From 9c749df8b89742934a4d14f590fa3be471afc105 Mon Sep 17 00:00:00 2001
From: Olimpia Magliulo <olimpiam@intern-ikts-MacBook-Air.local>
Date: Tue, 7 Nov 2017 11:09:39 +0100
Subject: [PATCH] Add login.php and related twig template
Based on authenticate.php, login.php adds lines 6-26.
The script returns the possible authentication methods for the user, excluded admin.
When only one method is available the user is redirected to the one authentication-method login page.
Calls to right templates are updated at lines 17 and 54.
When no method is found, the user needs to login with admin credentials and check configuration.
The text shown in template is not translated.
---
modules/core/templates/login.twig | 20 ++++++++++
modules/core/www/login.php | 63 +++++++++++++++++++++++++++++++
2 files changed, 83 insertions(+)
create mode 100644 modules/core/templates/login.twig
create mode 100644 modules/core/www/login.php
diff --git a/modules/core/templates/login.twig b/modules/core/templates/login.twig
new file mode 100644
index 000000000..c86235b4c
--- /dev/null
+++ b/modules/core/templates/login.twig
@@ -0,0 +1,20 @@
+{% set pagetitle = 'Authenticate'|trans %}
+{% extends "@core/base.twig" %}
+
+{% block content %}
+<h1>{{ pagetitle }}</h1>
+ <p>Please choose one of the following authentication methods: </p>
+
+{%- if sources is empty %}
+ <p>Please check your SimpleSAML configuration.<br>
+ Follow the link and log in with administrator credentials. <a href="{{ loginurl }}">Admin login.</a></p>
+
+{%- else %}
+ <ul>
+ {% for id, config in sources -%}
+ <li><a href="?as={{ id|url_encode }}">{{ config.name|translateFromArray|default(id) }}</a></li>
+
+ {% endfor -%}
+ </ul>
+{% endif %}
+{% endblock %}
\ No newline at end of file
diff --git a/modules/core/www/login.php b/modules/core/www/login.php
new file mode 100644
index 000000000..283950d6c
--- /dev/null
+++ b/modules/core/www/login.php
@@ -0,0 +1,63 @@
+<?php
+
+$config = SimpleSAML_Configuration::getInstance();
+$sources = SimpleSAML_Configuration::getOptionalConfig('authsources.php')->toArray();
+
+//delete admin
+if (isset($sources['admin'])) {
+ unset($sources['admin']);
+}
+
+//if only 1 auth
+if (count($sources)==1) {
+ $_REQUEST['as'] = key(end($sources));
+}
+
+if (!array_key_exists('as', $_REQUEST)) {
+ $t = new SimpleSAML_XHTML_Template($config, 'core:login.twig');
+
+ $t->data['loginurl'] = SimpleSAML\Utils\Auth::getAdminLoginURL();
+ $t->data['sources'] = $sources;
+ $t->show();
+ exit();
+}
+
+$asId = (string) $_REQUEST['as'];
+$as = new \SimpleSAML\Auth\Simple($asId);
+
+if (array_key_exists('logout', $_REQUEST)) {
+ $as->logout($config->getBasePath().'logout.php');
+}
+
+if (array_key_exists(SimpleSAML_Auth_State::EXCEPTION_PARAM, $_REQUEST)) {
+ // This is just a simple example of an error
+
+ $state = SimpleSAML_Auth_State::loadExceptionState();
+ assert('array_key_exists(SimpleSAML_Auth_State::EXCEPTION_DATA, $state)');
+ $e = $state[SimpleSAML_Auth_State::EXCEPTION_DATA];
+
+ throw $e;
+}
+
+if (!$as->isAuthenticated()) {
+ $url = SimpleSAML\Module::getModuleURL('core/login.php', array('as' => $asId));
+ $params = array(
+ 'ErrorURL' => $url,
+ 'ReturnTo' => $url,
+ );
+ $as->login($params);
+}
+
+$attributes = $as->getAttributes();
+$session = SimpleSAML_Session::getSessionFromRequest();
+
+$t = new SimpleSAML_XHTML_Template($config, 'auth_status.twig', 'attributes');
+
+
+$t->data['header'] = '{status:header_saml20_sp}';
+$t->data['attributes'] = $attributes;
+$t->data['nameid'] = !is_null($as->getAuthData('saml:sp:NameID')) ? $as->getAuthData('saml:sp:NameID') : false;
+$t->data['logouturl'] = \SimpleSAML\Utils\HTTP::getSelfURLNoQuery().'?as='.urlencode($asId).'&logout';
+$t->data['remaining'] = $session->getAuthData($asId, 'Expire')-time();
+
+$t->show();
--
GitLab