From c7cfdabf77edfb2e8fc2db7e213aa166073107de Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Thu, 15 Jan 2015 19:31:48 +0100
Subject: [PATCH] Remove www/auth/*. Closes #13.
---
www/auth/login-admin.php | 93 --------------------
www/auth/login-cas-ldap.php | 140 ------------------------------
www/auth/login-ldapmulti.php | 104 ----------------------
www/auth/login-radius.php | 153 ---------------------------------
www/auth/login-tlsclient.php | 88 -------------------
www/auth/login-wayf-ldap.php | 89 -------------------
www/auth/login.php | 162 -----------------------------------
7 files changed, 829 deletions(-)
delete mode 100644 www/auth/login-admin.php
delete mode 100644 www/auth/login-cas-ldap.php
delete mode 100644 www/auth/login-ldapmulti.php
delete mode 100644 www/auth/login-radius.php
delete mode 100644 www/auth/login-tlsclient.php
delete mode 100644 www/auth/login-wayf-ldap.php
delete mode 100644 www/auth/login.php
diff --git a/www/auth/login-admin.php b/www/auth/login-admin.php
deleted file mode 100644
index 5a53b8373..000000000
--- a/www/auth/login-admin.php
+++ /dev/null
@@ -1,93 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file auth/login-admin.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('AUTH -admin: Accessing auth endpoint login-admin');
-
-$error = null;
-$attributes = array();
-$username = null;
-
-/* Load the RelayState argument. The RelayState argument contains the address
- * we should redirect the user to after a successful authentication.
- */
-if (!array_key_exists('RelayState', $_REQUEST)) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
-
-$correctpassword = $config->getString('auth.adminpassword', '123');
-
-if (empty($correctpassword) or $correctpassword === '123') {
- throw new SimpleSAML_Error_Error('NOTSET');
-}
-
-
-if (isset($_POST['password'])) {
-
- /* Validate and sanitize form data. */
-
- if (SimpleSAML_Utils_Crypto::pwValid($correctpassword, $_POST['password'])) {
- $username = 'admin';
- $password = $_POST['password'];
-
-
- $attributes = array('user' => array('admin'));
-
- $session->doLogin('login-admin');
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- SimpleSAML_Logger::info('AUTH - admin: '. $username . ' successfully authenticated');
-
- /**
- * Create a statistics log entry for every successfull login attempt.
- * Also log a specific attribute as set in the config: statistics.authlogattr
- */
- $authlogattr = $config->getValue('statistics.authlogattr', null);
- if ($authlogattr && array_key_exists($authlogattr, $attributes))
- SimpleSAML_Logger::stats('AUTH-login-admin OK ' . $attributes[$authlogattr][0]);
- else
- SimpleSAML_Logger::stats('AUTH-login-admin OK');
-
- SimpleSAML_Utilities::redirectTrustedURL($relaystate);
- exit(0);
- } else {
- SimpleSAML_Logger::stats('AUTH-login-admin Failed');
- $error = 'error_wrongpassword';
- SimpleSAML_Logger::info($error);
- }
-
-}
-
-
-$t = new SimpleSAML_XHTML_Template($config, 'login.php', 'login');
-
-$t->data['header'] = 'simpleSAMLphp: Enter username and password';
-$t->data['relaystate'] = $relaystate;
-$t->data['admin'] = TRUE;
-$t->data['autofocus'] = 'password';
-$t->data['error'] = $error;
-if (isset($error)) {
- $t->data['username'] = $username;
-}
-
-$t->show();
diff --git a/www/auth/login-cas-ldap.php b/www/auth/login-cas-ldap.php
deleted file mode 100644
index b4043b224..000000000
--- a/www/auth/login-cas-ldap.php
+++ /dev/null
@@ -1,140 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-/**
- * This file is part of SimpleSAMLphp. See the file COPYING in the
- * root of the distribution for licence information.
- *
- * This file implements authentication of users using CAS.
- *
- * @author Mads Freek, RUC.
