PHP SimpleSAML_Logger::warning方法代码示例

 /**
  * This function performs some sanity checks on XML documents, and optionally validates them against their schema
  * if the 'debug.validatexml' option is enabled. A warning will be printed to the log if validation fails.
  *
  * @param string $message The SAML document we want to check.
  * @param string $type The type of document. Can be one of:
  * - 'saml20'
  * - 'saml11'
  * - 'saml-meta'
  *
  * @throws \InvalidArgumentException If $message is not a string or $type is not a string containing one of the
  *     values allowed.
  * @throws \SimpleSAML_Error_Exception If $message contains a doctype declaration.
  *
  * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
  * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
  */
 public static function checkSAMLMessage($message, $type)
 {
     $allowed_types = array('saml20', 'saml11', 'saml-meta');
     if (!(is_string($message) && in_array($type, $allowed_types))) {
         throw new \InvalidArgumentException('Invalid input parameters.');
     }
     // a SAML message should not contain a doctype-declaration
     if (strpos($message, '<!DOCTYPE') !== false) {
         throw new \SimpleSAML_Error_Exception('XML contained a doctype declaration.');
     }
     $enabled = \SimpleSAML_Configuration::getInstance()->getBoolean('debug.validatexml', null);
     if (!$enabled) {
         return;
     }
     $result = true;
     switch ($type) {
         case 'saml11':
             $result = self::isValid($message, 'oasis-sstc-saml-schema-protocol-1.1.xsd');
             break;
         case 'saml20':
             $result = self::isValid($message, 'saml-schema-protocol-2.0.xsd');
             break;
         case 'saml-meta':
             $result = self::isValid($message, 'saml-schema-metadata-2.0.xsd');
     }
     if ($result !== true) {
         \SimpleSAML_Logger::warning($result);
     }
 }

 /**
  * Process a authentication response.
  *
  * This function checks how long it is since the last time the user was authenticated.
  * If it is to short a while since, we will show a warning to the user.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (!array_key_exists('PreviousSSOTimestamp', $state)) {
         /*
          * No timestamp from the previous SSO to this SP. This is the first
          * time during this session.
          */
         return;
     }
     $timeDelta = time() - $state['PreviousSSOTimestamp'];
     if ($timeDelta >= 10) {
         /* At least 10 seconds since last attempt. */
         return;
     }
     if (array_key_exists('Destination', $state) && array_key_exists('entityid', $state['Destination'])) {
         $entityId = $state['Destination']['entityid'];
     } else {
         $entityId = 'UNKNOWN';
     }
     SimpleSAML_Logger::warning('WarnShortSSOInterval: Only ' . $timeDelta . ' seconds since last SSO for this user from the SP ' . var_export($entityId, TRUE));
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'core:short_sso_interval');
     $url = SimpleSAML_Module::getModuleURL('core/short_sso_interval.php');
     SimpleSAML_Utilities::redirectTrustedURL($url, array('StateId' => $id));
 }

 /**
  * Process an authentication response.
  *
  * This function saves the state, and if necessary redirects the user to the page where the user
  * is informed about the expiry date of his/her certificate.
  *
  * @param array $state  The state of the response.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
         /* We have a passive request. Skip the warning. */
         return;
     }
     if (!isset($_SERVER['SSL_CLIENT_CERT']) || $_SERVER['SSL_CLIENT_CERT'] == '') {
         return;
     }
     $client_cert = $_SERVER['SSL_CLIENT_CERT'];
     $client_cert_data = openssl_x509_parse($client_cert);
     if ($client_cert_data == FALSE) {
         SimpleSAML_Logger::error('authX509: invalid cert');
         return;
     }
     $validTo = $client_cert_data['validTo_time_t'];
     $now = time();
     $daysleft = (int) (($validTo - $now) / (24 * 60 * 60));
     if ($daysleft > $this->warndaysbefore) {
         /* We have a certificate that will be valid for some time. Skip the warning. */
         return;
     }
     SimpleSAML_Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
     $state['daysleft'] = $daysleft;
     $state['renewurl'] = $this->renewurl;
     /* Save state and redirect. */
     $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
     $url = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php');
     \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
 }

