/**
* Marks the user as logged in with the specified authority.
*
* If the user already has logged in, the user will be logged out first.
*
* @param string $authority The authority the user logged in with.
* @param array|null $data The authentication data for this authority.
*
* @throws \SimpleSAML\Error\CannotSetCookie If the authentication token cannot be set for some reason.
*/
public function doLogin($authority, array $data = null)
{
assert('is_string($authority)');
assert('is_array($data) || is_null($data)');
SimpleSAML\Logger::debug('Session: doLogin("' . $authority . '")');
$this->markDirty();
if (isset($this->authData[$authority])) {
// we are already logged in, log the user out first
$this->doLogout($authority);
}
if ($data === null) {
$data = array();
}
$data['Authority'] = $authority;
$globalConfig = SimpleSAML_Configuration::getInstance();
if (!isset($data['AuthnInstant'])) {
$data['AuthnInstant'] = time();
}
$maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
// unset, or beyond our session lifetime. Clamp it to our maximum session lifetime
$data['Expire'] = $maxSessionExpire;
}
// check if we have non-serializable attribute values
foreach ($data['Attributes'] as $attribute => $values) {
foreach ($values as $idx => $value) {
if (is_string($value) || is_int($value)) {
continue;
}
// at this point, this should be a DOMNodeList object...
if (!is_a($value, 'DOMNodeList')) {
continue;
}
/* @var \DOMNodeList $value */
if ($value->length === 0) {
continue;
}
// create an AttributeValue object and save it to 'RawAttributes', using same attribute name and index
$attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
$data['RawAttributes'][$attribute][$idx] = $attrval;
}
}
$this->authData[$authority] = $data;
$this->authToken = SimpleSAML\Utils\Random::generateID();
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) && $globalConfig->getBoolean('session.rememberme.enable', false)) {
$this->setRememberMeExpire();
} else {
try {
SimpleSAML\Utils\HTTP::setCookie($globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), $this->authToken, $sessionHandler->getCookieParams());
} catch (SimpleSAML\Error\CannotSetCookie $e) {
/*
* Something went wrong when setting the auth token. We cannot recover from this, so we better log a
* message and throw an exception. The user is not properly logged in anyway, so clear all login
* information from the session.
*/
unset($this->authToken);
unset($this->authData[$authority]);
\SimpleSAML\Logger::error('Cannot set authentication token cookie: ' . $e->getMessage());
throw $e;
}
}
}
/**
* Read a dictionary file.
*
* @param string $filename The absolute path to the dictionary file.
*
* @return array An array holding all the translations in the file.
*/
private function readDictionaryFile($filename)
{
assert('is_string($filename)');
\SimpleSAML\Logger::debug('Template: Reading [' . $filename . ']');
$jsonFile = $filename . '.definition.json';
if (file_exists($jsonFile)) {
return $this->readDictionaryJSON($filename);
}
$phpFile = $filename . '.php';
if (file_exists($phpFile)) {
return $this->readDictionaryPHP($filename);
}
\SimpleSAML\Logger::error($_SERVER['PHP_SELF'] . ' - Template: Could not find dictionary file at [' . $filename . ']');
return array();
}
/**
* Load translation domain from Gettext/Gettext using .po
*
* Note: Since Twig I18N does not support domains, all loaded files are
* merged. Use contexts if identical strings need to be disambiguated.
*
* @param string $domain Name of domain
* @param boolean $catchException Whether to catch an exception on error or return early
*
* @throws \Exception If something is wrong with the locale file for the domain and activated language
*/
private function loadGettextGettextFromPO($domain = self::DEFAULT_DOMAIN, $catchException = true)
{
try {
$langPath = $this->getLangPath($domain);
} catch (\Exception $e) {
$error = "Something went wrong when trying to get path to language file, cannot load domain '{$domain}'.";
\SimpleSAML\Logger::error($_SERVER['PHP_SELF'] . ' - ' . $error);
if ($catchException) {
// bail out!
return;
} else {
throw $e;
}
}
$poFile = $domain . '.po';
$poPath = $langPath . $poFile;
if (file_exists($poPath) && is_readable($poPath)) {
$translations = Translations::fromPoFile($poPath);
$this->translator->loadTranslations($translations);
} else {
$error = "Localization file '{$poFile}' not found in '{$langPath}', falling back to default";
\SimpleSAML\Logger::error($_SERVER['PHP_SELF'] . ' - ' . $error);
}
}
/**
* Get the localized name of a language, by ISO 639-2 code.
*
* @param string $code The ISO 639-2 code of the language.
*
* @return string The localized name of the language.
*/
public function getLanguageLocalizedName($code)
{
if (array_key_exists($code, $this->language_names) && isset($this->language_names[$code])) {
return $this->language_names[$code];
}
\SimpleSAML\Logger::error("Name for language \"{$code}\" not found. Check config.");
return null;
}
/**
* Logs with an arbitrary level.
*
* @param mixed $level
* @param string $message
* @param array $context
* @return null
*/
public function log($level, $message, array $context = array())
{
switch ($level) {
case \SimpleSAML\Logger::ALERT:
\SimpleSAML\Logger::alert($message);
break;
case \SimpleSAML\Logger::CRIT:
\SimpleSAML\Logger::critical($message);
break;
case \SimpleSAML\Logger::DEBUG:
\SimpleSAML\Logger::debug($message);
break;
case \SimpleSAML\Logger::EMERG:
\SimpleSAML\Logger::emergency($message);
break;
case \SimpleSAML\Logger::ERR:
\SimpleSAML\Logger::error($message);
break;
case \SimpleSAML\Logger::INFO:
\SimpleSAML\Logger::info($message);
break;
case \SimpleSAML\Logger::NOTICE:
\SimpleSAML\Logger::notice($message);
break;
case \SimpleSAML\Logger::WARNING:
\SimpleSAML\Logger::warning($message);
}
}
/**
* Determine whether a module is enabled.
*
* Will return false if the given module doesn't exist.
*
* @param string $module Name of the module
*
* @return bool True if the given module is enabled, false otherwise.
*
* @throws \Exception If module.enable is set and is not boolean.
*/
public static function isModuleEnabled($module)
{
$moduleDir = self::getModuleDir($module);
if (!is_dir($moduleDir)) {
return false;
}
$globalConfig = \SimpleSAML_Configuration::getOptionalConfig();
$moduleEnable = $globalConfig->getArray('module.enable', array());
if (isset($moduleEnable[$module])) {
if (is_bool($moduleEnable[$module]) === true) {
return $moduleEnable[$module];
}
throw new \Exception("Invalid module.enable value for the '{$module}' module.");
}
if (assert_options(ASSERT_ACTIVE) && !file_exists($moduleDir . '/default-enable') && !file_exists($moduleDir . '/default-disable')) {
\SimpleSAML\Logger::error("Missing default-enable or default-disable file for the module {$module}");
}
if (file_exists($moduleDir . '/enable')) {
return true;
}
if (!file_exists($moduleDir . '/disable') && file_exists($moduleDir . '/default-enable')) {
return true;
}
return false;
}