-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathIdP.php
114 lines (104 loc) · 2.74 KB
/
IdP.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php
namespace Shibalike;
use Shibalike\Attr\IStore;
/**
* Component for marking user as authenticated. For use in a "login" script.
*
* Usage:
* <code>
* $idp = new Shibalike\IdP(...);
* if (isset($_GET['logout'])) {
* $idp->logout();
* }
*
* // try authentication somehow (e.g. using Zend_Auth)
* if ($authenticatedSuccessfully) {
* $userAttrs = $idp->fetchAttrs();
* if ($userAttrs) {
* $idp->markAsAuthenticated($username);
* $idp->redirect();
* } else {
* // user is not in attr store!
* }
* } else {
* // user failed authenticate!
* }
* </code>
*/
class IdP extends Junction {
/**
* @param IStateManager $stateMgr
* @param IStore $store
* @param Config $config
*/
public function __construct(IStateManager $stateMgr, IStore $store, Config $config)
{
$this->_store = $store;
parent::__construct($stateMgr, $config);
}
/**
* Fetch user attributes from the attribute store
*
* @param string $username
* @return array|null
*/
public function fetchAttrs($username)
{
return $this->_store->fetchAttrs($username);
}
/**
* Mark the user as authenticated and store her in the state manager
*
* @param string $username
* @param array $attrs if not provided, fetchAttrs will be called
* @return bool was the user state set successfully?
*/
public function markAsAuthenticated($username, array $attrs = null)
{
if (!$attrs) {
$attrs = $this->fetchAttrs($username);
}
$authResult = new AuthResult($username, $attrs);
return $this->_stateMgr->set('authResult', $authResult);
}
/**
* Get the default URL to redirect to
*
* @return string
*/
public function getRedirectUrl()
{
return $this->_config->idpUrl;
}
/**
* Get the AuthRequest object from the state manager (if exists).
*
* @return AuthRequest|null
*/
public function getAuthRequest()
{
return $this->_stateMgr->get('authRequest');
}
/**
* Close an open state manager/session and redirect the user
*
* @param string $url
* @param bool $exitAfter exit after redirecting?
*/
public function redirect($url = null, $exitAfter = true)
{
if (empty($url)) {
$authRequest = $this->_stateMgr->get('authRequest');
/* @var AuthRequest $authRequest */
if ($authRequest) {
$url = $authRequest->getReturnUrl();
$this->_stateMgr->set('authRequest');
}
}
parent::redirect($url, $exitAfter);
}
/**
* @var IStore
*/
protected $_store;
}