SimpleSAML_Session: Update isValid() to require a authority string.

This patch updates the isValid function to require a valid authority.
All users of isValid in the simpleSAMLphp source pass the authority
parameter. If anyone uses isValid() without a valid authority they
must update their source code.

This change is made to make it more difficult to use simpleSAMLphp in
an insecure way.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1826 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/Session.php

@@ -482,16 +482,25 @@ class SimpleSAML_Session {
 	/*
 	 * Is the session representing an authenticated user, and is the session still alive.
 	 * This function will return false after the user has timed out.
+	 *
+	 * @param string $authority  The authentication source that the user should be authenticated with.
+	 * @return TRUE if the user has a valid session, FALSE if not.
 	 */
-	public function isValid($authority = null) {
+	public function isValid($authority) {
+		assert('is_string($authority)');
+
 		SimpleSAML_Logger::debug('Library - Session: Check if session is valid.' .
-			' checkauthority:' . (isset($authority) ? $authority : 'null') . 
+			' checkauthority:' . $authority .
 			' thisauthority:' . (isset($this->authority) ? $this->authority : 'null') .
 			' isauthenticated:' . ($this->isAuthenticated() ? 'yes' : 'no') . 
 			' remainingtime:' . $this->remainingTime());
 			
 		if (!$this->isAuthenticated()) return false;
-		if (!empty($authority) && ($authority != $this->authority) ) return false;
+
+		if ($authority !== $this->authority) {
+			return FALSE;
+		}
+
 		return $this->remainingTime() > 0;
 	}