diff --git a/config-templates/authsources.php b/config-templates/authsources.php
index d067159520e459802e14a442c4f547f9b353eca4..5550b6d557b11c068fe534fc445c02ce409400b5 100644
--- a/config-templates/authsources.php
+++ b/config-templates/authsources.php
@@ -277,8 +277,8 @@ $config = array(
//'remember.username.checked' => FALSE,
// Give the user an option to save their organization choice for future login
- // attempts. And when enabled, what should the default be, checked or not.
- //'remember.organization.enabled' => false,
+ // attempts. And when enabled, what should the default be, checked or not.
+ //'remember.organization.enabled' => false,
//'remember.organization.checked' => false,
// The way the organization as part of the username should be handled.
diff --git a/dictionaries/login.definition.json b/dictionaries/login.definition.json
index 15969601b73021facf66b58a7dc27990ac4d000a..61e5dddf6c0179147997b37d6cac1c8cfea3acd7 100644
--- a/dictionaries/login.definition.json
+++ b/dictionaries/login.definition.json
@@ -1,71 +1,71 @@
{
- "error_header": {
- "en": "Error"
- },
- "user_pass_header": {
- "en": "Enter your username and password"
- },
- "user_pass_text": {
- "en": "A service has requested you to authenticate yourself. Please enter your username and password in the form below."
- },
- "login_button": {
- "en": "Login"
- },
- "processing": {
- "en": "Processing..."
- },
- "username": {
- "en": "Username"
- },
- "organization": {
- "en": "Organization"
- },
- "password": {
- "en": "Password"
- },
- "help_header": {
- "en": "Help! I don't remember my password."
- },
- "help_text": {
- "en": "Without your username and password you cannot authenticate yourself for access to the service. There may be someone that can help you. Consult the help desk at your organization!"
- },
- "error_nopassword": {
- "en": "You sent something to the login page, but for some reason the password was not sent. Try again please."
- },
- "error_wrongpassword": {
- "en": "Incorrect username or password."
- },
- "select_home_org": {
- "en": "Choose your home organization"
- },
- "next": {
- "en": "Next"
- },
- "change_home_org_title": {
- "en": "Change your home organization"
- },
- "change_home_org_text": {
- "en": "You have chosen <b>%HOMEORG%<\/b> as your home organization. If this is wrong you may choose another one."
- },
- "change_home_org_button": {
- "en": "Choose home organization"
- },
- "help_desk_link": {
- "en": "Help desk homepage"
- },
- "help_desk_email": {
- "en": "Send e-mail to help desk"
- },
- "contact_info": {
- "en": "Contact information:"
- },
- "remember_username": {
- "en": "Remember my username"
- },
+ "error_header": {
+ "en": "Error"
+ },
+ "user_pass_header": {
+ "en": "Enter your username and password"
+ },
+ "user_pass_text": {
+ "en": "A service has requested you to authenticate yourself. Please enter your username and password in the form below."
+ },
+ "login_button": {
+ "en": "Login"
+ },
+ "processing": {
+ "en": "Processing..."
+ },
+ "username": {
+ "en": "Username"
+ },
+ "organization": {
+ "en": "Organization"
+ },
+ "password": {
+ "en": "Password"
+ },
+ "help_header": {
+ "en": "Help! I don't remember my password."
+ },
+ "help_text": {
+ "en": "Without your username and password you cannot authenticate yourself for access to the service. There may be someone that can help you. Consult the help desk at your organization!"
+ },
+ "error_nopassword": {
+ "en": "You sent something to the login page, but for some reason the password was not sent. Try again please."
+ },
+ "error_wrongpassword": {
+ "en": "Incorrect username or password."
+ },
+ "select_home_org": {
+ "en": "Choose your home organization"
+ },
+ "next": {
+ "en": "Next"
+ },
+ "change_home_org_title": {
+ "en": "Change your home organization"
+ },
+ "change_home_org_text": {
+ "en": "You have chosen <b>%HOMEORG%<\/b> as your home organization. If this is wrong you may choose another one."
