From 6ed6aa6693a7e3080f2ed4c8df17dc0b4706c1dd Mon Sep 17 00:00:00 2001
From: David Maus <maus@hab.de>
Date: Wed, 9 Mar 2016 10:09:13 +0100
Subject: [PATCH] Report runtime auth module errors via email

* lib/Auth/Source/Pica.php ($message): New property. Error message
  settings.
  (__construct): Read error message settings.
  (handleAuthenticationModuleRuntimeError): New function. Handle runtime
  errors in authentication module.
  (login): Call runtime error handler.
---
 lib/Auth/Source/Pica.php | 27 +++++++++++++++++++++++++++
 tests/PicaTest.php       |  5 ++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/lib/Auth/Source/Pica.php b/lib/Auth/Source/Pica.php
index 9766405..e9165b8 100644
--- a/lib/Auth/Source/Pica.php
+++ b/lib/Auth/Source/Pica.php
@@ -32,6 +32,13 @@ use HAB\Pica\Auth;
  */
 class sspmod_pica_Auth_Source_Pica extends sspmod_core_Auth_UserPassBase
 {
+    /**
+     * Error message settings.
+     *
+     * @var array
+     */
+    private $message;
+
     /**
      * Factory function for authentication module.
      *
@@ -51,6 +58,7 @@ class sspmod_pica_Auth_Source_Pica extends sspmod_core_Auth_UserPassBase
 
         $configuration = SimpleSAML_Configuration::loadFromArray($config['pica']);
         $this->factory = $this->createAuthenticationModuleFactory($configuration);
+        $this->message = $configuration->getArray('errors', array());
         $this->attrmap = $configuration->getArray('attrmap', array());
     }
 
@@ -63,6 +71,7 @@ class sspmod_pica_Auth_Source_Pica extends sspmod_core_Auth_UserPassBase
         try {
             $attributes = $module->authenticate($username, $password);
         } catch (RuntimeException $error) {
+            $this->handleAuthenticationModuleRuntimeError($error);
             throw new SimpleSAML_Error_AuthSource('pica', $error->getMessage(), $error);
         }
         if ($attributes === false) {
@@ -100,6 +109,24 @@ class sspmod_pica_Auth_Source_Pica extends sspmod_core_Auth_UserPassBase
         }
     }
 
+    /**
+     * Handle authentication module runtime error.
+     *
+     * @param  RuntimeException $error
+     * @return void
+     */
+    protected function handleAuthenticationModuleRuntimeError (RuntimeException $error)
+    {
+        if ($this->message) {
+            $defaults = array('to' => null, 'from' => null, 'subject' => 'Runtime error in Pica authentication module');
+            $settings = array_replace($defaults, array_intersect_key($this->message, $defaults));
+
+            $message = new SimpleSAML_XHTML_EMail($settings['to'], $settings['subject'], $settings['from']);
+            $message->setBody(sprintf('<h1>%s</h1><pre>%s</pre>', $error->getMessage(), $error->getTraceAsString()));
+            $message->send();
+        }
+    }
+
     /**
      * Return normalized attributes.
      *
diff --git a/tests/PicaTest.php b/tests/PicaTest.php
index 1ff87a9..7fddc22 100644
--- a/tests/PicaTest.php
+++ b/tests/PicaTest.php
@@ -63,12 +63,15 @@ class PicaTest extends TestCase
         $source = $this
                 ->getMockBuilder('sspmod_pica_Auth_Source_Pica')
                 ->disableOriginalConstructor()
-                ->setMethods(array('getAuthenticationModule'))
+                ->setMethods(array('getAuthenticationModule', 'handleAuthenticationModuleRuntimeError'))
                 ->getMock();
         $source
             ->expects($this->any())
             ->method('getAuthenticationModule')
             ->will($this->returnValue($module));
+        $source
+            ->expects($this->once())
+            ->method('handleAuthenticationModuleRuntimeError');
 
         $method = new ReflectionMethod($source, 'login');
         $method->setAccessible(true);
-- 
GitLab