summaryrefslogtreecommitdiffstats
path: root/shib
diff options
context:
space:
mode:
authorSimon Rettberg2015-09-10 15:15:28 +0200
committerSimon Rettberg2015-09-10 15:15:28 +0200
commit93d1acd95d1bf99d3f428abdd85078d1bac7119f (patch)
tree03e6169d4f1839b2a34ba9dd5b572a5de1c553b3 /shib
parentAllow registration, add support for creating test accounts, rename satellite ... (diff)
downloadbwlp-webadmin-93d1acd95d1bf99d3f428abdd85078d1bac7119f.tar.gz
bwlp-webadmin-93d1acd95d1bf99d3f428abdd85078d1bac7119f.tar.xz
bwlp-webadmin-93d1acd95d1bf99d3f428abdd85078d1bac7119f.zip
Adapt to master-server changes (Db scheme)
Diffstat (limited to 'shib')
-rw-r--r--shib/api.php39
1 files changed, 27 insertions, 12 deletions
diff --git a/shib/api.php b/shib/api.php
index 58b9c80..6772e86 100644
--- a/shib/api.php
+++ b/shib/api.php
@@ -27,12 +27,13 @@ if (empty($_SERVER['persistent-id'])) {
// No persistent id given, should not happen!
$response['status'] = 'error';
$response['error'] = 'Shibboleth meta data missing!';
+ @file_put_contents('/tmp/shib-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
} else {
// Query database for user
$shibId = md5($_SERVER['persistent-id']);
- $user = Database::queryFirst("SELECT user.userid, user.login, user.organizationid, user.firstname, user.lastname, user.email, satellite.address "
+ $user = Database::queryFirst("SELECT user.userid, user.organizationid, user.firstname, user.lastname, user.email "
. " FROM user "
- . " INNER JOIN satellite USING (organizationid) "
+ . " INNER JOIN organization USING (organizationid) "
. " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId));
if ($user === false) {
// Not found, so we don't know which satellite to use
@@ -51,7 +52,7 @@ if (empty($_SERVER['persistent-id'])) {
if (empty($mail) && isset($_SERVER['mail']))
$mail = trim($_SERVER['mail']);
//
- $login = ( empty($user['login']) ? $shibId : $user['login'] );
+ $login = ( empty($user['userid']) ? $shibId : $user['userid'] );
if (empty($firstName) || empty($lastName) || empty($login)) {
// This means the user did not provide personal information on signup, nor does the IdP send them
$response['status'] = 'anonymous';
@@ -59,27 +60,41 @@ if (empty($_SERVER['persistent-id'])) {
// Seems ok!
// Figure out role
if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) {
- $role = 'tutor';
+ $role = 'TUTOR';
} else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false) {
- $role = 'tutor';
+ $role = 'TUTOR';
} else {
- $role = 'student';
+ $role = 'STUDENT';
+ }
+ // Determine satellite(s)
+ $res = Database::simpleQuery("SELECT satellitename, addresses, certsha256 FROM satellite"
+ . " WHERE organizationid = :organizationid AND userid IS NULL", array('organizationid' => $user['organizationid']));
+ $sat1 = array(); // Legacy
+ $sat2 = array();
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $addrs = json_decode($row['addresses'], true);
+ if (!is_array($addrs) || empty($addrs))
+ continue;
+ $sat1[$row['satellitename']] = $addrs[0];
+ $sat2[$row['satellitename']] = array(
+ 'addresses' => $addrs,
+ 'certHash' => $row['certsha256']
+ );
}
//
$response['status'] = 'ok';
$response['firstName'] = $firstName;
$response['lastName'] = $lastName;
$response['mail'] = $mail;
+ $response['userId'] = $user['userid'];
+ $response['organizationId'] = $user['organizationid'];
// This one we send to the running master server handler
$rpc = $response;
- $rpc['userId'] = $user['userid'];
+ $rpc['userId'] = $login;
$rpc['role'] = $role;
- $rpc['organizationid'] = $user['organizationid'];
- $rpc['login'] = $login;
// This one we only send to the user
- $response['satellites'] = array(
- 'default' => $user['address']
- );
+ $response['satellites'] = $sat1;
+ $response['satellites2'] = $sat2;
$reply = RPC::submit($rpc);
if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) {
$response['token'] = $out[1];