Author: Andreas Åkre Solberg, UNINETT AS. (andreas.solberg@uninett.no)
 /**
  * Construct
  *
  * @param array $authSourceconfig Configuration array for the selected authsource
  * @param array $writeConfig Configuration array for the selected catalogue backend
  * @param array $attributes The user attributes to be saved
  */
 public function __construct($authSourceConfig, $writeConfig, $attributes, $hashAlgo)
 {
     $asc = SimpleSAML_Configuration::loadFromArray($authSourceConfig);
     try {
         $this->dbh = new PDO($asc->getString('dsn'), $asc->getString('username'), $asc->getString('password'));
     } catch (PDOException $e) {
         throw new Exception($e->getMessage());
     }
     $driver = explode(':', $asc->getString('dsn'), 2);
     $driver = strtolower($driver[0]);
     /* Driver specific initialization. */
     switch ($driver) {
         case 'mysql':
             /* Use UTF-8. */
             $this->dbh->exec("SET NAMES utf8");
             $this->dbh->exec("SET CHARACTER SET utf8;");
             break;
         case 'pgsql':
             /* Use UTF-8. */
             $this->dbh->exec("SET NAMES 'UTF8'");
             break;
     }
     $this->dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);
     $this->attributes = $attributes;
     $this->hashAlgo = $hashAlgo;
     $this->salt = bin2hex(SimpleSAML_Utilities::generateRandomBytes(64, FALSE));
     $wc = SimpleSAML_Configuration::loadFromArray($writeConfig);
     $this->userIdAttr = $wc->getString('user.id.param');
 }
 public function __construct(Exception $original)
 {
     $msg = get_class($original) . ': ' . $original->getMessage();
     $code = $original->getCode();
     parent::__construct($msg, $code);
     $this->setBacktrace(SimpleSAML_Utilities::buildBacktrace($original));
 }
Example #3
0
 /**
  * Apply filter to validate attributes.
  *
  * @param array &$request  The current request
  */
 public function process(&$request)
 {
     $authorize = FALSE;
     assert('is_array($request)');
     assert('array_key_exists("Attributes", $request)');
     $attributes =& $request['Attributes'];
     foreach ($this->valid_attribute_values as $name => $patterns) {
         if (array_key_exists($name, $attributes)) {
             foreach ($patterns as $pattern) {
                 $values = $attributes[$name];
                 if (!is_array($values)) {
                     $values = array($values);
                 }
                 foreach ($values as $value) {
                     if (preg_match($pattern, $value)) {
                         $authorize = TRUE;
                         break 3;
                     }
                 }
             }
         }
     }
     if (!$authorize) {
         /* Save state and redirect to 403 page. */
         $id = SimpleSAML_Auth_State::saveState($request, 'authorize:Authorize');
         $url = SimpleSAML_Module::getModuleURL('authorize/authorize_403.php');
         SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
     }
 }
 function prepare()
 {
     if (!empty($_REQUEST['useridFrom']) && !empty($_REQUEST['useridTo'])) {
         $this->fdb->migrateAccount($_REQUEST['useridFrom'], $_REQUEST['useridTo']);
         SimpleSAML_Utilities::redirect('/accountmappingprepare');
     }
 }
    protected function _mailTechnicalContact($tag, sspmod_janus_Cron_Logger $logger)
    {
        $errorHtml = $this->_getHtmlForMessages($logger->getNamespacedErrors(), 'errors');
        $warningHtml = $this->_getHtmlForMessages($logger->getNamespacedWarnings(), 'warnings');
        $noticeHtml = $this->_getHtmlForMessages($logger->getNamespacedNotices(), 'notices');
        $config = SimpleSAML_Configuration::getInstance();
        $time = date(DATE_RFC822);
        $url = SimpleSAML_Utilities::selfURL();
        $message = <<<MESSAGE
<h1>Cron report</h1>
<p>Cron ran at {$time}</p>
<p>URL: <tt>{$url}</tt></p>
<p>Tag: {$tag}</p>
<h2>Errors</h2>
{$errorHtml}
<h2>Warnings</h2>
{$warningHtml}
<h2>Notices</h2>
{$noticeHtml}
MESSAGE;
        $toAddress = $config->getString('technicalcontact_email', '*****@*****.**');