+ },
+ "change_home_org_button": {
+ "en": "Choose home organization"
+ },
+ "help_desk_link": {
+ "en": "Help desk homepage"
+ },
+ "help_desk_email": {
+ "en": "Send e-mail to help desk"
+ },
+ "contact_info": {
+ "en": "Contact information:"
+ },
+ "remember_username": {
+ "en": "Remember my username"
+ },
"remember_me": {
"en": "Remember me"
},
- "remember_organization": {
- "en": "Remember my organization"
- }
+ "remember_organization": {
+ "en": "Remember my organization"
+ }
}
diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php
index 518f7ec00260d0e47e20aee5475cbf6fb83c2f1e..d7a718cd828724911c7007313c4db02af4d6fb2f 100644
--- a/modules/core/lib/Auth/UserPassOrgBase.php
+++ b/modules/core/lib/Auth/UserPassOrgBase.php
@@ -16,48 +16,48 @@ namespace SimpleSAML\Module\core\Auth;
abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
{
- /**
- * The string used to identify our states.
- */
- const STAGEID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.state';
-
-
- /**
- * The key of the AuthId field in the state.
- */
- const AUTHID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.AuthId';
-
-
- /**
- * The key of the OrgId field in the state, identifies which org was selected.
- */
- const ORGID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.SelectedOrg';
-
-
- /**
- * What way do we handle the organization as part of the username.
- * Three values:
- * 'none': Force the user to select the correct organization from the dropdown box.
- * 'allow': Allow the user to enter the organization as part of the username.
- * 'force': Remove the dropdown box.
- */
- private $usernameOrgMethod;
-
- /**
- * Storage for authsource config option remember.username.enabled
- * loginuserpass.php and loginuserpassorg.php pages/templates use this option to
- * present users with a checkbox to save their username for the next login request.
- * @var bool
- */
- protected $rememberUsernameEnabled = FALSE;
-
- /**
- * Storage for authsource config option remember.username.checked
- * loginuserpass.php and loginuserpassorg.php pages/templates use this option
- * to default the remember username checkbox to checked or not.
- * @var bool
- */
- protected $rememberUsernameChecked = FALSE;
+ /**
+ * The string used to identify our states.
+ */
+ const STAGEID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.state';
+
+
+ /**
+ * The key of the AuthId field in the state.
+ */
+ const AUTHID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.AuthId';
+
+
+ /**
+ * The key of the OrgId field in the state, identifies which org was selected.
+ */
+ const ORGID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.SelectedOrg';
+
+
+ /**
+ * What way do we handle the organization as part of the username.
+ * Three values:
+ * 'none': Force the user to select the correct organization from the dropdown box.
+ * 'allow': Allow the user to enter the organization as part of the username.
+ * 'force': Remove the dropdown box.
+ */
+ private $usernameOrgMethod;
+
+ /**
+ * Storage for authsource config option remember.username.enabled
+ * loginuserpass.php and loginuserpassorg.php pages/templates use this option to
+ * present users with a checkbox to save their username for the next login request.
+ * @var bool
+ */
+ protected $rememberUsernameEnabled = false;
+
+ /**
+ * Storage for authsource config option remember.username.checked
+ * loginuserpass.php and loginuserpassorg.php pages/templates use this option
+ * to default the remember username checkbox to checked or not.
+ * @var bool
+ */
+ protected $rememberUsernameChecked = false;
/**
* Storage for authsource config option remember.organization.enabled
@@ -65,254 +65,264 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
* with a checkbox to save their organization choice for the next login request.
* @var bool
*/
- protected $rememberOrganizationEnabled = false;
-
- /**
- * Storage for authsource config option remember.organization.checked
- * loginuserpassorg.php page/template use this option to
- * default the remember organization checkbox to checked or not.
- * @var bool
- */
- protected $rememberOrganizationChecked = false;
-
-
- /**
- * Constructor for this authentication source.
- *
- * All subclasses who implement their own constructor must call this constructor before
- * using $config for anything.
- *
- * @param array $info Information about this authentication source.
- * @param array &$config Configuration for this authentication source.
