Skip to content
Snippets Groups Projects
Commit 77417184 authored by Tim van Dijen's avatar Tim van Dijen
Browse files

Fix indentation / PSR-2

parent 1b44eeec
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
config-templates/authsources.php
+ 2
2
View file @ 77417184
......@@ -277,8 +277,8 @@ $config = array(
//'remember.username.checked' => FALSE,
// Give the user an option to save their organization choice for future login
// attempts. And when enabled, what should the default be, checked or not.
//'remember.organization.enabled' => false,
// attempts. And when enabled, what should the default be, checked or not.
//'remember.organization.enabled' => false,
//'remember.organization.checked' => false,
// The way the organization as part of the username should be handled.
......
dictionaries/login.definition.json
+ 66
66
View file @ 77417184
{
"error_header": {
"en": "Error"
},
"user_pass_header": {
"en": "Enter your username and password"
},
"user_pass_text": {
"en": "A service has requested you to authenticate yourself. Please enter your username and password in the form below."
},
"login_button": {
"en": "Login"
},
"processing": {
"en": "Processing..."
},
"username": {
"en": "Username"
},
"organization": {
"en": "Organization"
},
"password": {
"en": "Password"
},
"help_header": {
"en": "Help! I don't remember my password."
},
"help_text": {
"en": "Without your username and password you cannot authenticate yourself for access to the service. There may be someone that can help you. Consult the help desk at your organization!"
},
"error_nopassword": {
"en": "You sent something to the login page, but for some reason the password was not sent. Try again please."
},
"error_wrongpassword": {
"en": "Incorrect username or password."
},
"select_home_org": {
"en": "Choose your home organization"
},
"next": {
"en": "Next"
},
"change_home_org_title": {
"en": "Change your home organization"
},
"change_home_org_text": {
"en": "You have chosen <b>%HOMEORG%<\/b> as your home organization. If this is wrong you may choose another one."
},
"change_home_org_button": {
"en": "Choose home organization"
},
"help_desk_link": {
"en": "Help desk homepage"
},
"help_desk_email": {
"en": "Send e-mail to help desk"
},
"contact_info": {
"en": "Contact information:"
},
"remember_username": {
"en": "Remember my username"
},
"error_header": {
"en": "Error"
},
"user_pass_header": {
"en": "Enter your username and password"
},
"user_pass_text": {
"en": "A service has requested you to authenticate yourself. Please enter your username and password in the form below."
},
"login_button": {
"en": "Login"
},
"processing": {
"en": "Processing..."
},
"username": {
"en": "Username"
},
"organization": {
"en": "Organization"
},
"password": {
"en": "Password"
},
"help_header": {
"en": "Help! I don't remember my password."
},
"help_text": {
"en": "Without your username and password you cannot authenticate yourself for access to the service. There may be someone that can help you. Consult the help desk at your organization!"
},
"error_nopassword": {
"en": "You sent something to the login page, but for some reason the password was not sent. Try again please."
},
"error_wrongpassword": {
"en": "Incorrect username or password."
},
"select_home_org": {
"en": "Choose your home organization"
},
"next": {
"en": "Next"
},
"change_home_org_title": {
"en": "Change your home organization"
},
"change_home_org_text": {
"en": "You have chosen <b>%HOMEORG%<\/b> as your home organization. If this is wrong you may choose another one."
},
"change_home_org_button": {
"en": "Choose home organization"
},
"help_desk_link": {
"en": "Help desk homepage"
},
"help_desk_email": {
"en": "Send e-mail to help desk"
},
"contact_info": {
"en": "Contact information:"
},
"remember_username": {
"en": "Remember my username"
},
"remember_me": {
"en": "Remember me"
},
"remember_organization": {
"en": "Remember my organization"
}
"remember_organization": {
"en": "Remember my organization"
}
}
modules/core/lib/Auth/UserPassOrgBase.php
+ 293
283
View file @ 77417184
......@@ -16,48 +16,48 @@ namespace SimpleSAML\Module\core\Auth;
abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
{
/**
* The string used to identify our states.
