| public static loadState ( string $id, string $stage, boolean $allowMissing = false ) : array | null | ||
| $id | string | State identifier (with embedded restart information). |
| $stage | string | The stage the state should have been saved in. |
| $allowMissing | boolean | Whether to allow the state to be missing. |
| return | array | null | State information, or null if the state is missing and $allowMissing is true. |
public static function loadState($id, $stage, $allowMissing = false)
{
assert('is_string($id)');
assert('is_string($stage)');
assert('is_bool($allowMissing)');
SimpleSAML\Logger::debug('Loading state: ' . var_export($id, true));
$sid = self::parseStateID($id);
$session = SimpleSAML_Session::getSessionFromRequest();
$state = $session->getData('SimpleSAML_Auth_State', $sid['id']);
if ($state === null) {
// Could not find saved data
if ($allowMissing) {
return null;
}
if ($sid['url'] === null) {
throw new SimpleSAML_Error_NoState();
}
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($sid['url']);
}
$state = unserialize($state);
assert('is_array($state)');
assert('array_key_exists(self::ID, $state)');
assert('array_key_exists(self::STAGE, $state)');
// Verify stage
if ($state[self::STAGE] !== $stage) {
/* This could be a user trying to bypass security, but most likely it is just
* someone using the back-button in the browser. We try to restart the
* request if that is possible. If not, show an error.
*/
$msg = 'Wrong stage in state. Was \'' . $state[self::STAGE] . '\', should be \'' . $stage . '\'.';
SimpleSAML\Logger::warning($msg);
if ($sid['url'] === null) {
throw new Exception($msg);
}
\SimpleSAML\Utils\HTTP::redirectUntrustedURL($sid['url']);
}
return $state;
} public static function handleLogin($authStateId, $xmlToken)
{
assert('is_string($authStateId)');
$config = SimpleSAML_Configuration::getInstance();
$autoconfig = $config->copyFromBase('logininfocard', 'config-login-infocard.php');
$idp_key = $autoconfig->getValue('idp_key');
$idp_pass = $autoconfig->getValue('idp_key_pass', NULL);
$sts_crt = $autoconfig->getValue('sts_crt');
$Infocard = $autoconfig->getValue('InfoCard');
$infocard = new sspmod_InfoCard_RP_InfoCard();
$infocard->addIDPKey($idp_key, $idp_pass);
$infocard->addSTSCertificate($sts_crt);
if (!$xmlToken) {
SimpleSAML_Logger::debug("XMLtoken: " . $xmlToken);
} else {
SimpleSAML_Logger::debug("NOXMLtoken: " . $xmlToken);
}
$claims = $infocard->process($xmlToken);
if ($claims->isValid()) {
$attributes = array();
foreach ($Infocard['requiredClaims'] as $claim => $data) {
$attributes[$claim] = array($claims->{$claim});
}
foreach ($Infocard['optionalClaims'] as $claim => $data) {
$attributes[$claim] = array($claims->{$claim});
}
// sanitize the input
$sid = SimpleSAML_Utilities::parseStateID($authStateId);
if (!is_null($sid['url'])) {
SimpleSAML_Utilities::checkURLAllowed($sid['url']);
}
/* Retrieve the authentication state. */
$state = SimpleSAML_Auth_State::loadState($authStateId, self::STAGEID);
/* Find authentication source. */
assert('array_key_exists(self::AUTHID, $state)');
$source = SimpleSAML_Auth_Source::getById($state[self::AUTHID]);
if ($source === NULL) {
throw new Exception('Could not find authentication source with id ' . $state[self::AUTHID]);
}
$state['Attributes'] = $attributes;
unset($infocard);
unset($claims);
SimpleSAML_Auth_Source::completeAuth($state);
} else {
unset($infocard);
unset($claims);
return 'wrong_IC';
}
}
