consent: Allow disabling of consent for all SPs on a given IdP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3043 44740490-163a-0410-bde0-09ae8108e29a

consent: Allow disabling of consent for all SPs on a given IdP.
a1b78cf8 · Olav Morken · 4b184650 · a1b78cf8 · a1b78cf8
Commit a1b78cf8 authored 13 years ago by Olav Morken
--- a/modules/consent/docs/consent.txt
+++ b/modules/consent/docs/consent.txt
@@ -188,7 +188,7 @@ Disabling consent
 -----------------

 It is possible to disable consent for a given service. You can add an option
-in the matadata on the IdP, that will disable consent for det given service.
+in the metadata on the IdP, that will disable consent for the given service.
 Add 'consent.disable' array option and enter the entityids of the services,
 that you do not want consent for.

@@ -200,6 +200,12 @@ Example:
        ...
    ),

+It is also possible to disable consent for all SPs for a given IdP by setting
+the 'consent.disable' option to TRUE:
+
+    'consent.disable' => TRUE,
+
+
   
 Attribute presentation
 ----------------------

--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -127,6 +127,21 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
        } 
    }

+    /**
+     * Helper function to check whether consent is disabled.
+     *
+     * @param mixed $option  The consent.disable option. Either an array or a boolean.
+     * @param string $entityIdD  The entityID of the SP/IdP.
+     * @return boolean  TRUE if disabled, FALSE if not.
+     */
+    private static function checkDisable($option, $entityId) {
+        if (is_array($option)) {
+            return in_array($entityId, $option, TRUE);
+        } else {
+            return (boolean)$option;
+        }
+    }
+
    /**
     * Process a authentication response
     *
@@ -167,7 +182,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
        }

        // Do not use consent if disabled on source entity
-        if ( isset($state['Source']['consent.disable']) && in_array($spEntityId, $state['Source']['consent.disable'])) {
+        if (isset($state['Source']['consent.disable']) && self::checkDisable($state['Source']['consent.disable'], $spEntityId)) {
            SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId);
            return;
        }