Auth/Simple: Add helper functions for logging an user in or out.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1549 44740490-163a-0410-bde0-09ae8108e29a

Auth/Simple: Add helper functions for logging an user in or out.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1549 44740490-163a-0410-bde0-09ae8108e29a
bac970ac · Olav Morken · 439a2124 · bac970ac · bac970ac
Commit bac970ac authored 15 years ago by Olav Morken
--- a/lib/SimpleSAML/Auth/Simple.php
+++ b/lib/SimpleSAML/Auth/Simple.php
+<?php
+
+/**
+ * Helper class for simple authentication applications.
+ *
+ * This class will use the authentication source specified in the
+ * 'default-authsource' option in 'config.php'.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class SimpleSAML_Auth_Simple {
+
+	/**
+	 * Check if the user is authenticated.
+	 *
+	 * This function checks if the user is authenticated with the default
+	 * authentication source selected by the 'default-authsource' option in
+	 * 'config.php'.
+	 *
+	 * @return bool  TRUE if the user is authenticated, FALSE if not.
+	 */
+	public static function isAuthenticated() {
+		$config = SimpleSAML_Configuration::getInstance();
+		$session = SimpleSAML_Session::getInstance();
+
+		$as = $config->getString('default-authsource');
+
+		return $session->isValid($as);
+	}
+
+
+	/**
+	 * Require the user to be authenticated.
+	 *
+	 * If the user is authenticated, this function returns immediately.
+	 *
+	 * If the user isn't authenticated, this function will authenticate the
+	 * user with the authentication source, and then return the user to the
+	 * current page.
+	 *
+	 * If $allowPost is set to TRUE, any POST data to the current page is
+	 * preserved. If $allowPost is FALSE, the user will be returned to the
+	 * current page with a GET request.
+	 *
+	 * @param bool $allowPost  Whether POST requests will be preserved. The default is to preserve POST requests.
+	 */
+	public static function requireAuth($allowPost = TRUE) {
+		assert('is_bool($allowPost)');
+
+		$config = SimpleSAML_Configuration::getInstance();
+		$session = SimpleSAML_Session::getInstance();
+
+		$as = $config->getString('default-authsource');
+
+		if ($session->isValid($as)) {
+			/* Already authenticated. */
+			return;
+		}
+
+		$url = SimpleSAML_Utilities::selfURL();
+		if ($allowPost && $_SERVER['REQUEST_METHOD'] === 'POST') {
+			$url = SimpleSAML_Utilities::createPostRedirectLink($url, $_POST);
+		}
+
+		SimpleSAML_Auth_Default::initLogin($as, $url);
+	}
+
+
+	/**
+	 * Log the user out.
+	 *
+	 * This function logs the user out. It will never return. By default,
+	 * it will cause a redirect to the current page after logging the user
+	 * out, but a different URL can be given with the $url parameter.
+	 *
+	 * @param string|NULL $url  The url the user should be redirected to after logging out.
+	 *                          Defaults to the current page.
+	 */
+	public static function logout($url = NULL) {
+		assert('is_string($url) || is_null($url)');
+
+		if ($url === NULL) {
+			$url = SimpleSAML_Utilities::selfURL();
+		}
+
+		SimpleSAML_Auth_Default::initLogout($url);
+	}
+
+
+	/**
+	 * Retrieve attributes of the current user.
+	 *
+	 * This function will retrieve the attributes of the current user if
+	 * the user is authenticated. If the user isn't authenticated, it will
+	 * return an empty array.
+	 *
+	 * @return array  The users attributes.
+	 */
+	public static function getAttributes() {
+
+		if (!self::isAuthenticated()) {
+			/* Not authenticated. */
+			return array();
+		}
+
+		/* Authenticated. */
+		$session = SimpleSAML_Session::getInstance();
+		return $session->getAttributes();
+	}
+
+}
+
+?>
\ No newline at end of file
--- a/www/example-simple/verysimple.php
+++ b/www/example-simple/verysimple.php
+<?php
+
+/*
+ * This script is meant as an example of how simpleSAMLphp can be
+ * accessed from an existing application.
+ *
+ * As such, it does not use any of the simpleSAMLphp templates.
+ */
+
+
+/*
+ * We need access to the various simpleSAMLphp classes. These are loaded
+ * by the simpleSAMLphp autoloader.
+ */
+require_once('../../lib/_autoload.php');
+
+/* We need to tell simpleSAMLphp where the configuration is located. */
+SimpleSAML_Configuration::setConfigDir('../../config');
+
+
+
+/* This handles logout requests. */
+if (array_key_exists('logout', $_REQUEST)) {
+	/*
+	 * We redirect to the current URL _without_ the query parameter. This
+	 * avoids a redirect loop, since otherwise it will access the logout
+	 * endpoint again.
+	 */
+	SimpleSAML_Auth_Simple::logout(SimpleSAML_Utilities::selfURLNoQuery());
+	/* The previous function will never return. */
+}
+
+if (array_key_exists('login', $_REQUEST)) {
+	/*
+	 * If the login parameter is requested, it means that we should log
+	 * the user in. We do that by requiring the user to be authenticated.
+	 *
+	 * Note that the requireAuth-function will preserve all GET-parameters
+	 * and POST-parameters by default.
+	 */
+	SimpleSAML_Auth_Simple::requireAuth();
+	/* The previous function will only return if the user is authenticated. */
+}
+
+if (array_key_exists('message', $_POST)) {
+	/*
+	 * We require authentication while posting a message. If the user is
+	 * authenticated, the message will be shown.
+	 *
+	 * Since POST parameters are preserved during requireAuth-processing,
+	 * the message will be presented to the user after the authentication.
+	 */
+	SimpleSAML_Auth_Simple::requireAuth();
+	$message = $_POST['message'];
+} else {
+	$message = NULL;
+}
+
+/*
+ * We set a variable depending on whether the user is authenticated or not.
+ * This allows us to show the user a login link or a logout link depending
+ * on the authentication state.
+ */
+$isAuth = SimpleSAML_Auth_Simple::isAuthenticated();
+
+
+/*
+ * Retrieve the users attributes. We will list them if the user
+ * is authenticated.
+ */
+$attributes = SimpleSAML_Auth_Simple::getAttributes();
+
+?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+	<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+	<title>Simple test</title>
+</head>
+<body>
+
+<h1>Simple auth test</h1>
+
+<?php
+/* Show a logout message if authenticated or a login message if not. */
+if ($isAuth) {
+	echo '<p>You are currently authenticated. <a href="?logout">Log out</a>.</p>';
+} else {
+	echo '<p>You are not authenticated. <a href="?login">Log in</a>.</p>';
+}
+?>
+
+<p>The following form makes it possible to test requiering authentication
+in a POST handler. Try to submit the message while unauthenticated.</p>
+<form method="post" action="#">
+<input type="text" name="message" id="msg" />
+<input type="submit" value="Post message" />
+</form>
+
+<?php
+
+/* Print out the message if it is present. */
+if ($message !== NULL) {
+	echo '<h2>Message</h2>';
+	echo '<p>' . htmlspecialchars($message) . '</p>';
+}
+
+/* Print out the attributes if the user is authenticated. */
+if ($isAuth) {
+	echo '<h2>Attributes</h2>';
+	echo '<dl>';
+
+	foreach ($attributes as $name => $values) {
+		echo '<dt>' . htmlspecialchars($name) . '</dt>';
+		echo '<dd><ul>';
+		foreach ($values as $value) {
+			echo '<li>' . htmlspecialchars($value) . '</li>';
+		}
+		echo '</ul></dd>';
+	}
+
+	echo '</dl>';
+}
+
+?>
+
+</body>
+</html>
\ No newline at end of file