d6/dd3/Authorize_8php_source.html

 <?php

 class sspmod_authorize_Auth_Process_Authorize extends SimpleSAML_Auth_ProcessingFilter {

         protected $deny = FALSE;

         protected $regex = TRUE;

         protected $valid_attribute_values = array();


         public function __construct($config, $reserved) {
                 parent::__construct($config, $reserved);

                 assert(is_array($config));

                 // Check for the deny option, get it and remove it
                 // Must be bool specifically, if not, it might be for a attrib filter below
                 if (isset($config['deny']) && is_bool($config['deny'])) {
                         $this->deny = $config['deny'];
                         unset($config['deny']);
                 }

                 // Check for the regex option, get it and remove it
                 // Must be bool specifically, if not, it might be for a attrib filter below
                 if (isset($config['regex']) && is_bool($config['regex'])) {
                         $this->regex = $config['regex'];
                         unset($config['regex']);
                 }

                 foreach ($config as $attribute => $values) {
                         if (is_string($values))
                                 $values = array($values);
                         if (!is_array($values))
                                 throw new Exception('Filter Authorize: Attribute values is neither string nor array: ' . var_export($attribute, TRUE));
                         foreach ($values as $value){
                                 if(!is_string($value)) {
                                         throw new Exception('Filter Authorize: Each value should be a string for attribute: ' . var_export($attribute, TRUE) . ' value: ' . var_export($value, TRUE) . ' Config is: ' . var_export($config, TRUE));
                                 }
                         }
                         $this->valid_attribute_values[$attribute] = $values;
                 }
         }


         public function process(&$request) {
                 $authorize = $this->deny;
                 assert(is_array($request));
                 assert(array_key_exists('Attributes', $request));

                 $attributes =& $request['Attributes'];

                 foreach ($this->valid_attribute_values as $name => $patterns) {
                         if(array_key_exists($name, $attributes)) {
                                 foreach ($patterns as $pattern){
                                         $values = $attributes[$name];
                                         if (!is_array($values))
                                                 $values = array($values);
                                         foreach ($values as $value){
                                                 if ($this->regex) {
                                                         $matched = preg_match($pattern, $value);
                                                 } else {
                                                         $matched = ($value == $pattern);
                                                 }
                                                 if ($matched) {
                                                         $authorize = ($this->deny ? FALSE : TRUE);
                                                         break 3;
                                                 }
                                         }
                                 }
                         }
                 }
                 if (!$authorize){
                         $this->unauthorized($request);
                 }
         }


         protected function unauthorized(&$request) {
                 // Save state and redirect to 403 page
                 $id = SimpleSAML_Auth_State::saveState($request,
                         'authorize:Authorize');
                 $url = SimpleSAML\Module::getModuleURL(
                         'authorize/authorize_403.php');
                 \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
         }
 }
sspmod_authorize_Auth_Process_Authorize\$deny
$deny
Definition: Authorize.php:17

$config
$config
Definition: bootstrap.php:15

$request
foreach($paths as $path) $request
Definition: asyncclient.php:32

$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959

sspmod_authorize_Auth_Process_Authorize\$valid_attribute_values
$valid_attribute_values
Array of valid users.
Definition: Authorize.php:31

SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220

sspmod_authorize_Auth_Process_Authorize\process
process(&$request)
Apply filter to validate attributes.
Definition: Authorize.php:80

$values
$values
Definition: testOperations.php:7

$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85

sspmod_authorize_Auth_Process_Authorize\__construct
__construct($config, $reserved)
Initialize this filter.
Definition: Authorize.php:41

sspmod_authorize_Auth_Process_Authorize
Definition: Authorize.php:10

$name
$name
Definition: client_example.php:35

php

$url
$url
Definition: proxy_ylocal.php:28

sspmod_authorize_Auth_Process_Authorize\unauthorized
unauthorized(&$request)
When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page.
Definition: Authorize.php:125

sspmod_authorize_Auth_Process_Authorize\$regex
$regex
Definition: Authorize.php:24

SimpleSAML_Auth_ProcessingFilter
Definition: ProcessingFilter.php:21

SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194

Exception