From 9a7880c319c31b1ca5f40ab5ce899272270fe51a Mon Sep 17 00:00:00 2001
From: Miguel Angel <me@miguelangel.co>
Date: Fri, 1 Dec 2023 15:36:11 -0400
Subject: [PATCH 1/6] feat: add saml metadata controller to validate xml

---
 .../MetadataFileNotFoundException.php         | 10 ++++
 .../Controllers/Saml/MetadataController.php   | 48 +++++++++++++++++++
 routes/web.php                                |  4 ++
 3 files changed, 62 insertions(+)
 create mode 100644 ProcessMaker/Exception/MetadataFileNotFoundException.php
 create mode 100644 ProcessMaker/Http/Controllers/Saml/MetadataController.php

diff --git a/ProcessMaker/Exception/MetadataFileNotFoundException.php b/ProcessMaker/Exception/MetadataFileNotFoundException.php
new file mode 100644
index 0000000000..fb74d17685
--- /dev/null
+++ b/ProcessMaker/Exception/MetadataFileNotFoundException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace ProcessMaker\Exception;
+
+use Exception;
+
+class MetadataFileNotFoundException extends Exception
+{
+    //
+}
diff --git a/ProcessMaker/Http/Controllers/Saml/MetadataController.php b/ProcessMaker/Http/Controllers/Saml/MetadataController.php
new file mode 100644
index 0000000000..ea02dbb885
--- /dev/null
+++ b/ProcessMaker/Http/Controllers/Saml/MetadataController.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace ProcessMaker\Http\Controllers\Saml;
+
+use CodeGreenCreative\SamlIdp\Http\Controllers\MetadataController as SamlIdpMetadataController;
+use ProcessMaker\Exception\MetadataFileNotFoundException;
+
+class MetadataController extends SamlIdpMetadataController
+{
+    public function __construct()
+    {
+        $file = $this->getMetadataFilePath();
+
+        if ($this->fileExists($file)) {
+            $this->modifyFileContent($file);
+        } else {
+            throw new MetadataFileNotFoundException('Unable to find metadata file');
+        }
+    }
+
+    private function getMetadataFilePath()
+    {
+        $basePath = base_path();
+        $directory = $basePath . '/vendor/codegreencreative/laravel-samlidp/resources/views';
+        return $directory . '/metadata.blade.php';
+    }
+
+    private function fileExists($file)
+    {
+        $directory = dirname($file);
+        return is_dir($directory) && file_exists($file);
+    }
+
+    private function modifyFileContent($file)
+    {
+        $lines = file($file);
+
+        // check if the first line is the xml tag
+        if (strpos($lines[0], '<?xml') === 0) {
+            // remove break lines and add the php tag
+            $lines[0] = str_replace(PHP_EOL, '', $lines[0]);
+            $lines[0] = "@php echo '" . $lines[0] . "' @endphp" . PHP_EOL;
+
+            // save the contents
+            file_put_contents($file, $lines);
+        }
+    }
+}
diff --git a/routes/web.php b/routes/web.php
index 9bdc56853a..de5d90882f 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -30,6 +30,7 @@
 use ProcessMaker\Http\Controllers\ProcessesCatalogueController;
 use ProcessMaker\Http\Controllers\ProfileController;
 use ProcessMaker\Http\Controllers\RequestController;
+use ProcessMaker\Http\Controllers\Saml\MetadataController;
 use ProcessMaker\Http\Controllers\TaskController;
 use ProcessMaker\Http\Controllers\TemplateController;
 use ProcessMaker\Http\Controllers\TestStatusController;
@@ -178,3 +179,6 @@
 })->name('password-success');
 
 Route::get('/unavailable', [UnavailableController::class, 'show'])->name('error.unavailable');
+
+// SAML Metadata Route
+Route::resource('/saml/metadata', MetadataController::class)->only('index');

From 98fe44c19a44db6b712e720aec16eda2785b4f3c Mon Sep 17 00:00:00 2001
From: Miguel Angel <me@miguelangel.co>
Date: Tue, 5 Dec 2023 11:16:22 -0400
Subject: [PATCH 2/6] fix: override metadata view

---
 .../Controllers/Saml/MetadataController.php   | 48 -------------------
 .../views/vendor/samlidp/metadata.blade.php   | 21 ++++++++
 routes/web.php                                |  3 --
 3 files changed, 21 insertions(+), 51 deletions(-)
 delete mode 100644 ProcessMaker/Http/Controllers/Saml/MetadataController.php
 create mode 100644 resources/views/vendor/samlidp/metadata.blade.php

