Apologize for earlier checking in untested changes to the consent module. Im...

Apologize for earlier checking in untested changes to the consent module. Im fixing it now, this was the first step... git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@956 44740490-163a-0410-bde0-09ae8108e29a

Apologize for earlier checking in untested changes to the consent module. Im...
b8595adc · Andreas Åkre Solberg · eda9c936 · b8595adc · b8595adc · b8595adc
Commit b8595adc authored 16 years ago by Andreas Åkre Solberg
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -124,28 +124,24 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
 		assert('array_key_exists("metadata-set", $state["Source"])');

 		if ($this->store !== NULL) {
-			$userId = sha1($state['UserID'] . SimpleSAML_Utilities::getSecretSalt());;
-			$destination = $state['Destination']['metadata-set'] . '|' . $state['Destination']['entityid'];
-			$source = $state['Source']['metadata-set'] . '|' . $state['Source']['entityid'];
-
-#			echo 'destination: ' . $destination . '  : source: ' . $source; exit;

-			$idpentityid = $state['Source']['metadata-set']['entityid'];
+			$source = $state['Source']['metadata-set'] . '|' . $state['Source']['entityid'];
+			$destination = $state['Destination']['metadata-set'] . '|' . $state['Destination']['entityid'];

-			$attributeSet = array_keys($state['Attributes']);
-			sort($attributeSet);
-			$attributeSet = implode(',', $attributeSet);
-			$attributeSet = sha1($attributeSet);
+			$userId = self::getHashedUserID($state['UserID'], $source);
+			$targetedId = self::getTargetedID($state['UserID'], $source, $destination);
+			$attributeSet = self::getAttributeHash($state['Attributes'], $this->includeValues);

-			if ($this->store->hasConsent($userId, $destination, $attributeSet)) {
+			SimpleSAML_Logger::debug('Consent - hasConsent() : [' . $userId . '|' . $targetedId . '|' .  $attributeSet . ']');
+			if ($this->store->hasConsent($userId, $targetedId, $attributeSet)) {
 				/* Consent already given. */
 				return;
 			}

 			$state['consent:store'] = $this->store;
-			$state['consent:store.userId'] = self::getHashedUserID($state['UserID'], $source);
-			$state['consent:store.destination'] = self::getTargetedID($state['UserID'], $source, $destination);
-			$state['consent:store.attributeSet'] = self::getAttributeHash($state['Attributes'], $this->includeValues);
+			$state['consent:store.userId'] = $userId;
+			$state['consent:store.destination'] = $targetedId;
+			$state['consent:store.attributeSet'] = $attributeSet;
 			
 		}


--- a/modules/consent/lib/Consent/Store/Cookie.php
+++ b/modules/consent/lib/Consent/Store/Cookie.php
@@ -40,6 +40,10 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store {
 		assert('is_string($attributeSet)');

 		$cookieName = self::getCookieName($userId, $destinationId);
+		
+		$data = $userId . ':' . $attributeSet . ':' . $destinationId;
+		
+		SimpleSAML_Logger::debug('Consent cookie - Get [' . $data . ']');

 		if (!array_key_exists($cookieName, $_COOKIE)) {
 			SimpleSAML_Logger::debug('Consent cookie - no cookie with name \'' . $cookieName . '\'.');
@@ -50,7 +54,8 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store {
 			return FALSE;
 		}

-		$data = $userId . ':' . $attributeSet . ':' . $destinationId;
+
+		
 		$data = self::sign($data);

 		if ($_COOKIE[$cookieName] !== $data) {
@@ -81,6 +86,9 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store {

 		$name = self::getCookieName($userId, $destinationId);
 		$value = $userId . ':' . $attributeSet . ':' . $destinationId;
+		
+		SimpleSAML_Logger::debug('Consent cookie - Set [' . $value . ']');
+		
 		$value = self::sign($value);
 		$this->setConsentCookie($name, $value);
 	}

--- a/modules/consent/www/getconsent.php
+++ b/modules/consent/www/getconsent.php
@@ -8,6 +8,8 @@
 * @version $Id$
 */

+SimpleSAML_Logger::info('Consent - getconsent: Accessing consent interface');
+
 if (!array_key_exists('StateId', $_REQUEST)) {
 	throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
 }
@@ -25,9 +27,11 @@ if (array_key_exists('yes', $_REQUEST)) {
 		/* Save consent. */
 		$store = $state['consent:store'];
 		$userId = $state['consent:store.userId'];
-		$destination = $state['consent:store.destination'];
+		$targetedId = $state['consent:store.destination'];
 		$attributeSet = $state['consent:store.attributeSet'];
-		$store->saveConsent($userId, $destination, $attributeSet);
+		
+		SimpleSAML_Logger::debug('Consent - saveConsent() : [' . $userId . '|' . $targetedId . '|' .  $attributeSet . ']');	
+		$store->saveConsent($userId, $targetedId, $attributeSet);
 	}

 	SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
@@ -60,14 +64,14 @@ if($privacypolicy !== FALSE) {
 $t->data['sppp'] = $privacypolicy;

 switch ($state['consent:focus']) {
-case NULL:
-	break;
-case 'yes':
-	$t->data['autofocus'] = 'yesbutton';
-	break;
-case 'no':
-	$t->data['autofocus'] = 'nobutton';
-	break;
+	case NULL:
+		break;
+	case 'yes':
+		$t->data['autofocus'] = 'yesbutton';
+		break;
+	case 'no':
+		$t->data['autofocus'] = 'nobutton';
+		break;
 }

 if (array_key_exists('consent:store', $state)) {