/**
* Construct
*
* @param array $authSourceconfig Configuration array for the selected authsource
* @param array $writeConfig Configuration array for the selected catalogue backend
* @param array $attributes The user attributes to be saved
*/
public function __construct($authSourceConfig, $writeConfig, $attributes, $hashAlgo)
{
$asc = SimpleSAML_Configuration::loadFromArray($authSourceConfig);
try {
$this->dbh = new PDO($asc->getString('dsn'), $asc->getString('username'), $asc->getString('password'));
} catch (PDOException $e) {
throw new Exception($e->getMessage());
}
$driver = explode(':', $asc->getString('dsn'), 2);
$driver = strtolower($driver[0]);
/* Driver specific initialization. */
switch ($driver) {
case 'mysql':
/* Use UTF-8. */
$this->dbh->exec("SET NAMES utf8");
$this->dbh->exec("SET CHARACTER SET utf8;");
break;
case 'pgsql':
/* Use UTF-8. */
$this->dbh->exec("SET NAMES 'UTF8'");
break;
}
$this->dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
$this->attributes = $attributes;
$this->hashAlgo = $hashAlgo;
$this->salt = bin2hex(SimpleSAML_Utilities::generateRandomBytes(64, FALSE));
$wc = SimpleSAML_Configuration::loadFromArray($writeConfig);
$this->userIdAttr = $wc->getString('user.id.param');
}
public function __construct(Exception $original)
{
$msg = get_class($original) . ': ' . $original->getMessage();
$code = $original->getCode();
parent::__construct($msg, $code);
$this->setBacktrace(SimpleSAML_Utilities::buildBacktrace($original));
}
/**
* Apply filter to validate attributes.
*
* @param array &$request The current request
*/
public function process(&$request)
{
$authorize = FALSE;
assert('is_array($request)');
assert('array_key_exists("Attributes", $request)');
$attributes =& $request['Attributes'];
foreach ($this->valid_attribute_values as $name => $patterns) {
if (array_key_exists($name, $attributes)) {
foreach ($patterns as $pattern) {
$values = $attributes[$name];
if (!is_array($values)) {
$values = array($values);
}
foreach ($values as $value) {
if (preg_match($pattern, $value)) {
$authorize = TRUE;
break 3;
}
}
}
}
}
if (!$authorize) {
/* Save state and redirect to 403 page. */
$id = SimpleSAML_Auth_State::saveState($request, 'authorize:Authorize');
$url = SimpleSAML_Module::getModuleURL('authorize/authorize_403.php');
SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
}
}
function prepare()
{
if (!empty($_REQUEST['useridFrom']) && !empty($_REQUEST['useridTo'])) {
$this->fdb->migrateAccount($_REQUEST['useridFrom'], $_REQUEST['useridTo']);
SimpleSAML_Utilities::redirect('/accountmappingprepare');
}
}
protected function _mailTechnicalContact($tag, sspmod_janus_Cron_Logger $logger)
{
$errorHtml = $this->_getHtmlForMessages($logger->getNamespacedErrors(), 'errors');
$warningHtml = $this->_getHtmlForMessages($logger->getNamespacedWarnings(), 'warnings');
$noticeHtml = $this->_getHtmlForMessages($logger->getNamespacedNotices(), 'notices');
$config = SimpleSAML_Configuration::getInstance();
$time = date(DATE_RFC822);
$url = SimpleSAML_Utilities::selfURL();
$message = <<<MESSAGE
<h1>Cron report</h1>
<p>Cron ran at {$time}</p>
<p>URL: <tt>{$url}</tt></p>
<p>Tag: {$tag}</p>
<h2>Errors</h2>
{$errorHtml}
<h2>Warnings</h2>
{$warningHtml}
<h2>Notices</h2>
{$noticeHtml}
MESSAGE;
$toAddress = $config->getString('technicalcontact_email', '*****@*****.**');
if ($toAddress == '*****@*****.**') {
SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.');
} else {
$email = new SimpleSAML_XHTML_EMail($toAddress, 'JANUS cron report', '*****@*****.**');
$email->setBody($message);
$email->send();
}
}
protected function saveChanges()
{
$this->foodle->updateFromPostFixDate($this->user);
# echo '<pre>'; print_r($_REQUEST); print_r($this->foodle); exit;
$this->foodle->acl($this->user, 'write');
$this->foodle->save();
// if (isset($this->user->email)) {
// $this->sendMail();
// }
if (!empty($_REQUEST['send_fixdate_mail'])) {
$responses = $this->foodle->getResponses();
foreach ($responses as $response) {
$user = null;
if (!empty($response->user)) {
$user = $response->user;
}
if (empty($user)) {
$user = new Data_User($this->fdb);
$user->userid = $response->userid;
$user->email = $response->email;
$user->username = $response->username;
}
$this->sendFixDateMail($user, $this->foodle);
}
}
$newurl = FoodleUtils::getUrl() . 'foodle/' . $this->foodle->identifier . '#distribute';
