Skip to content
Snippets Groups Projects
Commit dfd99660 authored by Olav Morken's avatar Olav Morken
Browse files

SimpleSAML_Session: Update isValid() to require a authority string.

This patch updates the isValid function to require a valid authority.
All users of isValid in the simpleSAMLphp source pass the authority
parameter. If anyone uses isValid() without a valid authority they
must update their source code.

This change is made to make it more difficult to use simpleSAMLphp in
an insecure way.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1826 44740490-163a-0410-bde0-09ae8108e29a
parent f3dc5580
No related branches found
No related tags found
No related merge requests found
...@@ -482,16 +482,25 @@ class SimpleSAML_Session { ...@@ -482,16 +482,25 @@ class SimpleSAML_Session {
/* /*
* Is the session representing an authenticated user, and is the session still alive. * Is the session representing an authenticated user, and is the session still alive.
* This function will return false after the user has timed out. * This function will return false after the user has timed out.
*
* @param string $authority The authentication source that the user should be authenticated with.
* @return TRUE if the user has a valid session, FALSE if not.
*/ */
public function isValid($authority = null) { public function isValid($authority) {
assert('is_string($authority)');
SimpleSAML_Logger::debug('Library - Session: Check if session is valid.' . SimpleSAML_Logger::debug('Library - Session: Check if session is valid.' .
' checkauthority:' . (isset($authority) ? $authority : 'null') . ' checkauthority:' . $authority .
' thisauthority:' . (isset($this->authority) ? $this->authority : 'null') . ' thisauthority:' . (isset($this->authority) ? $this->authority : 'null') .
' isauthenticated:' . ($this->isAuthenticated() ? 'yes' : 'no') . ' isauthenticated:' . ($this->isAuthenticated() ? 'yes' : 'no') .
' remainingtime:' . $this->remainingTime()); ' remainingtime:' . $this->remainingTime());
if (!$this->isAuthenticated()) return false; if (!$this->isAuthenticated()) return false;
if (!empty($authority) && ($authority != $this->authority) ) return false;
if ($authority !== $this->authority) {
return FALSE;
}
return $this->remainingTime() > 0; return $this->remainingTime() > 0;
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment