* @package SimpleSAMLphp
*/
class Session implements \Serializable, Utils\ClearableState
{
/**
* This is a timeout value for setData, which indicates that the data
* should never be deleted, i.e. lasts the whole session lifetime.
*/
public const DATA_TIMEOUT_SESSION_END = 'sessionEndTimeout';
/**
* The list of loaded session objects.
*
* This is an associative array indexed with the session id.
*
* @var array
*/
private static $sessions = [];
/**
* This variable holds the instance of the session - Singleton approach.
*
* Warning: do not set the instance manually, call Session::load() instead.
*
* @var \SimpleSAML\Session|null
*/
private static $instance = null;
/**
* The global configuration.
*
* @var \SimpleSAML\Configuration
*/
private static $config;
/**
* The session ID of this session.
*
* @var string|null
*/
private $sessionId;
/**
* Transient session flag.
*
* @var boolean|false
*/
private $transient = false;
/**
* The track id is a new random unique identifier that is generated for each session.
* This is used in the debug logs and error messages to easily track more information
* about what went wrong.
*
* @var string
*/
private $trackid;
/**
* @var integer|null
*/
private $rememberMeExpire = null;
/**
* Marks a session as modified, and therefore needs to be saved before destroying
* this object.
*
* @var bool
*/
private $dirty = false;
/**
* Tells the session object that the save callback has been registered and there's no need to register it again.
*
* @var bool
*/
private $callback_registered = false;
/**
* This is an array of objects which will expire automatically after a set time. It is used
* where one needs to store some information - for example a logout request, but doesn't
* want it to be stored forever.
*
* The data store contains three levels of nested associative arrays. The first is the data type, the
* second is the identifier, and the third contains the expire time of the data and the data itself.
*
* @var array
*/
private $dataStore = [];
/**
* The list of IdP-SP associations.
*
* This is an associative array with the IdP id as the key, and the list of
* associations as the value.
*
* @var array
*/
private $associations = [];
/**
* The authentication token.
*
* This token is used to prevent session fixation attacks.
*
* @var string|null
*/
private $authToken;
/**
* Authentication data.
*
* This is an array with authentication data for the various authsources.
*
* @var array Associative array of associative arrays.
*/
private $authData = [];
/**
* Private constructor that restricts instantiation to either getSessionFromRequest() for the current session or
* getSession() for a specific one.
*
* @param boolean $transient Whether to create a transient session or not.
*/
private function __construct(bool $transient = false)
{
$this->setConfiguration(Configuration::getInstance());
if (php_sapi_name() === 'cli' || defined('STDIN')) {
$this->trackid = 'CL' . bin2hex(openssl_random_pseudo_bytes(4));
Logger::setTrackId($this->trackid);
$this->transient = $transient;
return;
}
if ($transient) {
// transient session
$this->trackid = 'TR' . bin2hex(openssl_random_pseudo_bytes(4));
Logger::setTrackId($this->trackid);
$this->transient = true;
} else {
// regular session
$sh = SessionHandler::getSessionHandler();
$this->sessionId = $sh->newSessionId();
$sh->setCookie($sh->getSessionCookieName(), $this->sessionId, $sh->getCookieParams());
$this->trackid = bin2hex(openssl_random_pseudo_bytes(5));
Logger::setTrackId($this->trackid);
$this->markDirty();
// initialize data for session check function if defined
$checkFunction = self::$config->getValue('session.check_function', null);
if (is_callable($checkFunction)) {
call_user_func($checkFunction, $this, true);
}
}
}
/**
* Set the configuration we should use.
*
* @param Configuration $config
* @return void
*/
public function setConfiguration(Configuration $config)
{
self::$config = $config;
}
/**
* Serialize this session object.
*
* This method will be invoked by any calls to serialize().
*
* @return string The serialized representation of this session object.
*/
public function serialize()
{
return serialize(get_object_vars($this));
}
/**
* Unserialize a session object and load it..
*
* This method will be invoked by any calls to unserialize(), allowing us to restore any data that might not
* be serializable in its original form (e.g.: DOM objects).
*
* @param string $serialized The serialized representation of a session that we want to restore.
*/
public function unserialize($serialized)
{
$session = unserialize($serialized);
if (is_array($session)) {
foreach ($session as $k => $v) {
$this->$k = $v;
}
}
self::$config = Configuration::getInstance();
// look for any raw attributes and load them in the 'Attributes' array
foreach ($this->authData as $authority => $parameters) {
if (!array_key_exists('RawAttributes', $parameters)) {
continue;
}
foreach ($parameters['RawAttributes'] as $attribute => $values) {
foreach ($values as $idx => $value) {
// this should be originally a DOMNodeList
/* @var \SAML2\XML\saml\AttributeValue $value */
$this->authData[$authority]['Attributes'][$attribute][$idx] = $value->getElement()->childNodes;
}
}
}
}
/**
* Retrieves the current session. Creates a new session if there's not one.
*
* @return Session The current session.
* @throws \Exception When session couldn't be initialized and the session fallback is disabled by configuration.
*/
public static function getSessionFromRequest()
{
// check if we already have initialized the session
if (isset(self::$instance)) {
return self::$instance;
}
// check if we have stored a session stored with the session handler
try {
/** @var \SimpleSAML\Session|null $session Help Scrutinizer with the correct type */
$session = self::getSession();
} catch (\Exception $e) {
/*
* For some reason, we were unable to initialize this session. Note that this error might be temporary, and
* it's possible that we can recover from it in subsequent requests, so we should not try to create a new
* session here. Therefore, use just a transient session and throw the exception for someone else to handle
* it.
*/
self::useTransientSession();
Logger::error('Error loading session: ' . $e->getMessage());
if ($e instanceof Error\Exception) {
$cause = $e->getCause();
if ($cause instanceof \Exception) {
throw $cause;
}
}
throw $e;
}
// if getSession() found it, use it
if ($session instanceof Session) {
return self::load($session);
}
/*
* We didn't have a session loaded when we started, but we have it now. At this point, getSession() failed but
* it must have triggered the creation of a session at some point during the process (e.g. while logging an
* error message). This means we don't need to create a new session again, we can use the one that's loaded now
* instead.
*/
if (self::$instance !== null) {
return self::$instance;
}
// try to create a new session
try {
self::load(new Session());
} catch (Error\CannotSetCookie $e) {
// can't create a regular session because we can't set cookies. Use transient.
$c = Configuration::getInstance();
self::useTransientSession();
if ($e->getCode() === Error\CannotSetCookie::SECURE_COOKIE) {
throw new Error\CriticalConfigurationError(
$e->getMessage(),
null,
$c->toArray()
);
}
Logger::error('Error creating session: ' . $e->getMessage());
}
// we must have a session now, either regular or transient
/** @var \SimpleSAML\Session */
return self::$instance;
}
/**
* Get a session from the session handler.
*
* @param string|null $sessionId The session we should get, or null to get the current session.
*
* @return \SimpleSAML\Session|null The session that is stored in the session handler,
* or null if the session wasn't found.
*/
public static function getSession($sessionId = null)
{
assert(is_string($sessionId) || $sessionId === null);
$sh = SessionHandler::getSessionHandler();
if ($sessionId === null) {
$checkToken = true;
$sessionId = $sh->getCookieSessionId();
if ($sessionId === null) {
return null;
}
} else {
$checkToken = false;
}
if (array_key_exists($sessionId, self::$sessions)) {
return self::$sessions[$sessionId];
}
$session = $sh->loadSession($sessionId);
if ($session === null) {
return null;
}
assert($session instanceof self);
if ($checkToken) {
$globalConfig = Configuration::getInstance();
if ($session->authToken !== null) {
$authTokenCookieName = $globalConfig->getString(
'session.authtoken.cookiename',
'SimpleSAMLAuthToken'
);
if (!isset($_COOKIE[$authTokenCookieName])) {
Logger::warning('Missing AuthToken cookie.');
return null;
}
if (!Utils\Crypto::secureCompare($session->authToken, $_COOKIE[$authTokenCookieName])) {
Logger::warning('Invalid AuthToken cookie.');
return null;
}
}
// run session check function if defined
$checkFunction = $globalConfig->getValue('session.check_function', null);
if (is_callable($checkFunction)) {
$check = call_user_func($checkFunction, $session);
if ($check !== true) {
Logger::warning('Session did not pass check function.');
return null;
}
}
}
self::$sessions[$sessionId] = $session;
return $session;
}
/**
* Load a given session as the current one.
*
* This method will also set the track ID in the logger to the one in the given session.
*
* Warning: never set self::$instance yourself, call this method instead.
*
* @param \SimpleSAML\Session $session The session to load.
* @return \SimpleSAML\Session The session we just loaded, just for convenience.
*/
private static function load(Session $session): Session
{
Logger::setTrackId($session->getTrackID());
self::$instance = $session;
return self::$instance;
}
/**
* Use a transient session.
*
* Create a session that should not be saved at the end of the request.
* Subsequent calls to getInstance() will return this transient session.
*
* @return void
*/
public static function useTransientSession()
{
if (isset(self::$instance)) {
// we already have a session, don't bother with a transient session
return;
}
self::load(new Session(true));
}
/**
* Create a new session and cache it.
*
* @param string $sessionId The new session we should create.
* @return void
*/
public static function createSession($sessionId)
{
assert(is_string($sessionId));
self::$sessions[$sessionId] = null;
}
/**
* Save the session to the store.
*
* This method saves the session to the session handler in case it has been marked as dirty.
*
* WARNING: please do not use this method directly unless you really need to and know what you are doing. Use
* markDirty() instead.
*
* @return void
*/
public function save()
{
// clean out old data
$this->expireData();
if (!$this->dirty) {
// session hasn't changed, don't bother saving it
return;
}
$this->dirty = false;
$this->callback_registered = false;
$sh = SessionHandler::getSessionHandler();
try {
$sh->saveSession($this);
} catch (\Exception $e) {
if (!($e instanceof Error\Exception)) {
$e = new Error\UnserializableException($e);
}
Logger::error('Unable to save session.');
$e->logError();
}
}
/**
* Save the current session and clean any left overs that could interfere with the normal application behaviour.
*
* Use this method if you are using PHP sessions in your application *and* in SimpleSAMLphp, *after* you are done
* using SimpleSAMLphp and before trying to access your application's session again.
*
* @return void
*/
public function cleanup()
{
$this->save();
$sh = SessionHandler::getSessionHandler();
if ($sh instanceof SessionHandlerPHP) {
$sh->restorePrevious();
}
}
/**
* Mark this session as dirty.
*
* This method will register a callback to save the session right before any output is sent to the browser.
*
* @return void
*/
public function markDirty()
{
if ($this->isTransient()) {
return;
}
$this->dirty = true;
if ($this->callback_registered) {
// we already have a shutdown callback registered for this object, no need to add another one
return;
}
$this->callback_registered = header_register_callback([$this, 'save']);
}
/**
* Destroy the session.
*
* Destructor for this class. It will save the session to the session handler
* in case the session has been marked as dirty. Do nothing otherwise.
*
* @return void
*/
public function __destruct()
{
$this->save();
}
/**
* Retrieve the session ID of this session.
*
* @return string|null The session ID, or null if this is a transient session.
*/
public function getSessionId()
{
return $this->sessionId;
}
/**
* Retrieve if session is transient.
*
* @return boolean The session transient flag.
*/
public function isTransient()
{
return $this->transient;
}
/**
* Get a unique ID that will be permanent for this session.
* Used for debugging and tracing log files related to a session.
*
* @return string The unique ID.
*/
public function getTrackID()
{
return $this->trackid;
}
/**
* Get remember me expire time.
*
* @return integer|null The remember me expire time.
*/
public function getRememberMeExpire()
{
return $this->rememberMeExpire;
}
/**
* Set remember me expire time.
*
* @param int $expire Unix timestamp when remember me session cookies expire.
* @return void
*/
public function setRememberMeExpire($expire = null)
{
assert(is_int($expire) || $expire === null);
if ($expire === null) {
$expire = time() + self::$config->getInteger('session.rememberme.lifetime', 14 * 86400);
}
$this->rememberMeExpire = $expire;
$cookieParams = ['expire' => $this->rememberMeExpire];
$this->updateSessionCookies($cookieParams);
}
/**
* Marks the user as logged in with the specified authority.
*
* If the user already has logged in, the user will be logged out first.
*
* @param string $authority The authority the user logged in with.
* @param array|null $data The authentication data for this authority.
* @return void
*
* @throws Error\CannotSetCookie If the authentication token cannot be set for some reason.
