RealMeService
class RealMeService extends SS_Object implements TemplateGlobalProvider (View source)
Constants
| ENV_MTS |
Current RealMe supported environments. |
| ENV_ITE |
|
| ENV_PROD |
|
| TYPE_LOGIN |
SAML binding types |
| TYPE_ASSERT |
|
| AUTHN_LOW_STRENGTH |
the valid AuthN context values for each supported RealMe environment. |
| AUTHN_MOD_STRENTH |
|
| AUTHN_MOD_MOBILE_SMS |
|
| AUTHN_MOD_TOKEN_SID |
|
| ERR_TIMEOUT |
Realme SAML2 error status constants |
| ERR_INTERNAL_ERROR |
|
| ERR_AUTHN_FAILED |
SAML2 Error constants used for business logic and switching error messages |
| ERR_UNKNOWN_PRINCIPAL |
|
| ERR_NO_AVAILABLE_IDP |
|
| ERR_NO_PASSIVE |
|
| ERR_NO_AUTHN_CONTEXT |
|
| ERR_REQUEST_UNSUPPORTED |
|
| ERR_REQUEST_DENIED |
|
| ERR_UNSUPPORTED_BINDING |
|
Properties
| public | string | $class | from SS_Object | |
| protected | array | $extension_instances | from SS_Object | |
| protected | $beforeExtendCallbacks | List of callbacks to call prior to extensions having extend called on them, each grouped by methodName. |
from SS_Object | |
| protected | $afterExtendCallbacks | List of callbacks to call after extensions having extend called on them, each grouped by methodName. |
from SS_Object |
Methods
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).
Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.
Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.
An implementation of the factory method, allows you to create an instance of a class
Creates a class instance by the "singleton" design pattern.
Create an object from a string representation. It treats it as a PHP constructor without the 'new' keyword. It also manages to construct the object without the use of eval().
Parses a class-spec, such as "Versioned('Stage','Live')", as passed to create_from_string().
Similar to Object::create(), except that classes are only overloaded if you set the $strong parameter to TRUE when using Object::useCustomClass()
This class allows you to overload classes with other classes when they are constructed using the factory method Object::create()
If a class has been overloaded, get the class name it has been overloaded with - otherwise return the class name
Get the value of a static property of a class, even in that property is declared protected (but not private), without any inheritance, merging or parent lookup if it doesn't exist on the given class.
Return TRUE if a class has a specified extension.
Add an extension to a specific class.
No description
Attemps to locate and call a method dynamically added to a class at runtime if a default cannot be located
Return the names of all the methods available on this object
Adds any methods from Extension instances attached to this object.
Add all the methods from an object property (which is an Extension) to this object.
Add all the methods from an object property (which is an Extension) to this object.
Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)
Add an extra method using raw PHP code passed as a string
Check if this class is an instance of a specific class, or has that class as one of its parents
Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array
Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed
Get an extension instance attached to this object by name.
Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.
Get all extension instances for this specific object instance.
Cache the results of an instance method in this object to a file, or if it is already cache return the cached results
Clears the cache for the given cacheToFile call
Loads a cache from the filesystem if a valid on is present and within the specified lifetime
Save a piece of cached data to the file system
Strip a file name of special characters so it is suitable for use as a cache file name
Return the user data which was saved to session from the first RealMe auth.
A helpful static method that follows silverstripe naming for Member::currentUser();
Enforce login via RealMe. This can be used in controllers to force users to be authenticated via RealMe (not necessarily logged in as a Member), in the form of:
Session::set('RealMeBackURL', '/path/to/the/controller/method');
if($service->enforceLogin()) {
// User has a valid RealMe account, $service->getAuthData() will return you their details
} else {
// Something went wrong processing their details, show an error
}Returns a RealMeUser object if one can be built from the RealMe session data.
Clear the RealMe credentials from Session, called during Security->logout() overrides
Returns the appropriate AuthN Context, given the environment passed in. The AuthNContext may be different per environment, and should be one of the strings as defined in the static self::$authn_contexts at the top of this class.
Returns the full path to the SAML signing certificate file, used by SimpleSAMLphp to sign all messages sent to RealMe.
Returns the password (if any) necessary to decrypt the signing cert specified by self::getSigningCertPath(). If no password is set, then this method returns null. MTS certificates require a password, however generally the certificates used for ITE and production don't need one.
Returns the content of the SAML signing certificate. This is used by getAuth() and by RealMeSetupTask to produce metadata XML files.
The list of RealMe environments that can be used. By default, we allow mts, ite and production.
Returns the appropriate entity ID for RealMe, given the environment passed in. The entity ID may be different per environment, and should be a full URL, including privacy realm and application name. For example, this may be: https://www.agency.govt.nz/privacy-realm-name/application-name
Details
static Config_ForClass|null
config()
Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).
protected
beforeExtending(string $method, callable $callback)
Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.
protected
afterExtending(string $method, callable $callback)
Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.
static SS_Object
create()
An implementation of the factory method, allows you to create an instance of a class
This method first for strong class overloads (singletons & DB interaction), then custom class overloads. If an overload is found, an instance of this is returned rather than the original class. To overload a class, use Object::useCustomClass()
This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create('SiteTree'); $list = SiteTree::get();
static SS_Object
singleton()
Creates a class instance by the "singleton" design pattern.
