Auth shibboleth: ajout possibilité de spécifier des alias d'attributs (ex:...

Auth shibboleth: ajout possibilité de spécifier des alias d'attributs (ex: 'HTTP_EPPN' pour 'eppn') ; abandon de l'attribut 'REMOTE_USER' pas toujours présent, au profit de 'eppn'

Auth shibboleth: ajout possibilité de spécifier des alias d'attributs (ex:...
Auth shibboleth: ajout possibilité de spécifier des alias d'attributs (ex: 'HTTP_EPPN' pour 'eppn') ; abandon de l'attribut 'REMOTE_USER' pas toujours présent, au profit de 'eppn'
f505c836 · Bertrand Gauthier · b73dc8a1 · f505c836
Commit f505c836 authored Jun 13, 2018 by Bertrand Gauthier
--- a/src/UnicaenAuth/Service/ShibService.php
+++ b/src/UnicaenAuth/Service/ShibService.php
@@ -60,8 +60,7 @@ EOS;
        if ($this->authenticatedUser === null) {
            // gestion de l'usurpation éventuelle
            $this->handleUsurpation();
-
-            if (empty($_SERVER['REMOTE_USER'])) {
+            if (! $this->getServerArrayVariable('eppn')) {
                return null;
            }

@@ -95,6 +94,21 @@ EOS;
        return $options['simulate'];
    }

+    /**
+     * @param string $attributeName
+     * @return string
+     */
+    public function getShibbolethAliasFor($attributeName)
+    {
+        $options = $this->options->getShibboleth();
+
+        if (! array_key_exists('aliases', $options) || ! is_array($options['aliases']) || ! isset($options['aliases'][$attributeName])) {
+            return null;
+        }
+
+        return $options['aliases'][$attributeName];
+    }
+
    /**
     * Retourne true si la simulation d'un utilisateur authentifié via Shibboleth est en cours.
     *
@@ -235,12 +249,12 @@ EOS;
     */
    public function simulateAuthenticatedUser(ShibUser $shibUser, $keyForId = 'supannEmpId')
    {
-        $_SERVER['REMOTE_USER'] = $shibUser->getEppn();
-        $_SERVER[$keyForId] = $shibUser->getId();
-        $_SERVER['displayName'] = $shibUser->getDisplayName();
-        $_SERVER['mail'] = $shibUser->getEmail();
-        $_SERVER['sn'] = $shibUser->getNom();
-        $_SERVER['givenName'] = $shibUser->getPrenom();
+        $this->setServerArrayVariable('eppn', $shibUser->getEppn());
+        $this->setServerArrayVariable($keyForId, $shibUser->getId());
+        $this->setServerArrayVariable('displayName', $shibUser->getDisplayName());
+        $this->setServerArrayVariable('mail', $shibUser->getEmail());
+        $this->setServerArrayVariable('sn', $shibUser->getNom());
+        $this->setServerArrayVariable('givenName', $shibUser->getPrenom());
    }

    /**
@@ -248,41 +262,41 @@ EOS;
     */
    private function createShibUserFromServerArrayData()
    {
-        $eppn = $_SERVER['REMOTE_USER'];
+        $eppn = $this->getServerArrayVariable('eppn');

-        if (isset($_SERVER['supannEtuId'])) {
-            $id = $_SERVER['supannEtuId'];
-        } elseif (isset($_SERVER['supannEmpId'])) {
-            $id = $_SERVER['supannEmpId'];
+        if ($value = $this->getServerArrayVariable('supannEtuId')) {
+            $id = $value;
+        } elseif ($value = $this->getServerArrayVariable('supannEmpId')) {
+            $id = $value;
        } else {
            throw new RuntimeException('Un au moins des attributs Shibboleth suivants doit exister dans $_SERVER : supannEtuId, supannEmpId.');
        }

        $mail = null;
-        if (isset($_SERVER['mail'])) {
-            $mail = $_SERVER['mail'];
+        if ($value = $this->getServerArrayVariable('mail')) {
+            $mail = $value;
        }

        $displayName = null;
-        if (isset($_SERVER['displayName'])) {
-            $displayName = $_SERVER['displayName'];
+        if ($value = $this->getServerArrayVariable('displayName')) {
+            $displayName = $value;
        }

        $surname = null;
-        if (isset($_SERVER['sn'])) {
-            $surname = $_SERVER['sn'];
-        } elseif (isset($_SERVER['surname'])) {
-            $surname = $_SERVER['surname'];
+        if ($value = $this->getServerArrayVariable('sn')) {
+            $surname = $value;
+        } elseif ($value = $this->getServerArrayVariable('surname')) {
+            $surname = $value;
        }

        $givenName = null;
-        if (isset($_SERVER['givenName'])) {
-            $givenName = $_SERVER['givenName'];
+        if ($value = $this->getServerArrayVariable('givenName')) {
+            $givenName = $value;
        }

        $civilite = null;
-        if (isset($_SERVER['supannCivilite'])) {
-            $civilite = $_SERVER['supannCivilite'];
+        if ($value = $this->getServerArrayVariable('supannCivilite')) {
+            $civilite = $value;
        }

        $shibUser = new ShibUser();
@@ -373,4 +387,30 @@ EOS;
            ],
        ]);
    }
+
+    /**
+     * @param string $name
+     * @param string $value
+     */
+    private function setServerArrayVariable($name, $value)
+    {
+        $key = $this->getShibbolethAliasFor($name) ?: $name;
+
+        $_SERVER[$key] = $value;
+    }
+
+    /**
+     * @param $name
+     * @return string
+     */
+    private function getServerArrayVariable($name)
+    {
+        $key = $this->getShibbolethAliasFor($name) ?: $name;
+
+        if (! array_key_exists($key, $_SERVER)) {
+            return null;
+        }
+
+        return $_SERVER[$key];
+    }
 }
\ No newline at end of file