Skip to content

Feature/http client#2574

Draft
tvdijen wants to merge 15 commits intosimplesamlphp-2.5from
feature/http-client
Draft

Feature/http client#2574
tvdijen wants to merge 15 commits intosimplesamlphp-2.5from
feature/http-client

Conversation

@tvdijen
Copy link
Member

@tvdijen tvdijen commented Dec 10, 2025

No description provided.

@tvdijen tvdijen force-pushed the feature/http-client branch from 381f63b to 941c8a7 Compare December 10, 2025 22:25
@tvdijen tvdijen mentioned this pull request Dec 10, 2025
Open
@tvdijen tvdijen force-pushed the feature/http-client branch from cb14698 to ec470ce Compare December 10, 2025 22:55
@monkeyiq
Copy link
Contributor

monkeyiq commented Dec 15, 2025

Let me know when the draft is ready for a looking at. If that is now then I'm happy to kick the tyres.

@tvdijen
Copy link
Member Author

tvdijen commented Dec 15, 2025

Oh you can take a look! I still have to fix \SimpleSAML\Utils\HTTP::fetch in the same way.
We also need to take a look at the modules. I know some use guzzle as http-client now.

@tvdijen tvdijen force-pushed the simplesamlphp-2.5 branch 2 times, most recently from 4c158e2 to 8e1da16 Compare December 15, 2025 09:21
monkeyiq
monkeyiq requested changes Dec 16, 2025
View reviewed changes
@monkeyiq
Copy link
Contributor

monkeyiq commented Dec 16, 2025

I am thinking that around the creation of HttpClient::create the $proxy / $proxyAuth code might need to be replicated a bit short term. Also maybe we want to Logger warn the user to move the proxy setting to the symfony config for the http-client.

So instead of calling HttpClient::create directly it makes sense to either add a createHttpClient method in \SimpleSAML\Utils\HTTP or make a HTTPClientFactory type class there. If it is a dedicated factory class or a static factory method in an existing HTTP class is less important IMHO.

Since the HTTP class already has the fetch which is client related we could just add the createHttpClient in HTTP for now and maybe move those out later if desired.

@ioigoume
Copy link
Contributor

ioigoume commented Dec 16, 2025

@tvdijen and @monkeyiq what about the redirects?

@tvdijen
Copy link
Member Author

tvdijen commented Dec 16, 2025

They are a different story. This is about SimpleSAMLphp making an outbound connection.
Redirects should be handled with a Symfony RedirectResponse. I've done that in the master-branch already

@tvdijen tvdijen force-pushed the feature/http-client branch 2 times, most recently from 8bde086 to 3c746a7 Compare December 16, 2025 12:23
@tvdijen tvdijen force-pushed the feature/http-client branch from 3c746a7 to 3359182 Compare December 16, 2025 12:27
@tvdijen tvdijen force-pushed the feature/http-client branch from e1dd008 to 91766d0 Compare December 16, 2025 15:45
ioigoume
ioigoume reviewed Dec 17, 2025
View reviewed changes
src/SimpleSAML/Metadata/MetaDataStorageHandlerXML.php
Assert::isArray($config['context']);
$context = $config['context'];
}
$httpUtils = new Utils\HTTP();
Copy link
Contributor

@ioigoume ioigoume Dec 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tvdijen Will the dependency injection work here?

  • routing/services/simplesamlphp.yml
---

services:
  # default configuration for services in *this* file
  _defaults:
    public: false

  SimpleSAML\Configuration:
    factory: ['SimpleSAML\Configuration', 'getInstance']

  SimpleSAML\Session:
    factory: ['SimpleSAML\Session', 'getSessionFromRequest']

  SimpleSAML\Auth\AuthenticationFactory:
    class: SimpleSAML\Auth\AuthenticationFactory
    arguments:
      - '@SimpleSAML\Configuration'
      - '@SimpleSAML\Session'

  SimpleSAML\Utils\HTTP:
    class: SimpleSAML\Utils\HTTP

and then:

    protected function __construct(array $config, private ?Utils\HTTP $httpUtils = null)
    {
        $this->httpUtils ??= new Utils\HTTP();

which will also be backwards compatible.

Copy link
Member Author

@tvdijen tvdijen Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I must say I have no idea how this is supposed to work, but of course we can try?

Copy link
Contributor

@monkeyiq monkeyiq Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the idea of using the Autowiring stuff.

