File: IFrameLogoutHandler.php

package info (click to toggle)
simplesamlphp 1.16.3-1%2Bdeb10u2
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 21,036 kB
  • sloc: php: 73,175; ansic: 875; sh: 83; perl: 82; xml: 52; makefile: 46
file content (119 lines) | stat: -rw-r--r-- 3,186 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
<?php

namespace SimpleSAML\IdP;

use SimpleSAML\Module;
use SimpleSAML\Utils\HTTP;

/**
 * Class that handles iframe logout.
 *
 * @package SimpleSAMLphp
 */
class IFrameLogoutHandler implements LogoutHandlerInterface
{

    /**
     * The IdP we are logging out from.
     *
     * @var \SimpleSAML_IdP
     */
    private $idp;


    /**
     * LogoutIFrame constructor.
     *
     * @param \SimpleSAML_IdP $idp The IdP to log out from.
     */
    public function __construct(\SimpleSAML_IdP $idp)
    {
        $this->idp = $idp;
    }

    /**
     * Start the logout operation.
     *
     * @param array &$state The logout state.
     * @param string|null $assocId The SP we are logging out from.
     */
    public function startLogout(array &$state, $assocId)
    {
        assert(is_string($assocId) || $assocId === null);

        $associations = $this->idp->getAssociations();

        if (count($associations) === 0) {
            $this->idp->finishLogout($state);
        }

        foreach ($associations as $id => &$association) {
            $idp = \SimpleSAML_IdP::getByState($association);
            $association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
            $association['core:Logout-IFrame:State'] = 'onhold';
        }
        $state['core:Logout-IFrame:Associations'] = $associations;

        if (!is_null($assocId)) {
            $spName = $this->idp->getSPName($assocId);
            if ($spName === null) {
                $spName = array('en' => $assocId);
            }

            $state['core:Logout-IFrame:From'] = $spName;
        } else {
            $state['core:Logout-IFrame:From'] = null;
        }

        $params = array(
            'id' => \SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'),
        );
        if (isset($state['core:Logout-IFrame:InitType'])) {
            $params['type'] = $state['core:Logout-IFrame:InitType'];
        }

        $url = Module::getModuleURL('core/idp/logout-iframe.php', $params);
        HTTP::redirectTrustedURL($url);
    }


    /**
     * Continue the logout operation.
     *
     * This function will never return.
     *
     * @param string $assocId The association that is terminated.
     * @param string|null $relayState The RelayState from the start of the logout.
     * @param \SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any).
     */
    public function onResponse($assocId, $relayState, \SimpleSAML_Error_Exception $error = null)
    {
        assert(is_string($assocId));

        $spId = sha1($assocId);
        $this->idp->terminateAssociation($assocId);

        $header = <<<HEADER
<!DOCTYPE html>
<html>
 <head>
  <title>Logout response from %s</title>
  <script>
HEADER;
        printf($header, htmlspecialchars(var_export($assocId, true)));
        if ($error) {
            $errorMsg = $error->getMessage();
            echo('window.parent.logoutFailed("'.$spId.'", "'.addslashes($errorMsg).'");');
        } else {
            echo('window.parent.logoutCompleted("'.$spId.'");');
        }
        echo <<<FOOTER
  </script>
 </head>
 <body>
 </body>
</html>
FOOTER;
        exit(0);
    }
}