*/
public function doLogin($authority, array $data = null)
{
assert(is_string($authority));
assert(is_array($data) || $data === null);
Logger::debug('Session: doLogin("' . $authority . '")');
$this->markDirty();
if (isset($this->authData[$authority])) {
// we are already logged in, log the user out first
$this->doLogout($authority);
}
if ($data === null) {
$data = [];
}
$data['Authority'] = $authority;
if (!isset($data['AuthnInstant'])) {
$data['AuthnInstant'] = time();
}
$maxSessionExpire = time() + self::$config->getInteger('session.duration', 8 * 60 * 60);
if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
// unset, or beyond our session lifetime. Clamp it to our maximum session lifetime
$data['Expire'] = $maxSessionExpire;
}
// check if we have non-serializable attribute values
foreach ($data['Attributes'] as $attribute => $values) {
foreach ($values as $idx => $value) {
if (is_string($value) || is_int($value)) {
continue;
}
// at this point, this should be a DOMNodeList object...
if (!is_a($value, 'DOMNodeList')) {
continue;
}
/* @var \DOMNodeList $value */
if ($value->length === 0) {
continue;
}
/** @psalm-var \DOMNode $node We made sure value has at least 1 item in the check above */
$node = $value->item(0);
// create an AttributeValue object and save it to 'RawAttributes', using same attribute name and index
$attrval = new AttributeValue($node->parentNode);
$data['RawAttributes'][$attribute][$idx] = $attrval;
}
}
$this->authData[$authority] = $data;
$this->authToken = Utils\Random::generateID();
$sessionHandler = SessionHandler::getSessionHandler();
if (
!$this->transient
&& (!empty($data['RememberMe'])
|| $this->rememberMeExpire !== null)
&& self::$config->getBoolean('session.rememberme.enable', false)
) {
$this->setRememberMeExpire();
} else {
try {
Utils\HTTP::setCookie(
self::$config->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
$this->authToken,
$sessionHandler->getCookieParams()
);
} catch (Error\CannotSetCookie $e) {
/*
* Something went wrong when setting the auth token. We cannot recover from this, so we better log a
* message and throw an exception. The user is not properly logged in anyway, so clear all login
* information from the session.
*/
unset($this->authToken);
unset($this->authData[$authority]);
Logger::error('Cannot set authentication token cookie: ' . $e->getMessage());
throw $e;
}
}
}
/**
* Marks the user as logged out.
*
* This function will call any registered logout handlers before marking the user as logged out.
*
* @param string $authority The authentication source we are logging out of.
* @return void
*/
public function doLogout($authority)
{
Logger::debug('Session: doLogout(' . var_export($authority, true) . ')');
if (!isset($this->authData[$authority])) {
Logger::debug('Session: Already logged out of ' . $authority . '.');
return;
}
$this->markDirty();
$this->callLogoutHandlers($authority);
unset($this->authData[$authority]);
if (!$this->isValid($authority) && $this->rememberMeExpire !== null) {
$this->rememberMeExpire = null;
$this->updateSessionCookies();
}
}
/**
* This function calls all registered logout handlers.
*
* @param string $authority The authentication source we are logging out from.
* @return void
*
* @throws \Exception If the handler is not a valid function or method.
*/
private function callLogoutHandlers(string $authority): void
{
assert(isset($this->authData[$authority]));
if (empty($this->authData[$authority]['LogoutHandlers'])) {
return;
}
foreach ($this->authData[$authority]['LogoutHandlers'] as $handler) {
// verify that the logout handler is a valid function
if (!is_callable($handler)) {
$classname = $handler[0];
$functionname = $handler[1];
throw new \Exception(
'Logout handler is not a valid function: ' . $classname . '::' .
$functionname
);
}
// call the logout handler
call_user_func($handler);
}
// we require the logout handlers to register themselves again if they want to be called later
unset($this->authData[$authority]['LogoutHandlers']);
}
/**
* Is the session representing an authenticated user, and is the session still alive.
* This function will return false after the user has timed out.
*
* @param string $authority The authentication source that the user should be authenticated with.
*
* @return bool True if the user has a valid session, false if not.
*/
public function isValid($authority)
{
assert(is_string($authority));
if (!isset($this->authData[$authority])) {
Logger::debug(
'Session: ' . var_export($authority, true) .
' not valid because we are not authenticated.'
);
return false;
}
if ($this->authData[$authority]['Expire'] <= time()) {
Logger::debug('Session: ' . var_export($authority, true) . ' not valid because it is expired.');
return false;
}
Logger::debug('Session: Valid session found with ' . var_export($authority, true) . '.');
return true;
}
/**
* Update session cookies.
*
* @param array $params The parameters for the cookies.
* @return void
*/
public function updateSessionCookies($params = null)
{
assert(is_null($params) || is_array($params));
$sessionHandler = SessionHandler::getSessionHandler();
if ($this->sessionId !== null) {
$sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId, $params);
}
$params = array_merge($sessionHandler->getCookieParams(), is_array($params) ? $params : []);
if ($this->authToken !== null) {
Utils\HTTP::setCookie(
self::$config->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
$this->authToken,
$params
);
}
}
/**
* Set the lifetime for authentication source.
*
* @param string $authority The authentication source we are setting expire time for.
* @param int $expire The number of seconds authentication source is valid.
* @return void
*/
public function setAuthorityExpire($authority, $expire = null)
{
assert(isset($this->authData[$authority]));
assert(is_int($expire) || $expire === null);
$this->markDirty();
if ($expire === null) {
$expire = time() + self::$config->getInteger('session.duration', 8 * 60 * 60);
}
$this->authData[$authority]['Expire'] = $expire;
}
/**
* This function registers a logout handler.
*
* @param string $authority The authority for which register the handler.
* @param string $classname The class which contains the logout handler.
* @param string $functionname The logout handler function.
* @return void
*
* @throws \Exception If the handler is not a valid function or method.
*/
public function registerLogoutHandler($authority, $classname, $functionname)
{
assert(isset($this->authData[$authority]));
$logout_handler = [$classname, $functionname];
if (!is_callable($logout_handler)) {
throw new \Exception(
'Logout handler is not a valid function: ' . $classname . '::' .
$functionname
);
}
$this->authData[$authority]['LogoutHandlers'][] = $logout_handler;
$this->markDirty();
}
/**
* Delete data from the data store.
*
* This function immediately deletes the data with the given type and id from the data store.
*
* @param string $type The type of the data.
* @param string $id The identifier of the data.
* @return void
*/
public function deleteData($type, $id)
{
assert(is_string($type));
assert(is_string($id));
if (!array_key_exists($type, $this->dataStore)) {
return;
}
unset($this->dataStore[$type][$id]);
$this->markDirty();
}
/**
* This function stores data in the data store.
*
* The timeout value can be Session::DATA_TIMEOUT_SESSION_END, which indicates
* that the data should never be deleted.
*
* @param string $type The type of the data. This is checked when retrieving data from the store.
* @param string $id The identifier of the data.
* @param mixed $data The data.
* @param int|string|null $timeout The number of seconds this data should be stored after its last access.
* This parameter is optional. The default value is set in 'session.datastore.timeout',
* and the default is 4 hours.
* @return void
*
* @throws \Exception If the data couldn't be stored.
*
*/
public function setData($type, $id, $data, $timeout = null)
{
assert(is_string($type));
assert(is_string($id));
assert(is_int($timeout) || $timeout === null || $timeout === self::DATA_TIMEOUT_SESSION_END);
if ($timeout === null) {
// use the default timeout
$timeout = self::$config->getInteger('session.datastore.timeout', null);
if ($timeout !== null) {
if ($timeout <= 0) {
throw new \Exception(
'The value of the session.datastore.timeout' .
' configuration option should be a positive integer.'
);
}
}
}
if ($timeout === self::DATA_TIMEOUT_SESSION_END) {
$expires = self::DATA_TIMEOUT_SESSION_END;
} else {
$expires = time() + $timeout;
}
$dataInfo = [
'expires' => $expires,
'timeout' => $timeout,
'data' => $data
];
if (!array_key_exists($type, $this->dataStore)) {
$this->dataStore[$type] = [];
}
$this->dataStore[$type][$id] = $dataInfo;
$this->markDirty();
}
/**
* This function removes expired data from the data store.
*
* @return void
*/
private function expireData(): void
{
$ct = time();
foreach ($this->dataStore as &$typedData) {
foreach ($typedData as $id => $info) {
if ($info['expires'] === self::DATA_TIMEOUT_SESSION_END) {
// this data never expires
continue;
}
if ($ct > $info['expires']) {
unset($typedData[$id]);
$this->markDirty();
}
}
}
}
/**
* This function retrieves data from the data store.
*
* Note that this will not change when the data stored in the data store will expire. If that is required,
* the data should be written back with setData.
*
* @param string $type The type of the data. This must match the type used when adding the data.
* @param string|null $id The identifier of the data. Can be null, in which case null will be returned.
*
* @return mixed The data of the given type with the given id or null if the data doesn't exist in the data store.
*/
public function getData($type, $id)
{
assert(is_string($type));
assert($id === null || is_string($id));
if ($id === null) {
return null;
}
if (!array_key_exists($type, $this->dataStore)) {
return null;
}
if (!array_key_exists($id, $this->dataStore[$type])) {
return null;
}
return $this->dataStore[$type][$id]['data'];
}
/**
* This function retrieves all data of the specified type from the data store.
*
* The data will be returned as an associative array with the id of the data as the key, and the data
* as the value of each key. The value will be stored as a copy of the original data. setData must be
* used to update the data.
*
* An empty array will be returned if no data of the given type is found.
*
* @param string $type The type of the data.
*
* @return array An associative array with all data of the given type.
*/
public function getDataOfType($type)
{
assert(is_string($type));
if (!array_key_exists($type, $this->dataStore)) {
return [];
}
$ret = [];
foreach ($this->dataStore[$type] as $id => $info) {
$ret[$id] = $info['data'];
}
return $ret;
}
/**
* Get the current persistent authentication state.
*
* @param string $authority The authority to retrieve the data from.
*
* @return array|null The current persistent authentication state, or null if not authenticated.
*/
public function getAuthState($authority)
{
assert(is_string($authority));
if (!isset($this->authData[$authority])) {
return null;
}
return $this->authData[$authority];
}
/**
* Check whether the session cookie is set.
*
* This function will only return false if is is certain that the cookie isn't set.
*
* @return bool true if it was set, false if not.
*/
public function hasSessionCookie()
{
$sh = SessionHandler::getSessionHandler();
return $sh->hasSessionCookie();
}
/**
* Add an SP association for an IdP.
*
* This function is only for use by the IdP class.
*
* @param string $idp The IdP id.
* @param array $association The association we should add.
* @return void
*/
public function addAssociation($idp, array $association)
{
assert(is_string($idp));
assert(isset($association['id']));
assert(isset($association['Handler']));
if (!isset($this->associations)) {
$this->associations = [];
}
if (!isset($this->associations[$idp])) {
$this->associations[$idp] = [];
}
$this->associations[$idp][$association['id']] = $association;
$this->markDirty();
}
/**
* Retrieve the associations for an IdP.
*
* This function is only for use by the IdP class.
*
* @param string $idp The IdP id.
*
* @return array The IdP associations.
*/
public function getAssociations($idp)
{
assert(is_string($idp));
if (!isset($this->associations)) {
$this->associations = [];
}
if (!isset($this->associations[$idp])) {
return [];
}
foreach ($this->associations[$idp] as $id => $assoc) {
if (!isset($assoc['Expires'])) {
continue;
}
if ($assoc['Expires'] >= time()) {
continue;
}
unset($this->associations[$idp][$id]);
}
return $this->associations[$idp];
}
/**
* Remove an SP association for an IdP.
*
* This function is only for use by the IdP class.
*
* @param string $idp The IdP id.
* @param string $associationId The id of the association.
* @return void
*/
public function terminateAssociation($idp, $associationId)
{
assert(is_string($idp));
assert(is_string($associationId));
if (!isset($this->associations)) {
return;
}
if (!isset($this->associations[$idp])) {
return;
}
unset($this->associations[$idp][$associationId]);
$this->markDirty();
}
/**
* Retrieve authentication data.
*
* @param string $authority The authentication source we should retrieve data from.
* @param string $name The name of the data we should retrieve.
*
* @return mixed The value, or null if the value wasn't found.
*/
public function getAuthData($authority, $name)
{
assert(is_string($authority));
assert(is_string($name));
if (!isset($this->authData[$authority][$name])) {
return null;
}
return $this->authData[$authority][$name];
}
/**
* Retrieve a list of authorities (authentication sources) that are currently valid within
* this session.
*
* @return mixed An array containing every authority currently valid. Empty if none available.
*/
public function getAuthorities()
{
$authorities = [];
foreach (array_keys($this->authData) as $authority) {
if ($this->isValid($authority)) {
$authorities[] = $authority;
}
}
return $authorities;
}
/**
* Clear any configuration information cached
* @return void
*/
public static function clearInternalState()
{
self::$config = null;
self::$instance = null;
self::$sessions = null;
}
}
���������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Stats.php�������������������������������������������������������0000644�0000000�0000000�00000004532�14042503475�017452� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������getString('class');
$cls = Module::resolveClass($cls, 'Stats\Output', '\SimpleSAML\Stats\Output');
$output = new $cls($config);
return $output;
}
/**
* Initialize the outputs.
*
* @return void
*/
private static function initOutputs(): void
{
$config = Configuration::getInstance();
$outputCfgs = $config->getConfigList('statistics.out');
self::$outputs = [];
foreach ($outputCfgs as $cfg) {
self::$outputs[] = self::createOutput($cfg);
}
}
/**
* Notify about an event.
*
* @param string $event The event.
* @param array $data Event data. Optional.
*
* @return void|boolean False if output is not enabled, void otherwise.
*/
public static function log($event, array $data = [])
{
assert(is_string($event));
assert(!isset($data['op']));
assert(!isset($data['time']));
assert(!isset($data['_id']));
if (!self::$initialized) {
self::initOutputs();
self::$initialized = true;
}
if (empty(self::$outputs)) {
// not enabled
return false;
}
$data['op'] = $event;
$data['time'] = microtime(true);
// the ID generation is designed to cluster IDs related in time close together
$int_t = (int) $data['time'];
$hd = openssl_random_pseudo_bytes(16);
$data['_id'] = sprintf('%016x%s', $int_t, bin2hex($hd));
foreach (self::$outputs as $out) {
$out->emit($data);
}
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Console/��������������������������������������������������������0000755�0000000�0000000�00000000000�14042503475�017241� 5����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Console/Application.php�����������������������������������������0000644�0000000�0000000�00000001165�14042503475�022220� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������getDefinition();
$inputDefinition->addOption(
new InputOption('--module', '-m', InputOption::VALUE_REQUIRED, 'The module name', $kernel->getModule())
);
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Command/��������������������������������������������������������0000755�0000000�0000000�00000000000�14042503475�017215� 5����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Command/RouterDebugCommand.php����������������������������������0000644�0000000�0000000�00000004554�14042503475�023464� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������router = $router;
}
/**
* {@inheritDoc}
* @return void
*/
protected function configure()
{
$this
->setDescription('Displays current routes for a module')
->setHelp(
<<<'EOF'
The %command.name% displays the configured routes for a module:
php %command.full_name%
EOF
)
;
}
/**
* {@inheritdoc}
* @psalm-suppress InvalidReturnType
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$io = new SymfonyStyle($input, $output);
$routes = $this->router->getRouteCollection();
$tableHeaders = array('Name', 'Method', 'Scheme', 'Host', 'Path', 'Controller');
$tableRows = array();
foreach ($routes->all() as $name => $route) {
$row = [
$name,
$route->getMethods() ? implode('|', $route->getMethods()) : 'ANY',
$route->getSchemes() ? implode('|', $route->getSchemes()) : 'ANY',
'' !== $route->getHost() ? $route->getHost() : 'ANY',
$route->getPath(),
];
$controller = $route->getDefault('_controller');
if ($controller instanceof Closure) {
$controller = 'Closure';
} elseif (is_object($controller)) {
$controller = get_class($controller);
}
$row[] = $controller;
$tableRows[] = $row;
}
$table = new Table($io);
$table->setHeaders($tableHeaders)->setRows($tableRows);
$table->setStyle('compact');
$table->render();
}
}
����������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Logger/���������������������������������������������������������0000755�0000000�0000000�00000000000�14042503475�017056� 5����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Logger/LoggingHandlerInterface.php������������������������������0000644�0000000�0000000�00000001666�14042503475�024305� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* @package SimpleSAMLphp
*/
class FileLoggingHandler implements LoggingHandlerInterface
{
/**
* A string with the path to the file where we should log our messages.
*
* @var null|string
*/
protected $logFile = null;
/**
* This array contains the mappings from syslog log levels to names. Copied more or less directly from
* SimpleSAML\Logger\ErrorLogLoggingHandler.
*
* @var array
*/
private static $levelNames = [
Logger::EMERG => 'EMERGENCY',
Logger::ALERT => 'ALERT',
Logger::CRIT => 'CRITICAL',
Logger::ERR => 'ERROR',
Logger::WARNING => 'WARNING',
Logger::NOTICE => 'NOTICE',
Logger::INFO => 'INFO',
Logger::DEBUG => 'DEBUG',
];
/** @var string|null */
protected $processname = null;
/** @var string */
protected $format = "%b %d %H:%M:%S";
/**
* Build a new logging handler based on files.
* @param \SimpleSAML\Configuration $config
*/
public function __construct(Configuration $config)
{
// get the metadata handler option from the configuration
$this->logFile = $config->getPathValue('loggingdir', 'log/') .
$config->getString('logging.logfile', 'simplesamlphp.log');
// Remove any non-printable characters before storing
$this->processname = preg_replace('/[\x00-\x1F\x7F\xA0]/u', '', $config->getString('logging.processname', 'SimpleSAMLphp'));
if (@file_exists($this->logFile)) {
if (!@is_writeable($this->logFile)) {
throw new \Exception("Could not write to logfile: " . $this->logFile);
}
} else {
if (!@touch($this->logFile)) {
throw new \Exception(
"Could not create logfile: " . $this->logFile .
" The logging directory is not writable for the web server user."
);
}
}
Utils\Time::initTimezone();
}
/**
* Set the format desired for the logs.
*
* @param string $format The format used for logs.
* @return void
*/
public function setLogFormat($format)
{
$this->format = $format;
}
/**
* Log a message to the log file.
*
* @param int $level The log level.
* @param string $string The formatted message to log.
* @return void
*/
public function log($level, $string)
{
if (!is_null($this->logFile)) {
// set human-readable log level. Copied from SimpleSAML\Logger\ErrorLogLoggingHandler.
$levelName = sprintf('UNKNOWN%d', $level);
if (array_key_exists($level, self::$levelNames)) {
$levelName = self::$levelNames[$level];
}
$formats = ['%process', '%level'];
$replacements = [$this->processname, $levelName];
$matches = [];
if (preg_match('/%date(?:\{([^\}]+)\})?/', $this->format, $matches)) {
$format = "%b %d %H:%M:%S";
if (isset($matches[1])) {
$format = $matches[1];
}
array_push($formats, $matches[0]);
array_push($replacements, strftime($format));
}
$string = str_replace($formats, $replacements, $string);
file_put_contents($this->logFile, $string . \PHP_EOL, FILE_APPEND);
}
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Logger/ErrorLogLoggingHandler.php�������������������������������0000644�0000000�0000000�00000004454�14042503475�024136� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* @author Olav Morken, UNINETT AS.
* @package SimpleSAMLphp
*/
class ErrorLogLoggingHandler implements LoggingHandlerInterface
{
/**
* This array contains the mappings from syslog log level to names.
*
* @var array
*/
private static $levelNames = [
Logger::EMERG => 'EMERG',
Logger::ALERT => 'ALERT',
Logger::CRIT => 'CRIT',
Logger::ERR => 'ERR',
Logger::WARNING => 'WARNING',
Logger::NOTICE => 'NOTICE',
Logger::INFO => 'INFO',
Logger::DEBUG => 'DEBUG',
];
/**
* The name of this process.
*
* @var string
*/
private $processname;
/**
* ErrorLogLoggingHandler constructor.
*
* @param \SimpleSAML\Configuration $config The configuration object for this handler.
*/
public function __construct(Configuration $config)
{
// Remove any non-printable characters before storing
$this->processname = preg_replace('/[\x00-\x1F\x7F\xA0]/u', '', $config->getString('logging.processname', 'SimpleSAMLphp'));
}
/**
* Set the format desired for the logs.
*
* @param string $format The format used for logs.
* @return void
*/
public function setLogFormat($format)
{
// we don't need the format here
}
/**
* Log a message to syslog.
*
* @param int $level The log level.
* @param string $string The formatted message to log.
* @return void
*/
public function log($level, $string)
{
if (array_key_exists($level, self::$levelNames)) {
$levelName = self::$levelNames[$level];
} else {
$levelName = sprintf('UNKNOWN%d', $level);
}
$formats = ['%process', '%level'];
$replacements = [$this->processname, $levelName];
$string = str_replace($formats, $replacements, $string);
$string = preg_replace('/%\w+(\{[^\}]+\})?/', '', $string);
$string = trim($string);
error_log($string);
}
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Logger/SyslogLoggingHandler.php���������������������������������0000644�0000000�0000000�00000004352�14042503475�023660� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* @package SimpleSAMLphp
*/
class SyslogLoggingHandler implements LoggingHandlerInterface
{
/** @var bool */
private $isWindows = false;
/** @var string */
protected $format = "%b %d %H:%M:%S";
/**
* Build a new logging handler based on syslog.
* @param \SimpleSAML\Configuration $config
*/
public function __construct(Configuration $config)
{
$facility = $config->getInteger('logging.facility', defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER);
// Remove any non-printable characters before storing
$processname = preg_replace('/[\x00-\x1F\x7F\xA0]/u', '', $config->getString('logging.processname', 'SimpleSAMLphp'));
// Setting facility to LOG_USER (only valid in Windows), enable log level rewrite on windows systems
if (Utils\System::getOS() === Utils\System::WINDOWS) {
$this->isWindows = true;
$facility = LOG_USER;
}
openlog($processname, LOG_PID, $facility);
}
/**
* Set the format desired for the logs.
*
* @param string $format The format used for logs.
* @return void
*/
public function setLogFormat($format)
{
$this->format = $format;
}
/**
* Log a message to syslog.
*
* @param int $level The log level.
* @param string $string The formatted message to log.
* @return void
*/
public function log($level, $string)
{
// changing log level to supported levels if OS is Windows
if ($this->isWindows) {
if ($level <= 4) {
$level = LOG_ERR;
} else {
$level = LOG_INFO;
}
}
$formats = ['%process', '%level'];
$replacements = ['', $level];
$string = str_replace($formats, $replacements, $string);
$string = preg_replace('/%\w+(\{[^\}]+\})?/', '', $string);
$string = trim($string);
syslog($level, $string);
}
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Logger/StandardErrorLoggingHandler.php��������������������������0000644�0000000�0000000�00000001511�14042503475�025144� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* @package SimpleSAMLphp
*/
class StandardErrorLoggingHandler extends FileLoggingHandler
{
/**
* StandardError constructor.
*
* It runs the parent constructor and sets the log file to be the standard error descriptor.
*
* @param \SimpleSAML\Configuration $config
*/
public function __construct(Configuration $config)
{
// Remove any non-printable characters before storing
$this->processname = preg_replace('/[\x00-\x1F\x7F\xA0]/u', '', $config->getString('logging.processname', 'SimpleSAMLphp'));
$this->logFile = 'php://stderr';
}
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/XHTML/����������������������������������������������������������0000755�0000000�0000000�00000000000�14042503475�016533� 5����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/XHTML/Template.php����������������������������������������������0000644�0000000�0000000�00000072221�14042503475�021023� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* @package SimpleSAMLphp
*/
declare(strict_types=1);
namespace SimpleSAML\XHTML;
use SimpleSAML\Configuration;
use SimpleSAML\Locale\Language;
use SimpleSAML\Locale\Localization;
use SimpleSAML\Locale\Translate;
use SimpleSAML\Logger;
use SimpleSAML\Module;
use SimpleSAML\TwigConfigurableI18n\Twig\Environment as Twig_Environment;
use SimpleSAML\TwigConfigurableI18n\Twig\Extensions\Extension\I18n as Twig_Extensions_Extension_I18n;
use SimpleSAML\Utils;
use Symfony\Component\HttpFoundation\Response;
use Twig\Loader\FilesystemLoader;
use Twig\TwigFilter;
use Twig\TwigFunction;
/**
* The content-property is set upstream, but this is not recognized by Psalm
* @psalm-suppress PropertyNotSetInConstructor
*/
class Template extends Response
{
/**
* The data associated with this template, accessible within the template itself.
*
* @var array
*/
public $data = [];
/**
* A translator instance configured to work with this template.
*
* @var \SimpleSAML\Locale\Translate
*/
private $translator;
/**
* The localization backend
*
* @var \SimpleSAML\Locale\Localization
*/
private $localization;
/**
* The configuration to use in this template.
*
* @var \SimpleSAML\Configuration
*/
private $configuration;
/**
* The file to load in this template.
*
* @var string
*/
private $template = 'default.php';
/**
* The twig environment.
*
* @var \Twig\Environment
* @psalm-suppress PropertyNotSetInConstructor Remove this annotation in 2.0
*/
private $twig;
/**
* The template name.
*
* @var string
*/
private $twig_template;
/**
* Current module, if any.
*
* @var string
*/
private $module;
/**
* Whether to use the new user interface or not.
*
* @var bool
*/
private $useNewUI = false;
/**
* A template controller, if any.
*
* Used to intercept certain parts of the template handling, while keeping away unwanted/unexpected hooks. Set
* the 'theme.controller' configuration option to a class that implements the
* \SimpleSAML\XHTML\TemplateControllerInterface interface to use it.
*
* @var \SimpleSAML\XHTML\TemplateControllerInterface|null
*/
private $controller = null;
/**
* Whether we are using a non-default theme or not.
