Merge pull request jasny#31 from Octen/error-handler-token

Fix issue jasny#30 - Adding method to trash token and current cookies on fail request

examples/broker/index.php

@@ -9,7 +9,12 @@
 $broker = new Jasny\SSO\Broker(getenv('SSO_SERVER'), getenv('SSO_BROKER_ID'), getenv('SSO_BROKER_SECRET'));
 $broker->attach(true);
 
-$user = $broker->getUserInfo();
+try {
+    $user = $broker->getUserInfo();
+} catch (\Jasny\SSO\Exception $e) {
+    header("Location: error.php?sso_error=" . $e->getMessage(), true, 307);
+    exit;
+}
 
 if (!$user) {
     header("Location: login.php", true, 307);

examples/broker/login.php

@@ -2,7 +2,7 @@
 require_once __DIR__ . '/../../vendor/autoload.php';
 
 $broker = new Jasny\SSO\Broker(getenv('SSO_SERVER'), getenv('SSO_BROKER_ID'), getenv('SSO_BROKER_SECRET'));
-$broker->attach();
+$broker->attach(true);
 
 try {
     if (!empty($_GET['logout'])) {

src/Broker.php

@@ -59,8 +59,7 @@ public function __construct($url, $broker, $secret)
         $this->secret = $secret;
 
         if (isset($_COOKIE[$this->getCookieName()])) $this->token = $_COOKIE[$this->getCookieName()];
-
-
+
     }
 
     /**
@@ -83,7 +82,7 @@ protected function getCookieName()
      */
     protected function getSessionId()
     {
-        if (!$this->token) return null;
+        if (isset($this->token)) return null;
 
         $checksum = hash('sha256', 'session' . $this->token . static::getRemoteAddr() . $this->secret);
         return "SSO-{$this->broker}-{$this->token}-$checksum";
@@ -100,6 +99,15 @@ public function generateToken()
         setcookie($this->getCookieName(), $this->token, time() + 3600);
     }
 
+    /**
+     * Trash session token
+     */
+    public function trashToken()
+    {
+        unset($this->token);
+        setcookie($this->getCookieName(), null, time() - 1);
+    }
+
     /**
      * Check if we have an SSO token.
      *
@@ -191,23 +199,38 @@ protected function request($method, $command, $data = null)
 
         $response = curl_exec($ch);
         if (curl_errno($ch) != 0) {
-            throw new Exception("Server request failed: " . curl_error($ch), 500);
+            $message = 'Server request failed: ' . curl_error($ch);
+            return $this->fail($message);
         }
 
         $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
         list($contentType) = explode(';', curl_getinfo($ch, CURLINFO_CONTENT_TYPE));
 
         if ($contentType != 'application/json') {
-            $message = "Expected application/json response, got $contentType";
-            throw new Exception($message, $httpCode);
+            $message = 'Expected application/json response, got ' . $contentType;
+            return $this->fail($message, $httpCode);
         }
 
         $data = json_decode($response, true);
-        if ($httpCode >= 400) throw new Exception($data['error'] ?: $response, $httpCode);
+        if ($httpCode >= 400) return $this->fail($data['error'] ?: $response, $httpCode);
 
         return $data;
     }
 
+    /**
+     * An error occured.
+     *
+     * @param     $message
+     * @param int $http_status
+     *
+     * @throws Exception
+     */
+    protected function fail($message, $http_status = 500)
+    {
+        $this->trashToken();
+        throw new Exception($message, $http_status);
+    }
+
 
     /**
      * Log the client in at the SSO server.

src/Server.php

@@ -110,7 +110,7 @@ protected function validateBrokerSessionId($sid)
         $clientAddr = $this->getSessionData('client_addr');
 
         if (!$clientAddr) {
-            return $this->fail("Unknown client IP address for the attached session", 500);
+            return $this->fail("Unknown client IP address for the attached session", 403);
         }
 
         if ($this->generateSessionId($brokerId, $token, $clientAddr) != $sid) {