        if ($toAddress == '*****@*****.**') {
            SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.');
        } else {
            $email = new SimpleSAML_XHTML_EMail($toAddress, 'JANUS cron report', '*****@*****.**');
            $email->setBody($message);
            $email->send();
        }
    }
Example #6
0
 protected function saveChanges()
 {
     $this->foodle->updateFromPostFixDate($this->user);
     #		echo '<pre>'; print_r($_REQUEST); print_r($this->foodle); exit;
     $this->foodle->acl($this->user, 'write');
     $this->foodle->save();
     // 		if (isset($this->user->email)) {
     // 			$this->sendMail();
     // 		}
     if (!empty($_REQUEST['send_fixdate_mail'])) {
         $responses = $this->foodle->getResponses();
         foreach ($responses as $response) {
             $user = null;
             if (!empty($response->user)) {
                 $user = $response->user;
             }
             if (empty($user)) {
                 $user = new Data_User($this->fdb);
                 $user->userid = $response->userid;
                 $user->email = $response->email;
                 $user->username = $response->username;
             }
             $this->sendFixDateMail($user, $this->foodle);
         }
     }
     $newurl = FoodleUtils::getUrl() . 'foodle/' . $this->foodle->identifier . '#distribute';
     SimpleSAML_Utilities::redirect($newurl);
     exit;
 }
Example #7
0
 public function finalStep(&$state)
 {
     SimpleSAML_Logger::debug("oauth wrap:  Using this verification code [" . $state['authwindowslive:wrap_verification_code'] . "]");
     // Retrieve Access Token
     // Documentation at: http://msdn.microsoft.com/en-us/library/ff749686.aspx
     $postData = 'wrap_client_id=' . urlencode($this->key) . '&wrap_client_secret=' . urlencode($this->secret) . '&wrap_callback=' . urlencode(SimpleSAML_Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&wrap_verification_code=' . urlencode($state['authwindowslive:wrap_verification_code']);
     $context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postData));
     $result = SimpleSAML_Utilities::fetch('https://consent.live.com/AccessToken.aspx', $context);
     parse_str($result, $response);
     // error checking of $response to make sure we can proceed
     if (!array_key_exists('wrap_access_token', $response)) {
         throw new Exception('[' . $response['error_code'] . '] ' . $response['wrap_error_reason'] . "\r\nNo wrap_access_token returned - cannot proceed\r\n" . $response['internal_info']);
     }
     SimpleSAML_Logger::debug("Got an access token from the OAuth WRAP service provider [" . $response['wrap_access_token'] . "] for user [" . $response['uid'] . "]");
     // Documentation at: http://msdn.microsoft.com/en-us/library/ff751708.aspx
     $opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: WRAP access_token=" . $response['wrap_access_token'] . "\r\n"));
     $data = SimpleSAML_Utilities::fetch('https://apis.live.net/V4.1/cid-' . $response['uid'] . '/Profiles', $opts);
     $userdata = json_decode($data, TRUE);
     $attributes = array();
     $attributes['windowslive_uid'] = array($response['uid']);
     $attributes['windowslive_targetedID'] = array('http://windowslive.com!' . $response['uid']);
     $attributes['windowslive_user'] = array($response['uid'] . '@windowslive.com');
     if (array_key_exists('Entries', $userdata)) {
         foreach ($userdata['Entries'][0] as $key => $value) {
             if (is_string($value)) {
                 $attributes['windowslive.' . $key] = array((string) $value);
             }
         }
         if (array_key_exists('Emails', $userdata['Entries'][0])) {
             $attributes['windowslive_mail'] = array($userdata['Entries'][0]['Emails'][0]['Address']);
         }
     }
     SimpleSAML_Logger::debug('LiveID Returned Attributes: ' . implode(", ", array_keys($attributes)));
     $state['Attributes'] = $attributes;
 }
Example #8
0
 /**
  * Start the logout operation.
  *
  * @param array &$state  The logout state.
  * @param string|NULL $assocId  The SP we are logging out from.
  */
 public function startLogout(array &$state, $assocId)
 {
     assert('is_string($assocId) || is_null($assocId)');
     $associations = $this->idp->getAssociations();
     if (count($associations) === 0) {
         $this->idp->finishLogout($state);
     }
     foreach ($associations as $id => &$association) {
         $idp = SimpleSAML_IdP::getByState($association);
         $association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
         $association['core:Logout-IFrame:State'] = 'onhold';
     }
     $state['core:Logout-IFrame:Associations'] = $associations;
     if (!is_null($assocId)) {
         $spName = $this->idp->getSPName($assocId);
         if ($spName === NULL) {
             $spName = array('en' => $assocId);
         }
         $state['core:Logout-IFrame:From'] = $spName;
     } else {
         $state['core:Logout-IFrame:From'] = NULL;
     }
     $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame');
     $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id));
     SimpleSAML_Utilities::redirect($url);
 }
 /**
  * Process a authentication response.
  *
  * This function checks how long it is since the last time the user was authenticated.
  * If it is to short a while since, we will show a warning to the user.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (!array_key_exists('PreviousSSOTimestamp', $state)) {
         /*
          * No timestamp from the previous SSO to this SP. This is the first
          * time during this session.
          */
         return;
     }
     $timeDelta = time() - $state['PreviousSSOTimestamp'];
     if ($timeDelta >= 10) {
         /* At least 10 seconds since last attempt. */
         return;
     }
     if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) {
         $entityId = $state['Destination']['entityid'];
     } else {
         $entityId = 'UNKNOWN';
     }
     SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE));
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
     $url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }
 /**
  * When the process logic determines that the user is not
  * authorized for this service, then forward the user to
  * an 403 unauthorized page.
  *
  * Separated this code into its own method so that child
  * classes can override it and change the action. Forward
  * thinking in case a "chained" ACL is needed, more complex
  * permission logic.
  *
  * @param array $request
  */
 protected function unauthorized(&$request)
 {
     SimpleSAML_Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, TRUE));
     $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized');
     $url = SimpleSAML_Module::getModuleURL('saml/sp/wrong_authncontextclassref.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }
Example #11
0
 protected function __construct()
 {
     /* Call the parent constructor in case it should become
      * necessary in the future.
      */
     parent::__construct();
     /* Initialize the php session handling.
      *
      * If session_id() returns a blank string, then we need
      * to call session start. Otherwise the session is already
      * started, and we should avoid calling session_start().
      */
     if (session_id() === '') {
         $config = SimpleSAML_Configuration::getInstance();
         $cookiepath = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/';
         session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS());
         $cookiename = $config->getString('session.phpsession.cookiename', NULL);
         if (!empty($cookiename)) {
             session_name($cookiename);
         }
         $savepath = $config->getString('session.phpsession.savepath', NULL);
         if (!empty($savepath)) {
             session_save_path($savepath);
         }
         if (!array_key_exists(session_name(), $_COOKIE)) {
             /* Session cookie unset - session id not set. Generate new (secure) session id. */
             session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16)));
         }
         session_start();
     }
 }
 /**
  * Initialize an EntitiesDescriptor.
  *
  * @param DOMElement|NULL $xml  The XML element we should load.
  */
 public function __construct(DOMElement $xml = NULL)
 {
     parent::__construct($xml);
     if ($xml === NULL) {
         return;
     }
     if ($xml->hasAttribute('ID')) {
         $this->ID = $xml->getAttribute('ID');
     }
     if ($xml->hasAttribute('validUntil')) {
         $this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
     }
     if ($xml->hasAttribute('cacheDuration')) {
         $this->cacheDuration = $xml->getAttribute('cacheDuration');
     }
     if ($xml->hasAttribute('Name')) {
         $this->Name = $xml->getAttribute('Name');
     }
     $this->Extensions = SAML2_XML_md_Extensions::getList($xml);
     foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:EntityDescriptor|./saml_metadata:EntitiesDescriptor') as $node) {
         if ($node->localName === 'EntityDescriptor') {
             $this->children[] = new SAML2_XML_md_EntityDescriptor($node);
         } else {
             $this->children[] = new SAML2_XML_md_EntitiesDescriptor($node);
         }
     }
 }
Example #13
0
 /**
  * Get the NameID value.
  *
  * @return string|NULL  The NameID value.
