From 24aac91f5094692c63e34b650e5be7dbf93b7a74 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Thu, 16 Apr 2015 17:15:21 +0200
Subject: [PATCH] Move SimpleSAML_Utilities::requireAdmin() to
SimpleSAML_Utils_Auth::requireAdmin(). Deprecate the former and stop using
it.
---
lib/SimpleSAML/Utilities.php | 19 ++------------
lib/SimpleSAML/Utils/Auth.php | 27 ++++++++++++++++++++
modules/adfs/www/idp/metadata.php | 2 +-
modules/core/www/frontpage_auth.php | 2 +-
modules/core/www/frontpage_config.php | 2 +-
modules/core/www/frontpage_federation.php | 2 +-
modules/core/www/frontpage_welcome.php | 2 +-
modules/core/www/login-admin.php | 2 +-
modules/core/www/show_metadata.php | 2 +-
modules/cron/www/croninfo.php | 2 +-
modules/logpeek/www/index.php | 2 +-
modules/memcacheMonitor/www/memcachestat.php | 2 +-
modules/metarefresh/www/fetch.php | 2 +-
modules/saml/www/idp/certs.php | 2 +-
modules/saml/www/sp/metadata.php | 2 +-
modules/statistics/lib/AccessCheck.php | 2 +-
www/admin/hostnames.php | 2 +-
www/admin/metadata-converter.php | 2 +-
www/admin/phpinfo.php | 2 +-
www/saml2/idp/metadata.php | 2 +-
www/shib13/idp/metadata.php | 2 +-
21 files changed, 48 insertions(+), 36 deletions(-)
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 4003f4437..0a455ac87 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1360,25 +1360,10 @@ class SimpleSAML_Utilities {
/**
- * Require admin access for current page.
- *
- * This is a helper-function for limiting a page to admin access. It will redirect
- * the user to a login page if the current user doesn't have admin access.
+ * @deprecated This function will be removed in SSP 2.0. Please use SimpleSAML_Utils_Auth::requireAdmin() instead.
*/
public static function requireAdmin() {
-
- if (SimpleSAML_Utils_Auth::isAdmin()) {
- return;
- }
-
- /* Not authenticated as admin user. Start authentication. */
-
- if (SimpleSAML_Auth_Source::getById('admin') !== NULL) {
- $as = new SimpleSAML_Auth_Simple('admin');
- $as->login();
- } else {
- throw new Exception('Cannot find "admin" auth source, and admin privileges are required.');
- }
+ return SimpleSAML_Utils_Auth::requireAdmin();
}
diff --git a/lib/SimpleSAML/Utils/Auth.php b/lib/SimpleSAML/Utils/Auth.php
index 439daa133..d9575c018 100644
--- a/lib/SimpleSAML/Utils/Auth.php
+++ b/lib/SimpleSAML/Utils/Auth.php
@@ -21,4 +21,31 @@ class SimpleSAML_Utils_Auth
$session = SimpleSAML_Session::getSessionFromRequest();
return $session->isValid('admin') || $session->isValid('login-admin');
}
+
+ /**
+ * Require admin access to the current page.
+ *
+ * This is a helper function for limiting a page to those with administrative access. It will redirect the user to
+ * a login page if the current user doesn't have admin access.
+ *
+ * @return void This function will only return if the user is admin.
+ * @throws SimpleSAML_Error_Exception If no "admin" authentication source was configured.
+ *
+ * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+ * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ */
+ public static function requireAdmin()
+ {
+ if (SimpleSAML_Utils_Auth::isAdmin()) {
+ return;
+ }
+
+ // not authenticated as admin user, start authentication
+ if (SimpleSAML_Auth_Source::getById('admin') !== null) {
+ $as = new SimpleSAML_Auth_Simple('admin');
+ $as->login();
+ } else {
+ throw new SimpleSAML_Error_Exception('Cannot find "admin" auth source, and admin privileges are required.');
+ }
+ }
}
\ No newline at end of file
diff --git a/modules/adfs/www/idp/metadata.php b/modules/adfs/www/idp/metadata.php
index 40ddfa547..34c6ad8c7 100644
--- a/modules/adfs/www/idp/metadata.php
+++ b/modules/adfs/www/idp/metadata.php
@@ -9,7 +9,7 @@ if (!$config->getBoolean('enable.adfs-idp', false))
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
diff --git a/modules/core/www/frontpage_auth.php b/modules/core/www/frontpage_auth.php
index 2db5dc0b5..324867ef7 100644
--- a/modules/core/www/frontpage_auth.php
+++ b/modules/core/www/frontpage_auth.php
@@ -7,7 +7,7 @@ $session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utils_Auth::isAdmin();
diff --git a/modules/core/www/frontpage_config.php b/modules/core/www/frontpage_config.php
index eee1fa639..ee9dbc1d4 100644
--- a/modules/core/www/frontpage_config.php
+++ b/modules/core/www/frontpage_config.php
@@ -8,7 +8,7 @@ $session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utils_Auth::isAdmin();
diff --git a/modules/core/www/frontpage_federation.php b/modules/core/www/frontpage_federation.php
index 02f6d9eaf..e640f2188 100644
--- a/modules/core/www/frontpage_federation.php
+++ b/modules/core/www/frontpage_federation.php
@@ -8,7 +8,7 @@ $session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utils_Auth::isAdmin();
diff --git a/modules/core/www/frontpage_welcome.php b/modules/core/www/frontpage_welcome.php
index 1bea6471d..95818c467 100644
--- a/modules/core/www/frontpage_welcome.php
+++ b/modules/core/www/frontpage_welcome.php
@@ -7,7 +7,7 @@ $session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectindexpage', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$loginurl = SimpleSAML_Utilities::getAdminLoginURL();
$isadmin = SimpleSAML_Utils_Auth::isAdmin();
diff --git a/modules/core/www/login-admin.php b/modules/core/www/login-admin.php
index 3e6438f3e..bab9b0c55 100644
--- a/modules/core/www/login-admin.php
+++ b/modules/core/www/login-admin.php
@@ -7,7 +7,7 @@ if (!array_key_exists('ReturnTo', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing ReturnTo parameter.');
}
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['ReturnTo']);
diff --git a/modules/core/www/show_metadata.php b/modules/core/www/show_metadata.php
index b2e9d96fb..9edfa4e31 100644
--- a/modules/core/www/show_metadata.php
+++ b/modules/core/www/show_metadata.php
@@ -6,7 +6,7 @@
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
if (!array_key_exists('entityid', $_REQUEST))
diff --git a/modules/cron/www/croninfo.php b/modules/cron/www/croninfo.php
index 6be04ebf6..192576772 100644
--- a/modules/cron/www/croninfo.php
+++ b/modules/cron/www/croninfo.php
@@ -11,7 +11,7 @@ require_once('_include.php');
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$cronconfig = SimpleSAML_Configuration::getConfig('module_cron.php');
diff --git a/modules/logpeek/www/index.php b/modules/logpeek/www/index.php
index 9c763571e..6336e6cb1 100644
--- a/modules/logpeek/www/index.php
+++ b/modules/logpeek/www/index.php
@@ -21,7 +21,7 @@ function logFilter($objFile, $tag, $cut){
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$logpeekconfig = SimpleSAML_Configuration::getConfig('module_logpeek.php');
$logfile = $logpeekconfig->getValue('logfile', '/var/simplesamlphp.log');
diff --git a/modules/memcacheMonitor/www/memcachestat.php b/modules/memcacheMonitor/www/memcachestat.php
