/** * Construct * * @param array $authSourceconfig Configuration array for the selected authsource * @param array $writeConfig Configuration array for the selected catalogue backend * @param array $attributes The user attributes to be saved */ public function __construct($authSourceConfig, $writeConfig, $attributes, $hashAlgo) { $asc = SimpleSAML_Configuration::loadFromArray($authSourceConfig); try { $this->dbh = new PDO($asc->getString('dsn'), $asc->getString('username'), $asc->getString('password')); } catch (PDOException $e) { throw new Exception($e->getMessage()); } $driver = explode(':', $asc->getString('dsn'), 2); $driver = strtolower($driver[0]); /* Driver specific initialization. */ switch ($driver) { case 'mysql': /* Use UTF-8. */ $this->dbh->exec("SET NAMES utf8"); $this->dbh->exec("SET CHARACTER SET utf8;"); break; case 'pgsql': /* Use UTF-8. */ $this->dbh->exec("SET NAMES 'UTF8'"); break; } $this->dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); $this->attributes = $attributes; $this->hashAlgo = $hashAlgo; $this->salt = bin2hex(SimpleSAML_Utilities::generateRandomBytes(64, FALSE)); $wc = SimpleSAML_Configuration::loadFromArray($writeConfig); $this->userIdAttr = $wc->getString('user.id.param'); }
public function __construct(Exception $original) { $msg = get_class($original) . ': ' . $original->getMessage(); $code = $original->getCode(); parent::__construct($msg, $code); $this->setBacktrace(SimpleSAML_Utilities::buildBacktrace($original)); }
/** * Apply filter to validate attributes. * * @param array &$request The current request */ public function process(&$request) { $authorize = FALSE; assert('is_array($request)'); assert('array_key_exists("Attributes", $request)'); $attributes =& $request['Attributes']; foreach ($this->valid_attribute_values as $name => $patterns) { if (array_key_exists($name, $attributes)) { foreach ($patterns as $pattern) { $values = $attributes[$name]; if (!is_array($values)) { $values = array($values); } foreach ($values as $value) { if (preg_match($pattern, $value)) { $authorize = TRUE; break 3; } } } } } if (!$authorize) { /* Save state and redirect to 403 page. */ $id = SimpleSAML_Auth_State::saveState($request, 'authorize:Authorize'); $url = SimpleSAML_Module::getModuleURL('authorize/authorize_403.php'); SimpleSAML_Utilities::redirect($url, array('StateId' => $id)); } }
function prepare() { if (!empty($_REQUEST['useridFrom']) && !empty($_REQUEST['useridTo'])) { $this->fdb->migrateAccount($_REQUEST['useridFrom'], $_REQUEST['useridTo']); SimpleSAML_Utilities::redirect('/accountmappingprepare'); } }
protected function _mailTechnicalContact($tag, sspmod_janus_Cron_Logger $logger) { $errorHtml = $this->_getHtmlForMessages($logger->getNamespacedErrors(), 'errors'); $warningHtml = $this->_getHtmlForMessages($logger->getNamespacedWarnings(), 'warnings'); $noticeHtml = $this->_getHtmlForMessages($logger->getNamespacedNotices(), 'notices'); $config = SimpleSAML_Configuration::getInstance(); $time = date(DATE_RFC822); $url = SimpleSAML_Utilities::selfURL(); $message = <<<MESSAGE <h1>Cron report</h1> <p>Cron ran at {$time}</p> <p>URL: <tt>{$url}</tt></p> <p>Tag: {$tag}</p> <h2>Errors</h2> {$errorHtml} <h2>Warnings</h2> {$warningHtml} <h2>Notices</h2> {$noticeHtml} MESSAGE; $toAddress = $config->getString('technicalcontact_email', '*****@*****.**'); if ($toAddress == '*****@*****.**') { SimpleSAML_Logger::error('Cron - Could not send email. [technicalcontact_email] not set in config.'); } else { $email = new SimpleSAML_XHTML_EMail($toAddress, 'JANUS cron report', '*****@*****.**'); $email->setBody($message); $email->send(); } }
protected function saveChanges() { $this->foodle->updateFromPostFixDate($this->user); # echo '<pre>'; print_r($_REQUEST); print_r($this->foodle); exit; $this->foodle->acl($this->user, 'write'); $this->foodle->save(); // if (isset($this->user->email)) { // $this->sendMail(); // } if (!empty($_REQUEST['send_fixdate_mail'])) { $responses = $this->foodle->getResponses(); foreach ($responses as $response) { $user = null; if (!empty($response->user)) { $user = $response->user; } if (empty($user)) { $user = new Data_User($this->fdb); $user->userid = $response->userid; $user->email = $response->email; $user->username = $response->username; } $this->sendFixDateMail($user, $this->foodle); } } $newurl = FoodleUtils::getUrl() . 'foodle/' . $this->foodle->identifier . '#distribute'; SimpleSAML_Utilities::redirect($newurl); exit; }
public function finalStep(&$state) { SimpleSAML_Logger::debug("oauth wrap: Using this verification code [" . $state['authwindowslive:wrap_verification_code'] . "]"); // Retrieve Access Token // Documentation at: http://msdn.microsoft.com/en-us/library/ff749686.aspx $postData = 'wrap_client_id=' . urlencode($this->key) . '&wrap_client_secret=' . urlencode($this->secret) . '&wrap_callback=' . urlencode(SimpleSAML_Module::getModuleUrl('authwindowslive') . '/linkback.php') . '&wrap_verification_code=' . urlencode($state['authwindowslive:wrap_verification_code']); $context = array('http' => array('method' => 'POST', 'header' => 'Content-type: application/x-www-form-urlencoded', 'content' => $postData)); $result = SimpleSAML_Utilities::fetch('https://consent.live.com/AccessToken.aspx', $context); parse_str($result, $response); // error checking of $response to make sure we can proceed if (!array_key_exists('wrap_access_token', $response)) { throw new Exception('[' . $response['error_code'] . '] ' . $response['wrap_error_reason'] . "\r\nNo wrap_access_token returned - cannot proceed\r\n" . $response['internal_info']); } SimpleSAML_Logger::debug("Got an access token from the OAuth WRAP service provider [" . $response['wrap_access_token'] . "] for user [" . $response['uid'] . "]"); // Documentation at: http://msdn.microsoft.com/en-us/library/ff751708.aspx $opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: WRAP access_token=" . $response['wrap_access_token'] . "\r\n")); $data = SimpleSAML_Utilities::fetch('https://apis.live.net/V4.1/cid-' . $response['uid'] . '/Profiles', $opts); $userdata = json_decode($data, TRUE); $attributes = array(); $attributes['windowslive_uid'] = array($response['uid']); $attributes['windowslive_targetedID'] = array('http://windowslive.com!' . $response['uid']); $attributes['windowslive_user'] = array($response['uid'] . '@windowslive.com'); if (array_key_exists('Entries', $userdata)) { foreach ($userdata['Entries'][0] as $key => $value) { if (is_string($value)) { $attributes['windowslive.' . $key] = array((string) $value); } } if (array_key_exists('Emails', $userdata['Entries'][0])) { $attributes['windowslive_mail'] = array($userdata['Entries'][0]['Emails'][0]['Address']); } } SimpleSAML_Logger::debug('LiveID Returned Attributes: ' . implode(", ", array_keys($attributes))); $state['Attributes'] = $attributes; }
/** * Start the logout operation. * * @param array &$state The logout state. * @param string|NULL $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === NULL) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = NULL; } $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'); $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id)); SimpleSAML_Utilities::redirect($url); }
/** * Process a authentication response. * * This function checks how long it is since the last time the user was authenticated. * If it is to short a while since, we will show a warning to the user. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (!array_key_exists('PreviousSSOTimestamp', $state)) { /* * No timestamp from the previous SSO to this SP. This is the first * time during this session. */ return; } $timeDelta = time() - $state['PreviousSSOTimestamp']; if ($timeDelta >= 10) { /* At least 10 seconds since last attempt. */ return; } if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) { $entityId = $state['Destination']['entityid']; } else { $entityId = 'UNKNOWN'; } SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE)); /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval'); $url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php'); SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id)); }