  */
 protected function getValue(array &$state)
 {
     if (!isset($state['Destination']['entityid'])) {
         SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.');
         return NULL;
     }
     $spEntityId = $state['Destination']['entityid'];
     if (!isset($state['Source']['entityid'])) {
         SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.');
         return NULL;
     }
     $idpEntityId = $state['Source']['entityid'];
     if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
         SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
         return NULL;
     }
     if (count($state['Attributes'][$this->attribute]) > 1) {
         SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
         return NULL;
     }
     $uid = array_values($state['Attributes'][$this->attribute]);
     /* Just in case the first index is no longer 0. */
     $uid = $uid[0];
     $secretSalt = SimpleSAML_Utilities::getSecretSalt();
     $uidData = 'uidhashbase' . $secretSalt;
     $uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
     $uidData .= strlen($spEntityId) . ':' . $spEntityId;
     $uidData .= strlen($uid) . ':' . $uid;
     $uidData .= $secretSalt;
     return sha1($uidData);
 }
Example #14
0
function handleResponse()
{
    try {
        $binding = SAML2_Binding::getCurrentBinding();
        $response = $binding->receive();
    } catch (Exception $e) {
        return;
    }
    SimpleSAML_Logger::debug('attributequery - received message.');
    if (!$response instanceof SAML2_Response) {
        throw new SimpleSAML_Error_Exception('Unexpected message received to attribute query example.');
    }
    $idpEntityId = $response->getIssuer();
    if ($idpEntityId === NULL) {
        throw new SimpleSAML_Error_Exception('Missing issuer in response.');
    }
    $idpMetadata = $GLOBALS['metadata']->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
    $spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted');
    $assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
    if (count($assertion) > 1) {
        throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
    }
    $assertion = $assertion[0];
    $dataId = $response->getRelayState();
    if ($dataId === NULL) {
        throw new SimpleSAML_Error_Exception('RelayState was lost during request.');
    }
    $data = $GLOBALS['session']->getData('attributequeryexample:data', $dataId);
    $data['attributes'] = $assertion->getAttributes();
    $GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600);
    SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('dataId' => $dataId));
}
Example #15
0
 /**
  * Constructor for this authentication source.
  *
  * @param array $info  Information about this authentication source.
  * @param array $config  Configuration.
  */
 public function __construct($info, $config)
 {
     assert('is_array($info)');
     assert('is_array($config)');
     /* Call the parent constructor first, as required by the interface. */
     parent::__construct($info, $config);
     $this->users = array();
     /* Validate and parse our configuration. */
     foreach ($config as $userpass => $attributes) {
         if (!is_string($userpass)) {
             throw new Exception('Invalid <username>:<passwordhash> for authentication source ' . $this->authId . ': ' . $userpass);
         }
         $userpass = explode(':', $userpass, 2);
         if (count($userpass) !== 2) {
             throw new Exception('Invalid <username>:<passwordhash> for authentication source ' . $this->authId . ': ' . $userpass[0]);
         }
         $username = $userpass[0];
         $passwordhash = $userpass[1];
         try {
             $attributes = SimpleSAML_Utilities::parseAttributes($attributes);
         } catch (Exception $e) {
             throw new Exception('Invalid attributes for user ' . $username . ' in authentication source ' . $this->authId . ': ' . $e->getMessage());
         }
         $this->users[$username . ':' . $passwordhash] = $attributes;
     }
 }
Example #16
0
 /**
  * Initialize a AffiliationDescriptor.
  *
  * @param DOMElement|NULL $xml  The XML element we should load.
