ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Source.php
Go to the documentation of this file.
1<?php
2
3
12abstract class SimpleSAML_Auth_Source
13{
14
15
22 protected $authId;
23
24
34 public function __construct($info, &$config)
35 {
36 assert('is_array($info)');
37 assert('is_array($config)');
38
39 assert('array_key_exists("AuthId", $info)');
40 $this->authId = $info['AuthId'];
41 }
42
43
52 public static function getSourcesOfType($type)
53 {
54 assert('is_string($type)');
55
56 $config = SimpleSAML_Configuration::getConfig('authsources.php');
57
58 $ret = array();
59
60 $sources = $config->getOptions();
61 foreach ($sources as $id) {
62 $source = $config->getArray($id);
63
64 self::validateSource($source, $id);
65
66 if ($source[0] !== $type) {
67 continue;
68 }
69
70 $ret[] = self::parseAuthSource($id, $source);
71 }
72
73 return $ret;
74 }
75
76
82 public function getAuthId()
83 {
84 return $this->authId;
85 }
86
87
102 abstract public function authenticate(&$state);
103
104
113 public function reauthenticate(array &$state)
114 {
115 assert('isset($state["ReturnCallback"])');
116
117 // the default implementation just copies over the previous authentication data
118 $session = SimpleSAML_Session::getSessionFromRequest();
119 $data = $session->getAuthState($this->authId);
120 foreach ($data as $k => $v) {
121 $state[$k] = $v;
122 }
123 }
124
125
135 public static function completeAuth(&$state)
136 {
137 assert('is_array($state)');
138 assert('array_key_exists("LoginCompletedHandler", $state)');
139
140 SimpleSAML_Auth_State::deleteState($state);
141
142 $func = $state['LoginCompletedHandler'];
143 assert('is_callable($func)');
144
145 call_user_func($func, $state);
146 assert(false);
147 }
148
149
163 public function initLogin($return, $errorURL = null, array $params = array())
164 {
165 assert('is_string($return) || is_array($return)');
166 assert('is_string($errorURL) || is_null($errorURL)');
167
168 $state = array_merge($params, array(
169 'SimpleSAML_Auth_Default.id' => $this->authId, // TODO: remove in 2.0
170 'SimpleSAML_Auth_Source.id' => $this->authId,
171 'SimpleSAML_Auth_Default.Return' => $return, // TODO: remove in 2.0
172 'SimpleSAML_Auth_Source.Return' => $return,
173 'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, // TODO: remove in 2.0
174 'SimpleSAML_Auth_Source.ErrorURL' => $errorURL,
175 'LoginCompletedHandler' => array(get_class(), 'loginCompleted'),
176 'LogoutCallback' => array(get_class(), 'logoutCallback'),
177 'LogoutCallbackState' => array(
178 'SimpleSAML_Auth_Default.logoutSource' => $this->authId, // TODO: remove in 2.0
179 'SimpleSAML_Auth_Source.logoutSource' => $this->authId,
180 ),
181 ));
182
183 if (is_string($return)) {
184 $state['SimpleSAML_Auth_Default.ReturnURL'] = $return; // TODO: remove in 2.0
185 $state['SimpleSAML_Auth_Source.ReturnURL'] = $return;
186 }
187
188 if ($errorURL !== null) {
189 $state[SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL] = $errorURL;
190 }
191
192 try {
193 $this->authenticate($state);
194 } catch (SimpleSAML_Error_Exception $e) {
195 SimpleSAML_Auth_State::throwException($state, $e);
196 } catch (Exception $e) {
197 $e = new SimpleSAML_Error_UnserializableException($e);
198 SimpleSAML_Auth_State::throwException($state, $e);
199 }
200 self::loginCompleted($state);
201 }
202
203
211 public static function loginCompleted($state)
212 {
213 assert('is_array($state)');
214 assert('array_key_exists("SimpleSAML_Auth_Source.Return", $state)');
215 assert('array_key_exists("SimpleSAML_Auth_Source.id", $state)');
216 assert('array_key_exists("Attributes", $state)');
217 assert('!array_key_exists("LogoutState", $state) || is_array($state["LogoutState"])');
218
219 $return = $state['SimpleSAML_Auth_Source.Return'];
220
221 // save session state
222 $session = SimpleSAML_Session::getSessionFromRequest();
223 $authId = $state['SimpleSAML_Auth_Source.id'];
224 $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
225
226 if (is_string($return)) { // redirect...
