Merge pull request #600 from mrvanes/sessionfix

Session fix
janus-ssp · Mar 31, 2016 · accfba1 · accfba1
2 parents 055cda6 + 022d072
commit accfba1
Show file tree

Hide file tree

Showing 12 changed files with 61 additions and 59 deletions.
diff --git a/src/Janus/ServiceRegistry/Security/Authentication/Provider/SspProvider.php b/src/Janus/ServiceRegistry/Security/Authentication/Provider/SspProvider.php
@@ -37,16 +37,16 @@ public function authenticate(TokenInterface $token)
             return $this->getTokenForUsername($authenticationType);
         }
 
-        $session = \SimpleSAML_Session::getInstance();
-        if (!$session->isValid($authenticationType)) {
+        $as = new \SimpleSAML_Auth_Simple($authenticationType);
+        if (!$as->isAuthenticated()) {
             throw new AuthenticationException("Authsource '$authenticationType' is invalid");
         }
 
         /** @var string $userIdAttributeName */
         $userIdAttributeName = $this->config->getValue('useridattr', 'eduPersonPrincipalName');
 
         // Check if userid exists
-        $attributes = $session->getAttributes();
+        $attributes = $as->getAttributes();
         if (!isset($attributes[$userIdAttributeName])) {
             throw new AuthenticationException("Attribute '$userIdAttributeName' with User ID is missing.");
         }

diff --git a/www/AJAXRequestHandler.php b/www/AJAXRequestHandler.php
@@ -4,11 +4,12 @@
 
 require __DIR__ . '/_includes.php';
 
-$session = SimpleSAML_Session::getInstance();
 $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
-
 $authsource = $janus_config->getValue('auth', 'login-admin');
-if (!$session->isValid($authsource)) {
+
+$as = new SimpleSAML_Auth_Simple($authsource);
+
+if (!$as->isAuthenticated()) {
     echo json_encode(array("status" => "error_no_session"));
     throw new SimpleSAML_Error_Exception('No valid session');
 }
@@ -58,7 +59,7 @@
     die(json_encode(array('status'=>'error_csrf')));
 }
 
-$user = getUser($session, $janus_config);
+$user = getUser($as, $janus_config);
 $securityContext = sspmod_janus_DiContainer::getInstance()->getSecurityContext();
 
 // ??? is 'allentities' the right permission for enabling superuser status ???
@@ -106,14 +107,14 @@
 echo json_encode($result);
 
 
-function getUser(SimpleSAML_Session $session, ConfigProxy $janus_config)
+function getUser(SimpleSAML_Auth_Simple $as, ConfigProxy $janus_config)
 {
     // Get data from config
     /** @var string $useridattr */
     $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
 
     // Validate user
-    $attributes = $session->getAttributes();
+    $attributes = $as->getAttributes();
 
     // Check if userid exists
     if (!isset($attributes[$useridattr])) {

diff --git a/www/dashboard.php b/www/dashboard.php
@@ -31,14 +31,16 @@
 require __DIR__ . '/_includes.php';
 
 set_time_limit(180);
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getSession();
 $config = SimpleSAML_Configuration::getInstance();
 $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
 $csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider();
 
 $authsource = $janus_config->getValue('auth', 'login-admin');
 $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
 
+$as = new SimpleSAML_Auth_Simple($authsource);
+
 // Note: $param variable is provided by SimpleSaml but only if there actually is a 'param' part in the url
 if (!isset($param)) {
     $param = '';
@@ -53,14 +55,14 @@
 define('IS_AJAX', $isAjax);
 
 // Validate user
-if ($session->isValid($authsource)) {
-    $attributes = $session->getAttributes();
+if ($as->isAuthenticated()) {
+    $attributes = $as->getAttributes();
     // Check if userid exists
     if (!isset($attributes[$useridattr]))
         throw new Exception('User ID is missing');
     $userid = $attributes[$useridattr][0];
 } else {
-    redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php'), $_GET, IS_AJAX);
+    $as->requireAuth();
 }
 
 function check_uri ($uri)
@@ -363,7 +365,7 @@ function redirectTrustedUrl($url, array $params = array(), $isAjax = false) {
 
