summaryrefslogblamecommitdiffstats
path: root/shib/api.php
blob: 0c2a297a1490a30f322b25f8eb44155e59bcfffc (plain) (tree)































































































                                                                                                                                                         
<?php

chdir('..');

require_once 'config.php';

/*
Header('Content-Type: text/plain; charset=utf-8');
die( json_encode($_SERVER, JSON_PRETTY_PRINT) );

// */

// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
function slxAutoloader($class)
{
	$file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php';
	if (!file_exists($file))
		return;
	require_once $file;
}
spl_autoload_register('slxAutoloader');


$response = array();

if (empty($_SERVER['persistent-id'])) {
	// No persistent id given, should not happen!
	$response['status'] = 'error';
	$response['error'] = 'Shibboleth meta data missing!';
} else {
	// Query database for user
	$shibId = md5($_SERVER['persistent-id']);
	$user = Database::queryFirst("SELECT user.userid, user.login, user.organizationid, user.firstname, user.lastname, user.email, satellite.address "
		. " FROM user "
		. " INNER JOIN satellite USING (organizationid) "
		. " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId));
	if ($user === false) {
		// Not found, so we don't know which satellite to use
		$response['status'] = 'unregistered';
		$response['id'] = $shibId;
		$response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/';
	} else {
		// Found, see if we got personal information, either temporarily through metadata, or from database
		$firstName = $user['firstname'];
		$lastName = $user['lastname'];
		$mail = $user['email'];
		if (empty($firstName) && isset($_SERVER['givenName']))
			$firstName = trim($_SERVER['givenName']);
		if (empty($lastName) && isset($_SERVER['sn']))
			$lastName = trim($_SERVER['sn']);
		if (empty($mail) && isset($_SERVER['mail']))
			$mail = trim($_SERVER['mail']);
		//
		$login = ( empty($user['login']) ? $shibId : $user['login'] );
		if (empty($firstName) || empty($lastName) || empty($login)) {
			// This means the user did not provide personal information on signup, nor does the IdP send them
			$response['status'] = 'anonymous';
		} else {
			// Seems ok!
			// Figure out role
			if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) {
				$role = 'tutor';
			} else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false) {
				$role = 'tutor';
			} else {
				$role = 'student';
			}
			//
			$response['status'] = 'ok';
			$response['firstName'] = $firstName;
			$response['lastName'] = $lastName;
			$response['mail'] = $mail;
			// This one we send to the running master server handler
			$rpc = $response;
			$rpc['userId'] = $user['userid'];
			$rpc['role'] = $role;
			$rpc['organizationid'] = $user['organizationid'];
			$rpc['login'] = $login;
			// This one we only send to the user
			$response['satellites'] = array(
				'default' => $user['address']
			);
			$reply = RPC::submit($rpc);
			if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) {
				$response['token'] = $out[1];
				$response['sessionId'] = $out[2];
			} else {
				$response['error'] = $reply;
				$response['status'] = 'error';
			}
		}
	}
}

Header('Content-Type: text/plain; charset=utf-8');
echo json_encode($response, JSON_PRETTY_PRINT);