SimpleSAML_Utilities::redirect($newurl);
exit;
}
public function finalStep(&$state)
{
SimpleSAML_Logger::debug("oauth wrap: Using this verification code [" . $state['authwindowslive:wrap_verification_code'] . "]");
// Retrieve Access Token
// Documentation at: http://msdn.microsoft.com/en-us/library/ff749686.aspx
$postData = 'wrap_client_id=' . urlencode($this->key) . '&wrap_client_secret=' . urlencode($this->secret) . '&wrap_callback=' . urlencode(SimpleSAML_Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&wrap_verification_code=' . urlencode($state['authwindowslive:wrap_verification_code']);
$context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postData));
$result = SimpleSAML_Utilities::fetch('https://consent.live.com/AccessToken.aspx', $context);
parse_str($result, $response);
// error checking of $response to make sure we can proceed
if (!array_key_exists('wrap_access_token', $response)) {
throw new Exception('[' . $response['error_code'] . '] ' . $response['wrap_error_reason'] . "\r\nNo wrap_access_token returned - cannot proceed\r\n" . $response['internal_info']);
}
SimpleSAML_Logger::debug("Got an access token from the OAuth WRAP service provider [" . $response['wrap_access_token'] . "] for user [" . $response['uid'] . "]");
// Documentation at: http://msdn.microsoft.com/en-us/library/ff751708.aspx
$opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: WRAP access_token=" . $response['wrap_access_token'] . "\r\n"));
$data = SimpleSAML_Utilities::fetch('https://apis.live.net/V4.1/cid-' . $response['uid'] . '/Profiles', $opts);
$userdata = json_decode($data, TRUE);
$attributes = array();
$attributes['windowslive_uid'] = array($response['uid']);
$attributes['windowslive_targetedID'] = array('http://windowslive.com!' . $response['uid']);
$attributes['windowslive_user'] = array($response['uid'] . '@windowslive.com');
if (array_key_exists('Entries', $userdata)) {
foreach ($userdata['Entries'][0] as $key => $value) {
if (is_string($value)) {
$attributes['windowslive.' . $key] = array((string) $value);
}
}
if (array_key_exists('Emails', $userdata['Entries'][0])) {
$attributes['windowslive_mail'] = array($userdata['Entries'][0]['Emails'][0]['Address']);
}
}
SimpleSAML_Logger::debug('LiveID Returned Attributes: ' . implode(", ", array_keys($attributes)));
$state['Attributes'] = $attributes;
}
/**
* Start the logout operation.
*
* @param array &$state The logout state.
* @param string|NULL $assocId The SP we are logging out from.
*/
public function startLogout(array &$state, $assocId)
{
assert('is_string($assocId) || is_null($assocId)');
$associations = $this->idp->getAssociations();
if (count($associations) === 0) {
$this->idp->finishLogout($state);
}
foreach ($associations as $id => &$association) {
$idp = SimpleSAML_IdP::getByState($association);
$association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
$association['core:Logout-IFrame:State'] = 'onhold';
}
$state['core:Logout-IFrame:Associations'] = $associations;
if (!is_null($assocId)) {
$spName = $this->idp->getSPName($assocId);
if ($spName === NULL) {
$spName = array('en' => $assocId);
}
$state['core:Logout-IFrame:From'] = $spName;
} else {
$state['core:Logout-IFrame:From'] = NULL;
}
$id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame');
$url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id));
SimpleSAML_Utilities::redirect($url);
}
/**
* Process a authentication response.
*
* This function checks how long it is since the last time the user was authenticated.
* If it is to short a while since, we will show a warning to the user.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (!array_key_exists('PreviousSSOTimestamp', $state)) {
/*
* No timestamp from the previous SSO to this SP. This is the first
* time during this session.
*/
return;
}
$timeDelta = time() - $state['PreviousSSOTimestamp'];
if ($timeDelta >= 10) {
/* At least 10 seconds since last attempt. */
return;
}
if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) {
$entityId = $state['Destination']['entityid'];
} else {
$entityId = 'UNKNOWN';
}
SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE));
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
$url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* When the process logic determines that the user is not
* authorized for this service, then forward the user to
* an 403 unauthorized page.
*
* Separated this code into its own method so that child
* classes can override it and change the action. Forward
* thinking in case a "chained" ACL is needed, more complex
* permission logic.
*
* @param array $request
*/
protected function unauthorized(&$request)
{
SimpleSAML_Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, TRUE));
$id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
$url = SimpleSAML_Module::getModuleURL('saml/sp/wrong_authncontextclassref.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
}
protected function __construct()
{
/* Call the parent constructor in case it should become
* necessary in the future.
*/
parent::__construct();
/* Initialize the php session handling.
*
* If session_id() returns a blank string, then we need
* to call session start. Otherwise the session is already
* started, and we should avoid calling session_start().
*/
if (session_id() === '') {
$config = SimpleSAML_Configuration::getInstance();
$cookiepath = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/';
session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS());
$cookiename = $config->getString('session.phpsession.cookiename', NULL);
if (!empty($cookiename)) {
session_name($cookiename);
}
$savepath = $config->getString('session.phpsession.savepath', NULL);
if (!empty($savepath)) {
session_save_path($savepath);
}
if (!array_key_exists(session_name(), $_COOKIE)) {
/* Session cookie unset - session id not set. Generate new (secure) session id. */
session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16)));
}
session_start();
}
}
/**
* Initialize an EntitiesDescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct($xml);
if ($xml === NULL) {
return;
}
if ($xml->hasAttribute('ID')) {
$this->ID = $xml->getAttribute('ID');
}
if ($xml->hasAttribute('validUntil')) {
$this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
}
if ($xml->hasAttribute('cacheDuration')) {
$this->cacheDuration = $xml->getAttribute('cacheDuration');
}
if ($xml->hasAttribute('Name')) {
$this->Name = $xml->getAttribute('Name');
}
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:EntityDescriptor|./saml_metadata:EntitiesDescriptor') as $node) {
if ($node->localName === 'EntityDescriptor') {
$this->children[] = new SAML2_XML_md_EntityDescriptor($node);
} else {
$this->children[] = new SAML2_XML_md_EntitiesDescriptor($node);
}
}
}
/**
* Get the NameID value.
*
* @return string|NULL The NameID value.
*/
protected function getValue(array &$state)
{
if (!isset($state['Destination']['entityid'])) {
SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.');
return NULL;
}
$spEntityId = $state['Destination']['entityid'];
if (!isset($state['Source']['entityid'])) {
SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.');
return NULL;
}
$idpEntityId = $state['Source']['entityid'];
if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
return NULL;
}
if (count($state['Attributes'][$this->attribute]) > 1) {
SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
return NULL;
}
$uid = array_values($state['Attributes'][$this->attribute]);
/* Just in case the first index is no longer 0. */
$uid = $uid[0];
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
$uidData .= strlen($spEntityId) . ':' . $spEntityId;
$uidData .= strlen($uid) . ':' . $uid;
$uidData .= $secretSalt;
return sha1($uidData);
}
function handleResponse()
{
try {
$binding = SAML2_Binding::getCurrentBinding();
$response = $binding->receive();
} catch (Exception $e) {
return;
}
SimpleSAML_Logger::debug('attributequery - received message.');
if (!$response instanceof SAML2_Response) {
throw new SimpleSAML_Error_Exception('Unexpected message received to attribute query example.');
}
$idpEntityId = $response->getIssuer();
if ($idpEntityId === NULL) {
throw new SimpleSAML_Error_Exception('Missing issuer in response.');
}
$idpMetadata = $GLOBALS['metadata']->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
$spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted');
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
if (count($assertion) > 1) {
throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
}
$assertion = $assertion[0];
$dataId = $response->getRelayState();
if ($dataId === NULL) {
throw new SimpleSAML_Error_Exception('RelayState was lost during request.');
}
$data = $GLOBALS['session']->getData('attributequeryexample:data', $dataId);
$data['attributes'] = $assertion->getAttributes();
$GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600);
SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('dataId' => $dataId));
}
/**
* Constructor for this authentication source.
*
* @param array $info Information about this authentication source.
* @param array $config Configuration.