- */
- public function __construct($info, &$config) {
- assert(is_array($info));
- assert(is_array($config));
-
- // Call the parent constructor first, as required by the interface
- parent::__construct($info, $config);
-
- // Get the remember username config options
- if (isset($config['remember.username.enabled'])) {
- $this->rememberUsernameEnabled = (bool) $config['remember.username.enabled'];
- unset($config['remember.username.enabled']);
- }
- if (isset($config['remember.username.checked'])) {
- $this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
- unset($config['remember.username.checked']);
- }
+ protected $rememberOrganizationEnabled = false;
+
+ /**
+ * Storage for authsource config option remember.organization.checked
+ * loginuserpassorg.php page/template use this option to
+ * default the remember organization checkbox to checked or not.
+ * @var bool
+ */
+ protected $rememberOrganizationChecked = false;
+
+
+ /**
+ * Constructor for this authentication source.
+ *
+ * All subclasses who implement their own constructor must call this constructor before
+ * using $config for anything.
+ *
+ * @param array $info Information about this authentication source.
+ * @param array &$config Configuration for this authentication source.
+ */
+ public function __construct($info, &$config)
+ {
+ assert(is_array($info));
+ assert(is_array($config));
+
+ // Call the parent constructor first, as required by the interface
+ parent::__construct($info, $config);
+
+ // Get the remember username config options
+ if (isset($config['remember.username.enabled'])) {
+ $this->rememberUsernameEnabled = (bool) $config['remember.username.enabled'];
+ unset($config['remember.username.enabled']);
+ }
+ if (isset($config['remember.username.checked'])) {
+ $this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
+ unset($config['remember.username.checked']);
+ }
// Get the remember organization config options
if (isset($config['remember.organization.enabled'])) {
$this->rememberOrganizationEnabled = (bool) $config['remember.organization.enabled'];
unset($config['remember.organization.enabled']);
- }
- if (isset($config['remember.organization.checked'])) {
- $this->rememberOrganizationChecked = (bool) $config['remember.organization.checked'];
- unset($config['remember.organization.checked']);
- }
-
- $this->usernameOrgMethod = 'none';
- }
-
-
- /**
- * Configure the way organizations as part of the username is handled.
- *
- * There are three possible values:
- * - 'none': Force the user to select the correct organization from the dropdown box.
- * - 'allow': Allow the user to enter the organization as part of the username.
- * - 'force': Remove the dropdown box.
- *
- * If unconfigured, the default is 'none'.
- *
- * @param string $usernameOrgMethod The method which should be used.
- */
- protected function setUsernameOrgMethod($usernameOrgMethod) {
- assert(in_array($usernameOrgMethod, array('none', 'allow', 'force'), true));
-
- $this->usernameOrgMethod = $usernameOrgMethod;
- }
-
-
- /**
- * Retrieve the way organizations as part of the username should be handled.
- *
- * There are three possible values:
- * - 'none': Force the user to select the correct organization from the dropdown box.
- * - 'allow': Allow the user to enter the organization as part of the username.
- * - 'force': Remove the dropdown box.
- *
- * @return string The method which should be used.
- */
- public function getUsernameOrgMethod() {
- return $this->usernameOrgMethod;
- }
-
- /**
- * Getter for the authsource config option remember.username.enabled
- * @return bool
- */
- public function getRememberUsernameEnabled() {
- return $this->rememberUsernameEnabled;
- }
-
- /**
- * Getter for the authsource config option remember.username.checked
- * @return bool
- */
- public function getRememberUsernameChecked() {
- return $this->rememberUsernameChecked;
- }
+ }
+ if (isset($config['remember.organization.checked'])) {
+ $this->rememberOrganizationChecked = (bool) $config['remember.organization.checked'];
+ unset($config['remember.organization.checked']);
+ }
+
+ $this->usernameOrgMethod = 'none';
+ }
+
+
+ /**
+ * Configure the way organizations as part of the username is handled.
+ *
+ * There are three possible values:
+ * - 'none': Force the user to select the correct organization from the dropdown box.
+ * - 'allow': Allow the user to enter the organization as part of the username.
+ * - 'force': Remove the dropdown box.
+ *
+ * If unconfigured, the default is 'none'.
+ *
+ * @param string $usernameOrgMethod The method which should be used.