/** * When the process logic determines that the user is not * authorized for this service, then forward the user to * an 403 unauthorized page. * * Separated this code into its own method so that child * classes can override it and change the action. Forward * thinking in case a "chained" ACL is needed, more complex * permission logic. * * @param array $request */ protected function unauthorized(&$request) { SimpleSAML_Logger::error('ExpectedAuthnContextClassRef: Invalid authentication context: ' . $this->AuthnContextClassRef . '. Accepted values are: ' . var_export($this->accepted, TRUE)); $id = SimpleSAML_Auth_State::saveState($request, 'saml:ExpectedAuthnContextClassRef:unauthorized'); $url = SimpleSAML_Module::getModuleURL('saml/sp/wrong_authncontextclassref.php'); SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id)); }
protected function __construct() { /* Call the parent constructor in case it should become * necessary in the future. */ parent::__construct(); /* Initialize the php session handling. * * If session_id() returns a blank string, then we need * to call session start. Otherwise the session is already * started, and we should avoid calling session_start(). */ if (session_id() === '') { $config = SimpleSAML_Configuration::getInstance(); $cookiepath = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/'; session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS()); $cookiename = $config->getString('session.phpsession.cookiename', NULL); if (!empty($cookiename)) { session_name($cookiename); } $savepath = $config->getString('session.phpsession.savepath', NULL); if (!empty($savepath)) { session_save_path($savepath); } if (!array_key_exists(session_name(), $_COOKIE)) { /* Session cookie unset - session id not set. Generate new (secure) session id. */ session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16))); } session_start(); } }
/** * Initialize an EntitiesDescriptor. * * @param DOMElement|NULL $xml The XML element we should load. */ public function __construct(DOMElement $xml = NULL) { parent::__construct($xml); if ($xml === NULL) { return; } if ($xml->hasAttribute('ID')) { $this->ID = $xml->getAttribute('ID'); } if ($xml->hasAttribute('validUntil')) { $this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil')); } if ($xml->hasAttribute('cacheDuration')) { $this->cacheDuration = $xml->getAttribute('cacheDuration'); } if ($xml->hasAttribute('Name')) { $this->Name = $xml->getAttribute('Name'); } $this->Extensions = SAML2_XML_md_Extensions::getList($xml); foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:EntityDescriptor|./saml_metadata:EntitiesDescriptor') as $node) { if ($node->localName === 'EntityDescriptor') { $this->children[] = new SAML2_XML_md_EntityDescriptor($node); } else { $this->children[] = new SAML2_XML_md_EntitiesDescriptor($node); } } }
/** * Get the NameID value. * * @return string|NULL The NameID value. */ protected function getValue(array &$state) { if (!isset($state['Destination']['entityid'])) { SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.'); return NULL; } $spEntityId = $state['Destination']['entityid']; if (!isset($state['Source']['entityid'])) { SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.'); return NULL; } $idpEntityId = $state['Source']['entityid']; if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) { SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.'); return NULL; } if (count($state['Attributes'][$this->attribute]) > 1) { SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.'); return NULL; } $uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */ $uid = $uid[0]; $secretSalt = SimpleSAML_Utilities::getSecretSalt(); $uidData = 'uidhashbase' . $secretSalt; $uidData .= strlen($idpEntityId) . ':' . $idpEntityId; $uidData .= strlen($spEntityId) . ':' . $spEntityId; $uidData .= strlen($uid) . ':' . $uid; $uidData .= $secretSalt; return sha1($uidData); }