*/
public function __construct($info, $config)
{
assert('is_array($info)');
assert('is_array($config)');
/* Call the parent constructor first, as required by the interface. */
parent::__construct($info, $config);
$this->users = array();
/* Validate and parse our configuration. */
foreach ($config as $userpass => $attributes) {
if (!is_string($userpass)) {
throw new Exception('Invalid <username>:<passwordhash> for authentication source ' . $this->authId . ': ' . $userpass);
}
$userpass = explode(':', $userpass, 2);
if (count($userpass) !== 2) {
throw new Exception('Invalid <username>:<passwordhash> for authentication source ' . $this->authId . ': ' . $userpass[0]);
}
$username = $userpass[0];
$passwordhash = $userpass[1];
try {
$attributes = SimpleSAML_Utilities::parseAttributes($attributes);
} catch (Exception $e) {
throw new Exception('Invalid attributes for user ' . $username . ' in authentication source ' . $this->authId . ': ' . $e->getMessage());
}
$this->users[$username . ':' . $passwordhash] = $attributes;
}
}
/**
* Initialize a AffiliationDescriptor.
*
* @param DOMElement|NULL $xml The XML element we should load.
*/
public function __construct(DOMElement $xml = NULL)
{
parent::__construct($xml);
if ($xml === NULL) {
return;
}
if (!$xml->hasAttribute('affiliationOwnerID')) {
throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.');
}
$this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID');
if ($xml->hasAttribute('ID')) {
$this->ID = $xml->getAttribute('ID');
}
if ($xml->hasAttribute('validUntil')) {
$this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
}
if ($xml->hasAttribute('cacheDuration')) {
$this->cacheDuration = $xml->getAttribute('cacheDuration');
}
$this->Extensions = SAML2_XML_md_Extensions::getList($xml);
$this->AffiliateMember = SAML2_Utils::extractStrings($xml, './saml_metadata:AffiliateMember');
if (empty($this->AffiliateMember)) {
throw new Exception('Missing AffiliateMember in AffiliationDescriptor.');
}
foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) {
$this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd);
}
}
public function getBaseURL()
{
if (preg_match('/^\\*(.*)$/', $this->getValue('baseurlpath', ''), $matches)) {
return SimpleSAML_Utilities::getFirstPathElement(false) . $matches[1];
}
return $this->getValue('baseurlpath', '');
}
function listMetadata($t, $metadata, $extended = FALSE)
{
$now = time();
echo '<ul>';
foreach ($metadata as $entry) {
$flag = NULL;
if (array_key_exists('tags', $entry)) {
if (in_array('norway', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/no.png');
}
if (in_array('denmark', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/dk.png');
}
if (in_array('finland', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fi.png');
}
if (in_array('sweden', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/se.png');
}
if (in_array('switzerland', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/ch.png');
}
if (in_array('france', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fr.png');
}
if (in_array('poland', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/pl.png');
}
if (in_array('germany', $entry['tags'])) {
$flag = SimpleSAML_Module::getModuleURL('metalisting/flags/de.png');
}
}
echo '<li>';
if (isset($flag)) {
echo ' <img style="display: inline; margin-right: 5px" src="' . $flag . '" alt="Flag" />';
}
if (array_key_exists('name', $entry)) {
echo $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['name'], 'en'));
} else {
echo $entry['entityid'];
}
// echo('<pre>'); print_r($entry); echo('</pre>');
if ($extended) {
if (array_key_exists('expire', $entry)) {
if ($entry['expire'] < $now) {
echo '<span style="color: #500; font-weight: bold"> (expired ' . number_format(($now - $entry['expire']) / 3600, 1) . ' hours ago)</span>';
} else {
echo '<span style="color: #ccc; "> (expires in ' . number_format(($entry['expire'] - $now) / 3600, 1) . ' hours)</span>';
}
}
}
if (array_key_exists('url', $entry)) {
echo ' [ <a href="' . $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['url'], 'en')) . '">more</a> ]';
}
echo '</li>';
}
echo '</ul>';
echo '</fieldset>';
}
function complete()
{
$return = FoodleUtils::getURL();
if (!empty($_REQUEST['return'])) {
$return = $_REQUEST['return'];
}
SimpleSAML_Utilities::redirect($return);
}
/**
* private constructor restricts instantiaton to getInstance()
*/
private function __construct()
{
$configuration = SimpleSAML_Configuration::getInstance();
$this->sessionduration = $configuration->getValue('session.duration');
$this->trackid = SimpleSAML_Utilities::generateTrackID();
$this->dirty = TRUE;
$this->addShutdownFunction();
}
/**
* Log-in using Google OAuth2Login (OpenID Connect) platform
* Documentation at : https://developers.google.com/accounts/docs/OAuth2Login
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
$state[self::AUTHID] = $this->authId;
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$this->client->getAuth()->setState($stateID);
$authUrl = $this->client->createAuthUrl();
SimpleSAML_Utilities::redirectTrustedURL($authUrl);
}
function new_access_token($requestToken, $consumer)
{
SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
$token = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID());
// SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ',' . $token . ')');
$this->store->set('access', $token->key, $consumer->key, $token, $this->config->getValue('accessTokenDuration', 60 * 60 * 24));
return $token;
}
/**
* Ajax compatible redirect method
*
* @param string $url
* @param array $params
* @param bool $isAjax
*/
function redirectTrustedUrl($url, array $params = array(), $isAjax = false)
{
if ($isAjax) {
$redirectUrl = str_replace(TAB_AJAX_CONTENT_PREFIX, '', $url) . '?' . http_build_query($params);
die('<script type="text/javascript">window.location =\'' . $redirectUrl . '\';</script>');
} else {
SimpleSAML_Utilities::redirectTrustedUrl($url, $params);
}
}
/**
* @param $secretSalt Must be random and unique per installation
* @param $lifeTime Token lifetime in seconds
* @param $skew Allowed time skew between server that generates and the one that calculates the token
*/
public function __construct($lifetime = 900, $secretSalt = NULL, $skew = 1)
{
if ($secretSalt === NULL) {
$secretSalt = SimpleSAML_Utilities::getSecretSalt();
}
$this->secretSalt = $secretSalt;
$this->lifetime = $lifetime;
$this->skew = $skew;
}
public function authenticate(&$state)
{
assert('is_array($state)');
// We are going to need the authId in order to retrieve this authentication source later.
