diff options
author | Simon Rettberg | 2024-05-27 15:37:55 +0200 |
---|---|---|
committer | Simon Rettberg | 2024-05-27 15:37:55 +0200 |
commit | 43ddb14693e4a4830f471dd7c90f6257d95b7b29 (patch) | |
tree | 8c960b53e0f7ba1c660d16abf8bf044411b96080 /inc/shibauth.inc.php | |
parent | Merge branch 'master' of git.openslx.org:bwlp/bwlp-webadmin (diff) | |
download | bwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.tar.gz bwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.tar.xz bwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.zip |
Diffstat (limited to 'inc/shibauth.inc.php')
-rw-r--r-- | inc/shibauth.inc.php | 32 |
1 files changed, 14 insertions, 18 deletions
diff --git a/inc/shibauth.inc.php b/inc/shibauth.inc.php index 6ae3a89..d0e7800 100644 --- a/inc/shibauth.inc.php +++ b/inc/shibauth.inc.php @@ -3,12 +3,8 @@ class ShibAuth { - /** - * Log user into master-server using the data provided by the current shibboleth session - * @param ?string $accessCode optional one-time access code to retreive session data via thrift - * @return array{status: string, firstName: string, lastName: string, mail: string, token: string, sessionId: string, userId: string, organizationId: string, url: string, error: string} - */ - private static function loginInternal(?string $accessCode = null): array + + private static function loginInternal(?string $accessCode, int $sessionTimeout): array { if ($accessCode !== null) { $entrop = strlen(count_chars($accessCode, 3)); @@ -34,15 +30,8 @@ class ShibAuth } } // Figure out role - if (strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false) { - $role = 'TUTOR'; - } else if (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';employee@') !== false - || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';staff@') !== false - || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';faculty@') !== false) { - $role = 'TUTOR'; - } else { - file_put_contents('/tmp/shib-student-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true)); - $role = 'STUDENT'; + $role = Util::getRole('shibauth-login'); + if ($role === 'STUDENT') { // NEW: Ignore students for now return [ 'status' => 'error', @@ -146,6 +135,7 @@ class ShibAuth if ($accessCode !== null) { $rpc['accessCode'] = $accessCode; } + $rpc['timeoutSeconds'] = $sessionTimeout; $reply = RPC::submit($rpc); if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) { // For talking to the sat server, also referred to as userToken in Java @@ -172,9 +162,15 @@ class ShibAuth return $response; } - public static function login(?string $accessCode = null): array + /** + * Log user into master-server using the data provided by the current shibboleth session + * @param string $accessCode one-time access code to retreive session data via thrift + * @param int $sessionTimeout how long the created session stays valid on master server + * @return array{status: string, firstName: string, lastName: string, mail: string, token: string, sessionId: string, userId: string, organizationId: string, url: string, error: string} + */ + public static function login(?string $accessCode = null, int $sessionTimeout = 0): array { - $res = self::loginInternal($accessCode); + $res = self::loginInternal($accessCode, $sessionTimeout); if ($res['status'] !== 'ok' && isset($res['error']) && $accessCode !== null) { RPC::submit(['status' => 'error', 'error' => $res['error'], 'accessCode' => $accessCode]); } @@ -199,4 +195,4 @@ class ShibAuth return $sat2; } -}
\ No newline at end of file +} |