Skip to content
Snippets Groups Projects
Verified Commit 980c73a3 authored by Pavel Břoušek's avatar Pavel Břoušek
Browse files

fix: represent booleans with booleans

change config options from strings to booleans

BREAKING CHANGE: configuration options need to be booleans instead of strings "true" and "false"
parent 272b18a1
Branches
Tags
1 merge request!1Improve WebAuthn user experience
...@@ -4,10 +4,8 @@ This module is an authentication module for simpleSAMLphp to use with the privac ...@@ -4,10 +4,8 @@ This module is an authentication module for simpleSAMLphp to use with the privac
You can use this plugin in two different ways: You can use this plugin in two different ways:
<ol> 1. AuthSource: This module does the complete authentication process against privacyIDEA
<li> AuthSource: This module does the complete authentication process against privacyIDEA 2. AuthProc: This module does just one step of the authentication, the second factor against privacyIDEA
<li> AuthProc: This module does just one step of the authentication, the second factor against privacyIDEA
</ol>
NOTE: This plugin is enabled by default when installed, you do not need to enable it manually. NOTE: This plugin is enabled by default when installed, you do not need to enable it manually.
...@@ -31,14 +29,14 @@ You need to add the authentication source 'privacyidea' to ...@@ -31,14 +29,14 @@ You need to add the authentication source 'privacyidea' to
* The value have to be a string. * The value have to be a string.
* Optional. * Optional.
*/ */
'sslVerifyHost' => 'false', 'sslVerifyHost' => false,
/* /*
* Check if the certificate is valid, signed by a trusted CA. * Check if the certificate is valid, signed by a trusted CA.
* The value have to be a string. * The value have to be a string.
* Optional. * Optional.
*/ */
'sslVerifyPeer' => 'false', 'sslVerifyPeer' => false,
/* /*
* The realm where the user is located in. * The realm where the user is located in.
...@@ -57,21 +55,21 @@ You need to add the authentication source 'privacyidea' to ...@@ -57,21 +55,21 @@ You need to add the authentication source 'privacyidea' to
'servicePass' => 'service', 'servicePass' => 'service',
/** /**
* Set doTriggerChallenge to 'true' to trigger challenges prior to the login * Set doTriggerChallenge to true to trigger challenges prior to the login
* using the configured service account. * using the configured service account.
* This setting takes precedence over 'doSendPassword'. * This setting takes precedence over 'doSendPassword'.
* The value have to be a string. * The value have to be a string.
*/ */
'doTriggerChallenge' => 'true', 'doTriggerChallenge' => true,
/** /**
* Set doSendPassword to 'true' to send a request to validate/check with the username * Set doSendPassword to true to send a request to validate/check with the username
* and an empty pass prior to the login. * and an empty pass prior to the login.
* This can be used to trigger challenges depending on the configuration in privacyIDEA * This can be used to trigger challenges depending on the configuration in privacyIDEA
* and requires no service account. If 'doTriggerChallenge' is enabled, this setting has no effect. * and requires no service account. If 'doTriggerChallenge' is enabled, this setting has no effect.
* The value have to be a string. * The value have to be a string.
*/ */
'doSendPassword' => 'true', 'doSendPassword' => true,
/** /**
* Set custom hints for the OTP and password fields * Set custom hints for the OTP and password fields
...@@ -80,11 +78,11 @@ You need to add the authentication source 'privacyidea' to ...@@ -80,11 +78,11 @@ You need to add the authentication source 'privacyidea' to
'passFieldHint' => 'Password', 'passFieldHint' => 'Password',
/** /**
* Set SSO to 'true' if you want to use single sign on. * Set SSO to true if you want to use single sign on.
* All information required for SSO will be saved in the session. * All information required for SSO will be saved in the session.
* After logging out, the SSO data will be removed from the session. * After logging out, the SSO data will be removed from the session.
*/ */
'SSO' => 'false', 'SSO' => false,
/** /**
* Set preferredTokenType to your favourite token type. * Set preferredTokenType to your favourite token type.
...@@ -180,13 +178,13 @@ If you want to use privacyIDEA as an auth process filter, add the configuration ...@@ -180,13 +178,13 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* Check if the hostname matches the name in the certificate. * Check if the hostname matches the name in the certificate.
* The value have to be a string. * The value have to be a string.
*/ */
'sslVerifyHost' => 'true', 'sslVerifyHost' => true,
/** /**
* Check if the certificate is valid, signed by a trusted CA * Check if the certificate is valid, signed by a trusted CA
* The value have to be a string. * The value have to be a string.
*/ */
'sslVerifyPeer' => 'true', 'sslVerifyPeer' => true,
/** /**
* Here you need to enter the username of your service account * Here you need to enter the username of your service account
...@@ -202,7 +200,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration ...@@ -202,7 +200,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* You can add this option, if you want to enroll tokens for users, who do not have one yet. * You can add this option, if you want to enroll tokens for users, who do not have one yet.
* The value have to be a string. * The value have to be a string.