*/
const STAGEID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.state';
/**
* The key of the AuthId field in the state.
*/
const AUTHID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.AuthId';
/**
* The key of the OrgId field in the state, identifies which org was selected.
*/
const ORGID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.SelectedOrg';
/**
* What way do we handle the organization as part of the username.
* Three values:
* 'none': Force the user to select the correct organization from the dropdown box.
* 'allow': Allow the user to enter the organization as part of the username.
* 'force': Remove the dropdown box.
*/
private $usernameOrgMethod;
/**
* Storage for authsource config option remember.username.enabled
* loginuserpass.php and loginuserpassorg.php pages/templates use this option to
* present users with a checkbox to save their username for the next login request.
* @var bool
*/
protected $rememberUsernameEnabled = FALSE;
/**
* Storage for authsource config option remember.username.checked
* loginuserpass.php and loginuserpassorg.php pages/templates use this option
* to default the remember username checkbox to checked or not.
* @var bool
*/
protected $rememberUsernameChecked = FALSE;
/**
* The string used to identify our states.
*/
const STAGEID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.state';
/**
* The key of the AuthId field in the state.
*/
const AUTHID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.AuthId';
/**
* The key of the OrgId field in the state, identifies which org was selected.
*/
const ORGID = '\SimpleSAML\Module\core\Auth\UserPassOrgBase.SelectedOrg';
/**
* What way do we handle the organization as part of the username.
* Three values:
* 'none': Force the user to select the correct organization from the dropdown box.
* 'allow': Allow the user to enter the organization as part of the username.
* 'force': Remove the dropdown box.
*/
private $usernameOrgMethod;
/**
* Storage for authsource config option remember.username.enabled
* loginuserpass.php and loginuserpassorg.php pages/templates use this option to
* present users with a checkbox to save their username for the next login request.
* @var bool
*/
protected $rememberUsernameEnabled = false;
/**
* Storage for authsource config option remember.username.checked
* loginuserpass.php and loginuserpassorg.php pages/templates use this option
* to default the remember username checkbox to checked or not.
* @var bool
*/
protected $rememberUsernameChecked = false;
/**
* Storage for authsource config option remember.organization.enabled
......@@ -65,254 +65,264 @@ abstract class UserPassOrgBase extends \SimpleSAML\Auth\Source
* with a checkbox to save their organization choice for the next login request.
* @var bool
*/
protected $rememberOrganizationEnabled = false;
/**
* Storage for authsource config option remember.organization.checked
* loginuserpassorg.php page/template use this option to
* default the remember organization checkbox to checked or not.
* @var bool
*/
protected $rememberOrganizationChecked = false;
/**
* Constructor for this authentication source.
*
* All subclasses who implement their own constructor must call this constructor before
* using $config for anything.
*
* @param array $info Information about this authentication source.
* @param array &$config Configuration for this authentication source.
*/
public function __construct($info, &$config) {
assert(is_array($info));
assert(is_array($config));
// Call the parent constructor first, as required by the interface
parent::__construct($info, $config);
// Get the remember username config options
if (isset($config['remember.username.enabled'])) {
$this->rememberUsernameEnabled = (bool) $config['remember.username.enabled'];
unset($config['remember.username.enabled']);
}
if (isset($config['remember.username.checked'])) {
$this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
unset($config['remember.username.checked']);
}
protected $rememberOrganizationEnabled = false;
/**
* Storage for authsource config option remember.organization.checked
* loginuserpassorg.php page/template use this option to
* default the remember organization checkbox to checked or not.
* @var bool
*/
protected $rememberOrganizationChecked = false;
/**
* Constructor for this authentication source.
*
* All subclasses who implement their own constructor must call this constructor before
* using $config for anything.
*
* @param array $info Information about this authentication source.
* @param array &$config Configuration for this authentication source.
