Beispiel #1
0
 public static function isAuthenticated()
 {
     require_once SamlAuth::LIB_AUTOLOAD;
     $source = null;
     $config = SimpleSAML_Configuration::getInstance();
     $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php');
     $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-sp');
     foreach ($t->data['sources'] as &$_source) {
         $as = new SimpleSAML_Auth_Simple($_source);
         if ($as->isAuthenticated()) {
             $source = $as;
             break;
         }
     }
     if ($source === null) {
         return false;
     }
     return $source;
 }
Beispiel #2
0
 public function postconnectAction()
 {
     $this->_helper->layout->disableLayout();
     $this->_helper->viewRenderer->setNoRender();
     $referer = trim($this->session->connectreferer);
     if (trim($referer) === "") {
         $referer = $_SERVER["HTTP_REFERER"];
         $this->session->connectreferer = $referer;
     }
     if (trim($referer) === "") {
         $referer = "https://" . $_SERVER["HTTP_HOST"];
     }
     //check if user is loggedin
     if (isset($this->session->userid) === false || is_numeric($this->session->userid) === false || intval($this->session->userid) <= 0) {
         header("Location: " . $referer);
         return;
     }
     //Check if source is given
     $source = trim($this->_getParam("source"));
     if ($source == "") {
         header("Location: https://" . $_SERVER["HTTP_HOST"]);
         return;
     }
     $this->session->connectdaccountsource = $source;
     $authsource = str_replace("-sp", "", strtolower(trim($source)));
     $connectedsource = str_replace("-sp", "-connect", strtolower(trim($source)));
     require_once SamlAuth::LIB_AUTOLOAD;
     //Initialize SAML
     $config = SimpleSAML_Configuration::getInstance();
     $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php');
     $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-connect');
     if (!in_array($connectedsource, $t->data['sources'])) {
         header("Location: " . $referer);
         return;
     }
     //SAML Authentication new user account for connection
     $as = new SimpleSAML_Auth_Simple($connectedsource);
     $attributes = $as->getAttributes();
     $uid = $attributes['idp:uid'][0];
     if (trim($uid) == "") {
         $this->session->userError = array("title" => "New Account Connection", "message" => "Could not connect with new user account. Not enough information returned from account provider.");
         $this->_helper->redirector('postconnected');
         return;
     }
     //Check if user is already connected to the requested account
     //If true redirect the user to the previous location (referer)
     $uaccount = AccountConnect::isConnectedTo($this->session, $uid, $authsource);
     if ($uaccount !== false) {
         $this->_helper->redirector('postconnected');
         return;
     } else {
         //Check if this account is already connected to another profile
         $user = SamlAuth::getUserByAccountValues($uid, $authsource);
         if ($user !== null && $user->id != $this->session->userid) {
             $this->session->userError = array("title" => "Could not connect to " . str_replace("-", " ", $authsource) . " account", "message" => "The " . str_replace("-", " ", $authsource) . " account you tried to connect your profile to is already connected to another user profile.");
             $this->_helper->redirector('postconnected');
             return;
         }
     }
     //Build account name for user account
     $userFirstName = isset($attributes["idp:givenName"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:givenName"][0] : "";
     $userLastName = isset($attributes["idp:sn"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:sn"][0] : "";
     $userFullName = trim($userFirstName . " " . $userLastName);
     $idptrace = isset($attributes["idp:traceidp"]) === true && count($attributes["idp:traceidp"]) > 0 ? $attributes["idp:traceidp"] : array();
     if ($userFullName === "") {
         $userFullName = null;
     }
     //Do the account connection
     AccountConnect::connectAccountToProfile($this->session->userid, $uid, $authsource, $userFullName, $idptrace);
     //Update connected user accounts
     $this->session->currentUserAccounts = SamlAuth::getUserAccountsByUser($this->session->userid, true);
     //redirect to post connected action to logout connected account
     $this->_helper->redirector('postconnected');
 }