*/ */
'doEnrollToken' => 'true', 'doEnrollToken' => true,
/** /**
* You can select a time based otp (totp), an event based otp (hotp) or an u2f (u2f) * You can select a time based otp (totp), an event based otp (hotp) or an u2f (u2f)
...@@ -213,14 +211,14 @@ If you want to use privacyIDEA as an auth process filter, add the configuration ...@@ -213,14 +211,14 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* You can enable or disable trigger challenge. * You can enable or disable trigger challenge.
* The value have to be a string. * The value have to be a string.
*/ */
'doTriggerChallenge' => 'true', 'doTriggerChallenge' => true,
/** /**
* Set this to 'true' if you want to use single sign on. * Set this to true if you want to use single sign on.
* All information required for SSO will be saved in the session. * All information required for SSO will be saved in the session.
* After logging out, the SSO data will be removed from the session. * After logging out, the SSO data will be removed from the session.
*/ */
'SSO' => 'false', 'SSO' => false,
/** /**
* Set preferredTokenType to your favourite token type. * Set preferredTokenType to your favourite token type.
...@@ -252,7 +250,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration ...@@ -252,7 +250,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* privacyIDEA. If passOnNoToken is activated and the user does not have a token, he will be passed by privacyIDEA. * privacyIDEA. If passOnNoToken is activated and the user does not have a token, he will be passed by privacyIDEA.
* NOTE: Do not use it with privacyidea:tokenEnrollment. * NOTE: Do not use it with privacyidea:tokenEnrollment.
*/ */
'tryFirstAuthentication' => 'true', 'tryFirstAuthentication' => true,
/** /**
* You can decide, which password should be used for tryFirstAuthentication * You can decide, which password should be used for tryFirstAuthentication
...@@ -273,7 +271,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration ...@@ -273,7 +271,7 @@ If you want to use privacyIDEA as an auth process filter, add the configuration
* the entityID and/or SAML attributes, you may enable this filter. * the entityID and/or SAML attributes, you may enable this filter.
* Value have to be string. * Value have to be string.
*/ */
'checkEntityID' => 'true', 'checkEntityID' => true,
/** /**
* Depending on excludeEntityIDs and includeAttributes the filter will set the state variable * Depending on excludeEntityIDs and includeAttributes the filter will set the state variable
......
...@@ -67,9 +67,9 @@ class PrivacyideaAuthProc extends ProcessingFilter ...@@ -67,9 +67,9 @@ class PrivacyideaAuthProc extends ProcessingFilter
} }
} }
// If set to "true" in config, selectively disable the privacyIDEA authentication using the entityID and/or SAML attributes. // If set to true in config, selectively disable the privacyIDEA authentication using the entityID and/or SAML attributes.
// The skipping will be done in self::isPrivacyIDEADisabled // The skipping will be done in self::isPrivacyIDEADisabled
if (!empty($this->authProcConfig['checkEntityID']) && 'true' === $this->authProcConfig['checkEntityID']) { if (!empty($this->authProcConfig['checkEntityID']) && true === $this->authProcConfig['checkEntityID']) {
$stateId = State::saveState($state, 'privacyidea:privacyidea'); $stateId = State::saveState($state, 'privacyidea:privacyidea');
$stateId = $this->checkEntityID($this->authProcConfig, $stateId); $stateId = $this->checkEntityID($this->authProcConfig, $stateId);
$state = State::loadState($stateId, 'privacyidea:privacyidea'); $state = State::loadState($stateId, 'privacyidea:privacyidea');
...@@ -83,7 +83,7 @@ class PrivacyideaAuthProc extends ProcessingFilter ...@@ -83,7 +83,7 @@ class PrivacyideaAuthProc extends ProcessingFilter
// SSO check if authentication should be skipped // SSO check if authentication should be skipped
if (array_key_exists('SSO', $this->authProcConfig) if (array_key_exists('SSO', $this->authProcConfig)
&& 'true' === $this->authProcConfig['SSO']) { && true === $this->authProcConfig['SSO']) {
if (Utils::checkForValidSSO($state)) { if (Utils::checkForValidSSO($state)) {
Logger::debug('privacyIDEA: SSO data valid - logging in..'); Logger::debug('privacyIDEA: SSO data valid - logging in..');
ProcessingChain::resumeProcessing($state); ProcessingChain::resumeProcessing($state);
...@@ -96,12 +96,12 @@ class PrivacyideaAuthProc extends ProcessingFilter ...@@ -96,12 +96,12 @@ class PrivacyideaAuthProc extends ProcessingFilter
$stateId = State::saveState($state, 'privacyidea:privacyidea'); $stateId = State::saveState($state, 'privacyidea:privacyidea');
// Check if it should be controlled that user has no tokens and a new token should be enrolled. // Check if it should be controlled that user has no tokens and a new token should be enrolled.
