You are here

Home » API reference » simpleSAMLphp Authentication 8.3 » SimplesamlphpAuthManager.php

class SimplesamlphpAuthManager in simpleSAMLphp Authentication 8.3

Service to interact with the SimpleSAMLPHP authentication library.

Hierarchy

Expanded class hierarchy of SimplesamlphpAuthManager

6 files declare their use of SimplesamlphpAuthManager
SimplesamlExternalauthSubscriber.php in src/EventSubscriber/SimplesamlExternalauthSubscriber.php
SimplesamlphpAuthBlock.php in src/Plugin/Block/SimplesamlphpAuthBlock.php
SimplesamlphpAuthController.php in src/Controller/SimplesamlphpAuthController.php
SimplesamlphpAuthManagerTest.php in tests/src/Unit/Service/SimplesamlphpAuthManagerTest.php
SimplesamlphpAuthTestManager.php in tests/simplesamlphp_auth_test/src/SimplesamlphpAuthTestManager.php

... See full list

1 string reference to 'SimplesamlphpAuthManager'
simplesamlphp_auth.services.yml in ./simplesamlphp_auth.services.yml
simplesamlphp_auth.services.yml
1 service uses SimplesamlphpAuthManager
simplesamlphp_auth.manager in ./simplesamlphp_auth.services.yml
Drupal\simplesamlphp_auth\Service\SimplesamlphpAuthManager

File

src/Service/SimplesamlphpAuthManager.php, line 21

Namespace

Drupal\simplesamlphp_auth\Service
View source 
class SimplesamlphpAuthManager {
  use StringTranslationTrait;

  /**
   * A configuration object.
   *
   * @var \Drupal\Core\Config\ImmutableConfig
   */
  protected $config;

  /**
   * A SimpleSAML configuration instance.
   *
   * @var \SimpleSAML\Configuration
   */
  protected $simplesamlConfig;

  /**
   * A SimpleSAML instance.
   *
   * @var \SimpleSAML\Auth\Simple
   */
  protected $instance;

  /**
   * Attributes for federated user.
   *
   * @var array
   */
  protected $attributes;

  /**
   * The current user.
   *
   * @var \Drupal\Core\Session\AccountInterface
   */
  protected $currentUser;

  /**
   * The route admin context to determine whether a route is an admin one.
   *
   * @var \Drupal\Core\Routing\AdminContext
   */
  protected $adminContext;

  /**
   * The module handler service.
   *
   * @var \Drupal\Core\Extension\ModuleHandlerInterface
   */
  protected $moduleHandler;

  /**
   * The request stack.
   *
   * @var \Symfony\Component\HttpFoundation\RequestStack
   */
  protected $requestStack;

  /**
   * The messenger.
   *
   * @var \Drupal\Core\Messenger\MessengerInterface
   */
  protected $messenger;

  /**
   * Constructor for SimplesamlphpAuthManager.
   *
   * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
   *   The configuration factory.
   * @param \Drupal\Core\Session\AccountInterface $current_user
   *   The current user.
   * @param \Drupal\Core\Routing\AdminContext $admin_context
   *   The route admin context to determine whether the route is an admin one.
   * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler
   *   The module handler service.
   * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
   *   The request stack.
   * @param \Drupal\Core\Messenger\MessengerInterface $messenger
   *   The messenger.
   * @param \SimpleSAML\Auth\Simple $instance
   *   Simple instance.
   * @param \SimpleSAML\Configuration $config
   *   \SimpleSAML\Configuration instance.
   */
  public function __construct(ConfigFactoryInterface $config_factory, AccountInterface $current_user, AdminContext $admin_context, ModuleHandlerInterface $module_handler, RequestStack $request_stack, MessengerInterface $messenger, Simple $instance = NULL, Configuration $config = NULL) {
    $this->config = $config_factory
      ->get('simplesamlphp_auth.settings');
    $this->currentUser = $current_user;
    $this->adminContext = $admin_context;
    $this->moduleHandler = $module_handler;
    $this->requestStack = $request_stack;
    $this->messenger = $messenger;
    $this->instance = $instance;
    $this->simplesamlConfig = $config;
  }

