From bac970ace24274b963f25edf29b5cbafa3aa9d26 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 3 Jul 2009 13:22:07 +0000
Subject: [PATCH] Auth/Simple: Add helper functions for logging an user in or
out.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1549 44740490-163a-0410-bde0-09ae8108e29a
---
lib/SimpleSAML/Auth/Simple.php | 114 ++++++++++++++++++++++++++
www/example-simple/verysimple.php | 129 ++++++++++++++++++++++++++++++
2 files changed, 243 insertions(+)
create mode 100644 lib/SimpleSAML/Auth/Simple.php
create mode 100644 www/example-simple/verysimple.php
diff --git a/lib/SimpleSAML/Auth/Simple.php b/lib/SimpleSAML/Auth/Simple.php
new file mode 100644
index 000000000..546b2dc5e
--- /dev/null
+++ b/lib/SimpleSAML/Auth/Simple.php
@@ -0,0 +1,114 @@
+<?php
+
+/**
+ * Helper class for simple authentication applications.
+ *
+ * This class will use the authentication source specified in the
+ * 'default-authsource' option in 'config.php'.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class SimpleSAML_Auth_Simple {
+
+ /**
+ * Check if the user is authenticated.
+ *
+ * This function checks if the user is authenticated with the default
+ * authentication source selected by the 'default-authsource' option in
+ * 'config.php'.
+ *
+ * @return bool TRUE if the user is authenticated, FALSE if not.
+ */
+ public static function isAuthenticated() {
+ $config = SimpleSAML_Configuration::getInstance();
+ $session = SimpleSAML_Session::getInstance();
+
+ $as = $config->getString('default-authsource');
+
+ return $session->isValid($as);
+ }
+
+
+ /**
+ * Require the user to be authenticated.
+ *
+ * If the user is authenticated, this function returns immediately.
+ *
+ * If the user isn't authenticated, this function will authenticate the
+ * user with the authentication source, and then return the user to the
+ * current page.
+ *
+ * If $allowPost is set to TRUE, any POST data to the current page is
+ * preserved. If $allowPost is FALSE, the user will be returned to the
+ * current page with a GET request.
+ *
+ * @param bool $allowPost Whether POST requests will be preserved. The default is to preserve POST requests.
+ */
+ public static function requireAuth($allowPost = TRUE) {
+ assert('is_bool($allowPost)');
+
+ $config = SimpleSAML_Configuration::getInstance();
+ $session = SimpleSAML_Session::getInstance();
+
+ $as = $config->getString('default-authsource');
+
+ if ($session->isValid($as)) {
+ /* Already authenticated. */
+ return;
+ }
+
+ $url = SimpleSAML_Utilities::selfURL();
+ if ($allowPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
+ $url = SimpleSAML_Utilities::createPostRedirectLink($url, $_POST);
+ }
+
+ SimpleSAML_Auth_Default::initLogin($as, $url);
+ }
+
+
+ /**
+ * Log the user out.
+ *
+ * This function logs the user out. It will never return. By default,
+ * it will cause a redirect to the current page after logging the user
+ * out, but a different URL can be given with the $url parameter.
+ *
+ * @param string|NULL $url The url the user should be redirected to after logging out.
+ * Defaults to the current page.
+ */
+ public static function logout($url = NULL) {
+ assert('is_string($url) || is_null($url)');
+
+ if ($url === NULL) {
+ $url = SimpleSAML_Utilities::selfURL();
+ }
+
+ SimpleSAML_Auth_Default::initLogout($url);
+ }
+
+
+ /**
+ * Retrieve attributes of the current user.
+ *
+ * This function will retrieve the attributes of the current user if
+ * the user is authenticated. If the user isn't authenticated, it will
+ * return an empty array.
+ *
+ * @return array The users attributes.