+ */
+ protected function setUsernameOrgMethod($usernameOrgMethod)
+ {
+ assert(in_array($usernameOrgMethod, array('none', 'allow', 'force'), true));
+
+ $this->usernameOrgMethod = $usernameOrgMethod;
+ }
+
+
+ /**
+ * Retrieve the way organizations as part of the username should be handled.
+ *
+ * There are three possible values:
+ * - 'none': Force the user to select the correct organization from the dropdown box.
+ * - 'allow': Allow the user to enter the organization as part of the username.
+ * - 'force': Remove the dropdown box.
+ *
+ * @return string The method which should be used.
+ */
+ public function getUsernameOrgMethod()
+ {
+ return $this->usernameOrgMethod;
+ }
+
+ /**
+ * Getter for the authsource config option remember.username.enabled
+ * @return bool
+ */
+ public function getRememberUsernameEnabled()
+ {
+ return $this->rememberUsernameEnabled;
+ }
+
+ /**
+ * Getter for the authsource config option remember.username.checked
+ * @return bool
+ */
+ public function getRememberUsernameChecked()
+ {
+ return $this->rememberUsernameChecked;
+ }
/**
* Getter for the authsource config option remember.organization.enabled
* @return bool
*/
- public function getRememberOrganizationEnabled() {
- return $this->rememberOrganizationEnabled;
- }
-
- /**
- * Getter for the authsource config option remember.organization.checked
- * @return bool
- */
- public function getRememberOrganizationChecked() {
- return $this->rememberOrganizationChecked;
- }
-
- /**
- * Initialize login.
- *
- * This function saves the information about the login, and redirects to a
- * login page.
- *
- * @param array &$state Information about the current authentication.
- */
- public function authenticate(&$state) {
- assert(is_array($state));
-
- // We are going to need the authId in order to retrieve this authentication source later
- $state[self::AUTHID] = $this->authId;
-
- $id = \SimpleSAML\Auth\State::saveState($state, self::STAGEID);
-
- $url = \SimpleSAML\Module::getModuleURL('core/loginuserpassorg.php');
- $params = array('AuthState' => $id);
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
- }
-
-
- /**
- * Attempt to log in using the given username, password and organization.
- *
- * On a successful login, this function should return the users attributes. On failure,
- * it should throw an exception/error. If the error was caused by the user entering the wrong
- * username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
- *
- * Note that both the username and the password are UTF-8 encoded.
- *
- * @param string $username The username the user wrote.
- * @param string $password The password the user wrote.
- * @param string $organization The id of the organization the user chose.
- * @return array Associative array with the user's attributes.
- */
- abstract protected function login($username, $password, $organization);
-
-
- /**
- * Retrieve list of organizations.
- *
- * The list of organizations is an associative array. The key of the array is the
- * id of the organization, and the value is the description. The value can be another
- * array, in which case that array is expected to contain language-code to
- * description mappings.
- *
- * @return array Associative array with the organizations.
- */
- abstract protected function getOrganizations();
-
-
- /**
- * Handle login request.
- *
- * This function is used by the login form (core/www/loginuserpassorg.php) when the user
- * enters a username and password. On success, it will not return. On wrong
- * username/password failure, and other errors, it will throw an exception.
- *
- * @param string $authStateId The identifier of the authentication state.
- * @param string $username The username the user wrote.
- * @param string $password The password the user wrote.
- * @param string $organization The id of the organization the user chose.
- */
- public static function handleLogin($authStateId, $username, $password, $organization) {
- assert(is_string($authStateId));
- assert(is_string($username));
- assert(is_string($password));
- assert(is_string($organization));
-
- /* Retrieve the authentication state. */
- $state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
-
- /* Find authentication source. */
- assert(array_key_exists(self::AUTHID, $state));
- $source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
- if ($source === NULL) {
- throw new \Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
- }
-
- $orgMethod = $source->getUsernameOrgMethod();
- if ($orgMethod !== 'none') {
- $tmp = explode('@', $username, 2);
- if (count($tmp) === 2) {
- $username = $tmp[0];
- $organization = $tmp[1];
- } else {
- if ($orgMethod === 'force') {
- /* The organization should be a part of the username, but isn't. */
- throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
- }
- }
- }
-
- /* Attempt to log in. */
- $attributes = $source->login($username, $password, $organization);
-
- // Add the selected Org to the state
- $state[self::ORGID] = $organization;
- $state['PersistentAuthData'][] = self::ORGID;
-
- $state['Attributes'] = $attributes;
- \SimpleSAML\Auth\Source::completeAuth($state);
- }
-
-
- /**
- * Get available organizations.