if (!empty($this->authProcConfig['doEnrollToken']) && 'true' === $this->authProcConfig['doEnrollToken']) { if (!empty($this->authProcConfig['doEnrollToken']) && true === $this->authProcConfig['doEnrollToken']) {
$stateId = $this->enrollToken($stateId, $username); $stateId = $this->enrollToken($stateId, $username);
} }
// Check if triggerChallenge or a call with a static pass to /validate/check should be done // Check if triggerChallenge or a call with a static pass to /validate/check should be done
if (!empty($this->authProcConfig['doTriggerChallenge']) && 'true' === $this->authProcConfig['doTriggerChallenge']) { if (!empty($this->authProcConfig['doTriggerChallenge']) && true === $this->authProcConfig['doTriggerChallenge']) {
// Call /validate/triggerchallenge with the service account from the configuration to trigger all token of the user // Call /validate/triggerchallenge with the service account from the configuration to trigger all token of the user
$stateId = State::saveState($state, 'privacyidea:privacyidea'); $stateId = State::saveState($state, 'privacyidea:privacyidea');
if (!$this->pi->serviceAccountAvailable()) { if (!$this->pi->serviceAccountAvailable()) {
...@@ -120,7 +120,7 @@ class PrivacyideaAuthProc extends ProcessingFilter ...@@ -120,7 +120,7 @@ class PrivacyideaAuthProc extends ProcessingFilter
$stateId = Utils::processPIResponse($stateId, $response); $stateId = Utils::processPIResponse($stateId, $response);
} }
} }
} elseif (!empty($this->authProcConfig['tryFirstAuthentication']) && 'true' === $this->authProcConfig['tryFirstAuthentication']) { } elseif (!empty($this->authProcConfig['tryFirstAuthentication']) && true === $this->authProcConfig['tryFirstAuthentication']) {
// Call /validate/check with a static pass from the configuration // Call /validate/check with a static pass from the configuration
// This could already end the authentication with the "passOnNoToken" policy, or it could trigger challenges // This could already end the authentication with the "passOnNoToken" policy, or it could trigger challenges
$response = Utils::authenticatePI($state, [ $response = Utils::authenticatePI($state, [
......
...@@ -144,7 +144,7 @@ class PrivacyideaAuthSource extends UserPassBase ...@@ -144,7 +144,7 @@ class PrivacyideaAuthSource extends UserPassBase
$stateId = State::saveState($state, 'privacyidea:privacyidea'); $stateId = State::saveState($state, 'privacyidea:privacyidea');
if (array_key_exists('doTriggerChallenge', $source->authSourceConfig) if (array_key_exists('doTriggerChallenge', $source->authSourceConfig)
&& 'true' === $source->authSourceConfig['doTriggerChallenge']) { && true === $source->authSourceConfig['doTriggerChallenge']) {
if (!empty($username) && $source->pi->serviceAccountAvailable()) { if (!empty($username) && $source->pi->serviceAccountAvailable()) {
try { try {
$response = $source->pi->triggerChallenge($username); $response = $source->pi->triggerChallenge($username);
...@@ -153,7 +153,7 @@ class PrivacyideaAuthSource extends UserPassBase ...@@ -153,7 +153,7 @@ class PrivacyideaAuthSource extends UserPassBase
} }
} }
} elseif (array_key_exists('doSendPassword', $source->authSourceConfig) } elseif (array_key_exists('doSendPassword', $source->authSourceConfig)
&& 'true' === $source->authSourceConfig['doSendPassword']) { && true === $source->authSourceConfig['doSendPassword']) {
if (!empty($username)) { if (!empty($username)) {
try { try {
$response = $source->pi->validateCheck($username, $password); $response = $source->pi->validateCheck($username, $password);
......
...@@ -32,7 +32,7 @@ class Utils ...@@ -32,7 +32,7 @@ class Utils
$state['privacyidea:privacyidea:ui']['mode'] = $formParams['mode']; $state['privacyidea:privacyidea:ui']['mode'] = $formParams['mode'];
// If the mode was changed, do not make any requests // If the mode was changed, do not make any requests
if ('true' === $formParams['modeChanged']) { if (true === $formParams['modeChanged']) {
$state['privacyidea:privacyidea:ui']['loadCounter'] = 1; $state['privacyidea:privacyidea:ui']['loadCounter'] = 1;
return null; return null;
...@@ -202,11 +202,11 @@ class Utils ...@@ -202,11 +202,11 @@ class Utils
$pi->logger = new PILogger(); $pi->logger = new PILogger();
if (array_key_exists('sslVerifyHost', $config) && !empty($config['sslVerifyHost'])) { if (array_key_exists('sslVerifyHost', $config) && !empty($config['sslVerifyHost'])) {
$pi->sslVerifyHost = 'false' !== $config['sslVerifyHost']; $pi->sslVerifyHost = false !== $config['sslVerifyHost'];
} }
if (array_key_exists('sslVerifyPeer', $config) && !empty($config['sslVerifyPeer'])) { if (array_key_exists('sslVerifyPeer', $config) && !empty($config['sslVerifyPeer'])) {
$pi->sslVerifyPeer = 'false' !== $config['sslVerifyPeer']; $pi->sslVerifyPeer = false !== $config['sslVerifyPeer'];
} }
if (array_key_exists('serviceAccount', $config) && !empty($config['serviceAccount'])) { if (array_key_exists('serviceAccount', $config) && !empty($config['serviceAccount'])) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment