Skip to content
Snippets Groups Projects
Commit f4277ec2 authored by Jaime Perez Crespo's avatar Jaime Perez Crespo
Browse files

Reformat SimpleSAML_Auth_Source.

parent 8be35a61
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/SimpleSAML/Auth/Source.php
+ 367
344
View file @ f4277ec2
<?php <?php
/** /**
* This class defines a base class for authentication source. * This class defines a base class for authentication source.
* *
...@@ -8,348 +9,370 @@ ...@@ -8,348 +9,370 @@
* @author Olav Morken, UNINETT AS. * @author Olav Morken, UNINETT AS.
* @package simpleSAMLphp * @package simpleSAMLphp
*/ */
abstract class SimpleSAML_Auth_Source { abstract class SimpleSAML_Auth_Source
{
/**
* The authentication source identifier. This identifier can be used to look up this object, for example when /**
* returning from a login form. * The authentication source identifier. This identifier can be used to look up this object, for example when
* * returning from a login form.
* @var string *
*/ * @var string
protected $authId; */
protected $authId;
/**
* Constructor for an authentication source. /**
* * Constructor for an authentication source.
* Any authentication source which implements its own constructor must call this *
* constructor first. * Any authentication source which implements its own constructor must call this
* * constructor first.
* @param array $info Information about this authentication source. *
* @param array &$config Configuration for this authentication source. * @param array $info Information about this authentication source.
*/ * @param array &$config Configuration for this authentication source.
public function __construct($info, &$config) { */
assert('is_array($info)'); public function __construct($info, &$config)
assert('is_array($config)'); {
assert('is_array($info)');
assert('array_key_exists("AuthId", $info)'); assert('is_array($config)');
$this->authId = $info['AuthId'];
} assert('array_key_exists("AuthId", $info)');
$this->authId = $info['AuthId'];
}
/**
* Get sources of a specific type.
* /**
* @param string $type The type of the authentication source. * Get sources of a specific type.
* @return SimpleSAML_Auth_Source[] Array of SimpleSAML_Auth_Source objects of the specified type. *
* @throws Exception If the authentication source is invalid. * @param string $type The type of the authentication source.
*/ *
public static function getSourcesOfType($type) { * @return SimpleSAML_Auth_Source[] Array of SimpleSAML_Auth_Source objects of the specified type.
assert('is_string($type)'); * @throws Exception If the authentication source is invalid.
*/
$config = SimpleSAML_Configuration::getConfig('authsources.php'); public static function getSourcesOfType($type)
{
$ret = array(); assert('is_string($type)');
$sources = $config->getOptions(); $config = SimpleSAML_Configuration::getConfig('authsources.php');
foreach ($sources as $id) {
$source = $config->getArray($id); $ret = array();
if (!array_key_exists(0, $source) || !is_string($source[0])) { $sources = $config->getOptions();
throw new Exception('Invalid authentication source \'' . $id . foreach ($sources as $id) {
'\': First element must be a string which identifies the authentication source.'); $source = $config->getArray($id);
}
if (!array_key_exists(0, $source) || !is_string($source[0])) {
if ($source[0] !== $type) { throw new Exception(
continue; 'Invalid authentication source \''.$id.
} '\': First element must be a string which identifies the authentication source.'
);
$ret[] = self::parseAuthSource($id, $source); }
}
if ($source[0] !== $type) {
return $ret; continue;
} }
$ret[] = self::parseAuthSource($id, $source);
/** }
* Retrieve the ID of this authentication source.
* return $ret;
* @return string The ID of this authentication source. }
*/
public function getAuthId() {
/**
return $this->authId; * Retrieve the ID of this authentication source.
} *
* @return string The ID of this authentication source.
*/
/** public function getAuthId()
* Process a request. {
* return $this->authId;
* If an authentication source returns from this function, it is assumed to have }
* authenticated the user, and should have set elements in $state with the attributes
* of the user.
* /**
* If the authentication process requires additional steps which make it impossible to * Process a request.
* complete before returning from this function, the authentication source should *
* save the state, and at a later stage, load the state, update it with the authentication * If an authentication source returns from this function, it is assumed to have
* information about the user, and call completeAuth with the state array. * authenticated the user, and should have set elements in $state with the attributes
* * of the user.
* @param array &$state Information about the current authentication. *
*/ * If the authentication process requires additional steps which make it impossible to
abstract public function authenticate(&$state); * complete before returning from this function, the authentication source should
* save the state, and at a later stage, load the state, update it with the authentication
* information about the user, and call completeAuth with the state array.
/** *
* Reauthenticate an user. * @param array &$state Information about the current authentication.
* */
* This function is called by the IdP to give the authentication source a chance to abstract public function authenticate(&$state);
* interact with the user even in the case when the user is already authenticated.
*
* @param array &$state Information about the current authentication. /**
*/ * Reauthenticate an user.
public function reauthenticate(array &$state) { *
assert('isset($state["ReturnCallback"])'); * This function is called by the IdP to give the authentication source a chance to
* interact with the user even in the case when the user is already authenticated.
/* The default implementation just copies over the previous authentication data. */ *
$session = SimpleSAML_Session::getSessionFromRequest(); * @param array &$state Information about the current authentication.
$data = $session->getAuthState($this->authId); */
foreach ($data as $k => $v) { public function reauthenticate(array &$state)
$state[$k] = $v; {
} assert('isset($state["ReturnCallback"])');
}
// the default implementation just copies over the previous authentication data
$session = SimpleSAML_Session::getSessionFromRequest();
/** $data = $session->getAuthState($this->authId);
* Complete authentication. foreach ($data as $k => $v) {
* $state[$k] = $v;
* This function should be called if authentication has completed. It will never return, }
* except in the case of exceptions. Exceptions thrown from this page should not be caught, }
* but should instead be passed to the top-level exception handler.
*
* @param array &$state Information about the current authentication. /**
*/ * Complete authentication.
public static function completeAuth(&$state) { *
assert('is_array($state)'); * This function should be called if authentication has completed. It will never return,
assert('array_key_exists("LoginCompletedHandler", $state)'); * except in the case of exceptions. Exceptions thrown from this page should not be caught,
* but should instead be passed to the top-level exception handler.
SimpleSAML_Auth_State::deleteState($state); *
* @param array &$state Information about the current authentication.
$func = $state['LoginCompletedHandler']; */
assert('is_callable($func)'); public static function completeAuth(&$state)
{
call_user_func($func, $state); assert('is_array($state)');
assert(FALSE); assert('array_key_exists("LoginCompletedHandler", $state)');
}
SimpleSAML_Auth_State::deleteState($state);
/** $func = $state['LoginCompletedHandler'];
* Log out from this authentication source. assert('is_callable($func)');
*
* This function should be overridden if the authentication source requires special call_user_func($func, $state);
* steps to complete a logout operation. assert(false);
* }
* If the logout process requires a redirect, the state should be saved. Once the
* logout operation is completed, the state should be restored, and completeLogout
* should be called with the state. If this operation can be completed without /**
* showing the user a page, or redirecting, this function should return. * Log out from this authentication source.
* *
* @param array &$state Information about the current logout operation. * This function should be overridden if the authentication source requires special
*/ * steps to complete a logout operation.
public function logout(&$state) { *
assert('is_array($state)'); * If the logout process requires a redirect, the state should be saved. Once the
* logout operation is completed, the state should be restored, and completeLogout
/* Default logout handler which doesn't do anything. */ * should be called with the state. If this operation can be completed without
} * showing the user a page, or redirecting, this function should return.
*
* @param array &$state Information about the current logout operation.
/** */
* Complete logout. public function logout(&$state)
* {
* This function should be called after logout has completed. It will never return, assert('is_array($state)');
* except in the case of exceptions. Exceptions thrown from this page should not be caught, // default logout handler which doesn't do anything
* but should instead be passed to the top-level exception handler. }
*
* @param array &$state Information about the current authentication.
*/ /**
public static function completeLogout(&$state) { * Complete logout.
assert('is_array($state)'); *
assert('array_key_exists("LogoutCompletedHandler", $state)'); * This function should be called after logout has completed. It will never return,
* except in the case of exceptions. Exceptions thrown from this page should not be caught,
SimpleSAML_Auth_State::deleteState($state); * but should instead be passed to the top-level exception handler.
*
$func = $state['LogoutCompletedHandler']; * @param array &$state Information about the current authentication.
assert('is_callable($func)'); */
public static function completeLogout(&$state)
call_user_func($func, $state); {
assert(FALSE); assert('is_array($state)');
} assert('array_key_exists("LogoutCompletedHandler", $state)');
SimpleSAML_Auth_State::deleteState($state);
/**
* Create authentication source object from configuration array. $func = $state['LogoutCompletedHandler'];
* assert('is_callable($func)');
* This function takes an array with the configuration for an authentication source object,
* and returns the object. call_user_func($func, $state);
* assert(false);
* @param string $authId The authentication source identifier. }
* @param array $config The configuration.