- *
- * This function is used by the login form to get the available organizations.
- *
- * @param string $authStateId The identifier of the authentication state.
- * @return array|NULL Array of organizations. NULL if the user must enter the
- * organization as part of the username.
- */
- public static function listOrganizations($authStateId) {
- assert(is_string($authStateId));
-
- /* Retrieve the authentication state. */
- $state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
-
- /* Find authentication source. */
- assert(array_key_exists(self::AUTHID, $state));
- $source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
- if ($source === NULL) {
- throw new \Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
- }
-
- $orgMethod = $source->getUsernameOrgMethod();
- if ($orgMethod === 'force') {
- return NULL;
- }
-
- return $source->getOrganizations();
- }
+ public function getRememberOrganizationEnabled()
+ {
+ return $this->rememberOrganizationEnabled;
+ }
+
+ /**
+ * Getter for the authsource config option remember.organization.checked
+ * @return bool
+ */
+ public function getRememberOrganizationChecked()
+ {
+ return $this->rememberOrganizationChecked;
+ }
+
+ /**
+ * Initialize login.
+ *
+ * This function saves the information about the login, and redirects to a
+ * login page.
+ *
+ * @param array &$state Information about the current authentication.
+ */
+ public function authenticate(&$state)
+ {
+ assert(is_array($state));
+
+ // We are going to need the authId in order to retrieve this authentication source later
+ $state[self::AUTHID] = $this->authId;
+
+ $id = \SimpleSAML\Auth\State::saveState($state, self::STAGEID);
+
+ $url = \SimpleSAML\Module::getModuleURL('core/loginuserpassorg.php');
+ $params = array('AuthState' => $id);
+ \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
+ }
+
+
+ /**
+ * Attempt to log in using the given username, password and organization.
+ *
+ * On a successful login, this function should return the users attributes. On failure,
+ * it should throw an exception/error. If the error was caused by the user entering the wrong
+ * username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
+ *
+ * Note that both the username and the password are UTF-8 encoded.
+ *
+ * @param string $username The username the user wrote.
+ * @param string $password The password the user wrote.
+ * @param string $organization The id of the organization the user chose.
+ * @return array Associative array with the user's attributes.
+ */
+ abstract protected function login($username, $password, $organization);
+
+
+ /**
+ * Retrieve list of organizations.
+ *
+ * The list of organizations is an associative array. The key of the array is the
+ * id of the organization, and the value is the description. The value can be another
+ * array, in which case that array is expected to contain language-code to
+ * description mappings.
+ *
+ * @return array Associative array with the organizations.
+ */
+ abstract protected function getOrganizations();
+
+
+ /**
+ * Handle login request.
+ *
+ * This function is used by the login form (core/www/loginuserpassorg.php) when the user
+ * enters a username and password. On success, it will not return. On wrong
+ * username/password failure, and other errors, it will throw an exception.
+ *
+ * @param string $authStateId The identifier of the authentication state.
+ * @param string $username The username the user wrote.
+ * @param string $password The password the user wrote.
+ * @param string $organization The id of the organization the user chose.
+ */
+ public static function handleLogin($authStateId, $username, $password, $organization)
+ {
+ assert(is_string($authStateId));
+ assert(is_string($username));
+ assert(is_string($password));
+ assert(is_string($organization));
+
+ /* Retrieve the authentication state. */
+ $state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
+
+ /* Find authentication source. */
+ assert(array_key_exists(self::AUTHID, $state));
+ $source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
+ if ($source === null) {
+ throw new \Exception('Could not find authentication source with id '.$state[self::AUTHID]);
+ }
+
+ $orgMethod = $source->getUsernameOrgMethod();
+ if ($orgMethod !== 'none') {
+ $tmp = explode('@', $username, 2);
+ if (count($tmp) === 2) {
+ $username = $tmp[0];
+ $organization = $tmp[1];
+ } else {
+ if ($orgMethod === 'force') {
+ /* The organization should be a part of the username, but isn't. */
+ throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
+ }
+ }
+ }
+
+ /* Attempt to log in. */
+ $attributes = $source->login($username, $password, $organization);
+
+ // Add the selected Org to the state
+ $state[self::ORGID] = $organization;
+ $state['PersistentAuthData'][] = self::ORGID;
+
+ $state['Attributes'] = $attributes;
+ \SimpleSAML\Auth\Source::completeAuth($state);
+ }
+
+
+ /**
+ * Get available organizations.
