Revision: 3179
Author: olavmrk
Date: Fri Sep 28 02:40:03 2012
Log: UserPass(Org)Base: Fix error propagation in UserPass(Org)Base
authentication sources.
Thansk to Thijs Kinkhorst for indentifying the problem!
http://code.google.com/p/simplesamlphp/source/detail?r=3179
Modified:
/trunk/modules/core/lib/Auth/UserPassBase.php
/trunk/modules/core/lib/Auth/UserPassOrgBase.php
/trunk/modules/core/templates/loginuserpass.php
/trunk/modules/core/www/loginuserpass.php
/trunk/modules/core/www/loginuserpassorg.php
=======================================
--- /trunk/modules/core/lib/Auth/UserPassBase.php Wed May 23 07:01:08 2012
+++ /trunk/modules/core/lib/Auth/UserPassBase.php Fri Sep 28 02:40:03 2012
@@ -185,13 +185,12 @@
* Handle login request.
*
* This function is used by the login form (core/www/loginuserpass.php)
when the user
- * enters a username and password. On success, it will not return. If an
error occurs,
- * it will return the error code.
+ * enters a username and password. On success, it will not return. On
wrong
+ * username/password failure, and other errors, it will throw an
exception.
*
* @param string $authStateId The identifier of the authentication
state.
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
- * @return string Error code in the case of an error.
*/
public static function handleLogin($authStateId, $username, $password) {
assert('is_string($authStateId)');
@@ -213,16 +212,8 @@
* was called. We should call login() on the same
authentication source.
*/
- try {
- /* Attempt to log in. */
- $attributes = $source->login($username, $password);
- } catch (SimpleSAML_Error_Error $e) {
- /*
- * Login failed. Return the error code to the login
form, so that it
- * can display an error message to the user.
- */
- return $e->getErrorCode();
- }
+ /* Attempt to log in. */
+ $attributes = $source->login($username, $password);
/* Save the attributes we received from the login-function in the
$state-array. */
assert('is_array($attributes)');
=======================================
--- /trunk/modules/core/lib/Auth/UserPassOrgBase.php Thu May 24 04:43:10
2012
+++ /trunk/modules/core/lib/Auth/UserPassOrgBase.php Fri Sep 28 02:40:03
2012
@@ -196,14 +196,12 @@
*
* This function is used by the login form
(core/www/loginuserpassorg.php) when the user
* enters a username and password. On success, it will not return. On
wrong
- * username/password failure, it will return the error code. Other
failures will throw an
- * exception.
+ * username/password failure, and other errors, it will throw an
exception.
*
* @param string $authStateId The identifier of the authentication
state.
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @param string $organization The id of the organization the user
chose.
- * @return string Error code in the case of an error.
*/
public static function handleLogin($authStateId, $username, $password,
$organization) {
assert('is_string($authStateId)');
@@ -230,17 +228,13 @@
} else {
if ($orgMethod === 'force') {
/* The organization should be a part of
the username, but isn't. */
- return 'WRONGUSERPASS';
+ throw new
SimpleSAML_Error_Error('WRONGUSERPASS');
}
}
}
- try {
- /* Attempt to log in. */
- $attributes = $source->login($username, $password,
$organization);
- } catch (SimpleSAML_Error_Error $e) {
- return $e->getErrorCode();
- }
+ /* Attempt to log in. */
+ $attributes = $source->login($username, $password,
$organization);
// Add the selected Org to the state
$state[self::ORGID] = $organization;
=======================================
--- /trunk/modules/core/templates/loginuserpass.php Wed May 23 07:01:08 2012
+++ /trunk/modules/core/templates/loginuserpass.php Fri Sep 28 02:40:03 2012
@@ -16,8 +16,8 @@
<div style="border-left: 1px solid #e8e8e8; border-bottom: 1px solid
#e8e8e8; background: #f5f5f5">
<img src="/<?php echo
$this->data['baseurlpath']; ?>resources/icons/experience/gtk-dialog-error.48x48.png"
class="float-l" style="margin: 15px " />
<h2><?php echo $this->t('{login:error_header}'); ?></h2>
- <p><b><?php echo $this->t('{errors:title_' .