 
 
-$template->data['logouturl'] = SimpleSAML_Module::getModuleURL('core/authenticate.php') . '?logout=1&as=' . urlencode($session->getAuthority());
+$template->data['logouturl'] = $as->getLogoutURL();
 
 
 /* START TAB ARPADMIN PROVISIONING ************************************************************************************/

diff --git a/www/editentity.php b/www/editentity.php
@@ -9,7 +9,7 @@
 // Initial import
 /** @var $session SimpleSAML_Session */
 set_time_limit(180);
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getSession();
 $config = SimpleSAML_Configuration::getInstance();
 $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
 

diff --git a/www/exportentity.php b/www/exportentity.php
@@ -10,15 +10,17 @@
 require __DIR__ . '/_includes.php';
 
 /* Load simpleSAMLphp, configuration and metadata */
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getSession();
 $config = SimpleSAML_Configuration::getInstance();
 $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
 
 $authsource = $janus_config->getValue('auth', 'login-admin');
 $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
 
-if ($session->isValid($authsource)) {
-    $attributes = $session->getAttributes();
+$as = new SimpleSAML_Auth_Simple($authsource);
+
+if ($as->isAuthenticated()) {
+    $attributes = $as->getAttributes();
     // Check if userid exists
     if (!isset($attributes[$useridattr]))
         throw new Exception('User ID is missing');

diff --git a/www/history.php b/www/history.php
@@ -17,7 +17,6 @@
 require __DIR__ . '/_includes.php';
 
 // Initial setup
-$session      = SimpleSAML_Session::getInstance();
 $config       = SimpleSAML_Configuration::getInstance();
 $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
 $authsource   = $janus_config->getValue('auth', 'login-admin');
@@ -28,9 +27,11 @@
     'janus:editentity'
 );
 
+$as = new SimpleSAML_Auth_Simple($authsource);
+
 // Validate user
-if ($session->isValid($authsource)) {
-    $attributes = $session->getAttributes();
+if ($as->isAuthenticated()) {
+    $attributes = $as->getAttributes();
     // Check if userid exists
     if (!isset($attributes[$useridattr])) {
         throw new Exception('User ID is missing');

diff --git a/www/importentity.php b/www/importentity.php
@@ -23,9 +23,11 @@
 /** @var $userIdAttribute string */
 $userIdAttribute = $janusConfig->getValue('useridattr', 'eduPersonPrincipalName');
 
+$as = new SimpleSAML_Auth_Simple($authsource);
+
 // Validate user
-if ($session->isValid($authenticationSource)) {
-    $attributes = $session->getAttributes();
+if ($as->isAuthenticated()) {
+    $attributes = $as->getAttributes();
     // Check if user id exists
     if (!isset($attributes[$userIdAttribute])) {
         throw new Exception('User ID is missing');

diff --git a/www/index.php b/www/index.php
@@ -5,9 +5,12 @@
 
 require __DIR__ . '/_includes.php';
 
-$session = SimpleSAML_Session::getInstance();
 $config = SimpleSAML_Configuration::getInstance();
 $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
+$authsource = $janus_config->getValue('auth', 'login-admin');
+$useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
+
+$as = new SimpleSAML_Auth_Simple($authsource);
 
 // Error loggin in has happend
 if(isset($_GET['error'])) {
@@ -23,31 +26,15 @@
     exit();
 }
 
-$authsource = $janus_config->getValue('auth', 'login-admin');
-$useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
 
-if ($session->isValid($authsource)) {
-    $attributes = $session->getAttributes();
-    // Check if userid exists
-    if (!isset($attributes[$useridattr]))
-        throw new Exception('User ID is missing');
-    $userid = $attributes[$useridattr][0];
-} else {
-    $returnURL = $session->getData('string', 'refURL');
 