 /**
  * Get the NameID value.
  *
  * @return string|NULL  The NameID value.
  */
 protected function getValue(array &$state)
 {
     if (!isset($state['Destination']['entityid'])) {
         SimpleSAML_Logger::warning('No SP entity ID - not generating persistent NameID.');
         return NULL;
     }
     $spEntityId = $state['Destination']['entityid'];
     if (!isset($state['Source']['entityid'])) {
         SimpleSAML_Logger::warning('No IdP entity ID - not generating persistent NameID.');
         return NULL;
     }
     $idpEntityId = $state['Source']['entityid'];
     if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
         SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
         return NULL;
     }
     if (count($state['Attributes'][$this->attribute]) > 1) {
         SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating persistent NameID.');
         return NULL;
     }
     $uid = array_values($state['Attributes'][$this->attribute]);
     /* Just in case the first index is no longer 0. */
     $uid = $uid[0];
     $secretSalt = SimpleSAML_Utilities::getSecretSalt();
     $uidData = 'uidhashbase' . $secretSalt;
     $uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
     $uidData .= strlen($spEntityId) . ':' . $spEntityId;
     $uidData .= strlen($uid) . ':' . $uid;
     $uidData .= $secretSalt;
     return sha1($uidData);
 }

 /**
  * This function generates a binary string containing random bytes.
  *
  * It will use /dev/urandom if available, and fall back to the builtin mt_rand()-function if not.
  *
  * @param $length  The number of random bytes to return.
  * @return A string of lenght $length with random bytes.
  */
 public static function generateRandomBytes($length, $fallback = TRUE)
 {
     static $fp = NULL;
     assert('is_int($length)');
     if ($fp === NULL) {
         if (file_exists('/dev/urandom')) {
             $fp = fopen('/dev/urandom', 'rb');
         } else {
             $fp = FALSE;
         }
     }
     if ($fp !== FALSE) {
         /* Read random bytes from /dev/urandom. */
         $data = fread($fp, $length);
         if ($data === FALSE) {
             throw new Exception('Error reading random data.');
         }
         if (strlen($data) != $length) {
             SimpleSAML_Logger::warning('Did not get requested number of bytes from random source. Requested (' . $length . ') got (' . strlen($data) . ')');
             if ($fallback) {
                 $data = self::generateRandomBytesMTrand($length);
             } else {
                 throw new Exception('Did not get requested number of bytes from random source. Requested (' . $length . ') got (' . strlen($data) . ')');
             }
         }
     } else {
         /* Use mt_rand to generate $length random bytes. */
         $data = self::generateRandomBytesMTrand($length);
     }
     return $data;
 }

 /**
  * Apply this filter.
  *
  * @param array &$request  The current request
  */
 public function process(&$request)
 {
     assert('is_array($request)');
     assert('array_key_exists("Attributes", $request)');
     $attributes =& $request['Attributes'];
     if (!isset($attributes[$this->sourceAttribute])) {
         return;
     }
     // will not overwrite existing attribute
     if (isset($attributes[$this->targetAttribute])) {
         return;
     }
     $sourceAttrVal = $attributes[$this->sourceAttribute][0];
     /* the last position of an @ is usually the beginning of the scope
      * string */
     $scopeIndex = strrpos($sourceAttrVal, '@');
     if ($scopeIndex !== FALSE) {
         $attributes[$this->targetAttribute] = array();
         $scope = substr($sourceAttrVal, $scopeIndex + 1);
         $attributes[$this->targetAttribute][] = $scope;
         SimpleSAML_Logger::debug('ScopeFromAttribute: Inserted new attribute ' . $this->targetAttribute . ', with scope ' . $scope);
     } else {
         SimpleSAML_Logger::warning('ScopeFromAttribute: The configured source attribute ' . $this->sourceAttribute . ' does not have a scope. Did not add attribute ' . $this->targetAttribute . '.');
     }
 }

