File: CardinalitySingle.php

package info (click to toggle)
simplesamlphp 1.19.7-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 42,920 kB
  • sloc: php: 202,044; javascript: 14,867; xml: 2,700; sh: 225; perl: 82; makefile: 70; python: 5
file content (132 lines) | stat: -rw-r--r-- 4,368 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
<?php

declare(strict_types=1);

namespace SimpleSAML\Module\core\Auth\Process;

use SimpleSAML\Auth;
use SimpleSAML\Logger;
use SimpleSAML\Module;
use SimpleSAML\Utils;

/**
 * Filter to ensure correct cardinality of single-valued attributes
 *
 * This filter implements a special case of the core:Cardinality filter, and
 * allows for optional corrections to be made when cardinality errors are encountered.
 *
 * @author Guy Halse, http://orcid.org/0000-0002-9388-8592
 * @package SimpleSAMLphp
 */
class CardinalitySingle extends \SimpleSAML\Auth\ProcessingFilter
{
    /** @var array Attributes that should be single-valued or we generate an error */
    private $singleValued = [];

    /** @var array Attributes for which the first value should be taken */
    private $firstValue = [];

    /** @var array Attributes that can be flattened to a single value */
    private $flatten = [];

    /** @var string Separator for flattened value */
    private $flattenWith = ';';

    /** @var array Entities that should be ignored */
    private $ignoreEntities = [];

    /** @var \SimpleSAML\Utils\HttpAdapter */
    private $http;


    /**
     * Initialize this filter, parse configuration.
     *
     * @param array &$config  Configuration information about this filter.
     * @param mixed $reserved  For future use.
     * @param \SimpleSAML\Utils\HttpAdapter $http  HTTP utility service (handles redirects).
     */
    public function __construct(&$config, $reserved, Utils\HttpAdapter $http = null)
    {
        parent::__construct($config, $reserved);
        assert(is_array($config));

        $this->http = $http ? : new Utils\HttpAdapter();

        if (array_key_exists('singleValued', $config)) {
            $this->singleValued = $config['singleValued'];
        }
        if (array_key_exists('firstValue', $config)) {
            $this->firstValue = $config['firstValue'];
        }
        if (array_key_exists('flattenWith', $config)) {
            if (is_array($config['flattenWith'])) {
                $this->flattenWith = array_shift($config['flattenWith']);
            } else {
                $this->flattenWith = $config['flattenWith'];
            }
        }
        if (array_key_exists('flatten', $config)) {
            $this->flatten = $config['flatten'];
        }
        if (array_key_exists('ignoreEntities', $config)) {
            $this->ignoreEntities = $config['ignoreEntities'];
        }
        /* for consistency with core:Cardinality */
        if (array_key_exists('%ignoreEntities', $config)) {
            $this->ignoreEntities = $config['%ignoreEntities'];
        }
    }


    /**
     * Process this filter
     *
     * @param array &$request  The current request
     * @return void
     */
    public function process(&$request)
    {
        assert(is_array($request));
        assert(array_key_exists("Attributes", $request));

        if (
            array_key_exists('Source', $request)
            && array_key_exists('entityid', $request['Source'])
            && in_array($request['Source']['entityid'], $this->ignoreEntities, true)
        ) {
            Logger::debug('CardinalitySingle: Ignoring assertions from ' . $request['Source']['entityid']);
            return;
        }

        foreach ($request['Attributes'] as $k => $v) {
            if (!is_array($v)) {
                continue;
            }
            if (count($v) <= 1) {
                continue;
            }

            if (in_array($k, $this->singleValued)) {
                $request['core:cardinality:errorAttributes'][$k] = [count($v), '0 ≤ n ≤ 1'];
                continue;
            }
            if (in_array($k, $this->firstValue)) {
                $request['Attributes'][$k] = [array_shift($v)];
                continue;
            }
            if (in_array($k, $this->flatten)) {
                $request['Attributes'][$k] = [implode($this->flattenWith, $v)];
                continue;
            }
        }

        /* abort if we found a problematic attribute */
        if (array_key_exists('core:cardinality:errorAttributes', $request)) {
            $id = Auth\State::saveState($request, 'core:cardinality');
            $url = Module::getModuleURL('core/cardinality_error.php');
            $this->http->redirectTrustedURL($url, ['StateId' => $id]);
            return;
        }
    }
}