From 5e4ddbb128e455f9f92f753157482193824ecfbf Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tim.dijen@minbzk.nl>
Date: Sat, 10 Aug 2019 16:09:28 +0200
Subject: [PATCH] Twigify exampleauth (#1183)
---
.../exampleauth/templates/authenticate.twig | 29 ++++++++++++
modules/exampleauth/www/authpage.php | 47 +++++--------------
2 files changed, 40 insertions(+), 36 deletions(-)
create mode 100644 modules/exampleauth/templates/authenticate.twig
diff --git a/modules/exampleauth/templates/authenticate.twig b/modules/exampleauth/templates/authenticate.twig
new file mode 100644
index 000000000..4a68e334c
--- /dev/null
+++ b/modules/exampleauth/templates/authenticate.twig
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <title>exampleauth login page</title>
+ </head>
+ <body>
+ <h1>exampleauth login page</h1>
+ <p>
+ In this example you can log in with two accounts: <code>student</code> and <code>admin</code>.
+ In both cases, the password is the same as the username.
+ </p>
+ <form method="post" action="?">
+ <p>
+ Username:
+ <input type="text" name="username">
+ </p>
+ <p>
+ Password:
+ <input type="text" name="password">
+ </p>
+ <input type="hidden" name="ReturnTo" value="{{ returnTo|escape('html') }}">
+ <p><input type="submit" value="Log in"></p>
+ </form>
+{% if badUserPass == true %}
+ <p>!!! Bad username or password !!!</p>
+{% endif %}
+ </body>
+</html>
diff --git a/modules/exampleauth/www/authpage.php b/modules/exampleauth/www/authpage.php
index 7bc87a5a1..f59c707a1 100644
--- a/modules/exampleauth/www/authpage.php
+++ b/modules/exampleauth/www/authpage.php
@@ -15,7 +15,7 @@ if (!isset($_REQUEST['ReturnTo'])) {
$returnTo = \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']);
-/*
+/**
* The following piece of code would never be found in a real authentication page. Its
* purpose in this example is to make this example safer in the case where the
* administrator of the IdP leaves the exampleauth-module enabled in a production
@@ -24,19 +24,18 @@ $returnTo = \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']);
* What we do here is to extract the $state-array identifier, and check that it belongs to
* the exampleauth:External process.
*/
-
if (!preg_match('@State=(.*)@', $returnTo, $matches)) {
die('Invalid ReturnTo URL for this example.');
}
-\SimpleSAML\Auth\State::loadState(urldecode($matches[1]), 'exampleauth:External');
-/*
+/**
* The loadState-function will not return if the second parameter does not
* match the parameter passed to saveState, so by now we know that we arrived here
* through the exampleauth:External authentication page.
*/
+\SimpleSAML\Auth\State::loadState(urldecode($matches[1]), 'exampleauth:External');
-/*
+/**
* Our list of users.
*/
$users = [
@@ -56,7 +55,7 @@ $users = [
],
];
-/*
+/**
* Time to handle login responses.
* Since this is a dummy example, we accept any data.
*/
@@ -85,35 +84,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
-/*
+/**
* If we get this far, we need to show the login page to the user.
*/
-?><!DOCTYPE html>
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<title>exampleauth login page</title>
-</head>
-<body>
-<h1>exampleauth login page</h1>
-<p>
-In this example you can log in with two accounts: <code>student</code> and <code>admin</code>.
-In both cases, the password is the same as the username.
-</p>
-<?php if ($badUserPass) { ?>
-<p>Bad username or password.</p>
-<?php } ?>
-<form method="post" action="?">
-<p>
-Username:
-<input type="text" name="username">
-</p>
-<p>
-Password:
-<input type="text" name="password">
-</p>
-<input type="hidden" name="ReturnTo" value="<?php echo htmlspecialchars($returnTo); ?>">
-<p><input type="submit" value="Log in"></p>
-</form>
-</body>
-</html>
+$config = \SimpleSAML\Configuration::getInstance();
+$t = new \SimpleSAML\XHTML\Template($config, 'exampleauth:authenticate.twig');
+$t->data['badUserPass'] = $badUserPass;
+$t->data['returnTo'] = $returnTo;
+$t->show();
--
GitLab