From 1247145bc5ab6cf1167ba4eb654e95e17a2f6c1d Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Tue, 28 Apr 2015 09:50:17 -0400
Subject: [PATCH] Improved error tolerance in case of ChoiceAuth
 reconfiguration during active session. - Resolves VUFIND-1109.

---
 module/VuFind/src/VuFind/Auth/ChoiceAuth.php  | 14 +++++--
 .../VuFind/Auth/InvalidArgumentException.php  | 41 +++++++++++++++++++
 module/VuFind/src/VuFind/Auth/Manager.php     | 17 +++++++-
 3 files changed, 68 insertions(+), 4 deletions(-)
 create mode 100644 module/VuFind/src/VuFind/Auth/InvalidArgumentException.php

diff --git a/module/VuFind/src/VuFind/Auth/ChoiceAuth.php b/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
index f0b08a37c75..c2cd9094522 100644
--- a/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
+++ b/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
@@ -207,6 +207,7 @@ class ChoiceAuth extends AbstractBase
      *
      * @param string $url URL to redirect user to after logging out.
      *
+     * @throws InvalidArgumentException
      * @return string     Redirect URL (usually same as $url, but modified in
      * some authentication modules).
      */
@@ -219,8 +220,15 @@ class ChoiceAuth extends AbstractBase
 
         // If we have a selected strategy, proxy the appropriate class; otherwise,
         // perform default behavior of returning unmodified URL:
-        return $this->strategy
-            ? $this->proxyAuthMethod('logout', func_get_args()) : $url;
+        try {
+            return $this->strategy
+                ? $this->proxyAuthMethod('logout', func_get_args()) : $url;
+        } catch (InvalidArgumentException $e) {
+            // If we're in an invalid state (due to an illegal login method),
+            // we should just clear everything out so the user can try again.
+            $this->strategy = false;
+            return false;
+        }
     }
 
     /**
@@ -302,7 +310,7 @@ class ChoiceAuth extends AbstractBase
         }
 
         if (!in_array($this->strategy, $this->strategies)) {
-            throw new \Exception("Illegal setting: {$this->strategy}");
+            throw new InvalidArgumentException("Illegal setting: {$this->strategy}");
         }
         $authenticator = $this->getPluginManager()->get($this->strategy);
         $authenticator->setConfig($this->getConfig());
diff --git a/module/VuFind/src/VuFind/Auth/InvalidArgumentException.php b/module/VuFind/src/VuFind/Auth/InvalidArgumentException.php
new file mode 100644
index 00000000000..1ae825f3f01
--- /dev/null
+++ b/module/VuFind/src/VuFind/Auth/InvalidArgumentException.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * Invalid Authentication Argument Exception
+ *
+ * PHP version 5
+ *
+ * Copyright (C) Villanova University 2011.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * @category VuFind2
+ * @package  Exceptions
+ * @author   Demian Katz <demian.katz@villanova.edu>
+ * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link     http://vufind.org/wiki/vufind2:developer_manual Wiki
+ */
+namespace VuFind\Auth;
+
+/**
+ * Invalid Authentication Argument Exception
+ *
+ * @category VuFind2
+ * @package  Exceptions
+ * @author   Demian Katz <demian.katz@villanova.edu>
+ * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link     http://vufind.org/wiki/vufind2:developer_manual Wiki
+ */
+class InvalidArgumentException extends \InvalidArgumentException
+{
+}
\ No newline at end of file
diff --git a/module/VuFind/src/VuFind/Auth/Manager.php b/module/VuFind/src/VuFind/Auth/Manager.php
index 3c21355c27f..d4b0fa0eca5 100644
--- a/module/VuFind/src/VuFind/Auth/Manager.php
+++ b/module/VuFind/src/VuFind/Auth/Manager.php
@@ -248,7 +248,22 @@ class Manager implements \ZfcRbac\Identity\IdentityProviderInterface
      */
     public function getSessionInitiator($target)
     {
-        return $this->getAuth()->getSessionInitiator($target);
+        try {
+            return $this->getAuth()->getSessionInitiator($target);
+        } catch (InvalidArgumentException $e) {
+            // If the authentication is in an illegal state but there is an
+            // active user session, we should clear everything out so the user
+            // can try again. This is useful, for example, if a user is logged
+            // in at the same time that an administrator changes the [ChoiceAuth]
+            // settings in config.ini. However, if the user is not logged in,
+            // they are probably attempting something nasty and should be given
+            // an error message.
+            if (!$this->isLoggedIn()) {
+                throw $e;
+            }
+            $this->logout('');
+            return $this->getAuth()->getSessionInitiator($target);
+        }
     }
 
     /**
-- 
GitLab