Extracted the attribute filtering code into AttributeFilter

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@328 44740490-163a-0410-bde0-09ae8108e29a

Extracted the attribute filtering code into AttributeFilter
84ee16ae · Andreas Åkre Solberg · a8b4c26b · 84ee16ae · 84ee16ae · 84ee16ae
Commit 84ee16ae authored 17 years ago by Andreas Åkre Solberg
--- a/lib/SimpleSAML/XML/AttributeFilter.php
+++ b/lib/SimpleSAML/XML/AttributeFilter.php
 <?php
 require_once('SimpleSAML/Configuration.php');
+require_once('SimpleSAML/Logger.php');
 /**
 * AttributeFilter is a mapping between attribute names.
@@ -19,6 +20,58 @@ class SimpleSAML_XML_AttributeFilter {
 	}
+	/**
+	 * Will process attribute napping, and altering based on metadata.
+	 */
+	public function process($idpmetadata, $spmetadata) {
+		if (isset($idpmetadata['attributemap'])) {
+			SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
+			$this->namemap($idpmetadata['attributemap']);
+		}
+		if (isset($spmetadata['attributemap'])) {
+			SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
+			$this->namemap($spmetadata['attributemap']);
+		}
+		if (isset($idpmetadata['attributealter'])) {
+			if (!is_array($idpmetadata['attributealter'])) {
+				SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
+				$this->alter($idpmetadata['attributealter']);
+			} else {
+				foreach($idpmetadata['attributealter'] AS $alterfunc) {
+					SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
+					$this->alter($alterfunc);
+				}
+			}
+		}
+		if (isset($spmetadata['attributealter'])) {
+			if (!is_array($spmetadata['attributealter'])) {
+				SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
+				$this->alter($spmetadata['attributealter']);
+			} else {
+				foreach($spmetadata['attributealter'] AS $alterfunc) {
+					SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
+					$this->alter($alterfunc);
+				}
+			}
+		}
+	}
+	public function processFilter($idpmetadata, $spmetadata) {
+		/**
+		 * Filter away attributes that are not allowed for this SP.
+		 */
+		if (isset($spmetadata['attributes'])) {
+			SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
+			$this->filter($spmetadata['attributes']);
+		}
+	}
 	public function namemap($map) {
 		$mapfile = $this->configuration->getPathValue('attributenamemapdir') . $map . '.php';

--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -187,37 +187,8 @@ if (!isset($session) || !$session->isValid($authority) ) {
 		 * Attribute handling
 		 */
 		$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
-		if (isset($idpmetadata['attributemap'])) {
-			SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
+		$afilter->process($idpmetadata, $spmetadata);
-			$afilter->namemap($idpmetadata['attributemap']);
-		}
-		if (isset($spmetadata['attributemap'])) {
-			SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
-			$afilter->namemap($spmetadata['attributemap']);
-		}
-		if (isset($idpmetadata['attributealter'])) {
-			if (!is_array($idpmetadata['attributealter'])) {
-				SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
-				$afilter->alter($idpmetadata['attributealter']);
-			} else {
-				foreach($idpmetadata['attributealter'] AS $alterfunc) {
-					SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
-					$afilter->alter($alterfunc);
-				}
-			}
-		}
-		if (isset($spmetadata['attributealter'])) {
-			if (!is_array($spmetadata['attributealter'])) {
-				SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
-				$afilter->alter($spmetadata['attributealter']);
-			} else {
-				foreach($spmetadata['attributealter'] AS $alterfunc) {
-					SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
-					$afilter->alter($alterfunc);
-				}
-			}
-		}
 		/**
 		 * Make a log entry in the statistics for this SSO login.
 		 */
@@ -233,18 +204,11 @@ if (!isset($session) || !$session->isValid($authority) ) {
 		} 
 		SimpleSAML_Logger::stats('saml20-idp-SSO ' . $spentityid . ' ' . $idpentityid . ' ' . $realmstr);
-		/**
-		 * Filter away attributes that are not allowed for this SP.
-		 */
-		if (isset($spmetadata['attributes'])) {
-			SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
-			$afilter->filter($spmetadata['attributes']);
-		}
-		$filteredattributes = $afilter->getAttributes();
+		$afilter->processFilter($idpmetadata, $spmetadata);
+		$filteredattributes = $afilter->getAttributes();
 		// Generate an SAML 2.0 AuthNResponse message
 		$ar = new SimpleSAML_XML_SAML20_AuthnResponse($config, $metadata);

--- a/www/shib13/idp/SSOService.php
+++ b/www/shib13/idp/SSOService.php
@@ -135,50 +135,15 @@ if (!$session->isAuthenticated($authority) ) {
 	try {
-		//$session->add_sp_session($authnrequest->getIssuer());
-		//$session->setAttribute('eduPersonAffiliation', array('student'));
 		$spentityid = $requestcache['Issuer'];
 		$spmetadata = $metadata->getMetaData($spentityid, 'shib13-sp-remote');
 		/*
 		 * Attribute handling
 		 */
 		$afilter = new SimpleSAML_XML_AttributeFilter($config, $session->getAttributes());
-		if (isset($idpmetadata['attributemap'])) {
+		$afilter->process($idpmetadata, $spmetadata);
-			SimpleSAML_Logger::debug('Applying IdP specific attributemap: ' . $idpmetadata['attributemap']);
-			$afilter->namemap($idpmetadata['attributemap']);
-		}
-		if (isset($spmetadata['attributemap'])) {
-			SimpleSAML_Logger::debug('Applying SP specific attributemap: ' . $spmetadata['attributemap']);
-			$afilter->namemap($spmetadata['attributemap']);
-		}
-		if (isset($idpmetadata['attributealter'])) {
-			if (!is_array($idpmetadata['attributealter'])) {
-				SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $idpmetadata['attributealter']);
-				$afilter->alter($idpmetadata['attributealter']);
-			} else {
-				foreach($idpmetadata['attributealter'] AS $alterfunc) {
-					SimpleSAML_Logger::debug('Applying IdP specific attribute alter: ' . $alterfunc);
-					$afilter->alter($alterfunc);
-				}
-			}
-		}
-		if (isset($spmetadata['attributealter'])) {
-			if (!is_array($spmetadata['attributealter'])) {
-				SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $spmetadata['attributealter']);
-				$afilter->alter($spmetadata['attributealter']);
-			} else {
-				foreach($spmetadata['attributealter'] AS $alterfunc) {
-					SimpleSAML_Logger::debug('Applying SP specific attribute alter: ' . $alterfunc);
-					$afilter->alter($alterfunc);
-				}
-			}
-		}
 		/**
 		 * Make a log entry in the statistics for this SSO login.
@@ -198,15 +163,11 @@ if (!$session->isAuthenticated($authority) ) {
 		/**
 		 * Filter away attributes that are not allowed for this SP.
 		 */
-		if (isset($spmetadata['attributes'])) {
+		$afilter->processFilter($idpmetadata, $spmetadata);
-			SimpleSAML_Logger::debug('Applying SP specific attribute filter: ' . join(',', $spmetadata['attributes']));
-			$afilter->filter($spmetadata['attributes']);
-		}
 		$filteredattributes = $afilter->getAttributes();
 		// Generating a Shibboleth 1.3 Response.
 		$ar = new SimpleSAML_XML_Shib13_AuthnResponse($config, $metadata);
 		$authnResponseXML = $ar->generate($idpentityid, $requestcache['Issuer'],