本文整理汇总了PHP中SimpleSAML_Auth_Source::completeAuth方法的典型用法代码示例。如果您正苦于以下问题:PHP SimpleSAML_Auth_Source::completeAuth方法的具体用法?PHP SimpleSAML_Auth_Source::completeAuth怎么用?PHP SimpleSAML_Auth_Source::completeAuth使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SimpleSAML_Auth_Source的用法示例。
在下文中一共展示了SimpleSAML_Auth_Source::completeAuth方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: handleLogin
public static function handleLogin($authStateId, $xmlToken)
{
assert('is_string($authStateId)');
$config = SimpleSAML_Configuration::getInstance();
$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$idp_key = $autoconfig->getValue('idp_key');
$idp_pass = $autoconfig->getValue('idp_key_pass', NULL);
$sts_crt = $autoconfig->getValue('sts_crt');
$Infocard = $autoconfig->getValue('InfoCard');
$infocard = new sspmod_InfoCard_RP_InfoCard();
$infocard->addIDPKey($idp_key, $idp_pass);
$infocard->addSTSCertificate($sts_crt);
if (!$xmlToken) {
SimpleSAML_Logger::debug("XMLtoken: " . $xmlToken);
} else {
SimpleSAML_Logger::debug("NOXMLtoken: " . $xmlToken);
}
$claims = $infocard->process($xmlToken);
if ($claims->isValid()) {
$attributes = array();
foreach ($Infocard['requiredClaims'] as $claim => $data) {
$attributes[$claim] = array($claims->{$claim});
}
foreach ($Infocard['optionalClaims'] as $claim => $data) {
$attributes[$claim] = array($claims->{$claim});
}
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
$state['Attributes'] = $attributes;
unset($infocard);
unset($claims);
SimpleSAML_Auth_Source::completeAuth($state);
} else {
unset($infocard);
unset($claims);
return 'wrong_IC';
}
}示例2: check_credentials
/**
* Check the credentials that the user got from the A-Select server.
* This function is called after the user returns from the A-Select server.
*
* @author Wessel Dankers, Tilburg University
*/
function check_credentials()
{
if (!array_key_exists('ssp_state', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing ssp_state parameter"));
}
$id = $_REQUEST['ssp_state'];
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($id);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');
if (!array_key_exists('a-select-server', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing a-select-server parameter"));
}
$server_id = $_REQUEST['a-select-server'];
if (!array_key_exists('aselect_credentials', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter"));
}
$credentials = $_REQUEST['aselect_credentials'];
if (!array_key_exists('rid', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter"));
}
$rid = $_REQUEST['rid'];
try {
if (!array_key_exists('aselect::authid', $state)) {
throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state");
}
$authid = $state['aselect::authid'];
$aselect = SimpleSAML_Auth_Source::getById($authid);
if (is_null($aselect)) {
throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}");
}
$creds = $aselect->verify_credentials($server_id, $credentials, $rid);
if (array_key_exists('attributes', $creds)) {
$state['Attributes'] = $creds['attributes'];
} else {
$res = $creds['res'];
$state['Attributes'] = array('uid' => array($res['uid']), 'organization' => array($res['organization']));
}
} catch (Exception $e) {
SimpleSAML_Auth_State::throwException($state, $e);
}
SimpleSAML_Auth_Source::completeAuth($state);
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component"));
}示例3: onProcessingCompleted
/**
* Called when we have completed the procssing chain.
*
* @param array $authProcState The processing chain state.
*/
public static function onProcessingCompleted(array $authProcState)
{
assert('array_key_exists("saml:sp:IdP", $authProcState)');
assert('array_key_exists("saml:sp:State", $authProcState)');
assert('array_key_exists("Attributes", $authProcState)');
$idp = $authProcState['saml:sp:IdP'];
$state = $authProcState['saml:sp:State'];
$sourceId = $state['saml:sp:AuthId'];
$source = SimpleSAML_Auth_Source::getById($sourceId);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $sourceId);
}
/* Register a callback that we can call if we receive a logout request from the IdP. */
$source->addLogoutCallback($idp, $state);
$state['Attributes'] = $authProcState['Attributes'];
if (isset($state['saml:sp:isUnsolicited']) && (bool) $state['saml:sp:isUnsolicited']) {
if (!empty($state['saml:sp:RelayState'])) {
$redirectTo = $state['saml:sp:RelayState'];
} else {
$redirectTo = $source->getMetadata()->getString('RelayState', '/');
}
self::handleUnsolicitedAuth($sourceId, $state, $redirectTo);
}
SimpleSAML_Auth_Source::completeAuth($state);
}示例4: handleLogin
/**
* Handle login request.
