diff --git a/docs/simplesamlphp-upgrade-notes-1.14.txt b/docs/simplesamlphp-upgrade-notes-1.14.txt
index bc3bf5378c78d8c9b13e8eb663935d4c2ba374e1..9dbadd8133e62f5fc6283b1cb055ab6bbaff273a 100644
--- a/docs/simplesamlphp-upgrade-notes-1.14.txt
+++ b/docs/simplesamlphp-upgrade-notes-1.14.txt
@@ -86,6 +86,7 @@ The following methods have changed their signature. Refer to the code for the up
The following methods and classes have been deprecated. Refer to the code for alternatives:
* `SimpleSAML_Auth_Default`
+ * `SimpleSAML_Auth_Default::extractPersistentAuthState()`
* `SimpleSAML_Utilities`
* `SimpleSAML_Utilities::addURLParameter()`
* `SimpleSAML_Utilities::aesDecrypt()`
diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php
index 049855432538f4b7d9d2cd231e9f5c6106ed03cf..b50e778f8df2bf0e664fc57302c10b40656b0113 100644
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -8,6 +8,8 @@
*
* @author Olav Morken, UNINETT AS.
* @package simpleSAMLphp
+ *
+ * @deprecated This class will be removed in SSP 2.0.
*/
class SimpleSAML_Auth_Default {
@@ -78,33 +80,14 @@ class SimpleSAML_Auth_Default {
*
* @param array $state The state after the login.
* @return array The persistent authentication state.
+ *
+ * @deprecated This method will be removed in SSP 2.0. Please use
+ * SimpleSAML_Auth_State::extractPersistentAuthState() instead.
*/
public static function extractPersistentAuthState(array &$state) {
- /* Save persistent authentication data. */
- $persistentAuthState = array();
-
- if (isset($state['IdP'])) {
- /* For backwards compatibility. */
- $persistentAuthState['saml:sp:IdP'] = $state['IdP'];
- }
-
- if (isset($state['PersistentAuthData'])) {
- foreach ($state['PersistentAuthData'] as $key) {
- if (isset($state[$key])) {
- $persistentAuthState[$key] = $state[$key];
- }
- }
- }
-
- /* Add those that should always be included. */
- foreach (array('Attributes', 'Expire', 'LogoutState', 'AuthnInstant', 'RememberMe', 'saml:sp:NameID') as $a) {
- if (isset($state[$a])) {
- $persistentAuthState[$a] = $state[$a];
- }
- }
-
- return $persistentAuthState;
+ $state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
+ return $state;
}
@@ -124,7 +107,9 @@ class SimpleSAML_Auth_Default {
/* Save session state. */
$session = SimpleSAML_Session::getSessionFromRequest();
- $session->doLogin($state['SimpleSAML_Auth_Default.id'], self::extractPersistentAuthState($state));
+ $authId = $state['SimpleSAML_Auth_Default.id'];
+ $state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
+ $session->doLogin($authId, $state);
if (is_string($return)) {
/* Redirect... */
@@ -263,7 +248,7 @@ class SimpleSAML_Auth_Default {
assert('is_string($redirectTo)');
$session = SimpleSAML_Session::getSessionFromRequest();
- $session->doLogin($authId, self::extractPersistentAuthState($state));
+ $session->doLogin($authId, SimpleSAML_Auth_State::extractPersistentAuthState($state));
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($redirectTo);
}
diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index 4f5e263be43e255900a6f1d7f87970435e3a58cf..5d6ebc6148e7d094c1332a54a149522217786962 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -91,6 +91,44 @@ class SimpleSAML_Auth_State {
private static $stateTimeout = NULL;
+ /**
+ * Extract the persistent authentication state from the state array.
+ *
+ * @param array $state The state array to analyze.
+ * @return array The persistent authentication state.
+ */
+ public static function extractPersistentAuthState(array $state)
+ {
+ // save persistent authentication data
+ $persistent = array();
+
+ if (array_key_exists('PersistentAuthData', $state)) {
+ foreach ($state['PersistentAuthData'] as $key) {
+ if (isset($state[$key])) {
+ $persistent[$key] = $state[$key];
+ }
+ }
+ }
+
+ // add those that should always be included
+ $mandatory = array(
+ 'Attributes',
+ 'Expire',
+ 'LogoutState',
+ 'AuthInstant',
+ 'RememberMe',
+ 'saml:sp:NameID'
+ );
+ foreach ($mandatory as $key) {
+ if (isset($state[$key])) {
+ $persistent[$key] = $state[$key];
+ }
+ }
+
+ return $persistent;
+ }
+
+
/**
* Retrieve the ID of a state array.
*
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index e5140681ef8b4bf475e17aa2c1364abb6d4025bc..569f2b5c6f97310d74ef4d54a64768ad8a061513 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -439,7 +439,9 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
// Update session state
$session = SimpleSAML_Session::getSessionFromRequest();
- $session->doLogin($state['saml:sp:AuthId'], SimpleSAML_Auth_Default::extractPersistentAuthState($state));
+ $authId = $state['saml:sp:AuthId'];
+ $state = SimpleSAML_Auth_State::extractPersistentAuthState($state);
+ $session->doLogin($authId, $state);
// resume the login process
call_user_func($state['ReturnCallback'], $state);
diff --git a/tests/lib/SimpleSAML/Auth/StateTest.php b/tests/lib/SimpleSAML/Auth/StateTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..741acdaaba5922b1cbd70ae229a9fe6b5825cc07
--- /dev/null
+++ b/tests/lib/SimpleSAML/Auth/StateTest.php
@@ -0,0 +1,81 @@
+<?php
+
+
+/**
+ * Tests for SimpleSAML_Auth_State
+ */
+class Auth_StateTest extends PHPUnit_Framework_TestCase
+{
+
+
+ /**
+ * Test the extractPersistentAuthState() function.
+ */
+ public function testExtractPersistentAuthState()
+ {
+
+ $mandatory = array(
+ 'Attributes' => array(),
+ 'Expire' => 1234,
+ 'LogoutState' => 'logoutState',
+ 'AuthInstant' => 123456,
+ 'RememberMe' => true,
+ 'saml:sp:NameID' => 'nameID',
+ );
+
+ // check just mandatory parameters
+ $state = $mandatory;
+ $expected = $mandatory;
+ $this->assertEquals(
+ $expected,
+ SimpleSAML_Auth_State::extractPersistentAuthState($state),
+ 'Mandatory state attributes did not survive as expected'.print_r($expected, true)
+ );
+
+ // check missing mandatory parameters
+ unset($state['LogoutState']);
+ unset($state['RememberMe']);
+ $expected = $state;
+ $this->assertEquals(
+ $expected,
+ SimpleSAML_Auth_State::extractPersistentAuthState($state),
+ 'Some error occurred with missing mandatory parameters'
+ );
+
+ // check additional non-persistent parameters
+ $additional = array(
+ 'additional1' => 1,
+ 'additional2' => 2,
+ );
+ $state = array_merge($mandatory, $additional);
+ $expected = $mandatory;
+ $this->assertEquals(
+ $expected,
+ SimpleSAML_Auth_State::extractPersistentAuthState($state),
+ 'Additional parameters survived'
+ );
+
+ // check additional persistent parameters
+ $additional['PersistentAuthData'] = array('additional1');
+ $state = array_merge($mandatory, $additional);
+ $expected = $state;
+ unset($expected['additional2']);
+ unset($expected['PersistentAuthData']);
+ $this->assertEquals(
+ $expected,
+ SimpleSAML_Auth_State::extractPersistentAuthState($state),
+ 'Some error occurred with additional, persistent parameters'
+ );
+
+ // check only additional persistent parameters
+ $state = $additional;
+ $expected = $state;
+ unset($expected['additional2']);
+ unset($expected['PersistentAuthData']);
+ $this->assertEquals(
+ $expected,
+ SimpleSAML_Auth_State::extractPersistentAuthState($state),
+ 'Some error occurred with additional, persistent parameters, and no mandatory ones'
+ );
+ }
+}