diff options
-rw-r--r-- | config.php.example | 1 | ||||
-rw-r--r-- | inc/user.inc.php | 8 | ||||
-rw-r--r-- | shib/api.php | 12 |
3 files changed, 11 insertions, 10 deletions
diff --git a/config.php.example b/config.php.example index c6c926d..083c555 100644 --- a/config.php.example +++ b/config.php.example @@ -23,6 +23,7 @@ define('CONFIG_IDM_LINK_EPSA', 'https://www.bwidm.de/attribute/#eduPersonScopedA define('CONFIG_SURNAME', 'sn'); define('CONFIG_EPPN', 'eppn'); +define('CONFIG_SCOPED_AFFILIATION', 'affiliation'); // Have a properties file or set variables here manually. // Make sure properties file is not in webroot diff --git a/inc/user.inc.php b/inc/user.inc.php index e2523f9..a5a8e3c 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -196,9 +196,9 @@ class User 'email' => $_SERVER['mail'], ); // Figure out whether the user should be considered a tutor - if (isset($_SERVER['affiliation']) && (strpos(";{$_SERVER['affiliation']}", ';employee@') !== false - || strpos(";{$_SERVER['affiliation']}", ';staff@') !== false - || strpos(";{$_SERVER['affiliation']}", ';faculty@') !== false)) + if (isset($_SERVER[CONFIG_SCOPED_AFFILIATION]) && (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]}", ';employee@') !== false + || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]}", ';staff@') !== false + || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]}", ';faculty@') !== false)) self::$user['role'] = 'TUTOR'; elseif (isset($_SERVER['entitlement']) && strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false) self::$user['role'] = 'TUTOR'; @@ -208,7 +208,7 @@ class User if (isset($_SERVER[CONFIG_EPPN]) && preg_match('/@([0-9a-zA-Z\-\._]+)$/', $_SERVER[CONFIG_EPPN], $out)) { self::$user['organization'] = $out[1]; } - if (!isset(self::$user['organization']) && isset($_SERVER['affiliation']) && preg_match('/@([0-9a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out)) { + if (!isset(self::$user['organization']) && isset($_SERVER[CONFIG_SCOPED_AFFILIATION]) && preg_match('/@([0-9a-zA-Z\-\._]+)(;|$)/', $_SERVER[CONFIG_SCOPED_AFFILIATION], $out)) { self::$user['organization'] = $out[1]; } // Get matching db entry if any diff --git a/shib/api.php b/shib/api.php index 2c80f37..533ae78 100644 --- a/shib/api.php +++ b/shib/api.php @@ -37,9 +37,9 @@ if (empty($_SERVER['persistent-id'])) { // Figure out role if (strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false) { $role = 'TUTOR'; - } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false - || strpos(";{$_SERVER['affiliation']};", ';staff@') !== false - || strpos(";{$_SERVER['affiliation']};", ';faculty@') !== false) { + } else if (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';employee@') !== false + || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';staff@') !== false + || strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';faculty@') !== false) { $role = 'TUTOR'; } else { file_put_contents('/tmp/shib-student-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true)); @@ -49,7 +49,7 @@ if (empty($_SERVER['persistent-id'])) { 'status' => 'error', 'error' => "Sie wurden als Student eingestuft und können sich daher nicht an der " . CONFIG_SUITE . "-Suite anmelden." . "\nFalls Ihr Nutzerkonto kein Studentenkonto ist stellen Sie sicher, dass Ihr IdP für berechtigte" - . "\nAccounts entweder das " . CONFIG_SUITE . "-Entitlement ausliefert, oder das Attribut 'affiliation'" + . "\nAccounts entweder das " . CONFIG_SUITE . "-Entitlement ausliefert, oder das Attribut CONFIG_SCOPED_AFFILIATION" . "\nausgeliefert wird, und es entweder 'employee@..', 'staff@..' oder 'faculty@..' enthält." . "\n\nMehr Informationen finden Sie unter " . CONFIG_HELPURL ); @@ -82,8 +82,8 @@ if (empty($_SERVER['persistent-id'])) { } } } - if (!isset($response['organizationId']) && isset($_SERVER['affiliation'])) { - if (preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER['affiliation'], $out)) { + if (!isset($response['organizationId']) && isset($_SERVER[CONFIG_SCOPED_AFFILIATION])) { + if (preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER[CONFIG_SCOPED_AFFILIATION], $out)) { $out = Database::queryFirst("SELECT organizationid FROM organization_suffix WHERE suffix = :suffix", array( 'suffix' => $out[2] )); |