From dd8e62d42fd58db36476d494cc6486f194f04ab4 Mon Sep 17 00:00:00 2001
From: Patrick Radtke <patrick@cirrusidentity.com>
Date: Thu, 27 Sep 2018 14:43:50 -0700
Subject: [PATCH] 655 allow core:php to manipulate all of the state

---
 modules/core/lib/Auth/Process/PHP.php         |  4 +-
 .../modules/core/lib/Auth/Process/PHPTest.php | 38 +++++++++++++++++++
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/modules/core/lib/Auth/Process/PHP.php b/modules/core/lib/Auth/Process/PHP.php
index 7a538ec1b..5c2bce08b 100644
--- a/modules/core/lib/Auth/Process/PHP.php
+++ b/modules/core/lib/Auth/Process/PHP.php
@@ -49,7 +49,7 @@ class PHP extends \SimpleSAML\Auth\ProcessingFilter
         assert(is_array($request));
         assert(array_key_exists('Attributes', $request));
 
-        $function = function(/** @scrutinizer ignore-unused */ &$attributes) { eval($this->code); };
-        $function($request['Attributes']);
+        $function = function(/** @scrutinizer ignore-unused */ &$attributes, &$state) { eval($this->code); };
+        $function($request['Attributes'], $request);
     }
 }
diff --git a/tests/modules/core/lib/Auth/Process/PHPTest.php b/tests/modules/core/lib/Auth/Process/PHPTest.php
index c73313973..e4af7e57c 100644
--- a/tests/modules/core/lib/Auth/Process/PHPTest.php
+++ b/tests/modules/core/lib/Auth/Process/PHPTest.php
@@ -111,4 +111,42 @@ class Test_Core_Auth_Process_PHP extends TestCase
         );
         $this->processFilter($config, $request);
     }
+
+    /**
+     * Check that the entire state can be adjusted.
+     */
+    public function testStateCanBeModified()
+    {
+
+        $config = array(
+            'code' => '
+                $attributes["orig2"] = array("value0");
+                $state["newKey"] = ["newValue"];
+                $state["Destination"]["attributes"][] = "givenName";
+            ',
+        );
+        $request = array(
+            'Attributes' => array(
+                'orig1' => array('value1', 'value2'),
+                'orig2' => array('value3'),
+                'orig3' => array('value4')
+            ),
+            'Destination' => [
+                'attributes' => ['eduPersonPrincipalName']
+            ],
+        );
+        $expected = array(
+            'Attributes' => array(
+                'orig1' => array('value1', 'value2'),
+                'orig2' => array('value0'),
+                'orig3' => array('value4')
+            ),
+            'Destination' => [
+                'attributes' => ['eduPersonPrincipalName', 'givenName']
+            ],
+            'newKey' => ['newValue']
+        );
+
+        $this->assertEquals($expected, $this->processFilter($config, $request));
+    }
 }
-- 
GitLab