Improved error tolerance in case of ChoiceAuth reconfiguration during active session.

- Resolves VUFIND-1109.

Improved error tolerance in case of ChoiceAuth reconfiguration during active session.
- Resolves VUFIND-1109.
1247145b · Demian Katz · de2cdea7 · 1247145b · 1247145b · 1247145b
Commit 1247145b authored 9 years ago by Demian Katz
--- a/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
+++ b/module/VuFind/src/VuFind/Auth/ChoiceAuth.php
@@ -207,6 +207,7 @@ class ChoiceAuth extends AbstractBase
     *
     * @param string $url URL to redirect user to after logging out.
     *
+     * @throws InvalidArgumentException
     * @return string     Redirect URL (usually same as $url, but modified in
     * some authentication modules).
     */
@@ -219,8 +220,15 @@ class ChoiceAuth extends AbstractBase

        // If we have a selected strategy, proxy the appropriate class; otherwise,
        // perform default behavior of returning unmodified URL:
-        return $this->strategy
-            ? $this->proxyAuthMethod('logout', func_get_args()) : $url;
+        try {
+            return $this->strategy
+                ? $this->proxyAuthMethod('logout', func_get_args()) : $url;
+        } catch (InvalidArgumentException $e) {
+            // If we're in an invalid state (due to an illegal login method),
+            // we should just clear everything out so the user can try again.
+            $this->strategy = false;
+            return false;
+        }
    }

    /**
@@ -302,7 +310,7 @@ class ChoiceAuth extends AbstractBase
        }

        if (!in_array($this->strategy, $this->strategies)) {
-            throw new \Exception("Illegal setting: {$this->strategy}");
+            throw new InvalidArgumentException("Illegal setting: {$this->strategy}");
        }
        $authenticator = $this->getPluginManager()->get($this->strategy);
        $authenticator->setConfig($this->getConfig());

--- a/module/VuFind/src/VuFind/Auth/InvalidArgumentException.php
+++ b/module/VuFind/src/VuFind/Auth/InvalidArgumentException.php
+<?php
+/**
+ * Invalid Authentication Argument Exception
+ *
+ * PHP version 5
+ *
+ * Copyright (C) Villanova University 2011.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *
+ * @category VuFind2
+ * @package  Exceptions
+ * @author   Demian Katz <demian.katz@villanova.edu>
+ * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link     http://vufind.org/wiki/vufind2:developer_manual Wiki
+ */
+namespace VuFind\Auth;
+
+/**
+ * Invalid Authentication Argument Exception
+ *
+ * @category VuFind2
+ * @package  Exceptions
+ * @author   Demian Katz <demian.katz@villanova.edu>
+ * @license  http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link     http://vufind.org/wiki/vufind2:developer_manual Wiki
+ */
+class InvalidArgumentException extends \InvalidArgumentException
+{
+}
\ No newline at end of file
--- a/module/VuFind/src/VuFind/Auth/Manager.php
+++ b/module/VuFind/src/VuFind/Auth/Manager.php
@@ -248,7 +248,22 @@ class Manager implements \ZfcRbac\Identity\IdentityProviderInterface
     */
    public function getSessionInitiator($target)
    {
-        return $this->getAuth()->getSessionInitiator($target);
+        try {
+            return $this->getAuth()->getSessionInitiator($target);
+        } catch (InvalidArgumentException $e) {
+            // If the authentication is in an illegal state but there is an
+            // active user session, we should clear everything out so the user
+            // can try again. This is useful, for example, if a user is logged
+            // in at the same time that an administrator changes the [ChoiceAuth]
+            // settings in config.ini. However, if the user is not logged in,
+            // they are probably attempting something nasty and should be given
+            // an error message.
+            if (!$this->isLoggedIn()) {
+                throw $e;
+            }
+            $this->logout('');
+            return $this->getAuth()->getSessionInitiator($target);
+        }
    }

    /**