Implement "Remember my Organization" in multiple-ldap

This new feature allows the users to have a checkbox in the login form
which works in the same way than "Remember my username" but for the
organization selected in the dropdown

config-templates/authsources.php

@@ -276,6 +276,11 @@ $config = array(
         //'remember.username.enabled' => FALSE,
         //'remember.username.checked' => FALSE,
 
+        // Give the user an option to save their organization choice for future login
+		// attempts. And when enabled, what should the default be, checked or not.
+		//'remember.organization.enabled' => false,
+        //'remember.organization.checked' => false,
+
         // The way the organization as part of the username should be handled.
         // Three possible values:
         // - 'none':   No handling of the organization. Allows '@' to be part

dictionaries/login.definition.json

@@ -64,5 +64,8 @@
 	},
     "remember_me": {
         "en": "Remember me"
-    }
+    },
+	"remember_organization": {
+		"en": "Remember my organization"
+	}
 }

modules/core/lib/Auth/UserPassOrgBase.php

@@ -59,6 +59,22 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
 	 */
 	protected $rememberUsernameChecked = FALSE;
 
+    /**
+     * Storage for authsource config option remember.organization.enabled
+     * loginuserpassorg.php page/template use this option to present users
+     * with a checkbox to save their organization choice for the next login request.
+     * @var bool
+     */
+	protected $rememberOrganizationEnabled = false;
+
+	/**
+	 * Storage for authsource config option remember.organization.checked
+	 * loginuserpassorg.php page/template use this option to
+	 * default the remember organization checkbox to checked or not.
+	 * @var bool
+	 */
+	protected $rememberOrganizationChecked = false;
+
 
 	/**
 	 * Constructor for this authentication source.
@@ -85,6 +101,15 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
 			$this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
 			unset($config['remember.username.checked']);
 		}
+        // Get the remember organization config options
+        if (isset($config['remember.organization.enabled'])) {
+            $this->rememberOrganizationEnabled = (bool) $config['remember.organization.enabled'];
+            unset($config['remember.organization.enabled']);
+		}
+		if (isset($config['remember.organization.checked'])) {
+			$this->rememberOrganizationChecked = (bool) $config['remember.organization.checked'];
+			unset($config['remember.organization.checked']);
+		}
 
 		$this->usernameOrgMethod = 'none';
 	}
@@ -139,6 +164,21 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
 		return $this->rememberUsernameChecked;
 	}
 
+    /**
+     * Getter for the authsource config option remember.organization.enabled
+     * @return bool
+     */
+	public function getRememberOrganizationEnabled() {
+		return $this->rememberOrganizationEnabled;
+	}
+
+	/**
+	 * Getter for the authsource config option remember.organization.checked
+	 * @return bool
+	 */
+	public function getRememberOrganizationChecked() {
+		return $this->rememberOrganizationChecked;
+	}
 
 	/**
 	 * Initialize login.

modules/core/templates/loginuserpass.php

@@ -142,6 +142,16 @@ if ($this->data['errorcode'] !== null) {
                             }
                             ?>
                         </select></td>
+                    <td style="padding: .4em;">
+                        <?php
+                            if ($this->data['rememberOrganizationEnabled']) {
+                            	echo str_repeat("\t", 4);
+	                            echo '<input type="checkbox" id="remember_organization" tabindex="5" name="remember_organization" value="Yes" ';
+                                echo ($this->data['rememberOrganizationChecked'] ? 'checked="Yes" /> ' : '/> ');
+                            	echo $this->t('{login:remember_organization}');
+                            }
+                        ?>
+                    </td>
                 </tr>
                 <?php
             }

modules/core/www/loginuserpassorg.php

@@ -41,6 +41,8 @@ if (array_key_exists('password', $_REQUEST)) {
 
 if (array_key_exists('organization', $_REQUEST)) {
 	$organization = $_REQUEST['organization'];
+} elseif ($source->getRememberOrganizationEnabled() && array_key_exists($source->getAuthId() . '-organization', $_COOKIE)) {
+	$organization = $_COOKIE[$source->getAuthId() . '-organization'];
 } elseif (isset($state['core:organization'])) {
 	$organization = (string)$state['core:organization'];
 } else {
@@ -60,6 +62,14 @@ if ($organizations === NULL || !empty($organization)) {
             \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
 		}
 
+        if ($source->getRememberOrganizationEnabled()) {
+            $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
+            $params = $sessionHandler->getCookieParams();
+            $params['expire'] = time();
+            $params['expire'] += (isset($_REQUEST['remember_organization']) && $_REQUEST['remember_organization'] == 'Yes' ? 31536000 : -300);
+            setcookie($source->getAuthId() . '-organization', $organization, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+        }
+
 		try {
 			\SimpleSAML\Module\core\Auth\UserPassOrgBase::handleLogin($authStateId, $username, $password, $organization);
 		} catch (\SimpleSAML\Error\Error $e) {
@@ -80,6 +90,9 @@ $t->data['rememberUsernameChecked'] = $source->getRememberUsernameChecked();
 $t->data['rememberMeEnabled'] = false;
 $t->data['rememberMeChecked'] = false;
 if (isset($_COOKIE[$source->getAuthId() . '-username'])) $t->data['rememberUsernameChecked'] = TRUE;
+$t->data['rememberOrganizationEnabled'] = $source->getRememberOrganizationEnabled();
+$t->data['rememberOrganizationChecked'] = $source->getRememberOrganizationChecked();
+if (isset($_COOKIE[$source->getAuthId() . '-organization'])) $t->data['rememberOrganizationChecked'] = true;
 $t->data['errorcode'] = $errorCode;
 $t->data['errorcodes'] = \SimpleSAML\Error\ErrorCodes::getAllErrorCodeMessages();
 $t->data['errorparams'] = $errorParams;

tests/modules/core/lib/Auth/UserPassOrgBaseTest.php

+<?php
+    /**
+     * Created by PhpStorm.
+     * User: agustin
+     * Date: 16.10.2017
+     * Time: 12:17
+     */
+
+    namespace SimpleSAML\Test\Module\core\Auth;
+
+    use SimpleSAML\Module\core\Auth\UserPassOrgBase;
+
+    class UserPassOrgBaseTest extends \PHPUnit_Framework_TestCase
+    {
+        public function testRememberOrganizationEnabled()
+        {
+            $config = array(
+                'ldap:LDAPMulti',
+
+                'remember.organization.enabled' => true,
+                'remember.organization.checked' => false,
+
+                'my-org' => array(
+                    'description' => 'My organization',
+                    // The rest of the options are the same as those available for
+                    // the LDAP authentication source.
+                    'hostname' => 'ldap://ldap.myorg.com',
+                    'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
+                    // Whether SSL/TLS should be used when contacting the LDAP server.
+                    'enable_tls' => false,
+                )
+            );
+
+            $mockUserPassOrgBase = $this->getMockBuilder(\sspmod_core_Auth_UserPassOrgBase::class)
+                ->setConstructorArgs(array(array('AuthId' => 'my-org'), &$config))
+                ->setMethods(array())
+                ->getMockForAbstractClass();
+
+            $this->assertTrue($mockUserPassOrgBase->getRememberOrganizationEnabled());
+        }
+    }