ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Source.php
Go to the documentation of this file.
1<?php
2
3use SimpleSAML\Auth\SourceFactory;
4
13abstract class SimpleSAML_Auth_Source
14{
15
16
23 protected $authId;
24
25
35 public function __construct($info, &$config)
36 {
37 assert(is_array($info));
38 assert(is_array($config));
39
40 assert(array_key_exists('AuthId', $info));
41 $this->authId = $info['AuthId'];
42 }
43
44
53 public static function getSourcesOfType($type)
54 {
55 assert(is_string($type));
56
57 $config = SimpleSAML_Configuration::getConfig('authsources.php');
58
59 $ret = array();
60
61 $sources = $config->getOptions();
62 foreach ($sources as $id) {
63 $source = $config->getArray($id);
64
65 self::validateSource($source, $id);
66
67 if ($source[0] !== $type) {
68 continue;
69 }
70
71 $ret[] = self::parseAuthSource($id, $source);
72 }
73
74 return $ret;
75 }
76
77
83 public function getAuthId()
84 {
85 return $this->authId;
86 }
87
88
103 abstract public function authenticate(&$state);
104
105
114 public function reauthenticate(array &$state)
115 {
116 assert(isset($state['ReturnCallback']));
117
118 // the default implementation just copies over the previous authentication data
119 $session = SimpleSAML_Session::getSessionFromRequest();
120 $data = $session->getAuthState($this->authId);
121 foreach ($data as $k => $v) {
122 $state[$k] = $v;
123 }
124 }
125
126
136 public static function completeAuth(&$state)
137 {
138 assert(is_array($state));
139 assert(array_key_exists('LoginCompletedHandler', $state));
140
141 SimpleSAML_Auth_State::deleteState($state);
142
143 $func = $state['LoginCompletedHandler'];
144 assert(is_callable($func));
145
146 call_user_func($func, $state);
147 assert(false);
148 }
149
150
164 public function initLogin($return, $errorURL = null, array $params = array())
165 {
166 assert(is_string($return) || is_array($return));
167 assert(is_string($errorURL) || $errorURL === null);
168
169 $state = array_merge($params, array(
170 'SimpleSAML_Auth_Default.id' => $this->authId, // TODO: remove in 2.0
171 'SimpleSAML_Auth_Source.id' => $this->authId,
172 'SimpleSAML_Auth_Default.Return' => $return, // TODO: remove in 2.0
173 'SimpleSAML_Auth_Source.Return' => $return,
174 'SimpleSAML_Auth_Default.ErrorURL' => $errorURL, // TODO: remove in 2.0
175 'SimpleSAML_Auth_Source.ErrorURL' => $errorURL,
176 'LoginCompletedHandler' => array(get_class(), 'loginCompleted'),
177 'LogoutCallback' => array(get_class(), 'logoutCallback'),
178 'LogoutCallbackState' => array(
179 'SimpleSAML_Auth_Default.logoutSource' => $this->authId, // TODO: remove in 2.0
180 'SimpleSAML_Auth_Source.logoutSource' => $this->authId,
181 ),
182 ));
183
184 if (is_string($return)) {
185 $state['SimpleSAML_Auth_Default.ReturnURL'] = $return; // TODO: remove in 2.0
186 $state['SimpleSAML_Auth_Source.ReturnURL'] = $return;
187 }
188
189 if ($errorURL !== null) {
190 $state[SimpleSAML_Auth_State::EXCEPTION_HANDLER_URL] = $errorURL;
191 }
192
193 try {
194 $this->authenticate($state);
195 } catch (SimpleSAML_Error_Exception $e) {
196 SimpleSAML_Auth_State::throwException($state, $e);
197 } catch (Exception $e) {
198 $e = new SimpleSAML_Error_UnserializableException($e);
199 SimpleSAML_Auth_State::throwException($state, $e);
200 }
201 self::loginCompleted($state);
202 }
203
204
212 public static function loginCompleted($state)
213 {
214 assert(is_array($state));
215 assert(array_key_exists('SimpleSAML_Auth_Source.Return', $state));
216 assert(array_key_exists('SimpleSAML_Auth_Source.id', $state));
217 assert(array_key_exists('Attributes', $state));
218 assert(!array_key_exists('LogoutState', $state) || is_array($state['LogoutState']));
219
220 $return = $state['SimpleSAML_Auth_Source.Return'];
221
222 // save session state
223 $session = SimpleSAML_Session::getSessionFromRequest();
224 $authId = $state['SimpleSAML_Auth_Source.id'];
225 $session->doLogin($authId, SimpleSAML_Auth_State::getPersistentAuthData($state));
226
227 if (is_string($return)) { // redirect...
