ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
UserPassBase.php
Go to the documentation of this file.
1<?php
2
13
14
18 const STAGEID = 'sspmod_core_Auth_UserPassBase.state';
19
20
24 const AUTHID = 'sspmod_core_Auth_UserPassBase.AuthId';
25
26
34
39 protected $loginLinks;
40
47 protected $rememberUsernameEnabled = FALSE;
48
55 protected $rememberUsernameChecked = FALSE;
56
65 protected $rememberMeEnabled = FALSE;
66
73 protected $rememberMeChecked = FALSE;
74
84 public function __construct($info, &$config) {
85 assert(is_array($info));
86 assert(is_array($config));
87
88 if (isset($config['core:loginpage_links'])) {
89 $this->loginLinks = $config['core:loginpage_links'];
90 }
91
92 // Call the parent constructor first, as required by the interface
93 parent::__construct($info, $config);
94
95 // Get the remember username config options
96 if (isset($config['remember.username.enabled'])) {
97 $this->rememberUsernameEnabled = (bool) $config['remember.username.enabled'];
98 unset($config['remember.username.enabled']);
99 }
100 if (isset($config['remember.username.checked'])) {
101 $this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
102 unset($config['remember.username.checked']);
103 }
104
105 // get the "remember me" config options
107 $this->rememberMeEnabled = $sspcnf->getBoolean('session.rememberme.enable', FALSE);
108 $this->rememberMeChecked = $sspcnf->getBoolean('session.rememberme.checked', FALSE);
109 }
110
111
118 assert(is_string($forcedUsername) || $forcedUsername === null);
119 $this->forcedUsername = $forcedUsername;
120 }
121
125 public function getLoginLinks() {
126 return $this->loginLinks;
127 }
128
133 public function getRememberUsernameEnabled() {
135 }
136
141 public function getRememberUsernameChecked() {
143 }
144
149 public function isRememberMeEnabled() {
151 }
152
157 public function isRememberMeChecked() {
159 }
160
169 public function authenticate(&$state) {
170 assert(is_array($state));
171
172 /*
173 * Save the identifier of this authentication source, so that we can
174 * retrieve it later. This allows us to call the login()-function on
175 * the current object.
176 */
178
179 // What username we should force, if any
180 if ($this->forcedUsername !== NULL) {
181 /*
182 * This is accessed by the login form, to determine if the user
183 * is allowed to change the username.
184 */
185 $state['forcedUsername'] = $this->forcedUsername;
186 }
187
188 // ECP requests supply authentication credentials with the AUthnRequest
189 // so we validate them now rather than redirecting
190 if (isset($state['core:auth:username']) && isset($state['core:auth:password'])) {
191 $username = $state['core:auth:username'];
192 $password = $state['core:auth:password'];
193
194 if (isset($state['forcedUsername'])) {
195 $username = $state['forcedUsername'];
196 }
197
198 $attributes = $this->login($username, $password);
199 assert(is_array($attributes));
200 $state['Attributes'] = $attributes;
201
202 return;
203 }
204
205 /* Save the $state-array, so that we can restore it after a redirect. */
207
208 /*
209 * Redirect to the login form. We include the identifier of the saved
210 * state array as a parameter to the login form.
211 */
212 $url = SimpleSAML\Module::getModuleURL('core/loginuserpass.php');
213 $params = array('AuthState' => $id);
215
216 /* The previous function never returns, so this code is never executed. */
217 assert(false);
218 }
219
220
234 abstract protected function login($username, $password);
235
236
248 public static function handleLogin($authStateId, $username, $password) {
249 assert(is_string($authStateId));
250 assert(is_string($username));
251 assert(is_string($password));
252
253 /* Here we retrieve the state array we saved in the authenticate-function. */
255
256 /* Retrieve the authentication source we are executing. */
257 assert(array_key_exists(self::AUTHID, $state));
259 if ($source === NULL) {
260 throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
261 }
262
263 /*
264 * $source now contains the authentication source on which authenticate()
265 * was called. We should call login() on the same authentication source.
266 */
267
268 /* Attempt to log in. */
269 try {
270 $attributes = $source->login($username, $password);
271 } catch (Exception $e) {
272 SimpleSAML\Logger::stats('Unsuccessful login attempt from '.$_SERVER['REMOTE_ADDR'].'.');
273 throw $e;
274 }
275
276 SimpleSAML\Logger::stats('User \''.$username.'\' successfully authenticated from '.$_SERVER['REMOTE_ADDR']);
277
278 /* Save the attributes we received from the login-function in the $state-array. */
279 assert(is_array($attributes));
280 $state['Attributes'] = $attributes;
281
282 /* Return control to SimpleSAMLphp after successful authentication. */
283 SimpleSAML_Auth_Source::completeAuth($state);
284 }
285
286}
$source
Definition: linkback.php:22
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
An exception for terminatinating execution or to throw for unit testing.
static stats($string)
Definition: Logger.php:222
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
__construct($info, &$config)
Constructor for this authentication source.
authenticate(&$state)
Initialize login.
$forcedUsername
Username we should force.
getLoginLinks()
Return login links from configuration.
isRememberMeEnabled()
Check if the "remember me" feature is enabled.
getRememberUsernameChecked()
Getter for the authsource config option remember.username.checked.
static handleLogin($authStateId, $username, $password)
Handle login request.
$loginLinks
Links to pages from login page.
const AUTHID
The key of the AuthId field in the state.
setForcedUsername($forcedUsername)
Set forced username.
const STAGEID
The string used to identify our states.
isRememberMeChecked()
Check if the "remember me" checkbox should be checked.
login($username, $password)
Attempt to log in using the given username and password.
getRememberUsernameEnabled()
Getter for the authsource config option remember.username.enabled.
$password
Definition: cron.php:14
if(!array_key_exists('StateId', $_REQUEST)) $id
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$config
Definition: bootstrap.php:15
$info
Definition: index.php:5
$url
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
if(!array_key_exists('AuthState', $_REQUEST)) $authStateId