From 5128993bab0f0705d96a44ba6a5da37d3ef7f9a5 Mon Sep 17 00:00:00 2001 From: Jaime Perez Crespo <jaime.perez@uninett.no> Date: Tue, 25 Aug 2015 15:31:15 +0200 Subject: [PATCH] The state array should not be modified after extracting (getting) the persistent authentication data. This resolves #247. --- lib/SimpleSAML/Auth/Default.php | 6 ++---- lib/SimpleSAML/Auth/Source.php | 3 +-- modules/saml/lib/Auth/Source/SP.php | 3 +-- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php index 5f2a6fe4b..d5553aa19 100644 --- a/lib/SimpleSAML/Auth/Default.php +++ b/lib/SimpleSAML/Auth/Default.php @@ -31,8 +31,7 @@ class SimpleSAML_Auth_Default { */ public static function extractPersistentAuthState(array &$state) { - $state = SimpleSAML_Auth_State::extractPersistentAuthState($state); - return $state; + return SimpleSAML_Auth_State::extractPersistentAuthState($state); } @@ -51,8 +50,7 @@ class SimpleSAML_Auth_Default { /* Save session state. */ $session = SimpleSAML_Session::getSessionFromRequest(); $authId = $state['SimpleSAML_Auth_Default.id']; - $state = SimpleSAML_Auth_State::extractPersistentAuthState($state); - $session->doLogin($authId, $state); + $session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state)); if (is_string($return)) { /* Redirect... */ diff --git a/lib/SimpleSAML/Auth/Source.php b/lib/SimpleSAML/Auth/Source.php index 3058e8101..70b8cf70a 100644 --- a/lib/SimpleSAML/Auth/Source.php +++ b/lib/SimpleSAML/Auth/Source.php @@ -216,8 +216,7 @@ abstract class SimpleSAML_Auth_Source // save session state $session = SimpleSAML_Session::getSessionFromRequest(); $authId = $state['SimpleSAML_Auth_Default.id']; - $state = SimpleSAML_Auth_State::extractPersistentAuthState($state); - $session->doLogin($authId, $state); + $session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state)); if (is_string($return)) { // redirect... \SimpleSAML\Utils\HTTP::redirectTrustedURL($return); diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index cb926f628..28ca102d7 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -440,8 +440,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { // Update session state $session = SimpleSAML_Session::getSessionFromRequest(); $authId = $state['saml:sp:AuthId']; - $state = SimpleSAML_Auth_State::extractPersistentAuthState($state); - $session->doLogin($authId, $state); + $session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state)); // resume the login process call_user_func($state['ReturnCallback'], $state); -- GitLab