$state[self::AUTHID] = $this->authId;
$id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
$url = SimpleSAML_Module::getModuleURL('authtfaga/login.php');
SimpleSAML_Utilities::redirect($url, array('AuthState' => $id));
}
public function getUserInfo($url, $accessToken)
{
$data_req = OAuthRequest::from_consumer_and_token($this->consumer, $accessToken, "GET", $url, NULL);
$data_req->sign_request($this->signer, $this->consumer, $accessToken);
$data = SimpleSAML_Utilities::fetch($data_req->to_url());
#print_r($data);
$dataDecoded = json_decode($data, TRUE);
return $dataDecoded;
}
/**
* Check that the user has access to the statistics.
*
* If the user doesn't have access, send the user to the login page.
*/
public static function checkAccess(SimpleSAML_Configuration $statconfig)
{
$protected = $statconfig->getBoolean('protected', FALSE);
$authsource = $statconfig->getString('auth', NULL);
$allowedusers = $statconfig->getValue('allowedUsers', NULL);
$useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
$acl = $statconfig->getValue('acl', NULL);
if ($acl !== NULL && !is_string($acl) && !is_array($acl)) {
throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
}
if (!$protected) {
return;
}
if (SimpleSAML_Utilities::isAdmin()) {
// User logged in as admin. OK.
SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
return;
}
if (!isset($authsource)) {
// If authsource is not defined, init admin login.
SimpleSAML_Utilities::requireAdmin();
}
/* We are using an authsource for login. */
$as = new SimpleSAML_Auth_Simple($authsource);
$as->requireAuth();
// User logged in with auth source.
SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
// Retrieving attributes
$attributes = $as->getAttributes();
if (!empty($allowedusers)) {
// Check if userid exists
if (!isset($attributes[$useridattr][0])) {
throw new Exception('User ID is missing');
}
// Check if userid is allowed access..
if (in_array($attributes[$useridattr][0], $allowedusers)) {
SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
return;
}
SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
} else {
SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
}
if (!is_null($acl)) {
$acl = new sspmod_core_ACL($acl);
if ($acl->allows($attributes)) {
SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
return;
}
SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
} else {
SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
}
throw new SimpleSAML_Error_Exception('Access denied to the current user.');
}
/**
* Initialize processing of the redirect test.
*
* @param array &$state The state we should update.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Attributes", $state)');
/* To check whether the state is saved correctly. */
$state['Attributes']['RedirectTest1'] = array('OK');
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test');
$url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* Create a new NotFound error
*
* @param string $reason Optional description of why the given page could not be found.
*/
public function __construct($reason = NULL)
{
assert('is_null($reason) || is_string($reason)');
$url = SimpleSAML_Utilities::selfURL();
if ($reason === NULL) {
parent::__construct(array('NOTFOUND', '%URL%' => $url));
} else {
parent::__construct(array('NOTFOUNDREASON', '%URL%' => $url, '%REASON%' => $reason));
}
$this->reason = $reason;
}
/**
* Process a authentication response.
*
* This function saves the state, and redirects the user to the page where the user
* can authorize the release of the attributes.
*
* @param array $state The state of the response.
*/
public function process(&$state)
{
assert('is_array($state)');
if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
/* We have a passive request. Skip the warning. */
return;
}
/* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'warning:request');
$url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php');
SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
}
