IdP PHP : logout is working
This commit is contained in:
Christophe Nowicki
parent
ed0ad92133
commit
9388bdfc57
|
|
@ -239,8 +239,9 @@
|
|||
$res =& $db->query($query);
|
||||
|
||||
$query = "CREATE TABLE assertions (
|
||||
assertion text,
|
||||
response_dump text)";
|
||||
assertion text,
|
||||
response_dump text,
|
||||
created timestamp)";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
|
|
|
|||
|
|
@ -128,15 +128,21 @@
|
|||
}
|
||||
else
|
||||
die("Unknown protocol profile for login:" . $login->protocolProfile);
|
||||
|
||||
|
||||
if ($login->isIdentityDirty)
|
||||
{
|
||||
// TODO
|
||||
// print "isIdentityDirty yes";
|
||||
$identity = $login->identity;
|
||||
$query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump());
|
||||
$query .= " WHERE user_id='$user_id'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
}
|
||||
|
||||
// Get name identifier
|
||||
$query = "SELECT name_identifier FROM nameidentifiers WHERE user_id='$user_id'";
|
||||
$query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
|
||||
$query .= $login->nameIdentifier . "'";
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
|
@ -173,18 +179,26 @@
|
|||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
// Save assertion
|
||||
$query = "INSERT INTO assertions (assertion, response_dump) VALUES ('" . $login->assertionArtifact;
|
||||
$query .= "', '" . $login->responseDump . "')";
|
||||
if (empty($login->assertionArtifact))
|
||||
die("assertion Artifact is empty");
|
||||
|
||||
$assertion = $login->assertion;
|
||||
$assertion_dump = $assertion->dump();
|
||||
|
||||
if (empty($assertion_dump))
|
||||
die("assertion dump is empty");
|
||||
|
||||
|
||||
// Save assertion
|
||||
$query = "INSERT INTO assertions (assertion, response_dump, created) VALUES ";
|
||||
$query .= "('".$login->assertionArtifact."',".$db->quoteSmart($assertion_dump).", NOW())";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
|
||||
{
|
||||
$artifact = $login->assertionArtifact;
|
||||
$response_msg = $login->responseDump;
|
||||
$url = $login->msgUrl;
|
||||
|
||||
header("Request-URI: $url");
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@
|
|||
|
||||
if (DB::isError($db))
|
||||
die($db->getMessage());
|
||||
|
||||
|
||||
switch ($requestype)
|
||||
{
|
||||
// Login
|
||||
|
|
@ -56,7 +56,10 @@
|
|||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
{
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
die($res->getMessage());
|
||||
}
|
||||
|
||||
// Good Artifact, send reponse_dump
|
||||
if ($res->numRows())
|
||||
|
|
@ -67,9 +70,14 @@
|
|||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
{
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
die($res->getMessage());
|
||||
header("Content-Length: " . strlen($row[0]) . "\r\n");
|
||||
echo $row[0];
|
||||
}
|
||||
$login->setAssertionFromDump($row[0]);
|
||||
$login->buildResponseMsg();
|
||||
header("Content-Length: " . strlen($login->msgBody) . "\r\n");
|
||||
echo $login->msgBody;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -80,11 +88,116 @@
|
|||
}
|
||||
break;
|
||||
case lassoRequestTypeLogout:
|
||||
// Logout
|
||||
$logout = new LassoLogout($server, lassoProviderTypeIdp);
|
||||
$logout->processRequestMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap);
|
||||
$nameIdentifier = $logout->nameIdentifier;
|
||||
|
||||
// name identifier is empty, wrong request
|
||||
if (empty($nameIdentifier))
|
||||
{
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
exit;
|
||||
}
|
||||
|
||||
$query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
|
||||
$query .= $nameIdentifier . "'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
if (!$res->numRows())
|
||||
{
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
exit;
|
||||
}
|
||||
|
||||
$row = $res->fetchRow();
|
||||
$user_id = $row[0];
|
||||
|
||||
$query = "SELECT user_dump,session_dump FROM users WHERE user_id='$user_id'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
|
||||
if (!$res->numRows())
|
||||
{
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
exit;
|
||||
}
|
||||
|
||||
$row = $res->fetchRow();
|
||||
$user_dump = $row[0];
|
||||
$session_dump = $row[1];
|
||||
|
||||
$logout->setSessionFromDump($session_dump);
|
||||
$logout->setIdentityFromDump($user_dump);
|
||||
|
||||
// TODO : handle exception
|
||||
if ($logout->validateRequest())
|
||||
{
|
||||
// validate request failed
