Doc improvements + route adjustment

README.md

@@ -49,13 +49,21 @@ Any pages protected by middleware are automatically redirected to SSO. To direct
 
 ### Certs and Metadata (php-saml)
 
-For using the PHP SAML Toolkit, the SAML keys and certs can be generated with the following command, or as an option from the starter kit installer:
+For using the PHP SAML Toolkit, the SAML keys and certs can be generated with the following command:
 
 ```bash
   php artisan cu-auth:generate-keys
 ```
 
-The SAML metadata can be retrieved at `https://<site-url>/sso/metadata`.
+It is possible to have composer automatically install the keys on `composer install` by adding the following to the `scripts` section of `composer.json`, which will only install the keys if they do not already exist:
+
+```json
+"scripts": {
+    "post-install-cmd": [
+        "@php artisan cu-auth:generate-keys"
+    ]
+}
+```
 
 The default location for the SAML keys and certs is in `storage/app/keys`. This location is configurable in the `config/cu-auth.php` file or by setting the `SAML_CERT_PATH` in `.env`.
 
@@ -86,6 +94,8 @@ $email = $remoteIdentity->email(); // Primary email (i.e. netid@cornell.edu)
 $name = $remoteIdentity->name(); // Display name
 ```
 
+The SAML attributes available are based on the CIT-documented list: https://it.cornell.edu/shibboleth/shibboleth-faq.
+
 ### User authorization
 
 If the site should manage authorization for users in the application, set `config('cu-auth.require_local_user')` to true:

pint.json

@@ -0,0 +1,6 @@
+{
+  "preset": "laravel",
+  "rules": {
+    "php_unit_method_casing": false
+  }
+}

src/CUAuthServiceProvider.php

@@ -50,6 +50,6 @@ public function boot(): void
                 Commands\GenerateKeys::class,
             ]);
         }
-        $this->loadRoutesFrom(__DIR__.'/routes.php');
+        $this->loadRoutesFrom(__DIR__.'/../routes/cu-auth.php');
     }
 }

src/Managers/SamlIdentityManager.php

@@ -17,18 +17,44 @@ class SamlIdentityManager implements IdentityManager
 {
     // Shibboleth fields generally available from either CIT or Weill IdPs.
     public const SAML_FIELDS = [
-        'eduPersonPrimaryAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5',  // staff|student|...
-        'cn' => 'urn:oid:2.5.4.3',                   // John R. Doe
-        'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',  // netid@cornell.edu
-        'givenName' => 'urn:oid:2.5.4.42',                  // John
-        'sn' => 'urn:oid:2.5.4.4',                   // Doe
-        'displayName' => 'urn:oid:2.16.840.1.113730.3.1.241', // John Doe
-        'uid' => 'urn:oid:0.9.2342.19200300.100.1.1', // netid
-        'eduPersonOrgDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3',  // o=Cornell University,c=US
-        'mail' => 'urn:oid:0.9.2342.19200300.100.1.3', // alias? email
-        'eduPersonAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',  // ['employee', 'staff', ...]
-        'eduPersonScopedAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9',  // [employee@cornell.edu, staff@cornell.edu, ...]
-        'eduPersonEntitlement' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7',  //
+        // staff|student|...
+        'eduPersonPrimaryAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.5',
+
+        // John R. Doe [CIT only]
+        'cn' => 'urn:oid:2.5.4.3',
+
+        // netid@cornell.edu
+        'eduPersonPrincipalName' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
+
+        // John
+        'givenName' => 'urn:oid:2.5.4.42',
+
+        // Doe
+        'sn' => 'urn:oid:2.5.4.4',
+
+        // John Doe
+        'displayName' => 'urn:oid:2.16.840.1.113730.3.1.241',
+
+        // netid
+        'uid' => 'urn:oid:0.9.2342.19200300.100.1.1',
+
+        // o=Cornell University,c=US [CIT only]
+        'eduPersonOrgDN' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.3',
+
+        // alias? email
+        'mail' => 'urn:oid:0.9.2342.19200300.100.1.3',
+
+        // ['employee', 'staff', ...] [CIT only]
+        'eduPersonAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
+
+        // [employee@cornell.edu, staff@cornell.edu, ...]
+        'eduPersonScopedAffiliation' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9',
+
+        // ? [CIT only]
+        'eduPersonEntitlement' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.7',
+
+        // Web Developer [Weill only]
+        'title' => 'urn:oid:2.5.4.12',
     ];
 
     public function hasIdentity(): bool

tests/Feature/InstallCUAuth.php

@@ -14,7 +14,6 @@ protected function setUp(): void
         $this->resetInstallFiles();
     }
 
-
     public function testCanInstallCUAuthConfigFiles()
     {
         $basePath = $this->applicationBasePath();

tests/Feature/SamlIdentityManagerTest.php

@@ -2,6 +2,7 @@
 
 namespace CornellCustomDev\LaravelStarterKit\CUAuth\Tests\Feature;
 
+use CornellCustomDev\LaravelStarterKit\CUAuth\CUAuthServiceProvider;
 use CornellCustomDev\LaravelStarterKit\CUAuth\Events\CUAuthenticated;
 use CornellCustomDev\LaravelStarterKit\CUAuth\Listeners\AuthorizeUser;
 use CornellCustomDev\LaravelStarterKit\CUAuth\Managers\SamlIdentityManager;
@@ -31,6 +32,12 @@ public function testDefaultConfigSettingsAreValid()
     public function testCanGetSsoUrl()
     {
         $_ENV['SAML_IDP_BASEURL'] = 'https://shibidp-test.cit.cornell.edu/idp';
+        $this->artisan('vendor:publish', [
+            '--tag' => 'starterkit:'.CUAuthServiceProvider::INSTALL_PHP_SAML_TAG,
+            '--force' => true,
+        ])->assertSuccessful();
+        $this->artisan('cu-auth:generate-keys')->assertSuccessful();
+
         $this->app['config']->set('php-saml-toolkit', require config_path('php-saml-toolkit.php'));
 
         $url = (new SamlIdentityManager)->getSsoUrl('/');
@@ -41,6 +48,12 @@ public function testCanGetSsoUrl()
     public function testCanGetWeillSsoUrl()
     {
         $_ENV['SAML_IDP_BASEURL'] = 'https://login-test.weill.cornell.edu/idp';
+        $this->artisan('vendor:publish', [
+            '--tag' => 'starterkit:'.CUAuthServiceProvider::INSTALL_PHP_SAML_TAG,
+            '--force' => true,
+        ])->assertSuccessful();
+        $this->artisan('cu-auth:generate-keys', ['--weill' => true, '--force' => true])->assertSuccessful();
+
         $this->app['config']->set('php-saml-toolkit', require config_path('php-saml-toolkit.php'));
 
         $url = (new SamlIdentityManager)->getSsoUrl('/');

tests/Unit/UnitTestCase.php

@@ -0,0 +1,7 @@
+<?php
+
+namespace CornellCustomDev\LaravelStarterKit\CUAuth\Tests\Unit;
+
+use CornellCustomDev\LaravelStarterKit\CUAuth\Tests\TestCase;
+
+class UnitTestCase extends TestCase {}