Update for PHP 8.2

1 files changed, 3 insertions, 163 deletions

diff --git a/shib/api.php b/shib/api.php
index 7f510d8..eec1e3d 100644
--- a/shib/api.php
+++ b/shib/api.php
@@ -11,175 +11,15 @@ die( json_encode($_SERVER, JSON_PRETTY_PRINT) );
 // */
 
 // Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
-function slxAutoloader($class)
+spl_autoload_register(function ($class)
 {
 	$file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php';
 	if (!file_exists($file))
 		return;
 	require_once $file;
-}
-spl_autoload_register('slxAutoloader');
+});
 
-function getSatelliteList($orgId)
-{
-	// Determine satellite(s)
-	$res = Database::simpleQuery("SELECT satellitename, addresses, certsha256 FROM satellite"
-		. " WHERE organizationid = :organizationid AND userid IS NULL", array('organizationid' => $orgId));
-	$sat2 = array();
-	while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-		$addrs = json_decode($row['addresses'], true);
-		if (!is_array($addrs) || empty($addrs))
-			continue;
-		$sat2[$row['satellitename']] = array(
-			'addresses' => $addrs,
-			'certHash' => $row['certsha256']
-		);
-	}
-	return $sat2;
-}
-
-$response = array();
-
-if (empty($_SERVER['persistent-id'])) {
-	// No persistent id given, should not happen!
-	$response['status'] = 'error';
-	$response['error'] = 'Shibboleth meta data missing!';
-	file_put_contents('/tmp/shib-nopid-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
-} else {
-	// Query database for user
-	$shibId = [ md5($_SERVER['persistent-id']) ];
-	if (strpos($_SERVER['persistent-id'], ';') !== false) {
-		foreach (explode(';', $_SERVER['persistent-id']) as $s) {
-			if (empty($s))
-				continue;
-			$shibId[] = md5($s);
-		}
-	}
-	$user = Database::queryFirst("SELECT user.userid, user.organizationid, user.firstname, user.lastname, user.email "
-		. " FROM user "
-		. " INNER JOIN organization USING (organizationid) "
-		. " WHERE user.shibid IN (:shibid) LIMIT 1", array('shibid' => $shibId));
-	// Figure out role
-	if (strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false) {
-		$role = 'TUTOR';
-	} else if (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';employee@') !== false
-			|| strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';staff@') !== false
-			|| strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';faculty@') !== false) {
-		$role = 'TUTOR';
-	} else {
-		file_put_contents('/tmp/shib-student-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
-		$role = 'STUDENT';
-		// NEW: Ignore students for now
-		$response = array(
-			'status' => 'error',
-			'error' => "Sie wurden als Student eingestuft und können sich daher nicht an der " . CONFIG_SUITE . "-Suite anmelden."
-				. "\nFalls Ihr Nutzerkonto kein Studentenkonto ist stellen Sie sicher, dass Ihr IdP für berechtigte"
-				. "\nAccounts entweder das " . CONFIG_SUITE . "-Entitlement ausliefert, oder das Attribut " . CONFIG_SCOPED_AFFILIATION
-				. "\nausgeliefert wird, und es entweder 'employee@..', 'staff@..' oder 'faculty@..' enthält."
-				. "\n\nMehr Informationen finden Sie unter " . CONFIG_HELPURL
-		);
-		Header('Content-Type: text/plain; charset=utf-8');
-		die(json_encode($response, JSON_PRETTY_PRINT));
-		// end IGNORE STUDENTS
-	}
-	if ($user === false) {
-		// Not found, so we don't know which satellite to use
-		if ($role === 'STUDENT') {
-			$response['status'] = 'ok';
-			$response['firstName'] = $_SERVER['givenName'] ?? 'Anonymous';
-			$response['lastName'] = $_SERVER[CONFIG_SURNAME] ?? 'Student';
