runff 1.0 commit

lib/SimpleSAML/IdP/IFrameLogoutHandler.php

@@ -0,0 +1,119 @@
+<?php
+
+namespace SimpleSAML\IdP;
+
+use SimpleSAML\Module;
+use SimpleSAML\Utils\HTTP;
+
+/**
+ * Class that handles iframe logout.
+ *
+ * @package SimpleSAMLphp
+ */
+class IFrameLogoutHandler implements LogoutHandlerInterface
+{
+
+    /**
+     * The IdP we are logging out from.
+     *
+     * @var \SimpleSAML_IdP
+     */
+    private $idp;
+
+
+    /**
+     * LogoutIFrame constructor.
+     *
+     * @param \SimpleSAML_IdP $idp The IdP to log out from.
+     */
+    public function __construct(\SimpleSAML_IdP $idp)
+    {
+        $this->idp = $idp;
+    }
+
+    /**
+     * Start the logout operation.
+     *
+     * @param array &$state The logout state.
+     * @param string|null $assocId The SP we are logging out from.
+     */
+    public function startLogout(array &$state, $assocId)
+    {
+        assert(is_string($assocId) || $assocId === null);
+
+        $associations = $this->idp->getAssociations();
+
+        if (count($associations) === 0) {
+            $this->idp->finishLogout($state);
+        }
+
+        foreach ($associations as $id => &$association) {
+            $idp = \SimpleSAML_IdP::getByState($association);
+            $association['core:Logout-IFrame:Name'] = $idp->getSPName($id);
+            $association['core:Logout-IFrame:State'] = 'onhold';
+        }
+        $state['core:Logout-IFrame:Associations'] = $associations;
+
+        if (!is_null($assocId)) {
+            $spName = $this->idp->getSPName($assocId);
+            if ($spName === null) {
+                $spName = array('en' => $assocId);
+            }
+
+            $state['core:Logout-IFrame:From'] = $spName;
+        } else {
+            $state['core:Logout-IFrame:From'] = null;
+        }
+
+        $params = array(
+            'id' => \SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'),
+        );
+        if (isset($state['core:Logout-IFrame:InitType'])) {
+            $params['type'] = $state['core:Logout-IFrame:InitType'];
+        }
+
+        $url = Module::getModuleURL('core/idp/logout-iframe.php', $params);
+        HTTP::redirectTrustedURL($url);
+    }
+
+
+    /**
+     * Continue the logout operation.
+     *
+     * This function will never return.
+     *
+     * @param string $assocId The association that is terminated.
+     * @param string|null $relayState The RelayState from the start of the logout.
+     * @param \SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any).
+     */
+    public function onResponse($assocId, $relayState, \SimpleSAML_Error_Exception $error = null)
+    {
+        assert(is_string($assocId));
+
+        $spId = sha1($assocId);
+        $this->idp->terminateAssociation($assocId);
+
+        $header = <<<HEADER
+<!DOCTYPE html>
+<html>
+ <head>
+  <title>Logout response from %s</title>
+  <script>
+HEADER;
+        printf($header, htmlspecialchars(var_export($assocId, true)));
+        if ($error) {
+            $errorMsg = $error->getMessage();
+            echo('window.parent.logoutFailed("'.$spId.'", "'.addslashes($errorMsg).'");');
+        } else {
+            echo('window.parent.logoutCompleted("'.$spId.'");');
+        }
+        echo <<<FOOTER
+  </script>
+ </head>
+ <body>
+ </body>
+</html>
+FOOTER;
+        exit(0);
+    }
+}

lib/SimpleSAML/IdP/LogoutHandlerInterface.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace SimpleSAML\IdP;
+
+/**
+ * Interface that all logout handlers must implement.
+ *
+ * @package SimpleSAMLphp
+ */
+interface LogoutHandlerInterface
+{
+
+
+    /**
+     * Initialize this logout handler.
+     *
+     * @param \SimpleSAML_IdP $idp The IdP we are logging out from.
+     */
+    public function __construct(\SimpleSAML_IdP $idp);
+
+
+    /**
+     * Start a logout operation.
+     *
+     * This function must never return.
+     *
+     * @param array &$state The logout state.
+     * @param string|null $assocId The association that started the logout.
+     */
+    public function startLogout(array &$state, $assocId);
+
+
+    /**
+     * Handles responses to our logout requests.
+     *
+     * This function will never return.
+     *
+     * @param string $assocId The association that is terminated.
+     * @param string|null $relayState The RelayState from the start of the logout.
+     * @param \SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any).
+     */
+    public function onResponse($assocId, $relayState, \SimpleSAML_Error_Exception $error = null);
+}