*
* If we are using a theme, this variable holds an array with two keys: "module" and "name", those being the name
* of the module and the name of the theme, respectively. If we are using the default theme, the variable has
* the 'default' string in the "name" key, and 'null' in the "module" key.
*
* @var array
*/
private $theme = ['module' => null, 'name' => 'default'];
/**
* Constructor
*
* @param \SimpleSAML\Configuration $configuration Configuration object
* @param string $template Which template file to load
* @param string|null $defaultDictionary The default dictionary where tags will come from.
*/
public function __construct(Configuration $configuration, $template, $defaultDictionary = null)
{
$this->configuration = $configuration;
$this->template = $template;
// TODO: do not remove the slash from the beginning, change the templates instead!
$this->data['baseurlpath'] = ltrim($this->configuration->getBasePath(), '/');
// parse module and template name
list($this->module) = $this->findModuleAndTemplateName($template);
// parse config to find theme and module theme is in, if any
list($this->theme['module'], $this->theme['name']) = $this->findModuleAndTemplateName(
$this->configuration->getString('theme.use', 'default')
);
// initialize internationalization system
$this->translator = new Translate($configuration, $defaultDictionary);
$this->localization = new Localization($configuration);
// check if we are supposed to use the new UI
$this->useNewUI = $this->configuration->getBoolean('usenewui', false);
if ($this->useNewUI) {
// check if we need to attach a theme controller
$controller = $this->configuration->getString('theme.controller', false);
if (
$controller
&& class_exists($controller)
&& in_array(TemplateControllerInterface::class, class_implements($controller))
) {
/** @var \SimpleSAML\XHTML\TemplateControllerInterface $this->controller */
$this->controller = new $controller();
}
$this->twig = $this->setupTwig();
}
$this->charset = 'UTF-8';
parent::__construct();
}
/**
* Return the URL of an asset, including a cache-buster parameter that depends on the last modification time of
* the original file.
* @param string $asset
* @param string|null $module
* @return string
*/
public function asset($asset, $module = null)
{
$baseDir = $this->configuration->getBaseDir();
if (is_null($module)) {
$file = $baseDir . 'www/assets/' . $asset;
$basePath = $this->configuration->getBasePath();
$path = $basePath . 'assets/' . $asset;
} else {
$file = $baseDir . 'modules/' . $module . '/www/assets/' . $asset;
$path = Module::getModuleUrl($module . '/assets/' . $asset);
}
if (!file_exists($file)) {
// don't be too harsh if an asset is missing, just pretend it's there...
return $path;
}
$tag = $this->configuration->getVersion();
if ($tag === 'master') {
$tag = strval(filemtime($file));
}
$tag = substr(hash('md5', $tag), 0, 5);
return $path . '?tag=' . $tag;
}
/**
* Get the normalized template name.
*
* @return string The name of the template to use.
*/
public function getTemplateName()
{
return $this->normalizeTemplateName($this->template);
}
/**
* Normalize the name of the template to one of the possible alternatives.
*
* @param string $templateName The template name to normalize.
* @return string The filename we need to look for.
*/
private function normalizeTemplateName(string $templateName): string
{
if (strripos($templateName, '.twig')) {
return $templateName;
}
$phppos = strripos($templateName, '.php');
if ($phppos) {
$templateName = substr($templateName, 0, $phppos);
}
$tplpos = strripos($templateName, '.tpl');
if ($tplpos) {
$templateName = substr($templateName, 0, $tplpos);
}
if ($this->useNewUI) {
return $templateName . '.twig';
}
return $templateName;
}
/**
* Set up the places where twig can look for templates.
*
* @return TemplateLoader The twig template loader or false if the template does not exist.
* @throws \Twig\Error\LoaderError In case a failure occurs.
*/
private function setupTwigTemplatepaths(): TemplateLoader
{
$filename = $this->normalizeTemplateName($this->template);
// get namespace if any
list($namespace, $filename) = $this->findModuleAndTemplateName($filename);
$this->twig_template = ($namespace !== null) ? '@' . $namespace . '/' . $filename : $filename;
$loader = new TemplateLoader();
$templateDirs = $this->findThemeTemplateDirs();
if ($this->module && $this->module != 'core') {
$modDir = TemplateLoader::getModuleTemplateDir($this->module);
$templateDirs[] = [$this->module => $modDir];
$templateDirs[] = ['__parent__' => $modDir];
}
if ($this->theme['module']) {
try {
$templateDirs[] = [
$this->theme['module'] => TemplateLoader::getModuleTemplateDir($this->theme['module'])
];
} catch (\InvalidArgumentException $e) {
// either the module is not enabled or it has no "templates" directory, ignore
}
}
$templateDirs[] = ['core' => TemplateLoader::getModuleTemplateDir('core')];
// default, themeless templates are checked last
$templateDirs[] = [
FilesystemLoader::MAIN_NAMESPACE => $this->configuration->resolvePath('templates')
];
foreach ($templateDirs as $entry) {
$loader->addPath($entry[key($entry)], key($entry));
}
return $loader;
}
/**
* Setup twig.
* @return \Twig\Environment
* @throws \Exception if the template does not exist
*/
private function setupTwig(): \Twig\Environment
{
$auto_reload = $this->configuration->getBoolean('template.auto_reload', true);
$cache = $this->configuration->getString('template.cache', false);
// set up template paths
$loader = $this->setupTwigTemplatepaths();
// abort if twig template does not exist
if (!$loader->exists($this->twig_template)) {
throw new \Exception('Template-file \"' . $this->getTemplateName() . '\" does not exist.');
}
// load extra i18n domains
if ($this->module) {
$this->localization->addModuleDomain($this->module);
}
if ($this->theme['module'] !== null && $this->theme['module'] !== $this->module) {
$this->localization->addModuleDomain($this->theme['module']);
}
// set up translation
$options = [
'auto_reload' => $auto_reload,
'cache' => $cache,
'strict_variables' => true,
'translation_function' => [Translate::class, 'translateSingularGettext'],
'translation_function_plural' => [Translate::class, 'translatePluralGettext'],
];
$twig = new Twig_Environment($loader, $options);
$twig->addExtension(new Twig_Extensions_Extension_I18n());
$twig->addExtension(new \Twig\Extensions\DateExtension());
$twig->addFunction(new TwigFunction('moduleURL', [Module::class, 'getModuleURL']));
// initialize some basic context
$langParam = $this->configuration->getString('language.parameter.name', 'language');
$twig->addGlobal('languageParameterName', $langParam);
$twig->addGlobal('localeBackend', Localization::GETTEXT_I18N_BACKEND);
$twig->addGlobal('currentLanguage', $this->translator->getLanguage()->getLanguage());
$twig->addGlobal('isRTL', false); // language RTL configuration
if ($this->translator->getLanguage()->isLanguageRTL()) {
$twig->addGlobal('isRTL', true);
}
$queryParams = $_GET; // add query parameters, in case we need them in the template
if (isset($queryParams[$langParam])) {
unset($queryParams[$langParam]);
}
$twig->addGlobal('queryParams', $queryParams);
$twig->addGlobal('templateId', str_replace('.twig', '', $this->normalizeTemplateName($this->template)));
$twig->addGlobal('isProduction', $this->configuration->getBoolean('production', true));
$twig->addGlobal('baseurlpath', ltrim($this->configuration->getBasePath(), '/'));
// add a filter for translations out of arrays
$twig->addFilter(
new TwigFilter(
'translateFromArray',
[Translate::class, 'translateFromArray'],
['needs_context' => true]
)
);
// add an asset() function
$twig->addFunction(new TwigFunction('asset', [$this, 'asset']));
if ($this->controller !== null) {
$this->controller->setUpTwig($twig);
}
return $twig;
}
/**
* Add overriding templates from the configured theme.
*
* @return array An array of module => templatedir lookups.
*/
private function findThemeTemplateDirs(): array
{
if (!isset($this->theme['module'])) {
// no module involved
return [];
}
// setup directories & namespaces
$themeDir = Module::getModuleDir($this->theme['module']) . '/themes/' . $this->theme['name'];
$subdirs = scandir($themeDir);
if (empty($subdirs)) {
// no subdirectories in the theme directory, nothing to do here
// this is probably wrong, log a message
Logger::warning('Empty theme directory for theme "' . $this->theme['name'] . '".');
return [];
}
$themeTemplateDirs = [];
foreach ($subdirs as $entry) {
// discard anything that's not a directory. Expression is negated to profit from lazy evaluation
if (!($entry !== '.' && $entry !== '..' && is_dir($themeDir . '/' . $entry))) {
continue;
}
// set correct name for the default namespace
$ns = ($entry === 'default') ? FilesystemLoader::MAIN_NAMESPACE : $entry;
$themeTemplateDirs[] = [$ns => $themeDir . '/' . $entry];
}
return $themeTemplateDirs;
}
/**
* Get the template directory of a module, if it exists.
*
* @param string $module
* @return string The templates directory of a module
*
* @throws \InvalidArgumentException If the module is not enabled or it has no templates directory.
*/
private function getModuleTemplateDir(string $module): string
{
if (!Module::isModuleEnabled($module)) {
throw new \InvalidArgumentException('The module \'' . $module . '\' is not enabled.');
}
$moduledir = Module::getModuleDir($module);
// check if module has a /templates dir, if so, append
$templatedir = $moduledir . '/templates';
if (!is_dir($templatedir)) {
throw new \InvalidArgumentException('The module \'' . $module . '\' has no templates directory.');
}
return $templatedir;
}
/**
* Add the templates from a given module.
*
* Note that the module must be installed, enabled, and contain a "templates" directory.
*
* @param string $module The module where we need to search for templates.
* @throws \InvalidArgumentException If the module is not enabled or it has no templates directory.
* @return void
*/
public function addTemplatesFromModule($module)
{
$dir = TemplateLoader::getModuleTemplateDir($module);
/** @var \Twig\Loader\FilesystemLoader $loader */
$loader = $this->twig->getLoader();
$loader->addPath($dir, $module);
}
/**
* Generate an array for its use in the language bar, indexed by the ISO 639-2 codes of the languages available,
* containing their localized names and the URL that should be used in order to change to that language.
*
* @return array|null The array containing information of all available languages.
*/
private function generateLanguageBar(): ?array
{
$languages = $this->translator->getLanguage()->getLanguageList();
ksort($languages);
$langmap = null;
if (count($languages) > 1) {
$parameterName = $this->getTranslator()->getLanguage()->getLanguageParameterName();
$langmap = [];
foreach ($languages as $lang => $current) {
$lang = strtolower($lang);
$langname = $this->translator->getLanguage()->getLanguageLocalizedName($lang);
$url = false;
if (!$current) {
$url = htmlspecialchars(Utils\HTTP::addURLParameters(
'',
[$parameterName => $lang]
));
}
$langmap[$lang] = [
'name' => $langname,
'url' => $url,
];
}
}
return $langmap;
}
/**
* Set some default context
* @return void
*/
private function twigDefaultContext(): void
{
// show language bar by default
if (!isset($this->data['hideLanguageBar'])) {
$this->data['hideLanguageBar'] = false;
}
// get languagebar
$this->data['languageBar'] = null;
if ($this->data['hideLanguageBar'] === false) {
$languageBar = $this->generateLanguageBar();
if (is_null($languageBar)) {
$this->data['hideLanguageBar'] = true;
} else {
$this->data['languageBar'] = $languageBar;
}
}
// assure that there is a and <h1>
if (isset($this->data['header']) && !isset($this->data['pagetitle'])) {
$this->data['pagetitle'] = $this->data['header'];
}
if (!isset($this->data['pagetitle'])) {
$this->data['pagetitle'] = 'SimpleSAMLphp';
}
$this->data['year'] = date('Y');
$this->data['header'] = $this->configuration->getValue('theme.header', 'SimpleSAMLphp');
}
/**
* Get the contents produced by this template.
*
* @return string The HTML rendered by this template, as a string.
* @throws \Exception if the template cannot be found.
*/
protected function getContents()
{
$this->twigDefaultContext();
if ($this->controller) {
$this->controller->display($this->data);
}
try {
return $this->twig->render($this->twig_template, $this->data);
} catch (\Twig\Error\RuntimeError $e) {
throw new \SimpleSAML\Error\Exception(substr($e->getMessage(), 0, -1) . ' in ' . $this->template, 0, $e);
}
}
/**
* Send this template as a response.
*
* @return $this This response.
* @throws \Exception if the template cannot be found.
*
* Note: No return type possible due to upstream limitations
*/
public function send()
{
$this->content = $this->getContents();
return parent::send();
}
/**
* Show the template to the user.
*
* This method is a remnant of the old templating system, where templates where shown manually instead of
* returning a response.
*
* @return void
* @deprecated Do not use this method, use Twig + send() instead. Will be removed in 2.0
*/
public function show()
{
if ($this->useNewUI) {
echo $this->getContents();
} else {
require($this->findTemplatePath($this->template));
}
}
/**
* Find module the template is in, if any
*
* @param string $template The relative path from the theme directory to the template file.
