/**
* Require the user to be authenticated.
*
* If the user is authenticated, this function returns immediately.
*
* If the user isn't authenticated, this function will authenticate the
* user with the authentication source, and then return the user to the
* current page.
*
* If $allowPost is set to TRUE, any POST data to the current page is
* preserved. If $allowPost is FALSE, the user will be returned to the
* current page with a GET request.
*
* @param array $options Various options to the authentication request.
*/
public function requireAuth(array $options = array())
{
$session = SimpleSAML_Session::getInstance();
if ($session->isValid($this->authSource)) {
/* Already authenticated. */
return;
}
if (array_key_exists('KeepPost', $options)) {
$keepPost = (bool) $options['KeepPost'];
} else {
$keepPost = TRUE;
}
if (array_key_exists('ReturnTo', $options)) {
$returnTo = (string) $options['ReturnTo'];
} else {
$returnTo = SimpleSAML_Utilities::selfURL();
}
if ($keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
$returnTo = SimpleSAML_Utilities::createPostRedirectLink($returnTo, $_POST);
}
/*
* An URL to restart the authentication, in case the user bookmarks
* something, e.g. the discovery service page.
*/
$restartURL = $this->getLoginURL($returnTo);
$hints = array(SimpleSAML_Auth_State::RESTART => $restartURL);
SimpleSAML_Auth_Default::initLogin($this->authSource, $returnTo, NULL, $hints);
}
/**
* Start a login operation.
*
* @param array $params Various options to the authentication request.
* @deprecated
*/
public function login(array $params = array())
{
if (array_key_exists('KeepPost', $params)) {
$keepPost = (bool) $params['KeepPost'];
} else {
$keepPost = TRUE;
}
if (!isset($params['ReturnTo']) && !isset($params['ReturnCallback'])) {
$params['ReturnTo'] = SimpleSAML_Utilities::selfURL();
}
if (isset($params['ReturnTo']) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
$params['ReturnTo'] = SimpleSAML_Utilities::createPostRedirectLink($params['ReturnTo'], $_POST);
}
$session = SimpleSAML_Session::getSessionFromRequest();
$authnRequest = array('IsPassive' => isset($params['isPassive']) ? $params['isPassive'] : FALSE, 'ForceAuthn' => isset($params['ForceAuthn']) ? $params['ForceAuthn'] : FALSE, 'core:State' => $params, 'core:prevSession' => $session->getAuthData($this->authority, 'AuthnInstant'), 'core:authority' => $this->authority);
if (isset($params['saml:RequestId'])) {
$authnRequest['RequestID'] = $params['saml:RequestId'];
}
if (isset($params['SPMetadata']['entityid'])) {
$authnRequest['Issuer'] = $params['SPMetadata']['entityid'];
}
if (isset($params['saml:RelayState'])) {
$authnRequest['RelayState'] = $params['saml:RelayState'];
}
if (isset($params['saml:IDPList'])) {
$authnRequest['IDPList'] = $params['saml:IDPList'];
}
$authId = SimpleSAML_Utilities::generateID();
$session->setAuthnRequest('saml2', $authId, $authnRequest);
$relayState = SimpleSAML_Module::getModuleURL('core/bwc_resumeauth.php', array('RequestID' => $authId));
$config = SimpleSAML_Configuration::getInstance();
$authurl = '/' . $config->getBaseURL() . $this->auth;
SimpleSAML_Utilities::redirectTrustedURL($authurl, array('RelayState' => $relayState, 'AuthId' => $authId, 'protocol' => 'saml2'));
}
/**
* Start an authentication process.
*
* This function never returns.
*
* This function accepts an array $params, which controls some parts of
* the authentication. The accepted parameters depends on the authentication
* source being used. Some parameters are generic:
* - 'ErrorURL': A URL that should receive errors from the authentication.
* - 'KeepPost': If the current request is a POST request, keep the POST
* data until after the authentication.
* - 'ReturnTo': The URL the user should be returned to after authentication.
* - 'ReturnCallback': The function we should call after the user has
* finished authentication.
*
* @param array $params Various options to the authentication request.
*/
public function login(array $params = array())
{
if (array_key_exists('KeepPost', $params)) {
$keepPost = (bool) $params['KeepPost'];
} else {
$keepPost = TRUE;
}
if (array_key_exists('ReturnTo', $params)) {
$returnTo = (string) $params['ReturnTo'];
} else {
if (array_key_exists('ReturnCallback', $params)) {
$returnTo = (array) $params['ReturnCallback'];
} else {
$returnTo = SimpleSAML_Utilities::selfURL();
}
}
if (is_string($returnTo) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
$returnTo = SimpleSAML_Utilities::createPostRedirectLink($returnTo, $_POST);
}
if (array_key_exists('ErrorURL', $params)) {
$errorURL = (string) $params['ErrorURL'];
} else {
$errorURL = NULL;
}
if (!isset($params[SimpleSAML_Auth_State::RESTART]) && is_string($returnTo)) {
/*
* A URL to restart the authentication, in case the user bookmarks
* something, e.g. the discovery service page.
*/
$restartURL = $this->getLoginURL($returnTo);
$params[SimpleSAML_Auth_State::RESTART] = $restartURL;
}
SimpleSAML_Auth_Default::initLogin($this->authSource, $returnTo, $errorURL, $params);
assert('FALSE');
}