  */
 public function __construct(DOMElement $xml = NULL)
 {
     parent::__construct($xml);
     if ($xml === NULL) {
         return;
     }
     if (!$xml->hasAttribute('affiliationOwnerID')) {
         throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.');
     }
     $this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID');
     if ($xml->hasAttribute('ID')) {
         $this->ID = $xml->getAttribute('ID');
     }
     if ($xml->hasAttribute('validUntil')) {
         $this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil'));
     }
     if ($xml->hasAttribute('cacheDuration')) {
         $this->cacheDuration = $xml->getAttribute('cacheDuration');
     }
     $this->Extensions = SAML2_XML_md_Extensions::getList($xml);
     $this->AffiliateMember = SAML2_Utils::extractStrings($xml, './saml_metadata:AffiliateMember');
     if (empty($this->AffiliateMember)) {
         throw new Exception('Missing AffiliateMember in AffiliationDescriptor.');
     }
     foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) {
         $this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd);
     }
 }
 public function getBaseURL()
 {
     if (preg_match('/^\\*(.*)$/', $this->getValue('baseurlpath', ''), $matches)) {
         return SimpleSAML_Utilities::getFirstPathElement(false) . $matches[1];
     }
     return $this->getValue('baseurlpath', '');
 }
function listMetadata($t, $metadata, $extended = FALSE)
{
    $now = time();
    echo '<ul>';
    foreach ($metadata as $entry) {
        $flag = NULL;
        if (array_key_exists('tags', $entry)) {
            if (in_array('norway', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/no.png');
            }
            if (in_array('denmark', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/dk.png');
            }
            if (in_array('finland', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fi.png');
            }
            if (in_array('sweden', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/se.png');
            }
            if (in_array('switzerland', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/ch.png');
            }
            if (in_array('france', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fr.png');
            }
            if (in_array('poland', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/pl.png');
            }
            if (in_array('germany', $entry['tags'])) {
                $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/de.png');
            }
        }
        echo '<li>';
        if (isset($flag)) {
            echo ' <img style="display: inline; margin-right: 5px" src="' . $flag . '" alt="Flag" />';
        }
        if (array_key_exists('name', $entry)) {
            echo $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['name'], 'en'));
        } else {
            echo $entry['entityid'];
        }
        // echo('<pre>'); print_r($entry); echo('</pre>');
        if ($extended) {
            if (array_key_exists('expire', $entry)) {
                if ($entry['expire'] < $now) {
                    echo '<span style="color: #500; font-weight: bold"> (expired ' . number_format(($now - $entry['expire']) / 3600, 1) . ' hours ago)</span>';
                } else {
                    echo '<span style="color: #ccc; "> (expires in ' . number_format(($entry['expire'] - $now) / 3600, 1) . ' hours)</span>';
                }
            }
        }
        if (array_key_exists('url', $entry)) {
            echo ' [ <a href="' . $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['url'], 'en')) . '">more</a> ]';
        }
        echo '</li>';
    }
    echo '</ul>';
    echo '</fieldset>';
}
Example #19
0
 function complete()
 {
     $return = FoodleUtils::getURL();
     if (!empty($_REQUEST['return'])) {
         $return = $_REQUEST['return'];
     }
     SimpleSAML_Utilities::redirect($return);
 }
 /**
  * private constructor restricts instantiaton to getInstance()
  */
 private function __construct()
 {
     $configuration = SimpleSAML_Configuration::getInstance();
     $this->sessionduration = $configuration->getValue('session.duration');
     $this->trackid = SimpleSAML_Utilities::generateTrackID();
     $this->dirty = TRUE;
     $this->addShutdownFunction();
 }
Example #21
0
 /**
  * Log-in using Google OAuth2Login (OpenID Connect) platform
  * Documentation at : https://developers.google.com/accounts/docs/OAuth2Login
  *
  * @param array &$state Information about the current authentication.
  */
 public function authenticate(&$state)
 {
     $state[self::AUTHID] = $this->authId;
     $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
     $this->client->getAuth()->setState($stateID);
     $authUrl = $this->client->createAuthUrl();
     SimpleSAML_Utilities::redirectTrustedURL($authUrl);
 }
Example #22
0
 function new_access_token($requestToken, $consumer)
 {
     SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
     $token = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID());
     // SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ',' . $token . ')');
     $this->store->set('access', $token->key, $consumer->key, $token, $this->config->getValue('accessTokenDuration', 60 * 60 * 24));
     return $token;
 }
Example #23
0
/**
 * Ajax compatible redirect method
 *
 * @param string $url
 * @param array $params
 * @param bool $isAjax
 */
function redirectTrustedUrl($url, array $params = array(), $isAjax = false)
{
    if ($isAjax) {
        $redirectUrl = str_replace(TAB_AJAX_CONTENT_PREFIX, '', $url) . '?' . http_build_query($params);
        die('<script type="text/javascript">window.location =\'' . $redirectUrl . '\';</script>');
    } else {
        SimpleSAML_Utilities::redirectTrustedUrl($url, $params);
    }
}
Example #24
0
 /**
  * @param $secretSalt Must be random and unique per installation
  * @param $lifeTime Token lifetime in seconds
  * @param $skew  Allowed time skew between server that generates and the one that calculates the token
  */
 public function __construct($lifetime = 900, $secretSalt = NULL, $skew = 1)
 {
     if ($secretSalt === NULL) {
         $secretSalt = SimpleSAML_Utilities::getSecretSalt();
     }
     $this->secretSalt = $secretSalt;
     $this->lifetime = $lifetime;
     $this->skew = $skew;
 }
 public function authenticate(&$state)
 {
     assert('is_array($state)');
     // We are going to need the authId in order to retrieve this authentication source later.
