d6/dd3/Authorize_8php_source.html

<?php


class sspmod_authorize_Auth_Process_Authorize extends SimpleSAML_Auth_ProcessingFilter {


        protected $deny = FALSE;


        protected $regex = TRUE;


        protected $valid_attribute_values = array();


        public function __construct($config, $reserved) {

                parent::__construct($config, $reserved);


                assert(is_array($config));


                // Check for the deny option, get it and remove it

                // Must be bool specifically, if not, it might be for a attrib filter below

                if (isset($config['deny']) && is_bool($config['deny'])) {

                        $this->deny = $config['deny'];

                        unset($config['deny']);

                }


                // Check for the regex option, get it and remove it

                // Must be bool specifically, if not, it might be for a attrib filter below

                if (isset($config['regex']) && is_bool($config['regex'])) {

                        $this->regex = $config['regex'];

                        unset($config['regex']);

                }


                foreach ($config as $attribute => $values) {

                        if (is_string($values))

                                $values = array($values);

                        if (!is_array($values))

                                throw new Exception('Filter Authorize: Attribute values is neither string nor array: ' . var_export($attribute, TRUE));

                        foreach ($values as $value){

                                if(!is_string($value)) {

                                        throw new Exception('Filter Authorize: Each value should be a string for attribute: ' . var_export($attribute, TRUE) . ' value: ' . var_export($value, TRUE) . ' Config is: ' . var_export($config, TRUE));

                                }

                        }

                        $this->valid_attribute_values[$attribute] = $values;

                }

        }


        public function process(&$request) {

                $authorize = $this->deny;

                assert(is_array($request));

                assert(array_key_exists('Attributes', $request));


                $attributes =& $request['Attributes'];


                foreach ($this->valid_attribute_values as $name => $patterns) {

                        if(array_key_exists($name, $attributes)) {

                                foreach ($patterns as $pattern){

                                        $values = $attributes[$name];

                                        if (!is_array($values))

                                                $values = array($values);

                                        foreach ($values as $value){

                                                if ($this->regex) {

                                                        $matched = preg_match($pattern, $value);

                                                } else {

                                                        $matched = ($value == $pattern);

                                                }

                                                if ($matched) {

                                                        $authorize = ($this->deny ? FALSE : TRUE);

                                                        break 3;

                                                }

                                        }

                                }

                        }

                }

                if (!$authorize){

                        $this->unauthorized($request);

                }

        }


        protected function unauthorized(&$request) {

                // Save state and redirect to 403 page

                $id = SimpleSAML_Auth_State::saveState($request,

                        'authorize:Authorize');

                $url = SimpleSAML\Module::getModuleURL(

                        'authorize/authorize_403.php');

                \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));

        }

}

$request
foreach($paths as $path) $request
Definition: asyncclient.php:32

php
An exception for terminatinating execution or to throw for unit testing.

SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220

SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959

SimpleSAML_Auth_ProcessingFilter
Definition: ProcessingFilter.php:22

SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194

sspmod_authorize_Auth_Process_Authorize
Definition: Authorize.php:10

sspmod_authorize_Auth_Process_Authorize\$regex
$regex
Definition: Authorize.php:24

sspmod_authorize_Auth_Process_Authorize\unauthorized
unauthorized(&$request)
When the process logic determines that the user is not authorized for this service,...
Definition: Authorize.php:125

sspmod_authorize_Auth_Process_Authorize\$deny
$deny
Definition: Authorize.php:17

sspmod_authorize_Auth_Process_Authorize\__construct
__construct($config, $reserved)
Initialize this filter.
Definition: Authorize.php:41

sspmod_authorize_Auth_Process_Authorize\$valid_attribute_values
$valid_attribute_values
Array of valid users.
Definition: Authorize.php:31

sspmod_authorize_Auth_Process_Authorize\process
process(&$request)
Apply filter to validate attributes.
Definition: Authorize.php:80

$name
$name
Definition: client_example.php:35

$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85

$config
$config
Definition: bootstrap.php:15

$url
$url
Definition: proxy_ylocal.php:28

$values
$values
Definition: testOperations.php:7