1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
<?php
declare(strict_types=1);
namespace SimpleSAML\Module\core\Controller;
use SimpleSAML\Auth;
use SimpleSAML\Configuration;
use SimpleSAML\Error;
use SimpleSAML\Logger;
use SimpleSAML\Module;
use SimpleSAML\Session;
use SimpleSAML\Utils;
use SimpleSAML\XHTML\Template;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
/**
* Controller class for the core module.
*
* This class serves the different views available in the module.
*
* @package SimpleSAML\Module\core
*/
class Exception
{
/** @var \SimpleSAML\Configuration */
protected $config;
/** @var \SimpleSAML\Session */
protected $session;
/**
* Controller constructor.
*
* It initializes the global configuration and auth source configuration for the controllers implemented here.
*
* @param \SimpleSAML\Configuration $config The configuration to use by the controllers.
* @param \SimpleSAML\Session $session The session to use by the controllers.
*
* @throws \Exception
*/
public function __construct(
Configuration $config,
Session $session
) {
$this->config = $config;
$this->session = $session;
}
/**
* Show cardinality error.
*
* @param Request $request The request that lead to this login operation.
* @throws \SimpleSAML\Error\BadRequest
* @return \SimpleSAML\XHTML\Template|\Symfony\Component\HttpFoundation\RedirectResponse
* An HTML template or a redirection if we are not authenticated.
*/
public function cardinality(Request $request): Response
{
$stateId = $request->get('StateId', false);
if ($stateId === false) {
throw new Error\BadRequest('Missing required StateId query parameter.');
}
/** @var array $state */
$state = Auth\State::loadState($stateId, 'core:cardinality');
Logger::stats(
'core:cardinality:error ' . $state['Destination']['entityid'] . ' ' . $state['saml:sp:IdP'] .
' ' . implode(',', array_keys($state['core:cardinality:errorAttributes']))
);
$t = new Template($this->config, 'core:cardinality_error.tpl.php');
$t->data['cardinalityErrorAttributes'] = $state['core:cardinality:errorAttributes'];
if (isset($state['Source']['auth'])) {
$t->data['LogoutURL'] = Module::getModuleURL(
'core/authenticate.php',
['as' => $state['Source']['auth']]
) . "&logout";
}
$t = new Template($this->config, 'core:cardinality_error.twig');
$t->data['cardinalityErrorAttributes'] = $state['core:cardinality:errorAttributes'];
if (isset($state['Source']['auth'])) {
$t->data['LogoutURL'] = Module::getModuleURL(
'core/login/' . urlencode($state['Source']['auth'])
);
}
$t->setStatusCode(403);
return $t;
}
/**
* Show missing cookie error.
*
* @param Request $request The request that lead to this login operation.
* @return \SimpleSAML\XHTML\Template|\Symfony\Component\HttpFoundation\RedirectResponse
* An HTML template or a redirection if we are not authenticated.
*/
public function nocookie(Request $request): Response
{
$retryURL = $request->get('retryURL', null);
if ($retryURL !== null) {
$retryURL = Utils\HTTP::checkURLAllowed(strval($retryURL));
}
$t = new Template($this->config, 'core:no_cookie.twig');
$translator = $t->getTranslator();
/** @var string $header */
$header = $translator->t('{core:no_cookie:header}');
/** @var string $desc */
$desc = $translator->t('{core:no_cookie:description}');
/** @var string $retry */
$retry = $translator->t('{core:no_cookie:retry}');
$t->data['header'] = htmlspecialchars($header);
$t->data['description'] = htmlspecialchars($desc);
$t->data['retry'] = htmlspecialchars($retry);
$t->data['retryURL'] = $retryURL;
return $t;
}
/**
* Show a warning to an user about the SP requesting SSO a short time after
* doing it previously.
*
* @param Request $request The request that lead to this login operation.
*
* @return \SimpleSAML\XHTML\Template|\SimpleSAML\HTTP\RunnableResponse|\Symfony\Component\HttpFoundation\RedirectResponse
* An HTML template, a redirect or a "runnable" response.
*
* @throws \SimpleSAML\Error\BadRequest
*/
public function shortSsoInterval(Request $request): Response
{
$stateId = $request->get('StateId', false);
if ($stateId === false) {
throw new Error\BadRequest('Missing required StateId query parameter.');
}
/** @var array $state */
$state = Auth\State::loadState($stateId, 'core:short_sso_interval');
$continue = $request->get('continue', false);
if ($continue !== false) {
// The user has pressed the continue/retry-button
Auth\ProcessingChain::resumeProcessing($state);
}
$t = new Template($this->config, 'core:short_sso_interval.twig');
$translator = $t->getTranslator();
$t->data['params'] = ['StateId' => $stateId];
$t->data['trackId'] = $this->session->getTrackID();
$t->data['autofocus'] = 'contbutton';
return $t;
}
}
|
