[3.x] New major release

README.md

@@ -13,8 +13,8 @@ This package turns your application into Service Provider with the support of mu
 
 ## Requirements
 
-- Laravel 5.4+
-- PHP 7.0+
+- Laravel 8.0+
+- PHP 7.4+
 
 ## Getting Started
 
@@ -26,22 +26,6 @@ This package turns your application into Service Provider with the support of mu
 composer require 24slides/laravel-saml2
 ```
 
-If you are using Laravel 5.5 and higher, the service provider will be automatically registered.
-
-For older versions, you have to add the service provider and alias to your `config/app.php`:
-
-```php
-'providers' => [
-    ...
-    Slides\Saml2\ServiceProvider::class,
-]
-
-'alias' => [
-    ...
-    'Saml2' => Slides\Saml2\Facades\Auth::class,
-]
-```
-
 ##### Step 2. Publish the configuration file.
 
 ```
@@ -66,25 +50,44 @@ When request comes to an application, the middleware parses UUID and resolves th
 
 You can easily manage tenants using the following console commands:
 
-- `artisan saml2:create-tenant`
-- `artisan saml2:update-tenant`
-- `artisan saml2:delete-tenant`
-- `artisan saml2:restore-tenant`
-- `artisan saml2:list-tenants`
-- `artisan saml2:tenant-credentials`
+- `artisan saml2:idp-create`
+- `artisan saml2:idp-update`
+- `artisan saml2:idp-delete`
+- `artisan saml2:idp-restore`
+- `artisan saml2:idp-list`
+- `artisan saml2:idp-get`
 
 > To learn their options, run a command with `-h` parameter.
 
 Each Tenant has the following attributes:
 
-- **UUID** — a unique identifier that allows to resolve a tenannt and configure SP correspondingly
+- **UUID** — a unique identifier that allows to resolve an Identity Provider and configure SP correspondingly
+- **Tenant** — an optional morph relation to your custom model that binds IdP with your application entity (fx. user, organisation, etc.)
 - **Key** — a custom key to use for application needs
 - **Entity ID** — [Identity Provider Entity ID](https://spaces.at.internet2.edu/display/InCFederation/Entity+IDs)
 - **Login URL** — Identity Provider Single Sign On URL
 - **Logout URL** — Identity Provider Logout URL
 - **x509 certificate** — The certificate provided by Identity Provider in **base64** format
 - **Metadata** — Custom parameters for your application needs
 
+```php
+use \Slides\Saml2\Concerns\IdentityProviderAuthenticatable;
+
+class Organization extends \Illuminate\Database\Eloquent\Model
+{
+    use IdentityProviderAuthenticatable;
+}
+
+$organization->identityProvider->loginUrl();
+$organization->identityProvider->sessions();
+
+Saml2::withIdentityProvider($organization->identityProvider)
+    ->route('custom.route');
+
+Saml2::withIdentityProvider($organization->identityProvider)
+    ->url('custom.route');
+```
+
 #### Default routes
 
 The following routes are registered by default:
@@ -283,7 +286,7 @@ If you discover any security related issues, please email **[email protected]*
 ## Credits
 
 - [aacotroneo][link-original-author]
-- [brezzhnev][link-author]
+- [breart][link-author]
 - [All Contributors][link-contributors]
 
 ## License

composer.json

@@ -12,13 +12,14 @@
         }
     ],
     "require": {
-        "php": ">=7.1",
+        "php": ">=7.3",
         "ext-openssl": "*",
-        "illuminate/console": "~5.5|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0",
-        "illuminate/database": "~5.5|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0",
-        "illuminate/support": "~5.4|^6.0|^7.0|^8.0|^9.0|^10.0|^11.0",
-        "onelogin/php-saml": "^3.0|^4.0",
-        "ramsey/uuid": "^3.8|^4.0"
+        "illuminate/console": "^8.0|^9.0|^10.0|^11.0",
+        "illuminate/database": "^8.0|^9.0|^10.0|^11.0",
+        "illuminate/support": "^8.0|^9.0|^10.0|^11.0",
+        "onelogin/php-saml": "^4.1",
+        "ramsey/uuid": "^4.0",
+        "cerbero/command-validator": "^2.5"
     },
     "require-dev": {
         "mockery/mockery": "^0.9.9",

config/saml2.php

@@ -4,14 +4,48 @@
 
     /*
     |--------------------------------------------------------------------------
-    | Tenant Model
+    | Identity Provider Model
     |--------------------------------------------------------------------------
     |
-    | This will allow you to override the tenant model with your own.
+    | This will allow you to override the Identity Provider model with your own.
     |
     */
 