 /**
  * Autoload function for SimpleSAMLphp modules following PSR-0.
  *
  * @param string $className Name of the class.
  * @deprecated This method will be removed in SSP 2.0.
  *
  * TODO: this autoloader should be removed once everything has been migrated to namespaces.
  */
 public static function autoloadPSR0($className)
 {
     $modulePrefixLength = strlen('sspmod_');
     $classPrefix = substr($className, 0, $modulePrefixLength);
     if ($classPrefix !== 'sspmod_') {
         return;
     }
     $modNameEnd = strpos($className, '_', $modulePrefixLength);
     $module = substr($className, $modulePrefixLength, $modNameEnd - $modulePrefixLength);
     $path = explode('_', substr($className, $modNameEnd + 1));
     if (!self::isModuleEnabled($module)) {
         return;
     }
     $file = self::getModuleDir($module) . '/lib/' . join('/', $path) . '.php';
     if (!file_exists($file)) {
         return;
     }
     require_once $file;
     if (!class_exists($className, false)) {
         // the file exists, but the class is not defined. Is it using namespaces?
         $nspath = join('\\', $path);
         if (class_exists('SimpleSAML\\Module\\' . $module . '\\' . $nspath)) {
             // the class has been migrated, create an alias and warn about it
             \SimpleSAML_Logger::warning("The class '{$className}' is now using namespaces, please use 'SimpleSAML\\Module\\{$module}\\" . "{$nspath}' instead.");
             class_alias("SimpleSAML\\Module\\{$module}\\{$nspath}", $className);
         }
     }
 }

 protected function login($username, $password)
 {
     /* Connect to the database. */
     $dsn = 'mysql:host=' . $_ENV["DB_HOST"] . ';dbname=twofactor';
     $username = $_ENV["DB_USER"];
     $password = $_ENV["DB_PASS"];
     $db = new PDO($dsn, $username, $password);
     $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
     /* Ensure that we are operating with UTF-8 encoding.
      * This command is for MySQL. Other databases may need different commands.
      */
     $db->exec("SET NAMES 'utf8'");
     /* With PDO we use prepared statements. This saves us from having to escape
      * the username in the database query.
      */
     $st = $db->prepare('SELECT username, password_hash, full_name FROM userdb WHERE username=:username');
     if (!$st->execute(array('username' => $username))) {
         throw new Exception('Failed to query database for user.');
     }
     /* Retrieve the row from the database. */
     $row = $st->fetch(PDO::FETCH_ASSOC);
     if (!$row) {
         /* User not found. */
         SimpleSAML_Logger::warning('MyAuth: Could not find user ' . var_export($username, TRUE) . '.');
         throw new SimpleSAML_Error_Error('WRONGUSERPASS');
     }
     /* Check the password. */
     if (!$this->checkPassword($row['password_hash'], $password)) {
         /* Invalid password. */
         SimpleSAML_Logger::warning('MyAuth: Wrong password for user ' . var_export($username, TRUE) . '.');
         throw new SimpleSAML_Error_Error('WRONGUSERPASS');
     }
     /* Create the attribute array of the user. */
     $attributes = array('uid' => array($username), 'urn:dk:ddl:borger:displayName' => array($row['full_name']), 'urn:dk:gov:saml:cprNumberIdentifier' => array('0102031AB2'));
 }

/**
 * Hook to run a cron job.
 *
 * @param array &$croninfo  Output
 */
function statistics_hook_cron(&$croninfo)
{
    assert('is_array($croninfo)');
    assert('array_key_exists("summary", $croninfo)');
    assert('array_key_exists("tag", $croninfo)');
    $statconfig = SimpleSAML_Configuration::getConfig('module_statistics.php');
    if (is_null($statconfig->getValue('cron_tag', NULL))) {
        return;
    }
    if ($statconfig->getValue('cron_tag', NULL) !== $croninfo['tag']) {
        return;
    }
    $maxtime = $statconfig->getInteger('time_limit', NULL);
    if ($maxtime) {
        set_time_limit($maxtime);
    }
    try {
        $aggregator = new sspmod_statistics_Aggregator();
        $results = $aggregator->aggregate();
        if (empty($results)) {
            SimpleSAML_Logger::notice('Output from statistics aggregator was empty.');
        } else {
            $aggregator->store($results);
        }
    } catch (Exception $e) {
        $message = 'Loganalyzer threw exception: ' . $e->getMessage();
        SimpleSAML_Logger::warning($message);
        $croninfo['summary'][] = $message;
    }
}

/**
 * This function retrieves the logout info with the given ID.
 *
 * @param $id  The identifier of the logout info.
 */
function fetchLogoutInfo($id)
{
    global $session;
    global $logoutInfo;
    $logoutInfo = $session->getData('idplogoutresponsedata', $id);
    if ($logoutInfo === NULL) {
        SimpleSAML_Logger::warning('SAML2.0 - IdP.SingleLogoutService: Lost logout information.');
    }
}

 /**
  * Apply filter to add or replace attributes.
  *
  * Add or replace existing attributes with the configured values.
  *
  * @param array &$request  The current request
  */
 public function process(&$request)
 {
     assert('is_array($request)');
     assert('array_key_exists("Attributes", $request)');
     SimpleSAML_Logger::warning('You are using the deprecated smartnameattribute:SmartName filter. You should replace it with smartattributes:SmartName instead.');
     $attributes =& $request['Attributes'];
     $fullname = $this->getFullName($attributes);
     if (isset($fullname)) {
         $request['Attributes']['smartname-fullname'] = array($fullname);
     }
 }

 /**
  * Redirect to page setting CDC.
  *
  * @param array &$state  The request state.
  */
 public function process(&$state)
 {
     assert('is_array($state)');
     if (!isset($state['Source']['entityid'])) {
         SimpleSAML_Logger::warning('saml:CDC: Could not find IdP entityID.');
         return;
     }
     /* Save state and build request. */
     $id = SimpleSAML_Auth_State::saveState($state, 'cdc:resume');
     $returnTo = SimpleSAML_Module::getModuleURL('cdc/resume.php', array('domain' => $this->domain));
     $params = array('id' => $id, 'entityID' => $state['Source']['entityid']);
     $this->client->sendRequest($returnTo, 'append', $params);
 }

 /**
  * Get the NameID value.
  *
  * @return string|NULL  The NameID value.
  */
 protected function getValue(array &$state)
 {
     if (!isset($state['Attributes'][$this->attribute]) || count($state['Attributes'][$this->attribute]) === 0) {
         SimpleSAML_Logger::warning('Missing attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating attribute NameID.');
         return NULL;
     }
     if (count($state['Attributes'][$this->attribute]) > 1) {
         SimpleSAML_Logger::warning('More than one value in attribute ' . var_export($this->attribute, TRUE) . ' on user - not generating attribute NameID.');
     }
     $value = array_values($state['Attributes'][$this->attribute]);
     /* Just in case the first index is no longer 0. */
     $value = $value[0];
     return $value;
 }

 /**
  * This function is used to find an existing storage object. It will return NULL if no storage object
  * with the given id is found.
  *
  * @param $id  The id of the storage object we are looking for. A id consists of lowercase
  *             alphanumeric characters.
  * @return The corresponding MemcacheStorage object if the data is found or NULL if it isn't found.
  */
 public static function find($id)
 {
     assert(self::isValidID($id));
     $serializedData = SimpleSAML_Memcache::get($id);
     if ($serializedData === NULL) {
         return NULL;
     }
     $data = unserialize($serializedData);
     if (!$data instanceof self) {
         SimpleSAML_Logger::warning('Retrieved key from memcache did not contain a MemcacheStore object.');
         return NULL;
     }
     return $data;
 }

 /**
  * Initialize this filter, parse configuration
  *
  * @param array $config Configuration information about this filter.
  * @param mixed $reserved For future use.
  */
 public function __construct($config, $reserved)
 {
     parent::__construct($config, $reserved);
     assert('is_array($config)');
     if (isset($config['function'])) {
         $this->function = $config['function'];
     } else {
         // TODO: remove this branch after removing the 'code' option.
         if (!isset($config['code'])) {
             throw new SimpleSAML_Error_Exception("core:PHP: Neither 'function' nor 'code' options defined.");
         }
         SimpleSAML_Logger::warning("Deprecated 'code' configuration option in PHP authentication processing filter.");
         $this->code = (string) $config['code'];
     }
 }