Merge pull request #36 from fhict-skilltree/feature/35-saml

Install SAML package and configure the basics for local development

Author: cyrildewit

.env.local

@@ -44,3 +44,7 @@ AWS_BUCKET=
 AWS_USE_PATH_STYLE_ENDPOINT=false
 
 VITE_APP_NAME="${APP_NAME}"
+
+# SAML
+SAML2_SP_CERT_X509=MIIDazCCAlOgAwIBAgIUK/oTTlFW/C7Vm2C6sdjWA7+HDc4wDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCbmwxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMzEyMDQxOTE4MDFaFw0zMzEyMDExOTE4MDFaMEUxCzAJBgNVBAYTAm5sMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvF7zYCAbE5eEzTfkq8JBkadro0y/0kCWx0FYSekN3Aw38kYC6nxWpaawscJF3cz4Pd3zg0jgT34XeO6r3VECM6CshRmkA9fmCM6xD4jI+5dU0fR7PK8/ndnImRFpJodSYKHyb1Nb4plz6lTrTclkkJpYmrI2nlxqke7gmv1axX/3y3DXmS3QUj3aP5++SGIVwdvivXd+fWGvdNcNwbm9laUC5IGGA5CC5SpLlVo0pXdctFjv+1q1fzmlgPkpv/SqNI4JK2WJSalqu43TAvAynUPKGPjYFAbC2hOmnE1xRdnZH24Uz6PN0JKuwSa+iD+x73XazNBE1aGpVhi7iLmgPAgMBAAGjUzBRMB0GA1UdDgQWBBSVvZjErcey8q0Th9clkQmjcSTR4zAfBgNVHSMEGDAWgBSVvZjErcey8q0Th9clkQmjcSTR4zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAIUrTLAHp8IEmOSh3SWaD+D3FA4J6RhwdZvFtk3OLOqDPX4yXOy8PvcbKn7EWV3m/e1KmuGIL7GYrWhC4pMIrdcXEh8Ocv6vdrWXoOOero9rEgWZxbCsmyOJGjKlFE+rAu+12a46xtDgi+/h8n8tVwgguh5UAWtCXJqVQmkqWEk6yMCERWdv68Gi0ZtYnexKMufp8z2mdkN9AAy1OBC4Fwtb6onfXsnpTe+ogkYlOXq9dMdIu96ovNsjl0O00ctZnkPpXFEPp9HAhvpNR2I48xM/ub85jB+HaKeUnDyn/OxAa8KrxMTiTPMU4NmXObONtQb+qwEe9z3Gco3gASZCEN
+SAML2_SP_CERT_PRIVATEKEY=MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvF7zYCAbE5eEzTfkq8JBkadro0y/0kCWx0FYSekN3Aw38kYC6nxWpaawscJF3cz4Pd3zg0jgT34XeO6r3VECM6CshRmkA9fmCM6xD4jI+5dU0fR7PK8/ndnImRFpJodSYKHyb1Nb4plz6lTrTclkkJpYmrI2nlxqke7gmv1axX/3y3DXmS3QUj3aP5++SGIVwdvivXd+fWGvdNcNwbm9laUC5IGGA5CC5SpLlVo0pXdctFjv+1q1fzmlgPkpv/SqNI4JK2WJSalqu43TAvAynUPKGPjYFAbC2hOmnE1xRdnZH24Uz6PN0JKuwSa+iD+x73XazNBE1aGpVhi7iLmgPAgMBAAECggEAAwvS6iAz8EL2N+oMIUJ1fbG8MGKehq1FwO3b/oueJ8FM0s9QSjWhOTDDHdXdGt0ybyGptN4Id+LHyDXgwFd/j+TbhEoUcCtk1kX7m0koSfHmlusOPj4zpw97qdDTFxeKR+1oZPLP+vO7Dm9sDZseV1LaUwCAu/ve7mVjeQeg5k3Bkm/qRBChxKjPh+voQG/Du9NWOAvI49JWN7KZarWWn6ZHN27oYfwdJ/xWjhsOrlcZGT0jTy8NPVsxWB8iDmlt+cDDqu745ghlcOW4acFlkElX0AVzEw3ieN7kx3aOO0i6l7aybcez3tSJLvSSk23ldwOZu8Ciq2lZsN10Ah0qvQKBgQDu8lie4kCPlSEz2fQrLF2m3Sd5RtMwtSR/uNm5Kk0vn33glA4F5cvM316lBB5k37JfuCOhZgTKEpffo5B26PiFrl7zIzMZTGoMcxGT2JGZMABNq5NINn77hv+9KM/b+27ZhrLrA8CsZ1mDLHID7ts5fmfnFFlmJWLLU+vhC4s4/QKBgQC7lsD2uJz9UbdanKXfCebEaOsmC0xJGrJVRWlovFLOZMNyMfvJf+MKxQS2XSBGjoG+CSPmZX/0ErKz45SD8+X05WJ7sGUxZNyiuByHR4+QPCxxkZ7WFT7D59UQsK7bf+yjTWLmSiAeljNLIpzlriYBNb3C3OxnzQU2zUeZ1L4o+wKBgQCa81dauTfKpJeia012jc+xfKqzb6VWabFgjfvKos7o+hGECB7L3kf59EQI2JHpMlMW1W9to52peMM6CHSPV+aJshjqrMHfPvlqV1hnusI4R7N6qq/Y3VYdQF8pSIT6j6NDtqDh3E4evuqCMNlDCarqLrmsVTrgDZBycFp/VqAS9QKBgH8oxOs536lUIE87CrFzW8veNzBVzkNr5mEpKTgHGLax1U7ulPhVSYl+XiBkZkGNzmMMfRpryV2g4yRP69e6mDH24FhqDV57OZjP5v7IwoeKUrI1fQ8v3Zkc6PBkZFOElttn1Ne4fadeN60B7ItBDqAZVuXlrhb7AkLQym17qd/LAoGAQr/pw9Z2V6gSes06c8j8cKAQDr6FkCtMjnKQnUO/JtQ2lfzQwycRNTwUTUByi6R/ynWMGel/JElcmBC4r98R2jefRMBCCBJIsDEaFmst+bgGcDd8A32wkaAAKLtRc5FKrHml7Itliv5BWpjOr82nqaD92zMWX/ddLtX3ZvYSAb4=

