Skip to content
Snippets Groups Projects
Unverified Commit 4de86b5a authored by lukasmatusiewicz's avatar lukasmatusiewicz Committed by GitHub
Browse files

Merge pull request #149 from privacyidea/fix_enabled_key

fix disabling filter by previous filter
parents 80f29804 da9ce597
No related branches found
No related tags found
Loading
......@@ -52,10 +52,16 @@ class sspmod_privacyidea_Auth_Process_PrivacyideaAuthProc extends SimpleSAML_Aut
// It can be used to configure that a user does not need to provide a second factor when logging in from the local network.
if (!empty($this->authProcConfig['excludeClientIPs']))
{
$state['privacyIDEA']['enabled'][0] = $this->matchIP(sspmod_privacyidea_Auth_Utils::getClientIP(), $this->authProcConfig['excludeClientIPs']);
$ip = sspmod_privacyidea_Auth_Utils::getClientIP();
if ($this->matchIP($ip, $this->authProcConfig['excludeClientIPs']))
{
SimpleSAML_Logger::debug("privacyIDEA: privacyIDEA is disabled because ip " . $ip . " is excluded.");
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
}
// If set to "true" in config, selectively disable the privacyIDEA authentication using the entityID and/or SAML attributes.
// The skipping will be done in self::isPrivacyIDEADisabled
if (!empty($this->authProcConfig['checkEntityID']) && $this->authProcConfig['checkEntityID'] === 'true')
{
$stateId = SimpleSAML_Auth_State::saveState($state, 'privacyidea:privacyidea');
......@@ -64,11 +70,10 @@ class sspmod_privacyidea_Auth_Process_PrivacyideaAuthProc extends SimpleSAML_Aut
}
// Check if privacyIDEA is disabled by configuration setting
if (sspmod_privacyidea_Auth_Utils::isPrivacyIDEADisabled($state, $this->authProcConfig))
if (self::isPrivacyIDEADisabled($state, $this->authProcConfig))
{
SimpleSAML_Logger::debug("privacyIDEA: privacyIDEA is disabled by a filter");
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
return;
}
// SSO check if authentication should be skipped
......@@ -131,7 +136,7 @@ class sspmod_privacyidea_Auth_Process_PrivacyideaAuthProc extends SimpleSAML_Aut
{
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
else if (!empty($response->multiChallenge))
elseif (!empty($response->multiChallenge))
{
$stateId = sspmod_privacyidea_Auth_Utils::processPIResponse($stateId, $response);
}
......@@ -333,12 +338,28 @@ class sspmod_privacyidea_Auth_Process_PrivacyideaAuthProc extends SimpleSAML_Aut
if (preg_match($reg, $str))
{
array_push($retArr, $reg);
$retArr[] = $reg;
}
}
return $retArr;
}
/**
* Check if PrivacyIDEA was disabled by a filter.
* @param array $state The global state of simpleSAMLphp.
* @param array $config The config for the PrivacyIDEA server.
* @return boolean Whether PrivacyIDEA is disabled.
*/
public static function isPrivacyIDEADisabled(array $state, array $config)
{
if (isset($config['enabledPath']) && isset($config['enabledKey']))
{
return isset($state[$config['enabledPath']][$config['enabledKey']][0])
&& !$state[$config['enabledPath']][$config['enabledKey']][0];
}
return false;
}
/**
* This function allows to show the debug messages from privacyIDEA server
* @param $message
......
......@@ -396,23 +396,4 @@ class sspmod_privacyidea_Auth_Utils
}
return $config;
}
/**
* Check if PrivacyIDEA was disabled by a filter.
* @param array $state The global state of simpleSAMLphp.
* @param array $config The config for the PrivacyIDEA server.
* @return boolean Whether PrivacyIDEA is disabled.
*/
public static function isPrivacyIDEADisabled(array $state, array $config)
{
if (isset($config['enabledPath']) || isset($state['enabledPath']))
{
if (isset($config['enabledKey'])
&& ($config['enabledKey'] === false || $state['enabledKey'] === false))
{
return true;
}
}
return false;
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment