diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 4003f4437f0cceb59ee8ae46a31819e84403dfa6..0a455ac87a90b5638bf43a110e8fe19f761278a8 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1360,25 +1360,10 @@ class SimpleSAML_Utilities {
/**
- * Require admin access for current page.
- *
- * This is a helper-function for limiting a page to admin access. It will redirect
- * the user to a login page if the current user doesn't have admin access.
+ * @deprecated This function will be removed in SSP 2.0. Please use SimpleSAML_Utils_Auth::requireAdmin() instead.
*/
public static function requireAdmin() {
-
- if (SimpleSAML_Utils_Auth::isAdmin()) {
- return;
- }
-
- /* Not authenticated as admin user. Start authentication. */
-
- if (SimpleSAML_Auth_Source::getById('admin') !== NULL) {
- $as = new SimpleSAML_Auth_Simple('admin');
- $as->login();
- } else {
- throw new Exception('Cannot find "admin" auth source, and admin privileges are required.');
- }
+ return SimpleSAML_Utils_Auth::requireAdmin();
}
diff --git a/lib/SimpleSAML/Utils/Auth.php b/lib/SimpleSAML/Utils/Auth.php
index 439daa1339ff19f3e2d0909e073d21e5ff308259..d9575c018b1195e7335756bdd22ac4967a2d1cc9 100644
--- a/lib/SimpleSAML/Utils/Auth.php
+++ b/lib/SimpleSAML/Utils/Auth.php
@@ -21,4 +21,31 @@ class SimpleSAML_Utils_Auth
$session = SimpleSAML_Session::getSessionFromRequest();
return $session->isValid('admin') || $session->isValid('login-admin');
}
+
+ /**
+ * Require admin access to the current page.
+ *
+ * This is a helper function for limiting a page to those with administrative access. It will redirect the user to
+ * a login page if the current user doesn't have admin access.
+ *
+ * @return void This function will only return if the user is admin.
+ * @throws SimpleSAML_Error_Exception If no "admin" authentication source was configured.
+ *
+ * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+ * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ */
+ public static function requireAdmin()
+ {
+ if (SimpleSAML_Utils_Auth::isAdmin()) {
+ return;
+ }
+
+ // not authenticated as admin user, start authentication
+ if (SimpleSAML_Auth_Source::getById('admin') !== null) {
+ $as = new SimpleSAML_Auth_Simple('admin');
+ $as->login();
+ } else {
+ throw new SimpleSAML_Error_Exception('Cannot find "admin" auth source, and admin privileges are required.');
+ }
+ }
}
\ No newline at end of file
diff --git a/modules/adfs/www/idp/metadata.php b/modules/adfs/www/idp/metadata.php
index 40ddfa5478b833da999920a343c9c5b63b96b08e..34c6ad8c76d296731b748b309ae94fa1ad93c104 100644
--- a/modules/adfs/www/idp/metadata.php
+++ b/modules/adfs/www/idp/metadata.php
@@ -9,7 +9,7 @@ if (!$config->getBoolean('enable.adfs-idp', false))
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
diff --git a/modules/core/www/frontpage_auth.php b/modules/core/www/frontpage_auth.php
index 2db5dc0b59f2aee20881b830edd4684ed0a4593d..324867ef70925a9758f262dc89d6d7edc9482ebd 100644
--- a/modules/core/www/frontpage_auth.php
+++ b/modules/core/www/frontpage_auth.php
@@ -7,7 +7,7 @@ $session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utils_Auth::isAdmin();
diff --git a/modules/core/www/frontpage_config.php b/modules/core/www/frontpage_config.php
index eee1fa639b1c8f25660897595a320839617f0fce..ee9dbc1d4017fea9cd2e4afec170ac1dc63ea595 100644
--- a/modules/core/www/frontpage_config.php
+++ b/modules/core/www/frontpage_config.php
@@ -8,7 +8,7 @@ $session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utils_Auth::isAdmin();
diff --git a/modules/core/www/frontpage_federation.php b/modules/core/www/frontpage_federation.php
index 02f6d9eaff9813a63727758fb313b8a8e41510de..e640f218892b3b70f8008212fc57785ece192c0d 100644
--- a/modules/core/www/frontpage_federation.php
+++ b/modules/core/www/frontpage_federation.php
@@ -8,7 +8,7 @@ $session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utils_Auth::isAdmin();
diff --git a/modules/core/www/frontpage_welcome.php b/modules/core/www/frontpage_welcome.php
index 1bea6471d10835a8b4ce8416687b9c2e1712050e..95818c467238d4c061e9b4a5f5e432fe097f13f6 100644
--- a/modules/core/www/frontpage_welcome.php
+++ b/modules/core/www/frontpage_welcome.php
@@ -7,7 +7,7 @@ $session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utils_Auth::isAdmin();
diff --git a/modules/core/www/login-admin.php b/modules/core/www/login-admin.php
index 3e6438f3ea10e3b2dea80fb3da1ea30d3c6a48c9..bab9b0c5571f72497b09bff5b7e511f5afd92486 100644
--- a/modules/core/www/login-admin.php
+++ b/modules/core/www/login-admin.php
@@ -7,7 +7,7 @@ if (!array_key_exists('ReturnTo', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing ReturnTo parameter.');
}
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['ReturnTo']);
diff --git a/modules/core/www/show_metadata.php b/modules/core/www/show_metadata.php
index b2e9d96fb83cbc65247c7b6f5e7c5dde9961becc..9edfa4e3120e89e06724158fbda575c31b2abfef 100644
--- a/modules/core/www/show_metadata.php
+++ b/modules/core/www/show_metadata.php
@@ -6,7 +6,7 @@
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
if (!array_key_exists('entityid', $_REQUEST))
diff --git a/modules/cron/www/croninfo.php b/modules/cron/www/croninfo.php
index 6be04ebf6a38ce94f3560b45bb5ede7be89f4448..192576772879931fb9867d86f3a917da8aab2ca2 100644
--- a/modules/cron/www/croninfo.php
+++ b/modules/cron/www/croninfo.php
@@ -11,7 +11,7 @@ require_once('_include.php');
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$cronconfig = SimpleSAML_Configuration::getConfig('module_cron.php');
diff --git a/modules/logpeek/www/index.php b/modules/logpeek/www/index.php
index 9c763571ebb1c3ad07fa40475cb248fe7d39a66f..6336e6cb172f1e2366dc2bbf7104a28be7344234 100644
--- a/modules/logpeek/www/index.php
+++ b/modules/logpeek/www/index.php
@@ -21,7 +21,7 @@ function logFilter($objFile, $tag, $cut){
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$logpeekconfig = SimpleSAML_Configuration::getConfig('module_logpeek.php');
$logfile = $logpeekconfig->getValue('logfile', '/var/simplesamlphp.log');
diff --git a/modules/memcacheMonitor/www/memcachestat.php b/modules/memcacheMonitor/www/memcachestat.php
index 40a2efa45b459c1c73115a55f7cbb10909d2dc1b..76a0590278c7ba0dfbfcc09bc7c8152c034cd757 100644
--- a/modules/memcacheMonitor/www/memcachestat.php
+++ b/modules/memcacheMonitor/www/memcachestat.php
@@ -75,7 +75,7 @@ function humanreadable($input) {
$config = SimpleSAML_Configuration::getInstance();
/* Make sure that the user has admin access rights. */
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$formats = array(
diff --git a/modules/metarefresh/www/fetch.php b/modules/metarefresh/www/fetch.php
index a2739b85d0a87f40dfb445a375102955acebd2e0..70fc6657c3dd6af36910de2175cbdbbc8f215f82 100644
--- a/modules/metarefresh/www/fetch.php
+++ b/modules/metarefresh/www/fetch.php
@@ -3,7 +3,7 @@
$config = SimpleSAML_Configuration::getInstance();
$mconfig = SimpleSAML_Configuration::getOptionalConfig('config-metarefresh.php');
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
SimpleSAML_Logger::setCaptureLog(TRUE);
diff --git a/modules/saml/www/idp/certs.php b/modules/saml/www/idp/certs.php
index 5db029c503b754582957f139f227d534d5b5e81e..77a5074e4f8bb00974d0c355ce93104d3d186bdb 100644
--- a/modules/saml/www/idp/certs.php
+++ b/modules/saml/www/idp/certs.php
@@ -9,7 +9,7 @@ if (!$config->getBoolean('enable.saml20-idp', false))
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 72d2cdd664ad0e5c9b45271aecfcd2d616980aa7..e7267bbefa72d2016a993f3a84434bc1413ba3b9 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -6,7 +6,7 @@ if (!array_key_exists('PATH_INFO', $_SERVER)) {
$config = SimpleSAML_Configuration::getInstance();
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$sourceId = substr($_SERVER['PATH_INFO'], 1);
$source = SimpleSAML_Auth_Source::getById($sourceId);
diff --git a/modules/statistics/lib/AccessCheck.php b/modules/statistics/lib/AccessCheck.php
index e30f883ee1d7c71a63e58058ac5e31eaf5c4c2c8..794bc01918e5d80b09548d51810aef55fb36a9d9 100644
--- a/modules/statistics/lib/AccessCheck.php
+++ b/modules/statistics/lib/AccessCheck.php
@@ -36,7 +36,7 @@ class sspmod_statistics_AccessCheck {
if (!isset($authsource)) {
// If authsource is not defined, init admin login.
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
/* We are using an authsource for login. */
diff --git a/www/admin/hostnames.php b/www/admin/hostnames.php
index f2a65928cbf5552dc2baa74b10b5a00a43a20bc9..cc6a4511f840876366fc312743c5c001662d8de1 100644
--- a/www/admin/hostnames.php
+++ b/www/admin/hostnames.php
@@ -7,7 +7,7 @@ $config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$attributes = array();
diff --git a/www/admin/metadata-converter.php b/www/admin/metadata-converter.php
index dc447e3a63c2fabd8fd565f2ebe60dc50fe68bd2..5b2e2acca457fd722a86dae09675252f0699f53a 100644
--- a/www/admin/metadata-converter.php
+++ b/www/admin/metadata-converter.php
@@ -3,7 +3,7 @@
require_once('../_include.php');
/* Make sure that the user has admin access rights. */
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$config = SimpleSAML_Configuration::getInstance();
diff --git a/www/admin/phpinfo.php b/www/admin/phpinfo.php
index 64d2dbffab6562ea15dd75fdefda3cbd744c4b40..8688389bc0d566bb611ba222b623fc99f704a14f 100644
--- a/www/admin/phpinfo.php
+++ b/www/admin/phpinfo.php
@@ -3,6 +3,6 @@
require_once('../_include.php');
/* Make sure that the user has admin access rights. */
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
phpinfo();
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 2707adae6e40a26202bfd240d9c1bca057584de2..d7411d9590ef95b700b164111200ccbc4d0c0e4d 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -11,7 +11,7 @@ if (!$config->getBoolean('enable.saml20-idp', false))
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index ee35c6f6f8c0ee12eabf65efd50e22b8e0a6f684..8b2c94bac40a6983d2efa186466df227e3a2b300 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -11,7 +11,7 @@ if (!$config->getBoolean('enable.shib13-idp', false))
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}