From ca7d7542158f133b7396c51803166c1f7596ed67 Mon Sep 17 00:00:00 2001
From: Mads Freek Petersen <freek@wayf.dk>
Date: Mon, 9 Mar 2009 19:09:12 +0000
Subject: [PATCH] On behaf of jach@wayf.dk.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1394 44740490-163a-0410-bde0-09ae8108e29a
---
config-templates/config.php | 14 ++-
.../core/lib/Auth/Process/AttributeAlter.php | 114 ++++++++++++++++++
2 files changed, 127 insertions(+), 1 deletion(-)
create mode 100644 modules/core/lib/Auth/Process/AttributeAlter.php
diff --git a/config-templates/config.php b/config-templates/config.php
index f2469278c..c45d31f17 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -251,7 +251,19 @@ $config = array (
* by checking the 'attributes' parameter in metadata on IdP hosted and SP remote.
*/
50 => 'core:AttributeLimit',
-
+
+ /*
+ * Search attribute "distinguishedName" for pattern and replaces if found
+
+ 60 => array(
+ 'class' => 'core:AttributeAlter',
+ 'pattern' => '/OU=studerende/',
+ 'replacement' => 'Student',
+ 'subject' => 'distinguishedName',
+ '%replace',
+ ),
+ */
+
/*
* Consent module is enabled (with no permanent storage, using cookies).
diff --git a/modules/core/lib/Auth/Process/AttributeAlter.php b/modules/core/lib/Auth/Process/AttributeAlter.php
new file mode 100644
index 000000000..601d6c58a
--- /dev/null
+++ b/modules/core/lib/Auth/Process/AttributeAlter.php
@@ -0,0 +1,114 @@
+<?php
+
+/**
+ * Filter to modify attributes.
+ *
+ * This filter can modify attributes given a regular expression.
+ *
+ * @author Jacob Christiansen, WAYF
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_core_Auth_Process_AttributeAlter extends SimpleSAML_Auth_ProcessingFilter {
+
+ /**
+ * Should found pattern be replace
+ */
+ private $replace = FALSE;
+
+ /**
+ * Pattern to besearch for.
+ */
+ private $pattern = '';
+
+ /**
+ * String to replace found pattern.
+ */
+ private $replacement = '';
+
+ /**
+ * Attribute to search in.
+ */
+ private $subject = '';
+
+ /**
+ * Initialize this filter.
+ *
+ * @param array $config Configuration information about this filter.
+ * @param mixed $reserved For future use.
+ */
+ public function __construct($config, $reserved) {
+ parent::__construct($config, $reserved);
+
+ assert('is_array($config)');
+
+
+ foreach($config as $name => $value) {
+ // Is %replace set?
+ if(is_int($name)) {
+ if($value == '%replace') {
+ $this->replace = TRUE;
+ } else {
+ throw new Exception('Unknown flag : ' . var_export($value, TRUE));
+ }
+ continue;
+ }
+ // Unknown flag
+ if(!is_string($name)) {
+ throw new Exception('Unknown flag : ' . var_export($name, TRUE));
+ }
+ // Set pattern
+ if($name == 'pattern') {
+ $this->pattern = $value;
+ }
+ // Set replacement
+ if($name == 'replacement') {
+ $this->replacement = $value;
+ }
+ // Set subject
+ if($name == 'subject') {
+ $this->subject = $value;
+ }
+ }
+ }
+
+
+ /**
+ * Apply filter to modify attributes.
+ *
+ * Modify existing attributes with the configured values.
+ *
+ * @param array &$request The current request
+ */
+ public function process(&$request) {
+ assert('is_array($request)');
+ assert('array_key_exists("Attributes", $request)');
+
+ /**
+ * Get attributes from request
+ */
+ $attributes =& $request['Attributes'];
+
+ if(empty($this->pattern) || empty($this->subject)) {
+ throw new Exception("Not all params set in config.");
+ }
+
+ /**
+ * Check if attributes contains subject attribute
+ */
+ if (array_key_exists($this->subject,$attributes)) {
+ // Replace is TRUE
+ if($this->replace == TRUE) {
+ // Try to match pattern
+ if(preg_match($this->pattern, $attributes[$this->subject][0])) {
+ $attributes[$this->subject] = array($this->replacement);
+ }
+ } else {
+ // Try to match pattern
+ $attributes[$this->subject] = preg_replace($this->pattern, $this->replacement, $attributes[$this->subject]);
+ }
+ }
+ }
+}
+
+?>
--
GitLab