Merge pull request #18 from jaredhendrickson13/pf_270

Support pfSense 2.7.0
jaredhendrickson13 · Jul 2, 2023 · 2a75925 · 2a75925
2 parents 8b90875 + 4a071ef
commit 2a75925
Show file tree

Hide file tree

Showing 83 changed files with 1,032 additions and 30,479 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "composer"
+    directory: "/"
+    target-branch: "master"
+    schedule:
+      interval: "monthly"
+  - package-ecosystem: "pip"
+    directory: "/"
+    target-branch: "master"
+    schedule:
+      interval: "monthly"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,46 @@
+name: Build
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - 'master'
+
+# Commit SHAs may differ when trigger via pull request vs workflow_dispatch, ensure the correct commit is referenced.
+env:
+  commit_id: "${{ github.event.pull_request.head.sha || github.sha }}"
+  build_version: "0.0_0dev_${{ github.event.pull_request.head.sha || github.sha }}"
+
+jobs:
+  build:
+    runs-on: self-hosted
+
+    strategy:
+      matrix:
+        freebsd_version:
+          - FreeBSD-14.0-CURRENT
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Setup FreeBSD build VM
+        run: |
+          /usr/local/bin/VBoxManage controlvm ${{ matrix.freebsd_version }} poweroff || true
+          /usr/local/bin/VBoxManage snapshot ${{ matrix.freebsd_version }} restore initial
+          /usr/local/bin/VBoxManage startvm ${{ matrix.freebsd_version }} --type headless
+          sleep 5
+
+      - name: Build pfSense-pkg-saml2-auth on FreeBSD
+        run: |
+          /usr/bin/ssh -o StrictHostKeyChecking=no ${{ matrix.freebsd_version }}.jaredhendrickson.com 'sudo pkill ntpd || true && sudo ntpdate pool.ntp.org || true'
+          /usr/local/bin/python3 tools/make_package.py --host ${{ matrix.freebsd_version }}.jaredhendrickson.com --branch ${{ env.commit_id }} --tag ${{ env.build_version }}_${{ matrix.freebsd_version }}
+
+      - name: Teardown FreeBSD build VM
+        if: "${{ always() }}"
+        run: |
+          /usr/local/bin/VBoxManage controlvm ${{ matrix.freebsd_version }} poweroff || true
+          /usr/local/bin/VBoxManage snapshot ${{matrix.freebsd_version}} restore initial
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: pfSense-pkg-saml2-auth-${{ env.build_version }}_${{ matrix.freebsd_version }}.pkg
+          path: pfSense-pkg-saml2-auth-${{ env.build_version }}_${{ matrix.freebsd_version }}.pkg
diff --git a/.github/workflows/phplint.yml b/.github/workflows/phplint.yml
@@ -0,0 +1,18 @@
+name: PHPlint
+on: [push]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Lint on PHP 7.2
+        uses: firehed/lint-php-action@v1
+        with:
+          file-extensions: 'php, inc'
+          php-version: "7.2"
+      - name: Lint on PHP 8.1
+        uses: firehed/lint-php-action@v1
+        with:
+          file-extensions: 'php, inc'
+          php-version: "8.1"
diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
@@ -0,0 +1,23 @@
+name: Pylint
+
+on: [push]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10"]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+      - name: Analysing the code with pylint
+        run: |
+          pylint $(git ls-files '*.py')
diff --git a/.pylintrc b/.pylintrc
@@ -0,0 +1,7 @@
+[DEFAULT]
+# Tests require duplicate code and may contain many test cases that require many lines of code
+disable=duplicate-code,too-many-lines
+
+[FORMAT]
+# Follow normal pep8 restriction
+max-line-length=120
diff --git a/README.md b/README.md
@@ -1,12 +1,16 @@
 # pfSense SAML2 Authentication
+
+[![PHPlint](https://github.com/jaredhendrickson13/pfsense-saml2-auth/actions/workflows/phplint.yml/badge.svg)](https://github.com/jaredhendrickson13/pfsense-saml2-auth/actions/workflows/phplint.yml)
+[![Pylint](https://github.com/jaredhendrickson13/pfsense-saml2-auth/actions/workflows/pylint.yml/badge.svg)](https://github.com/jaredhendrickson13/pfsense-saml2-auth/actions/workflows/pylint.yml)
+
 `pfsense-saml2-auth` is a packaged SAML2 authentication extension for the pfSense webConfigurator. Currently, pfSense 
 only supports local, LDAP and RADIUS authentication and does not support any native multi-factor authentication (MFA). 
 At this time, there is unfortunately no roadmap for native SAML2 authentication or native MFA options on pfSense. With 
 [pfSense Plus](https://www.netgate.com/blog/pfsense-plus-21-02-release-and-pfsense-ce-2-5-0-release-now-available.html)
 being officially announced, it is unlikely we will see enterprise level features like SAML2 implemented in pfSense CE
 anytime soon. This can create major headaches when dealing with security compliance standards such as PCI DSS that may 
 require MFA on firewall admin logins. `pfsense-saml2-auth` helps alleviate this problem by allowing you to integrate 
-single sign-on (SSO) with an identity provider such as Okta or OneLogin. In doing so, you will be able use the identity 
+single sign-on (SSO) with an identity provider such as Okta or OneLogin. In doing so, you will be able to use the identity 
 provider's built-in MFA for pfSense logins and greatly simplify user onboarding.<br><br>
 
 ![sso_login_example_img](docs/img/sso_login.png)
@@ -19,12 +23,12 @@ must be enabled in System > SAML2 for this option to appear.</sub><br>
 - Automatically maps groups returned within the SAML2 assertion to groups within pfSense to inherit existing privileges.
 No need to create local users before authenticating.
 - Retains pfSense's built-in authentication and change logs.
-- Adds the System > SAML2 settings page within the webConfigurator to make setup a breeze. 
+- Adds the System > SAML2 settings page within the webConfigurator to make set up a breeze. 
 
 ## Installation 
 To install, simply run the following command from the pfSense command line:<br>
 ```
-pkg add https://github.com/jaredhendrickson13/pfsense-saml2-auth/releases/latest/download/pfSense-2.5-pkg-saml2-auth.txz
+pkg add https://github.com/jaredhendrickson13/pfsense-saml2-auth/releases/latest/download/pfSense-2.7-pkg-saml2-auth.pkg
 ```
 
 To uninstall:<br>
@@ -41,18 +45,14 @@ Currently, the package fully supports the following pfSense versions including p
 <details>
     <summary>List of Supported pfSense Releases</summary>
 
-- pfSense 2.6.0-RELEASE
-- pfSense 2.5.2-RELEASE
-- pfSense 2.5.1-RELEASE
-- pfSense 2.5.0-RELEASE
-- pfSense 2.4.5-RELEASE
-- pfSense 2.4.4-RELEASE
+- pfSense 2.7.0-RELEASE
 
 </details>
 
-Any version not listed is technically unsupported, but may still function. This package cannot guarantee support for 
-manual or live patches that were not included in the pfSense release initially, as these patches can introduce code 
-conflicts to the package. Proceed with caution.
+Older versions of pfSense may still be supported by older versions of this package. Any other version not listed is 
+technically unsupported, but may still function. This package cannot guarantee support for manual or live patches that 
+were not included in the pfSense release initially, as these patches can introduce code conflicts to the package. 
+Proceed with caution.
 
 
 ## Setup
@@ -92,7 +92,7 @@ symbol.
 available for other pfSense services such as SSH, captive portal, OpenVPN, etc.
 
 ## Disclaimers
-- This project is in no way affiliated with the pfSense project or it's parent organization Netgate. Any use of the 
+- This project is in no way affiliated with the pfSense project, or it's parent organization Netgate. Any use of the 
 pfSense name is intended to relate the project to it's developed platform and in no way capitalizes on the 
 pfSense trademark. By using this software, you acknowledge that no entity can provide support or guarantee 
 functionality. 

diff --git a/composer.json b/composer.json
@@ -0,0 +1,5 @@
+{
+  "require": {
+    "onelogin/php-saml": "4.1.0"
+  }
+}
diff --git a/composer.lock b/composer.lock
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
@@ -5,9 +5,10 @@
 Below are versions that are currently supported and will receive security updates when available.
 
 | Version | Supported          |
-| ------- | ------------------ |
+|---------|--------------------|
+| 1.2.x   | :white_check_mark: |
 | 1.1.x   | :white_check_mark: |
-| 1.0.x   | :x:                |
+| 1.1.x   | :x:                |
 
 ## Reporting a Vulnerability