Merge pull request #16 from italia/certs-in-files

Allow private key and certificate to be stored in files

.editorconfig

@@ -0,0 +1,40 @@
+# http://editorconfig.org
+
+# A special property that should be specified at the top of the file outside of
+# any sections. Set to true to stop .editor config file search on current file
+root = true
+
+[*]
+# Indentation style
+# Possible values - tab, space
+indent_style = space
+
+# Line ending file format
+# Possible values - lf, crlf, cr
+end_of_line = lf
+
+# File character encoding
+# Possible values - latin1, utf-8, utf-16be, utf-16le
+charset = utf-8
+
+# Denotes whether to trim whitespace at the end of lines
+# Possible values - true, false
+trim_trailing_whitespace = true
+
+# Denotes whether file should end with a newline
+# Possible values - true, false
+insert_final_newline = true
+
+# Indentation size in single-spaced characters
+# Possible values - an integer, tab
+indent_size = 4
+
+[*.{css,scss,sass}]
+# Indentation size in single-spaced characters
+# Possible values - an integer, tab
+indent_size = 2
+
+[*.{yml,yaml}]
+# Indentation size in single-spaced characters
+# Possible values - an integer, tab
+indent_size = 2

.php_cs.dist

@@ -0,0 +1,41 @@
+<?php
+use PhpCsFixer\Finder;
+use PhpCsFixer\Config;
+use PhpCsFixer\FixerInterface;
+
+$excluded_folders = [
+    'config',
+    'bootstrap/cache',
+    'node_modules',
+    'public',
+    'resources',
+    'storage',
+    'vendor',
+];
+
+$rules = [
+    '@PSR2' => true,
+    '@Symfony' => true,
+    'ordered_class_elements' => true,
+    'array_syntax' => ['syntax' => 'short'],
+    'concat_space' => ['spacing' => 'one'],
+    'linebreak_after_opening_tag' => true,
+    'no_empty_comment' => false,
+    'ordered_imports' => true,
+    'phpdoc_align' => ['align' => 'left'],
+    'phpdoc_order' => true,
+];
+
+$finder = Finder::create()
+    ->exclude($excluded_folders)
+    ->notPath('server.php')
+    ->name('*.php')
+    ->notName('*.blade.php')
+    ->ignoreDotFiles(true)
+    ->ignoreVCS(true)
+    ->in(__DIR__);
+
+return Config::create()
+    ->setRules($rules)
+    ->setFinder($finder)
+    ->setUsingCache(true);

.travis.yml

@@ -16,8 +16,9 @@ before_install:
 install:
   - travis_retry composer update --prefer-dist --no-interaction --prefer-stable --no-suggest
 
-script: 
+script:
   - vendor/bin/pds-skeleton validate
+  - vendor/bin/php-cs-fixer fix --diff --dry-run --verbose
   - vendor/bin/phpunit
 
 after_success:

README.md

@@ -18,7 +18,7 @@ applications based on [Laravel 5](https://www.laravel.com).
 
 1. Before installing this package patching must be enabled in `composer.json`.
 This is necessary because
-[this patch](https://rawgit.com/italia/spid-laravel/master/patches/php-saml-3-spid.patch)
+[this patch](https://rawgit.com/italia/spid-laravel/master/patches/php-saml-3.3.0-spid.patch)
 has to be applied to [onelogin/php-saml](https://github.com/onelogin/php-saml)
 for SPID compatibility.
 
@@ -45,7 +45,7 @@ for SPID compatibility.
    composer config prefer-stable true
    ```
 
-    **This installation step will be removed before the first stable release of	
+    **This installation step will be removed before the first stable release of
    this package.**
 
 2. Require this package with composer.
@@ -77,6 +77,7 @@ can't know what CSRF token include in their POST requests sent to your routes.
        ];
    }
    ```
+
 ## Configuration
 
 Publish the configuration with:
@@ -145,6 +146,29 @@ system of your application. If you plan to integrate your authentication system
 with SPID, you can listen to the `LoginEvent` and `LogoutEvent` (see
 [Events](#events) and [Example](#example)).
 
