From e59d98a426c9106452f4068cd9985dc82669f3b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ou=C5=A1ek?= <brousek@ics.muni.cz>
Date: Tue, 12 Apr 2022 17:54:39 +0200
Subject: [PATCH] feat: timeout and connect_timeout options

limit requests to privacyIDEA by number of seconds
---
 README.md                                    |  2 ++
 lib/Auth/Process/GetMfaTokensPrivacyIDEA.php | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/README.md b/README.md
index 7b2067f..3bfde16 100755
--- a/README.md
+++ b/README.md
@@ -46,6 +46,8 @@ Use this filter to read user mfa tokens from PrivacyIDEA server to state attribu
         ],
         'user_attribute' => 'eduPersonPrincipalName',
         'token_type_attr' => 'type',
+        //'connect_timeout' => 10, // optional, connect timeout in seconds
+        //'timeout' => 10, // optional, timeout in seconds
     ],
 ],
 ```
diff --git a/lib/Auth/Process/GetMfaTokensPrivacyIDEA.php b/lib/Auth/Process/GetMfaTokensPrivacyIDEA.php
index fa2c2a1..b3f272f 100644
--- a/lib/Auth/Process/GetMfaTokensPrivacyIDEA.php
+++ b/lib/Auth/Process/GetMfaTokensPrivacyIDEA.php
@@ -16,6 +16,10 @@ class GetMfaTokensPrivacyIDEA extends \SimpleSAML\Auth\ProcessingFilter
     private const AS_PI_AUTH_TOKEN = 'auth_token';
     private const AS_PI_AUTH_TOKEN_ISSUED_AT = 'auth_token_issued_at';
 
+    private $connect_timeout = 0;
+
+    private $timeout;
+
     private $tokens_attr = 'mfaTokens';
 
     private $privacy_idea_username;
@@ -41,6 +45,8 @@ class GetMfaTokensPrivacyIDEA extends \SimpleSAML\Auth\ProcessingFilter
         parent::__construct($config, $reserved);
 
         $config = Configuration::loadFromArray($config['config']);
+        $this->connect_timeout = $config->getInteger('connect_timeout', $this->connect_timeout);
+        $this->timeout = $config->getInteger('timeout', $this->timeout);
         $this->tokens_attr = $config->getString('tokens_Attr', $this->tokens_attr);
         $this->privacy_idea_username = $config->getString('privacy_idea_username');
         $this->privacy_idea_passwd = $config->getString('privacy_idea_passwd');
@@ -106,6 +112,10 @@ class GetMfaTokensPrivacyIDEA extends \SimpleSAML\Auth\ProcessingFilter
         }
 
         $ch = curl_init();
+        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->connect_timeout);
+        if (null !== $this->timeout) {
+            curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
+        }
         curl_setopt($ch, CURLOPT_URL, $this->privacy_idea_domain . '/auth');
         curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
         $paramsJson = json_encode($data);
@@ -127,6 +137,10 @@ class GetMfaTokensPrivacyIDEA extends \SimpleSAML\Auth\ProcessingFilter
     private function getPrivacyIdeaTokensByType($state, $type, $admin_token)
     {
         $ch = curl_init();
+        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->connect_timeout);
+        if (null !== $this->timeout) {
+            curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
+        }
         curl_setopt($ch, CURLOPT_URL, $this->privacy_idea_domain . '/token/?user=' .
             $state['Attributes'][$this->user_attribute][0] . '&active=True&type=' . $type);
         curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
-- 
GitLab