.gitignore

@@ -11,3 +11,4 @@
 .env.production
 .phpunit.result.cache
 npm-debug.log
+coverage.xml

app/App/Authentication/Providers/Saml2ServiceProvider.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Authentication\Providers;
+
+use Illuminate\Support\ServiceProvider;
+use Slides\Saml2\Events\SignedIn;
+
+class Saml2ServiceProvider extends ServiceProvider
+{
+    public function register(): void
+    {
+        $events = $this->app->make('events');
+
+        $events->listen(SignedIn::class, function (SignedIn $event) {
+            $messageId = $event->getAuth()->getLastMessageId();
+
+            logger()->info('Logged in successfully');
+
+            //            // your own code preventing reuse of a $messageId to stop replay attacks
+            //            $samlUser = $event->getSaml2User();
+            //
+            //            $userData = [
+            //                'id' => $samlUser->getUserId(),
+            //                'attributes' => $samlUser->getAttributes(),
+            //                'assertion' => $samlUser->getRawSamlAssertion()
+            //            ];
+            //
+            //            $user = // find user by ID or attribute
+            //
+            //                // Login a user.
+            //                Auth::login($user);
+        });
+    }
+
+    public function boot(): void
+    {
+    }
+}

app/App/Shared/Http/Kernel.php

@@ -16,7 +16,7 @@ class Kernel extends HttpKernel
      * @var array<int, class-string|string>
      */
     protected $middleware = [
-        // \App\Http\Middleware\TrustHosts::class,
+        // \App\Shared\Http\Middleware\TrustHosts::class,
         \App\Shared\Http\Middleware\TrustProxies::class,
         \Illuminate\Http\Middleware\HandleCors::class,
         \App\Shared\Http\Middleware\PreventRequestsDuringMaintenance::class,
@@ -45,6 +45,11 @@ class Kernel extends HttpKernel
             \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
+        'saml' => [
+            \App\Shared\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+        ],
     ];
 
     /**

app/App/Shared/Providers/RouteServiceProvider.php

@@ -5,6 +5,7 @@
 namespace App\Shared\Providers;
 
 use Illuminate\Cache\RateLimiting\Limit;
+use Illuminate\Config\Repository as ConfigRepository;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\RateLimiter;
@@ -30,9 +31,11 @@ public function boot(): void
             return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
         });
 
-        $this->routes(function () {
+        $configRepository = $this->app->get(ConfigRepository::class);
+
+        $this->routes(function () use ($configRepository) {
             Route::middleware('api')
-                ->prefix('api')
+                ->domain($configRepository->get('app.domain'))
                 ->group(base_path('routes/api.php'));
 
             Route::middleware('web')

app/Domain/Organisation/Enums/AuthenticationMethodType.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Domain\Organisation\Enums;
+
+enum AuthenticationMethodType: string
+{
+    case Saml2 = 'saml2';
+}

app/Domain/Organisation/Models/AuthenticationMethod.php

@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Domain\Organisation\Models;
+
+use Domain\Organisation\Enums\AuthenticationMethodType;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+
+class AuthenticationMethod extends Model
+{
+    use HasFactory;
+
+    /**
+     * @var array<string>
+     */
+    protected $guarded = [];
+
+    /**
+     * @var array<string, string>
+     */
+    protected $casts = [
+        'type' => AuthenticationMethodType::class,
+        'is_active' => 'boolean',
+    ];
+}

app/Domain/Organisation/Models/Organisation.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Domain\Organisation\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\HasMany;
+
+class Organisation extends Model
+{
+    use HasFactory;
+
+    /**
+     * @var array<string>
+     */
+    protected $guarded = [];
+
+    /**
+     * @var array<string, string>
+     */
+    protected $casts = [
+    ];
+
+    public function authenticationMethods(): HasMany
+    {
+        return $this->hasMany(AuthenticationMethod::class);
+    }
+}

app/Domain/Skilltrees/Models/Skilltree.php

@@ -0,0 +1,11 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Domain\Skilltrees\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class Skilltree extends Model
+{
+}

bootstrap/app.php

@@ -17,6 +17,9 @@
     $_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
 );
 
+// Is this really necessary?
+$app->useAppPath('app/App');
+
 /*
 |--------------------------------------------------------------------------
 | Bind Important Interfaces

composer.json

@@ -6,6 +6,7 @@
     "license": "MIT",
     "require": {
         "php": "^8.1",
+        "24slides/laravel-saml2": "^2.3",
         "guzzlehttp/guzzle": "^7.2",
         "laravel/framework": "^10.10",
         "laravel/sanctum": "^3.3",
@@ -23,8 +24,8 @@
     },
     "autoload": {
         "psr-4": {
-            "App\\": "app/App",
-            "Domain\\": "app/Domain",
+            "App\\": "app/App/",
+            "Domain\\": "app/Domain/",
             "Database\\Factories\\": "database/factories/",
             "Database\\Seeders\\": "database/seeders/"
         }