$this->data['errorcode'] . '}'); ?></b></p>
- <p><?php echo $this->t('{errors:descr_' .
$this->data['errorcode'] . '}'); ?></p>
+ <p><b><?php echo htmlspecialchars($this->t('{errors:title_' .
$this->data['errorcode'] . '}', $this->data['errorparams'])); ?></b></p>
+ <p><?php echo htmlspecialchars($this->t('{errors:descr_' .
$this->data['errorcode'] . '}', $this->data['errorparams'])); ?></p>
</div>
<?php
}
=======================================
--- /trunk/modules/core/www/loginuserpass.php Wed May 23 07:01:08 2012
+++ /trunk/modules/core/www/loginuserpass.php Fri Sep 28 02:40:03 2012
@@ -40,6 +40,9 @@
} else {
$password = '';
}
+
+$errorCode = NULL;
+$errorParams = NULL;
if (!empty($_REQUEST['username']) || !empty($password)) {
/* Either username or password set - attempt to log in. */
@@ -56,9 +59,13 @@
setcookie($source->getAuthId() . '-username', $username,
$params['expire'], $params['path'], $params['domain'], $params['secure'],
$params['httponly']);
}
- $errorCode = sspmod_core_Auth_UserPassBase::handleLogin($authStateId,
$username, $password);
-} else {
- $errorCode = NULL;
+ try {
+ sspmod_core_Auth_UserPassBase::handleLogin($authStateId, $username,
$password);
+ } catch (SimpleSAML_Error_Error $e) {
+ /* Login failed. Extract error code and parameters, to display the
error. */
+ $errorCode = $e->getErrorCode();
+ $errorParams = $e->getParameters();
+ }
}
$globalConfig = SimpleSAML_Configuration::getInstance();
@@ -78,6 +85,7 @@
}
$t->data['links'] = $source->getLoginLinks();
$t->data['errorcode'] = $errorCode;
+$t->data['errorparams'] = $errorParams;
if (isset($state['SPMetadata'])) {
$t->data['SPMetadata'] = $state['SPMetadata'];
=======================================
--- /trunk/modules/core/www/loginuserpassorg.php Wed May 23 07:01:08 2012
+++ /trunk/modules/core/www/loginuserpassorg.php Fri Sep 28 02:40:03 2012
@@ -50,6 +50,7 @@
}
$errorCode = NULL;
+$errorParams = NULL;
if ($organizations === NULL || !empty($organization)) {
if (!empty($username) && !empty($password)) {
@@ -61,7 +62,13 @@
setcookie($source->getAuthId() . '-username', $username,
$params['expire'], $params['path'], $params['domain'], $params['secure'],
$params['httponly']);
}
- $errorCode = sspmod_core_Auth_UserPassOrgBase::handleLogin($authStateId,
$username, $password, $organization);
+ try {
+ sspmod_core_Auth_UserPassOrgBase::handleLogin($authStateId, $username,
$password, $organization);
+ } catch (SimpleSAML_Error_Error $e) {
+ /* Login failed. Extract error code and parameters, to display the
error. */
+ $errorCode = $e->getErrorCode();
+ $errorParams = $e->getParameters();
+ }
}
}
@@ -74,6 +81,7 @@
$t->data['rememberUsernameChecked'] =
$source->getRememberUsernameChecked();
if (isset($_COOKIE[$source->getAuthId() . '-username']))
$t->data['rememberUsernameChecked'] = TRUE;
$t->data['errorcode'] = $errorCode;
+$t->data['errorparams'] = $errorParams;
if ($organizations !== NULL) {
$t->data['selectedOrg'] = $organization;
--
You received this message because you are subscribed to the Google Groups
"simpleSAMLphp commits" group.
To post to this group, send email to simplesamlphp-commits@googlegroups.com.
To unsubscribe from this group, send email to
simplesamlphp-commits+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/simplesamlphp-commits?hl=en.