*/
public function __construct($info, &$config)
{
assert(is_array($info));
assert(is_array($config));
// Call the parent constructor first, as required by the interface
parent::__construct($info, $config);
// Get the remember username config options
if (isset($config['remember.username.enabled'])) {
$this->rememberUsernameEnabled = (bool) $config['remember.username.enabled'];
unset($config['remember.username.enabled']);
}
if (isset($config['remember.username.checked'])) {
$this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
unset($config['remember.username.checked']);
}
// Get the remember organization config options
if (isset($config['remember.organization.enabled'])) {
$this->rememberOrganizationEnabled = (bool) $config['remember.organization.enabled'];
unset($config['remember.organization.enabled']);
}
if (isset($config['remember.organization.checked'])) {
$this->rememberOrganizationChecked = (bool) $config['remember.organization.checked'];
unset($config['remember.organization.checked']);
}
$this->usernameOrgMethod = 'none';
}
/**
* Configure the way organizations as part of the username is handled.
*
* There are three possible values:
* - 'none': Force the user to select the correct organization from the dropdown box.
* - 'allow': Allow the user to enter the organization as part of the username.
* - 'force': Remove the dropdown box.
*
* If unconfigured, the default is 'none'.
*
* @param string $usernameOrgMethod The method which should be used.
*/
protected function setUsernameOrgMethod($usernameOrgMethod) {
assert(in_array($usernameOrgMethod, array('none', 'allow', 'force'), true));
$this->usernameOrgMethod = $usernameOrgMethod;
}
/**
* Retrieve the way organizations as part of the username should be handled.
*
* There are three possible values:
* - 'none': Force the user to select the correct organization from the dropdown box.
* - 'allow': Allow the user to enter the organization as part of the username.
* - 'force': Remove the dropdown box.
*
* @return string The method which should be used.
*/
public function getUsernameOrgMethod() {
return $this->usernameOrgMethod;
}
/**
* Getter for the authsource config option remember.username.enabled
* @return bool
*/
public function getRememberUsernameEnabled() {
return $this->rememberUsernameEnabled;
}
/**
* Getter for the authsource config option remember.username.checked
* @return bool
*/
public function getRememberUsernameChecked() {
return $this->rememberUsernameChecked;
}
}
if (isset($config['remember.organization.checked'])) {
$this->rememberOrganizationChecked = (bool) $config['remember.organization.checked'];
unset($config['remember.organization.checked']);
}
$this->usernameOrgMethod = 'none';
}
/**
* Configure the way organizations as part of the username is handled.
*
* There are three possible values:
* - 'none': Force the user to select the correct organization from the dropdown box.
* - 'allow': Allow the user to enter the organization as part of the username.
* - 'force': Remove the dropdown box.
*
* If unconfigured, the default is 'none'.
*
* @param string $usernameOrgMethod The method which should be used.
*/
protected function setUsernameOrgMethod($usernameOrgMethod)
{
assert(in_array($usernameOrgMethod, array('none', 'allow', 'force'), true));
$this->usernameOrgMethod = $usernameOrgMethod;
}
/**
* Retrieve the way organizations as part of the username should be handled.
*
* There are three possible values:
* - 'none': Force the user to select the correct organization from the dropdown box.
* - 'allow': Allow the user to enter the organization as part of the username.
* - 'force': Remove the dropdown box.
*
* @return string The method which should be used.
*/
public function getUsernameOrgMethod()
{
return $this->usernameOrgMethod;
}
/**
* Getter for the authsource config option remember.username.enabled
* @return bool
*/
public function getRememberUsernameEnabled()
{
return $this->rememberUsernameEnabled;
}
/**
* Getter for the authsource config option remember.username.checked
* @return bool
*/
public function getRememberUsernameChecked()
{
return $this->rememberUsernameChecked;
}
/**
* Getter for the authsource config option remember.organization.enabled
* @return bool
*/
public function getRememberOrganizationEnabled() {
return $this->rememberOrganizationEnabled;
}
/**
* Getter for the authsource config option remember.organization.checked
* @return bool
*/
public function getRememberOrganizationChecked() {
return $this->rememberOrganizationChecked;
}
/**
* Initialize login.