diff --git a/ProcessMaker/Http/Controllers/Saml/MetadataController.php b/ProcessMaker/Http/Controllers/Saml/MetadataController.php
deleted file mode 100644
index ea02dbb885..0000000000
--- a/ProcessMaker/Http/Controllers/Saml/MetadataController.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-
-namespace ProcessMaker\Http\Controllers\Saml;
-
-use CodeGreenCreative\SamlIdp\Http\Controllers\MetadataController as SamlIdpMetadataController;
-use ProcessMaker\Exception\MetadataFileNotFoundException;
-
-class MetadataController extends SamlIdpMetadataController
-{
-    public function __construct()
-    {
-        $file = $this->getMetadataFilePath();
-
-        if ($this->fileExists($file)) {
-            $this->modifyFileContent($file);
-        } else {
-            throw new MetadataFileNotFoundException('Unable to find metadata file');
-        }
-    }
-
-    private function getMetadataFilePath()
-    {
-        $basePath = base_path();
-        $directory = $basePath . '/vendor/codegreencreative/laravel-samlidp/resources/views';
-        return $directory . '/metadata.blade.php';
-    }
-
-    private function fileExists($file)
-    {
-        $directory = dirname($file);
-        return is_dir($directory) && file_exists($file);
-    }
-
-    private function modifyFileContent($file)
-    {
-        $lines = file($file);
-
-        // check if the first line is the xml tag
-        if (strpos($lines[0], '<?xml') === 0) {
-            // remove break lines and add the php tag
-            $lines[0] = str_replace(PHP_EOL, '', $lines[0]);
-            $lines[0] = "@php echo '" . $lines[0] . "' @endphp" . PHP_EOL;
-
-            // save the contents
-            file_put_contents($file, $lines);
-        }
-    }
-}
diff --git a/resources/views/vendor/samlidp/metadata.blade.php b/resources/views/vendor/samlidp/metadata.blade.php
new file mode 100644
index 0000000000..306efca3a7
--- /dev/null
+++ b/resources/views/vendor/samlidp/metadata.blade.php
@@ -0,0 +1,21 @@
+@php echo '<?xml version="1.0"?>' @endphp
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2027-01-20T19:04:25Z" cacheDuration="PT1485371065S" entityID="{{ url(config('samlidp.issuer_uri')) }}">
+  <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>{{ $cert }}</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:KeyDescriptor use="encryption">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>{{ $cert }}</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </md:KeyDescriptor>
+    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+    <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="{{ url(config('samlidp.login_uri')) }}"/>
+  </md:IDPSSODescriptor>
+</md:EntityDescriptor>
diff --git a/routes/web.php b/routes/web.php
index de5d90882f..d53de721f2 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -179,6 +179,3 @@
 })->name('password-success');
 
 Route::get('/unavailable', [UnavailableController::class, 'show'])->name('error.unavailable');
-
-// SAML Metadata Route
-Route::resource('/saml/metadata', MetadataController::class)->only('index');

From d8c30c0c848623b32f5866a94e25998dfd43f911 Mon Sep 17 00:00:00 2001
From: Miguel Angel <me@miguelangel.co>
Date: Tue, 5 Dec 2023 11:34:50 -0400
Subject: [PATCH 3/6] fix: remove unused files

---
 .../Exception/MetadataFileNotFoundException.php        | 10 ----------
 routes/web.php                                         |  1 -
 2 files changed, 11 deletions(-)
 delete mode 100644 ProcessMaker/Exception/MetadataFileNotFoundException.php

diff --git a/ProcessMaker/Exception/MetadataFileNotFoundException.php b/ProcessMaker/Exception/MetadataFileNotFoundException.php
deleted file mode 100644
index fb74d17685..0000000000
--- a/ProcessMaker/Exception/MetadataFileNotFoundException.php
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php
-
-namespace ProcessMaker\Exception;
-
-use Exception;
-
-class MetadataFileNotFoundException extends Exception
-{
-    //
-}
diff --git a/routes/web.php b/routes/web.php
index d53de721f2..9bdc56853a 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -30,7 +30,6 @@
 use ProcessMaker\Http\Controllers\ProcessesCatalogueController;
 use ProcessMaker\Http\Controllers\ProfileController;
 use ProcessMaker\Http\Controllers\RequestController;
-use ProcessMaker\Http\Controllers\Saml\MetadataController;
 use ProcessMaker\Http\Controllers\TaskController;
 use ProcessMaker\Http\Controllers\TemplateController;
 use ProcessMaker\Http\Controllers\TestStatusController;

From 975577bebfa548ccabeb30e41ee63dae0623cbde Mon Sep 17 00:00:00 2001
From: Miguel Angel <me@miguelangel.co>
Date: Tue, 5 Dec 2023 22:09:54 -0400
Subject: [PATCH 4/6] feat: add saml metadata controller to manage validUntil
 and validUntil options