function handleResponse() { try { $binding = SAML2_Binding::getCurrentBinding(); $response = $binding->receive(); } catch (Exception $e) { return; } SimpleSAML_Logger::debug('attributequery - received message.'); if (!$response instanceof SAML2_Response) { throw new SimpleSAML_Error_Exception('Unexpected message received to attribute query example.'); } $idpEntityId = $response->getIssuer(); if ($idpEntityId === NULL) { throw new SimpleSAML_Error_Exception('Missing issuer in response.'); } $idpMetadata = $GLOBALS['metadata']->getMetaDataConfig($idpEntityId, 'saml20-idp-remote'); $spMetadata = $GLOBALS['metadata']->getMetaDataConfig($GLOBALS['spEntityId'], 'saml20-sp-hosted'); $assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response); if (count($assertion) > 1) { throw new SimpleSAML_Error_Exception('More than one assertion in received response.'); } $assertion = $assertion[0]; $dataId = $response->getRelayState(); if ($dataId === NULL) { throw new SimpleSAML_Error_Exception('RelayState was lost during request.'); } $data = $GLOBALS['session']->getData('attributequeryexample:data', $dataId); $data['attributes'] = $assertion->getAttributes(); $GLOBALS['session']->setData('attributequeryexample:data', $dataId, $data, 3600); SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('dataId' => $dataId)); }
/** * Constructor for this authentication source. * * @param array $info Information about this authentication source. * @param array $config Configuration. */ public function __construct($info, $config) { assert('is_array($info)'); assert('is_array($config)'); /* Call the parent constructor first, as required by the interface. */ parent::__construct($info, $config); $this->users = array(); /* Validate and parse our configuration. */ foreach ($config as $userpass => $attributes) { if (!is_string($userpass)) { throw new Exception('Invalid <username>:<passwordhash> for authentication source ' . $this->authId . ': ' . $userpass); } $userpass = explode(':', $userpass, 2); if (count($userpass) !== 2) { throw new Exception('Invalid <username>:<passwordhash> for authentication source ' . $this->authId . ': ' . $userpass[0]); } $username = $userpass[0]; $passwordhash = $userpass[1]; try { $attributes = SimpleSAML_Utilities::parseAttributes($attributes); } catch (Exception $e) { throw new Exception('Invalid attributes for user ' . $username . ' in authentication source ' . $this->authId . ': ' . $e->getMessage()); } $this->users[$username . ':' . $passwordhash] = $attributes; } }
/** * Initialize a AffiliationDescriptor. * * @param DOMElement|NULL $xml The XML element we should load. */ public function __construct(DOMElement $xml = NULL) { parent::__construct($xml); if ($xml === NULL) { return; } if (!$xml->hasAttribute('affiliationOwnerID')) { throw new Exception('Missing affiliationOwnerID on AffiliationDescriptor.'); } $this->affiliationOwnerID = $xml->getAttribute('affiliationOwnerID'); if ($xml->hasAttribute('ID')) { $this->ID = $xml->getAttribute('ID'); } if ($xml->hasAttribute('validUntil')) { $this->validUntil = SimpleSAML_Utilities::parseSAML2Time($xml->getAttribute('validUntil')); } if ($xml->hasAttribute('cacheDuration')) { $this->cacheDuration = $xml->getAttribute('cacheDuration'); } $this->Extensions = SAML2_XML_md_Extensions::getList($xml); $this->AffiliateMember = SAML2_Utils::extractStrings($xml, './saml_metadata:AffiliateMember'); if (empty($this->AffiliateMember)) { throw new Exception('Missing AffiliateMember in AffiliationDescriptor.'); } foreach (SAML2_Utils::xpQuery($xml, './saml_metadata:KeyDescriptor') as $kd) { $this->KeyDescriptor[] = new SAML2_XML_md_KeyDescriptor($kd); } }
public function getBaseURL() { if (preg_match('/^\\*(.*)$/', $this->getValue('baseurlpath', ''), $matches)) { return SimpleSAML_Utilities::getFirstPathElement(false) . $matches[1]; } return $this->getValue('baseurlpath', ''); }
function listMetadata($t, $metadata, $extended = FALSE) { $now = time(); echo '<ul>'; foreach ($metadata as $entry) { $flag = NULL; if (array_key_exists('tags', $entry)) { if (in_array('norway', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/no.png'); } if (in_array('denmark', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/dk.png'); } if (in_array('finland', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fi.png'); } if (in_array('sweden', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/se.png'); } if (in_array('switzerland', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/ch.png'); } if (in_array('france', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/fr.png'); } if (in_array('poland', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/pl.png'); } if (in_array('germany', $entry['tags'])) { $flag = SimpleSAML_Module::getModuleURL('metalisting/flags/de.png'); } } echo '<li>'; if (isset($flag)) { echo ' <img style="display: inline; margin-right: 5px" src="' . $flag . '" alt="Flag" />'; } if (array_key_exists('name', $entry)) { echo $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['name'], 'en')); } else { echo $entry['entityid']; } // echo('<pre>'); print_r($entry); echo('</pre>'); if ($extended) { if (array_key_exists('expire', $entry)) { if ($entry['expire'] < $now) { echo '<span style="color: #500; font-weight: bold"> (expired ' . number_format(($now - $entry['expire']) / 3600, 1) . ' hours ago)</span>'; } else { echo '<span style="color: #ccc; "> (expires in ' . number_format(($entry['expire'] - $now) / 3600, 1) . ' hours)</span>'; } } } if (array_key_exists('url', $entry)) { echo ' [ <a href="' . $t->getTranslation(SimpleSAML_Utilities::arrayize($entry['url'], 'en')) . '">more</a> ]'; } echo '</li>'; } echo '</ul>'; echo '</fieldset>'; }
function complete() { $return = FoodleUtils::getURL(); if (!empty($_REQUEST['return'])) { $return = $_REQUEST['return']; } SimpleSAML_Utilities::redirect($return); }
/** * private constructor restricts instantiaton to getInstance() */ private function __construct() { $configuration = SimpleSAML_Configuration::getInstance(); $this->sessionduration = $configuration->getValue('session.duration'); $this->trackid = SimpleSAML_Utilities::generateTrackID(); $this->dirty = TRUE; $this->addShutdownFunction(); }
/** * Log-in using Google OAuth2Login (OpenID Connect) platform * Documentation at : https://developers.google.com/accounts/docs/OAuth2Login * * @param array &$state Information about the current authentication. */ public function authenticate(&$state) { $state[self::AUTHID] = $this->authId; $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $this->client->getAuth()->setState($stateID); $authUrl = $this->client->createAuthUrl(); SimpleSAML_Utilities::redirectTrustedURL($authUrl); }
function new_access_token($requestToken, $consumer) { SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')'); $token = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID()); // SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ',' . $token . ')'); $this->store->set('access', $token->key, $consumer->key, $token, $this->config->getValue('accessTokenDuration', 60 * 60 * 24)); return $token; }
/** * Ajax compatible redirect method * * @param string $url * @param array $params * @param bool $isAjax */ function redirectTrustedUrl($url, array $params = array(), $isAjax = false) { if ($isAjax) { $redirectUrl = str_replace(TAB_AJAX_CONTENT_PREFIX, '', $url) . '?' . http_build_query($params); die('<script type="text/javascript">window.location =\'' . $redirectUrl . '\';</script>'); } else { SimpleSAML_Utilities::redirectTrustedUrl($url, $params); } }
/** * @param $secretSalt Must be random and unique per installation * @param $lifeTime Token lifetime in seconds * @param $skew Allowed time skew between server that generates and the one that calculates the token */ public function __construct($lifetime = 900, $secretSalt = NULL, $skew = 1) { if ($secretSalt === NULL) { $secretSalt = SimpleSAML_Utilities::getSecretSalt(); } $this->secretSalt = $secretSalt; $this->lifetime = $lifetime; $this->skew = $skew; }
public function authenticate(&$state) { assert('is_array($state)'); // We are going to need the authId in order to retrieve this authentication source later. $state[self::AUTHID] = $this->authId; $id = SimpleSAML_Auth_State::saveState($state, self::STAGEID); $url = SimpleSAML_Module::getModuleURL('authtfaga/login.php'); SimpleSAML_Utilities::redirect($url, array('AuthState' => $id)); }
