ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Private Member Functions | Private Attributes
sspmod_core_Auth_Process_AttributeLimit Class Reference
+ Inheritance diagram for sspmod_core_Auth_Process_AttributeLimit:
+ Collaboration diagram for sspmod_core_Auth_Process_AttributeLimit:

Public Member Functions

 __construct ($config, $reserved)
 Initialize this filter. More...
 
 process (&$request)
 Apply filter to remove attributes. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
 __construct (&$config, $reserved)
 Constructor for a processing filter. More...
 
 process (&$request)
 Process a request. More...
 

Static Private Member Functions

static getSPIdPAllowed (array &$request)
 Get list of allowed from the SP/IdP config. More...
 

Private Attributes

 $allowedAttributes = array()
 List of attributes which this filter will allow through. More...
 
 $isDefault = FALSE
 

Additional Inherited Members

- Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
 $priority = 50
 Priority of this filter. More...
 

Detailed Description

Definition at line 9 of file AttributeLimit.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_core_Auth_Process_AttributeLimit::__construct (   $config,
  $reserved 
)

Initialize this filter.

Parameters
array$configConfiguration information about this filter.
mixed$reservedFor future use
Exceptions
SimpleSAML_Error_ExceptionIf invalid configuration is found.

Definition at line 32 of file AttributeLimit.php.

References $config, and $index.

32  {
33  parent::__construct($config, $reserved);
34 
35  assert('is_array($config)');
36 
37  foreach ($config as $index => $value) {
38  if ($index === 'default') {
39  $this->isDefault = (bool)$value;
40  } elseif (is_int($index)) {
41  if (!is_string($value)) {
42  throw new SimpleSAML_Error_Exception('AttributeLimit: Invalid attribute name: ' .
43  var_export($value, TRUE));
44  }
45  $this->allowedAttributes[] = $value;
46  } elseif (is_string($index)) {
47  if (!is_array($value)) {
48  throw new SimpleSAML_Error_Exception('AttributeLimit: Values for ' . var_export($index, TRUE) .
49  ' must be specified in an array.');
50  }
51  $this->allowedAttributes[$index] = $value;
52  } else {
53  throw new SimpleSAML_Error_Exception('AttributeLimit: Invalid option: ' . var_export($index, TRUE));
54  }
55  }
56  }
SimpleSAML_Error_Exception
Definition: Exception.php:12
$index
$index
Definition: metadata.php:60

Member Function Documentation

◆ getSPIdPAllowed()

static sspmod_core_Auth_Process_AttributeLimit::getSPIdPAllowed ( array $request)
staticprivate

Get list of allowed from the SP/IdP config.

Parameters
array&$requestThe current request.
Returns
array|NULL Array with attribute names, or NULL if no limit is placed.

Definition at line 65 of file AttributeLimit.php.

65  {
66 
67  if (array_key_exists('attributes', $request['Destination'])) {
68  // SP Config
69  return $request['Destination']['attributes'];
70  }
71  if (array_key_exists('attributes', $request['Source'])) {
72  // IdP Config
73  return $request['Source']['attributes'];
74  }
75  return NULL;
76  }

◆ process()

sspmod_core_Auth_Process_AttributeLimit::process ( $request)

Apply filter to remove attributes.

Removes all attributes which aren't one of the allowed attributes.

Parameters
array&$requestThe current request
Exceptions
SimpleSAML_Error_ExceptionIf invalid configuration is found.

Definition at line 87 of file AttributeLimit.php.

References $allowedAttributes, $attributes, and $name.

87  {
88  assert('is_array($request)');
89  assert('array_key_exists("Attributes", $request)');
90 
91  if ($this->isDefault) {
92  $allowedAttributes = self::getSPIdPAllowed($request);
93  if ($allowedAttributes === NULL) {
94  $allowedAttributes = $this->allowedAttributes;
95  }
96  } elseif (!empty($this->allowedAttributes)) {
97  $allowedAttributes = $this->allowedAttributes;
98  } else {
99  $allowedAttributes = self::getSPIdPAllowed($request);
100  if ($allowedAttributes === NULL) {
101  return; /* No limit on attributes. */
102  }
103  }
104 
105  $attributes =& $request['Attributes'];
106 
107  foreach ($attributes as $name => $values) {
108  if (!in_array($name, $allowedAttributes, TRUE)) {
109  // the attribute name is not in the array of allowed attributes
110  if (array_key_exists($name, $allowedAttributes)) {
111  // but it is an index of the array
112  if (!is_array($allowedAttributes[$name])) {
113  throw new SimpleSAML_Error_Exception('AttributeLimit: Values for ' . var_export($name, TRUE) .
114  ' must be specified in an array.');
115  }
116  $attributes[$name] = array_intersect($attributes[$name], $allowedAttributes[$name]);
117  if (!empty($attributes[$name])) {
118  continue;
119  }
120  }
121  unset($attributes[$name]);
122  }
123  }
124 
125  }
SimpleSAML_Error_Exception
Definition: Exception.php:12
$attributes
$attributes
Definition: serviceValidate.php:33
$name
if($format !==null) $name
Definition: metadata.php:146
sspmod_core_Auth_Process_AttributeLimit\$allowedAttributes
$allowedAttributes
List of attributes which this filter will allow through.
Definition: AttributeLimit.php:14

Field Documentation

◆ $allowedAttributes

sspmod_core_Auth_Process_AttributeLimit::$allowedAttributes = array()
private

List of attributes which this filter will allow through.

Definition at line 14 of file AttributeLimit.php.

Referenced by process().

◆ $isDefault

sspmod_core_Auth_Process_AttributeLimit::$isDefault = FALSE
private

Definition at line 22 of file AttributeLimit.php.

The documentation for this class was generated from the following file: