The state array should not be modified after extracting (getting) the...

The state array should not be modified after extracting (getting) the persistent authentication data. This resolves #247.

The state array should not be modified after extracting (getting) the...
5128993b · Jaime Perez Crespo · c6cf761e · 5128993b · 5128993b · 5128993b
Commit 5128993b authored 9 years ago by Jaime Perez Crespo
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -31,8 +31,7 @@ class SimpleSAML_Auth_Default {
 	 */
 	public static function extractPersistentAuthState(array &$state) {

-		$state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
-		return $state;
+		return SimpleSAML_Auth_State::extractPersistentAuthState($state);
 	}


@@ -51,8 +50,7 @@ class SimpleSAML_Auth_Default {
 		/* Save session state. */
 		$session = SimpleSAML_Session::getSessionFromRequest();
 		$authId = $state['SimpleSAML_Auth_Default.id'];
-		$state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
-		$session->doLogin($authId, $state);
+		$session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state));

 		if (is_string($return)) {
 			/* Redirect... */

--- a/lib/SimpleSAML/Auth/Source.php
+++ b/lib/SimpleSAML/Auth/Source.php
@@ -216,8 +216,7 @@ abstract class SimpleSAML_Auth_Source
        // save session state
        $session = SimpleSAML_Session::getSessionFromRequest();
        $authId = $state['SimpleSAML_Auth_Default.id'];
-        $state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
-        $session->doLogin($authId, $state);
+        $session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state));

        if (is_string($return)) { // redirect...
            \SimpleSAML\Utils\HTTP::redirectTrustedURL($return);

--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -440,8 +440,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		// Update session state
 		$session = SimpleSAML_Session::getSessionFromRequest();
 		$authId = $state['saml:sp:AuthId'];
-		$state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
-		$session->doLogin($authId, $state);
+		$session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state));

 		// resume the login process
 		call_user_func($state['ReturnCallback'], $state);