Skip to content

Commit

Permalink
Merge pull request lightSAML#42 from tmilos/reauthentication
Browse files Browse the repository at this point in the history
Support for SamlSpToken reauthentication
  • Loading branch information
tmilos authored Mar 3, 2017
2 parents 16ff87b + 077d3ea commit c32db2e
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -92,12 +92,17 @@ public function __construct(
*/
public function authenticate(TokenInterface $token)
{
if (false === $this->supports($token)) {
throw new \LogicException('Unsupported token');
if ($token instanceof SamlSpResponseToken) {
return $this->authenticateResponse($token);
} elseif ($token instanceof SamlSpToken) {
return $this->reauthenticate($token);
}

/* @var SamlSpResponseToken $token */
throw new \LogicException(sprintf('Unsupported token %s', get_class($token)));
}

private function authenticateResponse(SamlSpResponseToken $token)
{
$user = null;
try {
$user = $this->loadUser($token);
Expand Down Expand Up @@ -142,6 +147,19 @@ public function authenticate(TokenInterface $token)
return $result;
}

private function reauthenticate(SamlSpToken $token)
{
$user = $token->getUser();
$result = new SamlSpToken(
$user instanceof UserInterface ? $user->getRoles() : $token->getRoles(),
$this->providerKey,
$token->getAttributes(),
$user
);

return $result;
}

/**
* Checks whether this provider supports the given token.
*
Expand All @@ -151,7 +169,7 @@ public function authenticate(TokenInterface $token)
*/
public function supports(TokenInterface $token)
{
return $token instanceof SamlSpResponseToken;
return $token instanceof SamlSpToken;
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,34 @@ public function test_supports_saml_sp_response_token()
$this->assertTrue($provider->supports(new SamlSpResponseToken(new Response(), $providerKey)));
}

public function test_does_not_support_non_saml_sp_response_token()
public function test_supports_saml_sp_token()
{
$provider = new LightsSamlSpAuthenticationProvider($providerKey = 'main');
$this->assertFalse($provider->supports($this->getMock(TokenInterface::class)));
$this->assertTrue($provider->supports(new SamlSpToken([], $providerKey, [], 'user')));
}

public function test_supports_reauthentication()
{
$provider = new LightsSamlSpAuthenticationProvider(
$providerKey = 'main',
$userProviderMock = $this->getUserProviderMock(),
false,
null,
$usernameMapperMock = $this->getUsernameMapperMock()
);

$user = 'some.user';
$roles = ['ROLE_USER'];
$attributes = ['a' =>1, 'b' => 'bbb'];
$inToken = new SamlSpToken($roles, $providerKey, $attributes, $user);

/** @var SamlSpToken $outToken */
$outToken = $provider->authenticate($inToken);
$this->assertInstanceOf(SamlSpToken::class, $outToken);
$this->assertEquals($user, $outToken->getUser());
$this->assertEquals($roles, array_map(function ($r) { return $r->getRole(); }, $outToken->getRoles()));
$this->assertEquals($providerKey, $outToken->getProviderKey());
$this->assertEquals($attributes, $outToken->getAttributes());
}

public function test_creates_authenticated_token_with_user_and_his_roles()
Expand Down

0 comments on commit c32db2e

Please sign in to comment.