Added services list when no callback is defined and other improvements (10cb0602) · Commits · IA2 / RAP

auth/oauth2/linkedin_token.php

+8 −5

Original line number	Diff line number	Diff line
		@@ -61,17 +61,19 @@ curl_setopt($conn1, CURLOPT_POSTFIELDS, $post_string);

		//perform our request
		$result1 = curl_exec($conn1);
		$info1 = curl_getinfo($conn1);

		if ($result1) {
		if ($info1['http_code'] === 200) {
		$my_token = json_decode($result1, TRUE);
		$access_token = $my_token['access_token'];
		$expires_in = $my_token['expires_in'];
		curl_close($conn1);
		} else {
		//show information regarding the error
		$errorMessage = curl_errno($conn1) . "-";
		$errorMessage = $errorMessage . curl_error($conn1);
		$errorMessage = "Error: LinkedIn server response code: " . $info1['http_code'] . " - ";
		$errorMessage .= curl_error($conn1);
		curl_close($conn1);
		http_response_code(500);
		die($errorMessage);
		}

		@@ -84,8 +86,9 @@ curl_setopt($conn2, CURLOPT_HTTPHEADER, array(

		curl_setopt($conn2, CURLOPT_RETURNTRANSFER, true);
		$result = curl_exec($conn2);
		$info2 = curl_getinfo($conn2);

		if ($result) {
		if ($info2['http_code'] === 200) {
		$data = json_decode($result, TRUE);

		curl_close($conn2);
		@@ -116,7 +119,7 @@ if ($result) {
		$callbackHandler->manageLoginRedirect($user, $session);
		} else {
		//show information regarding the error
		$errorMessage = curl_errno($conn2) . "-";
		$errorMessage = "Error: LinkedIn server response code: " . $info2['http_code'] . " - ";
		$errorMessage = $errorMessage . curl_error($conn2);
		curl_close($conn2);
		die($errorMessage);

classes/CallbackHandler.php

+37 −9

Original line number	Diff line number	Diff line
		@@ -36,37 +36,65 @@ class CallbackHandler {
		$this->callbacks = $callbacks;
		}

		/**
		* If a callback URL is not in the configured list we should return null.
		*/
		public function filterCallbackURL($callbackURL) {
		foreach ($this->callbacks as $callback) {
		if ($callback['url'] === $callbackURL) {
		return $callbackURL;
		}
		}
		return null;
		}

		/**
		* returns null if the callback URL is not listed in configuration file.
		*/
		public function getCallbackTitle($callbackURL) {

		if ($callbackURL === null) {
		return "Account Management";
		foreach ($this->callbacks as $callback) {
		if ($callback['url'] === $callbackURL) {
		return $callback['title'];
		}
		}

		return null;
		}

		public function getCallbackLogo($callbackURL) {

		foreach ($this->callbacks as $callback) {
		if ($callback['url'] === $callbackURL) {
		return $callback['title'];
		if (array_key_exists('logo', $callback)) {
		return $callback['logo'];
		} else {
		return null;
		}
		}
		}

		throw new \Exception("Unauthorized callback URL");
		return null;
		}

		public function manageLoginRedirect($user, SessionData $session) {

		if ($session->getCallbackURL() !== null) {
		// External login using token
		header('Location: ' . $this->getLoginWithTokenURL($user->id, $session->getCallbackURL()));
		die();
		} else {
		if ($session->getCallbackURL() === null) {
		http_response_code(401);
		die("Unauthorized callback URL");
		}

		if ($session->getCallbackURL() === $this->basePath . '/') {
		// Login in session
		$session->user = $user;
		$session->save();
		// Return to index
		header('Location: ' . $this->basePath);
		die();
		} else {
		// External login using token
		header('Location: ' . $this->getLoginWithTokenURL($user->id, $session->getCallbackURL()));
		die();
		}
		}

classes/GrouperClient.php

deleted100644 → 0

+0 −171

Original line number	Diff line number	Diff line
		<?php

		/* ----------------------------------------------------------------------------
		* INAF - National Institute for Astrophysics
		* IRA - Radioastronomical Institute - Bologna
		* OATS - Astronomical Observatory - Trieste
		* ----------------------------------------------------------------------------
		*
		* Copyright (C) 2016 Istituto Nazionale di Astrofisica
		*
		* This program is free software; you can redistribute it and/or modify it under
		* the terms of the GNU General Public License Version 3 as published by the
		* Free Software Foundation.
		*
		* This program is distributed in the hope that it will be useful, but WITHOUT
		* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
		* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
		* details.
		*
		* You should have received a copy of the GNU General Public License along with
		* this program; if not, write to the Free Software Foundation, Inc., 51
		* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
		*/

		namespace RAP;

		class GrouperClient {

		private $client;

		function __construct($config) {

		$this->client = new \SoapClient($config['wsdlURL'], array(
		'login' => $config['user'],
		'password' => $config['password'],
		'trace' => 1,
		// See: https://bugs.php.net/bug.php?id=36226
		'features' => SOAP_SINGLE_ELEMENT_ARRAYS
		)
		);
		}

		private function getBaseRequestParams() {
		return array(
		'clientVersion' => 'v2_3_000'
		);
		}

		private function startsWith($haystack, $needle) {
		return strpos($haystack, "$needle", 0) === 0;
		}

		private function isSuccess($response) {
		$success = isset($response->return->resultMetadata) && $response->return->resultMetadata->resultCode === 'SUCCESS';
		if (!$success) {
		throw new \Exception("Web Service Failure. Response=" . json_encode($response));
		}
		return $success;
		}

		public function getSubjectGroups($subjectId) {

		$params = $this->getBaseRequestParams();
		$params['subjectLookups'] = array(
		'subjectId' => $subjectId,
		'subjectSourceId' => 'RAP'
		);