+ *
+ * This function is used by the login form to get the available organizations.
+ *
+ * @param string $authStateId The identifier of the authentication state.
+ * @return array|NULL Array of organizations. NULL if the user must enter the
+ * organization as part of the username.
+ */
+ public static function listOrganizations($authStateId)
+ {
+ assert(is_string($authStateId));
+
+ /* Retrieve the authentication state. */
+ $state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
+
+ /* Find authentication source. */
+ assert(array_key_exists(self::AUTHID, $state));
+ $source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
+ if ($source === null) {
+ throw new \Exception('Could not find authentication source with id '.$state[self::AUTHID]);
+ }
+
+ $orgMethod = $source->getUsernameOrgMethod();
+ if ($orgMethod === 'force') {
+ return null;
+ }
+
+ return $source->getOrganizations();
+ }
}
diff --git a/modules/core/templates/loginuserpass.php b/modules/core/templates/loginuserpass.php
index 210db853a470b4c075eb7a8027af29fa8b7c1580..61b16608836684e80f3589483fbefe20d30ea8f5 100644
--- a/modules/core/templates/loginuserpass.php
+++ b/modules/core/templates/loginuserpass.php
@@ -145,10 +145,10 @@ if ($this->data['errorcode'] !== null) {
<td style="padding: .4em;">
<?php
if ($this->data['rememberOrganizationEnabled']) {
- echo str_repeat("\t", 4);
- echo '<input type="checkbox" id="remember_organization" tabindex="5" name="remember_organization" value="Yes" ';
+ echo str_repeat("\t", 4);
+ echo '<input type="checkbox" id="remember_organization" tabindex="5" name="remember_organization" value="Yes" ';
echo ($this->data['rememberOrganizationChecked'] ? 'checked="Yes" /> ' : '/> ');
- echo $this->t('{login:remember_organization}');
+ echo $this->t('{login:remember_organization}');
}
?>
</td>
diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php
index 36791e16b660876c7826ab466037d2dedb86f677..2b3472b61ab77d356162f225dee1d6f9e2f01675 100644
--- a/modules/core/www/loginuserpassorg.php
+++ b/modules/core/www/loginuserpassorg.php
@@ -11,101 +11,105 @@
// Retrieve the authentication state
if (!array_key_exists('AuthState', $_REQUEST)) {
- throw new \SimpleSAML\Error\BadRequest('Missing AuthState parameter.');
+ throw new \SimpleSAML\Error\BadRequest('Missing AuthState parameter.');
}
$authStateId = $_REQUEST['AuthState'];
$state = \SimpleSAML\Auth\State::loadState($authStateId, \SimpleSAML\Module\core\Auth\UserPassOrgBase::STAGEID);
$source = \SimpleSAML\Auth\Source::getById($state[\SimpleSAML\Module\core\Auth\UserPassOrgBase::AUTHID]);
-if ($source === NULL) {
- throw new \Exception('Could not find authentication source with id ' . $state[\SimpleSAML\Module\core\Auth\UserPassOrgBase::AUTHID]);
+if ($source === null) {
+ throw new \Exception('Could not find authentication source with id '.$state[\SimpleSAML\Module\core\Auth\UserPassOrgBase::AUTHID]);
}
$organizations = \SimpleSAML\Module\core\Auth\UserPassOrgBase::listOrganizations($authStateId);
if (array_key_exists('username', $_REQUEST)) {
- $username = $_REQUEST['username'];
-} elseif ($source->getRememberUsernameEnabled() && array_key_exists($source->getAuthId() . '-username', $_COOKIE)) {
- $username = $_COOKIE[$source->getAuthId() . '-username'];
+ $username = $_REQUEST['username'];
+} elseif ($source->getRememberUsernameEnabled() && array_key_exists($source->getAuthId().'-username', $_COOKIE)) {
+ $username = $_COOKIE[$source->getAuthId().'-username'];
} elseif (isset($state['core:username'])) {
- $username = (string)$state['core:username'];
+ $username = (string) $state['core:username'];