*
* This function is used by the login form (core/www/loginuserpass.php) when the user
* enters a username and password. On success, it will not return. On wrong
* username/password failure, and other errors, it will throw an exception.
*
* @param string $authStateId The identifier of the authentication state.
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
*/
public static function handleLogin($authStateId, $username, $password)
{
assert('is_string($authStateId)');
assert('is_string($username)');
assert('is_string($password)');
/* Here we retrieve the state array we saved in the authenticate-function. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
/* Retrieve the authentication source we are executing. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
/*
* $source now contains the authentication source on which authenticate()
* was called. We should call login() on the same authentication source.
*/
/* Attempt to log in. */
try {
$attributes = $source->login($username, $password);
} catch (Exception $e) {
SimpleSAML_Logger::stats('Unsuccessful login attempt from ' . $_SERVER['REMOTE_ADDR'] . '.');
throw $e;
}
SimpleSAML_Logger::stats('User \'' . $username . '\' has been successfully authenticated.');
/* Save the attributes we received from the login-function in the $state-array. */
assert('is_array($attributes)');
$state['Attributes'] = $attributes;
/* Return control to simpleSAMLphp after successful authentication. */
SimpleSAML_Auth_Source::completeAuth($state);
}示例5: resume
public static function resume()
{
$request = Request::fromString($_SERVER['REQUEST_METHOD'] . ' ' . self::requesturi());
if (!($state_id = $request->getQuery('state'))) {
throw new SimpleSAML_Error_BadRequest('Missing "state" parameter.');
}
$state = SimpleSAML_Auth_State::loadState($state_id, 'dataportenoauth2:Connect');
/*
* Now we have the $state-array, and can use it to locate the authentication
* source.
*/
$source = SimpleSAML_Auth_Source::getById($state['dataportenoauth2:AuthID']);
if ($source === NULL) {
/*
* The only way this should fail is if we remove or rename the authentication source
* while the user is at the login page.
*/
throw new SimpleSAML_Error_Exception('Could not find authentication source.');
}
if (!($code = $request->getQuery('code'))) {
/**
* Throwing error if no code is being sent.
*/
throw new SimpleSAML_Error_Exception('No code was sent from origin.');
}
/*
* Make sure that we haven't switched the source type while the
* user was at the authentication page. This can only happen if we
* change config/authsources.php while an user is logging in.
*/
if (!$source instanceof self) {
throw new SimpleSAML_Error_Exception('Authentication source type changed.');
}
$oauth_client = new OAuth2($source->getConfig());
$access_token = $oauth_client->get_access_token($state_id, $code);
$identity = $oauth_client->get_identity($access_token, self::$user_endpoint);
if (count($identity) < 1) {
/**
* The user isn't authenticated
*/
throw new SimpleSAML_Error_Exception('User not authenticated after login attempt.', $e->getCode(), $e);
}
$state['Attributes'] = self::getAttributes($identity);
SimpleSAML_Auth_Source::completeAuth($state);
/*
* The completeAuth-function never returns, so we never get this far.
*/
assert('FALSE');
}示例6: delegateAuthentication
/**
* Delegate authentication.
*
* This method is called once the user has choosen one authentication
* source. It saves the selected authentication source in the session
* to be able to logout properly. Then it calls the authenticate method
* on such selected authentication source.
*
* @param string $authId Selected authentication source
* @param array $state Information about the current authentication.
*/
public static function delegateAuthentication($authId, $state)
{
assert('is_string($authId)');
assert('is_array($state)');
$as = SimpleSAML_Auth_Source::getById($authId);
if ($as === NULL) {
throw new Exception('Invalid authentication source: ' . $authId);
}
/* Save the selected authentication source for the logout process. */
$session = SimpleSAML_Session::getSessionFromRequest();
$session->setData(self::SESSION_SOURCE, $state[self::AUTHID], $authId, SimpleSAML_Session::DATA_TIMEOUT_SESSION_END);
try {
$as->authenticate($state);
} catch (SimpleSAML_Error_Exception $e) {
SimpleSAML_Auth_State::throwException($state, $e);
} catch (Exception $e) {
$e = new SimpleSAML_Error_UnserializableException($e);
SimpleSAML_Auth_State::throwException($state, $e);
}
SimpleSAML_Auth_Source::completeAuth($state);
}示例7: handleUserPassLogin
/**
* Handle username-password login request.
*
* This function is used by the login form (www/loginuserpass.php) when the user
* enters a username and password. On success, it will not return. If an error occurs,
* it will return the error code.
*
* @param string $authStateId The identifier of the authentication state.
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @return string Error code in the case of an error.
*/
public static function handleUserPassLogin($authStateId, $username, $password)
{
assert('is_string($authStateId)');
assert('is_string($username)');
assert('is_string($password)');
/* Here we retrieve the state array we saved in the authenticate-function. */
$state = SimpleSAML_Auth_State::loadState($authStateId, sspmod_authTiqr_Auth_Tiqr::STAGEID);
/* Retrieve the authentication source we are executing. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[sspmod_authTiqr_Auth_Tiqr::USERPASSSOURCEID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[sspmod_authTiqr_Auth_Tiqr::USERPASSSOURCEID]);
}
/*
* $source now contains the authentication source on which authenticate()
* was called. We should call login() on the same authentication source.
*/
try {
/* Attempt to log in. */
$attributes = $source->login($username, $password);
} catch (SimpleSAML_Error_Error $e) {
/*
* Login failed. Return the error code to the login form, so that it
* can display an error message to the user.
*/
return $e->getErrorCode();
}
/* Save the attributes we received from the login-function in the $state-array. */
assert('is_array($attributes)');
$state['Attributes'] = $attributes;
/* Return control to simpleSAMLphp after successful authentication. */
SimpleSAML_Auth_Source::completeAuth($state);
}示例8: handleLogin
/**
* Handle login request.
*
* This function is used by the login form (core/www/loginuserpass.php) when the user
* enters a username and password. On success, it will not return. On wrong
* username/password failure, it will return the error code. Other failures will throw an
* exception.
*
* @param string $authStateId The identifier of the authentication state.
* @param string $otp The one time password entered-
* @return string Error code in the case of an error.
*/
public static function handleLogin($authStateId, $otp)
{
assert('is_string($authStateId)');
assert('is_string($otp)');
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
try {
/* Attempt to log in. */
$attributes = $source->login($otp);
} catch (SimpleSAML_Error_Error $e) {
/* An error occurred during login. Check if it is because of the wrong
* username/password - if it is, we pass that error up to the login form,
* if not, we let the generic error handler deal with it.
*/
if ($e->getErrorCode() === 'WRONGUSERPASS') {
return 'WRONGUSERPASS';
}
/* Some other error occurred. Rethrow exception and let the generic error
* handler deal with it.
*/
throw $e;
}
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
}示例9: resume
/**
* Resume authentication process.
*
* This function resumes the authentication process after the user has
* entered his or her credentials.
*
* @param array &$state The authentication state.
*/
public static function resume()
{
$request = Request::fromString($_SERVER['REQUEST_METHOD'] . ' ' . self::requesturi());
if (!($stateId = $request->getQuery('state'))) {
throw new SimpleSAML_Error_BadRequest('Missing "state" parameter.');
}
$state = SimpleSAML_Auth_State::loadState($stateId, 'openidconnect:Connect');
/*
* Now we have the $state-array, and can use it to locate the authentication
* source.
*/
$source = SimpleSAML_Auth_Source::getById($state['openidconnect:AuthID']);
if ($source === NULL) {
/*
* The only way this should fail is if we remove or rename the authentication source
* while the user is at the login page.
*/
throw new SimpleSAML_Error_Exception('Could not find authentication source.');
}
/*
* Make sure that we haven't switched the source type while the
* user was at the authentication page. This can only happen if we
* change config/authsources.php while an user is logging in.
*/
if (!$source instanceof self) {
throw new SimpleSAML_Error_Exception('Authentication source type changed.');
}
// The library has its own state manager but we're using SSP's.
// We've already validated the state, so let's get the token.
$tokenDispatcher = new Dispatcher();
$tokenRequest = new TokenRequest();
$clientInfo = new ClientInfo();
$clientInfo->fromArray(reset($source->getConfig()));
$tokenRequest->setClientInfo($clientInfo);
$tokenRequest->setCode($request->getQuery('code'));
$tokenRequest->setGrantType('authorization_code');
$tokenDispatcher->setOptions(['http_options' => ['sslcapath' => $source->sslcapath]]);
$tokenResponse = $tokenDispatcher->sendTokenRequest($tokenRequest);
$userDispatcher = new InfoDispatcher();
$userDispatcher->setOptions(['http_options' => ['sslcapath' => $source->sslcapath]]);
$infoRequest = new InfoRequest();
$infoRequest->setClientInfo($clientInfo);
$infoRequest->setAccessToken($tokenResponse->getAccessToken());
try {
$infoResponse = $userDispatcher->sendUserInfoRequest($infoRequest);
$user = $infoResponse->getClaims();
} catch (Exception $e) {
/*
* The user isn't authenticated.
*
* Here we simply throw an exception, but we could also redirect the user back to the
* login page.
*/
throw new SimpleSAML_Error_Exception('User not authenticated after login attempt.', $e->getCode(), $e);
}
/*
* So, we have a valid user. Time to resume the authentication process where we
* paused it in the authenticate()-function above.
*/
$state['Attributes'] = self::getAttributes($user);
SimpleSAML_Auth_Source::completeAuth($state);
/*
* The completeAuth-function never returns, so we never get this far.
*/
assert('FALSE');
}示例10: resume
public static function resume()
{
if (!isset($_REQUEST['State'])) {
throw new SimpleSAML_Error_BadRequest('Missing "State" parameter.');
}
$state = SimpleSAML_Auth_State::loadState($_REQUEST['State'], 'negotiateserver:Negotiate');
$source = SimpleSAML_Auth_Source::getById($state['negotiateserver:AuthID']);
if ($source === NULL) {
throw new SimpleSAML_Error_Exception('Could not find authentication source with id ' . $state[self::authId]);
}
if (!$source instanceof self) {
throw new SimpleSAML_Error_Exception('Authentication source type changed.');
}
if (empty($state['UserIdentifier'])) {
throw new SimpleSAML_Error_Exception('User identifier is empty or not set.');
}
$attributes = $source->getUserAttributes($state['UserIdentifier']);
if ($attributes === NULL) {
throw new SimpleSAML_Error_Exception('User not authenticated after login page.');
}
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
assert('FALSE');
}示例11: finalStep
/**
* Called by linkback, to finish validate/ finish logging in.
* @param state $state
* @return list username, casattributes/ldap attributes
*/
public function finalStep(&$state) {
global $mysqli;
$ticket = $state['cas:ticket'];
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
$service = SimpleSAML_Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
list($username, $casattributes) = $this->casValidation($ticket, $service);
//recherche du login gepi
$path = dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__))))))));
require_once($path."/secure/connect.inc.php");
// Database connection
require_once($path."/lib/mysql.inc");
if ($this->_champ_cas_uid_retour == 'username') {
$uid = $username;
} else {
$uid = $casattributes['uid'];
}
$requete = 'SELECT '.$this->_search_table_gepi_login_column.' FROM '.$this->_search_table_name.' WHERE '.$this->_search_table_cas_uid_column.'=\''.$uid.'\'';
$result = $mysqli->query($requete);
$valeur = $result->fetch_array(MYSQLI_NUM);
if (!$valeur) {
//utilisateur non trouvé dans la base gepi, l'authentification a échoué
SimpleSAML_Logger::error('gepicas:' . $this->authId .