227 \SimpleSAML\Utils\HTTP::redirectTrustedURL($return);
228 } else {
229 call_user_func($return, $state);
230 }
231 assert('false');
232 }
233
234
248 public function logout(&$state)
249 {
250 assert('is_array($state)');
251 // default logout handler which doesn't do anything
252 }
253
254
264 public static function completeLogout(&$state)
265 {
266 assert('is_array($state)');
267 assert('array_key_exists("LogoutCompletedHandler", $state)');
268
269 SimpleSAML_Auth_State::deleteState($state);
270
271 $func = $state['LogoutCompletedHandler'];
272 assert('is_callable($func)');
273
274 call_user_func($func, $state);
275 assert(false);
276 }
277
278
291 private static function parseAuthSource($authId, $config)
292 {
293 assert('is_string($authId)');
294 assert('is_array($config)');
295
296 self::validateSource($config, $authId);
297
298 $className = SimpleSAML\Module::resolveClass($config[0], 'Auth_Source', 'SimpleSAML_Auth_Source');
299
300 $info = array('AuthId' => $authId);
301 unset($config[0]);
302 return new $className($info, $config);
303 }
304
305
324 public static function getById($authId, $type = null)
325 {
326 assert('is_string($authId)');
327 assert('is_null($type) || is_string($type)');
328
329 // for now - load and parse config file
330 $config = SimpleSAML_Configuration::getConfig('authsources.php');
331
332 $authConfig = $config->getArray($authId, null);
333 if ($authConfig === null) {
334 if ($type !== null) {
335 throw new SimpleSAML_Error_Exception(
336 'No authentication source with id '.
337 var_export($authId, true).' found.'
338 );
339 }
340 return null;
341 }
342
343 $ret = self::parseAuthSource($authId, $authConfig);
344
345 if ($type === null || $ret instanceof $type) {
346 return $ret;
347 }
348
349 // the authentication source doesn't have the correct type
350 throw new SimpleSAML_Error_Exception(
351 'Invalid type of authentication source '.
352 var_export($authId, true).'. Was '.var_export(get_class($ret), true).
353 ', should be '.var_export($type, true).'.'
354 );
355 }
356
357
363 public static function logoutCallback($state)
364 {
365 assert('is_array($state)');
366 assert('array_key_exists("SimpleSAML_Auth_Source.logoutSource", $state)');
367
368 $source = $state['SimpleSAML_Auth_Source.logoutSource'];
369
370 $session = SimpleSAML_Session::getSessionFromRequest();
371 if (!$session->isValid($source)) {
372 SimpleSAML\Logger::warning(
373 'Received logout from an invalid authentication source '.
374 var_export($source, true)
375 );
376
377 return;
378 }
379 $session->doLogout($source);
380 }
381
382
395 protected function addLogoutCallback($assoc, $state)
396 {
397 assert('is_string($assoc)');
398 assert('is_array($state)');
399
400 if (!array_key_exists('LogoutCallback', $state)) {
401 // the authentication requester doesn't have a logout callback
402 return;
403 }
404 $callback = $state['LogoutCallback'];
405
406 if (array_key_exists('LogoutCallbackState', $state)) {
407 $callbackState = $state['LogoutCallbackState'];
408 } else {
409 $callbackState = array();
410 }
411
412 $id = strlen($this->authId).':'.$this->authId.$assoc;
413
414 $data = array(
415 'callback' => $callback,
416 'state' => $callbackState,
417 );
418
419 $session = SimpleSAML_Session::getSessionFromRequest();
420 $session->setData(
421 'SimpleSAML_Auth_Source.LogoutCallbacks',
422 $id,
423 $data,
424 SimpleSAML_Session::DATA_TIMEOUT_SESSION_END
425 );
426 }
427
428
439 protected function callLogoutCallback($assoc)
440 {
441 assert('is_string($assoc)');
442
443 $id = strlen($this->authId).':'.$this->authId.$assoc;
444
445 $session = SimpleSAML_Session::getSessionFromRequest();
446
447 $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
448 if ($data === null) {
449 // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure
450 $session->doLogout($this->authId);
451
452 return;
453 }
454
455 assert('is_array($data)');
456 assert('array_key_exists("callback", $data)');
457 assert('array_key_exists("state", $data)');
458
459 $callback = $data['callback'];
460 $callbackState = $data['state'];
461
462 $session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
463 call_user_func($callback, $callbackState);
464 }
465
466
472 public static function getSources()
473 {
474 $config = SimpleSAML_Configuration::getOptionalConfig('authsources.php');
475
476 return $config->getOptions();
477 }
478
479
488 protected static function validateSource($source, $id)
489 {
490 if (!array_key_exists(0, $source) || !is_string($source[0])) {
491 throw new Exception(
492 'Invalid authentication source \''.$id.
