summaryrefslogtreecommitdiffstats
path: root/inc/shibauth.inc.php
diff options
context:
space:
mode:
authorSimon Rettberg2024-05-27 15:37:55 +0200
committerSimon Rettberg2024-05-27 15:37:55 +0200
commit43ddb14693e4a4830f471dd7c90f6257d95b7b29 (patch)
tree8c960b53e0f7ba1c660d16abf8bf044411b96080 /inc/shibauth.inc.php
parentMerge branch 'master' of git.openslx.org:bwlp/bwlp-webadmin (diff)
downloadbwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.tar.gz
bwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.tar.xz
bwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.zip
Add support for client login via QRCodeHEADmaster
Diffstat (limited to 'inc/shibauth.inc.php')
-rw-r--r--inc/shibauth.inc.php32
1 files changed, 14 insertions, 18 deletions
diff --git a/inc/shibauth.inc.php b/inc/shibauth.inc.php
index 6ae3a89..d0e7800 100644
--- a/inc/shibauth.inc.php
+++ b/inc/shibauth.inc.php
@@ -3,12 +3,8 @@
class ShibAuth
{
- /**
- * Log user into master-server using the data provided by the current shibboleth session
- * @param ?string $accessCode optional one-time access code to retreive session data via thrift
- * @return array{status: string, firstName: string, lastName: string, mail: string, token: string, sessionId: string, userId: string, organizationId: string, url: string, error: string}
- */
- private static function loginInternal(?string $accessCode = null): array
+
+ private static function loginInternal(?string $accessCode, int $sessionTimeout): array
{
if ($accessCode !== null) {
$entrop = strlen(count_chars($accessCode, 3));
@@ -34,15 +30,8 @@ class ShibAuth
}
}
// Figure out role
- if (strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false) {
- $role = 'TUTOR';
- } else if (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';employee@') !== false
- || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';staff@') !== false
- || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';faculty@') !== false) {
- $role = 'TUTOR';
- } else {
- file_put_contents('/tmp/shib-student-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
- $role = 'STUDENT';
+ $role = Util::getRole('shibauth-login');
+ if ($role === 'STUDENT') {
// NEW: Ignore students for now
return [
'status' => 'error',
@@ -146,6 +135,7 @@ class ShibAuth
if ($accessCode !== null) {
$rpc['accessCode'] = $accessCode;
}
+ $rpc['timeoutSeconds'] = $sessionTimeout;
$reply = RPC::submit($rpc);
if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) {
// For talking to the sat server, also referred to as userToken in Java
@@ -172,9 +162,15 @@ class ShibAuth
return $response;
}
- public static function login(?string $accessCode = null): array
+ /**
+ * Log user into master-server using the data provided by the current shibboleth session
+ * @param string $accessCode one-time access code to retreive session data via thrift
+ * @param int $sessionTimeout how long the created session stays valid on master server
+ * @return array{status: string, firstName: string, lastName: string, mail: string, token: string, sessionId: string, userId: string, organizationId: string, url: string, error: string}
+ */
+ public static function login(?string $accessCode = null, int $sessionTimeout = 0): array
{
- $res = self::loginInternal($accessCode);
+ $res = self::loginInternal($accessCode, $sessionTimeout);
if ($res['status'] !== 'ok' && isset($res['error']) && $accessCode !== null) {
RPC::submit(['status' => 'error', 'error' => $res['error'], 'accessCode' => $accessCode]);
}
@@ -199,4 +195,4 @@ class ShibAuth
return $sat2;
}
-} \ No newline at end of file
+}