/**
* Hook to add the simple consenet admin module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function consentSimpleAdmin_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['config'][] = array('href' => \SimpleSAML\Module::getModuleURL('consentSimpleAdmin/consentAdmin.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:header}');
$links['config'][] = array('href' => \SimpleSAML\Module::getModuleURL('consentSimpleAdmin/consentStats.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:headerstats}');
}
/**
* Start the logout operation.
*
* @param array &$state The logout state.
* @param string|null $assocId The SP we are logging out from.
*/
public function startLogout(array &$state, $assocId)
{
assert('is_string($assocId) || is_null($assocId)');
$associations = $this->idp->getAssociations();
if (count($associations) === 0) {
$this->idp->finishLogout($state);
}
foreach ($associations as $id => &$association) {
$idp = \SimpleSAML_IdP::getByState($association);
$association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
$association['core:Logout-IFrame:State'] = 'onhold';
}
$state['core:Logout-IFrame:Associations'] = $associations;
if (!is_null($assocId)) {
$spName = $this->idp->getSPName($assocId);
if ($spName === null) {
$spName = array('en' => $assocId);
}
$state['core:Logout-IFrame:From'] = $spName;
} else {
$state['core:Logout-IFrame:From'] = null;
}
$params = array('id' => \SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'));
if (isset($state['core:Logout-IFrame:InitType'])) {
$params['type'] = $state['core:Logout-IFrame:InitType'];
}
$url = Module::getModuleURL('core/idp/logout-iframe.php', $params);
HTTP::redirectTrustedURL($url);
}
/**
* Test for SimpleSAML\Module::resolveClass(). It covers all the valid use cases.
*/
public function tesstResolveClass()
{
// most basic test
$this->assertEquals('sspmod_core_ACL', Module::resolveClass('core:ACL', ''));
// test for the $type parameter correctly translated into a path
$this->assertEquals('sspmod_core_Auth_Process_PHP', Module::resolveClass('core:PHP', 'Auth_Process'));
// test for valid subclasses
$this->assertEquals('sspmod_core_Auth_Process_PHP', Module::resolveClass('core:PHP', 'Auth_Process', 'SimpleSAML_Auth_ProcessingFilter'));
}
/**
* Retrieve a admin login URL.
*
* @param string|NULL $returnTo The URL the user should arrive on after admin authentication. Defaults to null.
*
* @return string A URL which can be used for admin authentication.
* @throws \InvalidArgumentException If $returnTo is neither a string nor null.
*/
public static function getAdminLoginURL($returnTo = null)
{
if (!(is_string($returnTo) || is_null($returnTo))) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
if ($returnTo === null) {
$returnTo = HTTP::getSelfURL();
}
return Module::getModuleURL('core/login-admin.php', array('ReturnTo' => $returnTo));
}
/**
* Initialize processing of the redirect test.
*
* @param array &$state The state we should update.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Attributes", $state)');
// To check whether the state is saved correctly
$state['Attributes']['RedirectTest1'] = array('OK');
// Save state and redirect
$id = SimpleSAML_Auth_State::saveState($state, 'authVHO:redirectfilter-test');
$url = Module::getModuleURL('authVHO/redirecttest.php');
HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* @inheritDoc
*/
public function __construct($name)
{
parent::__construct($name);
$this->onValidate[] = [$this, 'validateRedirectUri'];
$this->setMethod('POST');
$this->addProtection('Security token has expired, please submit the form again');
$this->addText('name', 'Name of client:')->setMaxLength(255)->setRequired('Set a name');
$this->addTextArea('description', 'Description of client:', null, 5);
$this->addTextArea('redirect_uri', 'Static/enforcing callback-url (one per line)', null, 5)->setRequired('Write one redirect URI at least');
$this->addSubmit('submit', 'Submit');
$this->addButton('return', 'Return')->setAttribute('onClick', 'parent.location = \'' . Module::getModuleURL('oauth2/registry.php') . '\'');
}
/**
* This method retrieves a dictionary with the name given.
*
* @param string $name The name of the dictionary, as the filename in the dictionary directory, without the
* '.php' ending.
*
* @return array An associative array with the dictionary.
*/
private function getDictionary($name)
{
assert('is_string($name)');
if (!array_key_exists($name, $this->dictionaries)) {
$sepPos = strpos($name, ':');
if ($sepPos !== false) {
$module = substr($name, 0, $sepPos);
$fileName = substr($name, $sepPos + 1);
$dictDir = \SimpleSAML\Module::getModuleDir($module) . '/dictionaries/';
} else {
$dictDir = $this->configuration->getPathValue('dictionarydir', 'dictionaries/');
$fileName = $name;
}
$this->dictionaries[$name] = $this->readDictionaryFile($dictDir . $fileName);
}
return $this->dictionaries[$name];
}
/**
* Hook to add the aggregator list to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function aggregator_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation'][] = array('href' => \SimpleSAML\Module::getModuleURL('aggregator/'), 'text' => '{aggregator:aggregator:frontpage_link}');
}
/**
* Create a link which will POST data.
*
* @param string $destination The destination URL.
* @param array $data The name-value pairs which will be posted to the destination.
*
* @return string A URL which can be accessed to post the data.
* @throws \InvalidArgumentException If $destination is not a string or $data is not an array.
*
* @author Andjelko Horvat
* @author Jaime Perez, UNINETT AS <*****@*****.**>
*/
public static function getPOSTRedirectURL($destination, $data)
{
if (!is_string($destination) || !is_array($data)) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
$config = \SimpleSAML_Configuration::getInstance();
$allowed = $config->getBoolean('enable.http_post', false);
if ($allowed && preg_match("#^http:#", $destination) && self::isHTTPS()) {
// we need to post the data to HTTP
$url = self::getSecurePOSTRedirectURL($destination, $data);
} else {
// post the data directly
$session = \SimpleSAML_Session::getSessionFromRequest();
$id = self::savePOSTData($session, $destination, $data);
$url = Module::getModuleURL('core/postredirect.php', array('RedirId' => $id));
}
return $url;
}
/**
* Log in using an external authentication helper.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
$attributes = $this->getUser();
if ($attributes !== null) {
/*
* The user is already authenticated.
*
* Add the users attributes to the $state-array, and return control
* to the authentication process.
*/
$state['Attributes'] = $attributes;
return;
}
/*
* The user isn't authenticated. We therefore need to
* send the user to the login page.
*/
/*
* First we add the identifier of this authentication source
* to the state array, so that we know where to resume.
*/
$state['authVHO:AuthID'] = $this->authId;
/*
* We need to save the $state-array, so that we can resume the
* login process after authentication.
*
* Note the second parameter to the saveState-function. This is a
* unique identifier for where the state was saved, and must be used
* again when we retrieve the state.
*
* The reason for it is to prevent
* attacks where the user takes a $state-array saved in one location
* and restores it in another location, and thus bypasses steps in
* the authentication process.
*/
$stateId = SimpleSAML_Auth_State::saveState($state, 'authVHO:AuthID');
/*
* Now we generate a URL the user should return to after authentication.
* We assume that whatever authentication page we send the user to has an
* option to return the user to a specific page afterwards.
*/
$returnTo = Module::getModuleURL('authVHO/resume.php', array('State' => $stateId));
/*
* Get the URL of the VHO authentication page.
*
* This is in the configuration file.
*/
$authPage = $this->config['vho_login_url'];
/*
* The redirect to the authentication page.
*
* Note the 'ReturnTo' parameter. This must most likely be replaced with
* the real name of the parameter for the login page.
*/
HTTP::redirectTrustedURL($authPage, array('ReturnTo' => $returnTo));
/*
* The redirect function never returns, so we never get this far.
*/
assert('FALSE');
}
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function metaedit_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation']['metaedit'] = array('href' => \SimpleSAML\Module::getModuleURL('metaedit/index.php'), 'text' => array('en' => 'Metadata registry', 'no' => 'Metadata registrering'), 'shorttext' => array('en' => 'Metadata registry', 'no' => 'Metadata registrering'));
}
/**
* Hook to add the simple consenet admin module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function saml2debug_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation'][] = array('href' => \SimpleSAML\Module::getModuleURL('saml2debug/debug.php'), 'text' => array('en' => 'SAML 2.0 Debugger'));
}
/**
* Hook to add the logpeek module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function logpeek_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['config'][] = array('href' => \SimpleSAML\Module::getModuleURL('logpeek/'), 'text' => array('en' => 'SimpleSAMLphp logs access (Log peek)', 'no' => 'Vis simpleSAMLphp log'));
}
/*
* This file is part of the simplesamlphp-module-oauth2.
*
* (c) Sergio Gómez <*****@*****.**>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
use SimpleSAML\Modules\OAuth2\Form\ClientForm;
use SimpleSAML\Modules\OAuth2\Repositories\ClientRepository;
use SimpleSAML\Utils\Auth;
use SimpleSAML\Utils\HTTP;
use SimpleSAML\Utils\Random;
/* Load simpleSAMLphp, configuration and metadata */
$action = \SimpleSAML\Module::getModuleURL('oauth2/registry.new.php');
$config = SimpleSAML_Configuration::getInstance();
Auth::requireAdmin();
$form = new ClientForm('client');
$form->setAction($action);
if ($form->isSubmitted() && $form->isSuccess()) {
$client = $form->getValues();
$client['id'] = Random::generateID();
$client['secret'] = Random::generateID();
$clientRepository = new ClientRepository();
$clientRepository->persistNewClient($client['id'], $client['secret'], $client['name'], $client['description'], $client['redirect_uri']);
HTTP::redirectTrustedURL('registry.php');
}
$template = new SimpleSAML_XHTML_Template($config, 'oauth2:registry_new');
$template->data['form'] = $form;
$template->show();
/*
* This file is part of the simplesamlphp-module-oauth2.
*
* (c) Sergio Gómez <*****@*****.**>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
use SimpleSAML\Modules\OAuth2\Form\ClientForm;
use SimpleSAML\Modules\OAuth2\Repositories\ClientRepository;
use SimpleSAML\Utils\Auth;
use SimpleSAML\Utils\HTTP;
Auth::requireAdmin();
/* Load simpleSAMLphp, configuration and metadata */
$client_id = $_REQUEST['id'];
$action = \SimpleSAML\Module::getModuleURL('oauth2/registry.edit.php', ['id' => $client_id]);
$config = SimpleSAML_Configuration::getInstance();
$clientRepository = new ClientRepository();
$client = $clientRepository->find($client_id);
if (!$client) {
header('Content-type: text/plain; utf-8', TRUE, 500);
print 'Client not found';
return;
}
$form = new ClientForm('client');
$form->setAction($action);
$form->setDefaults($client);
if ($form->isSubmitted() && $form->isSuccess()) {
$client = $form->getValues();
$clientRepository->updateClient($client_id, $client['name'], $client['description'], $client['redirect_uri']);
HTTP::redirectTrustedURL('registry.php');
/**
* Find template path.
*
* This function locates the given template based on the template name. It will first search for the template in
* the current theme directory, and then the default theme.
*
* The template name may be on the form <module name>:<template path>, in which case it will search for the
* template file in the given module.
*
* @param string $template The relative path from the theme directory to the template file.
*
* @return string The absolute path to the template file.
*
* @throws Exception If the template file couldn't be found.
*/
private function findTemplatePath($template, $throw_exception = true)
{
assert('is_string($template)');
$result = $this->findModuleAndTemplateName($template);
$templateModule = $result[0] ? $result[0] : 'default';
$templateName = $result[1];
$tmp = explode(':', $this->configuration->getString('theme.use', 'default'), 2);
if (count($tmp) === 2) {
$themeModule = $tmp[0];
$themeName = $tmp[1];
} else {
$themeModule = null;
$themeName = $tmp[0];
}
// first check the current theme
if ($themeModule !== null) {
// .../module/<themeModule>/themes/<themeName>/<templateModule>/<templateName>
$filename = \SimpleSAML\Module::getModuleDir($themeModule) . '/themes/' . $themeName . '/' . $templateModule . '/' . $templateName;
} elseif ($templateModule !== 'default') {
// .../module/<templateModule>/templates/<templateName>
$filename = \SimpleSAML\Module::getModuleDir($templateModule) . '/templates/' . $templateName;
} else {
// .../templates/<theme>/<templateName>
$filename = $this->configuration->getPathValue('templatedir', 'templates/') . $templateName;
}
if (file_exists($filename)) {
return $filename;
}
// not found in current theme
\SimpleSAML\Logger::debug($_SERVER['PHP_SELF'] . ' - Template: Could not find template file [' . $template . '] at [' . $filename . '] - now trying the base template');
// try default theme
if ($templateModule !== 'default') {
// .../module/<templateModule>/templates/<templateName>
$filename = \SimpleSAML\Module::getModuleDir($templateModule) . '/templates/' . $templateName;
} else {
// .../templates/<templateName>
$filename = $this->configuration->getPathValue('templatedir', 'templates/') . '/' . $templateName;
}
if (file_exists($filename)) {
return $filename;
}
// not found in default template
if ($throw_exception) {
// log error and throw exception
$error = 'Template: Could not find template file [' . $template . '] at [' . $filename . ']';
\SimpleSAML\Logger::critical($_SERVER['PHP_SELF'] . ' - ' . $error);
throw new Exception($error);
} else {
// missing template expected, return NULL
return null;
}
}