---
 .../Controllers/Saml/MetadataController.php   | 46 +++++++++++++++++++
 .../views/vendor/samlidp/metadata.blade.php   |  2 +-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 ProcessMaker/Http/Controllers/Saml/MetadataController.php

diff --git a/ProcessMaker/Http/Controllers/Saml/MetadataController.php b/ProcessMaker/Http/Controllers/Saml/MetadataController.php
new file mode 100644
index 0000000000..75b0da2c59
--- /dev/null
+++ b/ProcessMaker/Http/Controllers/Saml/MetadataController.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace ProcessMaker\Http\Controllers\Saml;
+
+use CodeGreenCreative\SamlIdp\Http\Controllers\MetadataController as SamlIdpMetadataController;
+use DateTime;
+use Illuminate\Support\Facades\View;
+
+class MetadataController extends SamlIdpMetadataController
+{
+    public function __construct()
+    {
+        $valid_until = $this->getValidUntil();
+        $cache_duration = $this->getCacheDuration();
+
+        View::share([
+            'saml_valid_until' => $valid_until,
+            'saml_cache_duration' => $cache_duration,
+        ]);
+    }
+
+    /**
+     * The function returns the current date and time plus one year.
+     *
+     * @return the current date and time plus one year in the format 'Y-m-d\TH:i:s\Z'.
+     */
+    protected function getValidUntil()
+    {
+        return date('Y-m-d\TH:i:s\Z', strtotime('+1 year'));
+    }
+
+    /**
+     * The getCacheDuration function calculates the duration in seconds between the current time
+     *
+     * @return a string representing the duration in seconds
+     */
+    protected function getCacheDuration()
+    {
+        $now = new DateTime();
+        $oneMonthFromNow = new DateTime('+1 month');
+        $interval = $now->diff($oneMonthFromNow);
+        $seconds = $interval->days * 24 * 60 * 60;
+
+        return 'PT' . $seconds . 'S';
+    }
+}
diff --git a/resources/views/vendor/samlidp/metadata.blade.php b/resources/views/vendor/samlidp/metadata.blade.php
index 306efca3a7..58844777a2 100644
--- a/resources/views/vendor/samlidp/metadata.blade.php
+++ b/resources/views/vendor/samlidp/metadata.blade.php
@@ -1,5 +1,5 @@
 @php echo '<?xml version="1.0"?>' @endphp
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2027-01-20T19:04:25Z" cacheDuration="PT1485371065S" entityID="{{ url(config('samlidp.issuer_uri')) }}">
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="{{ $saml_valid_until }}" cacheDuration="{{ $saml_cache_duration }}" entityID="{{ url(config('samlidp.issuer_uri')) }}">
   <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
     <md:KeyDescriptor use="signing">
       <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

From 59f2597b289333eaf7cc7109d984bbddafa408a2 Mon Sep 17 00:00:00 2001
From: Miguel Angel <me@miguelangel.co>
Date: Wed, 6 Dec 2023 08:00:41 -0400
Subject: [PATCH 5/6] fix code smell

---
 ProcessMaker/Http/Controllers/Saml/MetadataController.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ProcessMaker/Http/Controllers/Saml/MetadataController.php b/ProcessMaker/Http/Controllers/Saml/MetadataController.php
index 75b0da2c59..d0272ee7aa 100644
--- a/ProcessMaker/Http/Controllers/Saml/MetadataController.php
+++ b/ProcessMaker/Http/Controllers/Saml/MetadataController.php
@@ -10,12 +10,12 @@ class MetadataController extends SamlIdpMetadataController
 {
     public function __construct()
     {
-        $valid_until = $this->getValidUntil();
-        $cache_duration = $this->getCacheDuration();
+        $validUntil = $this->getValidUntil();
+        $cacheDuration = $this->getCacheDuration();
 
         View::share([
-            'saml_valid_until' => $valid_until,
-            'saml_cache_duration' => $cache_duration,
+            'saml_valid_until' => $validUntil,
+            'saml_cache_duration' => $cacheDuration,
         ]);
     }
 

From 260293a5264a4bda95e2b9d8582576264f6d4a97 Mon Sep 17 00:00:00 2001
From: Miguel Angel <me@miguelangel.co>
Date: Wed, 6 Dec 2023 08:12:39 -0400
Subject: [PATCH 6/6] feat: add saml metadata route

---
 routes/web.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/routes/web.php b/routes/web.php
index 9bdc56853a..de5d90882f 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -30,6 +30,7 @@
 use ProcessMaker\Http\Controllers\ProcessesCatalogueController;
 use ProcessMaker\Http\Controllers\ProfileController;
 use ProcessMaker\Http\Controllers\RequestController;
+use ProcessMaker\Http\Controllers\Saml\MetadataController;
 use ProcessMaker\Http\Controllers\TaskController;
 use ProcessMaker\Http\Controllers\TemplateController;
 use ProcessMaker\Http\Controllers\TestStatusController;
@@ -178,3 +179,6 @@
 })->name('password-success');
 
 Route::get('/unavailable', [UnavailableController::class, 'show'])->name('error.unavailable');
+
+// SAML Metadata Route
+Route::resource('/saml/metadata', MetadataController::class)->only('index');