Removing userCertificate;binary LDAP attribute before XML parse

NIIF · Jan 24, 2018 · caee91c · caee91c
1 parent c8352a4
commit caee91c
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/www/login.php b/www/login.php
@@ -4,7 +4,6 @@
  * @author Tamas Frank, NIIFI
  *
  */
-
 // Get session object
 $session = SimpleSAML_Session::getSession();
 
@@ -37,7 +36,7 @@
 $attributes = $session->getAuthData($as['mainAuthSource'], 'Attributes');
 $state['Attributes'] = $attributes;
 
-$uid = $attributes[ $as['uidField'] ][0];
+$uid = $attributes[$as['uidField']][0];
 $state['UserID'] = $uid;
 $isEnabled = $gaLogin->isEnabled2fa($uid);
 
@@ -52,7 +51,7 @@
             $t->data['todo'] = 'generateGA';
             $t->data['autofocus'] = 'otp';
             $totpIssuer = empty($as['totpIssuer']) ? 'dev_aai_teszt_IdP' : $as['totpIssuer'];
-            $t->data['qrcode'] = $gaLogin->getQRCodeGoogleUrl($totpIssuer.':'.$uid, $totpIssuer, $gaKey);
+            $t->data['qrcode'] = $gaLogin->getQRCodeGoogleUrl($totpIssuer . ':' . $uid, $totpIssuer, $gaKey);
         } elseif ($_POST['setEnable2f'] == 0) {
             $gaLogin->disable2fa($uid);
             SimpleSAML_Auth_Source::completeAuth($state);
@@ -68,6 +67,11 @@
 
         if ($loggedIn) {
             $state['saml:AuthnContextClassRef'] = $gaLogin->tfa_authencontextclassref;
+
+            if (isset($state['Attributes']['userCertificate;binary'])) {
+                unset($state['Attributes']['userCertificate;binary']);
+            }
+
             SimpleSAML_Auth_Source::completeAuth($state);
         } else {
             $errorCode = 'WRONGOTP';
@@ -78,6 +82,11 @@
         $t->data['todo'] = 'loginOTP';
     }
 } else {
+
+    if (isset($state['Attributes']['userCertificate;binary'])) {
+        unset($state['Attributes']['userCertificate;binary']);
+    }
+
     // User has set up not to use 2 factor, so he is logged in
     SimpleSAML_Auth_Source::completeAuth($state);
 }