File: credentials.php

package info (click to toggle)
simplesamlphp 1.14.11-1%2Bdeb9u2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 15,024 kB
  • sloc: php: 72,337; xml: 1,078; python: 376; sh: 220; perl: 185; makefile: 57
file content (68 lines) | stat: -rw-r--r-- 2,724 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
<?php

/**
 * Check the credentials that the user got from the A-Select server.
 * This function is called after the user returns from the A-Select server.
 *
 * @author Wessel Dankers, Tilburg University
 */

if(!array_key_exists('a-select-server', $_REQUEST))
	SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing a-select-server parameter"));
$server_id = $_REQUEST['a-select-server'];

if(!array_key_exists('aselect_credentials', $_REQUEST))
	SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter"));
$credentials = $_REQUEST['aselect_credentials'];

if(!array_key_exists('rid', $_REQUEST))
	SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter"));
$rid = $_REQUEST['rid'];

if(!array_key_exists('ssp_state', $_REQUEST))
	throw new SimpleSAML_Error_Exception("Missing ssp_state parameter");
$id = $_REQUEST['ssp_state'];

// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($id);
if(!is_null($sid['url']))
	SimpleSAML_Utilities::checkURLAllowed($sid['url']);

$state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');

try {
	if(!array_key_exists('aselect::authid', $state))
		throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state");

	$authid = $state['aselect::authid'];
	$aselect = SimpleSAML_Auth_Source::getById($authid);
	if(is_null($aselect))
		throw new SimpleSAML_Error_Exception("Could not find authentication source with id $authid");

	$creds = $aselect->verify_credentials($server_id, $credentials, $rid);

	if($state['aselect::add_default_attributes'] === true) {
		// Add default attributes
		$state['Attributes'] = array('uid' => array($creds['uid']), 'organization' => array($creds['organization']));
		if(array_key_exists('attributes', $creds))
			$state['Attributes'] = array_merge($state['Attributes'], $creds['attributes']);
	} elseif($state['aselect::add_default_attributes'] === false) {
		// Do not add default attributes
		if(array_key_exists('attributes', $creds))
			$state['Attributes'] = $creds['attributes'];
		else
			$state['Attributes'] = array();
	} else {
		// Legacy behaviour: add default attributes if no attributes are returned
		if(array_key_exists('attributes', $creds))
			$state['Attributes'] = $creds['attributes'];
		else
			$state['Attributes'] = array('uid' => array($creds['uid']), 'organization' => array($creds['organization']));
	}

} catch(Exception $e) {
	SimpleSAML_Auth_State::throwException($state, $e);
}

SimpleSAML_Auth_Source::completeAuth($state);
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component"));