228 \SimpleSAML\Utils\HTTP::redirectTrustedURL($return);
229 } else {
230 call_user_func($return, $state);
231 }
232 assert(false);
233 }
234
235
249 public function logout(&$state)
250 {
251 assert(is_array($state));
252 // default logout handler which doesn't do anything
253 }
254
255
265 public static function completeLogout(&$state)
266 {
267 assert(is_array($state));
268 assert(array_key_exists('LogoutCompletedHandler', $state));
269
270 SimpleSAML_Auth_State::deleteState($state);
271
272 $func = $state['LogoutCompletedHandler'];
273 assert(is_callable($func));
274
275 call_user_func($func, $state);
276 assert(false);
277 }
278
279
292 private static function parseAuthSource($authId, $config)
293 {
294 assert(is_string($authId));
295 assert(is_array($config));
296
297 self::validateSource($config, $authId);
298
299 $id = $config[0];
300 $info = array('AuthId' => $authId);
301 $authSource = null;
302
303 unset($config[0]);
304
305 try {
306 // Check whether or not there's a factory responsible for instantiating our Auth Source instance
307 $factoryClass = SimpleSAML\Module::resolveClass($id, 'Auth_Source_Factory', 'SimpleSAML\Auth\SourceFactory');
308
310 $factory = new $factoryClass;
311 $authSource = $factory->create($info, $config);
312 } catch (Exception $e) {
313 // If not, instantiate the Auth Source here
314 $className = SimpleSAML\Module::resolveClass($id, 'Auth_Source', 'SimpleSAML_Auth_Source');
315 $authSource = new $className($info, $config);
316 }
317
318 return $authSource;
319 }
320
321
340 public static function getById($authId, $type = null)
341 {
342 assert(is_string($authId));
343 assert($type === null || is_string($type));
344
345 // for now - load and parse config file
346 $config = SimpleSAML_Configuration::getConfig('authsources.php');
347
348 $authConfig = $config->getArray($authId, null);
349 if ($authConfig === null) {
350 if ($type !== null) {
351 throw new SimpleSAML_Error_Exception(
352 'No authentication source with id '.
353 var_export($authId, true).' found.'
354 );
355 }
356 return null;
357 }
358
359 $ret = self::parseAuthSource($authId, $authConfig);
360
361 if ($type === null || $ret instanceof $type) {
362 return $ret;
363 }
364
365 // the authentication source doesn't have the correct type
366 throw new SimpleSAML_Error_Exception(
367 'Invalid type of authentication source '.
368 var_export($authId, true).'. Was '.var_export(get_class($ret), true).
369 ', should be '.var_export($type, true).'.'
370 );
371 }
372
373
379 public static function logoutCallback($state)
380 {
381 assert(is_array($state));
382 assert(array_key_exists('SimpleSAML_Auth_Source.logoutSource', $state));
383
384 $source = $state['SimpleSAML_Auth_Source.logoutSource'];
385
386 $session = SimpleSAML_Session::getSessionFromRequest();
387 if (!$session->isValid($source)) {
388 SimpleSAML\Logger::warning(
389 'Received logout from an invalid authentication source '.
390 var_export($source, true)
391 );
392
393 return;
394 }
395 $session->doLogout($source);
396 }
397
398
411 protected function addLogoutCallback($assoc, $state)
412 {
413 assert(is_string($assoc));
414 assert(is_array($state));
415
416 if (!array_key_exists('LogoutCallback', $state)) {
417 // the authentication requester doesn't have a logout callback
418 return;
419 }
420 $callback = $state['LogoutCallback'];
421
422 if (array_key_exists('LogoutCallbackState', $state)) {
423 $callbackState = $state['LogoutCallbackState'];
424 } else {
425 $callbackState = array();
426 }
427
428 $id = strlen($this->authId).':'.$this->authId.$assoc;
429
430 $data = array(
431 'callback' => $callback,
432 'state' => $callbackState,
433 );
434
435 $session = SimpleSAML_Session::getSessionFromRequest();
436 $session->setData(
437 'SimpleSAML_Auth_Source.LogoutCallbacks',
438 $id,
439 $data,
440 SimpleSAML_Session::DATA_TIMEOUT_SESSION_END
441 );
442 }
443
444
455 protected function callLogoutCallback($assoc)
456 {
457 assert(is_string($assoc));
458
459 $id = strlen($this->authId).':'.$this->authId.$assoc;
460
461 $session = SimpleSAML_Session::getSessionFromRequest();
462
463 $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
464 if ($data === null) {
465 // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure
466 $session->doLogout($this->authId);
467
468 return;
469 }
470
471 assert(is_array($data));
472 assert(array_key_exists('callback', $data));
473 assert(array_key_exists('state', $data));
474
475 $callback = $data['callback'];
476 $callbackState = $data['state'];
477
478 $session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
479 call_user_func($callback, $callbackState);
480 }
481
482
488 public static function getSources()
489 {
490 $config = SimpleSAML_Configuration::getOptionalConfig('authsources.php');
491
492 return $config->getOptions();
493 }
494
495
504 protected static function validateSource($source, $id)
505 {
506 if (!array_key_exists(0, $source) || !is_string($source[0])) {
507 throw new Exception(
508 'Invalid authentication source \''.$id.