		$response = $this->client->getGroups($params);

		if ($this->isSuccess($response)) {
		if (count($response->return->results) === 1) {
		$groups = [];
		if ($response->return->results[0]->wsGroups !== null) {
		foreach ($response->return->results[0]->wsGroups as $group) {
		if (!$this->startsWith($group->name, 'etc:')) {
		array_push($groups, $group->name);
		}
		}
		}
		return $groups;
		} else {
		throw new \Exception("Wrong results number. Response=" . json_encode($response));
		}
		}
		}

		public function getSubjectPrivileges($subjectId) {

		$params = $this->getBaseRequestParams();
		$params['subjectId'] = $subjectId;
		$params['subjectSourceId'] = 'RAP';

		$response = $this->client->getGrouperPrivilegesLite($params);

		$privilegesMap = [];
		if ($this->isSuccess($response)) {
		if ($response->return->privilegeResults !== null) {
		foreach ($response->return->privilegeResults as $item) {
		$groupName = $item->wsGroup->name;
		$privilege = $item->privilegeName;

		if (!array_key_exists($groupName, $privilegesMap)) {
		$groupPrivileges = [];
		} else {
		$groupPrivileges = $privilegesMap[$groupName];
		}
		$groupPrivileges[] = $privilege;
		$privilegesMap[$groupName] = $groupPrivileges;
		}
		}
		}

		return $privilegesMap;
		}

		private function getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames) {
		$params = $this->getBaseRequestParams();
		$params['wsSubjectLookups'] = array(
		'subjectId' => $subjectId,
		'subjectSourceId' => 'RAP'
		);
		$params['wsGroupLookup'] = array(
		'groupName' => $groupName
		);
		$params['privilegeNames'] = $privilegeNames;

		return $params;
		}

		public function assignPrivileges($subjectId, $groupName, $privilegeNames) {

		$params = $this->getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames);
		$params['allowed'] = 'T'; // true

		return $this->client->assignGrouperPrivileges($params);
		}

		public function removePrivileges($subjectId, $groupName, $privilegeNames) {

		$params = $this->getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames);
		$params['allowed'] = 'F'; // false

		return $this->client->assignGrouperPrivileges($params);
		}

		public function addMemberships($subjectId, $groups) {

		foreach ($groups as $group) {
		$params = $this->getBaseRequestParams();
		$params['subjectId'] = $subjectId;
		$params['subjectSourceId'] = 'RAP';
		$params['groupName'] = $group;

		$this->client->addMemberLite($params);
		}
		}

		public function removeMemberships($subjectId, $groups) {

		foreach ($groups as $group) {
		$params = $this->getBaseRequestParams();
		$params['subjectId'] = $subjectId;
		$params['subjectSourceId'] = 'RAP';
		$params['groupName'] = $group;

		$this->client->deleteMemberLite($params);
		}
		}

		}

classes/MailSender.php

+5 −2

Original line number	Diff line number	Diff line
		@@ -72,9 +72,12 @@ class MailSender {
		$body .= "<br/>";
		}

		$body .= "<br/>If you and this user are the same person click on the following link for joining your accounts:<br/>";
		$body .= "<br/>If you and this user are <b>the same person</b> click on the following link for joining your accounts:<br/>";
		$body .= "<a href=\"$confirmJoinURL\" target=\"blank_\">$confirmJoinURL</a>";
		$body .= "<br/><br/>Otherwise you can ignore this email<br/><br/>";
		$body .= "<br/><br/>Otherwise you can ignore this email.<br/>";

		$body .= '<p><b>Please don\'t use this functionality for sharing resources between your coworkers</b>, use <a href="https://sso.ia2.inaf.it/grouper">Grouper</a> for that.</p>';
		$body .= '<br/>';

		$body .= "<b>* This is an automatically generated email, please do not reply to this message *</b><br/>";
		$body .= "If you need information please contact <a href=\"mailto:ia2@oats.inaf.it\">IA2 Staff</a>";

classes/MySQLDAO.php

+3 −1

Original line number	Diff line number	Diff line
		@@ -208,7 +208,8 @@ class MySQLDAO implements DAO {
		. " i.`id`, `type`, `typed_id`, `email`, `name`, `surname`, `institution`, `eppn`"
		. " FROM identity i"
		. " JOIN `user` u on u.id = i.user_id"
		. " WHERE `email` LIKE :email OR `name` LIKE :name OR `surname` LIKE :surname";
		. " WHERE `email` LIKE :email OR `name` LIKE :name OR `surname` LIKE :surname"
		. " OR CONCAT(`name`,' ',`surname`) LIKE :namesurname";

		$stmt = $dbh->prepare($query);

		@@ -216,6 +217,7 @@ class MySQLDAO implements DAO {
		$stmt->bindParam(':email', $searchParam);
		$stmt->bindParam(':name', $searchParam);
		$stmt->bindParam(':surname', $searchParam);
		$stmt->bindParam(':namesurname', $searchParam);

		$stmt->execute();