From fee9f91d4f1408d60436cd2a02f7e0f914b64915 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 18 Feb 2009 09:03:08 +0000
Subject: [PATCH] Auth: Use Auth_State::RESTART to handle session lost events.

This allows all authentication modules which uses the Auth_State class
for saving and restoring the state to handle session lost events.


git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1287 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Auth/Default.php          |  5 +++--
 modules/core/lib/Auth/UserPassBase.php   | 16 +++-------------
 modules/core/templates/loginuserpass.php |  8 --------
 modules/core/www/loginuserpass.php       | 12 ++----------
 www/saml2/idp/SSOService.php             | 17 ++++++++++++-----
 5 files changed, 20 insertions(+), 38 deletions(-)

diff --git a/lib/SimpleSAML/Auth/Default.php b/lib/SimpleSAML/Auth/Default.php
index 0d7cc0d68..d2dfcee7d 100644
--- a/lib/SimpleSAML/Auth/Default.php
+++ b/lib/SimpleSAML/Auth/Default.php
@@ -49,8 +49,9 @@ class SimpleSAML_Auth_Default {
 		if (array_key_exists('IdPMetadata', $hints)) {
 			$state['IdPMetadata'] = $hints['IdPMetadata'];
 		}
-		if (array_key_exists('SessionLostURL', $hints)) {
-			$state['SessionLostURL'] = $hints['SessionLostURL'];
+
+		if (array_key_exists(SimpleSAML_Auth_State::RESTART, $hints)) {
+			$state[SimpleSAML_Auth_State::RESTART] = $hints[SimpleSAML_Auth_State::RESTART];
 		}
 
 		$as = SimpleSAML_Auth_Source::getById($authId);
diff --git a/modules/core/lib/Auth/UserPassBase.php b/modules/core/lib/Auth/UserPassBase.php
index 33d2a940b..9feb3b470 100644
--- a/modules/core/lib/Auth/UserPassBase.php
+++ b/modules/core/lib/Auth/UserPassBase.php
@@ -61,8 +61,6 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
 
 		$url = SimpleSAML_Module::getModuleURL('core/loginuserpass.php');
 		$params = array('AuthState' => $id);
-		if (array_key_exists('SessionLostURL', $state))
-			$params['SessionLostURL'] = $state['SessionLostURL'];
 		SimpleSAML_Utilities::redirect($url, $params);
 	}
 
@@ -101,17 +99,9 @@ abstract class sspmod_core_Auth_UserPassBase extends SimpleSAML_Auth_Source {
 		assert('is_string($username)');
 		assert('is_string($password)');
 
-		try {
-			/* Retrieve the authentication state. */
-			$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
-		} catch(Exception $e) {
-			if (array_key_exists('SessionLostURL', $_REQUEST)) {
-				SimpleSAML_Utilities::redirect($_REQUEST['SessionLostURL']);
-			} else {
-				throw $e;
-			}
-		}
-		
+		/* Retrieve the authentication state. */
+		$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
+
 		/* Find authentication source. */
 		assert('array_key_exists(self::AUTHID, $state)');
 		$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
diff --git a/modules/core/templates/loginuserpass.php b/modules/core/templates/loginuserpass.php
index 3a09ab2de..cb95d1743 100644
--- a/modules/core/templates/loginuserpass.php
+++ b/modules/core/templates/loginuserpass.php
@@ -29,14 +29,6 @@ if ($this->data['errorcode'] !== NULL) {
 	<p><?php echo $this->t('{login:user_pass_text}'); ?></p>
 
 	<form action="?" method="post" name="f">
-<?php
-
-if (array_key_exists('SessionLostURL', $this->data)) {
-	echo('<input type="hidden" name="SessionLostURL" value="' . $this->data['SessionLostURL'] . '" />');
-}
-
-
-?>
 	<table>
 		<tr>
 			<td rowspan="2"><img src="/<?php echo $this->data['baseurlpath']; ?>resources/icons/pencil.png" alt="" /></td>
diff --git a/modules/core/www/loginuserpass.php b/modules/core/www/loginuserpass.php
index 87ccb70dc..663f64422 100644
--- a/modules/core/www/loginuserpass.php
+++ b/modules/core/www/loginuserpass.php
@@ -15,14 +15,8 @@ if (!array_key_exists('AuthState', $_REQUEST)) {
 }
 $authStateId = $_REQUEST['AuthState'];
 
-try {
-	/* Retrieve the authentication state. */
-	$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_core_Auth_UserPassBase::STAGEID);
-} catch(Exception $e) {
-	if (array_key_exists('SessionLostURL', $_REQUEST)) {
-		SimpleSAML_Utilities::redirect($_REQUEST['SessionLostURL']);
-	}
-}
+/* Retrieve the authentication state. */
+$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_core_Auth_UserPassBase::STAGEID);
 
 if (array_key_exists('username', $_REQUEST)) {
 	$username = $_REQUEST['username'];
@@ -48,8 +42,6 @@ $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:loginuserpass.php');
 $t->data['stateparams'] = array('AuthState' => $authStateId);
 $t->data['username'] = $username;
 $t->data['errorcode'] = $errorCode;
-if (array_key_exists('SessionLostURL', $_REQUEST)) 
-	$t->data['SessionLostURL'] = $_REQUEST['SessionLostURL'];
 $t->show();
 exit();
 
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index ef6520c4c..885e4fea9 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -212,15 +212,22 @@ if($needAuth && !$isPassive) {
 
 	if($authSource) {
 		/* Authenticate with an AuthSource. */
+
+		/* The user will be redirected to this URL if the session is lost. This will cause an
+		 * unsoliced authentication response to be sent to the SP.
+		 */
+		$sessionLostURL = SimpleSAML_Utilities::addURLparameter(
+			$metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'),
+			array(
+				'spentityid' => $requestcache['Issuer'],
+			));
+
 		$hints = array(
 			'SPMetadata' => $metadata->getMetaData($requestcache['Issuer'], 'saml20-sp-remote'),
 			'IdPMetadata' => $idpmetadata,
+			SimpleSAML_Auth_State::RESTART => $sessionLostURL,
 		);
-		$hints['SessionLostURL'] = SimpleSAML_Utilities::addURLparameter(
-			$metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'), array(
-				'spentityid' => $requestcache['Issuer'],
-			)
-		);
+
 		SimpleSAML_Auth_Default::initLogin($idpmetadata['auth'], $redirectTo, NULL, $hints);
 	} else {
 		$authurl = '/' . $config->getBaseURL() . $idpmetadata['auth'];
-- 
GitLab