+### SPIDAuth Service Provider
+
+If you need more customization in the authentication logic of your application,
+you can use the methods available in the `SPIDAuth` Service Provider.
+
+First you need an instance of the Service Provider from the Service Container:
+```php
+$SPIDAuth = app('SPIDAuth');
+```
+
+The following public methods can be used in your application.
+
+| Method          | Description                                                                                                                                         |
+|-----------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| login           | Show the configured `login_view` with a SPID button, if authenticated redirect to `after_login_url`.                                                |
+| doLogin         | Attempt login with the SPID Identity Provider in the current request and redirect to the intended or configured `after_login_url` if authenticated. |
+| acs             | Process the POST response from Identity Providers, set session variables and redirect to the intended or configured `after_login_url`.              |
+| logout          | Attempt logout with the SPID Identity Provider stored in the current session.                                                                       |
+| isAuthenticated | Check if the current session is authenticated with SPID.                                                                                            |
+| metadata        | Show metadata for this SPID Service Provider.                                                                                                       |
+| providers       | Identity Providers list in JSON format used by the SPID smart button.                                                                               |
+| getSPIDUser     | Return the current authenticated SPIDUser or `null` if not authenticated.                                                                           |
+
 ### Button
 
 You can display a simple SPID access button by including the
@@ -366,6 +390,10 @@ You can set your own X.509 certificate and private key in the
 `config/spid-auth.php` file of your application (which overrides the one in the
 package).
 
+The X.509 certificate and the private key can be configured as strings or as
+paths to files. If both are specified in your `config/spid-auth.php` then the
+ones specified as strings will take precedence.
+
 **Change the values and keep the private key secret**.
 
 ### SPID smart button

composer.json

@@ -41,5 +41,8 @@
         "Compatibility with SPID": "https://rawgit.com/italia/spid-laravel/master/patches/php-saml-3.3.0-spid.patch"
       }
     }
+  },
+  "archive": {
+    "exclude": ["/tests", ".travis.yml", "/certs", ".editorconfig", "php_cs.dist"]
   }
 }