*
* This function saves the information about the login, and redirects to a
* login page.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state) {
assert(is_array($state));
// We are going to need the authId in order to retrieve this authentication source later
$state[self::AUTHID] = $this->authId;
$id = \SimpleSAML\Auth\State::saveState($state, self::STAGEID);
$url = \SimpleSAML\Module::getModuleURL('core/loginuserpassorg.php');
$params = array('AuthState' => $id);
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
}
/**
* Attempt to log in using the given username, password and organization.
*
* On a successful login, this function should return the users attributes. On failure,
* it should throw an exception/error. If the error was caused by the user entering the wrong
* username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
*
* Note that both the username and the password are UTF-8 encoded.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @param string $organization The id of the organization the user chose.
* @return array Associative array with the user's attributes.
*/
abstract protected function login($username, $password, $organization);
/**
* Retrieve list of organizations.
*
* The list of organizations is an associative array. The key of the array is the
* id of the organization, and the value is the description. The value can be another
* array, in which case that array is expected to contain language-code to
* description mappings.
*
* @return array Associative array with the organizations.
*/
abstract protected function getOrganizations();
/**
* Handle login request.
*
* This function is used by the login form (core/www/loginuserpassorg.php) when the user
* enters a username and password. On success, it will not return. On wrong
* username/password failure, and other errors, it will throw an exception.
*
* @param string $authStateId The identifier of the authentication state.
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @param string $organization The id of the organization the user chose.
*/
public static function handleLogin($authStateId, $username, $password, $organization) {
assert(is_string($authStateId));
assert(is_string($username));
assert(is_string($password));
assert(is_string($organization));
/* Retrieve the authentication state. */
$state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert(array_key_exists(self::AUTHID, $state));
$source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new \Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
$orgMethod = $source->getUsernameOrgMethod();
if ($orgMethod !== 'none') {
$tmp = explode('@', $username, 2);
if (count($tmp) === 2) {
$username = $tmp[0];
$organization = $tmp[1];
} else {
if ($orgMethod === 'force') {
/* The organization should be a part of the username, but isn't. */
throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
}
}
}
/* Attempt to log in. */
$attributes = $source->login($username, $password, $organization);
// Add the selected Org to the state
$state[self::ORGID] = $organization;
$state['PersistentAuthData'][] = self::ORGID;
$state['Attributes'] = $attributes;
\SimpleSAML\Auth\Source::completeAuth($state);
}
/**
* Get available organizations.
*
* This function is used by the login form to get the available organizations.
*
* @param string $authStateId The identifier of the authentication state.
* @return array|NULL Array of organizations. NULL if the user must enter the
* organization as part of the username.
*/
public static function listOrganizations($authStateId) {
assert(is_string($authStateId));
/* Retrieve the authentication state. */
$state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert(array_key_exists(self::AUTHID, $state));
$source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new \Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
$orgMethod = $source->getUsernameOrgMethod();
if ($orgMethod === 'force') {
return NULL;
}
return $source->getOrganizations();
}
public function getRememberOrganizationEnabled()
{
return $this->rememberOrganizationEnabled;
}
/**
* Getter for the authsource config option remember.organization.checked
* @return bool
*/
public function getRememberOrganizationChecked()
{
return $this->rememberOrganizationChecked;
}
/**
* Initialize login.
*
* This function saves the information about the login, and redirects to a
* login page.
*
* @param array &$state Information about the current authentication.
*/
public function authenticate(&$state)
{
assert(is_array($state));
// We are going to need the authId in order to retrieve this authentication source later
$state[self::AUTHID] = $this->authId;
$id = \SimpleSAML\Auth\State::saveState($state, self::STAGEID);
$url = \SimpleSAML\Module::getModuleURL('core/loginuserpassorg.php');
$params = array('AuthState' => $id);
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, $params);
}
/**
* Attempt to log in using the given username, password and organization.
