/**
* Marks the user as logged in with the specified authority.
*
* If the user already has logged in, the user will be logged out first.
*
* @param string $authority The authority the user logged in with.
* @param array|null $data The authentication data for this authority.
*
* @throws \SimpleSAML\Error\CannotSetCookie If the authentication token cannot be set for some reason.
*/
public function doLogin($authority, array $data = null)
{
assert('is_string($authority)');
assert('is_array($data) || is_null($data)');
SimpleSAML\Logger::debug('Session: doLogin("' . $authority . '")');
$this->markDirty();
if (isset($this->authData[$authority])) {
// we are already logged in, log the user out first
$this->doLogout($authority);
}
if ($data === null) {
$data = array();
}
$data['Authority'] = $authority;
$globalConfig = SimpleSAML_Configuration::getInstance();
if (!isset($data['AuthnInstant'])) {
$data['AuthnInstant'] = time();
}
$maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
// unset, or beyond our session lifetime. Clamp it to our maximum session lifetime
$data['Expire'] = $maxSessionExpire;
}
// check if we have non-serializable attribute values
foreach ($data['Attributes'] as $attribute => $values) {
foreach ($values as $idx => $value) {
if (is_string($value) || is_int($value)) {
continue;
}
// at this point, this should be a DOMNodeList object...
if (!is_a($value, 'DOMNodeList')) {
continue;
}
/* @var \DOMNodeList $value */
if ($value->length === 0) {
continue;
}
// create an AttributeValue object and save it to 'RawAttributes', using same attribute name and index
$attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
$data['RawAttributes'][$attribute][$idx] = $attrval;
}
}
$this->authData[$authority] = $data;
$this->authToken = SimpleSAML\Utils\Random::generateID();
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) && $globalConfig->getBoolean('session.rememberme.enable', false)) {
$this->setRememberMeExpire();
} else {
try {
SimpleSAML\Utils\HTTP::setCookie($globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), $this->authToken, $sessionHandler->getCookieParams());
} catch (SimpleSAML\Error\CannotSetCookie $e) {
/*
* Something went wrong when setting the auth token. We cannot recover from this, so we better log a
* message and throw an exception. The user is not properly logged in anyway, so clear all login
* information from the session.
*/
unset($this->authToken);
unset($this->authData[$authority]);
\SimpleSAML\Logger::error('Cannot set authentication token cookie: ' . $e->getMessage());
throw $e;
}
}
}