Copy link
Contributor

@monkeyiq monkeyiq Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had held off mentioning it on this PR to get the code up and running.

One possible follow up for a wider scope we might like to consider things like calls to Configuration::getInstance() to have the instance passed to the ctor by autowiring. Larger changes though.

That much wider scope has a 2.6 feel to it ;)

Copy link
Member Author

@tvdijen tvdijen Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we can set the example for this case, the rest can go into 2.6... I don't want to wait much longer with releasing 2.5

Copy link
Contributor

@monkeyiq monkeyiq Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds like a good plan. Focus on the http client updates getting in and the routing stuff can be 2.6.

monkeyiq
monkeyiq reviewed Dec 21, 2025
View reviewed changes
Copy link
Contributor

@monkeyiq monkeyiq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good. The CI seems to be in a bit of a hassle.

I haven't tested this here using a proxy, that is probably a good thing before we roll this out in 2.5.

config/config.php.dist

/*
* @DEPRECATED: set your proxy using environment variables.
*
Copy link
Contributor

@monkeyiq monkeyiq Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the symfony http client is honoring the proxy and noproxy lines from
https://symfony.com/doc/current/http_client.html#http-proxies it might make sense to include a reference to that at some stage.

This might be a job for a follow up PR as we don't seem to have a config/packages/framework.yaml at the moment so adding that, explaining where that is, and also then referencing it here to mention the symfony docs for proxy as the new non-deprecated way to set things.

src/SimpleSAML/Metadata/MetaDataStorageHandlerXML.php
} else {
throw new \Exception("Neither source file path/URI nor string data provided");
}
$entities = SAMLParser::parseDescriptorsString($srcXml);
Copy link
Contributor

@monkeyiq monkeyiq Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a lot cleaner. Focus being very much on the parseDescriptor and not on if the data comes from a string or a file.

@monkeyiq
Copy link
Contributor

monkeyiq commented Dec 21, 2025

There is also a reference to the curl stuff here which doesn't seem to be needed any more with this PR...

simplesamlphp/modules/admin/src/Controller/Config.php

Line 289 in 4398438

'curl_init' => [

@monkeyiq
Copy link
Contributor

monkeyiq commented Dec 21, 2025

We could maybe also delete a translation

simplesamlphp/modules/admin/locales/fi/LC_MESSAGES/admin.po

Line 268 in 8212ca7

msgid "The cURL PHP extension is missing. Cannot check for SimpleSAMLphp updates."

@monkeyiq
Copy link
Contributor

monkeyiq commented Dec 21, 2025

I thought I would dig around a bit to see what else we might like to do/add before we start considering the merge for this and the attention moved to the modules that we can refresh.

@monkeyiq
Copy link
Contributor

monkeyiq commented Dec 21, 2025
edited
Loading

You mentioned a few modules. Looking at metarefresh I see it using $httpUtils->fetch. I see that SAMLParser is also using fetch in parseFile. I am wondering if we want to hunt down the fetches right here or reimplement fetch using httpClient which would unify the client sites for us.

[ED: using HTTP::createHttpClient that is]

@tvdijen
Copy link
Member Author

tvdijen commented Dec 21, 2025
edited
Loading

We could maybe also delete a translation

simplesamlphp/modules/admin/locales/fi/LC_MESSAGES/admin.po

Line 268 in 8212ca7

msgid "The cURL PHP extension is missing. Cannot check for SimpleSAMLphp updates."

I don't think we can. Symfony's http-client is also using curl, so it is still a required extension

@tvdijen tvdijen closed this Dec 21, 2025
@tvdijen tvdijen reopened this Dec 21, 2025
@monkeyiq
Copy link
Contributor

monkeyiq commented Dec 26, 2025

The CI doesn't seem to like AuthnContextComparisonTypeEnum being passed from $rac['Comparison'] to setAttribute.

When I test with that here I can force the $rac to be Constants::COMPARISON_BETTER and the call $e->setAttribute('Comparison', $rac['Comparison']); proceeds fine.

@tvdijen
Copy link
Member Author

tvdijen commented Dec 26, 2025

I've fixed that in the release-branch, but I still have to rebase this one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@monkeyiq monkeyiq monkeyiq requested changes

+1 more reviewer

@ioigoume ioigoume ioigoume left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tvdijen @monkeyiq @ioigoume