From dbae8d824dd3a51d86946e5e3299b29bffdc6b98 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 21 Sep 2009 09:56:15 +0000
Subject: [PATCH] SimpleSAML_Auth_Simple: Update to take name of authentication
 source as parameter.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1762 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Auth/Simple.php    | 52 +++++++++++++++++++++----------
 www/example-simple/verysimple.php | 14 ++++++---
 2 files changed, 44 insertions(+), 22 deletions(-)

diff --git a/lib/SimpleSAML/Auth/Simple.php b/lib/SimpleSAML/Auth/Simple.php
index 546b2dc5e..b8041421d 100644
--- a/lib/SimpleSAML/Auth/Simple.php
+++ b/lib/SimpleSAML/Auth/Simple.php
@@ -3,14 +3,31 @@
 /**
  * Helper class for simple authentication applications.
  *
- * This class will use the authentication source specified in the
- * 'default-authsource' option in 'config.php'.
- *
  * @package simpleSAMLphp
  * @version $Id$
  */
 class SimpleSAML_Auth_Simple {
 
+	/**
+	 * The id of the authentication source we are accessing.
+	 *
+	 * @var string
+	 */
+	private $authSource;
+
+
+	/**
+	 * Create an instance with the specified authsource.
+	 *
+	 * @param string $authSource  The id of the authentication source.
+	 */
+	public function __construct($authSource) {
+		assert('is_string($authSource)');
+
+		$this->authSource = $authSource;
+	}
+
+
 	/**
 	 * Check if the user is authenticated.
 	 *
@@ -20,13 +37,10 @@ class SimpleSAML_Auth_Simple {
 	 *
 	 * @return bool  TRUE if the user is authenticated, FALSE if not.
 	 */
-	public static function isAuthenticated() {
-		$config = SimpleSAML_Configuration::getInstance();
+	public function isAuthenticated() {
 		$session = SimpleSAML_Session::getInstance();
 
-		$as = $config->getString('default-authsource');
-
-		return $session->isValid($as);
+		return $session->isValid($this->authSource);
 	}
 
 
@@ -45,15 +59,12 @@ class SimpleSAML_Auth_Simple {
 	 *
 	 * @param bool $allowPost  Whether POST requests will be preserved. The default is to preserve POST requests.
 	 */
-	public static function requireAuth($allowPost = TRUE) {
+	public function requireAuth($allowPost = TRUE) {
 		assert('is_bool($allowPost)');
 
-		$config = SimpleSAML_Configuration::getInstance();
 		$session = SimpleSAML_Session::getInstance();
 
-		$as = $config->getString('default-authsource');
-
-		if ($session->isValid($as)) {
+		if ($session->isValid($this->authSource)) {
 			/* Already authenticated. */
 			return;
 		}
@@ -63,7 +74,7 @@ class SimpleSAML_Auth_Simple {
 			$url = SimpleSAML_Utilities::createPostRedirectLink($url, $_POST);
 		}
 
-		SimpleSAML_Auth_Default::initLogin($as, $url);
+		SimpleSAML_Auth_Default::initLogin($this->authSource, $url);
 	}
 
 
@@ -77,13 +88,20 @@ class SimpleSAML_Auth_Simple {
 	 * @param string|NULL $url  The url the user should be redirected to after logging out.
 	 *                          Defaults to the current page.
 	 */
-	public static function logout($url = NULL) {
+	public function logout($url = NULL) {
 		assert('is_string($url) || is_null($url)');
 
 		if ($url === NULL) {
 			$url = SimpleSAML_Utilities::selfURL();
 		}
 
+		$session = SimpleSAML_Session::getInstance();
+		if (!$session->isValid($this->authSource)) {
+			/* Not authenticated to this authentication source. */
+			SimpleSAML_Utilities::redirect($url);
+			assert('FALSE');
+		}
+
 		SimpleSAML_Auth_Default::initLogout($url);
 	}
 
@@ -97,9 +115,9 @@ class SimpleSAML_Auth_Simple {
 	 *
 	 * @return array  The users attributes.
 	 */
-	public static function getAttributes() {
+	public function getAttributes() {
 
-		if (!self::isAuthenticated()) {
+		if (!$this->isAuthenticated()) {
 			/* Not authenticated. */
 			return array();
 		}
diff --git a/www/example-simple/verysimple.php b/www/example-simple/verysimple.php
index 1438c2a52..32d31e239 100644
--- a/www/example-simple/verysimple.php
+++ b/www/example-simple/verysimple.php
@@ -14,6 +14,10 @@
  */
 require_once('../../lib/_autoload.php');
 
+/*
+ * We use the default-sp authentication source.
+ */
+$as = new SimpleSAML_Auth_Simple('default-sp');
 
 /* This handles logout requests. */
 if (array_key_exists('logout', $_REQUEST)) {
@@ -22,7 +26,7 @@ if (array_key_exists('logout', $_REQUEST)) {
 	 * avoids a redirect loop, since otherwise it will access the logout
 	 * endpoint again.
 	 */
-	SimpleSAML_Auth_Simple::logout(SimpleSAML_Utilities::selfURLNoQuery());
+	$as->logout(SimpleSAML_Utilities::selfURLNoQuery());
 	/* The previous function will never return. */
 }
 
@@ -34,7 +38,7 @@ if (array_key_exists('login', $_REQUEST)) {
 	 * Note that the requireAuth-function will preserve all GET-parameters
 	 * and POST-parameters by default.
 	 */
-	SimpleSAML_Auth_Simple::requireAuth();
+	$as->requireAuth();
 	/* The previous function will only return if the user is authenticated. */
 }
 
@@ -46,7 +50,7 @@ if (array_key_exists('message', $_POST)) {
 	 * Since POST parameters are preserved during requireAuth-processing,
 	 * the message will be presented to the user after the authentication.
 	 */
-	SimpleSAML_Auth_Simple::requireAuth();
+	$as->requireAuth();
 	$message = $_POST['message'];
 } else {
 	$message = NULL;
@@ -57,14 +61,14 @@ if (array_key_exists('message', $_POST)) {
  * This allows us to show the user a login link or a logout link depending
  * on the authentication state.
  */
-$isAuth = SimpleSAML_Auth_Simple::isAuthenticated();
+$isAuth = $as->isAuthenticated();
 
 
 /*
  * Retrieve the users attributes. We will list them if the user
  * is authenticated.
  */
-$attributes = SimpleSAML_Auth_Simple::getAttributes();
+$attributes = $as->getAttributes();
 
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-- 
GitLab