Last active
September 26, 2020 20:42
-
-
Save mcserep/11290312 to your computer and use it in GitHub Desktop.
A Yii identity implementation which authenticates the user with the Neptun academic registry system through SimpleSAMLphp.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* LICENSE | |
* Copyright (c) 2014 Máté Cserép | |
* | |
* This software is provided 'as-is', without any express or implied | |
* warranty. In no event will the authors be held liable for any damages | |
* arising from the use of this software. | |
* | |
* Permission is granted to anyone to use this software for any purpose, | |
* including commercial applications, and to alter it and redistribute it | |
* freely, subject to the following restrictions: | |
* | |
* 1. The origin of this software must not be misrepresented; you must not | |
* claim that you wrote the original software. If you use this software | |
* in a product, an acknowledgment in the product documentation would be | |
* appreciated but is not required. | |
* | |
* 2. Altered source versions must be plainly marked as such, and must not | |
* be misrepresented as being the original software. | |
* | |
* 3. This notice may not be removed or altered from any source distribution. | |
*/ | |
/* | |
* We assume that the SimpleSAMLphp is installed in the webroot. Modify if necessary. | |
* The _autoload.php will register SimpleSAMLphp's own autoloader, which shall be prepended before Yii's autoloader. | |
* Therefore we will unregister and then register again the autoloader of Yii, which is the same process Yii::registerAutoloader() would do. | |
*/ | |
spl_autoload_unregister(array('YiiBase','autoload')); | |
require_once Yii::getPathOfAlias('webroot') . "/samlsrc/simplesamlphp/lib/_autoload.php"; | |
require_once Yii::getPathOfAlias('webroot') . "/samlsrc/simplesamlphp/lib/SimpleSAML/Auth/Simple.php"; | |
spl_autoload_register(array('YiiBase','autoload')); | |
/** | |
* Defines an identity authenticated with the Neptun academic registry system through SimpleSAMLphp. | |
* The Neptun system is used at several hungarian universities. | |
* | |
* @property string $id The Neptun code of the user, which uniquely represents the identity. | |
* @property-read string $name The display name for the identity. | |
* @property-read boolean $isAuthenticated Whether the identity is valid. | |
* @property-read array $persistentStates Additional identity information that needs to be persistent during the user session (excluding {@link id}). | |
* @property-read string $loginURL The login URL provided by SimpleSAMLphp. | |
* @property-read string $logoutURL The logout URL provided by SimpleSAMLphp. | |
*/ | |
class NeptunIdentity extends CComponent implements IUserIdentity | |
{ | |
/** | |
* @var SimpleSAML_Auth_Simple Stores the SAML authenticator. | |
*/ | |
protected $_simpleSaml; | |
/** | |
* @var array Stores the received attributes of the identity. | |
*/ | |
protected $_attributes = array(); | |
/** | |
* Creates a new NeptunIdentity instance. | |
*/ | |
public function __construct() | |
{ | |
$this->_simpleSaml = new SimpleSAML_Auth_Simple('default-sp'); | |
$this->_attributes = $this->_simpleSaml->getAttributes(); | |
} | |
/** | |
* Authenticates the user. | |
* | |
* This method must succeed if returns. | |
* @return boolean True if the authentication succeeded, otherwise false. | |
*/ | |
public function authenticate() | |
{ | |
$this->_simpleSaml->requireAuth(); | |
if($this->_simpleSaml->isAuthenticated()) | |
{ | |
$this->_attributes = $this->_simpleSaml->getAttributes(); | |
return true; | |
} | |
else | |
return false; | |
} | |
/** | |
* Returns the Neptun code of the user. | |
* The Neptun code uniquely represents the identity. | |
* @return string The Neptun code of the user. | |
*/ | |
public function getId() | |
{ | |
return $this->niifPersonOrgID; | |
} | |
/** | |
* Returns the display name for the identity. | |
* @return string The name of the user. | |
*/ | |
public function getName() | |
{ | |
return $this->displayName; | |
} | |
/** | |
* Returns a value indicating whether the identity is authenticated. | |
* @return boolean Whether the identity is valid. | |
*/ | |
public function getIsAuthenticated() | |
{ | |
return !empty($this->_attributes); | |
} | |
/** | |
* Returns the additional identity information that needs to be persistent during the user session. | |
* @return array Additional identity information that needs to be persistent during the user session (excluding {@link id}). | |
*/ | |
public function getPersistentStates() | |
{ | |
return $this->_attributes; | |
} | |
/** | |
* Returns the login URL. | |
* @param string $returnUrl The URL to return the user to after the login. | |
* @return string The login URL. | |
*/ | |
public function getLoginURL($returnUrl = null) | |
{ | |
$url = $this->_simpleSaml->getLoginURL($returnUrl); | |
return preg_replace('|^http://|i', 'https://', $url); | |
} | |
/** | |
* Returns the logout URL. | |
* @param string $returnUrl The URL to return the user to after the logout. | |
* @return string The logout URL. | |
*/ | |
public function getLogoutURL($returnUrl = null) | |
{ | |
return $this->_simpleSaml->getLogoutURL($returnUrl); | |
} | |
/** | |
* Returns the value of an attribute. | |
* @param string $name Name of the attribute. | |
* @return mixed The value of the attribute. | |
* @throws CException if the attribute does not exist. | |
*/ | |
public function getAttribute($name) | |
{ | |
if(isset($this->_attributes[$name])) | |
return $this->_attributes[$name]; | |
throw new CException("The requested attribute '{$name}' does not exist."); | |
} | |
/** | |
* Checks if a property value is null. | |
* @param string $name Name of the property. | |
* @return boolean True if the property is not null, otherwise false. | |
* @see __get | |
*/ | |
public function __isset($name) | |
{ | |
return isset($this->_attributes[$name]) || parent::__isset($name); | |
} | |
/** | |
* Returns the value of a property. | |
* @param string $name Name of the property. | |
* @return mixed The value of the property. | |
* @see __isset | |
*/ | |
public function __get($name) | |
{ | |
if(!isset($this->_attributes[$name])) | |
return parent::__get($name); | |
if(is_array($this->_attributes[$name]) && count($this->_attributes[$name]) == 1) | |
return $this->_attributes[$name][0]; | |
else | |
return $this->_attributes[$name]; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment