Merge pull request #20 from tkiehne/4.x

Initial 4.x version with UW Groups V3 API support

README.md

@@ -108,6 +108,9 @@ For Drupal core versions 8.0.x < 8.8.3 use version v2.2.0 (8.x-2.2).
 
 For Drupal core versions >= 8.8.3, including Drupal 9, use v.3.0.0 or later.
 
+### API Version
+
+Version 4.x uses the UW Groups API version 3; previous releases use the version 1 API that was deprecated in 2019.
 
 
 ## Federation

src/EventSubscriber/UwAuthSubscriber.php

@@ -210,32 +210,30 @@ private function fetchGwsGroups(AccountInterface $account): array {
     $username = $account->getAccountName();
 
     // UW GWS URL.
-    $uwgws_url = 'https://iam-ws.u.washington.edu/group_sws/v1/search?member=' . $username . '&type=effective&scope=all';
+    $uwgws_url = 'https://groups.uw.edu/group_sws/v3/search?member=' . $username . '&type=effective&scope=all';
 
     // Query UW GWS for group membership.
-    $uwgws = curl_init();
-    curl_setopt_array($uwgws, [
+    $uwgws = \curl_init();
+    \curl_setopt_array($uwgws, [
       CURLOPT_RETURNTRANSFER => TRUE,
       CURLOPT_FOLLOWLOCATION => TRUE,
       CURLOPT_SSLCERT        => $this->settings->get('gws.cert'),
       CURLOPT_SSLKEY         => $this->settings->get('gws.key'),
-      CURLOPT_CAINFO         => $this->settings->get('gws.cacert'),
       CURLOPT_URL            => $uwgws_url,
     ]);
-    $uwgws_response = curl_exec($uwgws);
-    curl_close($uwgws);
+    $uwgws_response = \curl_exec($uwgws);
+    \curl_close($uwgws);
 
     // Extract groups from response.
-    $uwgws_feed = simplexml_load_string(str_replace('xmlns=', 'ns=', $uwgws_response));
-    $uwgws_entries = $uwgws_feed->xpath("//a[@class='name']");
+    $uwgws_feed = \json_decode($uwgws_response, TRUE);
     $uwgws_groups = [];
-    foreach ($uwgws_entries as $uwgws_entry) {
-      $uwgws_groups[] = (string) $uwgws_entry[0];
+    if (isset($uwgws_feed['data'])) {
+      $uwgws_groups = \array_column($uwgws_feed['data'], 'id');
     }
 
-    $this->logger->log($this->severity['ad_sync'], 'Fetched groups from GWS for {name}: got {groups}.', [
+    $this->logger->log($this->severity['ad_sync'], 'Fetched groups from GWS V3 API for {name}: got {groups}.', [
       'name' => $account->getDisplayName(),
-      'groups' => implode(', ', $uwgws_groups),
+      'groups' => \implode(', ', $uwgws_groups),
     ]);
 
     return $uwgws_groups;

uwauth.info.yml

@@ -2,5 +2,5 @@ name: 'UW Auth'
 description: 'Provides authentication and role assignment with Shibboleth, and UW Groups or Active Directory'
 package: Web services
 type: module
-version: '3.0.5'
+version: '4.0.0'
 core_version_requirement: ^10.2 || ^11

uwauth.module

@@ -19,7 +19,7 @@ function uwauth_help($route_name, RouteMatchInterface $route_match) {
       $output .= '<p>' . t('From here you can specify what your group membership source is. By default, this will be set to None, which effectively disables the module. To minimize issues, select your group membership source after you have created your roles, mapped them, and configured the group source.') . '</p>';
       $output .= '<p>' . t('At any time if you wish to disable the module, you can do so by setting the source to None. This change will disable it, without erasing the module configuration.') . '</p>';
       $output .= '<h3>' . t('Groups Web Service') . '</h3>';
-      $output .= '<p>' . t('GWS offers a centralized system for managing user groups at UW. In order to utilize it, you will need a certificate issued by UW CA to authenticate your application with the web service. This certificate is different from the InCommon certificate issued for web servers.') . '</p>';
+      $output .= '<p>' . t('GWS offers a centralized system for managing user groups at UW. In order to utilize it, you will need a certificate issued by UW CA to authenticate your application with the web service.') . '</p>';
       $output .= '<h3>' . t('Active Directory') . '</h3>';
       $output .= '<p>' . t('With AD, you can utilize either NETID or a departmental AD infrastructure. Both authenticated, and anonymous binds are supported. It is recommended that you use LDAPS whenever possible, and it is required when using NETID. You may need to configure OpenLDAP to load the required CA certificates, if using LDAPS.') . '</p>';
       $output .= '<h3>' . t('Group to Role Mapping') . '</h3>';