*
* @return array An array with the name of the module and template
*/
private function findModuleAndTemplateName(string $template): array
{
$tmp = explode(':', $template, 2);
return (count($tmp) === 2) ? [$tmp[0], $tmp[1]] : [null, $tmp[0]];
}
/**
* Find template path.
*
* This function locates the given template based on the template name. It will first search for the template in
* the current theme directory, and then the default theme.
*
* The template name may be on the form <module name>:<template path>, in which case it will search for the
* template file in the given module.
*
* @param string $template The relative path from the theme directory to the template file.
* @param bool $throw_exception
*
* @return string|null The absolute path to the template file.
*
* @throws \Exception If the template file couldn't be found.
*/
private function findTemplatePath(string $template, bool $throw_exception = true): ?string
{
$extensions = ['.tpl.php', '.php'];
list($templateModule, $templateName) = $this->findModuleAndTemplateName($template);
$templateModule = ($templateModule !== null) ? $templateModule : 'default';
// first check the current theme
if ($this->theme['module'] !== null) {
// .../module/<themeModule>/themes/<themeName>/<templateModule>/<templateName>
$filename = Module::getModuleDir($this->theme['module']) .
'/themes/' . $this->theme['name'] . '/' . $templateModule . '/' . $templateName;
} elseif ($templateModule !== 'default') {
// .../module/<templateModule>/templates/<templateName>
$filename = Module::getModuleDir($templateModule) . '/templates/' . $templateName;
} else {
// .../templates/<theme>/<templateName>
$base = $this->configuration->getPathValue('templatedir', 'templates/') ?: 'templates/';
$filename = $base . $templateName;
}
$filename = $this->normalizeTemplateName($filename);
foreach ($extensions as $extension) {
if (file_exists($filename . $extension)) {
return $filename . $extension;
}
}
// not found in current theme
Logger::debug(
$_SERVER['PHP_SELF'] . ' - Template: Could not find template file [' . $template . '] at [' .
$filename . '] - now trying the base template'
);
// try default theme
if ($templateModule !== 'default') {
// .../module/<templateModule>/templates/<templateName>
$filename = Module::getModuleDir($templateModule) . '/templates/' . $templateName;
} else {
// .../templates/<templateName>
$base = $this->configuration->getPathValue('templatedir', 'templates/') ?: 'templates/';
$filename = $base . '/' . $templateName;
}
$filename = $this->normalizeTemplateName($filename);
foreach ($extensions as $extension) {
if (file_exists($filename . $extension)) {
return $filename . $extension;
}
}
// not found in default template
if ($throw_exception) {
// log error and throw exception
$error = 'Template: Could not find template file [' . $template . '] at [' . $filename . ']';
Logger::critical($_SERVER['PHP_SELF'] . ' - ' . $error);
throw new \Exception($error);
} else {
// missing template expected, return NULL
return null;
}
}
/**
* Return the internal translator object used by this template.
*
* @return \SimpleSAML\Locale\Translate The translator that will be used with this template.
*/
public function getTranslator()
{
return $this->translator;
}
/**
* Return the internal localization object used by this template.
*
* @return \SimpleSAML\Locale\Localization The localization object that will be used with this template.
*/
public function getLocalization()
{
return $this->localization;
}
/**
* Get the current instance of Twig in use.
*
* @return \Twig\Environment The Twig instance in use, or null if Twig is not used.
*/
public function getTwig()
{
return $this->twig;
}
/*
* Deprecated methods of this interface, all of them should go away.
*/
/**
* @param string $name
*
* @return string
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Language::getLanguage()
* instead.
*/
public function getAttributeTranslation($name)
{
return $this->translator->getAttributeTranslation($name);
}
/**
* @return string
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Language::getLanguage()
* instead.
*/
public function getLanguage()
{
return $this->translator->getLanguage()->getLanguage();
}
/**
* @param string $language
* @param bool $setLanguageCookie
* @return void
*
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Language::setLanguage()
* instead.
*/
public function setLanguage($language, $setLanguageCookie = true)
{
$this->translator->getLanguage()->setLanguage($language, $setLanguageCookie);
}
/**
* @return null|string
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Language::getLanguageCookie()
* instead.
*/
public static function getLanguageCookie()
{
return Language::getLanguageCookie();
}
/**
* @param string $language
* @return void
*
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Language::setLanguageCookie()
* instead.
*/
public static function setLanguageCookie($language)
{
Language::setLanguageCookie($language);
}
/**
* Wraps Language->getLanguageList
*
* @return array
*/
private function getLanguageList(): array
{
return $this->translator->getLanguage()->getLanguageList();
}
/**
* @param string $tag
*
* @return array|null
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Translate::getTag() instead.
*/
public function getTag($tag)
{
return $this->translator->getTag($tag);
}
/**
* Temporary wrapper for \SimpleSAML\Locale\Translate::getPreferredTranslation().
*
* @deprecated This method will be removed in SSP 2.0. Please use
* \SimpleSAML\Locale\Translate::getPreferredTranslation() instead.
*
* @param array $translations
* @return string
*/
public function getTranslation($translations)
{
return $this->translator->getPreferredTranslation($translations);
}
/**
* Includes a file relative to the template base directory.
* This function can be used to include headers and footers etc.
*
* @deprecated This function will be removed in SSP 2.0. Use Twig-templates instead
* @param string $file
* @return void
*/
private function includeAtTemplateBase(string $file): void
{
$data = $this->data;
$filename = $this->findTemplatePath($file);
include($filename);
}
/**
* Wraps Translate->includeInlineTranslation()
*
* @see \SimpleSAML\Locale\Translate::includeInlineTranslation()
* @deprecated This method will be removed in SSP 2.0. Please use
* \SimpleSAML\Locale\Translate::includeInlineTranslation() instead.
*
* @param string $tag
* @param string $translation
* @return void
*/
public function includeInlineTranslation($tag, $translation)
{
$this->translator->includeInlineTranslation($tag, $translation);
}
/**
* @param string $file
* @param \SimpleSAML\Configuration|null $otherConfig
* @return void
*
* @deprecated This method will be removed in SSP 2.0. Please use
* \SimpleSAML\Locale\Translate::includeLanguageFile() instead.
*/
public function includeLanguageFile($file, $otherConfig = null)
{
$this->translator->includeLanguageFile($file, $otherConfig);
}
/**
* Wrap Language->isLanguageRTL
*
* @return bool
*/
private function isLanguageRTL(): bool
{
return $this->translator->getLanguage()->isLanguageRTL();
}
/**
* Merge two translation arrays.
*
* @param array $def The array holding string definitions.
* @param array $lang The array holding translations for every string.
*
* @return array The recursive merge of both arrays.
* @deprecated This method will be removed in SimpleSAMLphp 2.0. Please use array_merge_recursive() instead.
*/
public static function lang_merge($def, $lang)
{
foreach ($def as $key => $value) {
if (array_key_exists($key, $lang)) {
$def[$key] = array_merge($value, $lang[$key]);
}
}
return $def;
}
/**
* Behave like Language->noop to mark a tag for translation but actually do it later.
*
* @see \SimpleSAML\Locale\Translate::noop()
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Translate::noop() instead.
*
* @param string $tag
* @return string
*/
public static function noop($tag)
{
return $tag;
}
/**
* Wrap Language->t to translate tag into the current language, with a fallback to english.
*
* @see \SimpleSAML\Locale\Translate::t()
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Locale\Translate::t() instead.
*
* @param string $tag
* @param array $replacements
* @param bool $fallbackdefault
* @param array $oldreplacements
* @param bool $striptags
* @return string|null
*/
public function t(
$tag,
$replacements = [],
$fallbackdefault = true,
$oldreplacements = [],
$striptags = false
) {
return $this->translator->t($tag, $replacements, $fallbackdefault, $oldreplacements, $striptags);
}
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/XHTML/IdPDisco.php����������������������������������������������0000644�0000000�0000000�00000050561�14042503475�020711� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
declare(strict_types=1);
namespace SimpleSAML\XHTML;
use SimpleSAML\Configuration;
use SimpleSAML\Logger;
use SimpleSAML\Metadata\MetaDataStorageHandler;
use SimpleSAML\Session;
use SimpleSAML\Utils;
/**
* This class implements a generic IdP discovery service, for use in various IdP
* discovery service pages. This should reduce code duplication.
*
* Experimental support added for Extended IdP Metadata Discovery Protocol by Andreas 2008-08-28
* More information: https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.pdf
*
* @author Jaime Pérez <jaime.perez@uninett.no>, UNINETT AS.
* @author Olav Morken, UNINETT AS.
* @author Andreas Åkre Solberg <andreas@uninett.no>, UNINETT AS.
* @package SimpleSAMLphp
*/
class IdPDisco
{
/**
* An instance of the configuration class.
*
* @var \SimpleSAML\Configuration
*/
protected $config;
/**
* The identifier of this discovery service.
*
* @var string
*/
protected $instance;
/**
* An instance of the metadata handler, which will allow us to fetch metadata about IdPs.
*
* @var \SimpleSAML\Metadata\MetaDataStorageHandler
*/
protected $metadata;
/**
* The users session.
*
* @var \SimpleSAML\Session
*/
protected $session;
/**
* The metadata sets we find allowed entities in, in prioritized order.
*
* @var array
*/
protected $metadataSets;
/**
* The entity id of the SP which accesses this IdP discovery service.
*
* @var string
*/
protected $spEntityId;
/**
* HTTP parameter from the request, indicating whether the discovery service
* can interact with the user or not.
*
* @var boolean
*/
protected $isPassive;
/**
* The SP request to set the IdPentityID...
*
* @var string|null
*/
protected $setIdPentityID = null;
/**
* The name of the query parameter which should contain the users choice of IdP.
* This option default to 'entityID' for Shibboleth compatibility.
*
* @var string
*/
protected $returnIdParam;
/**
* The list of scoped idp's. The intersection between the metadata idpList
* and scopedIDPList (given as a $_GET IDPList[] parameter) is presented to
* the user. If the intersection is empty the metadata idpList is used.
*
* @var array
*/
protected $scopedIDPList = [];
/**
* The URL the user should be redirected to after choosing an IdP.
*
* @var string
*/
protected $returnURL;
/**
* Initializes this discovery service.
*
* The constructor does the parsing of the request. If this is an invalid request, it will throw an exception.
*
* @param array $metadataSets Array with metadata sets we find remote entities in.
* @param string $instance The name of this instance of the discovery service.
*
* @throws \Exception If the request is invalid.
*/
public function __construct(array $metadataSets, $instance)
{
assert(is_string($instance));
// initialize standard classes
$this->config = Configuration::getInstance();
$this->metadata = MetaDataStorageHandler::getMetadataHandler();
$this->session = Session::getSessionFromRequest();
$this->instance = $instance;
$this->metadataSets = $metadataSets;
$this->log('Accessing discovery service.');
// standard discovery service parameters
if (!array_key_exists('entityID', $_GET)) {
throw new \Exception('Missing parameter: entityID');
} else {
$this->spEntityId = $_GET['entityID'];
}
if (!array_key_exists('returnIDParam', $_GET)) {
$this->returnIdParam = 'entityID';
} else {
$this->returnIdParam = $_GET['returnIDParam'];
}
$this->log('returnIdParam initially set to [' . $this->returnIdParam . ']');
if (!array_key_exists('return', $_GET)) {
throw new \Exception('Missing parameter: return');
} else {
$this->returnURL = Utils\HTTP::checkURLAllowed($_GET['return']);
}
$this->isPassive = false;
if (array_key_exists('isPassive', $_GET)) {
if ($_GET['isPassive'] === 'true') {
$this->isPassive = true;
}
}
$this->log('isPassive initially set to [' . ($this->isPassive ? 'TRUE' : 'FALSE') . ']');
if (array_key_exists('IdPentityID', $_GET)) {
$this->setIdPentityID = $_GET['IdPentityID'];
}
if (array_key_exists('IDPList', $_REQUEST)) {
$this->scopedIDPList = $_REQUEST['IDPList'];
}
}
/**
* Log a message.
*
* This is an helper function for logging messages. It will prefix the messages with our
* discovery service type.
*
* @param string $message The message which should be logged.
* @return void
*/
protected function log($message)
{
Logger::info('idpDisco.' . $this->instance . ': ' . $message);
}
/**
* Retrieve cookie with the given name.
*
* This function will retrieve a cookie with the given name for the current discovery
* service type.
*
* @param string $name The name of the cookie.
*
* @return string|null The value of the cookie with the given name, or null if no cookie with that name exists.
*/
protected function getCookie($name)
{
$prefixedName = 'idpdisco_' . $this->instance . '_' . $name;
if (array_key_exists($prefixedName, $_COOKIE)) {
return $_COOKIE[$prefixedName];
} else {
return null;
}
}
/**
* Save cookie with the given name and value.
*
* This function will save a cookie with the given name and value for the current discovery
* service type.
*
* @param string $name The name of the cookie.
* @param string $value The value of the cookie.
* @return void
*/
protected function setCookie($name, $value)
{
$prefixedName = 'idpdisco_' . $this->instance . '_' . $name;
$params = [
// we save the cookies for 90 days
'lifetime' => (60 * 60 * 24 * 90),
// the base path for cookies. This should be the installation directory for SimpleSAMLphp
'path' => $this->config->getBasePath(),
'httponly' => false,
];
Utils\HTTP::setCookie($prefixedName, $value, $params, false);
}
/**
* Validates the given IdP entity id.
*
* Takes a string with the IdP entity id, and returns the entity id if it is valid, or
* null if not.
*
* @param string|null $idp The entity id we want to validate. This can be null, in which case we will return null.
*
* @return string|null The entity id if it is valid, null if not.
*/
protected function validateIdP($idp)
{
if ($idp === null) {
return null;
}
if (!$this->config->getBoolean('idpdisco.validate', true)) {
return $idp;
}
foreach ($this->metadataSets as $metadataSet) {
try {
$this->metadata->getMetaData($idp, $metadataSet);
return $idp;
} catch (\Exception $e) {
// continue
}
}
$this->log('Unable to validate IdP entity id [' . $idp . '].');
// the entity id wasn't valid
return null;
}
/**
* Retrieve the users choice of IdP.
*
* This function finds out which IdP the user has manually chosen, if any.
*
* @return string|null The entity id of the IdP the user has chosen, or null if the user has made no choice.
*/
protected function getSelectedIdP()
{
/* Parameter set from the Extended IdP Metadata Discovery Service Protocol, indicating that the user prefers
* this IdP.
*/
if (!empty($this->setIdPentityID)) {
return $this->validateIdP($this->setIdPentityID);
}
// user has clicked on a link, or selected the IdP from a drop-down list
if (array_key_exists('idpentityid', $_GET)) {
return $this->validateIdP($_GET['idpentityid']);
}
/* Search for the IdP selection from the form used by the links view. This form uses a name which equals
* idp_<entityid>, so we search for that.
*
* Unfortunately, php replaces periods in the name with underscores, and there is no reliable way to get them
* back. Therefore we do some quick and dirty parsing of the query string.
*/
$qstr = $_SERVER['QUERY_STRING'];
$matches = [];
if (preg_match('/(?:^|&)idp_([^=]+)=/', $qstr, $matches)) {
return $this->validateIdP(urldecode($matches[1]));
}
// no IdP chosen
return null;
}
/**
* Retrieve the users saved choice of IdP.
*
* @return string|null The entity id of the IdP the user has saved, or null if the user hasn't saved any choice.
*/
protected function getSavedIdP()
{
if (!$this->config->getBoolean('idpdisco.enableremember', false)) {
// saving of IdP choices is disabled
return null;
}
if ($this->getCookie('remember') === '1') {
$this->log('Return previously saved IdP because of remember cookie set to 1');
return $this->getPreviousIdP();
}
if ($this->isPassive) {
$this->log('Return previously saved IdP because of isPassive');
return $this->getPreviousIdP();
}
return null;
}
/**
* Retrieve the previous IdP the user used.
*
* @return string|null The entity id of the previous IdP the user used, or null if this is the first time.
*/
protected function getPreviousIdP()
{
return $this->validateIdP($this->getCookie('lastidp'));
}
/**
* Retrieve a recommended IdP based on the IP address of the client.
*
* @return string|null The entity ID of the IdP if one is found, or null if not.
*/
protected function getFromCIDRhint()
{
foreach ($this->metadataSets as $metadataSet) {
$idp = $this->metadata->getPreferredEntityIdFromCIDRhint($metadataSet, $_SERVER['REMOTE_ADDR']);
if (!empty($idp)) {
return $idp;
}
}
return null;
}
/**
* Try to determine which IdP the user should most likely use.
*
* This function will first look at the previous IdP the user has chosen. If the user
* hasn't chosen an IdP before, it will look at the IP address.
*
* @return string|null The entity id of the IdP the user should most likely use.
*/
protected function getRecommendedIdP()
{
$idp = $this->getPreviousIdP();
if ($idp !== null) {
$this->log('Preferred IdP from previous use [' . $idp . '].');
return $idp;
}
$idp = $this->getFromCIDRhint();
if (!empty($idp)) {
$this->log('Preferred IdP from CIDR hint [' . $idp . '].');
return $idp;
}
return null;
}
/**
* Save the current IdP choice to a cookie.
*
* @param string $idp The entityID of the IdP.
* @return void
*/
protected function setPreviousIdP($idp)
{
assert(is_string($idp));
$this->log('Choice made [' . $idp . '] Setting cookie.');
$this->setCookie('lastidp', $idp);
}
/**
* Determine whether the choice of IdP should be saved.
*
* @return boolean True if the choice should be saved, false otherwise.
*/
protected function saveIdP()
{
if (!$this->config->getBoolean('idpdisco.enableremember', false)) {
// saving of IdP choices is disabled
return false;
}
if (array_key_exists('remember', $_GET)) {
return true;
}
return false;
}
/**
* Determine which IdP the user should go to, if any.
*
* @return string|null The entity id of the IdP the user should be sent to, or null if the user should choose.
*/
protected function getTargetIdP()
{
// first, check if the user has chosen an IdP
$idp = $this->getSelectedIdP();
if ($idp !== null) {
// the user selected this IdP. Save the choice in a cookie
$this->setPreviousIdP($idp);
if ($this->saveIdP()) {
$this->setCookie('remember', '1');
} else {
$this->setCookie('remember', '0');
}
return $idp;
}
$this->log('getSelectedIdP() returned null');
// check if the user has saved an choice earlier
$idp = $this->getSavedIdP();
if ($idp !== null) {
$this->log('Using saved choice [' . $idp . '].');
return $idp;
}
// the user has made no choice
return null;
}
/**
* Retrieve the list of IdPs which are stored in the metadata.
*
* @return array An array with entityid => metadata mappings.
*/
protected function getIdPList()
{
$idpList = [];
foreach ($this->metadataSets as $metadataSet) {
$newList = $this->metadata->getList($metadataSet);
/*
* Note that we merge the entities in reverse order. This ensures that it is the entity in the first
* metadata set that "wins" if two metadata sets have the same entity.
*/
$idpList = array_merge($newList, $idpList);
}
return $idpList;
}
/**
* Return the list of scoped idp
*
* @return array An array of IdP entities
*/
protected function getScopedIDPList()
{
return $this->scopedIDPList;
}
/**
* Filter the list of IdPs.
*
* This method returns the IdPs that comply with the following conditions:
* - The IdP does not have the 'hide.from.discovery' configuration option.
*
* @param array $list An associative array containing metadata for the IdPs to apply the filtering to.
*
* @return array An associative array containing metadata for the IdPs that were not filtered out.
*/
protected function filterList($list)
{
foreach ($list as $entity => $metadata) {
if (array_key_exists('hide.from.discovery', $metadata) && $metadata['hide.from.discovery'] === true) {
unset($list[$entity]);
}
}
return $list;
}
/**
* Check if an IdP is set or if the request is passive, and redirect accordingly.
*
* @return void If there is no IdP targeted and this is not a passive request.
*/
protected function start()
{
$idp = $this->getTargetIdP();
if ($idp !== null) {
$extDiscoveryStorage = $this->config->getString('idpdisco.extDiscoveryStorage', null);
if ($extDiscoveryStorage !== null) {
$this->log('Choice made [' . $idp . '] (Forwarding to external discovery storage)');
Utils\HTTP::redirectTrustedURL($extDiscoveryStorage, [
'entityID' => $this->spEntityId,
'IdPentityID' => $idp,
'returnIDParam' => $this->returnIdParam,
'isPassive' => 'true',
'return' => $this->returnURL
]);
} else {
$this->log(
'Choice made [' . $idp . '] (Redirecting the user back. returnIDParam='
. $this->returnIdParam . ')'
);
Utils\HTTP::redirectTrustedURL($this->returnURL, [$this->returnIdParam => $idp]);
}
}
if ($this->isPassive) {
$this->log('Choice not made. (Redirecting the user back without answer)');
Utils\HTTP::redirectTrustedURL($this->returnURL);
}
}
/**
* Handles a request to this discovery service.
*
* The IdP disco parameters should be set before calling this function.
* @return void
*/
public function handleRequest()
{
$this->start();
// no choice made. Show discovery service page
$idpList = $this->getIdPList();
$idpList = $this->filterList($idpList);
$preferredIdP = $this->getRecommendedIdP();
$idpintersection = array_intersect(array_keys($idpList), $this->getScopedIDPList());
if (sizeof($idpintersection) > 0) {
$idpList = array_intersect_key($idpList, array_fill_keys($idpintersection, null));
}
$idpintersection = array_values($idpintersection);
if (sizeof($idpintersection) == 1) {
$this->log(
'Choice made [' . $idpintersection[0] . '] (Redirecting the user back. returnIDParam=' .
$this->returnIdParam . ')'
);
Utils\HTTP::redirectTrustedURL(
$this->returnURL,
[$this->returnIdParam => $idpintersection[0]]
);
}
/*
* Make use of an XHTML template to present the select IdP choice to the user. Currently the supported options
* is either a drop down menu or a list view.
*/
switch ($this->config->getString('idpdisco.layout', 'links')) {
case 'dropdown':
$templateFile = 'selectidp-dropdown.php';
break;
case 'links':
$templateFile = 'selectidp-links.php';
break;
default:
throw new \Exception('Invalid value for the \'idpdisco.layout\' option.');
}
$t = new Template($this->config, $templateFile, 'disco');
$fallbackLanguage = 'en';
$defaultLanguage = $this->config->getString('language.default', $fallbackLanguage);
$translator = $t->getTranslator();
$language = $translator->getLanguage()->getLanguage();
$tryLanguages = [0 => $language, 1 => $defaultLanguage, 2 => $fallbackLanguage];
$newlist = [];
foreach ($idpList as $entityid => $data) {
$newlist[$entityid]['entityid'] = $entityid;
foreach ($tryLanguages as $lang) {
if ($name = $this->getEntityDisplayName($data, $lang)) {
$newlist[$entityid]['name'] = $name;
continue;
}
}
if (empty($newlist[$entityid]['name'])) {
$newlist[$entityid]['name'] = $entityid;
}
foreach ($tryLanguages as $lang) {
if (!empty($data['description'][$lang])) {
$newlist[$entityid]['description'] = $data['description'][$lang];
continue;
}
}
if (!empty($data['icon'])) {
$newlist[$entityid]['icon'] = $data['icon'];
$newlist[$entityid]['iconurl'] = Utils\HTTP::resolveURL($data['icon']);
}
}
usort(
$newlist,
/**
* @param array $idpentry1
* @param array $idpentry2
* @return int
*/
function (array $idpentry1, array $idpentry2) {
return strcasecmp($idpentry1['name'], $idpentry2['name']);
}
);
$t->data['idplist'] = $newlist;
$t->data['preferredidp'] = $preferredIdP;
$t->data['return'] = $this->returnURL;
$t->data['returnIDParam'] = $this->returnIdParam;
$t->data['entityID'] = $this->spEntityId;
$t->data['urlpattern'] = htmlspecialchars(Utils\HTTP::getSelfURLNoQuery());
$t->data['rememberenabled'] = $this->config->getBoolean('idpdisco.enableremember', false);
$t->show();
}
/**
* @param array $idpData
* @param string $language
* @return string|null
*/
private function getEntityDisplayName(array $idpData, string $language): ?string
{
if (isset($idpData['UIInfo']['DisplayName'][$language])) {
return $idpData['UIInfo']['DisplayName'][$language];
} elseif (isset($idpData['name'][$language])) {
return $idpData['name'][$language];
} elseif (isset($idpData['OrganizationDisplayName'][$language])) {
return $idpData['OrganizationDisplayName'][$language];
}
return null;
}
}
�����������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/XHTML/TemplateControllerInterface.php���������������������������0000644�0000000�0000000�00000001462�14042503475�024707� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
declare(strict_types=1);
namespace SimpleSAML\XHTML;
use Twig\Environment;
/**
* Interface that allows modules to run several hooks for templates.
*
* @package SimpleSAMLphp
*/
interface TemplateControllerInterface
{
/**
* Implement to modify the twig environment after its initialization (e.g. add filters or extensions).
*
* @param \Twig\Environment $twig The current twig environment.
*
* @return void
*/
public function setUpTwig(Environment &$twig);
/**
* Implement to add, delete or modify the data passed to the template.
*
* This method will be called right before displaying the template.
*
* @param array $data The current data used by the template.
*
* @return void
*/
public function display(&$data);
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/XHTML/TemplateLoader.php����������������������������������������0000644�0000000�0000000�00000005441�14042503475�022152� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
declare(strict_types=1);
namespace SimpleSAML\XHTML;
use SimpleSAML\Module;
/**
* This class extends the Twig\Loader\FilesystemLoader so that we can load templates from modules in twig, even
* when the main template is not part of a module (or the same one).