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($logout->isIdentityDirty)
|
||||
{
|
||||
$identity = $logout->identity;
|
||||
$query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump());
|
||||
$query .= " WHERE user_id='$user_id'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
if (DB::isError($res))
|
||||
die($res->getMessage());
|
||||
}
|
||||
|
||||
// TODO : try multiple sp logout
|
||||
while(($providerID = $logout->getNextProviderId()))
|
||||
{
|
||||
$logout->initRequest($providerID, lassoHttpMethodAny); // FIXME
|
||||
$logout->buildRequestMsg();
|
||||
$url = parse_url($logout->msgUrl);
|
||||
|
||||
$soap = sprintf("POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n",
|
||||
$url['path'], $url['host'], $url['port'], strlen($logout->msgBody), $logout->msgBody);
|
||||
|
||||
$fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30);
|
||||
if (!$fp)
|
||||
{
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
die($errstr ($errno));
|
||||
}
|
||||
fwrite($fp, $soap);
|
||||
$ret = fgets($fp);
|
||||
|
||||
if (!preg_match("/^HTTP\/1\\.. 200/i", $ret))
|
||||
{
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
die("Logout failed with : " . $providerID);
|
||||
}
|
||||
|
||||
while (!feof($fp)) {
|
||||
$reponse .= @fread($fp, 8192);
|
||||
}
|
||||
|
||||
fclose($fp);
|
||||
|
||||
list($header, $body) = preg_split("/(\r\n\r\n|\n\n)/", $reponse, 2);
|
||||
|
||||
$logout->processResponseMsg($body, lassoHttpMethodSoap);
|
||||
}
|
||||
|
||||
$logout->buildResponseMsg();
|
||||
header("Content-Length: " . strlen($logout->msgBody) . "\r\n");
|
||||
echo $logout->msgBody;
|
||||
break;
|
||||
case lassoRequestTypeDefederation:
|
||||
break;
|
||||
default:
|
||||
die("Unkown request type!");
|
||||
header("HTTP/1.0 500 Internal Server Error");
|
||||
}
|
||||
|
||||
lasso_shutdown();
|
||||
|
|
|
|||
|
|
@ -47,10 +47,9 @@
|
|||
$url = parse_url($login->msgUrl);
|
||||
|
||||
$soap = sprintf(
|
||||
"POST %s HTTP/1.1\r\nHost: %s:%d\r\nAccept-Encoding: identity\r\nContent-Length: %d\r\nContent-Type: text/xml\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html\r\nConnection: close\r\n\r\n%s\r\n",
|
||||
"POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n",
|
||||
$url['path'], $url['host'], $url['port'], strlen($login->msgBody), $login->msgBody);
|
||||
|
||||
|
||||
# PHP 4.3.0 with OpenSSL support required
|
||||
$fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno));
|
||||
fwrite($fp, $soap);
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ Please run the setup script :<br>
|
|||
You can get more informations about <b>Lasso</b> at <br>
|
||||
<a href='http://lasso.entrouvert.org/'>http://lasso.entrouvert.org/</a></p>
|
||||
<?php
|
||||
exit();
|
||||
}
|
||||
|
||||
$config = unserialize(file_get_contents('config.inc'));
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@
|
|||
|
||||
$server_dump = file_get_contents($config['server_dump_filename']);
|
||||
|
||||
$server = LassoServer::newfromdump($server_dump);
|
||||
$server = LassoServer::newFromdump($server_dump);
|
||||
|
||||
$login = new LassoLogin($server);
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,8 @@
|
|||
|
||||
$logout = new LassoLogout($server, lassoProviderTypeSp);
|
||||
|
||||
$query = "SELECT identity_dump FROM users WHERE user_id='" . $_SESSION['user_id'] . "'";
|
||||
$query = "SELECT identity_dump FROM users WHERE user_id='";
|
||||
$query .= $_SESSION['user_id']."'";
|
||||
|
||||
$res =& $db->query($query);
|
||||
|
||||
|
|
@ -67,11 +68,10 @@
|
|||
$url = parse_url($logout->msgUrl);
|
||||
|
||||
$soap = sprintf(
|
||||
"POST %s HTTP/1.1\r\nHost: %s:%d\r\nAccept-Encoding: identity\r\nContent-Length: %d\r\nContent-Type: text/xml\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html\r\nConnection: close\r\n\r\n%s\r\n",
|
||||
"POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n",
|
||||
$url['path'], $url['host'], $url['port'],
|
||||
strlen($logout->msgBody), $logout->msgBody);
|
||||
|
||||
|
||||
# PHP 4.3.0 with OpenSSL support required
|
||||
$fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno));
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@
|
|||
|
||||
$config_ser = serialize($config);
|
||||
|
||||
if (($fd = fopen(getcwd()."/config.inc", "w")))
|
||||
if (($fd = fopen("config.inc", "w")))
|
||||
{
|
||||
fwrite($fd, $config_ser);
|
||||
fclose($fd);
|
||||
|
|
|
|||
Loading…
Reference in New Issue