509 '\': First element must be a string which identifies the authentication source.'
510 );
511 }
512 }
513}
$factory
$factory
Definition: metadata.php:43
$source
$source
Definition: linkback.php:22
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
SimpleSAML\Module\resolveClass
static resolveClass($id, $type, $subclass=null)
Resolve module class.
Definition: Module.php:169
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
SimpleSAML_Auth_Source
Definition: Source.php:14
SimpleSAML_Auth_Source\authenticate
authenticate(&$state)
Process a request.
SimpleSAML_Auth_Source\validateSource
static validateSource($source, $id)
Make sure that the first element of an auth source is its identifier.
Definition: Source.php:504
SimpleSAML_Auth_Source\loginCompleted
static loginCompleted($state)
Called when a login operation has finished.
Definition: Source.php:212
SimpleSAML_Auth_Source\getSources
static getSources()
Retrieve list of authentication sources.
Definition: Source.php:488
SimpleSAML_Auth_Source\getById
static getById($authId, $type=null)
Retrieve authentication source.
Definition: Source.php:340
SimpleSAML_Auth_Source\getSourcesOfType
static getSourcesOfType($type)
Get sources of a specific type.
Definition: Source.php:53
SimpleSAML_Auth_Source\addLogoutCallback
addLogoutCallback($assoc, $state)
Add a logout callback association.
Definition: Source.php:411
SimpleSAML_Auth_Source\__construct
__construct($info, &$config)
Constructor for an authentication source.
Definition: Source.php:35
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:136
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:23
SimpleSAML_Auth_Source\logoutCallback
static logoutCallback($state)
Called when the authentication source receives an external logout request.
Definition: Source.php:379
SimpleSAML_Auth_Source\reauthenticate
reauthenticate(array &$state)
Reauthenticate an user.
Definition: Source.php:114
SimpleSAML_Auth_Source\logout
logout(&$state)
Log out from this authentication source.
Definition: Source.php:249
SimpleSAML_Auth_Source\completeLogout
static completeLogout(&$state)
Complete logout.
Definition: Source.php:265
SimpleSAML_Auth_Source\callLogoutCallback
callLogoutCallback($assoc)
Call a logout callback based on association.
Definition: Source.php:455
SimpleSAML_Auth_Source\getAuthId
getAuthId()
Retrieve the ID of this authentication source.
Definition: Source.php:83
SimpleSAML_Auth_Source\initLogin
initLogin($return, $errorURL=null, array $params=array())
Start authentication.
Definition: Source.php:164
SimpleSAML_Auth_State\deleteState
static deleteState(&$state)
Delete state.
Definition: State.php:319
SimpleSAML_Auth_State\getPersistentAuthData
static getPersistentAuthData(array $state)
Get the persistent authentication state from the state array.
Definition: State.php:103
SimpleSAML_Auth_State\throwException
static throwException($state, SimpleSAML_Error_Exception $exception)
Throw exception to the state exception handler.
Definition: State.php:343
SimpleSAML_Auth_State\EXCEPTION_HANDLER_URL
const EXCEPTION_HANDLER_URL
The index in the state array which contains the exception handler URL.
Definition: State.php:63
SimpleSAML_Configuration\getOptionalConfig
static getOptionalConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:267
SimpleSAML_Configuration\getConfig
static getConfig($filename='config.php', $configSet='simplesaml')
Load a configuration file from a configuration set.
Definition: Configuration.php:237
SimpleSAML_Error_Exception
Definition: Exception.php:13
SimpleSAML_Error_UnserializableException
Definition: UnserializableException.php:16
SimpleSAML_Session\DATA_TIMEOUT_SESSION_END
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:241
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$config
$config
Definition: bootstrap.php:15
$info
$info
Definition: index.php:5
$ret
$ret
Definition: parser.php:6
$type
$type
Definition: proxy_ylocal.php:10
$session
$session
Definition: proxy_ylocal.php:32
$data
$data
Definition: bench.php:6