* @return SimpleSAML_Auth_Source The parsed authentication source.
* @throws Exception If the authentication source is invalid. /**
*/ * Create authentication source object from configuration array.
private static function parseAuthSource($authId, $config) { *
assert('is_string($authId)'); * This function takes an array with the configuration for an authentication source object,
assert('is_array($config)'); * and returns the object.
*
if (!array_key_exists(0, $config) || !is_string($config[0])) { * @param string $authId The authentication source identifier.
throw new Exception('Invalid authentication source \'' . $authId . * @param array $config The configuration.
'\': First element must be a string which identifies the authentication source.'); *
} * @return SimpleSAML_Auth_Source The parsed authentication source.
* @throws Exception If the authentication source is invalid.
$className = SimpleSAML_Module::resolveClass($config[0], 'Auth_Source', */
'SimpleSAML_Auth_Source'); private static function parseAuthSource($authId, $config)
{
$info = array('AuthId' => $authId); assert('is_string($authId)');
unset($config[0]); assert('is_array($config)');
return new $className($info, $config);
} if (!array_key_exists(0, $config) || !is_string($config[0])) {
throw new Exception(
'Invalid authentication source \''.$authId.
/** '\': First element must be a string which identifies the authentication source.'
* Retrieve authentication source. );
* }
* This function takes an id of an authentication source, and returns the
* AuthSource object. If no authentication source with the given id can be found, $className = SimpleSAML_Module::resolveClass($config[0], 'Auth_Source', 'SimpleSAML_Auth_Source');
* NULL will be returned.
* $info = array('AuthId' => $authId);
* If the $type parameter is specified, this function will return an unset($config[0]);
* authentication source of the given type. If no authentication source or if an return new $className($info, $config);
* authentication source of a different type is found, an exception will be thrown. }
*
* @param string $authId The authentication source identifier.
* @param string|NULL $type The type of authentication source. If NULL, any type will be accepted. /**
* @return SimpleSAML_Auth_Source|NULL The AuthSource object, or NULL if no authentication * Retrieve authentication source.
* source with the given identifier is found. *
* @throws SimpleSAML_Error_Exception If no such authentication source is found or it is invalid. * This function takes an id of an authentication source, and returns the
*/ * AuthSource object. If no authentication source with the given id can be found,
public static function getById($authId, $type = NULL) { * NULL will be returned.
assert('is_string($authId)'); *
assert('is_null($type) || is_string($type)'); * If the $type parameter is specified, this function will return an
* authentication source of the given type. If no authentication source or if an
/* For now - load and parse config file. */ * authentication source of a different type is found, an exception will be thrown.
$config = SimpleSAML_Configuration::getConfig('authsources.php'); *
* @param string $authId The authentication source identifier.
$authConfig = $config->getArray($authId, NULL); * @param string|NULL $type The type of authentication source. If NULL, any type will be accepted.
if ($authConfig === NULL) { *
if ($type !== NULL) { * @return SimpleSAML_Auth_Source|NULL The AuthSource object, or NULL if no authentication
throw new SimpleSAML_Error_Exception('No authentication source with id ' . * source with the given identifier is found.
var_export($authId, TRUE) . ' found.'); * @throws SimpleSAML_Error_Exception If no such authentication source is found or it is invalid.
} */
return NULL; public static function getById($authId, $type = null)
} {
assert('is_string($authId)');
$ret = self::parseAuthSource($authId, $authConfig); assert('is_null($type) || is_string($type)');
if ($type === NULL || $ret instanceof $type) { // for now - load and parse config file
return $ret; $config = SimpleSAML_Configuration::getConfig('authsources.php');
}
$authConfig = $config->getArray($authId, null);
/* The authentication source doesn't have the correct type. */ if ($authConfig === null) {
throw new SimpleSAML_Error_Exception('Invalid type of authentication source ' . if ($type !== null) {
var_export($authId, TRUE) . '. Was ' . var_export(get_class($ret), TRUE) . throw new SimpleSAML_Error_Exception(
', should be ' . var_export($type, TRUE) . '.'); 'No authentication source with id '.
} var_export($authId, true).' found.'
);
}
/** return null;
* Add a logout callback association. }
*
* This function adds a logout callback association, which allows us to initiate $ret = self::parseAuthSource($authId, $authConfig);
* a logout later based on the $assoc-value.
