diff options
| author | Simon Rettberg | 2015-09-10 15:15:28 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2015-09-10 15:15:28 +0200 |
| commit | 93d1acd95d1bf99d3f428abdd85078d1bac7119f (patch) | |
| tree | 03e6169d4f1839b2a34ba9dd5b572a5de1c553b3 /shib | |
| parent | Allow registration, add support for creating test accounts, rename satellite ... (diff) | |
| download | bwlp-webadmin-93d1acd95d1bf99d3f428abdd85078d1bac7119f.tar.gz bwlp-webadmin-93d1acd95d1bf99d3f428abdd85078d1bac7119f.tar.xz bwlp-webadmin-93d1acd95d1bf99d3f428abdd85078d1bac7119f.zip | |
Adapt to master-server changes (Db scheme)
Diffstat (limited to 'shib')
| -rw-r--r-- | shib/api.php | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/shib/api.php b/shib/api.php index 58b9c80..6772e86 100644 --- a/shib/api.php +++ b/shib/api.php @@ -27,12 +27,13 @@ if (empty($_SERVER['persistent-id'])) { // No persistent id given, should not happen! $response['status'] = 'error'; $response['error'] = 'Shibboleth meta data missing!'; + @file_put_contents('/tmp/shib-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true)); } else { // Query database for user $shibId = md5($_SERVER['persistent-id']); - $user = Database::queryFirst("SELECT user.userid, user.login, user.organizationid, user.firstname, user.lastname, user.email, satellite.address " + $user = Database::queryFirst("SELECT user.userid, user.organizationid, user.firstname, user.lastname, user.email " . " FROM user " - . " INNER JOIN satellite USING (organizationid) " + . " INNER JOIN organization USING (organizationid) " . " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId)); if ($user === false) { // Not found, so we don't know which satellite to use @@ -51,7 +52,7 @@ if (empty($_SERVER['persistent-id'])) { if (empty($mail) && isset($_SERVER['mail'])) $mail = trim($_SERVER['mail']); // - $login = ( empty($user['login']) ? $shibId : $user['login'] ); + $login = ( empty($user['userid']) ? $shibId : $user['userid'] ); if (empty($firstName) || empty($lastName) || empty($login)) { // This means the user did not provide personal information on signup, nor does the IdP send them $response['status'] = 'anonymous'; @@ -59,27 +60,41 @@ if (empty($_SERVER['persistent-id'])) { // Seems ok! // Figure out role if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) { - $role = 'tutor'; + $role = 'TUTOR'; } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false) { - $role = 'tutor'; + $role = 'TUTOR'; } else { - $role = 'student'; + $role = 'STUDENT'; + } + // Determine satellite(s) + $res = Database::simpleQuery("SELECT satellitename, addresses, certsha256 FROM satellite" + . " WHERE organizationid = :organizationid AND userid IS NULL", array('organizationid' => $user['organizationid'])); + $sat1 = array(); // Legacy + $sat2 = array(); + while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + $addrs = json_decode($row['addresses'], true); + if (!is_array($addrs) || empty($addrs)) + continue; + $sat1[$row['satellitename']] = $addrs[0]; + $sat2[$row['satellitename']] = array( + 'addresses' => $addrs, + 'certHash' => $row['certsha256'] + ); } // $response['status'] = 'ok'; $response['firstName'] = $firstName; $response['lastName'] = $lastName; $response['mail'] = $mail; + $response['userId'] = $user['userid']; + $response['organizationId'] = $user['organizationid']; // This one we send to the running master server handler $rpc = $response; - $rpc['userId'] = $user['userid']; + $rpc['userId'] = $login; $rpc['role'] = $role; - $rpc['organizationid'] = $user['organizationid']; - $rpc['login'] = $login; // This one we only send to the user - $response['satellites'] = array( - 'default' => $user['address'] - ); + $response['satellites'] = $sat1; + $response['satellites2'] = $sat2; $reply = RPC::submit($rpc); if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) { $response['token'] = $out[1]; |