT
+Source: patches/0003-Issue-768-Force-de-prioritisation-of-BINDING_HTTP_AR.patch
+
+
+Update post.twig to point to publicly available post files (#793)
+Source: patches/0004-Update-post.twig-to-point-to-publicly-available-post.patch
+
+
+[#801] fix issue with IdP initiated login after upgrade to v2.0.5 (#802)
+Source: patches/0005-801-fix-issue-with-IdP-initiated-login-after-upgrade.patch
+
+
+set SESSION->saml2idp during unsolicited logins
+Source: patches/0006-set-SESSION-saml2idp-during-unsolicited-logins.patch
+
+

vendor/simplesamlphp/simplesamlphp/PATCHES.txt

@@ -316,24 +316,9 @@ public function getHostedMetadata(): array
     public function getIdPMetadata(string $entityId): Configuration
     {
         // auth_saml2 modification.
-        global $saml2auth;
-        if ($this->idp !== null && $this->idp !== $entityId) {
-            foreach ($saml2auth->metadataentities as $metadataurl => $idpentities) {
-                if ($metadataurl == $entityId) {
-                    foreach ($idpentities as $key => $val) {
-                        if ($key == $this->idp) {
-                            $this->idp = null;
-                        }
-                        break 2;
-
-                    }
-                }
-            }
-        }
-        if ($this->idp !== null && $this->idp !== $entityId) {
-            throw new Error\Exception('Cannot retrieve metadata for IdP ' .
-                var_export($entityId, true) . ' because it isn\'t a valid IdP for this SP.');
-        }
+        // Set the IdP to null, so it can auto-detect.
+        // Avoid the case where it uses the default IdP data for IdP initiated login.
+        $this->idp = null;
 
         $metadataHandler = MetaDataStorageHandler::getMetadataHandler();
 
@@ -676,6 +661,8 @@ private function startSSO2(Configuration $idpMetadata, array $state): void
                 [
                     Constants::BINDING_HTTP_REDIRECT,
                     Constants::BINDING_HTTP_POST,
+                    // auth_saml2 modification - Reordered to maintain existing  functionality.
+                    Constants::BINDING_HTTP_ARTIFACT,
                 ],
             );
         }
@@ -689,7 +676,7 @@ private function startSSO2(Configuration $idpMetadata, array $state): void
         $session = \SimpleSAML\Session::getSessionFromRequest();
         $session->save();
 
-        $this->sendSAML2AuthnRequest($state, $b, $ar);
+        $this->sendSAML2AuthnRequest($b, $ar);
 
         Assert::true(false);
     }
@@ -1236,6 +1223,11 @@ public static function handleUnsolicitedAuth(string $authId, array $state, strin
         // Moodle hack to handle IdP unsolicited logins.
         $wantsurl = (new \moodle_url($redirectTo))->out(false);
         $SESSION->wantsurl = $wantsurl;
+        if (!empty($state['saml:sp:IdP'])) {
+            $SESSION->saml2idp = md5($state['saml:sp:IdP']);
+        } else {
+            unset($SESSION->saml2idp);
+        }
         $saml2auth->saml_login_complete($state['Attributes']);
         // Should never get to here.
 

vendor/simplesamlphp/simplesamlphp/modules/saml/src/Auth/Source/SP.php

@@ -6,8 +6,8 @@
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
     <link rel="icon" href="{{ asset("icons/favicon.ico") }}">
     <title>{% trans %}Sending message{% endtrans %}</title>
-    <link rel="stylesheet" href="{{ asset("css/postSubmit.css") }}">
-    <script src="{{ asset("js/post.js") }}"></script>
+    <link rel="stylesheet" href="/{{ baseurlpath }}resources/post.css">
+    <script src="/{{ baseurlpath }}resources/post.js"></script>
   </head>
   <body>
     <form method="post" action="{{ destination }}">