*
* @package simplesamlphp/simplesamlphp
*
* @psalm-suppress DeprecatedInterface This suppress may be removed when Twig 3.0 becomes the default
*/
class TemplateLoader extends \Twig\Loader\FilesystemLoader
{
/**
* This method adds a namespace dynamically so that we can load templates from modules whenever we want.
*
* {@inheritdoc}
*
* @param string $name
* @param bool $throw
* @return string|false|null
*/
protected function findTemplate($name, $throw = true)
{
list($namespace, $shortname) = $this->parseModuleName($name);
if (!in_array($namespace, $this->paths, true) && $namespace !== self::MAIN_NAMESPACE) {
$this->addPath(self::getModuleTemplateDir($namespace), $namespace);
}
return parent::findTemplate($name, $throw);
}
/**
* Parse the name of a template in a module.
*
* @param string $name The full name of the template, including namespace and template name / path.
* @param string $default
*
* @return array An array with the corresponding namespace and name of the template. The namespace defaults to
* \Twig\Loader\FilesystemLoader::MAIN_NAMESPACE, if none was specified in $name.
*/
protected function parseModuleName($name, $default = self::MAIN_NAMESPACE)
{
if (strpos($name, ':')) {
// we have our old SSP format
list($namespace, $shortname) = explode(':', $name, 2);
$shortname = strtr($shortname, [
'.tpl.php' => '.twig',
'.php' => '.twig',
]);
return [$namespace, $shortname];
}
return [$default, $name];
}
/**
* Get the template directory of a module, if it exists.
*
* @param string $module
* @return string The templates directory of a module.
*
* @throws \InvalidArgumentException If the module is not enabled or it has no templates directory.
*/
public static function getModuleTemplateDir($module)
{
if (!Module::isModuleEnabled($module)) {
throw new \InvalidArgumentException('The module \'' . $module . '\' is not enabled.');
}
$moduledir = Module::getModuleDir($module);
// check if module has a /templates dir, if so, append
$templatedir = $moduledir . '/templates';
if (!is_dir($templatedir)) {
throw new \InvalidArgumentException('The module \'' . $module . '\' has no templates directory.');
}
return $templatedir;
}
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Module.php������������������������������������������������������0000644�0000000�0000000�00000051447�14042503475�017610� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
declare(strict_types=1);
namespace SimpleSAML;
use SimpleSAML\Kernel;
use SimpleSAML\Utils;
use Symfony\Component\Config\Exception\FileLocatorFileNotFoundException;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\ResponseHeaderBag;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/**
* Helper class for accessing information about modules.
*
* @author Olav Morken <olav.morken@uninett.no>, UNINETT AS.
* @author Boy Baukema, SURFnet.
* @author Jaime Perez <jaime.perez@uninett.no>, UNINETT AS.
* @package SimpleSAMLphp
*/
class Module
{
/**
* Index pages: file names to attempt when accessing directories.
*
* @var array
*/
public static $indexFiles = ['index.php', 'index.html', 'index.htm', 'index.txt'];
/**
* MIME Types
*
* The key is the file extension and the value the corresponding MIME type.
*
* @var array
*/
public static $mimeTypes = [
'bmp' => 'image/x-ms-bmp',
'css' => 'text/css',
'gif' => 'image/gif',
'htm' => 'text/html',
'html' => 'text/html',
'shtml' => 'text/html',
'ico' => 'image/vnd.microsoft.icon',
'jpe' => 'image/jpeg',
'jpeg' => 'image/jpeg',
'jpg' => 'image/jpeg',
'js' => 'text/javascript',
'pdf' => 'application/pdf',
'png' => 'image/png',
'svg' => 'image/svg+xml',
'svgz' => 'image/svg+xml',
'swf' => 'application/x-shockwave-flash',
'swfl' => 'application/x-shockwave-flash',
'txt' => 'text/plain',
'xht' => 'application/xhtml+xml',
'xhtml' => 'application/xhtml+xml',
];
/**
* A list containing the modules currently installed.
*
* @var array
*/
public static $modules = [];
/**
* A cache containing specific information for modules, like whether they are enabled or not, or their hooks.
*
* @var array
*/
public static $module_info = [];
/**
* Retrieve the base directory for a module.
*
* The returned path name will be an absolute path.
*
* @param string $module Name of the module
*
* @return string The base directory of a module.
*/
public static function getModuleDir($module)
{
$baseDir = dirname(dirname(dirname(__FILE__))) . '/modules';
$moduleDir = $baseDir . '/' . $module;
return $moduleDir;
}
/**
* Determine whether a module is enabled.
*
* Will return false if the given module doesn't exist.
*
* @param string $module Name of the module
*
* @return bool True if the given module is enabled, false otherwise.
*
* @throws \Exception If module.enable is set and is not boolean.
*/
public static function isModuleEnabled($module)
{
$config = Configuration::getOptionalConfig();
return self::isModuleEnabledWithConf($module, $config->getArray('module.enable', []));
}
/**
* Handler for module requests.
*
* This controller receives requests for pages hosted by modules, and processes accordingly. Depending on the
* configuration and the actual request, it will run a PHP script and exit, or return a Response produced either
* by another controller or by a static file.
*
* @param Request|null $request The request to process. Defaults to the current one.
*
* @return Response|BinaryFileResponse Returns a Response object that can be sent to the browser.
* @throws Error\BadRequest In case the request URI is malformed.
* @throws Error\NotFound In case the request URI is invalid or the resource it points to cannot be found.
*/
public static function process(Request $request = null)
{
if ($request === null) {
$request = Request::createFromGlobals();
}
if ($request->server->get('PATH_INFO') === '/') {
throw new Error\NotFound('No PATH_INFO to module.php');
}
$url = $request->server->get('PATH_INFO');
assert(substr($url, 0, 1) === '/');
/* clear the PATH_INFO option, so that a script can detect whether it is called with anything following the
*'.php'-ending.
*/
unset($_SERVER['PATH_INFO']);
$modEnd = strpos($url, '/', 1);
if ($modEnd === false) {
$modEnd = strlen($url);
$module = substr($url, 1);
$url = '';
} else {
$module = substr($url, 1, $modEnd - 1);
$url = substr($url, $modEnd + 1);
}
if (!self::isModuleEnabled($module)) {
throw new Error\NotFound('The module \'' . $module . '\' was either not found, or wasn\'t enabled.');
}
/* Make sure that the request isn't suspicious (contains references to current directory or parent directory or
* anything like that. Searching for './' in the URL will detect both '../' and './'. Searching for '\' will
* detect attempts to use Windows-style paths.
*/
if (strpos($url, '\\') !== false) {
throw new Error\BadRequest('Requested URL contained a backslash.');
} elseif (strpos($url, './') !== false) {
throw new Error\BadRequest('Requested URL contained \'./\'.');
}
$config = Configuration::getInstance();
// rebuild REQUEST_URI and SCRIPT_NAME just in case we need to.
// This is needed for server aliases and rewrites
$translated_uri = $config->getBasePath() . 'module.php/' . $module . '/' . $url;
$request->server->set('REQUEST_URI', $translated_uri);
$request->server->set('SCRIPT_NAME', $config->getBasePath() . 'module.php');
// strip any NULL files (form file fields with nothing selected)
// because initialize() will throw an error on them
$request_files = array_filter(
$request->files->all(),
function ($val) {
return !is_null($val);
}
);
$request->initialize(
$request->query->all(),
$request->request->all(),
$request->attributes->all(),
$request->cookies->all(),
$request_files,
$request->server->all(),
$request->getContent()
);
if ($config->getBoolean('usenewui', false) === true) {
try {
$kernel = new Kernel($module);
$response = $kernel->handle($request);
$kernel->terminate($request, $response);
return $response;
} catch (FileLocatorFileNotFoundException $e) {
// no routes configured for this module, fall back to the old system
} catch (NotFoundHttpException $e) {
// this module has been migrated, but the route wasn't found
}
}
$moduleDir = self::getModuleDir($module) . '/www/';
// check for '.php/' in the path, the presence of which indicates that another php-script should handle the
// request
for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, '.php/', $phpPos + 1)) {
$newURL = substr($url, 0, $phpPos + 4);
$param = substr($url, $phpPos + 4);
if (is_file($moduleDir . $newURL)) {
/* $newPath points to a normal file. Point execution to that file, and save the remainder of the path
* in PATH_INFO.
*/
$url = $newURL;
$request->server->set('PATH_INFO', $param);
$_SERVER['PATH_INFO'] = $param;
break;
}
}
$path = $moduleDir . $url;
if ($path[strlen($path) - 1] === '/') {
// path ends with a slash - directory reference. Attempt to find index file in directory
foreach (self::$indexFiles as $if) {
if (file_exists($path . $if)) {
$path .= $if;
break;
}
}
}
if (is_dir($path)) {
/* Path is a directory - maybe no index file was found in the previous step, or maybe the path didn't end
* with a slash. Either way, we don't do directory listings.
*/
throw new Error\NotFound('Directory listing not available.');
}
if (!file_exists($path)) {
// file not found
Logger::info('Could not find file \'' . $path . '\'.');
throw new Error\NotFound('The URL wasn\'t found in the module.');
}
if (mb_strtolower(substr($path, -4), 'UTF-8') === '.php') {
// PHP file - attempt to run it
/* In some environments, $_SERVER['SCRIPT_NAME'] is already set with $_SERVER['PATH_INFO']. Check for that
* case, and append script name only if necessary.
*
* Contributed by Travis Hegner.
*/
$script = "/$module/$url";
if (strpos($request->getScriptName(), $script) === false) {
$request->server->set('SCRIPT_NAME', $request->getScriptName() . '/' . $module . '/' . $url);
}
require($path);
exit();
}
// some other file type - attempt to serve it
// find MIME type for file, based on extension
$contentType = null;
if (preg_match('#\.([^/\.]+)$#D', $path, $type)) {
$type = strtolower($type[1]);
if (array_key_exists($type, self::$mimeTypes)) {
$contentType = self::$mimeTypes[$type];
}
}
if ($contentType === null) {
/* We were unable to determine the MIME type from the file extension. Fall back to mime_content_type (if it
* exists).
*/
if (function_exists('mime_content_type')) {
$contentType = mime_content_type($path);
} else {
// mime_content_type doesn't exist. Return a default MIME type
Logger::warning('Unable to determine mime content type of file: ' . $path);
$contentType = 'application/octet-stream';
}
}
/** @psalm-var \SimpleSAML\Configuration $assetConfig */
$assetConfig = $config->getConfigItem('assets');
/** @psalm-var \SimpleSAML\Configuration $cacheConfig */
$cacheConfig = $assetConfig->getConfigItem('caching');
$response = new BinaryFileResponse($path);
$response->setCache([
// "public" allows response caching even if the request was authenticated,
// which is exactly what we want for static resources
'public' => true,
'max_age' => strval($cacheConfig->getInteger('max_age', 86400))
]);
$response->setAutoLastModified();
if ($cacheConfig->getBoolean('etag', false)) {
$response->setAutoEtag();
}
$response->isNotModified($request);
$response->headers->set('Content-Type', $contentType);
$response->setContentDisposition(ResponseHeaderBag::DISPOSITION_INLINE);
$response->prepare($request);
return $response;
}
/**
* @param string $module
* @param array $mod_config
* @return bool
*/
private static function isModuleEnabledWithConf(string $module, array $mod_config): bool
{
if (isset(self::$module_info[$module]['enabled'])) {
return self::$module_info[$module]['enabled'];
}
if (!empty(self::$modules) && !in_array($module, self::$modules, true)) {
return false;
}
$moduleDir = self::getModuleDir($module);
if (!is_dir($moduleDir)) {
self::$module_info[$module]['enabled'] = false;
return false;
}
if (isset($mod_config[$module])) {
if (is_bool($mod_config[$module])) {
self::$module_info[$module]['enabled'] = $mod_config[$module];
return $mod_config[$module];
}
throw new \Exception("Invalid module.enable value for the '$module' module.");
}
if (
assert_options(ASSERT_ACTIVE)
&& !file_exists($moduleDir . '/default-enable')
&& !file_exists($moduleDir . '/default-disable')
) {
Logger::error("Missing default-enable or default-disable file for the module $module");
}
if (file_exists($moduleDir . '/enable')) {
self::$module_info[$module]['enabled'] = true;
return true;
}
if (!file_exists($moduleDir . '/disable') && file_exists($moduleDir . '/default-enable')) {
self::$module_info[$module]['enabled'] = true;
return true;
}
self::$module_info[$module]['enabled'] = false;
return false;
}
/**
* Get available modules.
*
* @return array One string for each module.
*
* @throws \Exception If we cannot open the module's directory.
*/
public static function getModules()
{
if (!empty(self::$modules)) {
return self::$modules;
}
$path = self::getModuleDir('.');
$dh = scandir($path);
if ($dh === false) {
throw new \Exception('Unable to open module directory "' . $path . '".');
}
foreach ($dh as $f) {
if ($f[0] === '.') {
continue;
}
if (!is_dir($path . '/' . $f)) {
continue;
}
self::$modules[] = $f;
}
return self::$modules;
}
/**
* Resolve module class.
*
* This function takes a string on the form "<module>:<class>" and converts it to a class
* name. It can also check that the given class is a subclass of a specific class. The
* resolved classname will be "\SimleSAML\Module\<module>\<$type>\<class>.
*
* It is also possible to specify a full classname instead of <module>:<class>.
*
* An exception will be thrown if the class can't be resolved.
*
* @param string $id The string we should resolve.
* @param string $type The type of the class.
* @param string|null $subclass The class should be a subclass of this class. Optional.
*
* @return string The classname.
*
* @throws \Exception If the class cannot be resolved.
*/
public static function resolveClass($id, $type, $subclass = null)
{
assert(is_string($id));
assert(is_string($type));
assert(is_string($subclass) || $subclass === null);
$tmp = explode(':', $id, 2);
if (count($tmp) === 1) {
// no module involved
$className = $tmp[0];
if (!class_exists($className)) {
throw new \Exception("Could not resolve '$id': no class named '$className'.");
}
} else {
// should be a module
// make sure empty types are handled correctly
$type = (empty($type)) ? '\\' : '\\' . $type . '\\';
$className = 'SimpleSAML\\Module\\' . $tmp[0] . $type . $tmp[1];
if (!class_exists($className)) {
// check for the old-style class names
$type = str_replace('\\', '_', $type);
$oldClassName = 'sspmod_' . $tmp[0] . $type . $tmp[1];
if (!class_exists($oldClassName)) {
throw new \Exception("Could not resolve '$id': no class named '$className' or '$oldClassName'.");
}
$className = $oldClassName;
}
}
if ($subclass !== null && !is_subclass_of($className, $subclass)) {
throw new \Exception(
'Could not resolve \'' . $id . '\': The class \'' . $className
. '\' isn\'t a subclass of \'' . $subclass . '\'.'
);
}
return $className;
}
/**
* Get absolute URL to a specified module resource.
*
* This function creates an absolute URL to a resource stored under ".../modules/<module>/www/".
*
* @param string $resource Resource path, on the form "<module name>/<resource>"
* @param array $parameters Extra parameters which should be added to the URL. Optional.
*
* @return string The absolute URL to the given resource.
*/
public static function getModuleURL($resource, array $parameters = [])
{
assert(is_string($resource));
assert($resource[0] !== '/');
$url = Utils\HTTP::getBaseURL() . 'module.php/' . $resource;
if (!empty($parameters)) {
$url = Utils\HTTP::addURLParameters($url, $parameters);
}
return $url;
}
/**
* Get the available hooks for a given module.
*
* @param string $module The module where we should look for hooks.
*
* @return array An array with the hooks available for this module. Each element is an array with two keys: 'file'
* points to the file that contains the hook, and 'func' contains the name of the function implementing that hook.
* When there are no hooks defined, an empty array is returned.
*/
public static function getModuleHooks($module)
{
if (isset(self::$modules[$module]['hooks'])) {
return self::$modules[$module]['hooks'];
}
$hook_dir = self::getModuleDir($module) . '/hooks';
if (!is_dir($hook_dir)) {
return [];
}
$hooks = [];
$files = scandir($hook_dir);
foreach ($files as $file) {
if ($file[0] === '.') {
continue;
}
if (!preg_match('/hook_(\w+)\.php/', $file, $matches)) {
continue;
}
$hook_name = $matches[1];
$hook_func = $module . '_hook_' . $hook_name;
$hooks[$hook_name] = ['file' => $hook_dir . '/' . $file, 'func' => $hook_func];
}
return $hooks;
}
/**
* Call a hook in all enabled modules.
*
* This function iterates over all enabled modules and calls a hook in each module.
*
* @param string $hook The name of the hook.
* @param mixed &$data The data which should be passed to each hook. Will be passed as a reference.
* @return void
*
* @throws \SimpleSAML\Error\Exception If an invalid hook is found in a module.
*/
public static function callHooks($hook, &$data = null)
{
assert(is_string($hook));
$modules = self::getModules();
$config = Configuration::getOptionalConfig()->getArray('module.enable', []);
sort($modules);
foreach ($modules as $module) {
if (!self::isModuleEnabledWithConf($module, $config)) {
continue;
}
if (!isset(self::$module_info[$module]['hooks'])) {
self::$module_info[$module]['hooks'] = self::getModuleHooks($module);
}
if (
!isset(self::$module_info[$module]['hooks'][$hook])
|| empty(self::$module_info[$module]['hooks'][$hook])
) {
continue;
}
require_once(self::$module_info[$module]['hooks'][$hook]['file']);
if (!is_callable(self::$module_info[$module]['hooks'][$hook]['func'])) {
throw new Error\Exception('Invalid hook \'' . $hook . '\' for module \'' . $module . '\'.');
}
$fn = self::$module_info[$module]['hooks'][$hook]['func'];
$fn($data);
}
}
/**
* Handle a valid request for a module that lacks a trailing slash.
*
* This method add the trailing slash and redirects to the resulting URL.
*
* @param Request $request The request to process by this controller method.
*
* @return RedirectResponse A redirection to the URI specified in the request, but with a trailing slash.
*/
public static function addTrailingSlash(Request $request)
{
// Must be of form /{module} - append a slash
return new RedirectResponse($request->getRequestUri() . '/', 308);
}
/**
* Handle a valid request that ends with a trailing slash.
*
* This method removes the trailing slash and redirects to the resulting URL.
*
* @param Request $request The request to process by this controller method.
*
* @return RedirectResponse A redirection to the URI specified in the request, but without the trailing slash.
*/
public static function removeTrailingSlash(Request $request)
{
$pathInfo = $request->server->get('PATH_INFO');
$url = str_replace($pathInfo, rtrim($pathInfo, ' /'), $request->getRequestUri());
return new RedirectResponse($url, 308);
}
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Stats/����������������������������������������������������������0000755�0000000�0000000�00000000000�14042503475�016735� 5����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Stats/Output.php������������������������������������������������0000644�0000000�0000000�00000001070�14042503475�020744� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
declare(strict_types=1);
namespace SimpleSAML\Stats;
use SimpleSAML\Configuration;
/**
* Interface for statistics outputs.
*
* @package SimpleSAMLphp
*/
abstract class Output
{
/**
* Initialize the output.
*
* @param \SimpleSAML\Configuration $config The configuration for this output.
*/
public function __construct(Configuration $config)
{
// do nothing by default
}
/**
* Write a stats event.
*
* @param array $data The event.
*/
abstract public function emit(array $data);
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������simplesamlphp-1.19.1/lib/SimpleSAML/Utilities.php���������������������������������������������������0000644�0000000�0000000�00000061547�14042503475�020340� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?php
declare(strict_types=1);
namespace SimpleSAML;
use SimpleSAML\Error\Error;
/**
* Misc static functions that is used several places.in example parsing and id generation.
*
* @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
* @package SimpleSAMLphp
*
* @deprecated This entire class will be removed in SimpleSAMLphp 2.0.
*/
class Utilities
{
/**
* @deprecated This property will be removed in SSP 2.0. Please use SimpleSAML\Logger::isErrorMasked() instead.
* @var int
*/
public static $logMask = 0;
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getSelfHost() instead.
* @return string
*/
public static function getSelfHost()
{
return \SimpleSAML\Utils\HTTP::getSelfHost();
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getSelfURLHost() instead.
* @return string
*/
public static function selfURLhost()
{
return \SimpleSAML\Utils\HTTP::getSelfURLHost();
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::isHTTPS() instead.
* @return bool
*/
public static function isHTTPS()
{
return \SimpleSAML\Utils\HTTP::isHTTPS();
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getSelfURLNoQuery()
* instead.
* @return string
*/
public static function selfURLNoQuery()
{
return \SimpleSAML\Utils\HTTP::getSelfURLNoQuery();
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getSelfHostWithPath()
* instead.
* @return string
*/
public static function getSelfHostWithPath()
{
return \SimpleSAML\Utils\HTTP::getSelfHostWithPath();
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getFirstPathElement()
* instead.
* @param bool $trailingslash
* @return string
*/
public static function getFirstPathElement($trailingslash = true)
{
return \SimpleSAML\Utils\HTTP::getFirstPathElement($trailingslash);
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getSelfURL() instead.
* @return string
*/
public static function selfURL()
{
return \SimpleSAML\Utils\HTTP::getSelfURL();
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::getBaseURL() instead.
* @return string
*/
public static function getBaseURL()
{
return \SimpleSAML\Utils\HTTP::getBaseURL();
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::addURLParameters() instead.
* @param string $url
* @param array $parameters
* @return string
*/
public static function addURLparameter($url, $parameters)
{
return \SimpleSAML\Utils\HTTP::addURLParameters($url, $parameters);
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Utils\HTTP::checkURLAllowed() instead.
* @param string $url
* @param array|null $trustedSites
* @return string
*/
public static function checkURLAllowed($url, array $trustedSites = null)
{
return \SimpleSAML\Utils\HTTP::checkURLAllowed($url, $trustedSites);
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Auth\State::parseStateID() instead.
* @param string $stateId
* @return array
*/
public static function parseStateID($stateId)
{
return \SimpleSAML\Auth\State::parseStateID($stateId);
}
/**
* @deprecated This method will be removed in SSP 2.0.
* @param string|null $start
* @param string|null $end
* @return bool
*/
public static function checkDateConditions($start = null, $end = null)
{
$currentTime = time();
if (!empty($start)) {
$startTime = \SAML2\Utils::xsDateTimeToTimestamp($start);
// Allow for a 10 minute difference in Time
if (($startTime < 0) || (($startTime - 600) > $currentTime)) {
return false;
}
}
if (!empty($end)) {
$endTime = \SAML2\Utils::xsDateTimeToTimestamp($end);
if (($endTime < 0) || ($endTime <= $currentTime)) {
return false;
}
}
return true;
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\Random::generateID() instead.
* @return string
*/
public static function generateID()
{
return \SimpleSAML\Utils\Random::generateID();
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Utils\Time::generateTimestamp()
* instead.
* @param int|null $instant
* @return string
*/
public static function generateTimestamp($instant = null)
{
return \SimpleSAML\Utils\Time::generateTimestamp($instant);
}
/**
* @deprecated This method will be removed in SSP 2.0. Please use \SimpleSAML\Utils\Time::parseDuration() instead.
* @param string $duration
* @param int|null $timestamp
* @return int
*/
public static function parseDuration($duration, $timestamp = null)
{
return \SimpleSAML\Utils\Time::parseDuration($duration, $timestamp);
}
/**
* @deprecated This method will be removed in SSP 2.0. Please raise a SimpleSAML\Error\Error exception instead.
* @param string $trackId
* @param int|null $errorCode
* @param \Exception|null $e
* @throws \SimpleSAML\Error\Error
* @return void
*/
public static function fatalError($trackId = 'na', $errorCode = null, \Exception $e = null)
{
throw new \SimpleSAML\Error\Error($errorCode, $e);
}
/**
* @deprecated This method will be removed in version 2.0. Use SimpleSAML\Utils\Net::ipCIDRcheck() instead.
* @param string $cidr
* @param string|null $ip
* @return bool
*/
public static function ipCIDRcheck($cidr, $ip = null)
{
return \SimpleSAML\Utils\Net::ipCIDRcheck($cidr, $ip);
}
/**
* @param string $url
* @param array $parameters
* @return void
*/
private static function doRedirect(string $url, array $parameters = []): void
{
if (!empty($parameters)) {
$url = self::addURLparameter($url, $parameters);
}
/* Set the HTTP result code. This is either 303 See Other or
* 302 Found. HTTP 303 See Other is sent if the HTTP version
* is HTTP/1.1 and the request type was a POST request.
*/
if ($_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1' &&
$_SERVER['REQUEST_METHOD'] === 'POST'
) {
$code = 303;
} else {
$code = 302;
}
if (strlen($url) > 2048) {
\SimpleSAML\Logger::warning('Redirecting to a URL longer than 2048 bytes.');
}
// Set the location header
header('Location: '.$url, true, $code);
// Disable caching of this response
header('Pragma: no-cache');
header('Cache-Control: no-cache, must-revalidate');
// Show a minimal web page with a clickable link to the URL
echo '<?xml version="1.0" encoding="UTF-8"?>'."\n";
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"'.
' "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'."\n";
echo '<html xmlns="http://www.w3.org/1999/xhtml">';
echo '<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Redirect
';
echo '';
echo 'Redirect
';
echo '';
echo 'You were redirected to: ';
echo ''.htmlspecialchars($url).'';
echo '';
echo '
';
echo '';
echo '