Issue 4: Replace User with Events: AuthRequest, AuthResult.

And broadened "basic" example
mrclay · Jun 28, 2011 · 3cb4140 · 3cb4140
1 parent 8f942d9
commit 3cb4140
Show file tree

Hide file tree

Showing 15 changed files with 269 additions and 101 deletions.
diff --git a/examples/basic/goodbye.php b/examples/basic/goodbye.php
@@ -1 +1 @@
-Goodbye, fair user. <a href="./">Access protected resource</a>
+Goodbye, fair user. <a href="./">Come back</a>
diff --git a/examples/basic/idp.php b/examples/basic/idp.php
@@ -9,9 +9,9 @@
     $idp->logout();
 }
 
-if ($idp->getUser()) {
+if ($idp->getValidAuthResult()) {
     header('Content-Type: text/html;charset=utf-8');
-    echo "Already signed in as <b>" . htmlspecialchars($idp->getUser()->getUsername(), ENT_QUOTES, 'UTF-8') . '</b>. <a href="?logout">Sign out</a>';
+    echo "Already signed in as <b>" . htmlspecialchars($idp->getValidAuthResult()->getUsername(), ENT_QUOTES, 'UTF-8') . '</b>. <a href="?logout">Sign out</a>';
     die();
 }
 

diff --git a/examples/basic/index.php b/examples/basic/index.php
@@ -3,19 +3,21 @@
 // the "SP"
 require '_inc.php';
 $sp = new Shibalike\SP(getStateManager(), getConfig());
-$sp->requireValidUser();
+$sp->initLazySession();
 
 
 
-// your app's shibboleth auth module here
-
-$username = $_SERVER['REMOTE_USER'];
-
-
 // the "application"
 
+// _SERVER vars may not exist!
+$name = empty($_SERVER['displayname'])
+    ? 'Anonymous'
+    : $_SERVER['displayname'];
+
 header('Content-Type: text/html;charset=utf-8');
 
-echo "<h1>Hello, " . htmlspecialchars($_SERVER['displayname'], ENT_QUOTES, 'UTF-8') . "!</h1>";
+echo "<h1>Hello, " . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . "!</h1>";
+
+echo "<p>This is a non-protected resource with a \"lazy\" session. Access the <a href='protected.php'>protected resource</a>.</p>";
 
-echo "<p><a href='idp.php?logout'>Sign out</a></p>";
+echo "<p><a href='sign-in.php'>Sign in</a> | <a href='idp.php?logout'>Sign out</a></p>";
diff --git a/examples/basic/protected.php b/examples/basic/protected.php
@@ -0,0 +1,23 @@
+<?php
+
+// the "SP"
+require '_inc.php';
+$sp = new Shibalike\SP(getStateManager(), getConfig());
+$sp->requireValidUser();
+
+
+
+// your app's shibboleth auth module here
+
+$username = $_SERVER['REMOTE_USER'];
+
+
+// the "application"
+
+header('Content-Type: text/html;charset=utf-8');
+
+echo "<h1>Hello, " . htmlspecialchars($_SERVER['displayname'], ENT_QUOTES, 'UTF-8') . "!</h1>";
+
+echo "<p>This is a protected resource.</p>";
+
+echo "<p><a href='idp.php?logout'>Sign out</a></p>";
diff --git a/examples/basic/sign-in.php b/examples/basic/sign-in.php
@@ -0,0 +1,10 @@
+<?php
+
+// the "SP"
+require '_inc.php';
+$sp = new Shibalike\SP(getStateManager(), getConfig());
+
+$from = $_SERVER['HTTP_REFERER'];
+
+$sp->makeAuthRequest($_SERVER['HTTP_REFERER']);
+$sp->redirect();
diff --git a/examples/shibboleth-as-idp/idp/index.php b/examples/shibboleth-as-idp/idp/index.php
@@ -29,9 +29,9 @@
     $idp->logout();
 }
 
-if ($idp->getUser()) {
+if ($idp->getValidAuthResult()) {
     header('Content-Type: text/html;charset=utf-8');
-    echo "Already signed in as <b>" . htmlspecialchars($idp->getUser()->getUsername(), ENT_QUOTES, 'UTF-8') . '</b>. <a href="?logout">Sign out</a>';
+    echo "Already signed in as <b>" . htmlspecialchars($idp->getValidAuthResult()->getUsername(), ENT_QUOTES, 'UTF-8') . '</b>. <a href="?logout">Sign out</a>';
     die();
 }
 