493 '\': First element must be a string which identifies the authentication source.'
494 );
495 }
496 }
497}
$source
$source
Definition: linkback.php:22
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
SimpleSAML\Module\resolveClass
static resolveClass($id, $type, $subclass=null)
Resolve module class.
Definition: Module.php:252
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML_Auth_Source
Definition: Source.php:13
SimpleSAML_Auth_Source\authenticate
authenticate(&$state)
Process a request.
SimpleSAML_Auth_Source\validateSource
static validateSource($source, $id)
Make sure that the first element of an auth source is its identifier.
Definition: Source.php:488
SimpleSAML_Auth_Source\loginCompleted
static loginCompleted($state)
Called when a login operation has finished.
Definition: Source.php:211
SimpleSAML_Auth_Source\getSources
static getSources()
Retrieve list of authentication sources.
Definition: Source.php:472
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:324
SimpleSAML_Auth_Source\getSourcesOfType
static getSourcesOfType($type)
Get sources of a specific type.
Definition: Source.php:52
SimpleSAML_Auth_Source\addLogoutCallback
addLogoutCallback($assoc, $state)
Add a logout callback association.
Definition: Source.php:395
SimpleSAML_Auth_Source\__construct
__construct($info, &$config)
Constructor for an authentication source.
Definition: Source.php:34
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
SimpleSAML_Auth_Source\parseAuthSource
static parseAuthSource($authId, $config)
Create authentication source object from configuration array.
Definition: Source.php:291
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
SimpleSAML_Auth_Source\logoutCallback
static logoutCallback($state)
Called when the authentication source receives an external logout request.
Definition: Source.php:363
SimpleSAML_Auth_Source\reauthenticate
reauthenticate(array &$state)
Reauthenticate an user.
Definition: Source.php:113
SimpleSAML_Auth_Source\logout
logout(&$state)
Log out from this authentication source.
Definition: Source.php:248
SimpleSAML_Auth_Source\completeLogout
static completeLogout(&$state)
Complete logout.
Definition: Source.php:264
SimpleSAML_Auth_Source\callLogoutCallback
callLogoutCallback($assoc)
Call a logout callback based on association.
Definition: Source.php:439
SimpleSAML_Auth_Source\getAuthId
getAuthId()
Retrieve the ID of this authentication source.
Definition: Source.php:82
SimpleSAML_Auth_Source\initLogin
initLogin($return, $errorURL=null, array $params=array())
Start authentication.
Definition: Source.php:163
SimpleSAML_Auth_State\deleteState
static deleteState(&$state)
Delete state.
Definition: State.php:319
SimpleSAML_Auth_State\getPersistentAuthData
static getPersistentAuthData(array $state)
Get the persistent authentication state from the state array.
Definition: State.php:103
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Auth_State\EXCEPTION_HANDLER_URL
const EXCEPTION_HANDLER_URL
The index in the state array which contains the exception handler URL.
Definition: State.php:63
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:239
SimpleSAML_Configuration\getConfig
static getConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:209
SimpleSAML_Error_Exception
Definition: Exception.php:13
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:15
SimpleSAML_Session\DATA_TIMEOUT_SESSION_END
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$info
$info
Definition: index.php:5
$ret
$ret
Definition: parser.php:6
$type
$type
Definition: proxy_ylocal.php:10
$session
$session
Definition: proxy_ylocal.php:32
$params
$params
Definition: disable.php:11