-    'tenantModel' => \Slides\Saml2\Models\Tenant::class,
+    'idpModel' => \Slides\Saml2\Models\IdentityProvider::class,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Classes that implement Identity Provider and config resolution logic.
+    |--------------------------------------------------------------------------
+    |
+    | Here you may customize the way Identity Provider gets resolved,
+    | as well as configuration adjustments of the SP once IdP is resolved.
+    |
+    */
+
+    'resolvers' => [
+        'idp' => \Slides\Saml2\Resolvers\IdentityProviderResolver::class,
+        'config' => \Slides\Saml2\Resolvers\ConfigResolver::class,
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | User authentication settings.
+    |--------------------------------------------------------------------------
+    |
+    | Here you may specify the settings for default (basic) user authorization.
+    |
+    | You can extend this functionality by implementing your own user resolver.
+    | Or completely disable it and use Slides\Saml2\Events\SignedIn event instead.
+    |
+    */
+
+    'auth' => [
+        'enabled' => env('SAML2_AUTHORIZE_USER', true),
+        'resolver' => \Slides\Saml2\Resolvers\UserResolver::class,
+        'userModel' => \App\Models\User::class,
+        'createUser' => env('SAML2_CREATE_USER', true),
+    ],
 
     /*
     |--------------------------------------------------------------------------
@@ -170,7 +204,7 @@
         |
         */
 
-        'x509cert' => env('SAML2_SP_CERT_x509',''),
+        'x509cert' => env('SAML2_SP_CERT_X509',''),
         'privateKey' => env('SAML2_SP_CERT_PRIVATEKEY',''),
 
         /*
@@ -393,5 +427,5 @@
     | This will allow you to disable or enable the default migrations of the package.
     |
     */
-    'load_migrations' => true,
+    'loadMigrations' => true,
 ];

database/migrations/2023_07_21_203815_add_model_morph_columns_to_saml2_tenants_table.php

@@ -0,0 +1,36 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddModelMorphColumnsToSaml2TenantsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::rename('saml2_tenants', 'saml2_identity_providers');
+
+        Schema::table('saml2_identity_providers', function (Blueprint $table) {
+            $table->nullableMorphs('tenant');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('saml2_identity_providers', function (Blueprint $table) {
+            $table->dropMorphs('tenant');
+        });
+
+        Schema::rename('saml2_identity_providers', 'saml2_tenants');
+    }
+}

database/migrations/2023_07_21_205057_create_saml2_sessions_table.php

@@ -0,0 +1,34 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class CreateSaml2SessionsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('saml2_sessions', function (Blueprint $table) {
+            $table->id();
+            $table->foreignId('idp_id')->constrained('saml2_identity_providers');
+            $table->foreignId('user_id')->nullable();
+            $table->json('payload');
+            $table->timestamps('created_at');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('saml2_sessions');
+    }
+}

database/migrations/2023_11_26_121929_alter_nullable_idp_columns_in_saml2_tenants_table.php

@@ -0,0 +1,40 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AlterNullableIdpColumnsInSaml2TenantsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('saml2_identity_providers', function (Blueprint $table) {
+            $table->string('idp_entity_id')->nullable()->change();
+            $table->string('idp_login_url')->nullable()->change();
+            $table->string('idp_logout_url')->nullable()->change();
+            $table->string('name_id_format')->nullable()->change();
+            $table->text('idp_x509_cert')->nullable()->change();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('saml2_identity_providers', function (Blueprint $table) {
+            $table->string('idp_entity_id')->nullable(false)->change();
+            $table->string('idp_login_url')->nullable(false)->change();
+            $table->string('idp_logout_url')->nullable(false)->change();
+            $table->string('name_id_format')->nullable(false)->change();
+            $table->text('idp_x509_cert')->nullable(false)->change();
+        });
+    }
+}