Laravel: Undefined offset 0 in symfony/http-foundation when requiring SimpleSAMLphp

Question

I'm attempting to upgrade dependancies on a simple Laravel 5.7 application that authenticates the user via SimpleSAMLphp, then displays some information it gets from an external API.

It looks like something changed between version 4.3.8 and version 4.4.0 of the symfony/http-foundation library included with Laravel, because when I upgrade this dependency I get the following error:

ErrorException (E_NOTICE): Undefined offset: 0 …/vendor/symfony/http-foundation/HeaderBag.php 126

It looks like this is being triggered by requiring the SimpleSAMLphp service provider autoload file, even if I don't call any methods.

Since this is an extremely simple single page application, I'm just using middleware to handle the SimpleSAMLphp integration:

namespace App\Http\Middleware;

use Closure;

class SimpleSAMLphp
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        /**
         * Load SimpleSAMLphp library
         */
        require_once('redacted/path/simplesaml/lib/_autoload.php');
        $ssphp = new \SimpleSAML\Auth\Simple('service-provider-name');
        $ssphp->requireAuth();

        return $next($request);
    }
}

It looks like Symfony HTTP Foundation changed how they are checking for header information in this version (I see extensive changes here: https://github.com/symfony/http-foundation/compare/v4.3.8...v4.4.0), but I don't understand why it is blowing up when SimpleSAMLphp is in the mix.

I'm deep down the rabbit hole on this one - any guidance would be much appreciated!

Answer 1

Duplicate the HeaderBag.php file and override it using composer. Change the get function of the duplicated file to the code below. The only changes here is the isset checker. Then http://shyammakwana.me/php/laravel-override-vendor-classes.html will show you how to override the Headerbag.php file of any vendor using composer. Tested working with SimpleSamlPHP and Laravel. Enjoy!

public function get($key, $default = null)
{
    $headers = $this->all((string) $key);
    if (2 < \func_num_args()) {
        @trigger_error(sprintf('Passing a third argument to "%s()" is deprecated since Symfony 4.4, use method "all()" instead', __METHOD__), E_USER_DEPRECATED);

        if (!func_get_arg(2)) {
            return $headers;
        }
    }

    if (!$headers || !isset($headers[0])) {
        return $default;
    }

    if (null === $headers[0]) {
        return null;
    }

    return (string) $headers[0];
}

Answer 2

I'm getting the same issue with Laravel 5.8 and a SimpleSAMLPhp installation.

Only had a quick poke around for now, but it seems that the HeaderBag.php is called at least twice during a request. There is one particular call (where the error occurs) where it is trying to resolve a key of "Content-Type", which exists in $header as "content-type" (lowercase) but cannot be resolved due to the case difference. It has a set of other attributes such as "Cache-Control" as well in the $header. If it manages to "get" the "content-type" attribute, then header correctly has a [0] offset property attainable.

I'm just trying a clean 5.8 install without my saml auth libraries to see if its doing the same thing. But I think you're right that its something to do with the authentication/redirect back from SAML which is causing the issue.

Will report back if I find anything useful.