- * @package simpleSAMLphp
- */
-
-require_once('../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file auth/login-cas-ldap.php is deprecated and will be removed in future versions.');
-
-try {
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- // TODO: Make this authentication module independent from SAML 2.0
- $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-
- $ldapconfigfile = $config->getBaseDir() . 'config/cas-ldap.php';
- require_once($ldapconfigfile);
-
- if (!array_key_exists($idpentityid, $casldapconfig)) {
- throw new Exception('No CAS authentication configuration for this SAML 2.0 entity ID [' . $idpentityid . ']');
- }
-
- $casconfig = $casldapconfig[$idpentityid]['cas'];
- $ldapconfig = $casldapconfig[$idpentityid]['ldap'];
-} catch (Exception $exception) {
- throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-/*
- * Load the RelayState argument. The RelayState argument contains the address
- * we should redirect the user to after a successful authentication.
- */
-if (!array_key_exists('RelayState', $_REQUEST)) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-function casValidate($cas) {
-
- $service = SimpleSAML_Utilities::selfURL();
- $service = preg_replace("/(\?|&)?ticket=.*/", "", $service); # always tagged on by cas
-
- /**
- * Got response from CAS server.
- */
- if (isset($_GET['ticket'])) {
-
- $ticket = urlencode($_GET['ticket']);
-
- #ini_set('default_socket_timeout', 15);
-
- if (isset($cas['validate'])) { # cas v1 yes|no\r<username> style
- $paramPrefix = strpos($cas['validate'], '?') ? '&' : '?';
- $result = SimpleSAML_Utilities::fetch($cas['validate'] . $paramPrefix . 'ticket=' . $ticket . '&service=' . urlencode($service) );
- $res = preg_split("/\r?\n/",$result);
-
- if (strcmp($res[0], "yes") == 0) {
- return array($res[1], array());
- } else {
- throw new Exception("Failed to validate CAS service ticket: $ticket");
- }
- } elseif (isset($cas['serviceValidate'])) { # cas v2 xml style
- $paramPrefix = strpos($cas['serviceValidate'], '?') ? '&' : '?';
-
- $result = SimpleSAML_Utilities::fetch($cas['serviceValidate'] . $paramPrefix . 'ticket=' . $ticket . '&service=' . urlencode($service) );
-
- $dom = DOMDocument::loadXML($result);
- $xPath = new DOMXpath($dom);
- $xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
- $success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
- if ($success->length == 0) {
- $failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure");
- throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent);
- } else {
-
- $attributes = array();
- if ($casattributes = $cas['attributes']) { # some has attributes in the xml - attributes is a list of XPath expressions to get them
- foreach ($casattributes as $name => $query) {
- $attrs = $xPath->query($query);
- foreach ($attrs as $attrvalue) $attributes[$name][] = $attrvalue->textContent;
- }
- }
- $casusername = $success->item(0)->textContent;
-
- return array($casusername, $attributes);
- }
- } else {
- throw new Exception("validate or serviceValidate not specified");
- }
-
- /**
- * First request, will redirect the user to the CAS server for authentication.
- */
- } else {
- SimpleSAML_Logger::info("AUTH - cas-ldap: redirecting to {$cas['login']}");
- SimpleSAML_Utilities::redirectTrustedURL($cas['login'], array(
- 'service' => $service
- ));
- }
-}
-
-try {
- list($username, $casattributes) = casValidate($casconfig);
-
- SimpleSAML_Logger::info('AUTH - cas-ldap: '. $username . ' authenticated by ' . $casconfig['validate']);
-
- $ldapattributes = array();
- if ($ldapconfig['servers']) {
- $ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']);
- $ldapattributes = $ldap->validate($ldapconfig, $username);
- }
- $attributes = array_merge_recursive($casattributes, $ldapattributes);
- $session->doLogin('login-cas-ldap');
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['RelayState']);
-
-} catch(Exception $exception) {
- throw new SimpleSAML_Error_Error('CASERROR', $exception);
-}
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
deleted file mode 100644
index 9364aef42..000000000
--- a/www/auth/login-ldapmulti.php
+++ /dev/null
@@ -1,104 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file auth/login-ldapmulti.php is deprecated and will be removed in future versions.');
-
-$ldapconfigfile = $config->getBaseDir() . 'config/ldapmulti.php';
-require_once($ldapconfigfile);
-
-SimpleSAML_Logger::info('AUTH - ldap-multi: Accessing auth endpoint login-ldapmulti');
-
-$error = null;
-$attributes = array();
-
-/* Load the RelayState argument. The RelayState argument contains the address
- * we should redirect the user to after a successful authentication.
- */
-if (!array_key_exists('RelayState', $_REQUEST)) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
-
-if (isset($_POST['username'])) {
-
- try {
-
- $ldapconfig = $ldapmulti[$_POST['org']];
-
- if ($ldapconfig['search.enable'] === TRUE) {
- if(!$ldap->bind($ldapconfig['search.username'], $ldapconfig['search.password'])) {
- throw new Exception('Error authenticating using search username & password.');
- }
- $dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']);
- } else {
- $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
- }
-
- $pwd = $_POST['password'];
-
- $ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']);
-
- if (($pwd == "") or (!$ldap->bind($dn, $pwd))) {
- SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate. DN=' . $dn);
- throw new Exception('Wrong username or password');
- }
-
- $attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']);
-
- SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated');
-
- $session->doLogin('login-ldapmulti');
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- /**
- * Create a statistics log entry for every successfull login attempt.
- * Also log a specific attribute as set in the config: statistics.authlogattr
- */
- $authlogattr = $config->getValue('statistics.authlogattr', null);
- if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
- SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
- } else {
- SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
- }
-
- SimpleSAML_Utilities::redirectTrustedURL($relaystate);
-
- } catch (Exception $e) {
- $error = $e->getMessage();
- }
-}
-
-
-$t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php', 'login');
-
-$t->data['header'] = 'simpleSAMLphp: Enter username and password';
-$t->data['relaystate'] = $relaystate;
-$t->data['ldapconfig'] = $ldapmulti;
-$t->data['org'] = $_REQUEST['org'];
-$t->data['error'] = $error;
-if (isset($error)) {
- $t->data['username'] = $_POST['username'];
-}
-
-$t->show();
-
-
-?>
diff --git a/www/auth/login-radius.php b/www/auth/login-radius.php
deleted file mode 100644
index cec122aaf..000000000
--- a/www/auth/login-radius.php
+++ /dev/null
@@ -1,153 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file auth/login-radius.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('AUTH - radius: Accessing auth endpoint login');
-
-$error = null;
-$attributes = array();
-
-/* Load the RelayState argument. The RelayState argument contains the address
- * we should redirect the user to after a successful authentication.
- */
-if (!array_key_exists('RelayState', $_REQUEST)) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
-
-if (isset($_POST['username'])) {
-
-
- try {
-
- $radius = radius_auth_open();
- // ( resource $radius_handle, string $hostname, int $port, string $secret, int $timeout, int $max_tries )
- if (! radius_add_server($radius, $config->getValue('auth.radius.hostname'), $config->getValue('auth.radius.port'),
- $config->getValue('auth.radius.secret'), 5, 3)) {
-
- SimpleSAML_Logger::critical('AUTH - radius: Problem occurred when connecting to Radius server: '.radius_strerror($radius));
- throw new Exception('Problem occurred when connecting to Radius server: ' . radius_strerror($radius));
- }
-
- if (! radius_create_request($radius,RADIUS_ACCESS_REQUEST)) {
- SimpleSAML_Logger::critical('AUTH - radius: Problem occurred when creating the Radius request: '.radius_strerror($radius));
- throw new Exception('Problem occurred when creating the Radius request: ' . radius_strerror($radius));
- }
-
- radius_put_attr($radius,RADIUS_USER_NAME,$_POST['username']);
- radius_put_attr($radius,RADIUS_USER_PASSWORD, $_POST['password']);
-
- switch (radius_send_request($radius))
- {
- case RADIUS_ACCESS_ACCEPT:
-
- // GOOD Login :)
-
- $attributes = array( $config->getValue('auth.radius.URNForUsername') => array($_POST['username']));
-
- // get AAI attribute sets. Contributed by Stefan Winter, (c) RESTENA
- while ($resa = radius_get_attr($radius)) {
-
- if (! is_array($resa)) {
- printf ("Error getting attribute: %s\n", radius_strerror($res));
- exit;
- }
-
- if ($resa['attr'] == RADIUS_VENDOR_SPECIFIC) {
- $resv = radius_get_vendor_attr($resa['data']);
- if (is_array($resv)) {
- $vendor = $resv['vendor'];
- $attrv = $resv['attr'];
- $datav = $resv['data'];
-
- /**
- * Uncomment this to debug vendor attributes.
- */
- // printf("Got Vendor Attr:%d %d Bytes %s<br/>", $attrv, strlen($datav), bin2hex($datav));
-
- if ($vendor == $config->getValue('auth.radius.vendor') && $attrv == $config->getValue('auth.radius.vendor-attr')) {
-
- $attrib_name = strtok ($datav,'=');
- $attrib_value = strtok ('=');
-
- // if the attribute name is already in result set, add another value
- if (array_key_exists($attrib_name, $attributes)) {
- $attributes[$attrib_name][] = $attrib_value;
- } else {
- $attributes[$attrib_name] = array($attrib_value);
- }
- }
- }
- }
- }
- // end of contribution
-
- //$attributes = array('urn:mace:eduroam.no:username' => array($_POST['username']));
-
- SimpleSAML_Logger::info('AUTH - radius: '. $_POST['username'] . ' successfully authenticated');
-
- $session->doLogin('login-radius');
-
- $session->setAttributes($attributes);
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- /**
- * Create a statistics log entry for every successfull login attempt.
- * Also log a specific attribute as set in the config: statistics.authlogattr
- */
- $authlogattr = $config->getValue('statistics.authlogattr', null);
- if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
- SimpleSAML_Logger::stats('AUTH-login-radius OK ' . $attributes[$authlogattr][0]);
- } else {
- SimpleSAML_Logger::stats('AUTH-login-radius OK');
- }
-
- SimpleSAML_Utilities::redirectTrustedURL($relaystate);
-
- case RADIUS_ACCESS_REJECT:
-
- SimpleSAML_Logger::info('AUTH - radius: '. $_POST['username'] . ' failed to authenticate');
- throw new Exception('Radius authentication error: Bad credentials ');
- break;
- case RADIUS_ACCESS_CHALLENGE:
- SimpleSAML_Logger::critical('AUTH - radius: Challenge requested: ' . radius_strerror($radius));
- throw new Exception('Radius authentication error: Challenge requested');
- break;
- default:
- SimpleSAML_Logger::critical('AUTH -radius: General radius error: ' . radius_strerror($radius));
- throw new Exception('Error during radius authentication: ' . radius_strerror($radius));
- }
-
- } catch (Exception $e) {
- $error = $e->getMessage();
- }
-}
-
-
-$t = new SimpleSAML_XHTML_Template($config, 'login.php', 'login');
-
-$t->data['header'] = 'simpleSAMLphp: Enter username and password';
-$t->data['relaystate'] = $relaystate;
-$t->data['error'] = $error;
-if (isset($error)) {
- $t->data['username'] = $_POST['username'];
-}
-
-$t->show();
diff --git a/www/auth/login-tlsclient.php b/www/auth/login-tlsclient.php
deleted file mode 100644
index 414f4d52f..000000000
--- a/www/auth/login-tlsclient.php
+++ /dev/null
@@ -1,88 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file auth/login-tlsclient.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('AUTH - ldap: Accessing auth endpoint login');
-
-$ldapconfig = SimpleSAML_Configuration::getConfig('ldap.php');
-
-
-$error = null;
-$attributes = array();
-$username = null;
-
-/* Load the RelayState argument. The RelayState argument contains the address
- * we should redirect the user to after a successful authentication.
- */
-if (!array_key_exists('RelayState', $_REQUEST)) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-try {
-
- $attributes = array();
- $userid = null;
-
- if (!array_key_exists('SSL_CLIENT_VERIFY', $_SERVER))
- throw new Exception('Apache header variable SSL_CLIENT_VERIFY was not available. Recheck your apache configuration.');
-
- if (strcmp($_SERVER['SSL_CLIENT_VERIFY'], "SUCCESS") != 0) {
- throw new SimpleSAML_Error_Error('NOTVALIDCERT', $e);
- }
-
- $userid = $_SERVER['SSL_CLIENT_S_DN'];
-
- $attributes['CertificateDN'] = array($userid);
- $attributes['CertificateDNCN'] = array($_SERVER['SSL_CLIENT_S_DN_CN']);
-
- $session->doLogin('tlsclient');
- $session->setAttributes($attributes);
-
- #echo '<pre>';
- #print_r($_SERVER);
- #echo '</pre>'; exit;
-
- SimpleSAML_Logger::info('AUTH - tlsclient: '. $userid . ' successfully authenticated');
-
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')
- );
-
- /**
- * Create a statistics log entry for every successfull login attempt.
