entrouvert
/
spkitlasso
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

* utils: new function extract_options that extract key-value from an array and 

validate the value type.
 * endpoints/saml2: support a new GET arguments "passive"
 * public API: lassospkit_login_url take a second argument, an array
   of options, possibilities are: 
   - "persistent" a boolean
   - "passive" a boolean
   Support of remoteID or other kind of parameter will be easier to implement
   now.
This commit is contained in:
<bdauvergne@entrouvert.com> 1207751566 +0200 0001-01-01 00:00:00 +00:00
parent 1b8f7a441b
commit 0a71c6645d
4 changed files with 67 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
endpoints/saml2.php
View File

@ -94,6 +94,7 @@ function login() {
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
$persistent = TRUE;
$passive = FALSE;
if (isset($_GET['persistent'])) {
switch ($_GET['persistent']) {
case '0':
@ -107,9 +108,22 @@ function login() {
break;
}
}
if (isset($_GET['passive'])) {
switch ($_GET['passive']) {
case '0':
$passive = FALSE;
break;
case '1':
$passive = TRUE;
break;
default;
$passive = FALSE;
break;
}
}
// Do not allow creation of persistent federation,
// but eventually permit transient ones
$saml2->sso(FALSE, $persistent);
$saml2->sso(FALSE, $persistent, $passive);
LassoSPKitUtilsSession::setRelayState('sso', getReturnUrl());
}
function federate() {

12
include/lassospkit_public_api.inc.php
View File

@ -1,5 +1,6 @@
<?php
require_once('lassospkit_utils_session.inc.php');
require_once('lassospkit_utils.inc.php');
require_once('lassospkit_config.inc.php');
/** This file contains the public front-end API
@ -35,6 +36,9 @@ function _lassospkit_make_redirect_url($endpoint, $return_url, $params) {
$redirect = $redirect . "?return_url=" . urlencode($return_url);
// Other params
foreach ($params as $key => $value) {
if (is_bool($value)) {
$value = intval($value);
}
$redirect = $redirect . '&' . urlencode($key) . "=" . urlencode($value);
}
return $redirect;
@ -80,12 +84,8 @@ function lassospkit_set_federation($federation) {
/* Return the URL where to redirect a user when liberty authentification
* is required for existing federation or to get a transient one.
*/
function lassospkit_login_url($return_url, $persistent = TRUE) {
if ($persistent) {
$params = array( 'persistent' => 1 );
} else {
$params = array( 'persistent' => 0 );
}
function lassospkit_login_url($return_url, $options = array() ) {
$params = LassoSPKitUtils::extract_options(array('persistent' => 'b', 'passive' => 'b'), $options);
return _lassospkit_make_redirect_url('login',$return_url, $params);
}

23
include/lassospkit_saml2.inc.php
View File

@ -27,23 +27,26 @@ class LassoSPKitSaml2 extends LassoSPKitSAMLCommon {
to create a new federation if a persistent
one is asked for federate = TRUE.
*/
public function sso($create = TRUE, $federate = TRUE) {
function sso($create = TRUE, $federate = TRUE, $passive = FALSE) {
if ($federate) {
$format = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT;
} else {
$format = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT;
}
return $this->ssoInit($create,$format);
return $this->ssoInit(array('create' => $create, 'format' => $format, 'passive' => $passive));
}
public function ssoInit(
$allowCreate = TRUE,
$nameIDFormat = LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
$remoteID = null,
$method = LASSO_HTTP_METHOD_REDIRECT,
$isConsentObtained = FALSE,
$forceAuthn = FALSE,
$isPassive = FALSE)
function ssoInit($params = array())
{
$default_params = array(
'allowCreate' => TRUE,
'nameIDFormat' => LASSO_SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT,
'remoteID' => null,
'method' => LASSO_HTTP_METHOD_REDIRECT,
'isConsentObtained' => FALSE,
'forceAuthn' => FALSE,
'isPassive' => FALSE);
extract(array_merge($default_params, $params));
$login = null;
return parent::ssoCommon($login, $remoteID, $method, $isConsentObtained, $forceAuthn, $isPassive, array('nameIDFormat'=>$nameIDFormat, 'allowCreate' => $allowCreate));
}

39
include/lassospkit_utils.inc.php
View File

@ -2,13 +2,13 @@
require_once('lassospkit_defines.inc.php');
class LassoSPKitUtils {
static public function myself() {
function myself() {
return 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
}
static public function mydir() {
function mydir() {
return 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
}
static public function relativePathToURL($rel) {
function relativePathToURL($rel) {
$abs = "";
if (isset($_SERVER['HTTPS'])) {
$abs = "https://";
@ -20,7 +20,7 @@ class LassoSPKitUtils {
$abs = $abs . $rel;
return $abs;
}
static function checkCanWrite($dir, &$error) {
function checkCanWrite($dir, &$error) {
$path = $dir . "/" . _CHECK_FILENAME;
$ok = ! file_exists($path) || unlink($path);
$ok = $ok && $file = fopen($path,"w");
@ -31,7 +31,7 @@ class LassoSPKitUtils {
}
return $ok;
}
static function generatePrivateKey($file,&$error) {
function generatePrivateKey($file,&$error) {
if (! is_file(OPENSSL_BIN)) {
$error = "SSL Generate: Can't find OpenSSL at " . OPENSSL_BIN;
return 0;
@ -43,7 +43,7 @@ class LassoSPKitUtils {
}
return 1;
}
public static function extractPublicKey($file,&$public,&$error) {
function extractPublicKey($file,&$public,&$error) {
if (! is_file(OPENSSL_BIN)) {
$error = "SSL Generate: Can't find OpenSSL at " . OPENSSL_BIN;
return 0;
@ -62,4 +62,31 @@ class LassoSPKitUtils {
@unlink($tempfname);
return 1;
}
function extract_options($template, $source) {
$ret = array();
if (! is_array($source)) {
return $ret;
}
foreach ($template as $key => $type) {
if (isset($source[$key])) {
$value = $source[$key];
$ok = FALSE;
switch ($type) {
case 'b':
$ok = is_bool($value);
break;
case 's':
$ok = is_string($value);
break;
case 'i':
$ok = is_int($value);
break;
}
if ($ok) {
$ret[$key] = $value;
}
}
}
return $ret;
}
}