-    if (is_null($returnURL)) {
-        $returnURL = SimpleSAML_Utilities::selfURL();
-    } else {
-        $session->deleteData('string' ,'refURL');
-    }
-
-    SimpleSAML_Auth_Default::initLogin(
-        $authsource,
-        $returnURL,
-        NULL,
-        $_GET
-    );
-}
+if (!$as->isAuthenticated()) $as->requireAuth();
+
+$attributes = $as->getAttributes();
+// Check if userid exists
+if (!isset($attributes[$useridattr]))
+    throw new Exception('User ID is missing');
+$userid = $attributes[$useridattr][0];
 
 $user = new sspmod_janus_User();
 $user->setUserid($userid);

diff --git a/www/metadataexport.php b/www/metadataexport.php
@@ -3,18 +3,22 @@
 require __DIR__ . '/_includes.php';
 
 // Get configuration
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getSession();
 $config = SimpleSAML_Configuration::getInstance();
 $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
 $util = new sspmod_janus_AdminUtil();
 
 $access = false;
 $user = null;
 
+$authsource = $janus_config->getValue('auth');
+
+$as = new SimpleSAML_Auth_Simple($authsource);
+
 // Validate user
-if ($session->isValid($janus_config->getValue('auth'))) {
+if ($as->isAuthenticated()) {
     $useridattr = $janus_config->getValue('useridattr');
-    $attributes = $session->getAttributes();
+    $attributes = $as->getAttributes();
 
     // Check if userid exists
     if (!isset($attributes[$useridattr])) { 

diff --git a/www/newUser.php b/www/newUser.php
@@ -2,7 +2,6 @@
 
 require __DIR__ . '/_includes.php';
 
-$session        = SimpleSAML_Session::getInstance();
 $sspConfig      = SimpleSAML_Configuration::getInstance();
 $janusConfig    = sspmod_janus_DiContainer::getInstance()->getConfig();
 
@@ -17,12 +16,14 @@
 /** @var string $defaultUserType */
 $defaultUserType        = $janusConfig->getValue('defaultusertype', 'technical');
 
+$as = new SimpleSAML_Auth_Simple($authenticationSource);
+
 // Require a authenticated user.
-if (!$session->isValid($authenticationSource)) {
+if (!$as->isAuthenticated()) {
     SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php'));
     exit;
 }
-$attributes = $session->getAttributes();
+$attributes = $as->getAttributes();
 
 // Require that we can get this users id.
 if (!isset($attributes[$userIdAttribute])) {

diff --git a/www/noNewUser.php b/www/noNewUser.php
@@ -16,15 +16,17 @@
 
 require __DIR__ . '/_includes.php';
 
-$session = SimpleSAML_Session::getInstance();
+$session = SimpleSAML_Session::getSession();
 $config = SimpleSAML_Configuration::getInstance();
 $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
 
 $authsource = $janus_config->getValue('auth', 'login-admin');
 $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
 
-if ($session->isValid($authsource)) {
-    $attributes = $session->getAttributes();
+$as = new SimpleSAML_Auth_Simple($authsource);
+
+if ($as->isAuthenticated()) {
+    $attributes = $as->getAttributes();
     // Check if userid exists
     if (!isset($attributes[$useridattr]))
         throw new Exception('User ID is missing');

diff --git a/www/show-entities-validation.php b/www/show-entities-validation.php
@@ -2,13 +2,13 @@
 
 require __DIR__ . '/_includes.php';
 
-$session = SimpleSAML_Session::getInstance();
-
 $janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
 $authSource = $janusConfig->getValue('auth', 'login-admin');
 
+$as = new SimpleSAML_Auth_Simple($authSource);
+
 // Validate user
-if (!$session->isValid($authSource)) {
+if (!$as->isAuthenticated()) {
     SimpleSAML_Utilities::redirectTrustedUrl(
         SimpleSAML_Module::getModuleURL('janus/index.php', array('selectedtab'=>"'federation'"))
     );