From 63a267598b35746962e017af81313333aa613d6c Mon Sep 17 00:00:00 2001
From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Tue, 19 Jan 2021 11:50:16 +0100
Subject: [PATCH] wip #4184 @2

---
 LVMH-SSO/_secure.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/LVMH-SSO/_secure.php b/LVMH-SSO/_secure.php
index 13e5915..8288667 100644
--- a/LVMH-SSO/_secure.php
+++ b/LVMH-SSO/_secure.php
@@ -1,7 +1,7 @@
 <?php
 $t = md5(rand(0, 10000000));
-if (isset($_REQUEST)) {
-    file_put_contents(__DIR__.'/log/log.' . $t . '.log', print_r($_REQUEST, true));
+if (isset($_POST) && count($_POST)) {
+    file_put_contents(__DIR__ . '/log/log.' . $t . '.log', print_r($_POST, true));
 }
 
 $basedir = '/LVMH/Internal-Control-Base-December-2020/';
@@ -18,7 +18,7 @@ foreach ($forbiddenext as $ext) {
 require_once "vendor/autoload.php";
 
 session_start();
-$needsAuth = empty($_SESSION['samlUserdata']);
+$needsAuth = !(isset($_SESSION['samlOK']) && $_SESSION['samlOK']);
 
 $file = $_SERVER['CONTEXT_DOCUMENT_ROOT'] . $_SERVER['SCRIPT_URL'];
 if (is_dir($file)) {
@@ -35,7 +35,7 @@ if ($needsAuth) {
     $samlsettings = [
         'sp' => [
             // Identifier of the SP entity  (must be a URI)
-            'entityId' => $url,
+            'entityId' => 'https://hosting.fluidbook.com/',
             // Specifies info about where and how the <AuthnResponse> message MUST be
             // returned to the requester, in this case our SP.
             'assertionConsumerService' => array(
@@ -106,15 +106,20 @@ if ($needsAuth) {
         die('an error occured');
     }
 
-    if (!empty($_REQUEST['SAMLResponse']) && !empty($_REQUEST['RelayState'])) {
+    if (!empty($_POST['SAMLResponse']) && !empty($_POST['RelayState'])) {
         $auth->processResponse(null);
 
         $errors = $auth->getErrors();
         if (empty($errors)) {
-            file_put_contents(__DIR__.'/log/err.' . $t . '.log', print_r($errors, true));
             // user has authenticated successfully
             $needsAuth = false;
             $_SESSION['samlUserdata'] = $auth->getAttributes();
+            $_SESSION['samlOK'] = true;
+            session_write_close();
+            file_put_contents(__DIR__ . '/log/ok.' . $t . '.log', print_r($_SESSION, true));
+            file_put_contents(__DIR__ . '/log/xml.' . $t . '.log', $auth->getLastResponseXML());
+        } else {
+            file_put_contents(__DIR__ . '/log/err.' . $t . '.log', print_r($errors, true) . "\n\n--\n\n" . print_r($auth->getLastErrorReason(), true) . "\n\n--\n\n" . print_r($auth->getLastErrorException(), true));
         }
     }
 
-- 
2.39.5