ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Private Member Functions | Private Attributes
sspmod_core_Auth_Process_GenerateGroups Class Reference
+ Inheritance diagram for sspmod_core_Auth_Process_GenerateGroups:
+ Collaboration diagram for sspmod_core_Auth_Process_GenerateGroups:

Public Member Functions

 __construct ($config, $reserved)
 Initialize this filter. More...
 
 process (&$request)
 Apply filter to add groups attribute. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
 __construct (&$config, $reserved)
 Constructor for a processing filter. More...
 
 process (&$request)
 Process a request. More...
 

Static Private Member Functions

static getRealm ($attributes)
 Determine which realm the user belongs to. More...
 
static escapeIllegalChars ($string)
 Escape special characters in a string. More...
 

Private Attributes

 $generateGroupsFrom
 The attributes we should generate groups from. More...
 

Additional Inherited Members

- Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
 $priority = 50
 Priority of this filter. More...
 

Detailed Description

Definition at line 9 of file GenerateGroups.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_core_Auth_Process_GenerateGroups::__construct (   $config,
  $reserved 
)

Initialize this filter.

Parameters
array$configConfiguration information about this filter.
mixed$reservedFor future use.

Definition at line 24 of file GenerateGroups.php.

24 {
25 parent::__construct($config, $reserved);
26
27 assert(is_array($config));
28
29 if (count($config) === 0) {
30 // Use default groups
31 $this->generateGroupsFrom = array(
32 'eduPersonAffiliation',
33 'eduPersonOrgUnitDN',
34 'eduPersonEntitlement',
35 );
36
37 } else {
38 // Validate configuration
39 foreach ($config as $attributeName) {
40 if (!is_string($attributeName)) {
41 throw new Exception('Invalid attribute name for core:GenerateGroups filter: ' .
42 var_export($attributeName, TRUE));
43 }
44 }
45
46 $this->generateGroupsFrom = $config;
47 }
48 }
$config
$config
Definition: bootstrap.php:15

References $config.

Member Function Documentation

◆ escapeIllegalChars()

static sspmod_core_Auth_Process_GenerateGroups::escapeIllegalChars (   $string)
staticprivate

Escape special characters in a string.

This function is similar to urlencode, but encodes many more characters. This function takes any characters not in [a-zA-Z0-9_=.] and encodes them with as %<hex version>. For example, it will encode '+' as '%2b' and '' as '%25'.

Parameters
string$stringThe string which should be escaped.
Returns
string The escaped string.

Definition at line 134 of file GenerateGroups.php.

134 {
135 assert(is_string($string));
136
137 return preg_replace_callback('/([^a-zA-Z0-9_@=.])/',
138 function ($m) { return sprintf("%%%02x", ord($m[1])); },
139 $string);
140 }
$m
$m
Definition: show_metadata.php:25

◆ getRealm()

static sspmod_core_Auth_Process_GenerateGroups::getRealm (   $attributes)
staticprivate

Determine which realm the user belongs to.

This function will attempt to determine the realm a user belongs to based on the eduPersonPrincipalName attribute if it is present. If it isn't, or if it doesn't contain a realm, NULL will be returned.

Parameters
array$attributesThe attributes of the user.
Returns
string|NULL The realm of the user, or NULL if we are unable to determine the realm.

Definition at line 101 of file GenerateGroups.php.

101 {
102 assert(is_array($attributes));
103
104 if (!array_key_exists('eduPersonPrincipalName', $attributes)) {
105 return NULL;
106 }
107 $eppn = $attributes['eduPersonPrincipalName'];
108
109 if (count($eppn) < 1) {
110 return NULL;
111 }
112 $eppn = $eppn[0];
113
114 $realm = explode('@', $eppn, 2);
115 if (count($realm) < 2) {
116 return NULL;
117 }
118 $realm = $realm[1];
119
120 return self::escapeIllegalChars($realm);
121 }
sspmod_core_Auth_Process_GenerateGroups\escapeIllegalChars
static escapeIllegalChars($string)
Escape special characters in a string.
Definition: GenerateGroups.php:134
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85

Referenced by process().

+ Here is the caller graph for this function:

◆ process()

sspmod_core_Auth_Process_GenerateGroups::process ( $request)

Apply filter to add groups attribute.

Parameters
array&$requestThe current request

Reimplemented from SimpleSAML_Auth_ProcessingFilter.

Definition at line 56 of file GenerateGroups.php.

56 {
57 assert(is_array($request));
58 assert(array_key_exists('Attributes', $request));
59
60 $groups = array();
61 $attributes =& $request['Attributes'];
62
63 $realm = self::getRealm($attributes);
64 if ($realm !== NULL) {
65 $groups[] = 'realm-' . $realm;
66 }
67
68
69 foreach ($this->generateGroupsFrom as $name) {
70 if (!array_key_exists($name, $attributes)) {
71 SimpleSAML\Logger::debug('GenerateGroups - attribute \'' . $name . '\' not found.');
72 /* Attribute not present. */
73 continue;
74 }
75
76 foreach ($attributes[$name] as $value) {
77 $value = self::escapeIllegalChars($value);
78 $groups[] = $name . '-' . $value;
79 if ($realm !== NULL) {
80 $groups[] = $name . '-' . $realm . '-' . $value;
81 }
82 }
83 }
84
85 if (count($groups) > 0) {
86 $attributes['groups'] = $groups;
87 }
88 }
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
sspmod_core_Auth_Process_GenerateGroups\getRealm
static getRealm($attributes)
Determine which realm the user belongs to.
Definition: GenerateGroups.php:101
$name
$name
Definition: client_example.php:35

References $attributes, $name, $request, SimpleSAML\Logger\debug(), and getRealm().

+ Here is the call graph for this function:

Field Documentation

◆ $generateGroupsFrom

sspmod_core_Auth_Process_GenerateGroups::$generateGroupsFrom
private

The attributes we should generate groups from.

Definition at line 15 of file GenerateGroups.php.

The documentation for this class was generated from the following file: