feat: timeout and connect_timeout options

limit requests to privacyIDEA by number of seconds

feat: timeout and connect_timeout options
e59d98a4 · Pavel Břoušek · c49bfd80 · e59d98a4 · e59d98a4
Verified Commit e59d98a4 authored 3 years ago by Pavel Břoušek
--- a/README.md
+++ b/README.md
@@ -46,6 +46,8 @@ Use this filter to read user mfa tokens from PrivacyIDEA server to state attribu
        ],
        'user_attribute' => 'eduPersonPrincipalName',
        'token_type_attr' => 'type',
+        //'connect_timeout' => 10, // optional, connect timeout in seconds
+        //'timeout' => 10, // optional, timeout in seconds
    ],
 ],
 ```

--- a/lib/Auth/Process/GetMfaTokensPrivacyIDEA.php
+++ b/lib/Auth/Process/GetMfaTokensPrivacyIDEA.php
@@ -16,6 +16,10 @@ class GetMfaTokensPrivacyIDEA extends \SimpleSAML\Auth\ProcessingFilter
    private const AS_PI_AUTH_TOKEN = 'auth_token';
    private const AS_PI_AUTH_TOKEN_ISSUED_AT = 'auth_token_issued_at';

+    private $connect_timeout = 0;
+
+    private $timeout;
+
    private $tokens_attr = 'mfaTokens';

    private $privacy_idea_username;
@@ -41,6 +45,8 @@ class GetMfaTokensPrivacyIDEA extends \SimpleSAML\Auth\ProcessingFilter
        parent::__construct($config, $reserved);

        $config = Configuration::loadFromArray($config['config']);
+        $this->connect_timeout = $config->getInteger('connect_timeout', $this->connect_timeout);
+        $this->timeout = $config->getInteger('timeout', $this->timeout);
        $this->tokens_attr = $config->getString('tokens_Attr', $this->tokens_attr);
        $this->privacy_idea_username = $config->getString('privacy_idea_username');
        $this->privacy_idea_passwd = $config->getString('privacy_idea_passwd');
@@ -106,6 +112,10 @@ class GetMfaTokensPrivacyIDEA extends \SimpleSAML\Auth\ProcessingFilter
        }

        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->connect_timeout);
+        if (null !== $this->timeout) {
+            curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
+        }
        curl_setopt($ch, CURLOPT_URL, $this->privacy_idea_domain . '/auth');
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
        $paramsJson = json_encode($data);
@@ -127,6 +137,10 @@ class GetMfaTokensPrivacyIDEA extends \SimpleSAML\Auth\ProcessingFilter
    private function getPrivacyIdeaTokensByType($state, $type, $admin_token)
    {
        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->connect_timeout);
+        if (null !== $this->timeout) {
+            curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
+        }
        curl_setopt($ch, CURLOPT_URL, $this->privacy_idea_domain . '/token/?user=' .
            $state['Attributes'][$this->user_attribute][0] . '&active=True&type=' . $type);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');