ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Source.php
Go to the documentation of this file.
1 <?php
2 
3 
12 abstract class SimpleSAML_Auth_Source
13 {
14 
15 
22  protected $authId;
23 
24 
34  public function __construct($info, &$config)
35  {
36  assert('is_array($info)');
37  assert('is_array($config)');
38 
39  assert('array_key_exists("AuthId", $info)');
40  $this->authId = $info['AuthId'];
41  }
42 
43 
52  public static function getSourcesOfType($type)
53  {
54  assert('is_string($type)');
55 
56  $config = SimpleSAML_Configuration::getConfig('authsources.php');
57 
58  $ret = array();
59 
60  $sources = $config->getOptions();
61  foreach ($sources as $id) {
62  $source = $config->getArray($id);
63 
64  self::validateSource($source, $id);
65 
66  if ($source[0] !== $type) {
67  continue;
68  }
69 
70  $ret[] = self::parseAuthSource($id, $source);
71  }
72 
73  return $ret;
74  }
75 
76 
82  public function getAuthId()
83  {
84  return $this->authId;
85  }
86 
87 
102  abstract public function authenticate(&$state);
103 
104 
113  public function reauthenticate(array &$state)
114  {
115  assert('isset($state["ReturnCallback"])');
116 
117  // the default implementation just copies over the previous authentication data
118  $session = SimpleSAML_Session::getSessionFromRequest();
119  $data = $session->getAuthState($this->authId);
120  foreach ($data as $k => $v) {
121  $state[$k] = $v;
122  }
123  }
124 
125 
135  public static function completeAuth(&$state)
136  {
137  assert('is_array($state)');
138  assert('array_key_exists("LoginCompletedHandler", $state)');
139 
140  SimpleSAML_Auth_State::deleteState($state);
141 
142  $func = $state['LoginCompletedHandler'];
143  assert('is_callable($func)');
144 
145  call_user_func($func, $state);
146  assert(false);
147  }
148 
149 
163  public function initLogin($return, $errorURL = null, array $params = array())
164  {
165  assert('is_string($return) || is_array($return)');
166  assert('is_string($errorURL) || is_null($errorURL)');
167 
168  $state = array_merge($params, array(
169  'SimpleSAML_Auth_Default.id' => $this->authId, // TODO: remove in 2.0
170  'SimpleSAML_Auth_Source.id' => $this->authId,
171  'SimpleSAML_Auth_Default.Return' => $return, // TODO: remove in 2.0
172  'SimpleSAML_Auth_Source.Return' => $return,
173  'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, // TODO: remove in 2.0
174  'SimpleSAML_Auth_Source.ErrorURL' => $errorURL,
175  'LoginCompletedHandler' => array(get_class(), 'loginCompleted'),
176  'LogoutCallback' => array(get_class(), 'logoutCallback'),
177  'LogoutCallbackState' => array(
178  'SimpleSAML_Auth_Default.logoutSource' => $this->authId, // TODO: remove in 2.0
179  'SimpleSAML_Auth_Source.logoutSource' => $this->authId,
180  ),
181  ));
182 
183  if (is_string($return)) {
184  $state['SimpleSAML_Auth_Default.ReturnURL'] = $return; // TODO: remove in 2.0
185  $state['SimpleSAML_Auth_Source.ReturnURL'] = $return;
186  }
187 
188  if ($errorURL !== null) {
189  $state[SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL] = $errorURL;
190  }
191 
192  try {
193  $this->authenticate($state);
194  } catch (SimpleSAML_Error_Exception $e) {
195  SimpleSAML_Auth_State::throwException($state, $e);
196  } catch (Exception $e) {
197  $e = new SimpleSAML_Error_UnserializableException($e);
198  SimpleSAML_Auth_State::throwException($state, $e);
199  }
200  self::loginCompleted($state);
201  }
202 
203 
211  public static function loginCompleted($state)
212  {
213  assert('is_array($state)');
214  assert('array_key_exists("SimpleSAML_Auth_Source.Return", $state)');
215  assert('array_key_exists("SimpleSAML_Auth_Source.id", $state)');
216  assert('array_key_exists("Attributes", $state)');
217  assert('!array_key_exists("LogoutState", $state) || is_array($state["LogoutState"])');
218 
219  $return = $state['SimpleSAML_Auth_Source.Return'];
220 
221  // save session state
222  $session = SimpleSAML_Session::getSessionFromRequest();
223  $authId = $state['SimpleSAML_Auth_Source.id'];
224  $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
225 
226  if (is_string($return)) { // redirect...
227  \SimpleSAML\Utils\HTTP::redirectTrustedURL($return);
228  } else {
229  call_user_func($return, $state);
230  }
231  assert('false');
232  }
233 
234 
248  public function logout(&$state)
249  {
250  assert('is_array($state)');
251  // default logout handler which doesn't do anything
252  }
253 
254 
264  public static function completeLogout(&$state)
265  {
266  assert('is_array($state)');
267  assert('array_key_exists("LogoutCompletedHandler", $state)');
268 
269  SimpleSAML_Auth_State::deleteState($state);
270 
271  $func = $state['LogoutCompletedHandler'];
272  assert('is_callable($func)');
273 
274  call_user_func($func, $state);
275  assert(false);
276  }
277 
278 
291  private static function parseAuthSource($authId, $config)
292  {
293  assert('is_string($authId)');
294  assert('is_array($config)');
295 
296  self::validateSource($config, $authId);
297 
298  $className = SimpleSAML\Module::resolveClass($config[0], 'Auth_Source', 'SimpleSAML_Auth_Source');
299 
300  $info = array('AuthId' => $authId);
301  unset($config[0]);
302  return new $className($info, $config);
303  }
304 
305 
324  public static function getById($authId, $type = null)
325  {
326  assert('is_string($authId)');
327  assert('is_null($type) || is_string($type)');
328 
329  // for now - load and parse config file
330  $config = SimpleSAML_Configuration::getConfig('authsources.php');
331 
332  $authConfig = $config->getArray($authId, null);
333  if ($authConfig === null) {
334  if ($type !== null) {
335  throw new SimpleSAML_Error_Exception(
336  'No authentication source with id '.
337  var_export($authId, true).' found.'
338  );
339  }
340  return null;
341  }
342 
343  $ret = self::parseAuthSource($authId, $authConfig);
344 
345  if ($type === null || $ret instanceof $type) {
346  return $ret;
347  }
348 
349  // the authentication source doesn't have the correct type
350  throw new SimpleSAML_Error_Exception(
351  'Invalid type of authentication source '.
352  var_export($authId, true).'. Was '.var_export(get_class($ret), true).
353  ', should be '.var_export($type, true).'.'
354  );
355  }
356 
357 
363  public static function logoutCallback($state)
364  {
365  assert('is_array($state)');
366  assert('array_key_exists("SimpleSAML_Auth_Source.logoutSource", $state)');
367 
368  $source = $state['SimpleSAML_Auth_Source.logoutSource'];
369 
370  $session = SimpleSAML_Session::getSessionFromRequest();
371  if (!$session->isValid($source)) {
372  SimpleSAML\Logger::warning(
373  'Received logout from an invalid authentication source '.
374  var_export($source, true)
375  );
376 
377  return;
378  }
379  $session->doLogout($source);
380  }
381 
382 
395  protected function addLogoutCallback($assoc, $state)
396  {
397  assert('is_string($assoc)');
398  assert('is_array($state)');
399 
400  if (!array_key_exists('LogoutCallback', $state)) {
401  // the authentication requester doesn't have a logout callback
402  return;
403  }
404  $callback = $state['LogoutCallback'];
405 
406  if (array_key_exists('LogoutCallbackState', $state)) {
407  $callbackState = $state['LogoutCallbackState'];
408  } else {
409  $callbackState = array();
410  }
411 
412  $id = strlen($this->authId).':'.$this->authId.$assoc;
413 
414  $data = array(
415  'callback' => $callback,
416  'state' => $callbackState,
417  );
418 
419  $session = SimpleSAML_Session::getSessionFromRequest();
420  $session->setData(
421  'SimpleSAML_Auth_Source.LogoutCallbacks',
422  $id,
423  $data,
424  SimpleSAML_Session::DATA_TIMEOUT_SESSION_END
425  );
426  }
427 
428 
439  protected function callLogoutCallback($assoc)
440  {
441  assert('is_string($assoc)');
442 
443  $id = strlen($this->authId).':'.$this->authId.$assoc;
444 
445  $session = SimpleSAML_Session::getSessionFromRequest();
446 
447  $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
448  if ($data === null) {
449  // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure
450  $session->doLogout($this->authId);
451 
452  return;
453  }
454 
455  assert('is_array($data)');
456  assert('array_key_exists("callback", $data)');
457  assert('array_key_exists("state", $data)');
458 
459  $callback = $data['callback'];
460  $callbackState = $data['state'];
461 
462  $session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
463  call_user_func($callback, $callbackState);
464  }
465 
466 
472  public static function getSources()
473  {
474  $config = SimpleSAML_Configuration::getOptionalConfig('authsources.php');
475 
476  return $config->getOptions();
477  }
478 
479 
488  protected static function validateSource($source, $id)
489  {
490  if (!array_key_exists(0, $source) || !is_string($source[0])) {
491  throw new Exception(
492  'Invalid authentication source \''.$id.
493  '\': First element must be a string which identifies the authentication source.'
494  );
495  }
496  }
497 }
$params
$params
Definition: disable.php:11
SimpleSAML_Auth_State\EXCEPTION_HANDLER_URL
const EXCEPTION_HANDLER_URL
The index in the state array which contains the exception handler URL.
Definition: State.php:63
SimpleSAML_Auth_Source\logout
logout(&$state)
Log out from this authentication source.
Definition: Source.php:248
$type
$type
Definition: proxy_ylocal.php:10
SimpleSAML_Auth_Source\callLogoutCallback
callLogoutCallback($assoc)
Call a logout callback based on association.
Definition: Source.php:439
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Error_Exception
Definition: Exception.php:12
$session
$session
Definition: proxy_ylocal.php:32
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
SimpleSAML_Auth_Source\loginCompleted
static loginCompleted($state)
Called when a login operation has finished.
Definition: Source.php:211
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML_Auth_Source\parseAuthSource
static parseAuthSource($authId, $config)
Create authentication source object from configuration array.
Definition: Source.php:291
SimpleSAML_Auth_Source\getAuthId
getAuthId()
Retrieve the ID of this authentication source.
Definition: Source.php:82
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML_Auth_Source\completeLogout
static completeLogout(&$state)
Complete logout.
Definition: Source.php:264
SimpleSAML_Auth_Source\authenticate
authenticate(&$state)
Process a request.
SimpleSAML_Auth_Source\validateSource
static validateSource($source, $id)
Make sure that the first element of an auth source is its identifier.
Definition: Source.php:488
SimpleSAML_Auth_Source\logoutCallback
static logoutCallback($state)
Called when the authentication source receives an external logout request.
Definition: Source.php:363
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Session\DATA_TIMEOUT_SESSION_END
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted...
Definition: Session.php:26
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
SimpleSAML_Auth_Source\__construct
__construct($info, &$config)
Constructor for an authentication source.
Definition: Source.php:34
SimpleSAML_Auth_Source\addLogoutCallback
addLogoutCallback($assoc, $state)
Add a logout callback association.
Definition: Source.php:395
SimpleSAML_Configuration\getConfig
static getConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:209
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15
SimpleSAML_Auth_State\deleteState
static deleteState(&$state)
Delete state.
Definition: State.php:319
SimpleSAML_Auth_State\getPersistentAuthData
static getPersistentAuthData(array $state)
Get the persistent authentication state from the state array.
Definition: State.php:103
$ret
$ret
Definition: parser.php:6
SimpleSAML_Auth_Source\reauthenticate
reauthenticate(array &$state)
Reauthenticate an user.
Definition: Source.php:113
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:239
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
$source
$source
Definition: linkback.php:22
SimpleSAML\Module\resolveClass
static resolveClass($id, $type, $subclass=null)
Resolve module class.
Definition: Module.php:252
SimpleSAML_Auth_Source\getSources
static getSources()
Retrieve list of authentication sources.
Definition: Source.php:472
SimpleSAML_Auth_Source\initLogin
initLogin($return, $errorURL=null, array $params=array())
Start authentication.
Definition: Source.php:163
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
$info
$info
Definition: index.php:5
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243
SimpleSAML_Auth_Source\getSourcesOfType
static getSourcesOfType($type)
Get sources of a specific type.
Definition: Source.php:52
SimpleSAML_Auth_Source
Definition: Source.php:12