config/spid-auth.php

@@ -32,6 +32,8 @@
           #'digitalAddress',
           #'expirationDate'
       ],
+      'sp_certificate_file' => null,
+      'sp_private_key_file' => null,
       'sp_certificate' => 'MIIEKjCCAxKgAwIBAgIJAOlEQZ6zeWkPMA0GCSqGSIb3DQEBBQUAMGsxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJSTTENMAsGA1UEBxMEUm9tZTEmMCQGA1UEChMdQWdlbnppYSBwZXIgbCdJdGFsaWEgRGlnaXRhbGUxGDAWBgNVBAMTD3d3dy5hZ2lkLmdvdi5pdDAeFw0xNzEyMTExMTE2NTJaFw0yNzEyMTExMTE2NTJaMGsxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJSTTENMAsGA1UEBxMEUm9tZTEmMCQGA1UEChMdQWdlbnppYSBwZXIgbCdJdGFsaWEgRGlnaXRhbGUxGDAWBgNVBAMTD3d3dy5hZ2lkLmdvdi5pdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALooizGSq3EdEzrpBJxf82RPxke+WlUZze6AcCaRBXaHDZFgcGLiUIldqfNP3qcoXLGKtvgULbiaETemYCCdVQRNWNAoJQrRa8osDtueuMbRS+fEQeueVseMAZFcqeSfCPD1jXmuoAW3+2BDUsug5f8C21VK470IYgNftz6q24JPFap8E9gaBxnjYnc248J5E/yyGs+Q3kdStDxDCkPSixXAiFPUTlzXbLZJB/9NFoG8iSN3xdX0gT7t9+nrbgWNAEzHkbcjcB7xAN4+gMOI/E70CHOAMnFUTsonCFKq++fzv1BmAQxz724O+M4m22UxG+w117Ia+xlVHzqZmVaQiDcCAwEAAaOB0DCBzTAdBgNVHQ4EFgQULUBdclYE+qoz6/E7kOIKUJpfWC0wgZ0GA1UdIwSBlTCBkoAULUBdclYE+qoz6/E7kOIKUJpfWC2hb6RtMGsxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJSTTENMAsGA1UEBxMEUm9tZTEmMCQGA1UEChMdQWdlbnppYSBwZXIgbCdJdGFsaWEgRGlnaXRhbGUxGDAWBgNVBAMTD3d3dy5hZ2lkLmdvdi5pdIIJAOlEQZ6zeWkPMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACARHgz22mJeQetKife5OWFG1G4sgDJi/MBHIf//0TKcRbcoWh+mF0nnvHs0NlGX0DoXTjL5LFgpoJK43yxHmmdbW8imj8gsGwmWwulJaJDWwq+zKJT07j+GwV8swBFwk0wzcckoqn8Rm1dIeJbtkaid0Za064uFZT5MOpUsQpvrQ8KxXbjZFAhwBx06G9DqCiSEafOANpn99/ewBcO2aKElWOhCajwMqLhr9oW9MbA6U0ujyibfv4uQKECm2BHCnmBf4sGJf0K9zNn9dReoZ7wXjnmW1iaKgjwBEEk4m1zactSkzPxs4EqqZkprkmWTGyhhoD1HziLbcgAHi3ioDAw=',
       'sp_private_key' => 'MIIEpAIBAAKCAQEAuiiLMZKrcR0TOukEnF/zZE/GR75aVRnN7oBwJpEFdocNkWBwYuJQiV2p80/epyhcsYq2+BQtuJoRN6ZgIJ1VBE1Y0CglCtFryiwO2564xtFL58RB655Wx4wBkVyp5J8I8PWNea6gBbf7YENSy6Dl/wLbVUrjvQhiA1+3Pqrbgk8VqnwT2BoHGeNidzbjwnkT/LIaz5DeR1K0PEMKQ9KLFcCIU9ROXNdstkkH/00WgbyJI3fF1fSBPu336etuBY0ATMeRtyNwHvEA3j6Aw4j8TvQIc4AycVROyicIUqr75/O/UGYBDHPvbg74zibbZTEb7DXXshr7GVUfOpmZVpCINwIDAQABAoIBAQCfkvWObv2LHrNHQktziERo7oE3KpLgdBg0o+B/Dr0yFx6oSZTNDtaeia2PJh3kCBM9FX02NoXiwh6UJ4grLPKdl3fUJzVpio7tZMrvs6UMuIhqia9APCCDOR527omrsi/F7ZdygSAnBsjygYNNjgTZjidZe7Kwbakm3zuC+o7jqVLEWWZCaSjL+WoiQmfl8443aNSlujEnpPzGORQ2lz53oduZtRSKXdZLi2G7+afk1GcerCYoUtvFGPa5uX92gTDKwIpPYQpdxVqqhFrZcV73tP0VqE3kG5FWaCbSKO/nVd3YlswabXsPEMNth17vs/g7RtbWWkWE4nv9bQzG2lpBAoGBAPJw1NusIXSzOwauDvDY9gCgr2WpDedhJu1p+ibqO86TvaM3J55/oUCYT3e2JyIo1nixf3njJp9PyAcbBq5bEAl0cqgxHMDY8FiBblQ9ELoFZi1HxcMgfo3pdmYID1O1pRlfGJHNQPZxGns6NWA88a1A7T6y/tdDGF4XqbqCFwixAoGBAMSR4k1Ox5HzArQ6ecXL+fTXexMRBrz2fkq4oTodnN/R90mROEiD4CSxLLt2Dh9MfksykWNSy9KIKsNA+u0uQ0t1aZ+L5f6K105TuNO4cLFKIOVgG8qbkkItMbxWZwrRECYeRHjylJ8DaJJm3MNaQGYPVLpLEbIwxlDDPIbDTtlnAoGASuzv+8vgsw5JKbFVUL3cmSkPy91JPL7bpvffpXMydI9YRj7fca6ECVCJDrgus/HnBnnkqai34PhpGzkRAYWHGUTxwmUbO8ZP0Sp/DG2q47KTd179EWbTdcw3GSVYh0hV89dd4oGKmB8wTfEZWdq73g14xK3Q8Hn95+ZsQAXAVKECgYAvKLy9RVg12LJeYOUUIjKunf/F/EC8lvqHnLH5il83h10nhjKVmyXsR6FuvAz5T1XBXrlotdV2hfqUa4OH4aB9ewbDI0IjhlXPUeC20roenqUzwpIIUriNLeCPyb7g5nVUX9CXn8MuPxgYf5sZNw7aLXVrWFU/hdoeSCi+QB8rowKBgQDHaCH7NAXpo3yDtdN+PPuZPnXnTMHQctLbXytuzqqDNbC5z4EVPv8PEOVl8h6CEk7IhdQBnpxd8s6IODRNy7csqoQduvaLhNJiahVSbsZFsjLs4IaO3kRfaUL7I8BaW+1I4pfa2JLSZFfEv4BguqW3QEOH7BuxaSi78GvNwnvaag==',
 

routes/spid-auth.php

@@ -2,36 +2,35 @@
 /**
  * This file contains the routes needed for SPIDAuth Package.
  *
- * @package Italia\SPIDAuth
  * @license BSD-3-clause
  */
-
 Route::group([
       'prefix' => config('spid-auth.routes_prefix'),
-      'middleware' => config('spid-auth.middleware_group')
+      'middleware' => config('spid-auth.middleware_group'),
     ], function () {
-    Route::get('login', [
-        'as' => 'spid-auth_login',
-        'uses' => 'SPIDAuth@login'
-    ]);
-    Route::post('login', [
-        'as' => 'spid-auth_do-login',
-        'uses' => 'SPIDAuth@doLogin'
-    ]);
-    Route::match(['get', 'post'], 'logout', [
-        'as' => 'spid-auth_logout',
-        'uses' => 'SPIDAuth@logout'
-    ]);
-    Route::post('acs', [
-      'as' => 'spid-auth_acs',
-      'uses' => 'SPIDAuth@acs'
-    ]);
-    Route::get('metadata', [
-        'as' => 'spid-auth_metadata',
-        'uses' => 'SPIDAuth@metadata'
-    ]);
-    Route::get('providers', [
-        'as' => 'spid-auth_providers',
-        'uses' => 'SPIDAuth@providers'
-    ]);
-});
+        Route::get('login', [
+            'as' => 'spid-auth_login',
+            'uses' => 'SPIDAuth@login',
+        ]);
+        Route::post('login', [
+            'as' => 'spid-auth_do-login',
+            'uses' => 'SPIDAuth@doLogin',
+        ]);
+        Route::match(['get', 'post'], 'logout', [
+            'as' => 'spid-auth_logout',
+            'uses' => 'SPIDAuth@logout',
+        ]);
+        Route::post('acs', [
+            'as' => 'spid-auth_acs',
+            'uses' => 'SPIDAuth@acs',
+        ]);
+        Route::get('metadata', [
+            'as' => 'spid-auth_metadata',
+            'uses' => 'SPIDAuth@metadata',
+        ]);
+        Route::get('providers', [
+            'as' => 'spid-auth_providers',
+            'uses' => 'SPIDAuth@providers',
+        ]);
+    }
+);

src/Console/CommandExample.php

@@ -6,7 +6,6 @@
  * Illuminate\Auth\Console\AuthMakeCommand class which is part of the Laravel
  * Framework project and licensed under the MIT license.
  *
- * @package Italia\SPIDAuth
  * @license BSD-3-clause
  * @license MIT
  */
@@ -47,8 +46,6 @@ class CommandExample extends Command
 