     $state[self::AUTHID] = $this->authId;
     $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID);
     $url = SimpleSAML_Module::getModuleURL('authtfaga/login.php');
     SimpleSAML_Utilities::redirect($url, array('AuthState' => $id));
 }
Example #26
0
 public function getUserInfo($url, $accessToken)
 {
     $data_req = OAuthRequest::from_consumer_and_token($this->consumer, $accessToken, "GET", $url, NULL);
     $data_req->sign_request($this->signer, $this->consumer, $accessToken);
     $data = SimpleSAML_Utilities::fetch($data_req->to_url());
     #print_r($data);
     $dataDecoded = json_decode($data, TRUE);
     return $dataDecoded;
 }
Example #27
0
 /**
  * Check that the user has access to the statistics.
  *
  * If the user doesn't have access, send the user to the login page.
  */
 public static function checkAccess(SimpleSAML_Configuration $statconfig)
 {
     $protected = $statconfig->getBoolean('protected', FALSE);
     $authsource = $statconfig->getString('auth', NULL);
     $allowedusers = $statconfig->getValue('allowedUsers', NULL);
     $useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
     $acl = $statconfig->getValue('acl', NULL);
     if ($acl !== NULL && !is_string($acl) && !is_array($acl)) {
         throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
     }
     if (!$protected) {
         return;
     }
     if (SimpleSAML_Utilities::isAdmin()) {
         // User logged in as admin. OK.
         SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted');
         return;
     }
     if (!isset($authsource)) {
         // If authsource is not defined, init admin login.
         SimpleSAML_Utilities::requireAdmin();
     }
     /* We are using an authsource for login. */
     $as = new SimpleSAML_Auth_Simple($authsource);
     $as->requireAuth();
     // User logged in with auth source.
     SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
     // Retrieving attributes
     $attributes = $as->getAttributes();
     if (!empty($allowedusers)) {
         // Check if userid exists
         if (!isset($attributes[$useridattr][0])) {
             throw new Exception('User ID is missing');
         }
         // Check if userid is allowed access..
         if (in_array($attributes[$useridattr][0], $allowedusers)) {
             SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
             return;
         }
         SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
     } else {
         SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.');
     }
     if (!is_null($acl)) {
         $acl = new sspmod_core_ACL($acl);
         if ($acl->allows($attributes)) {
             SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.');
             return;
         }
         SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.');
     } else {
         SimpleSAML_Logger::debug('Statistics auth - no ACL configured.');
     }
     throw new SimpleSAML_Error_Exception('Access denied to the current user.');
 }
Example #28
0
 /**
  * Initialize processing of the redirect test.
  *
  * @param array &$state  The state we should update.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     assert('array_key_exists("Attributes", $state)');
     /* To check whether the state is saved correctly. */
     $state['Attributes']['RedirectTest1'] = array('OK');
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test');
     $url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }
Example #29
0
 /**
  * Create a new NotFound error
  *
  * @param string $reason  Optional description of why the given page could not be found.
  */
 public function __construct($reason = NULL)
 {
     assert('is_null($reason) || is_string($reason)');
     $url = SimpleSAML_Utilities::selfURL();
     if ($reason === NULL) {
         parent::__construct(array('NOTFOUND', '%URL%' => $url));
     } else {
         parent::__construct(array('NOTFOUNDREASON', '%URL%' => $url, '%REASON%' => $reason));
     }
     $this->reason = $reason;
 }
Example #30
0
 /**
  * Process a authentication response.
  *
  * This function saves the state, and redirects the user to the page where the user
  * can authorize the release of the attributes.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
         /* We have a passive request. Skip the warning. */
         return;
     }
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'warning:request');
     $url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }