SimpleSAML_Auth_Simple: Update to take name of authentication source as parameter.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1762 44740490-163a-0410-bde0-09ae8108e29a

SimpleSAML_Auth_Simple: Update to take name of authentication source as parameter.
dbae8d82 · Olav Morken · 0cbd861f · dbae8d82 · dbae8d82
Commit dbae8d82 authored 15 years ago by Olav Morken
--- a/lib/SimpleSAML/Auth/Simple.php
+++ b/lib/SimpleSAML/Auth/Simple.php
@@ -3,14 +3,31 @@
 /**
 * Helper class for simple authentication applications.
 *
- * This class will use the authentication source specified in the
- * 'default-authsource' option in 'config.php'.
- *
 * @package simpleSAMLphp
 * @version $Id$
 */
 class SimpleSAML_Auth_Simple {

+	/**
+	 * The id of the authentication source we are accessing.
+	 *
+	 * @var string
+	 */
+	private $authSource;
+
+
+	/**
+	 * Create an instance with the specified authsource.
+	 *
+	 * @param string $authSource  The id of the authentication source.
+	 */
+	public function __construct($authSource) {
+		assert('is_string($authSource)');
+
+		$this->authSource = $authSource;
+	}
+
+
 	/**
 	 * Check if the user is authenticated.
 	 *
@@ -20,13 +37,10 @@ class SimpleSAML_Auth_Simple {
 	 *
 	 * @return bool  TRUE if the user is authenticated, FALSE if not.
 	 */
-	public static function isAuthenticated() {
-		$config = SimpleSAML_Configuration::getInstance();
+	public function isAuthenticated() {
 		$session = SimpleSAML_Session::getInstance();

-		$as = $config->getString('default-authsource');
-
-		return $session->isValid($as);
+		return $session->isValid($this->authSource);
 	}


@@ -45,15 +59,12 @@ class SimpleSAML_Auth_Simple {
 	 *
 	 * @param bool $allowPost  Whether POST requests will be preserved. The default is to preserve POST requests.
 	 */
-	public static function requireAuth($allowPost = TRUE) {
+	public function requireAuth($allowPost = TRUE) {
 		assert('is_bool($allowPost)');

-		$config = SimpleSAML_Configuration::getInstance();
 		$session = SimpleSAML_Session::getInstance();

-		$as = $config->getString('default-authsource');
-
-		if ($session->isValid($as)) {
+		if ($session->isValid($this->authSource)) {
 			/* Already authenticated. */
 			return;
 		}
@@ -63,7 +74,7 @@ class SimpleSAML_Auth_Simple {
 			$url = SimpleSAML_Utilities::createPostRedirectLink($url, $_POST);
 		}

-		SimpleSAML_Auth_Default::initLogin($as, $url);
+		SimpleSAML_Auth_Default::initLogin($this->authSource, $url);
 	}


@@ -77,13 +88,20 @@ class SimpleSAML_Auth_Simple {
 	 * @param string|NULL $url  The url the user should be redirected to after logging out.
 	 *                          Defaults to the current page.
 	 */
-	public static function logout($url = NULL) {
+	public function logout($url = NULL) {
 		assert('is_string($url) || is_null($url)');

 		if ($url === NULL) {
 			$url = SimpleSAML_Utilities::selfURL();
 		}

+		$session = SimpleSAML_Session::getInstance();
+		if (!$session->isValid($this->authSource)) {
+			/* Not authenticated to this authentication source. */
+			SimpleSAML_Utilities::redirect($url);
+			assert('FALSE');
+		}
+
 		SimpleSAML_Auth_Default::initLogout($url);
 	}

@@ -97,9 +115,9 @@ class SimpleSAML_Auth_Simple {
 	 *
 	 * @return array  The users attributes.
 	 */
-	public static function getAttributes() {
+	public function getAttributes() {

-		if (!self::isAuthenticated()) {
+		if (!$this->isAuthenticated()) {
 			/* Not authenticated. */
 			return array();
 		}

--- a/www/example-simple/verysimple.php
+++ b/www/example-simple/verysimple.php
@@ -14,6 +14,10 @@
 */
 require_once('../../lib/_autoload.php');

+/*
+ * We use the default-sp authentication source.
+ */
+$as = new SimpleSAML_Auth_Simple('default-sp');

 /* This handles logout requests. */
 if (array_key_exists('logout', $_REQUEST)) {
@@ -22,7 +26,7 @@ if (array_key_exists('logout', $_REQUEST)) {
 	 * avoids a redirect loop, since otherwise it will access the logout
 	 * endpoint again.
 	 */
-	SimpleSAML_Auth_Simple::logout(SimpleSAML_Utilities::selfURLNoQuery());
+	$as->logout(SimpleSAML_Utilities::selfURLNoQuery());
 	/* The previous function will never return. */
 }

@@ -34,7 +38,7 @@ if (array_key_exists('login', $_REQUEST)) {
 	 * Note that the requireAuth-function will preserve all GET-parameters
 	 * and POST-parameters by default.
 	 */
-	SimpleSAML_Auth_Simple::requireAuth();
+	$as->requireAuth();
 	/* The previous function will only return if the user is authenticated. */
 }

@@ -46,7 +50,7 @@ if (array_key_exists('message', $_POST)) {
 	 * Since POST parameters are preserved during requireAuth-processing,
 	 * the message will be presented to the user after the authentication.
 	 */
-	SimpleSAML_Auth_Simple::requireAuth();
+	$as->requireAuth();
 	$message = $_POST['message'];
 } else {
 	$message = NULL;
@@ -57,14 +61,14 @@ if (array_key_exists('message', $_POST)) {
 * This allows us to show the user a login link or a logout link depending
 * on the authentication state.
 */
-$isAuth = SimpleSAML_Auth_Simple::isAuthenticated();
+$isAuth = $as->isAuthenticated();


 /*
 * Retrieve the users attributes. We will list them if the user
 * is authenticated.
 */
-$attributes = SimpleSAML_Auth_Simple::getAttributes();
+$attributes = $as->getAttributes();

 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"