Closed dstepe closed 1 year ago
After an exchange with the apereo/phpcas
maintainer and further review, I realize the SAML issue is of my own making. It's related to something that came while testing and can be disregarded.
I do suggest reading the security advisory related to the 1.6.0 release, however. There is more work required to fully prepare this package and users for the change.
After review, I tend to agree. This will take some work to revise.
For testing purposes and goals, this projects needs to maintain these two targets:
In a perfect world, we could just use the latest dependencies and be done, but breaking changes are frequent in open-source projects and updates are highly unpredictable. Therefore, conditional logic can be added in to the code to adjust the dataflow to the correct method for the dependent CAS package version as needed. The unit testing can be implemented to cover these different conditional flows and to test integration with new versions of Laravel and phpCAS. I'm also inclined to look for alternatives to apereo as their code quality is subpar.
I'll close this for now, as food for thought.
My time towards maintaining this package is quite limited. If you are interested in being a collaborator, let me know.
@subfission My institution currently relies heavily on this package and I'm willing to help with maintenance. I've started a draft PR (#117) with some ideas for testing. Please start a conversation on the PR to let me know how you see this fitting in with your goals.
I think your 4.3.0 release will work, it just requires additional configuration which I had missed (repercussions of upstream breaking changes). I'm testing that with our apps now.
After some more digging, I think supporting
apereo/phpcas
1.6.0 is going to require much more work. (I really wish they would follow semver, this is not a minor release.)Here are two examples of what I've found so far.
The
CAS::client()
method takes a new required argument defined as:The value of that argument cannot be empty. The
CasManager
class will need to allow it to be configured, and if not configured, must use a reasonable default.After working through that, I was told:
Since the
CasManager
class defaults tocas_enable_saml = true
, this is likely to require much more review and testing.I've started working on PHPUnit tests on a fork. I have a lot of ideas and am happy to keep working on this if that's something you're interested in. However, given the nature of the
apereo/phpcas
changes, I'd like to settle on a plan for implementing changes. I propose to not supportapereo/phpcas
> 1.5.0 at this time. We first work to get tests in place on what is currently working. Only after we are comfortable with test coverage should we tackle dependency upgrades. Thoughts?