/**
* Test the extractPersistentAuthState() function.
*/
public function testExtractPersistentAuthState()
{
$mandatory = array('Attributes' => array(), 'Expire' => 1234, 'LogoutState' => 'logoutState', 'AuthInstant' => 123456, 'RememberMe' => true, 'saml:sp:NameID' => 'nameID');
// check just mandatory parameters
$state = $mandatory;
$expected = $mandatory;
$this->assertEquals($expected, SimpleSAML_Auth_State::extractPersistentAuthState($state), 'Mandatory state attributes did not survive as expected' . print_r($expected, true));
// check missing mandatory parameters
unset($state['LogoutState']);
unset($state['RememberMe']);
$expected = $state;
$this->assertEquals($expected, SimpleSAML_Auth_State::extractPersistentAuthState($state), 'Some error occurred with missing mandatory parameters');
// check additional non-persistent parameters
$additional = array('additional1' => 1, 'additional2' => 2);
$state = array_merge($mandatory, $additional);
$expected = $mandatory;
$this->assertEquals($expected, SimpleSAML_Auth_State::extractPersistentAuthState($state), 'Additional parameters survived');
// check additional persistent parameters
$additional['PersistentAuthData'] = array('additional1');
$state = array_merge($mandatory, $additional);
$expected = $state;
unset($expected['additional2']);
unset($expected['PersistentAuthData']);
$this->assertEquals($expected, SimpleSAML_Auth_State::extractPersistentAuthState($state), 'Some error occurred with additional, persistent parameters');
// check only additional persistent parameters
$state = $additional;
$expected = $state;
unset($expected['additional2']);
unset($expected['PersistentAuthData']);
$this->assertEquals($expected, SimpleSAML_Auth_State::extractPersistentAuthState($state), 'Some error occurred with additional, persistent parameters, and no mandatory ones');
}
/**
* @deprecated This method will be removed in SSP 2.0.
*/
public static function loginCompleted($state)
{
assert('is_array($state)');
assert('array_key_exists("SimpleSAML_Auth_Default.Return", $state)');
assert('array_key_exists("SimpleSAML_Auth_Default.id", $state)');
assert('array_key_exists("Attributes", $state)');
assert('!array_key_exists("LogoutState", $state) || is_array($state["LogoutState"])');
$return = $state['SimpleSAML_Auth_Default.Return'];
/* Save session state. */
$session = SimpleSAML_Session::getSessionFromRequest();
$authId = $state['SimpleSAML_Auth_Default.id'];
$state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
$session->doLogin($authId, $state);
if (is_string($return)) {
/* Redirect... */
\SimpleSAML\Utils\HTTP::redirectTrustedURL($return);
} else {
call_user_func($return, $state);
assert('FALSE');
}
}
/**
* Handle an unsolicited login operations.
*
* This method creates a session from the information received. It will then redirect to the given URL. This is used
* to handle IdP initiated SSO. This method will never return.
*
* @param string $authId The id of the authentication source that received the request.
* @param array $state A state array.
* @param string $redirectTo The URL we should redirect the user to after updating the session. The function will
* check if the URL is allowed, so there is no need to manually check the URL on beforehand. Please refer to the
* 'trusted.url.domains' configuration directive for more information about allowing (or disallowing) URLs.
*/
public static function handleUnsolicitedAuth($authId, array $state, $redirectTo)
{
assert('is_string($authId)');
assert('is_string($redirectTo)');
$session = SimpleSAML_Session::getSessionFromRequest();
$session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state));
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
}