lib/SimpleSAML/IdP/TraditionalLogoutHandler.php

@@ -0,0 +1,119 @@
+<?php
+
+namespace SimpleSAML\IdP;
+
+use SimpleSAML\Logger;
+use SimpleSAML\Utils\HTTP;
+
+/**
+ * Class that handles traditional logout.
+ *
+ * @package SimpleSAMLphp
+ */
+class TraditionalLogoutHandler implements LogoutHandlerInterface
+{
+
+    /**
+     * The IdP we are logging out from.
+     *
+     * @var \SimpleSAML_IdP
+     */
+    private $idp;
+
+
+    /**
+     * TraditionalLogout constructor.
+     *
+     * @param \SimpleSAML_IdP $idp The IdP to log out from.
+     */
+    public function __construct(\SimpleSAML_IdP $idp)
+    {
+        $this->idp = $idp;
+    }
+
+
+    /**
+     * Picks the next SP and issues a logout request.
+     *
+     * This function never returns.
+     *
+     * @param array &$state The logout state.
+     */
+    private function logoutNextSP(array &$state)
+    {
+        $association = array_pop($state['core:LogoutTraditional:Remaining']);
+        if ($association === null) {
+            $this->idp->finishLogout($state);
+        }
+
+        $relayState = \SimpleSAML_Auth_State::saveState($state, 'core:LogoutTraditional', true);
+
+        $id = $association['id'];
+        Logger::info('Logging out of '.var_export($id, true).'.');
+
+        try {
+            $idp = \SimpleSAML_IdP::getByState($association);
+            $url = call_user_func(array($association['Handler'], 'getLogoutURL'), $idp, $association, $relayState);
+            HTTP::redirectTrustedURL($url);
+        } catch (\Exception $e) {
+            Logger::warning('Unable to initialize logout to '.var_export($id, true).'.');
+            $this->idp->terminateAssociation($id);
+            $state['core:Failed'] = true;
+
+            // Try the next SP
+            $this->logoutNextSP($state);
+            assert(false);
+        }
+    }
+
+
+    /**
+     * Start the logout operation.
+     *
+     * This function never returns.
+     *
+     * @param array  &$state The logout state.
+     * @param string $assocId The association that started the logout.
+     */
+    public function startLogout(array &$state, $assocId)
+    {
+        $state['core:LogoutTraditional:Remaining'] = $this->idp->getAssociations();
+
+        $this->logoutNextSP($state);
+    }
+
+
+    /**
+     * Continue the logout operation.
+     *
+     * This function will never return.
+     *
+     * @param string $assocId The association that is terminated.
+     * @param string|null $relayState The RelayState from the start of the logout.
+     * @param \SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any).
+     *
+     * @throws \SimpleSAML_Error_Exception If the RelayState was lost during logout.
+     */
+    public function onResponse($assocId, $relayState, \SimpleSAML_Error_Exception $error = null)
+    {
+        assert(is_string($assocId));
+        assert(is_string($relayState) || $relayState === null);
+
+        if ($relayState === null) {
+            throw new \SimpleSAML_Error_Exception('RelayState lost during logout.');
+        }
+
+        $state = \SimpleSAML_Auth_State::loadState($relayState, 'core:LogoutTraditional');
+
+        if ($error === null) {
+            Logger::info('Logged out of '.var_export($assocId, true).'.');
+            $this->idp->terminateAssociation($assocId);
+        } else {
+            Logger::warning('Error received from '.var_export($assocId, true).' during logout:');
+            $error->logWarning();
+            $state['core:Failed'] = true;
+        }
+
+        $this->logoutNextSP($state);
+    }
+}