public function getUserInfo($url, $accessToken) { $data_req = OAuthRequest::from_consumer_and_token($this->consumer, $accessToken, "GET", $url, NULL); $data_req->sign_request($this->signer, $this->consumer, $accessToken); $data = SimpleSAML_Utilities::fetch($data_req->to_url()); #print_r($data); $dataDecoded = json_decode($data, TRUE); return $dataDecoded; }
/** * Check that the user has access to the statistics. * * If the user doesn't have access, send the user to the login page. */ public static function checkAccess(SimpleSAML_Configuration $statconfig) { $protected = $statconfig->getBoolean('protected', FALSE); $authsource = $statconfig->getString('auth', NULL); $allowedusers = $statconfig->getValue('allowedUsers', NULL); $useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName'); $acl = $statconfig->getValue('acl', NULL); if ($acl !== NULL && !is_string($acl) && !is_array($acl)) { throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.'); } if (!$protected) { return; } if (SimpleSAML_Utilities::isAdmin()) { // User logged in as admin. OK. SimpleSAML_Logger::debug('Statistics auth - logged in as admin, access granted'); return; } if (!isset($authsource)) { // If authsource is not defined, init admin login. SimpleSAML_Utilities::requireAdmin(); } /* We are using an authsource for login. */ $as = new SimpleSAML_Auth_Simple($authsource); $as->requireAuth(); // User logged in with auth source. SimpleSAML_Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']'); // Retrieving attributes $attributes = $as->getAttributes(); if (!empty($allowedusers)) { // Check if userid exists if (!isset($attributes[$useridattr][0])) { throw new Exception('User ID is missing'); } // Check if userid is allowed access.. if (in_array($attributes[$useridattr][0], $allowedusers)) { SimpleSAML_Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']'); return; } SimpleSAML_Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']'); } else { SimpleSAML_Logger::debug('Statistics auth - no allowedUsers list.'); } if (!is_null($acl)) { $acl = new sspmod_core_ACL($acl); if ($acl->allows($attributes)) { SimpleSAML_Logger::debug('Statistics auth - allowed access by ACL.'); return; } SimpleSAML_Logger::debug('Statistics auth - denied access by ACL.'); } else { SimpleSAML_Logger::debug('Statistics auth - no ACL configured.'); } throw new SimpleSAML_Error_Exception('Access denied to the current user.'); }
/** * Initialize processing of the redirect test. * * @param array &$state The state we should update. */ public function process(&$state) { assert('is_array($state)'); assert('array_key_exists("Attributes", $state)'); /* To check whether the state is saved correctly. */ $state['Attributes']['RedirectTest1'] = array('OK'); /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'exampleauth:redirectfilter-test'); $url = SimpleSAML_Module::getModuleURL('exampleauth/redirecttest.php'); SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id)); }
/** * Create a new NotFound error * * @param string $reason Optional description of why the given page could not be found. */ public function __construct($reason = NULL) { assert('is_null($reason) || is_string($reason)'); $url = SimpleSAML_Utilities::selfURL(); if ($reason === NULL) { parent::__construct(array('NOTFOUND', '%URL%' => $url)); } else { parent::__construct(array('NOTFOUNDREASON', '%URL%' => $url, '%REASON%' => $reason)); } $this->reason = $reason; }
/** * Process a authentication response. * * This function saves the state, and redirects the user to the page where the user * can authorize the release of the attributes. * * @param array $state The state of the response. */ public function process(&$state) { assert('is_array($state)'); if (isset($state['isPassive']) && $state['isPassive'] === TRUE) { /* We have a passive request. Skip the warning. */ return; } /* Save state and redirect. */ $id = SimpleSAML_Auth_State::saveState($state, 'warning:request'); $url = SimpleSAML_Module::getModuleURL('preprodwarning/showwarning.php'); SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id)); }