': not authenticated. User is in the CAS but not in the gepi local database.');
throw new SimpleSAML_Error_UserNotFound('Utilisateur non trouve dans la base locale');
}
$attributes['login'] = array($valeur[0]);
$attributes['login_gepi'] = array($valeur[0]);
# On interroge la base de données pour récupérer des attributs qu'on va retourner
# Cela ne sert pas à gepi directement mais à des services qui peuvent s'appuyer sur gepi pour l'athentification
$query = $mysqli->query("SELECT nom, prenom, email, statut FROM utilisateurs WHERE (login = '".$attributes['login_gepi'][0]."')");
$row = $query->fetch_object();
$attributes['nom'] = array($row->nom);
$attributes['prenom'] = array($row->prenom);
$attributes['statut'] = array($row->statut);
$attributes['email'] = array($row->email);
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
}示例12: completeLogin
public static function completeLogin($authStateId)
{
$state = self::_validateAuthState($authStateId);
$server = self::getServer(false);
$session = SimpleSAML_Session::getSessionFromRequest();
$sessionId = $session->getSessionId();
$user = $server->getAuthenticatedUser($sessionId);
if (empty($user)) {
$url = SimpleSAML_Module::getModuleURL('authTiqr/login.php');
SimpleSAML_Utilities::redirect($url, array('AuthState' => $authStateId));
} else {
if (!isset($state["tiqrUser"])) {
// Single factor. We can now continue to login.
$attributes = array('uid' => array($user), 'displayName' => array(self::getUserStorage()->getDisplayName($user)));
$attributes = array_merge($attributes, self::getUserStorage()->getAdditionalAttributes($user));
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
} else {
// Two factor, we can now complete the processing filter process.
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
}
}示例13: onProcessingCompleted
/**
* Called when we have completed the procssing chain.
*
* @param array $authProcState The processing chain state.
*/
public static function onProcessingCompleted(array $authProcState)
{
assert('array_key_exists("saml2:sp:IdP", $authProcState)');
assert('array_key_exists("saml2:sp:State", $authProcState)');
assert('array_key_exists("Attributes", $authProcState)');
$idp = $authProcState['saml2:sp:IdP'];
$state = $authProcState['saml2:sp:State'];
$sourceId = $state[sspmod_saml2_Auth_Source_SP::AUTHID];
$source = SimpleSAML_Auth_Source::getById($sourceId);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $sourceId);
}
/* Register a callback that we can call if we receive a logout request from the IdP. */
$source->addLogoutCallback($idp, $state);
$state['Attributes'] = $authProcState['Attributes'];
SimpleSAML_Auth_Source::completeAuth($state);
}示例14: finalStep
public function finalStep(&$state)
{
$credentials = $state['aselect:credentials'];
$rid = $state['aselect:rid'];
assert('isset($credentials)');
assert('isset($rid)');
$params = array('request' => 'verify_credentials', 'rid' => $rid, 'a-select-server' => $this->asconfig['serverid'], 'aselect_credentials' => $credentials);
if ($this->asconfig['type'] == 'cross') {
$params['local_organization'] = $this->asconfig['local_organization'];
}
$url = SimpleSAML_Utilities::addURLparameter($this->asconfig['serverurl'], $params);
$parms = $this->as_call($url);
$attributes = array('uid' => array($parms['uid']));
if (array_key_exists('attributes', $parms)) {
$decoded = base64_decode($parms['attributes']);
foreach (explode('&', $decoded) as $parm) {
$tuple = explode('=', $parm);
$name = urldecode($tuple[0]);
if (preg_match('/\\[\\]$/', $name)) {
$name = substr($name, 0, -2);
}
if (!array_key_exists($name, $attributes)) {
$attributes[$name] = array();
}
$attributes[$name][] = urldecode($tuple[1]);
}
}
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
}示例15: Exception
<?php
/**
* Handle linkback() response from LinkedIn.
*/
if (array_key_exists('stateid', $_REQUEST)) {
$stateId = $_REQUEST['stateid'];
} else {
throw new Exception('Lost OAuth Client State');
}
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authlinkedin_Auth_Source_LinkedIn::STAGE_INIT);
// http://developer.linkedin.com/docs/DOC-1008#2_Redirect_the_User_to_our_Authorization_Server
if (array_key_exists('oauth_verifier', $_REQUEST)) {
$state['authlinkedin:oauth_verifier'] = $_REQUEST['oauth_verifier'];
} else {
throw new Exception('OAuth verifier not returned.');
}
/* Find authentication source. */
assert('array_key_exists(sspmod_authlinkedin_Auth_Source_LinkedIn::AUTHID, $state)');
$sourceId = $state[sspmod_authlinkedin_Auth_Source_LinkedIn::AUTHID];
$source = SimpleSAML_Auth_Source::getById($sourceId);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $sourceId);
}
$source->finalStep($state);
SimpleSAML_Auth_Source::completeAuth($state);