From 5128993bab0f0705d96a44ba6a5da37d3ef7f9a5 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Tue, 25 Aug 2015 15:31:15 +0200
Subject: [PATCH] The state array should not be modified after extracting
 (getting) the persistent authentication data. This resolves #247.

---
 lib/SimpleSAML/Auth/Default.php     | 6 ++----
 lib/SimpleSAML/Auth/Source.php      | 3 +--
 modules/saml/lib/Auth/Source/SP.php | 3 +--
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php
index 5f2a6fe4b..d5553aa19 100644
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -31,8 +31,7 @@ class SimpleSAML_Auth_Default {
 	 */
 	public static function extractPersistentAuthState(array &$state) {
 
-		$state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
-		return $state;
+		return SimpleSAML_Auth_State::extractPersistentAuthState($state);
 	}
 
 
@@ -51,8 +50,7 @@ class SimpleSAML_Auth_Default {
 		/* Save session state. */
 		$session = SimpleSAML_Session::getSessionFromRequest();
 		$authId = $state['SimpleSAML_Auth_Default.id'];
-		$state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
-		$session->doLogin($authId, $state);
+		$session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state));
 
 		if (is_string($return)) {
 			/* Redirect... */
diff --git a/lib/SimpleSAML/Auth/Source.php b/lib/SimpleSAML/Auth/Source.php
index 3058e8101..70b8cf70a 100644
--- a/lib/SimpleSAML/Auth/Source.php
+++ b/lib/SimpleSAML/Auth/Source.php
@@ -216,8 +216,7 @@ abstract class SimpleSAML_Auth_Source
         // save session state
         $session = SimpleSAML_Session::getSessionFromRequest();
         $authId = $state['SimpleSAML_Auth_Default.id'];
-        $state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
-        $session->doLogin($authId, $state);
+        $session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state));
 
         if (is_string($return)) { // redirect...
             \SimpleSAML\Utils\HTTP::redirectTrustedURL($return);
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index cb926f628..28ca102d7 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -440,8 +440,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		// Update session state
 		$session = SimpleSAML_Session::getSessionFromRequest();
 		$authId = $state['saml:sp:AuthId'];
-		$state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
-		$session->doLogin($authId, $state);
+		$session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state));
 
 		// resume the login process
 		call_user_func($state['ReturnCallback'], $state);
-- 
GitLab