ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Private Member Functions | Private Attributes
sspmod_core_Auth_Process_GenerateGroups Class Reference
+ Inheritance diagram for sspmod_core_Auth_Process_GenerateGroups:
+ Collaboration diagram for sspmod_core_Auth_Process_GenerateGroups:

Public Member Functions

 __construct ($config, $reserved)
 Initialize this filter. More...
 
 process (&$request)
 Apply filter to add groups attribute. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
 __construct (&$config, $reserved)
 Constructor for a processing filter. More...
 
 process (&$request)
 Process a request. More...
 

Static Private Member Functions

static getRealm ($attributes)
 Determine which realm the user belongs to. More...
 
static escapeIllegalChars ($string)
 Escape special characters in a string. More...
 

Private Attributes

 $generateGroupsFrom
 The attributes we should generate groups from. More...
 

Additional Inherited Members

- Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
 $priority = 50
 Priority of this filter. More...
 

Detailed Description

Definition at line 9 of file GenerateGroups.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_core_Auth_Process_GenerateGroups::__construct (   $config,
  $reserved 
)

Initialize this filter.

Parameters
array$configConfiguration information about this filter.
mixed$reservedFor future use.

Definition at line 24 of file GenerateGroups.php.

References $config.

24  {
25  parent::__construct($config, $reserved);
26 
27  assert(is_array($config));
28 
29  if (count($config) === 0) {
30  // Use default groups
31  $this->generateGroupsFrom = array(
32  'eduPersonAffiliation',
33  'eduPersonOrgUnitDN',
34  'eduPersonEntitlement',
35  );
36 
37  } else {
38  // Validate configuration
39  foreach ($config as $attributeName) {
40  if (!is_string($attributeName)) {
41  throw new Exception('Invalid attribute name for core:GenerateGroups filter: ' .
42  var_export($attributeName, TRUE));
43  }
44  }
45 
46  $this->generateGroupsFrom = $config;
47  }
48  }
$config
$config
Definition: bootstrap.php:15

Member Function Documentation

◆ escapeIllegalChars()

static sspmod_core_Auth_Process_GenerateGroups::escapeIllegalChars (   $string)
staticprivate

Escape special characters in a string.

This function is similar to urlencode, but encodes many more characters. This function takes any characters not in [a-zA-Z0-9_@=.] and encodes them with as %<hex version>="">. For example, it will encode '+' as '%2b' and '' as '%25'.

Parameters
string$stringThe string which should be escaped.
Returns
string The escaped string.

Definition at line 134 of file GenerateGroups.php.

134  {
135  assert(is_string($string));
136 
137  return preg_replace_callback('/([^a-zA-Z0-9_@=.])/',
138  function ($m) { return sprintf("%%%02x", ord($m[1])); },
139  $string);
140  }
$m
$m
Definition: show_metadata.php:25

◆ getRealm()

static sspmod_core_Auth_Process_GenerateGroups::getRealm (   $attributes)
staticprivate

Determine which realm the user belongs to.

This function will attempt to determine the realm a user belongs to based on the eduPersonPrincipalName attribute if it is present. If it isn't, or if it doesn't contain a realm, NULL will be returned.

Parameters
array$attributesThe attributes of the user.
Returns
string|NULL The realm of the user, or NULL if we are unable to determine the realm.

Definition at line 101 of file GenerateGroups.php.

101  {
102  assert(is_array($attributes));
103 
104  if (!array_key_exists('eduPersonPrincipalName', $attributes)) {
105  return NULL;
106  }
107  $eppn = $attributes['eduPersonPrincipalName'];
108 
109  if (count($eppn) < 1) {
110  return NULL;
111  }
112  $eppn = $eppn[0];
113 
114  $realm = explode('@', $eppn, 2);
115  if (count($realm) < 2) {
116  return NULL;
117  }
118  $realm = $realm[1];
119 
120  return self::escapeIllegalChars($realm);
121  }
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85

◆ process()

sspmod_core_Auth_Process_GenerateGroups::process ( $request)

Apply filter to add groups attribute.

Parameters
array&$requestThe current request

Definition at line 56 of file GenerateGroups.php.

References $attributes, $name, $request, and SimpleSAML\Logger\debug().

56  {
57  assert(is_array($request));
58  assert(array_key_exists('Attributes', $request));
59 
60  $groups = array();
61  $attributes =& $request['Attributes'];
62 
63  $realm = self::getRealm($attributes);
64  if ($realm !== NULL) {
65  $groups[] = 'realm-' . $realm;
66  }
67 
68 
69  foreach ($this->generateGroupsFrom as $name) {
70  if (!array_key_exists($name, $attributes)) {
71  SimpleSAML\Logger::debug('GenerateGroups - attribute \'' . $name . '\' not found.');
72  /* Attribute not present. */
73  continue;
74  }
75 
76  foreach ($attributes[$name] as $value) {
77  $value = self::escapeIllegalChars($value);
78  $groups[] = $name . '-' . $value;
79  if ($realm !== NULL) {
80  $groups[] = $name . '-' . $realm . '-' . $value;
81  }
82  }
83  }
84 
85  if (count($groups) > 0) {
86  $attributes['groups'] = $groups;
87  }
88  }
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$name
$name
Definition: client_example.php:35
+ Here is the call graph for this function:

Field Documentation

◆ $generateGroupsFrom

sspmod_core_Auth_Process_GenerateGroups::$generateGroupsFrom
private

The attributes we should generate groups from.

Definition at line 15 of file GenerateGroups.php.

The documentation for this class was generated from the following file: