Newer
Older
<?php
/**
* Helper class for simple authentication applications.
*
* @package simpleSAMLphp
* @version $Id$
*/
class SimpleSAML_Auth_Simple {
Olav Morken
committed
/**
* The id of the authentication source we are accessing.
*
* @var string
*/
private $authSource;
/**
* Create an instance with the specified authsource.
*
* @param string $authSource The id of the authentication source.
*/
public function __construct($authSource) {
assert('is_string($authSource)');
$this->authSource = $authSource;
}
/**
* Check if the user is authenticated.
*
* This function checks if the user is authenticated with the default
* authentication source selected by the 'default-authsource' option in
* 'config.php'.
*
* @return bool TRUE if the user is authenticated, FALSE if not.
*/
Olav Morken
committed
public function isAuthenticated() {
$session = SimpleSAML_Session::getInstance();
Olav Morken
committed
return $session->isValid($this->authSource);
}
/**
* Require the user to be authenticated.
*
* If the user is authenticated, this function returns immediately.
*
* If the user isn't authenticated, this function will authenticate the
* user with the authentication source, and then return the user to the
* current page.
*
* This function accepts an array $params, which controls some parts of
* the authentication. See the login()-function for a description.
* @param array $params Various options to the authentication request.
public function requireAuth(array $params = array()) {
$session = SimpleSAML_Session::getInstance();
Olav Morken
committed
if ($session->isValid($this->authSource)) {
/* Already authenticated. */
return;
}
$this->login($params);
}
/**
* Start an authentication process.
*
* This function never returns.
*
* This function accepts an array $params, which controls some parts of
* the authentication. The accepted parameters depends on the authentication
* source being used. Some parameters are generic:
* - 'ErrorURL': An URL that should receive errors from the authentication.
* - 'KeepPost': If the current request is a POST request, keep the POST
* data until after the authentication.
* - 'ReturnTo': The URL the user should be returned to after authentication.
* - 'ReturnCallback': The function we should call after the user has
* finished authentication.
*
* @param array $params Various options to the authentication request.
*/
public function login(array $params = array()) {
if (array_key_exists('KeepPost', $params)) {
$keepPost = (bool)$params['KeepPost'];
} else {
$keepPost = TRUE;
if (array_key_exists('ReturnTo', $params)) {
$returnTo = (string)$params['ReturnTo'];
} else if (array_key_exists('ReturnCallback', $params)) {
$returnTo = (array)$params['ReturnCallback'];
} else {
$returnTo = SimpleSAML_Utilities::selfURL();
}
Olav Morken
committed
if (is_string($returnTo) && $keepPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
$returnTo = SimpleSAML_Utilities::createPostRedirectLink($returnTo, $_POST);
}
if (array_key_exists('ErrorURL', $params)) {
$errorURL = (string)$params['ErrorURL'];
} else {
$errorURL = NULL;
}
if (!isset($params[SimpleSAML_Auth_State::RESTART]) && is_string($returnTo)) {
/*
* An URL to restart the authentication, in case the user bookmarks
* something, e.g. the discovery service page.
*/
$restartURL = $this->getLoginURL($returnTo);
$params[SimpleSAML_Auth_State::RESTART] = $restartURL;
}
SimpleSAML_Auth_Default::initLogin($this->authSource, $returnTo, $errorURL, $params);
}
/**
* Log the user out.
*
* This function logs the user out. It will never return. By default,
* it will cause a redirect to the current page after logging the user
* out, but a different URL can be given with the $params parameter.
* Generic parameters are:
* - 'ReturnTo': The URL the user should be returned to after logout.
* - 'ReturnCallback': The function that should be called after logout.
* - 'ReturnStateParam': The parameter we should return the state in when redirecting.
* - 'ReturnStateStage': The stage the state array should be saved with.