+ */
+ public static function getAttributes() {
+
+ if (!self::isAuthenticated()) {
+ /* Not authenticated. */
+ return array();
+ }
+
+ /* Authenticated. */
+ $session = SimpleSAML_Session::getInstance();
+ return $session->getAttributes();
+ }
+
+}
+
+?>
\ No newline at end of file
diff --git a/www/example-simple/verysimple.php b/www/example-simple/verysimple.php
new file mode 100644
index 000000000..44e382edf
--- /dev/null
+++ b/www/example-simple/verysimple.php
@@ -0,0 +1,129 @@
+<?php
+
+/*
+ * This script is meant as an example of how simpleSAMLphp can be
+ * accessed from an existing application.
+ *
+ * As such, it does not use any of the simpleSAMLphp templates.
+ */
+
+
+/*
+ * We need access to the various simpleSAMLphp classes. These are loaded
+ * by the simpleSAMLphp autoloader.
+ */
+require_once('../../lib/_autoload.php');
+
+/* We need to tell simpleSAMLphp where the configuration is located. */
+SimpleSAML_Configuration::setConfigDir('../../config');
+
+
+
+/* This handles logout requests. */
+if (array_key_exists('logout', $_REQUEST)) {
+ /*
+ * We redirect to the current URL _without_ the query parameter. This
+ * avoids a redirect loop, since otherwise it will access the logout
+ * endpoint again.
+ */
+ SimpleSAML_Auth_Simple::logout(SimpleSAML_Utilities::selfURLNoQuery());
+ /* The previous function will never return. */
+}
+
+if (array_key_exists('login', $_REQUEST)) {
+ /*
+ * If the login parameter is requested, it means that we should log
+ * the user in. We do that by requiring the user to be authenticated.
+ *
+ * Note that the requireAuth-function will preserve all GET-parameters
+ * and POST-parameters by default.
+ */
+ SimpleSAML_Auth_Simple::requireAuth();
+ /* The previous function will only return if the user is authenticated. */
+}
+
+if (array_key_exists('message', $_POST)) {
+ /*
+ * We require authentication while posting a message. If the user is
+ * authenticated, the message will be shown.
+ *
+ * Since POST parameters are preserved during requireAuth-processing,
+ * the message will be presented to the user after the authentication.
+ */
+ SimpleSAML_Auth_Simple::requireAuth();
+ $message = $_POST['message'];
+} else {
+ $message = NULL;
+}
+
+/*
+ * We set a variable depending on whether the user is authenticated or not.
+ * This allows us to show the user a login link or a logout link depending
+ * on the authentication state.
+ */
+$isAuth = SimpleSAML_Auth_Simple::isAuthenticated();
+
+
+/*
+ * Retrieve the users attributes. We will list them if the user
+ * is authenticated.
+ */
+$attributes = SimpleSAML_Auth_Simple::getAttributes();
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <title>Simple test</title>
+</head>
+<body>
+
+<h1>Simple auth test</h1>
+
+<?php
+/* Show a logout message if authenticated or a login message if not. */
+if ($isAuth) {
+ echo '<p>You are currently authenticated. <a href="?logout">Log out</a>.</p>';
+} else {
+ echo '<p>You are not authenticated. <a href="?login">Log in</a>.</p>';
+}
+?>
+
+<p>The following form makes it possible to test requiering authentication
+in a POST handler. Try to submit the message while unauthenticated.</p>
+<form method="post" action="#">
+<input type="text" name="message" id="msg" />
+<input type="submit" value="Post message" />
+</form>
+
+<?php
+
+/* Print out the message if it is present. */
+if ($message !== NULL) {
+ echo '<h2>Message</h2>';
+ echo '<p>' . htmlspecialchars($message) . '</p>';
+}
+
+/* Print out the attributes if the user is authenticated. */
+if ($isAuth) {
+ echo '<h2>Attributes</h2>';
+ echo '<dl>';
+
+ foreach ($attributes as $name => $values) {
+ echo '<dt>' . htmlspecialchars($name) . '</dt>';
+ echo '<dd><ul>';
+ foreach ($values as $value) {
+ echo '<li>' . htmlspecialchars($value) . '</li>';
+ }
+ echo '</ul></dd>';
+ }
+
+ echo '</dl>';
+}
+
+?>
+
+</body>
+</html>
\ No newline at end of file
--
GitLab