  /**
   * Forwards the user to the IdP for authentication.
   */
  public function externalAuthenticate() {
    $uri = $this->requestStack
      ->getCurrentRequest()
      ->getUri();
    $instance = $this
      ->getSimpleSamlInstance();
    if (empty($instance)) {
      return FALSE;
    }
    $instance
      ->requireAuth([
      'ReturnTo' => $uri,
    ]);
  }

  /**
   * Returns a SimpleSAML Simple class instance.
   *
   * @return \SimpleSAML\Auth\Simple|null
   *   The SimpleSAML Simple instance.
   */
  protected function getSimpleSamlInstance() {
    if (!empty($this->instance)) {
      return $this->instance;
    }
    else {
      $this
        ->checkLibrary();
      $auth_source = $this->config
        ->get('auth_source');
      try {
        $this->instance = new Simple($auth_source);
        return $this->instance;
      } catch (CriticalConfigurationError $e) {
        if ($this->currentUser
          ->hasPermission('administer simplesamlphp authentication') && $this->adminContext
          ->isAdminRoute()) {
          $this->messenger
            ->addError($this
            ->t('There is a Simplesamlphp configuration problem. @message', [
            '@message' => $e
              ->getMessage(),
          ]), 'error');
        }
        return NULL;
      }
    }
  }

  /**
   * Returns a SimpleSAML configuration instance.
   *
   * @return \SimpleSAML\Configuration|null
   *   The SimpleSAML Configuration instance.
   */
  protected function getSimpleSamlConfiguration() {
    if (!empty($this->simplesamlConfig)) {
      return $this->simplesamlConfig;
    }
    else {
      $this
        ->checkLibrary();
      try {
        $this->simplesamlConfig = Configuration::getInstance();
        return $this->simplesamlConfig;
      } catch (CriticalConfigurationError $e) {
        if ($this->currentUser
          ->hasPermission('administer simplesamlphp authentication') && $this->currentUser
          ->isAdminRoute()) {
          $this->messenger
            ->addError($this
            ->t('There is a Simplesamlphp configuration problem. @message', [
            '@message' => $e
              ->getMessage(),
          ]), 'error');
        }
        return NULL;
      }
    }
  }

  /**
   * Get SimpleSAMLphp storage type.
   *
   * @return string
   *   The storage type.
   */
  public function getStorage() {
    $config = $this
      ->getSimpleSamlConfiguration();
    if (!empty($config) && !empty($config
      ->getValue('store.type'))) {
      return $config
        ->getValue('store.type');
    }
    return NULL;
  }

  /**
   * Check whether user is authenticated by the IdP.
   *
   * @return bool
   *   If the user is authenticated by the IdP.
   */
  public function isAuthenticated() {
    if ($instance = $this
      ->getSimpleSamlInstance()) {
      return $instance
        ->isAuthenticated();
    }
    return FALSE;
  }

  /**
   * Gets the unique id of the user from the IdP.
   *
   * @return string
   *   The authname.
   */
  public function getAuthname() {
    return $this
      ->getAttribute($this->config
      ->get('unique_id'));
  }

  /**
   * Gets the name attribute.
   *
   * @return string
   *   The name attribute.
   */
  public function getDefaultName() {
    return $this
      ->getAttribute($this->config
      ->get('user_name'));
  }

  /**
   * Gets the mail attribute.
   *
   * @return string
   *   The mail attribute.
   */
  public function getDefaultEmail() {
    return $this
      ->getAttribute($this->config
      ->get('mail_attr'));
  }

  /**
   * Gets all SimpleSAML attributes.
   *
   * @return array
   *   Array of SimpleSAML attributes.
   */
  public function getAttributes() {
    if (!$this->attributes) {
      $this->attributes = $this
        ->getSimpleSamlInstance()
        ->getAttributes();
    }
    return $this->attributes;
  }

  /**
   * Get a specific SimpleSAML attribute.
   *
   * @param string $attribute
   *   The name of the attribute.
   *
   * @return mixed|bool
   *   The attribute value or FALSE.
   *
   * @throws \Drupal\simplesamlphp_auth\Exception\SimplesamlphpAttributeException
   *   Exception when attribute is not set.
   */
  public function getAttribute($attribute) {
    $attributes = $this
      ->getAttributes();
    if (isset($attributes)) {
      if (!empty($attributes[$attribute][0])) {
        return $attributes[$attribute][0];
      }
    }
    throw new SimplesamlphpAttributeException(sprintf('Error in simplesamlphp_auth.module: no valid "%s" attribute set.', $attribute));
  }