- * Also log a specific attribute as set in the config: statistics.authlogattr
- */
- $authlogattr = $config->getValue('statistics.authlogattr', null);
- if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
- SimpleSAML_Logger::stats('AUTH-tlsclient OK ' . $attributes[$authlogattr][0]);
- } else {
- SimpleSAML_Logger::stats('AUTH-tlsclient OK');
- }
-
- SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['RelayState']);
-
-
-} catch (Exception $e) {
- throw new SimpleSAML_Error_Error('CONFIG', $e);
-
-}
-
-
-
-?>
\ No newline at end of file
diff --git a/www/auth/login-wayf-ldap.php b/www/auth/login-wayf-ldap.php
deleted file mode 100644
index 7875d37c2..000000000
--- a/www/auth/login-wayf-ldap.php
+++ /dev/null
@@ -1,89 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-/**
- * This file is part of SimpleSAMLphp. See the file COPYING in the
- * root of the distribution for licence information.
- *
- * This file implements authentication of users using CAS.
- *
- * @author Mads Freek, RUC.
- * @package simpleSAMLphp
- */
-
-require_once('../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file auth/login-wayf-ldap.php is deprecated and will be removed in future versions.');
-
-try {
- $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
- // TODO: Make this authentication module independent from SAML 2.0
- $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
-
- $ldapconfigfile = $config->getBaseDir() . 'config/cas-ldap.php';
- require_once($ldapconfigfile);
-
- if (!array_key_exists($idpentityid, $casldapconfig)) {
- throw new Exception('No LDAP authentication configuration for this SAML 2.0 entity ID [' . $idpentityid . ']');
- }
-
- $ldapconfig = $casldapconfig[$idpentityid]['ldap'];
-
-} catch (Exception $exception) {
- throw new SimpleSAML_Error_Error('METADATA', $exception);
-}
-
-/*
- * Load the RelayState argument. The RelayState argument contains the address
- * we should redirect the user to after a successful authentication.
- */
-if (!array_key_exists('RelayState', $_REQUEST)) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
-
-if ($username = $_POST['username']) {
- try {
- $ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']);
-
- $attributes = $ldap->validate($ldapconfig, $username, $_POST['password']);
-
- if ($attributes === FALSE) {
- $error = "LDAP_INVALID_CREDENTIALS";
- } else {
- $session->doLogin('login-wayf-ldap');
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
- SimpleSAML_Utilities::redirectTrustedURL($relaystate);
- }
- } catch(Exception $e) {
- throw new SimpleSAML_Error_Error('LDAPERROR', $e);
- }
-}
-
-$t = new SimpleSAML_XHTML_Template($config, $ldapconfig['template']);
-
-$t->data['header'] = 'simpleSAMLphp: Enter username and password';
-$t->data['relaystate'] = htmlspecialchars($relaystate);
-$t->data['error'] = $error;
-if (isset($error)) {
- $t->data['username'] = htmlspecialchars($username);
-}
-
-$t->show();
-
-?>
\ No newline at end of file
diff --git a/www/auth/login.php b/www/auth/login.php
deleted file mode 100644
index d0b0fdda3..000000000
--- a/www/auth/login.php
+++ /dev/null
@@ -1,162 +0,0 @@
-<?php
-
-/**
- * WARNING:
- *
- * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
- *
- * @deprecated
- */
-
-require_once('../_include.php');
-
-$config = SimpleSAML_Configuration::getInstance();
-$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-$session = SimpleSAML_Session::getSessionFromRequest();
-
-SimpleSAML_Logger::warning('The file auth/login.php is deprecated and will be removed in future versions.');
-
-SimpleSAML_Logger::info('AUTH - ldap: Accessing auth endpoint login');
-
-$ldapconfig = SimpleSAML_Configuration::getConfig('ldap.php');
-
-
-$error = null;
-$attributes = array();
-$username = null;
-
-
-/* Load the RelayState argument. The RelayState argument contains the address
- * we should redirect the user to after a successful authentication.
- */
-if (!array_key_exists('RelayState', $_REQUEST)) {
- throw new SimpleSAML_Error_Error('NORELAYSTATE');
-}
-
-$relaystate = $_REQUEST['RelayState'];
-
-
-if (isset($_POST['username'])) {
-
-
- try {
-
- /* Validate and sanitize form data. */
-
- /* First, make sure that the password field is included. */
- if (!array_key_exists('password', $_POST)) {
- $error = 'error_nopassword';
- continue;
- }
-
- $username = $_POST['username'];
- $password = $_POST['password'];
-
- /* Escape any characters with a special meaning in LDAP. The following
- * characters have a special meaning (according to RFC 2253):
- * ',', '+', '"', '\', '<', '>', ';', '*'
- * These characters are escaped by prefixing them with '\'.
- */
- $ldapusername = addcslashes($username, ',+"\\<>;*');
-
-
- /*
- * Connecting to LDAP.
- */
- $ldap = new SimpleSAML_Auth_LDAP($ldapconfig->getValue('auth.ldap.hostname'),
- $ldapconfig->getValue('auth.ldap.enable_tls'));
-
- if($ldapconfig->getValue('auth.ldap.search.enable', FALSE)) {
- /* We are configured to search for the users dn. */
-
- $searchUsername = $ldapconfig->getValue('auth.ldap.search.username', NULL);
-
- if($searchUsername !== NULL) {
- /* Log in with username & password for searching. */
-
- $searchPassword = $ldapconfig->getValue('auth.ldap.search.password', NULL);
- if($searchPassword === NULL) {
- throw new Exception('"auth.ldap.search.username" is configured, but not' .
- ' "auth.ldap.search.password".');
- }
-
- if(!$ldap->bind($searchUsername, $searchPassword)) {
- throw new Exception('Error authenticating using search username & password.');
- }
- }
-
- $searchBase = $ldapconfig->getValue('auth.ldap.search.base', NULL);
- $searchAttributes = $ldapconfig->getValue('auth.ldap.search.attributes', NULL);
- if($searchBase === NULL || $searchAttributes === NULL) {
- throw new Exception('"auth.ldap.search.base" and "auth.ldap.search.attributes"' .
- ' must be configured before LDAP search can be enabled.');
- }
-
- /* Search for the dn. */
- $dn = $ldap->searchfordn($searchBase, $searchAttributes, $username);
- } else {
- /* We aren't configured to search for the dn. Insert the LDAP username into the pattern
- * configured in the 'auth.ldap.dnpattern' option.
- */
- $dn = str_replace('%username%', $ldapusername, $ldapconfig->getValue('auth.ldap.dnpattern'));
- }
-
- /*
- * Do LDAP bind using DN.
- */
- if (($password == "") or (!$ldap->bind($dn, $password))) {
- SimpleSAML_Logger::info('AUTH - ldap: '. $username . ' failed to authenticate. DN=' . $dn);
- throw new Exception('error_wrongpassword');
- }
-
- /*
- * Retrieve attributes from LDAP
- */
- $attributes = $ldap->getAttributes($dn, $ldapconfig->getValue('auth.ldap.attributes', null));
-
- SimpleSAML_Logger::info('AUTH - ldap: '. $ldapusername . ' successfully authenticated');
-
- $session->doLogin('login');
- $session->setAttributes($attributes);
-
- $session->setNameID(array(
- 'value' => SimpleSAML_Utilities::generateID(),
- 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
-
- /**
- * Create a statistics log entry for every successfull login attempt.
- * Also log a specific attribute as set in the config: statistics.authlogattr
- */
- $authlogattr = $config->getValue('statistics.authlogattr', null);
- if ($authlogattr && array_key_exists($authlogattr, $attributes))
- SimpleSAML_Logger::stats('AUTH-login OK ' . $attributes[$authlogattr][0]);
- else
- SimpleSAML_Logger::stats('AUTH-login OK');
-
-
- $returnto = $_REQUEST['RelayState'];
- SimpleSAML_Utilities::redirectUntrustedURL($returnto);
-
-
- } catch (Exception $e) {
- SimpleSAML_Logger::error('AUTH - ldap: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
- SimpleSAML_Logger::stats('AUTH-login Failed');
- $error = $e->getMessage();
- }
-
-}
-
-
-$t = new SimpleSAML_XHTML_Template($config, 'login.php', 'login');
-
-$t->data['header'] = 'simpleSAMLphp: Enter username and password';
-$t->data['relaystate'] = $relaystate;
-$t->data['error'] = $error;
-if (isset($error)) {
- $t->data['username'] = $username;
-}
-
-$t->show();
-
-
-?>
--
GitLab