* if ($type === null || $ret instanceof $type) {
* Note that logout-associations exists per authentication source. A logout association return $ret;
* from one authentication source cannot be called from a different authentication source. }
*
* @param string $assoc The identifier for this logout association. // the authentication source doesn't have the correct type
* @param array $state The state array passed to the authenticate-function. throw new SimpleSAML_Error_Exception(
*/ 'Invalid type of authentication source '.
protected function addLogoutCallback($assoc, $state) { var_export($authId, true).'. Was '.var_export(get_class($ret), true).
assert('is_string($assoc)'); ', should be '.var_export($type, true).'.'
assert('is_array($state)'); );
}
if (!array_key_exists('LogoutCallback', $state)) {
/* The authentication requester doesn't have a logout callback. */
return; /**
} * Add a logout callback association.
$callback = $state['LogoutCallback']; *
* This function adds a logout callback association, which allows us to initiate
if (array_key_exists('LogoutCallbackState', $state)) { * a logout later based on the $assoc-value.
$callbackState = $state['LogoutCallbackState']; *
} else { * Note that logout-associations exists per authentication source. A logout association
$callbackState = array(); * from one authentication source cannot be called from a different authentication source.
} *
* @param string $assoc The identifier for this logout association.
$id = strlen($this->authId) . ':' . $this->authId . $assoc; * @param array $state The state array passed to the authenticate-function.
*/
$data = array( protected function addLogoutCallback($assoc, $state)
'callback' => $callback, {
'state' => $callbackState, assert('is_string($assoc)');
); assert('is_array($state)');
if (!array_key_exists('LogoutCallback', $state)) {
$session = SimpleSAML_Session::getSessionFromRequest(); // the authentication requester doesn't have a logout callback
$session->setData('SimpleSAML_Auth_Source.LogoutCallbacks', $id, $data, return;
SimpleSAML_Session::DATA_TIMEOUT_SESSION_END); }
} $callback = $state['LogoutCallback'];
if (array_key_exists('LogoutCallbackState', $state)) {
/** $callbackState = $state['LogoutCallbackState'];
* Call a logout callback based on association. } else {
* $callbackState = array();
* This function calls a logout callback based on an association saved with }
* addLogoutCallback(...).
* $id = strlen($this->authId).':'.$this->authId.$assoc;
* This function always returns.
* $data = array(
* @param string $assoc The logout association which should be called. 'callback' => $callback,
*/ 'state' => $callbackState,
protected function callLogoutCallback($assoc) { );
assert('is_string($assoc)');
$session = SimpleSAML_Session::getSessionFromRequest();
$id = strlen($this->authId) . ':' . $this->authId . $assoc; $session->setData(
'SimpleSAML_Auth_Source.LogoutCallbacks',
$session = SimpleSAML_Session::getSessionFromRequest(); $id,
$data,
$data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id); SimpleSAML_Session::DATA_TIMEOUT_SESSION_END
if ($data === NULL) { );
/* FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure */ }
$session->doLogout($this->authId);
return; /**
} * Call a logout callback based on association.
*
assert('is_array($data)'); * This function calls a logout callback based on an association saved with
assert('array_key_exists("callback", $data)'); * addLogoutCallback(...).
assert('array_key_exists("state", $data)'); *
* This function always returns.
$callback = $data['callback']; *
$callbackState = $data['state']; * @param string $assoc The logout association which should be called.
*/
$session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id); protected function callLogoutCallback($assoc)
call_user_func($callback, $callbackState); {
} assert('is_string($assoc)');
$id = strlen($this->authId).':'.$this->authId.$assoc;
/**
* Retrieve list of authentication sources. $session = SimpleSAML_Session::getSessionFromRequest();
*
* @return array The id of all authentication sources. $data = $session->getData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
*/ if ($data === null) {
public static function getSources() { // FIXME: fix for IdP-first flow (issue 397) -> reevaluate logout callback infrastructure
$session->doLogout($this->authId);
$config = SimpleSAML_Configuration::getOptionalConfig('authsources.php');
return;
return $config->getOptions(); }
}
assert('is_array($data)');
assert('array_key_exists("callback", $data)');
assert('array_key_exists("state", $data)');
$callback = $data['callback'];
$callbackState = $data['state'];
$session->deleteData('SimpleSAML_Auth_Source.LogoutCallbacks', $id);
call_user_func($callback, $callbackState);
}
/**
* Retrieve list of authentication sources.
*
* @return array The id of all authentication sources.
*/
public static function getSources()
{
$config = SimpleSAML_Configuration::getOptionalConfig('authsources.php');
return $config->getOptions();
}
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment