core:WarnShortSSOInterval: New processing filter which shows a warning if...

core:WarnShortSSOInterval: New processing filter which shows a warning if there is a very short interval between SSOs for the same user from an SP. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1421 44740490-163a-0410-bde0-09ae8108e29a

core:WarnShortSSOInterval: New processing filter which shows a warning if...
fed8d8b5 · Olav Morken · 0bd25bf4 · fed8d8b5 · fed8d8b5 · fed8d8b5
Commit fed8d8b5 authored 16 years ago by Olav Morken
--- a/modules/core/dictionaries/short_sso_interval.php
+++ b/modules/core/dictionaries/short_sso_interval.php
+<?php
+
+$lang = array(
+	'warning' => array (
+		'en' => 'We have detected that there is only a few seconds since you last authenticated with this service provider, and therefore assume that there is a problem with this SP.',
+	),
+	'warning_header' => array (
+		'en' => 'To short interval between single sign on events.',
+	),
+	'retry' => array (
+		'en' => 'Retry login',
+	),
+
+);
+
+
+?>
\ No newline at end of file
--- a/modules/core/lib/Auth/Process/WarnShortSSOInterval.php
+++ b/modules/core/lib/Auth/Process/WarnShortSSOInterval.php
+<?php
+
+/**
+ * Give a warning to the user if we receive multiple requests in a short time.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_core_Auth_Process_WarnShortSSOInterval extends SimpleSAML_Auth_ProcessingFilter {
+
+	/**
+	 * Process a authentication response.
+	 *
+	 * This function checks how long it is since the last time the user was authenticated.
+	 * If it is to short a while since, we will show a warning to the user.
+	 *
+	 * @param array $state  The state of the response.
+	 */
+	public function process(&$state) {
+		assert('is_array($state)');
+
+		if (!array_key_exists('PreviousSSOTimestamp', $state)) {
+			/*
+			 * No timestamp from the previous SSO to this SP. This is the first
+			 * time during this session.
+			 */
+			return;
+		}
+
+		$timeDelta = time() - $state['PreviousSSOTimestamp'];
+		if ($timeDelta >= 10) {
+			/* At least 10 seconds since last attempt. */
+			return;
+		}
+
+		if (array_key_exists('Destination', $state)
+			&& array_key_exists('entityid', $state['Destination'])) {
+			$entityId = $state['Destination']['entityid'];
+		} else {
+			$entityId = 'UNKNOWN';
+		}
+
+		SimpleSAML_Logger::warn('WarnShortSSOInterval: Only ' . $timeDelta .
+			' seconds since last SSO for this user from the SP ' .
+			var_export($entityId, TRUE));
+
+		/* Save state and redirect. */
+		$id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
+		$url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
+		SimpleSAML_Utilities::redirect($url, array('StateId' => $id));
+	}
+
+}
+
+?>
\ No newline at end of file
--- a/modules/core/templates/short_sso_interval.php
+++ b/modules/core/templates/short_sso_interval.php
+<?php
+/**
+ * Template which is shown when there is only a short interval since the user was last authenticated.
+ *
+ * Parameters:
+ * - 'target': Target URL.
+ * - 'params': Parameters which should be included in the request.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+
+
+$this->data['header'] = $this->t('{core:short_sso_interval:warning_header}');
+$this->data['autofocus'] = 'contbutton';
+
+$this->includeAtTemplateBase('includes/header.php');
+?>
+<h1><?php echo $this->data['header']; ?></h1>
+<form style="display: inline; margin: 0px; padding: 0px" action="<?php echo htmlspecialchars($this->data['target']); ?>">
+
+	<?php
+		// Embed hidden fields...
+		foreach ($this->data['params'] as $name => $value) {
+			echo('<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($value) . '" />');
+		}
+	?>
+	<p><?php echo $this->t('{core:short_sso_interval:warning}'); ?></p>
+
+	<input type="submit" name="continue" id="contbutton" value="<?php echo htmlspecialchars($this->t('{core:short_sso_interval:retry}')) ?>" />
+
+</form>
+
+
+<?php
+$this->includeAtTemplateBase('includes/footer.php');
+?>
--- a/modules/core/www/short_sso_interval.php
+++ b/modules/core/www/short_sso_interval.php
+<?php
+/**
+ * Show a warning to an user about the SP requesting SSO a short time after
+ * doing it previously.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+
+if (!array_key_exists('StateId', $_REQUEST)) {
+	throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
+}
+
+$id = $_REQUEST['StateId'];
+$state = SimpleSAML_Auth_State::loadState($id, 'core:short_sso_interval');
+
+if (array_key_exists('continue', $_REQUEST)) {
+	/* The user has pressed the continue/retry-button. */
+	SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
+}
+
+$globalConfig = SimpleSAML_Configuration::getInstance();
+$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:short_sso_interval.php');
+$t->data['target'] = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
+$t->data['params'] = array('StateId' => $id);
+$t->show();
+
+
+?>
\ No newline at end of file