Support aggregation of attributes from multiple databases

.github/workflows/php.yml

@@ -217,7 +217,7 @@ jobs:
         with:
           # Should be the lowest supported version
           php-version: '8.2'
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, pdo, posix, spl, xml
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, pdo, posix, spl, xml, zip
           tools: composer
           coverage: none
 
@@ -237,7 +237,7 @@ jobs:
           restore-keys: ${{ runner.os }}-composer-
 
       - name: Install Composer dependencies
-        run: composer install --no-progress --prefer-dist --optimize-autoloader
+        run: composer install --no-progress --prefer-dist --optimize-autoloader --ignore-platform-req=ext-posix
 
       - name: Security check for locked dependencies
         run: composer audit

composer.json

@@ -30,7 +30,8 @@
     },
     "autoload-dev": {
         "psr-4": {
-            "SimpleSAML\\Test\\Utils\\": "vendor/simplesamlphp/simplesamlphp/tests/Utils"
+            "SimpleSAML\\Test\\Utils\\": "vendor/simplesamlphp/simplesamlphp/tests/Utils",
+            "SimpleSAML\\Test\\Module\\sqlauth\\Auth\\Source\\": "tests/src/Auth/Source/"
         }
     },
     "require": {

phpstan-baseline-dev.neon

@@ -1,25 +1,13 @@
 parameters:
 	ignoreErrors:
 		-
-			message: '#^Parameter \#1 \$array of function asort expects array, string given\.$#'
-			identifier: argument.type
-			count: 4
-			path: tests/src/Auth/Source/PasswordVerifyTest.php
+			message: '#^Property SimpleSAML\\Test\\Module\\sqlauth\\Auth\\Source\\SQL2MultipleAuthTest\:\:\$config type has no value type specified in iterable type array\.$#'
+			identifier: missingType.iterableValue
+			count: 1
+			path: tests/src/Auth/Source/SQL2MultipleAuthTest.php
 
 		-
-			message: '#^Property SimpleSAML\\Test\\Module\\sqlauth\\Auth\\Source\\PasswordVerifyTest\:\:\$config \(array\<string, string\|null\>\) does not accept array\<string, list\<string\>\|string\|null\>\.$#'
-			identifier: assign.propertyType
-			count: 4
-			path: tests/src/Auth/Source/PasswordVerifyTest.php
-
-		-
-			message: '#^Parameter \#1 \$array of function asort expects array, mixed given\.$#'
-			identifier: argument.type
-			count: 4
-			path: tests/src/Auth/Source/SQLTest.php
-
-		-
-			message: '#^Property SimpleSAML\\Test\\Module\\sqlauth\\Auth\\Source\\SQLTest\:\:\$config \(array\<string, string\|null\>\) does not accept array\<string, list\<string\>\|string\|null\>\.$#'
-			identifier: assign.propertyType
-			count: 4
-			path: tests/src/Auth/Source/SQLTest.php
+			message: '#^Property SimpleSAML\\Test\\Module\\sqlauth\\Auth\\Source\\SQL2SimpleTest\:\:\$config type has no value type specified in iterable type array\.$#'
+			identifier: missingType.iterableValue
+			count: 1
+			path: tests/src/Auth/Source/SQL2SimpleTest.php

src/Auth/Source/PasswordVerify1Compat.php

@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\sqlauth\Auth\Source;
+
+/**
+ * @package SimpleSAMLphp
+ */
+
+class PasswordVerify1Compat extends SQL2
+{
+    /**
+     * Constructor for this authentication source.
+     *
+     * @param array $info  Information about this authentication source.
+     * @param array $config  Configuration.
+     */
+    public function __construct(array $info, array $config)
+    {
+        /* Transform PasswordVerify (version 1) config to SQL2 config
+         * Version 1 supported only one database, but multiple queries. The first query was defined
+         * to be the "authentication query", all subsequent queries were "attribute queries".
+         */
+        $v2config = [
+            'sqlauth:SQL2',
+            'databases' => [
+                'default' => [
+                    'dsn' => $config['dsn'],
+                    'username' => $config['username'],
+                    'password' => $config['password'],
+                ],
+            ],
+
+            'auth_queries' => [
+                'default' => [
+                    'database' => 'default',
+                    'query' => is_array($config['query']) ? $config['query'][0] : $config['query'],
+                    'password_verify_hash_column' => 'passwordhash',
+                ],
+            ],
+        ];
+
+        if (array_key_exists('username_regex', $config)) {
+            $v2config['auth_queries']['default']['username_regex'] = $config['username_regex'];
+        }
+
+        // Override the default passwordhash column if configured
+        if (array_key_exists('passwordhash_column', $config)) {
+            $v2config['auth_queries']['default']['password_verify_hash_column'] = $config['passwordhash_column'];
+        }
+
+        $numQueries = is_array($config['query']) ? count($config['query']) : 0;
+        if ($numQueries > 1) {
+            $v2config['attr_queries'] = [];
+            for ($i = 1; $i < $numQueries; $i++) {
+                $v2config['attr_queries']['query' . $i] = [
+                    'database' => 'default',
+                    'query' => $config['query'][$i],
+                ];
+            }
+        }
+
+        parent::__construct($info, $v2config);
+    }
+}

src/Auth/Source/SQL1Compat.php

@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\sqlauth\Auth\Source;
+
+/**
+ * @package SimpleSAMLphp
+ */
+
+class SQL1Compat extends SQL2
+{
+    /**
+     * Constructor for this authentication source.
+     *
+     * @param array $info  Information about this authentication source.
+     * @param array $config  Configuration.
+     */
+    public function __construct(array $info, array $config)
+    {
+        /* Transform SQL (version 1) config to SQL2 config
+         * Version 1 supported only one database, but multiple queries. The first query was defined
+         * to be the "authentication query", all subsequent queries were "attribute queries".
+         */
+        $v2config = [
+            'sqlauth:SQL2',
+            'databases' => [
+                'default' => [
+                    'dsn' => $config['dsn'],
+                    'username' => $config['username'],
+                    'password' => $config['password'],
+                ],
+            ],
+
+            'auth_queries' => [
+                'default' => [
+                    'database' => 'default',
+                    'query' => is_array($config['query']) ? $config['query'][0] : $config['query'],
+                ],
+            ],
+        ];
+
+        if (array_key_exists('username_regex', $config)) {
+            $v2config['auth_queries']['default']['username_regex'] = $config['username_regex'];
+        }
+
+        $numQueries = is_array($config['query']) ? count($config['query']) : 0;
+        if ($numQueries > 1) {
+            $v2config['attr_queries'] = [];
+            for ($i = 1; $i < $numQueries; $i++) {
+                $v2config['attr_queries']['query' . $i] = [
+                    'database' => 'default',
+                    'query' => $config['query'][$i],
+                ];
+            }
+        }
+
+        parent::__construct($info, $v2config);
+    }
+}