*
* On a successful login, this function should return the users attributes. On failure,
* it should throw an exception/error. If the error was caused by the user entering the wrong
* username or password, a \SimpleSAML\Error\Error('WRONGUSERPASS') should be thrown.
*
* Note that both the username and the password are UTF-8 encoded.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @param string $organization The id of the organization the user chose.
* @return array Associative array with the user's attributes.
*/
abstract protected function login($username, $password, $organization);
/**
* Retrieve list of organizations.
*
* The list of organizations is an associative array. The key of the array is the
* id of the organization, and the value is the description. The value can be another
* array, in which case that array is expected to contain language-code to
* description mappings.
*
* @return array Associative array with the organizations.
*/
abstract protected function getOrganizations();
/**
* Handle login request.
*
* This function is used by the login form (core/www/loginuserpassorg.php) when the user
* enters a username and password. On success, it will not return. On wrong
* username/password failure, and other errors, it will throw an exception.
*
* @param string $authStateId The identifier of the authentication state.
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @param string $organization The id of the organization the user chose.
*/
public static function handleLogin($authStateId, $username, $password, $organization)
{
assert(is_string($authStateId));
assert(is_string($username));
assert(is_string($password));
assert(is_string($organization));
/* Retrieve the authentication state. */
$state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert(array_key_exists(self::AUTHID, $state));
$source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$state[self::AUTHID]);
}
$orgMethod = $source->getUsernameOrgMethod();
if ($orgMethod !== 'none') {
$tmp = explode('@', $username, 2);
if (count($tmp) === 2) {
$username = $tmp[0];
$organization = $tmp[1];
} else {
if ($orgMethod === 'force') {
/* The organization should be a part of the username, but isn't. */
throw new \SimpleSAML\Error\Error('WRONGUSERPASS');
}
}
}
/* Attempt to log in. */
$attributes = $source->login($username, $password, $organization);
// Add the selected Org to the state
$state[self::ORGID] = $organization;
$state['PersistentAuthData'][] = self::ORGID;
$state['Attributes'] = $attributes;
\SimpleSAML\Auth\Source::completeAuth($state);
}
/**
* Get available organizations.
*
* This function is used by the login form to get the available organizations.
*
* @param string $authStateId The identifier of the authentication state.
* @return array|NULL Array of organizations. NULL if the user must enter the
* organization as part of the username.
*/
public static function listOrganizations($authStateId)
{
assert(is_string($authStateId));
/* Retrieve the authentication state. */
$state = \SimpleSAML\Auth\State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert(array_key_exists(self::AUTHID, $state));
$source = \SimpleSAML\Auth\Source::getById($state[self::AUTHID]);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$state[self::AUTHID]);
}
$orgMethod = $source->getUsernameOrgMethod();
if ($orgMethod === 'force') {
return null;
}
return $source->getOrganizations();
}
}
modules/core/templates/loginuserpass.php
+ 3
3
View file @ 77417184
......@@ -145,10 +145,10 @@ if ($this->data['errorcode'] !== null) {
<td style="padding: .4em;">
<?php
if ($this->data['rememberOrganizationEnabled']) {
echo str_repeat("\t", 4);
echo '<input type="checkbox" id="remember_organization" tabindex="5" name="remember_organization" value="Yes" ';
echo str_repeat("\t", 4);
echo '<input type="checkbox" id="remember_organization" tabindex="5" name="remember_organization" value="Yes" ';
echo ($this->data['rememberOrganizationChecked'] ? 'checked="Yes" /> ' : '/> ');
echo $this->t('{login:remember_organization}');
echo $this->t('{login:remember_organization}');
}
?>
</td>
......
modules/core/www/loginuserpassorg.php
+ 47
43
View file @ 77417184
......@@ -11,101 +11,105 @@
// Retrieve the authentication state
if (!array_key_exists('AuthState', $_REQUEST)) {
throw new \SimpleSAML\Error\BadRequest('Missing AuthState parameter.');
throw new \SimpleSAML\Error\BadRequest('Missing AuthState parameter.');
}
$authStateId = $_REQUEST['AuthState'];
$state = \SimpleSAML\Auth\State::loadState($authStateId, \SimpleSAML\Module\core\Auth\UserPassOrgBase::STAGEID);
$source = \SimpleSAML\Auth\Source::getById($state[\SimpleSAML\Module\core\Auth\UserPassOrgBase::AUTHID]);
if ($source === NULL) {
throw new \Exception('Could not find authentication source with id ' . $state[\SimpleSAML\Module\core\Auth\UserPassOrgBase::AUTHID]);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$state[\SimpleSAML\Module\core\Auth\UserPassOrgBase::AUTHID]);
}
$organizations = \SimpleSAML\Module\core\Auth\UserPassOrgBase::listOrganizations($authStateId);
if (array_key_exists('username', $_REQUEST)) {
$username = $_REQUEST['username'];
} elseif ($source->getRememberUsernameEnabled() && array_key_exists($source->getAuthId() . '-username', $_COOKIE)) {
$username = $_COOKIE[$source->getAuthId() . '-username'];
$username = $_REQUEST['username'];
} elseif ($source->getRememberUsernameEnabled() && array_key_exists($source->getAuthId().'-username', $_COOKIE)) {
$username = $_COOKIE[$source->getAuthId().'-username'];
} elseif (isset($state['core:username'])) {
$username = (string)$state['core:username'];
$username = (string) $state['core:username'];
} else {
$username = '';
$username = '';
}
if (array_key_exists('password', $_REQUEST)) {
$password = $_REQUEST['password'];
$password = $_REQUEST['password'];
} else {
$password = '';
$password = '';
}
if (array_key_exists('organization', $_REQUEST)) {
$organization = $_REQUEST['organization'];
} elseif ($source->getRememberOrganizationEnabled() && array_key_exists($source->getAuthId() . '-organization', $_COOKIE)) {
$organization = $_COOKIE[$source->getAuthId() . '-organization'];
$organization = $_REQUEST['organization'];
} elseif ($source->getRememberOrganizationEnabled() && array_key_exists($source->getAuthId().'-organization', $_COOKIE)) {
$organization = $_COOKIE[$source->getAuthId().'-organization'];
} elseif (isset($state['core:organization'])) {
$organization = (string)$state['core:organization'];
$organization = (string) $state['core:organization'];
} else {
$organization = '';
$organization = '';
}
$errorCode = NULL;
$errorParams = NULL;
if ($organizations === NULL || !empty($organization)) {
if (!empty($username) && !empty($password)) {
$errorCode = null;
$errorParams = null;
if ($organizations === null || !empty($organization)) {
if (!empty($username) && !empty($password)) {
if ($source->getRememberUsernameEnabled()) {
$sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
\SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
}
if ($source->getRememberUsernameEnabled()) {
$sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
\SimpleSAML\Utils\HTTP::setCookie($source->getAuthId().'-username', $username, $params, false);
}
if ($source->getRememberOrganizationEnabled()) {
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_organization']) && $_REQUEST['remember_organization'] == 'Yes' ? 31536000 : -300);
setcookie($source->getAuthId() . '-organization', $organization, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
setcookie($source->getAuthId().'-organization', $organization, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
try {
\SimpleSAML\Module\core\Auth\UserPassOrgBase::handleLogin($authStateId, $username, $password, $organization);
} catch (\SimpleSAML\Error\Error $e) {
// Login failed. Extract error code and parameters, to display the error
$errorCode = $e->getErrorCode();
$errorParams = $e->getParameters();
}
}
try {