diff --git a/src/Shibalike/AuthRequest.php b/src/Shibalike/AuthRequest.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace Shibalike;
+
+use Shibalike\Event;
+
+class AuthRequest extends Event {
+
+    public function __construct($returnUrl = null)
+    {
+        $this->_returnUrl = $returnUrl;
+        parent::__construct();
+    }
+
+    /**
+     * @return string
+     */
+    public function getReturnUrl()
+    {
+        return $this->_returnUrl;
+    }
+
+    /**
+     * @var string
+     */
+    protected $_returnUrl;
+}
diff --git a/src/Shibalike/AuthResult.php b/src/Shibalike/AuthResult.php
@@ -0,0 +1,60 @@
+<?php
+
+namespace Shibalike;
+
+use Shibalike\Event;
+
+class AuthResult extends Event {
+
+    /**
+     * @param string $username
+     * @param array $attrs 
+     */
+    public function __construct($username, array $attrs)
+    {
+        if (!is_string($username) || $username === '') {
+            throw new \Exception("username must be a string.");
+        }
+        if (empty($attrs)) {
+            throw new \Exception("attrs must contain at least one attribute");
+        }
+        $this->_username = $username;
+        $this->_attrs = $attrs;
+        parent::__construct();
+    }
+
+    /**
+     * @param int $ttl
+     * @return bool 
+     */
+    public function isFresh($ttl)
+    {
+        return ($this->_time + $ttl) > time();
+    }
+
+    /**
+     * @return string
+     */
+    public function getUsername()
+    {
+        return $this->_username;
+    }
+
+    /**
+     * @return array
+     */
+    public function getAttrs()
+    {
+        return $this->_attrs;
+    }
+
+    /**
+     * @var string
+     */
+    protected $_username;
+
+    /**
+     * @var array
+     */
+    protected $_attrs;
+}
diff --git a/src/Shibalike/Event.php b/src/Shibalike/Event.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace Shibalike;
+
+use Shibalike\Junction;
+
+class Event {
+
+    /**
+     * @param string $name
+     */
+    public function __construct()
+    {
+        $this->_url = Junction::getCurrentUrl();
+        $this->_time = microtime(true);
+    }
+
+    public function getType()
+    {
+        return get_class($this);
+    }
+
+    public function getTime()
+    {
+        return $this->_time;
+    }
+
+    public function getUrl()
+    {
+        return $this->_url;
+    }
+
+    /**
+     * @var float
+     */
+    protected $_time;
+
+    /**
+     * @var string
+     */
+    protected $_url;
+}
diff --git a/src/Shibalike/IStateManager.php b/src/Shibalike/IStateManager.php
@@ -8,22 +8,6 @@
  */
 interface IStateManager {
 
-    /**
-     * @return bool was the user set successfully?
-     * @param User $user
-     */
-    public function setUser(User $user);
-
-    /**
-     * @return User|null
-     */
-    public function getUser();
-
-    /**
-     * @return bool was the user unset successfully?
-     */
-    public function unsetUser();
-
     /**
      * Forget all state data
      */
@@ -38,12 +22,18 @@ public function writeClose();
      * @param string $key
      * @return string|null
      */
-    public function getMetadata($key);
+    public function get($key);
 
     /**
      * @param string $key
      * @param string $value if null, this key will be removed
      * @return bool
      */
-    public function setMetadata($key, $value = null);
+    public function set($key, $value = null);
+
+    /**
+     * Returns true if user is likely to have state data (e.g. the session cookie)
+     * @return bool
+     */
+    public function likelyHasState();
 }
diff --git a/src/Shibalike/IdP.php b/src/Shibalike/IdP.php
@@ -67,9 +67,8 @@ public function markAsAuthenticated($username, array $attrs = null)
         if (!$attrs) {
             $attrs = $this->fetchAttrs($username);
         }
-        $user = new User($username, $attrs);
-        return ($this->_stateMgr->setUser($user)
-                && $this->_stateMgr->setMetadata('authTime', time()));
+        $authResult = new AuthResult($username, $attrs);
+        return $this->_stateMgr->set('authResult', $authResult);
     }
 
     /**
@@ -91,9 +90,10 @@ public function getRedirectUrl()
     public function redirect($url = null, $exitAfter = true)
     {
         if (empty($url)) {
-            $url = $this->_stateMgr->getMetadata('returnUrl');
-            if (! empty($url)) {
-                $this->_stateMgr->setMetadata('returnUrl');
+            $authRequest = $this->_stateMgr->get('authRequest');
+            if ($authRequest) {
+                $url = $authRequest->getReturnUrl();
+                $this->_stateMgr->set('authRequest');
             }
         }
         parent::redirect($url, $exitAfter);

diff --git a/src/Shibalike/Junction.php b/src/Shibalike/Junction.php
@@ -2,8 +2,8 @@
 
 namespace Shibalike;
 
-use Shibalike\IStateManager as IStateManager;
-use Shibalike\Config as Config;
+use Shibalike\IStateManager;
+use Shibalike\Config;
 
 /**
  * 
@@ -29,20 +29,21 @@ public function __construct(IStateManager $stateMgr, Config $config)
      */
     public function userIsAuthenticated()
     {
-        return (bool) $this->getUser();
+        return (bool) $this->getValidAuthResult();
     }
 
     /**
      * Get the User object from the state manager
      *
-     * @return \Shibalike\User|null
+     * @return \Shibalike\AuthResult|null
      */
-    public function getUser()
+    public function getValidAuthResult()
     {
-        $authTime = $this->_stateMgr->getMetadata('authTime');
-        if (($authTime + $this->_config->timeout) < time()) {
-            return $this->_stateMgr->getUser();
+        $authResult = $this->_stateMgr->get('authResult');
+        if ($authResult && $authResult->isFresh($this->_config->timeout)) {
+            return $authResult;
         }
+        return null;
     }
 
     /**
@@ -79,7 +80,7 @@ public function getRedirectUrl()
     /**
      * @return string
      */
-    public function getCurrentUrl()
+    public static function getCurrentUrl()
     {
         $host  = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
         $proto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!=="off") ? 'https' : 'http';