本文整理汇总了PHP中SimpleSAML_Utilities::checkURLAllowed方法的典型用法代码示例。如果您正苦于以下问题:PHP SimpleSAML_Utilities::checkURLAllowed方法的具体用法?PHP SimpleSAML_Utilities::checkURLAllowed怎么用?PHP SimpleSAML_Utilities::checkURLAllowed使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SimpleSAML_Utilities
的用法示例。
在下文中一共展示了SimpleSAML_Utilities::checkURLAllowed方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: __construct
/**
* Initialize the filter.
*
* @param array $config Configuration information about this filter.
* @param mixed $reserved For future use
*/
public function __construct($config, $reserved)
{
parent::__construct($config, $reserved);
assert('is_array($config)');
if (array_key_exists('enforce_2fa', $config)) {
$this->enforce_2fa = $config['enforce_2fa'];
if (!is_bool($this->enforce_2fa)) {
throw new Exception('Invalid attribute name given to simpletotp::2fa filter:
enforce_2fa must be a boolean.');
}
}
if (array_key_exists('secret_attr', $config)) {
$this->secret_attr = $config['secret_attr'];
if (!is_string($this->secret_attr)) {
throw new Exception('Invalid attribute name given to simpletotp::2fa filter:
secret_attr must be a string');
}
}
if (array_key_exists('not_configured_url', $config)) {
$this->not_configured_url = $config['not_configured_url'];
if (!is_string($config['not_configured_url'])) {
throw new Exception('Invalid attribute value given to simpletotp::2fa filter:
not_configured_url must be a string');
}
//validate URL to ensure it's we will be able to redirect to
$this->not_configured_url = SimpleSAML_Utilities::checkURLAllowed($config['not_configured_url']);
}
}
示例2: handleLogin
public static function handleLogin($authStateId, $xmlToken)
{
assert('is_string($authStateId)');
$config = SimpleSAML_Configuration::getInstance();
$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$idp_key = $autoconfig->getValue('idp_key');
$idp_pass = $autoconfig->getValue('idp_key_pass', NULL);
$sts_crt = $autoconfig->getValue('sts_crt');
$Infocard = $autoconfig->getValue('InfoCard');
$infocard = new sspmod_InfoCard_RP_InfoCard();
$infocard->addIDPKey($idp_key, $idp_pass);
$infocard->addSTSCertificate($sts_crt);
if (!$xmlToken) {
SimpleSAML_Logger::debug("XMLtoken: " . $xmlToken);
} else {
SimpleSAML_Logger::debug("NOXMLtoken: " . $xmlToken);
}
$claims = $infocard->process($xmlToken);
if ($claims->isValid()) {
$attributes = array();
foreach ($Infocard['requiredClaims'] as $claim => $data) {
$attributes[$claim] = array($claims->{$claim});
}
foreach ($Infocard['optionalClaims'] as $claim => $data) {
$attributes[$claim] = array($claims->{$claim});
}
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
$state['Attributes'] = $attributes;
unset($infocard);
unset($claims);
SimpleSAML_Auth_Source::completeAuth($state);
} else {
unset($infocard);
unset($claims);
return 'wrong_IC';
}
}
示例3: check_credentials
/**
* Check the credentials that the user got from the A-Select server.
* This function is called after the user returns from the A-Select server.
*
* @author Wessel Dankers, Tilburg University
*/
function check_credentials()
{
if (!array_key_exists('ssp_state', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing ssp_state parameter"));
}
$id = $_REQUEST['ssp_state'];
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($id);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($id, 'aselect:login');
if (!array_key_exists('a-select-server', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing a-select-server parameter"));
}
$server_id = $_REQUEST['a-select-server'];
if (!array_key_exists('aselect_credentials', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter"));
}
$credentials = $_REQUEST['aselect_credentials'];
if (!array_key_exists('rid', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter"));
}
$rid = $_REQUEST['rid'];
try {
if (!array_key_exists('aselect::authid', $state)) {
throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state");
}
$authid = $state['aselect::authid'];
$aselect = SimpleSAML_Auth_Source::getById($authid);
if (is_null($aselect)) {
throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}");
}
$creds = $aselect->verify_credentials($server_id, $credentials, $rid);
if (array_key_exists('attributes', $creds)) {
$state['Attributes'] = $creds['attributes'];
} else {
$res = $creds['res'];
$state['Attributes'] = array('uid' => array($res['uid']), 'organization' => array($res['organization']));
}
} catch (Exception $e) {
SimpleSAML_Auth_State::throwException($state, $e);
}
SimpleSAML_Auth_Source::completeAuth($state);
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component"));
}
示例4: onResponse
/**
* Continue the logout operation.