*
* @param string|array|NULL $params Either the url the user should be redirected to after logging out,
* or an array with parameters for the logout. If this parameter is
* NULL, we will return to the current page.
public function logout($params = NULL) {
assert('is_array($params) || is_string($params) || is_null($params)');
if ($params === NULL) {
$params = SimpleSAML_Utilities::selfURL();
}
if (is_string($params)) {
$params = array(
'ReturnTo' => $params,
);
}
assert('is_array($params)');
assert('isset($params["ReturnTo"]) || isset($params["ReturnCallback"])');
if (isset($params['ReturnStateParam']) || isset($params['ReturnStateStage'])) {
assert('isset($params["ReturnStateParam"]) && isset($params["ReturnStateStage"])');
Olav Morken
committed
$session = SimpleSAML_Session::getInstance();
if ($session->isValid($this->authSource)) {
$state = $session->getAuthData($this->authSource, 'LogoutState');
if ($state !== NULL) {
$params = array_merge($state, $params);
}
$session->doLogout($this->authSource);
$params['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted');
$as = SimpleSAML_Auth_Source::getById($this->authSource);
if ($as !== NULL) {
$as->logout($params);
}
Olav Morken
committed
}
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
self::logoutCompleted($params);
}
/**
* Called when logout operation completes.
*
* This function never returns.
*
* @param array $state The state after the logout.
*/
public static function logoutCompleted($state) {
assert('is_array($state)');
assert('isset($state["ReturnTo"]) || isset($state["ReturnCallback"])');
if (isset($state['ReturnCallback'])) {
call_user_func($state['ReturnCallback'], $state);
assert('FALSE');
} else {
$params = array();
if (isset($state['ReturnStateParam']) || isset($state['ReturnStateStage'])) {
assert('isset($state["ReturnStateParam"]) && isset($state["ReturnStateStage"])');
$stateID = SimpleSAML_Auth_State::saveState($state, $state['ReturnStateStage']);
$params[$state['ReturnStateParam']] = $stateID;
}
SimpleSAML_Utilities::redirect($state['ReturnTo'], $params);
}
}
/**
* Retrieve attributes of the current user.
*
* This function will retrieve the attributes of the current user if
* the user is authenticated. If the user isn't authenticated, it will
* return an empty array.
*
* @return array The users attributes.
*/
Olav Morken
committed
public function getAttributes() {
Olav Morken
committed
if (!$this->isAuthenticated()) {
/* Not authenticated. */
return array();
}
/* Authenticated. */
$session = SimpleSAML_Session::getInstance();
return $session->getAuthData($this->authSource, 'Attributes');
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
/**
* Retrieve authentication data.
*
* @param string $name The name of the parameter, e.g. 'Attribute', 'Expire' or 'saml:sp:IdP'.
* @return mixed|NULL The value of the parameter, or NULL if it isn't found or we are unauthenticated.
*/
public function getAuthData($name) {
assert('is_string($name)');
if (!$this->isAuthenticated()) {
return NULL;
}
$session = SimpleSAML_Session::getInstance();
return $session->getAuthData($this->authSource, $name);
}
/**
* Retrieve all authentication data.
*
* @return array|NULL All persistent authentication data, or NULL if we aren't authenticated.
*/
public function getAuthDataArray() {
if (!$this->isAuthenticated()) {
return NULL;
}
$session = SimpleSAML_Session::getInstance();
return $session->getAuthState($this->authSource);
}
/**
* Retrieve an URL that can be used to log the user in.
*
* @param string|NULL $returnTo
* The page the user should be returned to afterwards. If this parameter
* is NULL, the user will be returned to the current page.
* @return string
* An URL which is suitable for use in link-elements.
*/
public function getLoginURL($returnTo = NULL) {
assert('is_null($returnTo) || is_string($returnTo)');
if ($returnTo === NULL) {
$returnTo = SimpleSAML_Utilities::selfURL();
}
$login = SimpleSAML_Module::getModuleURL('core/as_login.php', array(
'AuthId' => $this->authSource,
'ReturnTo' => $returnTo,
));
return $login;
}
/**
* Retrieve an URL that can be used to log the user out.
*
* @param string|NULL $returnTo
* The page the user should be returned to afterwards. If this parameter
* is NULL, the user will be returned to the current page.
* @return string
* An URL which is suitable for use in link-elements.
*/
public function getLogoutURL($returnTo = NULL) {
assert('is_null($returnTo) || is_string($returnTo)');
if ($returnTo === NULL) {
$returnTo = SimpleSAML_Utilities::selfURL();
}
$logout = SimpleSAML_Module::getModuleURL('core/as_logout.php', array(
'AuthId' => $this->authSource,
'ReturnTo' => $returnTo,
));
return $logout;
}