/**
* Start the logout operation.
*
* @param array &$state The logout state.
* @param string|null $assocId The SP we are logging out from.
*/
public function startLogout(array &$state, $assocId)
{
assert('is_string($assocId) || is_null($assocId)');
$associations = $this->idp->getAssociations();
if (count($associations) === 0) {
$this->idp->finishLogout($state);
}
foreach ($associations as $id => &$association) {
$idp = \SimpleSAML_IdP::getByState($association);
$association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
$association['core:Logout-IFrame:State'] = 'onhold';
}
$state['core:Logout-IFrame:Associations'] = $associations;
if (!is_null($assocId)) {
$spName = $this->idp->getSPName($assocId);
if ($spName === null) {
$spName = array('en' => $assocId);
}
$state['core:Logout-IFrame:From'] = $spName;
} else {
$state['core:Logout-IFrame:From'] = null;
}
$params = array('id' => \SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'));
if (isset($state['core:Logout-IFrame:InitType'])) {
$params['type'] = $state['core:Logout-IFrame:InitType'];
}
$url = Module::getModuleURL('core/idp/logout-iframe.php', $params);
HTTP::redirectTrustedURL($url);
}
/**
* Hook to add the simple consenet admin module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function consentSimpleAdmin_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['config'][] = array('href' => \SimpleSAML\Module::getModuleURL('consentSimpleAdmin/consentAdmin.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:header}');
$links['config'][] = array('href' => \SimpleSAML\Module::getModuleURL('consentSimpleAdmin/consentStats.php'), 'text' => '{consentSimpleAdmin:consentsimpleadmin:headerstats}');
}
/**
* Retrieve a admin login URL.
*
* @param string|NULL $returnTo The URL the user should arrive on after admin authentication. Defaults to null.
*
* @return string A URL which can be used for admin authentication.
* @throws \InvalidArgumentException If $returnTo is neither a string nor null.
*/
public static function getAdminLoginURL($returnTo = null)
{
if (!(is_string($returnTo) || is_null($returnTo))) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
if ($returnTo === null) {
$returnTo = HTTP::getSelfURL();
}
return Module::getModuleURL('core/login-admin.php', array('ReturnTo' => $returnTo));
}
/**
* Initialize processing of the redirect test.
*
* @param array &$state The state we should update.
*/
public function process(&$state)
{
assert('is_array($state)');
assert('array_key_exists("Attributes", $state)');
// To check whether the state is saved correctly
$state['Attributes']['RedirectTest1'] = array('OK');
// Save state and redirect
$id = SimpleSAML_Auth_State::saveState($state, 'authVHO:redirectfilter-test');
$url = Module::getModuleURL('authVHO/redirecttest.php');
HTTP::redirectTrustedURL($url, array('StateId' => $id));
}
/**
* @inheritDoc
*/
public function __construct($name)
{
parent::__construct($name);
$this->onValidate[] = [$this, 'validateRedirectUri'];
$this->setMethod('POST');
$this->addProtection('Security token has expired, please submit the form again');
$this->addText('name', 'Name of client:')->setMaxLength(255)->setRequired('Set a name');
$this->addTextArea('description', 'Description of client:', null, 5);
$this->addTextArea('redirect_uri', 'Static/enforcing callback-url (one per line)', null, 5)->setRequired('Write one redirect URI at least');
$this->addSubmit('submit', 'Submit');
$this->addButton('return', 'Return')->setAttribute('onClick', 'parent.location = \'' . Module::getModuleURL('oauth2/registry.php') . '\'');
}
/**
* Hook to add the aggregator list to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function aggregator_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation'][] = array('href' => \SimpleSAML\Module::getModuleURL('aggregator/'), 'text' => '{aggregator:aggregator:frontpage_link}');
}
/**
* Test for SimpleSAML\Module::getModuleURL().
*/
public function testGetModuleURL()
{
\SimpleSAML_Configuration::loadFromArray(array('baseurlpath' => 'https://example.com/simplesaml/'), '', 'simplesaml');
$this->assertEquals('https://example.com/simplesaml/module.php/module/script.php', Module::getModuleURL('module/script.php'));
$this->assertEquals('https://example.com/simplesaml/module.php/module/script.php?param1=value1¶m2=value2', Module::getModuleURL('module/script.php', array('param1' => 'value1', 'param2' => 'value2')));
}
/**
* Create a link which will POST data.
*
* @param string $destination The destination URL.
* @param array $data The name-value pairs which will be posted to the destination.
*
* @return string A URL which can be accessed to post the data.
* @throws \InvalidArgumentException If $destination is not a string or $data is not an array.
*
* @author Andjelko Horvat
* @author Jaime Perez, UNINETT AS <*****@*****.**>
*/
public static function getPOSTRedirectURL($destination, $data)
{
if (!is_string($destination) || !is_array($data)) {
throw new \InvalidArgumentException('Invalid input parameters.');
}
$config = \SimpleSAML_Configuration::getInstance();
$allowed = $config->getBoolean('enable.http_post', false);
if ($allowed && preg_match("#^http:#", $destination) && self::isHTTPS()) {
// we need to post the data to HTTP
$url = self::getSecurePOSTRedirectURL($destination, $data);
} else {
// post the data directly
$session = \SimpleSAML_Session::getSessionFromRequest();
$id = self::savePOSTData($session, $destination, $data);
$url = Module::getModuleURL('core/postredirect.php', array('RedirId' => $id));
}
return $url;
}
/**
* Log in using an external authentication helper.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert('is_array($state)');
$attributes = $this->getUser();
if ($attributes !== null) {
/*
* The user is already authenticated.
*
* Add the users attributes to the $state-array, and return control
* to the authentication process.
*/
$state['Attributes'] = $attributes;
return;
}
/*
* The user isn't authenticated. We therefore need to
* send the user to the login page.
*/
/*
* First we add the identifier of this authentication source
* to the state array, so that we know where to resume.
*/
$state['authVHO:AuthID'] = $this->authId;
/*
* We need to save the $state-array, so that we can resume the
* login process after authentication.
*
* Note the second parameter to the saveState-function. This is a
* unique identifier for where the state was saved, and must be used
* again when we retrieve the state.
*
* The reason for it is to prevent
* attacks where the user takes a $state-array saved in one location
* and restores it in another location, and thus bypasses steps in
* the authentication process.
*/
$stateId = SimpleSAML_Auth_State::saveState($state, 'authVHO:AuthID');
/*
* Now we generate a URL the user should return to after authentication.
* We assume that whatever authentication page we send the user to has an
* option to return the user to a specific page afterwards.
*/
$returnTo = Module::getModuleURL('authVHO/resume.php', array('State' => $stateId));
/*
* Get the URL of the VHO authentication page.
*
* This is in the configuration file.
*/
$authPage = $this->config['vho_login_url'];
/*
* The redirect to the authentication page.
*
* Note the 'ReturnTo' parameter. This must most likely be replaced with
* the real name of the parameter for the login page.
*/
HTTP::redirectTrustedURL($authPage, array('ReturnTo' => $returnTo));
/*
* The redirect function never returns, so we never get this far.
*/
assert('FALSE');
}
/**
* Hook to add the modinfo module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function metaedit_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation']['metaedit'] = array('href' => \SimpleSAML\Module::getModuleURL('metaedit/index.php'), 'text' => array('en' => 'Metadata registry', 'no' => 'Metadata registrering'), 'shorttext' => array('en' => 'Metadata registry', 'no' => 'Metadata registrering'));
}
/**
* Hook to add the simple consenet admin module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function saml2debug_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['federation'][] = array('href' => \SimpleSAML\Module::getModuleURL('saml2debug/debug.php'), 'text' => array('en' => 'SAML 2.0 Debugger'));
}
/**
* Hook to add the logpeek module to the frontpage.
*
* @param array &$links The links on the frontpage, split into sections.
*/
function logpeek_hook_frontpage(&$links)
{
assert('is_array($links)');
assert('array_key_exists("links", $links)');
$links['config'][] = array('href' => \SimpleSAML\Module::getModuleURL('logpeek/'), 'text' => array('en' => 'SimpleSAMLphp logs access (Log peek)', 'no' => 'Vis simpleSAMLphp log'));
}
/*
* This file is part of the simplesamlphp-module-oauth2.
*
* (c) Sergio Gómez <*****@*****.**>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
use SimpleSAML\Modules\OAuth2\Form\ClientForm;
use SimpleSAML\Modules\OAuth2\Repositories\ClientRepository;
use SimpleSAML\Utils\Auth;
use SimpleSAML\Utils\HTTP;
use SimpleSAML\Utils\Random;
/* Load simpleSAMLphp, configuration and metadata */
$action = \SimpleSAML\Module::getModuleURL('oauth2/registry.new.php');
$config = SimpleSAML_Configuration::getInstance();
Auth::requireAdmin();
$form = new ClientForm('client');
$form->setAction($action);
if ($form->isSubmitted() && $form->isSuccess()) {
$client = $form->getValues();
$client['id'] = Random::generateID();
$client['secret'] = Random::generateID();
$clientRepository = new ClientRepository();
$clientRepository->persistNewClient($client['id'], $client['secret'], $client['name'], $client['description'], $client['redirect_uri']);
HTTP::redirectTrustedURL('registry.php');
}
$template = new SimpleSAML_XHTML_Template($config, 'oauth2:registry_new');
$template->data['form'] = $form;
$template->show();
/*
* This file is part of the simplesamlphp-module-oauth2.
*
* (c) Sergio Gómez <*****@*****.**>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
use SimpleSAML\Modules\OAuth2\Form\ClientForm;
use SimpleSAML\Modules\OAuth2\Repositories\ClientRepository;
use SimpleSAML\Utils\Auth;
use SimpleSAML\Utils\HTTP;
Auth::requireAdmin();
/* Load simpleSAMLphp, configuration and metadata */
$client_id = $_REQUEST['id'];
$action = \SimpleSAML\Module::getModuleURL('oauth2/registry.edit.php', ['id' => $client_id]);
$config = SimpleSAML_Configuration::getInstance();
$clientRepository = new ClientRepository();
$client = $clientRepository->find($client_id);
if (!$client) {
header('Content-type: text/plain; utf-8', TRUE, 500);
print 'Client not found';
return;
}
$form = new ClientForm('client');
$form->setAction($action);
$form->setDefaults($client);
if ($form->isSubmitted() && $form->isSuccess()) {
$client = $form->getValues();
$clientRepository->updateClient($client_id, $client['name'], $client['description'], $client['redirect_uri']);
HTTP::redirectTrustedURL('registry.php');