It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).
static
create_from_string($classSpec, $firstArg = null)
Create an object from a string representation. It treats it as a PHP constructor without the 'new' keyword. It also manages to construct the object without the use of eval().
Construction itself is done with Object::create(), so that Object::useCustomClass() calls are respected.
Object::create_from_string("Versioned('Stage','Live')") will return the result of
Versioned::create('Stage', 'Live);
It is designed for simple, clonable objects. The first time this method is called for a given string it is cached, and clones of that object are returned.
If you pass the $firstArg argument, this will be prepended to the constructor arguments. It's impossible to pass null as the firstArg argument.
Object::create_from_string("Varchar(50)", "MyField") will return the result of
Vachar::create('MyField', '50');
Arguments are always strings, although this is a quirk of the current implementation rather than something that can be relied upon.
static
parse_class_spec($classSpec)
Parses a class-spec, such as "Versioned('Stage','Live')", as passed to create_from_string().
Returns a 2-elemnent array, with classname and arguments
static SS_Object
strong_create()
Similar to Object::create(), except that classes are only overloaded if you set the $strong parameter to TRUE when using Object::useCustomClass()
static
useCustomClass(string $oldClass, string $newClass, bool $strong = false)
This class allows you to overload classes with other classes when they are constructed using the factory method Object::create()
static string
getCustomClass(string $class)
If a class has been overloaded, get the class name it has been overloaded with - otherwise return the class name
static any
static_lookup($class, $name, null $default = null)
Get the value of a static property of a class, even in that property is declared protected (but not private), without any inheritance, merging or parent lookup if it doesn't exist on the given class.
static
get_static($class, $name, $uncached = false)
deprecated
deprecated
No description
static
set_static($class, $name, $value)
deprecated
deprecated
No description
static
uninherited_static($class, $name, $uncached = false)
deprecated
deprecated
No description
static
combined_static($class, $name, $ceiling = false)
deprecated
deprecated
No description
static
addStaticVars($class, $properties, $replace = false)
deprecated
deprecated
No description
static
add_static_var($class, $name, $value, $replace = false)
deprecated
deprecated
No description
static
has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)
Return TRUE if a class has a specified extension.
This supports backwards-compatible format (static Object::has_extension($requiredExtension)) and new format ($object->has_extension($class, $requiredExtension))
static
add_extension(string $classOrExtension, string $extension = null)
Add an extension to a specific class.
The preferred method for adding extensions is through YAML config, since it avoids autoloading the class, and is easier to override in more specific configurations.
As an alternative, extensions can be added to a specific class directly in the Object::$extensions array. See SiteTree::$extensions for examples. Keep in mind that the extension will only be applied to new instances, not existing ones (including all instances created through singleton()).
static
remove_extension(string $extension)
Remove an extension from a class.
Keep in mind that this won't revert any datamodel additions of the extension at runtime, unless its used before the schema building kicks in (in your _config.php). Doesn't remove the extension from any Object instances which are already created, but will have an effect on new extensions. Clears any previously created singletons through singleton() to avoid side-effects from stale extension information.
static array
get_extensions(string $class, bool $includeArgumentString = false)
No description
static
get_extra_config_sources($class = null)
No description
__construct()
No description
mixed
__call(string $method, array $arguments)
Attemps to locate and call a method dynamically added to a class at runtime if a default cannot be located
You can add extra methods to a class using Extensions}, {@link Object::createMethod() or Object::addWrapperMethod()
bool
hasMethod(string $method)
Return TRUE if a method exists on this object
This should be used rather than PHP's inbuild method_exists() as it takes into account methods added via extensions
array
allMethodNames(bool $custom = false)
Return the names of all the methods available on this object
protected
defineMethods()
Adds any methods from Extension instances attached to this object.
All these methods can then be called directly on the instance (transparently mapped through __call()}), or called explicitly through {@link extend().
protected array
findMethodsFromExtension(object $extension)
No description
protected
addMethodsFrom(string $property, string|int $index = null)
Add all the methods from an object property (which is an Extension) to this object.
protected
removeMethodsFrom(string $property, string|int $index = null)
Add all the methods from an object property (which is an Extension) to this object.
protected
addWrapperMethod(string $method, string $wrap)
Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)
protected
createMethod(string $method, string $code)
Add an extra method using raw PHP code passed as a string
stat($name, $uncached = false)
No description
set_stat($name, $value)
No description
uninherited($name)
No description
bool
exists()
Return true if this object "exists" i.e. has a sensible value
This method should be overriden in subclasses to provide more context about the classes state. For example, a DataObject class could return false when it is deleted from the database
string
parentClass()
No description
bool
is_a(string $class)
Check if this class is an instance of a specific class, or has that class as one of its parents
string
__toString()
No description
mixed
invokeWithExtensions(string $method, mixed $argument = null)
Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array
array
extend(string $method, mixed $a1 = null, mixed $a2 = null, mixed $a3 = null, mixed $a4 = null, mixed $a5 = null, mixed $a6 = null, mixed $a7 = null)
Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed
Currently returns an array, with an index resulting every time the function is called. Only adds returns if they're not NULL, to avoid bogus results from methods just defined on the parent extension. This is important for permission-checks through extend, as they use min() to determine if any of the returns is FALSE. As min() doesn't do type checking, an included NULL return would fail the permission checks.