} else {
- $username = '';
+ $username = '';
}
if (array_key_exists('password', $_REQUEST)) {
- $password = $_REQUEST['password'];
+ $password = $_REQUEST['password'];
} else {
- $password = '';
+ $password = '';
}
if (array_key_exists('organization', $_REQUEST)) {
- $organization = $_REQUEST['organization'];
-} elseif ($source->getRememberOrganizationEnabled() && array_key_exists($source->getAuthId() . '-organization', $_COOKIE)) {
- $organization = $_COOKIE[$source->getAuthId() . '-organization'];
+ $organization = $_REQUEST['organization'];
+} elseif ($source->getRememberOrganizationEnabled() && array_key_exists($source->getAuthId().'-organization', $_COOKIE)) {
+ $organization = $_COOKIE[$source->getAuthId().'-organization'];
} elseif (isset($state['core:organization'])) {
- $organization = (string)$state['core:organization'];
+ $organization = (string) $state['core:organization'];
} else {
- $organization = '';
+ $organization = '';
}
-$errorCode = NULL;
-$errorParams = NULL;
-if ($organizations === NULL || !empty($organization)) {
- if (!empty($username) && !empty($password)) {
+$errorCode = null;
+$errorParams = null;
+if ($organizations === null || !empty($organization)) {
+ if (!empty($username) && !empty($password)) {
- if ($source->getRememberUsernameEnabled()) {
- $sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();
- $params = $sessionHandler->getCookieParams();
- $params['expire'] = time();
- $params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
- \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
- }
+ if ($source->getRememberUsernameEnabled()) {
+ $sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();
+ $params = $sessionHandler->getCookieParams();
+ $params['expire'] = time();
+ $params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
+ \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId().'-username', $username, $params, false);
+ }
if ($source->getRememberOrganizationEnabled()) {
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_organization']) && $_REQUEST['remember_organization'] == 'Yes' ? 31536000 : -300);
- setcookie($source->getAuthId() . '-organization', $organization, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+ setcookie($source->getAuthId().'-organization', $organization, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
- try {
- \SimpleSAML\Module\core\Auth\UserPassOrgBase::handleLogin($authStateId, $username, $password, $organization);
- } catch (\SimpleSAML\Error\Error $e) {
- // Login failed. Extract error code and parameters, to display the error
- $errorCode = $e->getErrorCode();
- $errorParams = $e->getParameters();
- }
- }
+ try {
+ \SimpleSAML\Module\core\Auth\UserPassOrgBase::handleLogin($authStateId, $username, $password, $organization);
+ } catch (\SimpleSAML\Error\Error $e) {
+ // Login failed. Extract error code and parameters, to display the error
+ $errorCode = $e->getErrorCode();
+ $errorParams = $e->getParameters();
+ }
+ }
}
$globalConfig = \SimpleSAML\Configuration::getInstance();
$t = new \SimpleSAML\XHTML\Template($globalConfig, 'core:loginuserpass.php');
$t->data['stateparams'] = array('AuthState' => $authStateId);
$t->data['username'] = $username;
-$t->data['forceUsername'] = FALSE;
+$t->data['forceUsername'] = false;
$t->data['rememberUsernameEnabled'] = $source->getRememberUsernameEnabled();
$t->data['rememberUsernameChecked'] = $source->getRememberUsernameChecked();
$t->data['rememberMeEnabled'] = false;
$t->data['rememberMeChecked'] = false;
-if (isset($_COOKIE[$source->getAuthId() . '-username'])) $t->data['rememberUsernameChecked'] = TRUE;
+if (isset($_COOKIE[$source->getAuthId().'-username'])) {
+ $t->data['rememberUsernameChecked'] = true;
+}
$t->data['rememberOrganizationEnabled'] = $source->getRememberOrganizationEnabled();
$t->data['rememberOrganizationChecked'] = $source->getRememberOrganizationChecked();
-if (isset($_COOKIE[$source->getAuthId() . '-organization'])) $t->data['rememberOrganizationChecked'] = true;
+if (isset($_COOKIE[$source->getAuthId().'-organization'])) {
+ $t->data['rememberOrganizationChecked'] = true;
+}
$t->data['errorcode'] = $errorCode;
$t->data['errorcodes'] = \SimpleSAML\Error\ErrorCodes::getAllErrorCodeMessages();
$t->data['errorparams'] = $errorParams;
-if ($organizations !== NULL) {
- $t->data['selectedOrg'] = $organization;
- $t->data['organizations'] = $organizations;
+if ($organizations !== null) {
+ $t->data['selectedOrg'] = $organization;
+ $t->data['organizations'] = $organizations;
}
if (isset($state['SPMetadata'])) {
- $t->data['SPMetadata'] = $state['SPMetadata'];
+ $t->data['SPMetadata'] = $state['SPMetadata'];
} else {
- $t->data['SPMetadata'] = NULL;
+ $t->data['SPMetadata'] = null;
}
$t->show();
diff --git a/tests/modules/core/lib/Auth/UserPassOrgBaseTest.php b/tests/modules/core/lib/Auth/UserPassOrgBaseTest.php
index 6fb9c523f6b37957d346d34b8de102a257a977f6..cc4f546de41211534e9d89cf0251c9ba0617fd7d 100644
--- a/tests/modules/core/lib/Auth/UserPassOrgBaseTest.php
+++ b/tests/modules/core/lib/Auth/UserPassOrgBaseTest.php
@@ -1,41 +1,35 @@
<?php
- /**
- * Created by PhpStorm.
- * User: agustin
- * Date: 16.10.2017
- * Time: 12:17
- */
- namespace SimpleSAML\Test\Module\core\Auth;
+namespace SimpleSAML\Test\Module\core\Auth;
- use SimpleSAML\Module\core\Auth\UserPassOrgBase;
+use SimpleSAML\Module\core\Auth\UserPassOrgBase;
- class UserPassOrgBaseTest extends \PHPUnit_Framework_TestCase
+class UserPassOrgBaseTest extends \PHPUnit_Framework_TestCase
+{
+ public function testRememberOrganizationEnabled()
{
- public function testRememberOrganizationEnabled()
- {
- $config = array(
- 'ldap:LDAPMulti',
+ $config = array(
+ 'ldap:LDAPMulti',
- 'remember.organization.enabled' => true,
- 'remember.organization.checked' => false,
+ 'remember.organization.enabled' => true,
+ 'remember.organization.checked' => false,
- 'my-org' => array(
- 'description' => 'My organization',
- // The rest of the options are the same as those available for
- // the LDAP authentication source.
- 'hostname' => 'ldap://ldap.myorg.com',
- 'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
- // Whether SSL/TLS should be used when contacting the LDAP server.
- 'enable_tls' => false,
- )
- );
+ 'my-org' => array(
+ 'description' => 'My organization',
+ // The rest of the options are the same as those available for
+ // the LDAP authentication source.
+ 'hostname' => 'ldap://ldap.myorg.com',
+ 'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
+ // Whether SSL/TLS should be used when contacting the LDAP server.
+ 'enable_tls' => false,
+ )
+ );
- $mockUserPassOrgBase = $this->getMockBuilder(\sspmod_core_Auth_UserPassOrgBase::class)
- ->setConstructorArgs(array(array('AuthId' => 'my-org'), &$config))
- ->setMethods(array())
- ->getMockForAbstractClass();
+ $mockUserPassOrgBase = $this->getMockBuilder(\SimpleSAML\Module\core\Auth\UserPassOrgBase::class)
+ ->setConstructorArgs(array(array('AuthId' => 'my-org'), &$config))
+ ->setMethods(array())
+ ->getMockForAbstractClass();
- $this->assertTrue($mockUserPassOrgBase->getRememberOrganizationEnabled());
- }
+ $this->assertTrue($mockUserPassOrgBase->getRememberOrganizationEnabled());
}
+}