index 40a2efa45..76a059027 100644
--- a/modules/memcacheMonitor/www/memcachestat.php
+++ b/modules/memcacheMonitor/www/memcachestat.php
@@ -75,7 +75,7 @@ function humanreadable($input) {
$config = SimpleSAML_Configuration::getInstance();
/* Make sure that the user has admin access rights. */
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$formats = array(
diff --git a/modules/metarefresh/www/fetch.php b/modules/metarefresh/www/fetch.php
index a2739b85d..70fc6657c 100644
--- a/modules/metarefresh/www/fetch.php
+++ b/modules/metarefresh/www/fetch.php
@@ -3,7 +3,7 @@
$config = SimpleSAML_Configuration::getInstance();
$mconfig = SimpleSAML_Configuration::getOptionalConfig('config-metarefresh.php');
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
SimpleSAML_Logger::setCaptureLog(TRUE);
diff --git a/modules/saml/www/idp/certs.php b/modules/saml/www/idp/certs.php
index 5db029c50..77a5074e4 100644
--- a/modules/saml/www/idp/certs.php
+++ b/modules/saml/www/idp/certs.php
@@ -9,7 +9,7 @@ if (!$config->getBoolean('enable.saml20-idp', false))
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
diff --git a/modules/saml/www/sp/metadata.php b/modules/saml/www/sp/metadata.php
index 72d2cdd66..e7267bbef 100644
--- a/modules/saml/www/sp/metadata.php
+++ b/modules/saml/www/sp/metadata.php
@@ -6,7 +6,7 @@ if (!array_key_exists('PATH_INFO', $_SERVER)) {
$config = SimpleSAML_Configuration::getInstance();
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
$sourceId = substr($_SERVER['PATH_INFO'], 1);
$source = SimpleSAML_Auth_Source::getById($sourceId);
diff --git a/modules/statistics/lib/AccessCheck.php b/modules/statistics/lib/AccessCheck.php
index e30f883ee..794bc0191 100644
--- a/modules/statistics/lib/AccessCheck.php
+++ b/modules/statistics/lib/AccessCheck.php
@@ -36,7 +36,7 @@ class sspmod_statistics_AccessCheck {
if (!isset($authsource)) {
// If authsource is not defined, init admin login.
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
/* We are using an authsource for login. */
diff --git a/www/admin/hostnames.php b/www/admin/hostnames.php
index f2a65928c..cc6a4511f 100644
--- a/www/admin/hostnames.php
+++ b/www/admin/hostnames.php
@@ -7,7 +7,7 @@ $config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
/* Check if valid local session exists.. */
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$attributes = array();
diff --git a/www/admin/metadata-converter.php b/www/admin/metadata-converter.php
index dc447e3a6..5b2e2acca 100644
--- a/www/admin/metadata-converter.php
+++ b/www/admin/metadata-converter.php
@@ -3,7 +3,7 @@
require_once('../_include.php');
/* Make sure that the user has admin access rights. */
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
$config = SimpleSAML_Configuration::getInstance();
diff --git a/www/admin/phpinfo.php b/www/admin/phpinfo.php
index 64d2dbffa..8688389bc 100644
--- a/www/admin/phpinfo.php
+++ b/www/admin/phpinfo.php
@@ -3,6 +3,6 @@
require_once('../_include.php');
/* Make sure that the user has admin access rights. */
-SimpleSAML_Utilities::requireAdmin();
+SimpleSAML_Utils_Auth::requireAdmin();
phpinfo();
diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php
index 2707adae6..d7411d959 100644
--- a/www/saml2/idp/metadata.php
+++ b/www/saml2/idp/metadata.php
@@ -11,7 +11,7 @@ if (!$config->getBoolean('enable.saml20-idp', false))
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
diff --git a/www/shib13/idp/metadata.php b/www/shib13/idp/metadata.php
index ee35c6f6f..8b2c94bac 100644
--- a/www/shib13/idp/metadata.php
+++ b/www/shib13/idp/metadata.php
@@ -11,7 +11,7 @@ if (!$config->getBoolean('enable.shib13-idp', false))
/* Check if valid local session exists.. */
if ($config->getBoolean('admin.protectmetadata', false)) {
- SimpleSAML_Utilities::requireAdmin();
+ SimpleSAML_Utils_Auth::requireAdmin();
}
--
GitLab