|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* |
|
4
|
|
|
* This file is part of the LightSAML-Logout package. |
|
5
|
|
|
* |
|
6
|
|
|
* (c) Milos Tomic <[email protected]> |
|
7
|
|
|
* |
|
8
|
|
|
* This source file is subject to the GPL-3 license that is bundled |
|
9
|
|
|
* with this source code in the file LICENSE. |
|
10
|
|
|
*/ |
|
11
|
|
|
|
|
12
|
|
|
namespace LightSaml\Logout\Action\Profile\Inbound\LogoutResponse; |
|
13
|
|
|
|
|
14
|
|
|
use LightSaml\Action\Profile\AbstractProfileAction; |
|
15
|
|
|
use LightSaml\Context\Profile\Helper\LogHelper; |
|
16
|
|
|
use LightSaml\Context\Profile\Helper\MessageContextHelper; |
|
17
|
|
|
use LightSaml\Context\Profile\ProfileContext; |
|
18
|
|
|
use LightSaml\Error\LightSamlContextException; |
|
19
|
|
|
use LightSaml\Logout\Resolver\Logout\LogoutSessionResolverInterface; |
|
20
|
|
|
use LightSaml\State\Request\RequestStateParameters; |
|
21
|
|
|
use LightSaml\Store\Request\RequestStateStoreInterface; |
|
22
|
|
|
use Psr\Log\LoggerInterface; |
|
23
|
|
|
|
|
24
|
|
|
class RemoveSsoSessionFromStoreAction extends AbstractProfileAction |
|
25
|
|
|
{ |
|
26
|
|
|
/** @var RequestStateStoreInterface */ |
|
27
|
|
|
private $requestStore; |
|
28
|
|
|
|
|
29
|
|
|
/** @var LogoutSessionResolverInterface */ |
|
30
|
|
|
private $logoutResolver; |
|
31
|
|
|
|
|
32
|
|
|
/** |
|
33
|
|
|
* @param LoggerInterface $logger |
|
34
|
|
|
* @param RequestStateStoreInterface $requestStore |
|
35
|
|
|
* @param LogoutSessionResolverInterface $logoutResolver |
|
36
|
|
|
*/ |
|
37
|
|
|
public function __construct(LoggerInterface $logger, RequestStateStoreInterface $requestStore, LogoutSessionResolverInterface $logoutResolver) |
|
38
|
|
|
{ |
|
39
|
|
|
parent::__construct($logger); |
|
40
|
|
|
|
|
41
|
|
|
$this->requestStore = $requestStore; |
|
42
|
|
|
$this->logoutResolver = $logoutResolver; |
|
43
|
|
|
} |
|
44
|
|
|
|
|
45
|
|
|
protected function doExecute(ProfileContext $context) |
|
46
|
|
|
{ |
|
47
|
|
|
$logoutResponse = MessageContextHelper::asLogoutResponse($context->getInboundContext()); |
|
|
|
|
|
|
48
|
|
|
$id = $logoutResponse->getInResponseTo(); |
|
49
|
|
|
$requestState = $this->requestStore->get($id); |
|
50
|
|
|
$partyEntityId = $requestState->getParameters()->get(RequestStateParameters::PARTY); |
|
|
|
|
|
|
51
|
|
|
if ($partyEntityId && $logoutResponse->getIssuer() && $partyEntityId != $logoutResponse->getIssuer()->getValue()) { |
|
52
|
|
|
$message = sprintf( |
|
53
|
|
|
'LogoutRequest sent to %s but LogoutResponse for that request was issued by %s', |
|
54
|
|
|
$partyEntityId, |
|
55
|
|
|
$logoutResponse->getIssuer()->getValue() |
|
56
|
|
|
); |
|
57
|
|
|
$this->logger->critical($message, LogHelper::getActionErrorContext($context, $this, [ |
|
58
|
|
|
'sent_to' => $partyEntityId, |
|
59
|
|
|
'received_from' => $logoutResponse->getIssuer()->getValue(), |
|
60
|
|
|
])); |
|
61
|
|
|
throw new LightSamlContextException($context, $message); |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
$nameId = $requestState->getParameters()->get(RequestStateParameters::NAME_ID); |
|
|
|
|
|
|
65
|
|
|
$nameIdFormat = $requestState->getParameters()->get(RequestStateParameters::NAME_ID_FORMAT); |
|
|
|
|
|
|
66
|
|
|
$sessionIndex = $requestState->getParameters()->get(RequestStateParameters::SESSION_INDEX); |
|
|
|
|
|
|
67
|
|
|
|
|
68
|
|
|
$numberOfTerminatedSessions = $this->logoutResolver->terminateSession( |
|
69
|
|
|
$logoutResponse->getIssuer()->getValue(), |
|
70
|
|
|
$nameId, |
|
71
|
|
|
$nameIdFormat, |
|
72
|
|
|
$sessionIndex |
|
73
|
|
|
); |
|
74
|
|
|
|
|
75
|
|
|
$this->logger->debug( |
|
76
|
|
|
sprintf( |
|
77
|
|
|
'Processing LogoutResponse from %s for %s in format %s and session index %s resulted in termination of %s sso session from the store', |
|
78
|
|
|
$partyEntityId, |
|
79
|
|
|
$nameId, |
|
80
|
|
|
$nameIdFormat, |
|
81
|
|
|
$sessionIndex, |
|
82
|
|
|
$numberOfTerminatedSessions |
|
83
|
|
|
), |
|
84
|
|
|
LogHelper::getActionContext($context, $this) |
|
85
|
|
|
); |
|
86
|
|
|
} |
|
87
|
|
|
} |
|
88
|
|
|
|
lightSAML /
lightSAML-logout
Loading history...
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: