search

catalyst / moodle-auth_saml2

SAML done 100% in Moodle, fast, simple, secure
https://moodle.org/plugins/auth_saml2
70 stars 132 forks source link

Auth Proc Filter Hooks - #797

Open Baku305 opened 4 months ago

Baku305 commented 4 months ago

What happened?

More information about this error

×Debug info: Error code: generalexceptionmessage ×Stack trace: line 1 of /auth/saml2/.extlib/simplesamlphp/modules/core/lib/Auth/Process/PHP.php(65) : eval()'d code: ParseError thrown line 67 of /auth/saml2/.extlib/simplesamlphp/modules/core/lib/Auth/Process/PHP.php: call to SimpleSAML\Module\core\Auth\Process\PHP->SimpleSAML\Module\core\Auth\Process{closure}() line 215 of /auth/saml2/.extlib/simplesamlphp/lib/SimpleSAML/Auth/ProcessingChain.php: call to SimpleSAML\Module\core\Auth\Process\PHP->process() line 1170 of /auth/saml2/.extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php: call to SimpleSAML\Auth\ProcessingChain->processState() line 268 of /auth/saml2/.extlib/simplesamlphp/modules/saml/www/sp/saml2-acs.php: call to SimpleSAML\Module\saml\Auth\Source\SP->handleResponse() line 34 of /auth/saml2/sp/saml2-acs.php: call to require()"

What you expected:

Attribute ex:

` <Attribute Name="http://schemas.xmlsoap.org/claims/Group" a:OriginalIssuer="urn:federation:feddippp" xmlns:a="http://schemas.xmlsoap.org/ws/2009/09/identity/claims">

grp-spi,grp-sau,grp-smacc

`

I need to create a hook that filters the Group attribute which currently comes to me as a unique string within the attribute value. For example "grp-a,grp-b,grp-viceversa". to then be able to manage accesses in the screenshot mask in the way you can see. I created this as per the documentation, but running it I get this error. Thanks so much for the support viceversa

this is the code in the lib.php file

<?php

defined('MOODLE_INTERNAL') || die();

function local_customsamlhook_extend_auth_saml2_proc()
{
    return [
        51 => array(
            'class' => 'core:PHP',
            'code' => '$attributes = update_attributes($attributes);' 
        )
    ];
}

function update_attributes($attributes)
{
    if (isset($attributes["Group"])) {
        $attributeValue = $attributes["Group"];
        $groups = explode(",", $attributeValue);
        if (in_array("grp-viceversa", $groups)) {
            $newGroups = ["grp-viceversa"];
            $attributes["Group"] = $newGroups[0];
        } else {
            $newGroups = ["no-grp-viceversa"];
            $attributes["Group"] = $newGroups[0];
        }
    } else {
        $logMessage = "no Group attributes";
        error_log($logMessage);
    }

    return $attributes;
}

++++ in 'code' => '$attributes = update_attributes($attributes);' the semicolon is not present in the sample documentation, I tried adding it thinking that the lack could cause the problem, but without solving the error+++

sumaiyamannan commented 4 months ago

Hi,

I had the same issue and I overcame it by not using the function at all. I know it is not the ideal solution but something like below is what i got working:

<?php

defined('MOODLE_INTERNAL') || die();

function local_customsamlhook_extend_auth_saml2_proc()
{
    return [
        51 => array(
            'class' => 'core:PHP',
            'code' => '
                if (isset($attributes["Group"])) {
            $attributeValue = $attributes["Group"];
            $groups = explode(",", $attributeValue);
            if (in_array("grp-viceversa", $groups)) {
                $newGroups = ["grp-viceversa"];
                $attributes["Group"] = $newGroups[0];
            } else {
                $newGroups = ["no-grp-viceversa"];
                $attributes["Group"] = $newGroups[0];
            }
            } else {
            $logMessage = "no Group attributes";
            error_log($logMessage);
            }
            ' 
        )
    ];
}