     /**
      * Execute the console command.
-     *
-     * @return void
      */
     public function handle()
     {
@@ -73,7 +70,7 @@ public function handle()
 
         file_put_contents(
             base_path('routes/web.php'),
-            file_get_contents(__DIR__.'/stubs/example/routes.stub'),
+            file_get_contents(__DIR__ . '/stubs/example/routes.stub'),
             FILE_APPEND
         );
 
@@ -82,36 +79,32 @@ public function handle()
 
     /**
      * Create the directory for the files.
-     *
-     * @return void
      */
     protected function createDirectories()
     {
-        if (! is_dir($directory = resource_path('views/layouts'))) {
+        if (!is_dir($directory = resource_path('views/layouts'))) {
             mkdir($directory, 0755, true);
         }
 
-        if (! is_dir($directory = app_path('Listeners'))) {
+        if (!is_dir($directory = app_path('Listeners'))) {
             mkdir($directory, 0755, true);
         }
     }
 
     /**
      * Export the example views.
-     *
-     * @return void
      */
     protected function exportViews()
     {
         foreach ($this->views as $key => $value) {
-            if (file_exists($view = resource_path('views/'.$value))) {
-                if (! $this->confirm("The [{$value}] view already exists. Do you want to replace it?")) {
+            if (file_exists($view = resource_path('views/' . $value))) {
+                if (!$this->confirm("The [{$value}] view already exists. Do you want to replace it?")) {
                     continue;
                 }
             }
 
             copy(
-                __DIR__.'/stubs/example/views/'.$key,
+                __DIR__ . '/stubs/example/views/' . $key,
                 $view
             );
         }
@@ -121,14 +114,15 @@ protected function exportViews()
      * Compiles the stubs.
      *
      * @param string The stub to compile
+     *
      * @return string The compiled stub
      */
-    protected function compileStub($stubName)
+    protected function compileStub(string $stubName): string
     {
         return str_replace(
             '{{namespace}}',
             $this->getAppNamespace(),
-            file_get_contents(__DIR__.'/stubs/example/'.$stubName.'.stub')
+            file_get_contents(__DIR__ . '/stubs/example/' . $stubName . '.stub')
         );
     }
 }

src/Console/stubs/example/controllers/HomeController.stub

@@ -2,16 +2,16 @@
 
 namespace {{namespace}}Http\Controllers;
 
-use Illuminate\Http\Request;
+use Illuminate\View\View;
 
 class HomeController extends Controller
 {
     /**
      * Show the application home.
      *
-     * @return \Illuminate\Http\Response
+     * @return View
      */
-    public function index()
+    public function index(): View
     {
       return view('home');
     }

src/Console/stubs/example/controllers/PrivateController.stub

@@ -2,7 +2,7 @@
 
 namespace {{namespace}}Http\Controllers;
 
-use Illuminate\Http\Request;
+use Illuminate\View\View;
 
 class PrivateController extends Controller
 {
@@ -19,9 +19,9 @@ class PrivateController extends Controller
     /**
      * Show the application private area.
      *
-     * @return \Illuminate\Http\Response
+     * @return View
      */
-    public function index()
+    public function index(): View
     {
         return view('private')->with('spid_user', resolve('SPIDAuth')->getSPIDUser());
     }

src/Console/stubs/example/listeners/SPIDEventSubscriber.stub

@@ -39,5 +39,4 @@ class SPIDEventSubscriber
             '{{namespace}}Listeners\SPIDEventSubscriber@onSPIDLogout'
         );
     }
-
 }