*
* This function will never return.
*
* @param string $assocId The association that is terminated.
* @param string|NULL $relayState The RelayState from the start of the logout.
* @param SimpleSAML_Error_Exception|NULL $error The error that occurred during session termination (if any).
*/
public function onResponse($assocId, $relayState, SimpleSAML_Error_Exception $error = NULL)
{
assert('is_string($assocId)');
assert('is_string($relayState) || is_null($relayState)');
if ($relayState === NULL) {
throw new SimpleSAML_Error_Exception('RelayState lost during logout.');
}
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($relayState);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($relayState, 'core:LogoutTraditional');
if ($error === NULL) {
SimpleSAML_Logger::info('Logged out of ' . var_export($assocId, TRUE) . '.');
$this->idp->terminateAssociation($assocId);
} else {
SimpleSAML_Logger::warning('Error received from ' . var_export($assocId, TRUE) . ' during logout:');
$error->logWarning();
$state['core:Failed'] = TRUE;
}
self::logoutNextSP($state);
}
示例5: SimpleSAML_Error_BadRequest
<?php
/*
* This endpoint is provided for backwards compatibility,
* and should not be used.
*
* Use SingleLogoutService.php?ReturnTo=... instead.
*/
require_once '../../_include.php';
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
if (!isset($_REQUEST['RelayState'])) {
throw new SimpleSAML_Error_BadRequest('Missing required RelayState parameter.');
}
$idp->doLogoutRedirect(SimpleSAML_Utilities::checkURLAllowed((string) $_REQUEST['RelayState']));
assert('FALSE');
示例6: logout
/**
* Log out from this authentication source.
*
* This function should be overridden if the authentication source requires special
* steps to complete a logout operation.
*
* If the logout process requires a redirect, the state should be saved. Once the
* logout operation is completed, the state should be restored, and completeLogout
* should be called with the state. If this operation can be completed without
* showing the user a page, or redirecting, this function should return.
*
* @param array &$state Information about the current logout operation.
*/
public function logout(&$state)
{
assert('is_array($state)');
// check first if we have a valid session
if ($this->_poa->isAuthenticated()) {
/* We are will need the authId in order to retrieve this authentication source later. */
$state[self::AUTHID] = $this->authId;
$this->_stateId = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
// TODO: pending on phpPoA adding PAPI_SLO_REDIRECT_URL_FINISH hook
$this->_poa->addHook("PAPI_SLO_REDIRECT_URL_FINISH", new Hook(array($this, "modifyParams")));
// perform single logout, this won't return
$this->_poa->logout(true);
} else {
if (isset($_REQUEST['SSPStateID'])) {
$this->_stateId = (string) $_REQUEST['SSPStateID'];
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($this->_stateId);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
$state = SimpleSAML_Auth_State::loadState($this->_stateId, self::STAGE_INIT);
} else {
return;
}
}
self::completeLogout($state);
}
示例7: array_unique
}
if (array_key_exists('IDPList', $spmetadata)) {
$IDPList = array_unique(array_merge($IDPList, $spmetadata['IDPList']));
}
if (isset($_GET['IDPList']) && !empty($_GET['IDPList'])) {
$providers = $_GET['IDPList'];
if (!is_array($providers)) {
$providers = array($providers);
}
$IDPList = array_merge($IDPList, $providers);
}
$ar->setIDPList($IDPList);
/* Save request information. */
$info = array();
$info['RelayState'] = $returnTo;
if (array_key_exists('OnError', $_REQUEST)) {
$info['OnError'] = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['OnError']);
}
$session->setData('SAML2:SP:SSO:Info', $ar->getId(), $info);
/* Select appropriate SSO endpoint */
if ($ar->getProtocolBinding() === SAML2_Const::BINDING_HOK_SSO) {
$dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(SAML2_Const::BINDING_HOK_SSO));
} else {
$dst = $idpMetadata->getDefaultEndpoint('SingleSignOnService', array(SAML2_Const::BINDING_HTTP_REDIRECT, SAML2_Const::BINDING_HTTP_POST));
}
$ar->setDestination($dst['Location']);
$b = SAML2_Binding::getBinding($dst['Binding']);
$b->send($ar);
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('CREATEREQUEST', $exception);
}
示例8: resume
/**
* Resume authentication process.
*
* This function resumes the authentication process after the user has
* entered his or her credentials.
*
* @param array &$state The authentication state.
*/
public static function resume()
{
/*
* First we need to restore the $state-array. We should have the identifier for
* it in the 'State' request parameter.
*/
if (!isset($_REQUEST['State'])) {
throw new SimpleSAML_Error_BadRequest('Missing "State" parameter.');
}
$stateId = (string) $_REQUEST['State'];
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($stateId);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/*
* Once again, note the second parameter to the loadState function. This must
* match the string we used in the saveState-call above.
*/
$state = SimpleSAML_Auth_State::loadState($stateId, 'exampleauth:External');
/*
* Now we have the $state-array, and can use it to locate the authentication
* source.
*/
$source = SimpleSAML_Auth_Source::getById($state['exampleauth:AuthID']);
if ($source === NULL) {
/*
* The only way this should fail is if we remove or rename the authentication source
* while the user is at the login page.
*/
throw new SimpleSAML_Error_Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
/*
* Make sure that we haven't switched the source type while the
* user was at the authentication page. This can only happen if we
* change config/authsources.php while an user is logging in.
*/
if (!$source instanceof self) {
throw new SimpleSAML_Error_Exception('Authentication source type changed.');
}
/*
* OK, now we know that our current state is sane. Time to actually log the user in.
*
* First we check that the user is acutally logged in, and didn't simply skip the login page.
*/
$attributes = $source->getUser();
if ($attributes === NULL) {
/*
* The user isn't authenticated.
*
* Here we simply throw an exception, but we could also redirect the user back to the
* login page.
*/
throw new SimpleSAML_Error_Exception('User not authenticated after login page.');
}
/*
* So, we have a valid user. Time to resume the authentication process where we
* paused it in the authenticate()-function above.
*/
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
/*
* The completeAuth-function never returns, so we never get this far.
*/
assert('FALSE');
}
示例9: handleLogin
/**
* Handle login request.
*
* This function is used by the login form (core/www/loginuserpass.php) when the user
* enters a username and password. On success, it will not return. On wrong
* username/password failure, it will return the error code. Other failures will throw an
* exception.
*
* @param string $authStateId The identifier of the authentication state.
* @param string $otp The one time password entered-
* @return string Error code in the case of an error.
*/
public static function handleLogin($authStateId, $otp)
{
assert('is_string($authStateId)');
assert('is_string($otp)');
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
try {
/* Attempt to log in. */
$attributes = $source->login($otp);
} catch (SimpleSAML_Error_Error $e) {
/* An error occurred during login. Check if it is because of the wrong
* username/password - if it is, we pass that error up to the login form,
* if not, we let the generic error handler deal with it.
*/
if ($e->getErrorCode() === 'WRONGUSERPASS') {
return 'WRONGUSERPASS';
}
/* Some other error occurred. Rethrow exception and let the generic error
* handler deal with it.
*/
throw $e;
}
$state['Attributes'] = $attributes;
SimpleSAML_Auth_Source::completeAuth($state);
}
示例10: handleLogin
/**
* Handle login request.
*
* This function is used by the login form (core/www/loginuserpass.php) when the user
* enters a username and password. On success, it will not return. On wrong
* username/password failure, and other errors, it will throw an exception.
*
* @param string $authStateId The identifier of the authentication state.
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
*/
public static function handleLogin($authStateId, $username, $password)
{
assert('is_string($authStateId)');
assert('is_string($username)');
assert('is_string($password)');
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Here we retrieve the state array we saved in the authenticate-function. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
/* Retrieve the authentication source we are executing. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
/*
* $source now contains the authentication source on which authenticate()
* was called. We should call login() on the same authentication source.
*/
/* Attempt to log in. */
try {
$attributes = $source->login($username, $password);
} catch (Exception $e) {
SimpleSAML_Logger::stats('Unsuccessful login attempt from ' . $_SERVER['REMOTE_ADDR'] . '.');
throw $e;
}
SimpleSAML_Logger::stats('User \'' . $username . '\' has been successfully authenticated.');
/* Save the attributes we received from the login-function in the $state-array. */
assert('is_array($attributes)');
$state['Attributes'] = $attributes;
/* Return control to simpleSAMLphp after successful authentication. */
SimpleSAML_Auth_Source::completeAuth($state);
}
示例11: Exception
require_once $ldapconfigfile;
if (!array_key_exists($idpentityid, $casldapconfig)) {
throw new Exception('No LDAP authentication configuration for this SAML 2.0 entity ID [' . $idpentityid . ']');
}
$ldapconfig = $casldapconfig[$idpentityid]['ldap'];
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
/*
* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
if ($username = $_POST['username']) {
try {
$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']);
$attributes = $ldap->validate($ldapconfig, $username, $_POST['password']);
if ($attributes === FALSE) {
$error = "LDAP_INVALID_CREDENTIALS";
} else {
$session->doLogin('login-wayf-ldap');
$session->setAttributes($attributes);
$session->setNameID(array('value' => SimpleSAML_Utilities::generateID(), 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Utilities::redirectTrustedURL($relaystate);
}
} catch (Exception $e) {
throw new SimpleSAML_Error_Error('LDAPERROR', $e);
}
示例12: listOrganizations
/**
* Get available organizations.
