-
Notifications
You must be signed in to change notification settings - Fork 0
/
SP.php
139 lines (124 loc) · 3.65 KB
/
SP.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
namespace Shibalike;
use Shibalike\StateManager\UserlandSession as UserlandSessionStateMgr;
use UserlandSession\SessionBuilder;
/**
* Component for populating $_SERVER vars from a state manager
*
* <code>
* $sp = new Shibalike\SP(...);
*
* $sp->requireValidUser(); // or $sp->initLazySession();
*
* // the application's shibboleth auth code runs here
* </code>
*/
class SP extends Junction {
public $username = null;
public $userAttrs = array();
/**
* Redirect to the IdP unless a valid user's attributes were merged in $_SERVER
*/
public function requireValidUser()
{
$_SERVER = $this->mergeAttrs($_SERVER);
if (! $this->userIsAuthenticated()) {
$this->makeAuthRequest();
$this->redirect();
}
}
/**
* Merge user attributes (if available) into $_SERVER
*/
public function initLazySession()
{
if ($this->_stateMgr->likelyHasState()) {
$_SERVER = $this->mergeAttrs($_SERVER);
}
}
/**
* Get $_SERVER merged with user attributes (if available), and set
* username/userAttrs properties.
*
* <code>
* $_SERVER = $sp->mergeAttrs($_SERVER);
* </code>
*
* @param array $server
* @return array
*/
public function mergeAttrs($server)
{
$authResult = $this->getValidAuthResult();
if ($authResult) {
$this->userAttrs = $authResult->getAttrs();
$server = array_merge($server, $this->userAttrs);
if (! empty($this->_config->shibIdentityProvider)) {
$server['Shib-Identity-Provider'] = $this->_config->shibIdentityProvider;
}
$server['REMOTE_USER'] = $this->username = $authResult->getUsername();
$server['Shib-Session-ID'] = $this->_stateMgr->getSessionId();
}
return $server;
}
/**
* Instruct IdP that this user wishes to be authenticated
*
* @param string $returnUrl if null, getReturnUrl() is used
*/
public function makeAuthRequest($returnUrl = null)
{
if (empty($returnUrl)) {
$returnUrl = $this->getReturnUrl();
}
$this->_stateMgr->set('authRequest', new AuthRequest($returnUrl));
$this->_stateMgr->set('authResult');
}
/**
* Get the default URL to redirect to
*
* @return string
*/
public function getRedirectUrl()
{
return $this->_config->idpUrl;
}
/**
* @param string $url
*/
public function setReturnUrl($url)
{
$this->_returnUrl = $url;
}
public function getReturnUrl()
{
return empty($this->_returnUrl)
? Junction::getCurrentUrl()
: $this->_returnUrl;
}
/**
* Creates an SP that stores session data in files
* @param string $idpUrl URL where the IdP class is used to handle SP auth requests
* @param string $cookieName
* @param string $sessionPath path where session files are stored
* @return SP|false false if a UserlandSession already exists under this cookie name
*/
public static function createFileBased($idpUrl, $cookieName = 'SHIBALIKE', $sessionPath = null)
{
if (empty($sessionPath)) {
$sessionPath = sys_get_temp_dir();
}
$session = SessionBuilder::instance()
->setName($cookieName)
->setSavePath($sessionPath)
->build();
$stateMgr = new UserlandSessionStateMgr($session);
$config = new Config();
$config->idpUrl = $idpUrl;
return new self($stateMgr, $config);
}
/**
* @var string
*/
protected $_returnUrl;
}