Loading classes/IdTokenBuilder.php +6 −2 Original line number Original line Diff line number Diff line Loading @@ -27,7 +27,7 @@ class IdTokenBuilder { $payloadArr = array( $payloadArr = array( 'iss' => $this->locator->config->jwtIssuer, 'iss' => $this->locator->config->jwtIssuer, 'sub' => $user->id, 'sub' => strval($user->id), 'iat' => intval($accessToken->creationTime), 'iat' => intval($accessToken->creationTime), 'exp' => intval($accessToken->expirationTime), 'exp' => intval($accessToken->expirationTime), 'name' => $user->getCompleteName(), 'name' => $user->getCompleteName(), Loading @@ -49,6 +49,10 @@ class IdTokenBuilder { } } } } if ($accessToken->joinUser !== null) { $payloadArr['alt_sub'] = strval($accessToken->joinUser); } return $payloadArr; return $payloadArr; } } Loading classes/UserHandler.php +21 −21 Original line number Original line Diff line number Diff line Loading @@ -63,44 +63,28 @@ class UserHandler { } } } } /** * Build an URL for the web service endpoint that needs to be called in order * to move groups from one user to the other during a join operation. * @return string grouper URL for the PrepareToJoinServlet */ private function getJoinURL() { $joinURL = $this->grouperConfig['wsURL']; if (substr($joinURL, -1) !== '/') { $joinURL .= '/'; } $joinURL .= 'ia2join'; return $joinURL; } public function joinUsers(User $user1, User $user2): User { public function joinUsers(User $user1, User $user2): User { $userId1 = $user1->id; $userId1 = $user1->id; $userId2 = $user2->id; $userId2 = $user2->id; // Call Grouper for moving groups and privileges from one user to the other // Call Grouper for moving groups and privileges from one user to the other if (isset($this->locator->config->gmsConfig)) { if (isset($this->locator->config->gms)) { // TODO: change with new GMS // TODO: change with new GMS //create cURL connection //create cURL connection $conn = curl_init($this->getJoinURL()); $conn = curl_init($this->locator->config->gms->joinEndpoint); //set options //set options curl_setopt($conn, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($conn, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($conn, CURLOPT_RETURNTRANSFER, true); curl_setopt($conn, CURLOPT_RETURNTRANSFER, true); curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($conn, CURLOPT_USERPWD, $this->grouperConfig['user'] . ":" . $this->grouperConfig['password']); curl_setopt($conn, CURLOPT_HTTPHEADER, ['Authorization: Bearer ' . $this->getJoinIdToken($userId1, $userId2)]); //set data to be posted //set data to be posted curl_setopt($conn, CURLOPT_POST, 1); curl_setopt($conn, CURLOPT_POST, 1); curl_setopt($conn, CURLOPT_POSTFIELDS, "subject1Id=RAP:$userId1&subject2Id=RAP:$userId2"); //perform the request //perform the request $response = curl_exec($conn); $response = curl_exec($conn); Loading @@ -111,8 +95,9 @@ class UserHandler { } else { } else { //show information regarding the error //show information regarding the error curl_close($conn); curl_close($conn); error_log($response); http_response_code(500); http_response_code(500); die('Error: Grouper response code: ' . $info['http_code']); die('Error: GMS response code: ' . $info['http_code'] . "\n"); } } } } Loading @@ -128,4 +113,19 @@ class UserHandler { return $user1; return $user1; } } private function getJoinIdToken(int $userId1, int $userId2): string { $gmsId = $this->locator->config->gms->id; $accessToken = new AccessToken(); $accessToken->clientId = $gmsId; $accessToken->userId = $userId1; $accessToken->joinUser = $userId2; // shorter expiration $accessToken->expirationTime = $accessToken->creationTime + 100; $accessToken->scope = ['openid']; return $this->locator->getIdTokenBuilder()->getIdToken($accessToken); } } } classes/model/AccessToken.php +1 −0 Original line number Original line Diff line number Diff line Loading @@ -19,6 +19,7 @@ class AccessToken { public $redirectUri; public $redirectUri; public $clientId; public $clientId; public $scope; public $scope; public $joinUser; public function isExpired(): bool { public function isExpired(): bool { return $this->expirationTime < time(); return $this->expirationTime < time(); Loading config-example.json +2 −3 Original line number Original line Diff line number Diff line Loading @@ -45,8 +45,7 @@ } } }, }, "gms": { "gms": { "baseUrl": "https://sso.ia2.inaf.it/gms", "id": "gms", "clientId": "rap", "joinEndpoint": "http://localhost:8082/gms/ws/jwt/join" "clientSecret": "rap-secret" } } } } exec/join.php 0 → 100644 +31 −0 Original line number Original line Diff line number Diff line <?php if($argc !== 3) { echo "Usage: php $argv[0] <user_id_1> <user_id_2>\n"; echo "The second id will be deleted.\n"; exit(1); } chdir(dirname(__FILE__)); include '../include/init.php'; $dao = $locator->getUserDAO(); $handler = $locator->getUserHandler(); $tokenBuilder = $locator->getIdTokenBuilder(); $user1 = $dao->findUserById((int) $argv[1]); if($user1 === null) { echo "User $argv[1] not found"; exit(1); } $user2 = $dao->findUserById((int) $argv[2]); if($user2 === null) { echo "User $argv[2] not found"; exit(1); } $handler->joinUsers($user1, $user2); echo "OK\n"; Loading
classes/IdTokenBuilder.php +6 −2 Original line number Original line Diff line number Diff line Loading @@ -27,7 +27,7 @@ class IdTokenBuilder { $payloadArr = array( $payloadArr = array( 'iss' => $this->locator->config->jwtIssuer, 'iss' => $this->locator->config->jwtIssuer, 'sub' => $user->id, 'sub' => strval($user->id), 'iat' => intval($accessToken->creationTime), 'iat' => intval($accessToken->creationTime), 'exp' => intval($accessToken->expirationTime), 'exp' => intval($accessToken->expirationTime), 'name' => $user->getCompleteName(), 'name' => $user->getCompleteName(), Loading @@ -49,6 +49,10 @@ class IdTokenBuilder { } } } } if ($accessToken->joinUser !== null) { $payloadArr['alt_sub'] = strval($accessToken->joinUser); } return $payloadArr; return $payloadArr; } } Loading
classes/UserHandler.php +21 −21 Original line number Original line Diff line number Diff line Loading @@ -63,44 +63,28 @@ class UserHandler { } } } } /** * Build an URL for the web service endpoint that needs to be called in order * to move groups from one user to the other during a join operation. * @return string grouper URL for the PrepareToJoinServlet */ private function getJoinURL() { $joinURL = $this->grouperConfig['wsURL']; if (substr($joinURL, -1) !== '/') { $joinURL .= '/'; } $joinURL .= 'ia2join'; return $joinURL; } public function joinUsers(User $user1, User $user2): User { public function joinUsers(User $user1, User $user2): User { $userId1 = $user1->id; $userId1 = $user1->id; $userId2 = $user2->id; $userId2 = $user2->id; // Call Grouper for moving groups and privileges from one user to the other // Call Grouper for moving groups and privileges from one user to the other if (isset($this->locator->config->gmsConfig)) { if (isset($this->locator->config->gms)) { // TODO: change with new GMS // TODO: change with new GMS //create cURL connection //create cURL connection $conn = curl_init($this->getJoinURL()); $conn = curl_init($this->locator->config->gms->joinEndpoint); //set options //set options curl_setopt($conn, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($conn, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($conn, CURLOPT_RETURNTRANSFER, true); curl_setopt($conn, CURLOPT_RETURNTRANSFER, true); curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($conn, CURLOPT_USERPWD, $this->grouperConfig['user'] . ":" . $this->grouperConfig['password']); curl_setopt($conn, CURLOPT_HTTPHEADER, ['Authorization: Bearer ' . $this->getJoinIdToken($userId1, $userId2)]); //set data to be posted //set data to be posted curl_setopt($conn, CURLOPT_POST, 1); curl_setopt($conn, CURLOPT_POST, 1); curl_setopt($conn, CURLOPT_POSTFIELDS, "subject1Id=RAP:$userId1&subject2Id=RAP:$userId2"); //perform the request //perform the request $response = curl_exec($conn); $response = curl_exec($conn); Loading @@ -111,8 +95,9 @@ class UserHandler { } else { } else { //show information regarding the error //show information regarding the error curl_close($conn); curl_close($conn); error_log($response); http_response_code(500); http_response_code(500); die('Error: Grouper response code: ' . $info['http_code']); die('Error: GMS response code: ' . $info['http_code'] . "\n"); } } } } Loading @@ -128,4 +113,19 @@ class UserHandler { return $user1; return $user1; } } private function getJoinIdToken(int $userId1, int $userId2): string { $gmsId = $this->locator->config->gms->id; $accessToken = new AccessToken(); $accessToken->clientId = $gmsId; $accessToken->userId = $userId1; $accessToken->joinUser = $userId2; // shorter expiration $accessToken->expirationTime = $accessToken->creationTime + 100; $accessToken->scope = ['openid']; return $this->locator->getIdTokenBuilder()->getIdToken($accessToken); } } }
classes/model/AccessToken.php +1 −0 Original line number Original line Diff line number Diff line Loading @@ -19,6 +19,7 @@ class AccessToken { public $redirectUri; public $redirectUri; public $clientId; public $clientId; public $scope; public $scope; public $joinUser; public function isExpired(): bool { public function isExpired(): bool { return $this->expirationTime < time(); return $this->expirationTime < time(); Loading
config-example.json +2 −3 Original line number Original line Diff line number Diff line Loading @@ -45,8 +45,7 @@ } } }, }, "gms": { "gms": { "baseUrl": "https://sso.ia2.inaf.it/gms", "id": "gms", "clientId": "rap", "joinEndpoint": "http://localhost:8082/gms/ws/jwt/join" "clientSecret": "rap-secret" } } } }
exec/join.php 0 → 100644 +31 −0 Original line number Original line Diff line number Diff line <?php if($argc !== 3) { echo "Usage: php $argv[0] <user_id_1> <user_id_2>\n"; echo "The second id will be deleted.\n"; exit(1); } chdir(dirname(__FILE__)); include '../include/init.php'; $dao = $locator->getUserDAO(); $handler = $locator->getUserHandler(); $tokenBuilder = $locator->getIdTokenBuilder(); $user1 = $dao->findUserById((int) $argv[1]); if($user1 === null) { echo "User $argv[1] not found"; exit(1); } $user2 = $dao->findUserById((int) $argv[2]); if($user2 === null) { echo "User $argv[2] not found"; exit(1); } $handler->joinUsers($user1, $user2); echo "OK\n";