*
* This function is used by the login form to get the available organizations.
*
* @param string $authStateId The identifier of the authentication state.
* @return array|NULL Array of organizations. NULL if the user must enter the
* organization as part of the username.
*/
public static function listOrganizations($authStateId)
{
assert('is_string($authStateId)');
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
$orgMethod = $source->getUsernameOrgMethod();
if ($orgMethod === 'force') {
return NULL;
}
return $source->getOrganizations();
}
示例13: assert
assert('array_key_exists("saml:sp:AuthId", $state)');
if ($state['saml:sp:AuthId'] !== $sourceId) {
throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
}
/* Check that the issuer is the one we are expecting. */
assert('array_key_exists("ExpectedIssuer", $state)');
if ($state['ExpectedIssuer'] !== $idp) {
$idpMetadata = $source->getIdPMetadata($idp);
$idplist = $idpMetadata->getArrayize('IDPList', array());
if (!in_array($state['ExpectedIssuer'], $idplist)) {
throw new SimpleSAML_Error_Exception('The issuer of the response does not match to the identity provider we sent the request to.');
}
}
} else {
/* This is an unsolicited response. */
$state = array('saml:sp:isUnsolicited' => TRUE, 'saml:sp:AuthId' => $sourceId, 'saml:sp:RelayState' => SimpleSAML_Utilities::checkURLAllowed($response->getRelayState()));
}
SimpleSAML_Logger::debug('Received SAML2 Response from ' . var_export($idp, TRUE) . '.');
if (empty($idpMetadata)) {
$idpMetadata = $source->getIdPmetadata($idp);
}
try {
$assertions = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
} catch (sspmod_saml_Error $e) {
/* The status of the response wasn't "success". */
$e = $e->toException();
SimpleSAML_Auth_State::throwException($state, $e);
}
$authenticatingAuthority = NULL;
$nameId = NULL;
$sessionIndex = NULL;
示例14: SimpleSAML_Error_BadRequest
$response = $b->receive();
if (!$response instanceof SAML2_Response) {
throw new SimpleSAML_Error_BadRequest('Invalid message received to AssertionConsumerService endpoint.');
}
$idp = $response->getIssuer();
if ($idp === NULL) {
throw new Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.');
}
$idpMetadata = $metadataHandler->getMetaDataConfig($idp, 'saml20-idp-remote');
/* Fetch the request information if it exists, fall back to RelayState if not. */
$requestId = $response->getInResponseTo();
$info = $session->getData('SAML2:SP:SSO:Info', $requestId);
if ($info === NULL) {
/* Fall back to RelayState. */
$info = array();
$info['RelayState'] = SimpleSAML_Utilities::checkURLAllowed($response->getRelayState());
if (empty($info['RelayState'])) {
$info['RelayState'] = $spMetadata->getString('RelayState', NULL);
}
if (empty($info['RelayState'])) {
/* RelayState missing. */
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
}
try {
$assertion = sspmod_saml_Message::processResponse($spMetadata, $idpMetadata, $response);
if (count($assertion) > 1) {
throw new SimpleSAML_Error_Exception('More than one assertion in received response.');
}
$assertion = $assertion[0];
} catch (sspmod_saml_Error $e) {
示例15: foreach
<?php
require_once '_include.php';
/**
* This page clears the user's IdP discovery choices.
*/
/* The base path for cookies. This should be the installation directory for simpleSAMLphp. */
$config = SimpleSAML_Configuration::getInstance();
$cookiePath = '/' . $config->getBaseUrl();
/* We delete all cookies which starts with 'idpdisco_' */
foreach ($_COOKIE as $cookieName => $value) {
if (substr($cookieName, 0, 9) !== 'idpdisco_') {
/* Not a idpdisco cookie. */
continue;
}
/* Delete the cookie. We delete it once without the secure flag and once with the secure flag. This
* ensures that the cookie will be deleted in any case.
*/
SimpleSAML_Utilities::setCookie($cookieName, NULL, array('path' => $cookiePath, 'httponly' => FALSE), FALSE);
}
/* Find where we should go now. */
if (array_key_exists('ReturnTo', $_REQUEST)) {
$returnTo = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']);
} else {
/* Return to the front page if no other destination is given. This is the same as the base cookie path. */
$returnTo = $cookiePath;
}
/* Redirect to destination. */
SimpleSAML_Utilities::redirectTrustedURL($returnTo);