-			$response['mail'] = $_SERVER['mail'] ?? 'void@none.invalid';
-			$response['userId'] = $shibId;
-			// Try to figure out orgId
-			if (!isset($response['organizationId']) && isset($_SERVER[CONFIG_EPPN])) {
-				if (preg_match('/@(.+)$/', $_SERVER[CONFIG_EPPN], $out)) {
-					$out = Database::queryFirst("SELECT organizationid FROM organization_suffix WHERE suffix = :suffix", array(
-						'suffix' => $out[1]
-					));
-					if ($out !== false) {
-						$response['organizationId'] = $out['organizationid'];
-					}
-				}
-			}
-			if (!isset($response['organizationId']) && isset($_SERVER[CONFIG_SCOPED_AFFILIATION])) {
-				if (preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER[CONFIG_SCOPED_AFFILIATION], $out)) {
-					$out = Database::queryFirst("SELECT organizationid FROM organization_suffix WHERE suffix = :suffix", array(
-						'suffix' => $out[2]
-					));
-					if ($out !== false) {
-						$response['organizationId'] = $out['organizationid'];
-					}
-				}
-			}
-			// This one we send to the running master server handler
-			$rpc = $response;
-			$rpc['role'] = $role;
-			if (isset($response['organizationId'])) {
-				$response['satellites2'] = getSatelliteList($response['organizationId']);
-			}
-		} else {
-			$response['status'] = 'unregistered';
-		}
-		$response['id'] = $shibId;
-		$response['url'] = CONFIG_MASTERWEBIF;
-		file_put_contents('/tmp/shib-unreg-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
-	} else {
-		// Found, see if we got personal information, either temporarily through metadata, or from database
-		$firstName = $user['firstname'];
-		$lastName = $user['lastname'];
-		$mail = $user['email'];
-		if (empty($firstName) && isset($_SERVER['givenName']))
-			$firstName = trim($_SERVER['givenName']);
-		if (empty($lastName) && isset($_SERVER[CONFIG_SURNAME]))
-			$lastName = trim($_SERVER[CONFIG_SURNAME]);
-		if (empty($mail) && isset($_SERVER['mail']))
-			$mail = trim($_SERVER['mail']);
-		//
-		$login = (empty($user['userid']) ? $shibId : $user['userid'] );
-		if (empty($firstName) || empty($lastName) || empty($login)) {
-			// This means the user did not provide personal information on signup, nor does the IdP send them
-			$response['status'] = 'anonymous';
-		} else {
-			// Seems ok!
-			//
-			$response['status'] = 'ok';
-			$response['firstName'] = $firstName;
-			$response['lastName'] = $lastName;
-			$response['mail'] = $mail;
-			$response['userId'] = $user['userid'];
-			$response['organizationId'] = $user['organizationid'];
-			// This one we send to the running master server handler
-			$rpc = $response;
-			$rpc['userId'] = $login;
-			$rpc['role'] = $role;
-			// This one we only send to the user
-			$response['satellites2'] = getSatelliteList($user['organizationid']);
-		}
-	}
-}
-
-if (isset($rpc)) {
-			$reply = RPC::submit($rpc);
-			if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) {
-				$response['token'] = $out[1];
-				$response['sessionId'] = $out[2];
-			} else {
-				if (empty($rpc['mail'])) {
-					$reply .= ' (No email given)';
-				}
-				if (empty($rpc['firstName'])) {
-					$reply .= ' (No first name given)';
-				}
-				if (empty($rpc['lastName'])) {
-					$reply .= ' (No last name given)';
-				}
-				if (empty($rpc['organizationId'])) {
-					$reply .= ' (No organization id found)';
-				}
-				$response['error'] = $reply;
-				$response['status'] = 'error';
-			}
-}
+$response = ShibAuth::login();
 
 Header('Content-Type: text/plain; charset=utf-8');
 echo json_encode($response, JSON_PRETTY_PRINT);