\SimpleSAML\Module\core\Auth\UserPassOrgBase::handleLogin($authStateId, $username, $password, $organization);
} catch (\SimpleSAML\Error\Error $e) {
// Login failed. Extract error code and parameters, to display the error
$errorCode = $e->getErrorCode();
$errorParams = $e->getParameters();
}
}
}
$globalConfig = \SimpleSAML\Configuration::getInstance();
$t = new \SimpleSAML\XHTML\Template($globalConfig, 'core:loginuserpass.php');
$t->data['stateparams'] = array('AuthState' => $authStateId);
$t->data['username'] = $username;
$t->data['forceUsername'] = FALSE;
$t->data['forceUsername'] = false;
$t->data['rememberUsernameEnabled'] = $source->getRememberUsernameEnabled();
$t->data['rememberUsernameChecked'] = $source->getRememberUsernameChecked();
$t->data['rememberMeEnabled'] = false;
$t->data['rememberMeChecked'] = false;
if (isset($_COOKIE[$source->getAuthId() . '-username'])) $t->data['rememberUsernameChecked'] = TRUE;
if (isset($_COOKIE[$source->getAuthId().'-username'])) {
$t->data['rememberUsernameChecked'] = true;
}
$t->data['rememberOrganizationEnabled'] = $source->getRememberOrganizationEnabled();
$t->data['rememberOrganizationChecked'] = $source->getRememberOrganizationChecked();
if (isset($_COOKIE[$source->getAuthId() . '-organization'])) $t->data['rememberOrganizationChecked'] = true;
if (isset($_COOKIE[$source->getAuthId().'-organization'])) {
$t->data['rememberOrganizationChecked'] = true;
}
$t->data['errorcode'] = $errorCode;
$t->data['errorcodes'] = \SimpleSAML\Error\ErrorCodes::getAllErrorCodeMessages();
$t->data['errorparams'] = $errorParams;
if ($organizations !== NULL) {
$t->data['selectedOrg'] = $organization;
$t->data['organizations'] = $organizations;
if ($organizations !== null) {
$t->data['selectedOrg'] = $organization;
$t->data['organizations'] = $organizations;
}
if (isset($state['SPMetadata'])) {
$t->data['SPMetadata'] = $state['SPMetadata'];
$t->data['SPMetadata'] = $state['SPMetadata'];
} else {
$t->data['SPMetadata'] = NULL;
$t->data['SPMetadata'] = null;
}
$t->show();
......
tests/modules/core/lib/Auth/UserPassOrgBaseTest.php
+ 25
31
View file @ 77417184
<?php
/**
* Created by PhpStorm.
* User: agustin
* Date: 16.10.2017
* Time: 12:17
*/
namespace SimpleSAML\Test\Module\core\Auth;
namespace SimpleSAML\Test\Module\core\Auth;
use SimpleSAML\Module\core\Auth\UserPassOrgBase;
use SimpleSAML\Module\core\Auth\UserPassOrgBase;
class UserPassOrgBaseTest extends \PHPUnit_Framework_TestCase
class UserPassOrgBaseTest extends \PHPUnit_Framework_TestCase
{
public function testRememberOrganizationEnabled()
{
public function testRememberOrganizationEnabled()
{
$config = array(
'ldap:LDAPMulti',
$config = array(
'ldap:LDAPMulti',
'remember.organization.enabled' => true,
'remember.organization.checked' => false,
'remember.organization.enabled' => true,
'remember.organization.checked' => false,
'my-org' => array(
'description' => 'My organization',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap://ldap.myorg.com',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => false,
)
);
'my-org' => array(
'description' => 'My organization',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap://ldap.myorg.com',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => false,
)
);
$mockUserPassOrgBase = $this->getMockBuilder(\sspmod_core_Auth_UserPassOrgBase::class)
->setConstructorArgs(array(array('AuthId' => 'my-org'), &$config))
->setMethods(array())
->getMockForAbstractClass();
$mockUserPassOrgBase = $this->getMockBuilder(\SimpleSAML\Module\core\Auth\UserPassOrgBase::class)
->setConstructorArgs(array(array('AuthId' => 'my-org'), &$config))
->setMethods(array())
->getMockForAbstractClass();
$this->assertTrue($mockUserPassOrgBase->getRememberOrganizationEnabled());
}
$this->assertTrue($mockUserPassOrgBase->getRememberOrganizationEnabled());
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment