From d94cf006abc37e0b51cc587ce4709bb7d492b732 Mon Sep 17 00:00:00 2001
From: Guy Halse <guy@tenet.ac.za>
Date: Mon, 7 Aug 2017 09:37:30 +0200
Subject: [PATCH] Differentiate passive requests from others

A more flexible version of the original patch, based on comments from
@thijskh and @jaimeperez. This version will allow you to skip logging
passive requests entirely by setting `skipPassive` in the config, or
alternatively will prefix the log tag with 'passive-'.
---
 .../docs/authproc_statisticswithattribute.md   |  3 +++
 .../Auth/Process/StatisticsWithAttribute.php   | 18 ++++++++++++++----
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/modules/core/docs/authproc_statisticswithattribute.md b/modules/core/docs/authproc_statisticswithattribute.md
index 53753f9db..4607c059e 100644
--- a/modules/core/docs/authproc_statisticswithattribute.md
+++ b/modules/core/docs/authproc_statisticswithattribute.md
@@ -12,6 +12,9 @@ Parameters
 `type`
 :   The type of the statistics entry.
 
+`skipPassive`
+:   A boolean indicating whether passive requests should be skipped. Defaults to `FALSE`, in which case the type tag is prefixed with 'passive-'.
+
 
 Example
 -------
diff --git a/modules/core/lib/Auth/Process/StatisticsWithAttribute.php b/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
index 517369c93..2482c186c 100644
--- a/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
+++ b/modules/core/lib/Auth/Process/StatisticsWithAttribute.php
@@ -16,6 +16,8 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P
 	
 	private $typeTag = 'saml20-idp-SSO';
 
+	private $skipPassive = false;
+
 
 	/**
 	 * Initialize this filter.
@@ -41,6 +43,10 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P
 				throw new Exception('Invalid typeTag given to core:StatisticsWithAttribute filter.');
 			}
 		}
+
+		if (array_key_exists('skipPassive', $config)) {
+			$this->skipPassive = (bool)$config['skipPassive'];
+		}
 	}
 
 
@@ -56,10 +62,14 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P
 		$logAttribute = 'NA';
 		$source = 'NA';
 		$dest = 'NA';
+		$isPassive = '';
 
 		if(array_key_exists('isPassive', $state) && $state['isPassive'] === true) {
-			// We have a passive request. Skip logging statistics
-			return;
+			if ($this->skipPassive === true) {
+				// We have a passive request. Skip logging statistics
+				return;
+			}
+			$isPassive = 'passive-';
 		}
 
 		if (array_key_exists($this->attribute, $state['Attributes'])) $logAttribute = $state['Attributes'][$this->attribute][0];		
@@ -81,10 +91,10 @@ class sspmod_core_Auth_Process_StatisticsWithAttribute extends SimpleSAML_Auth_P
 
 		if (!array_key_exists('PreviousSSOTimestamp', $state)) {
 			// The user hasn't authenticated with this SP earlier in this session
-			SimpleSAML\Logger::stats($this->typeTag . '-first ' . $dest . ' ' . $source . ' ' . $logAttribute);
+			SimpleSAML\Logger::stats($isPassive . $this->typeTag . '-first ' . $dest . ' ' . $source . ' ' . $logAttribute);
 		}
 
-		SimpleSAML\Logger::stats($this->typeTag . ' ' . $dest . ' ' . $source . ' ' . $logAttribute);
+		SimpleSAML\Logger::stats($isPassive . $this->typeTag . ' ' . $dest . ' ' . $source . ' ' . $logAttribute);
 	}
 
 }
-- 
GitLab