From b1d15f3d70c431fa28c47178303bc3d30a57dc36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Fri, 8 May 2009 14:49:51 +0000
Subject: [PATCH] Added config option to enable and disable the getuserinfo
 endpoint in oauth module.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1497 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/oauth/config-template/module_oauth.php | 16 ++++++++++++++++
 modules/oauth/www/getUserInfo.php              |  6 ++++++
 2 files changed, 22 insertions(+)
 create mode 100644 modules/oauth/config-template/module_oauth.php

diff --git a/modules/oauth/config-template/module_oauth.php b/modules/oauth/config-template/module_oauth.php
new file mode 100644
index 000000000..a1a9c10b8
--- /dev/null
+++ b/modules/oauth/config-template/module_oauth.php
@@ -0,0 +1,16 @@
+<?php
+/* 
+ * Configuration for the OAuth module.
+ * 
+ * $Id$
+ */
+
+$config = array (
+
+	/* Enable the getUserInfo endpoint. Do not enable unless you know what you do.
+	 * It may give external parties access to userInfo unless properly secured.
+	 */
+	'getUserInfo.enable' => FALSE,
+
+);
+
diff --git a/modules/oauth/www/getUserInfo.php b/modules/oauth/www/getUserInfo.php
index 4045288d5..dde46e1e8 100644
--- a/modules/oauth/www/getUserInfo.php
+++ b/modules/oauth/www/getUserInfo.php
@@ -2,6 +2,12 @@
 
 require_once(dirname(dirname(__FILE__)) . '/libextinc/OAuth.php');
 
+$oauthconfig = SimpleSAML_Configuration::getConfig('module_oauth.php');
+
+if (!$oauthconfig->getBoolean('getUserInfo.enable', FALSE)) {
+	throw new Exception('Get user info endpoint is disabled. This endpoint can be enabled in the module_oauth.php configuration file.');
+}
+
 $store = new sspmod_oauth_OAuthStore();
 $server = new sspmod_oauth_OAuthServer($store);
 
-- 
GitLab