public static function isAuthenticated()
{
require_once SamlAuth::LIB_AUTOLOAD;
$source = null;
$config = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php');
$t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-sp');
foreach ($t->data['sources'] as &$_source) {
$as = new SimpleSAML_Auth_Simple($_source);
if ($as->isAuthenticated()) {
$source = $as;
break;
}
}
if ($source === null) {
return false;
}
return $source;
}
public function postconnectAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$referer = trim($this->session->connectreferer);
if (trim($referer) === "") {
$referer = $_SERVER["HTTP_REFERER"];
$this->session->connectreferer = $referer;
}
if (trim($referer) === "") {
$referer = "https://" . $_SERVER["HTTP_HOST"];
}
//check if user is loggedin
if (isset($this->session->userid) === false || is_numeric($this->session->userid) === false || intval($this->session->userid) <= 0) {
header("Location: " . $referer);
return;
}
//Check if source is given
$source = trim($this->_getParam("source"));
if ($source == "") {
header("Location: https://" . $_SERVER["HTTP_HOST"]);
return;
}
$this->session->connectdaccountsource = $source;
$authsource = str_replace("-sp", "", strtolower(trim($source)));
$connectedsource = str_replace("-sp", "-connect", strtolower(trim($source)));
require_once SamlAuth::LIB_AUTOLOAD;
//Initialize SAML
$config = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php');
$t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-connect');
if (!in_array($connectedsource, $t->data['sources'])) {
header("Location: " . $referer);
return;
}
//SAML Authentication new user account for connection
$as = new SimpleSAML_Auth_Simple($connectedsource);
$attributes = $as->getAttributes();
$uid = $attributes['idp:uid'][0];
if (trim($uid) == "") {
$this->session->userError = array("title" => "New Account Connection", "message" => "Could not connect with new user account. Not enough information returned from account provider.");
$this->_helper->redirector('postconnected');
return;
}
//Check if user is already connected to the requested account
//If true redirect the user to the previous location (referer)
$uaccount = AccountConnect::isConnectedTo($this->session, $uid, $authsource);
if ($uaccount !== false) {
$this->_helper->redirector('postconnected');
return;
} else {
//Check if this account is already connected to another profile
$user = SamlAuth::getUserByAccountValues($uid, $authsource);
if ($user !== null && $user->id != $this->session->userid) {
$this->session->userError = array("title" => "Could not connect to " . str_replace("-", " ", $authsource) . " account", "message" => "The " . str_replace("-", " ", $authsource) . " account you tried to connect your profile to is already connected to another user profile.");
$this->_helper->redirector('postconnected');
return;
}
}
//Build account name for user account
$userFirstName = isset($attributes["idp:givenName"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:givenName"][0] : "";
$userLastName = isset($attributes["idp:sn"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:sn"][0] : "";
$userFullName = trim($userFirstName . " " . $userLastName);
$idptrace = isset($attributes["idp:traceidp"]) === true && count($attributes["idp:traceidp"]) > 0 ? $attributes["idp:traceidp"] : array();
if ($userFullName === "") {
$userFullName = null;
}
//Do the account connection
AccountConnect::connectAccountToProfile($this->session->userid, $uid, $authsource, $userFullName, $idptrace);
//Update connected user accounts
$this->session->currentUserAccounts = SamlAuth::getUserAccountsByUser($this->session->userid, true);
//redirect to post connected action to logout connected account
$this->_helper->redirector('postconnected');
}