summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2020-06-26 14:07:56 +0200
committerSimon Rettberg2020-06-26 14:07:56 +0200
commit13e8ac42cab7c169f5d115286314f17e8f814f71 (patch)
treeea222c05e909d6d2c412a5f70b334b8df488a8d8
parent[register] Simplify code (diff)
downloadbwlp-webadmin-13e8ac42cab7c169f5d115286314f17e8f814f71.tar.gz
bwlp-webadmin-13e8ac42cab7c169f5d115286314f17e8f814f71.tar.xz
bwlp-webadmin-13e8ac42cab7c169f5d115286314f17e8f814f71.zip
Make scoped affiliation attribute name configurable
-rw-r--r--config.php.example1
-rw-r--r--inc/user.inc.php8
-rw-r--r--shib/api.php12
3 files changed, 11 insertions, 10 deletions
diff --git a/config.php.example b/config.php.example
index c6c926d..083c555 100644
--- a/config.php.example
+++ b/config.php.example
@@ -23,6 +23,7 @@ define('CONFIG_IDM_LINK_EPSA', 'https://www.bwidm.de/attribute/#eduPersonScopedA
define('CONFIG_SURNAME', 'sn');
define('CONFIG_EPPN', 'eppn');
+define('CONFIG_SCOPED_AFFILIATION', 'affiliation');
// Have a properties file or set variables here manually.
// Make sure properties file is not in webroot
diff --git a/inc/user.inc.php b/inc/user.inc.php
index e2523f9..a5a8e3c 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -196,9 +196,9 @@ class User
'email' => $_SERVER['mail'],
);
// Figure out whether the user should be considered a tutor
- if (isset($_SERVER['affiliation']) && (strpos(";{$_SERVER['affiliation']}", ';employee@') !== false
- || strpos(";{$_SERVER['affiliation']}", ';staff@') !== false
- || strpos(";{$_SERVER['affiliation']}", ';faculty@') !== false))
+ if (isset($_SERVER[CONFIG_SCOPED_AFFILIATION]) && (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]}", ';employee@') !== false
+ || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]}", ';staff@') !== false
+ || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]}", ';faculty@') !== false))
self::$user['role'] = 'TUTOR';
elseif (isset($_SERVER['entitlement']) && strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false)
self::$user['role'] = 'TUTOR';
@@ -208,7 +208,7 @@ class User
if (isset($_SERVER[CONFIG_EPPN]) && preg_match('/@([0-9a-zA-Z\-\._]+)$/', $_SERVER[CONFIG_EPPN], $out)) {
self::$user['organization'] = $out[1];
}
- if (!isset(self::$user['organization']) && isset($_SERVER['affiliation']) && preg_match('/@([0-9a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out)) {
+ if (!isset(self::$user['organization']) && isset($_SERVER[CONFIG_SCOPED_AFFILIATION]) && preg_match('/@([0-9a-zA-Z\-\._]+)(;|$)/', $_SERVER[CONFIG_SCOPED_AFFILIATION], $out)) {
self::$user['organization'] = $out[1];
}
// Get matching db entry if any
diff --git a/shib/api.php b/shib/api.php
index 2c80f37..533ae78 100644
--- a/shib/api.php
+++ b/shib/api.php
@@ -37,9 +37,9 @@ if (empty($_SERVER['persistent-id'])) {
// Figure out role
if (strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false) {
$role = 'TUTOR';
- } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false
- || strpos(";{$_SERVER['affiliation']};", ';staff@') !== false
- || strpos(";{$_SERVER['affiliation']};", ';faculty@') !== false) {
+ } else if (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';employee@') !== false
+ || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';staff@') !== false
+ || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';faculty@') !== false) {
$role = 'TUTOR';
} else {
file_put_contents('/tmp/shib-student-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
@@ -49,7 +49,7 @@ if (empty($_SERVER['persistent-id'])) {
'status' => 'error',
'error' => "Sie wurden als Student eingestuft und können sich daher nicht an der " . CONFIG_SUITE . "-Suite anmelden."
. "\nFalls Ihr Nutzerkonto kein Studentenkonto ist stellen Sie sicher, dass Ihr IdP für berechtigte"
- . "\nAccounts entweder das " . CONFIG_SUITE . "-Entitlement ausliefert, oder das Attribut 'affiliation'"
+ . "\nAccounts entweder das " . CONFIG_SUITE . "-Entitlement ausliefert, oder das Attribut CONFIG_SCOPED_AFFILIATION"
. "\nausgeliefert wird, und es entweder 'employee@..', 'staff@..' oder 'faculty@..' enthält."
. "\n\nMehr Informationen finden Sie unter " . CONFIG_HELPURL
);
@@ -82,8 +82,8 @@ if (empty($_SERVER['persistent-id'])) {
}
}
}
- if (!isset($response['organizationId']) && isset($_SERVER['affiliation'])) {
- if (preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER['affiliation'], $out)) {
+ if (!isset($response['organizationId']) && isset($_SERVER[CONFIG_SCOPED_AFFILIATION])) {
+ if (preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER[CONFIG_SCOPED_AFFILIATION], $out)) {
$out = Database::queryFirst("SELECT organizationid FROM organization_suffix WHERE suffix = :suffix", array(
'suffix' => $out[2]
));