  /**
   * Asks all modules if current federated user is allowed to login.
   *
   * @return bool
   *   Returns FALSE if at least one module returns FALSE.
   */
  public function allowUserByAttribute() {
    $attributes = $this
      ->getAttributes();
    foreach ($this->moduleHandler
      ->getImplementations('simplesamlphp_auth_allow_login') as $module) {
      if ($this->moduleHandler
        ->invoke($module, 'simplesamlphp_auth_allow_login', [
        $attributes,
      ]) === FALSE) {
        return FALSE;
      }
    }
    return TRUE;
  }

  /**
   * Checks if SimpleSAMLphp_auth is enabled.
   *
   * @return bool
   *   Whether SimpleSAMLphp authentication is enabled or not.
   */
  public function isActivated() {
    if ($this->config
      ->get('activate') == 1) {
      return TRUE;
    }
    return FALSE;
  }

  /**
   * Log a user out through the SimpleSAMLphp instance.
   *
   * @param string $redirect_path
   *   The path to redirect to after logout.
   */
  public function logout($redirect_path = NULL) {
    if (!$redirect_path) {
      $redirect_path = base_path();
    }
    if ($instance = $this
      ->getSimpleSamlInstance()) {
      $instance
        ->logout($redirect_path);
    }
  }

  /**
   * Check if the SimpleSAMLphp library can be found.
   *
   * Fallback for when the library was not found via Composer.
   */
  protected function checkLibrary() {
    if ($dir = Settings::get('simplesamlphp_dir')) {
      include_once $dir . '/lib/_autoload.php';
    }
    if (!class_exists('SimpleSAML\\Configuration')) {
      $this->messenger
        ->addError($this
        ->t('The SimpleSAMLphp library cannot be found.'));
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
SimplesamlphpAuthManager::$adminContext protected property The route admin context to determine whether a route is an admin one.
SimplesamlphpAuthManager::$attributes protected property Attributes for federated user.
SimplesamlphpAuthManager::$config protected property A configuration object.
SimplesamlphpAuthManager::$currentUser protected property The current user.
SimplesamlphpAuthManager::$instance protected property A SimpleSAML instance.
SimplesamlphpAuthManager::$messenger protected property The messenger.
SimplesamlphpAuthManager::$moduleHandler protected property The module handler service.
SimplesamlphpAuthManager::$requestStack protected property The request stack.
SimplesamlphpAuthManager::$simplesamlConfig protected property A SimpleSAML configuration instance.
SimplesamlphpAuthManager::allowUserByAttribute public function Asks all modules if current federated user is allowed to login.
SimplesamlphpAuthManager::checkLibrary protected function Check if the SimpleSAMLphp library can be found.
SimplesamlphpAuthManager::externalAuthenticate public function Forwards the user to the IdP for authentication. 1
SimplesamlphpAuthManager::getAttribute public function Get a specific SimpleSAML attribute.
SimplesamlphpAuthManager::getAttributes public function Gets all SimpleSAML attributes. 1
SimplesamlphpAuthManager::getAuthname public function Gets the unique id of the user from the IdP.
SimplesamlphpAuthManager::getDefaultEmail public function Gets the mail attribute.
SimplesamlphpAuthManager::getDefaultName public function Gets the name attribute.
SimplesamlphpAuthManager::getSimpleSamlConfiguration protected function Returns a SimpleSAML configuration instance.
SimplesamlphpAuthManager::getSimpleSamlInstance protected function Returns a SimpleSAML Simple class instance.
SimplesamlphpAuthManager::getStorage public function Get SimpleSAMLphp storage type. 1
SimplesamlphpAuthManager::isActivated public function Checks if SimpleSAMLphp_auth is enabled.
SimplesamlphpAuthManager::isAuthenticated public function Check whether user is authenticated by the IdP. 1
SimplesamlphpAuthManager::logout public function Log a user out through the SimpleSAMLphp instance. 1
SimplesamlphpAuthManager::__construct public function Constructor for SimplesamlphpAuthManager.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.