Add support for regex in consent.disable

Add support for regular expressions in consent.disable to make it easy to disable consent requirement for an entire domain or for trusted domains. We have over 100 SP defines internally and would like to have consent disabled for all of them easily and without having to update the IDP metadata each time we add a new SP. Example consent.disable in IDP metadata : // Disable consent for our SPs 'consent.disable' => array( 'https://mysp.mypartner.com', array('type'=>'regex', 'pattern'=>'/.*\.mycompany\.com.*/i'), ),

Add support for regex in consent.disable
6e46f7cc · Vincent Rioux · GitHub · e20a75b3 · 6e46f7cc
Commit 6e46f7cc authored 8 years ago by Vincent Rioux Committed by GitHub 8 years ago
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -144,13 +144,34 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
    /**
     * Helper function to check whether consent is disabled.
     *
-     * @param mixed $option  The consent.disable option. Either an array or a boolean.
+     * @param mixed $option  The consent.disable option. Either an array of array, an array or a boolean.
     * @param string $entityIdD  The entityID of the SP/IdP.
     * @return boolean  TRUE if disabled, FALSE if not.
     */
    private static function checkDisable($option, $entityId) {
        if (is_array($option)) {
-            return in_array($entityId, $option, TRUE);
+            // Check if consent.disable array has one element that is an array
+            if (count($option) == count($option, COUNT_RECURSIVE)) {
+                // Array is not multidimensional.  Simple in_array search suffices
+                return in_array($entityId, $option, TRUE);
+            } else {
+                // Array contains at least one element that is an array, verify both possibilities
+                if (in_array($entityId, $option, TRUE)) {
+                    return true;
+                } else {
+                    // Search in multidimensional arrays
+                    foreach($optionToTest in $option) {
+                        if (is_array($optionToTest)) {
+                            if ($optionToTest['type'] == 'regex') {
+                                // Evaluate regular expression and return true if entityId matches
+                                if (preg_match($optionToTest['pattern'], $entityId) === 1) return true;
+                            }
+                        }
+                    }
+                    // Base case : no match
+                    return false;
+                }
+            }
        } else {
            return (boolean)$option;
        }