public static function isAuthenticated() { require_once SamlAuth::LIB_AUTOLOAD; $source = null; $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php'); $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-sp'); foreach ($t->data['sources'] as &$_source) { $as = new SimpleSAML_Auth_Simple($_source); if ($as->isAuthenticated()) { $source = $as; break; } } if ($source === null) { return false; } return $source; }
public function postconnectAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $referer = trim($this->session->connectreferer); if (trim($referer) === "") { $referer = $_SERVER["HTTP_REFERER"]; $this->session->connectreferer = $referer; } if (trim($referer) === "") { $referer = "https://" . $_SERVER["HTTP_HOST"]; } //check if user is loggedin if (isset($this->session->userid) === false || is_numeric($this->session->userid) === false || intval($this->session->userid) <= 0) { header("Location: " . $referer); return; } //Check if source is given $source = trim($this->_getParam("source")); if ($source == "") { header("Location: https://" . $_SERVER["HTTP_HOST"]); return; } $this->session->connectdaccountsource = $source; $authsource = str_replace("-sp", "", strtolower(trim($source))); $connectedsource = str_replace("-sp", "-connect", strtolower(trim($source))); require_once SamlAuth::LIB_AUTOLOAD; //Initialize SAML $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php'); $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-connect'); if (!in_array($connectedsource, $t->data['sources'])) { header("Location: " . $referer); return; } //SAML Authentication new user account for connection $as = new SimpleSAML_Auth_Simple($connectedsource); $attributes = $as->getAttributes(); $uid = $attributes['idp:uid'][0]; if (trim($uid) == "") { $this->session->userError = array("title" => "New Account Connection", "message" => "Could not connect with new user account. Not enough information returned from account provider."); $this->_helper->redirector('postconnected'); return; } //Check if user is already connected to the requested account //If true redirect the user to the previous location (referer) $uaccount = AccountConnect::isConnectedTo($this->session, $uid, $authsource); if ($uaccount !== false) { $this->_helper->redirector('postconnected'); return; } else { //Check if this account is already connected to another profile $user = SamlAuth::getUserByAccountValues($uid, $authsource); if ($user !== null && $user->id != $this->session->userid) { $this->session->userError = array("title" => "Could not connect to " . str_replace("-", " ", $authsource) . " account", "message" => "The " . str_replace("-", " ", $authsource) . " account you tried to connect your profile to is already connected to another user profile."); $this->_helper->redirector('postconnected'); return; } } //Build account name for user account $userFirstName = isset($attributes["idp:givenName"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:givenName"][0] : ""; $userLastName = isset($attributes["idp:sn"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:sn"][0] : ""; $userFullName = trim($userFirstName . " " . $userLastName); $idptrace = isset($attributes["idp:traceidp"]) === true && count($attributes["idp:traceidp"]) > 0 ? $attributes["idp:traceidp"] : array(); if ($userFullName === "") { $userFullName = null; } //Do the account connection AccountConnect::connectAccountToProfile($this->session->userid, $uid, $authsource, $userFullName, $idptrace); //Update connected user accounts $this->session->currentUserAccounts = SamlAuth::getUserAccountsByUser($this->session->userid, true); //redirect to post connected action to logout connected account $this->_helper->redirector('postconnected'); }