The extension methods are defined during __construct()} in {@link defineMethods().
Extension
getExtensionInstance(string $extension)
Get an extension instance attached to this object by name.
bool
hasExtension(string $extension)
Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.
Caution: Don't use singleton(
array
getExtensionInstances()
Get all extension instances for this specific object instance.
See get_extensions() to get all applied extension classes for this class (not the instance).
mixed
cacheToFile(string $method, int $lifetime = 3600, string $ID = false, array $arguments = array())
Cache the results of an instance method in this object to a file, or if it is already cache return the cached results
clearCache($method, $ID = false, $arguments = array())
Clears the cache for the given cacheToFile call
protected mixed
loadCache(string $cache, int $lifetime = 3600)
Loads a cache from the filesystem if a valid on is present and within the specified lifetime
protected
saveCache(string $cache, mixed $data)
Save a piece of cached data to the file system
protected string
sanitiseCachename(string $name)
Strip a file name of special characters so it is suitable for use as a cache file name
static array
get_template_global_variables()
No description
static RealMeUser
user_data()
Return the user data which was saved to session from the first RealMe auth.
Note: Does not check authenticity or expiry of this data
static RealMeUser
current_realme_user()
Calls available user data and checks for validity
static RealMeUser
currentRealMeUser()
A helpful static method that follows silverstripe naming for Member::currentUser();
bool|null
enforceLogin()
Enforce login via RealMe. This can be used in controllers to force users to be authenticated via RealMe (not necessarily logged in as a Member), in the form of:
Session::set('RealMeBackURL', '/path/to/the/controller/method');
if($service->enforceLogin()) {
// User has a valid RealMe account, $service->getAuthData() will return you their details
} else {
// Something went wrong processing their details, show an error
}In cases where people are not authenticated with RealMe, this method will redirect them directly to RealMe.
However, generally you want this to be an explicit process, so you should look at instead using the standard RealMeAuthenticator.
A return value of bool false indicates that there was a failure during the authentication process (perhaps a communication issue, or a failure to decode the response correctly. You should handle this like you would any other unexpected authentication error. You can use getLastError() to see if a human-readable error message exists for display to the user.
bool
isAuthenticated()
Checks data stored in Session to see if the user is authenticated.
RealMeUser|null
getAuthData()
Returns a RealMeUser object if one can be built from the RealMe session data.
void
clearLogin()
Clear the RealMe credentials from Session, called during Security->logout() overrides
getLastError()
No description
RealMeUser
getUserData()
Helper method, alias for RealMeService::user_data()
string
getBackURL()
No description
getErrorBackURL()
No description
string|null
getCertDir(string $subdir = null)
No description
string|null
getAuthnContextForEnvironment(string $env)
Returns the appropriate AuthN Context, given the environment passed in. The AuthNContext may be different per environment, and should be one of the strings as defined in the static self::$authn_contexts at the top of this class.
string|null
getSigningCertPath()
Returns the full path to the SAML signing certificate file, used by SimpleSAMLphp to sign all messages sent to RealMe.
getIdPCertPath()
No description
string|null
getSigningCertPassword()
deprecated
deprecated
Returns the password (if any) necessary to decrypt the signing cert specified by self::getSigningCertPath(). If no password is set, then this method returns null. MTS certificates require a password, however generally the certificates used for ITE and production don't need one.
getSPCertContent($contentType = 'certificate')
No description
getIdPCertContent()
No description
string|null
getCertificateContents(string $certPath, string $contentType = 'certificate')
Returns the content of the SAML signing certificate. This is used by getAuth() and by RealMeSetupTask to produce metadata XML files.
string|null
getAssertionConsumerServiceUrlForEnvironment(string $env)
No description
string|null
getMetadataOrganisationName()
No description
string|null
getMetadataOrganisationDisplayName()
No description
string|null
getMetadataOrganisationUrl()
No description
string[]
getMetadataContactSupport()
No description
array
getAllowedRealMeEnvironments()
The list of RealMe environments that can be used. By default, we allow mts, ite and production.
array
getAllowedAuthNContextList()
The list of valid realme AuthNContexts
string|null
getSPEntityID()
Returns the appropriate entity ID for RealMe, given the environment passed in. The entity ID may be different per environment, and should be a full URL, including privacy realm and application name. For example, this may be: https://www.agency.govt.nz/privacy-realm-name/application-name
Auth
getAuth()
Returns the internal Auth object against which visitors are authenticated.
string
getNameIdFormat()
No description