1 files changed, 14 insertions, 18 deletions

diff --git a/inc/shibauth.inc.php b/inc/shibauth.inc.php
index 6ae3a89..d0e7800 100644
--- a/inc/shibauth.inc.php
+++ b/inc/shibauth.inc.php
@@ -3,12 +3,8 @@
 class ShibAuth
 {
 
-	/**
-	 * Log user into master-server using the data provided by the current shibboleth session
-	 * @param ?string $accessCode optional one-time access code to retreive session data via thrift
-	 * @return array{status: string, firstName: string, lastName: string, mail: string, token: string, sessionId: string, userId: string, organizationId: string, url: string, error: string}
-	 */
-	private static function loginInternal(?string $accessCode = null): array
+
+	private static function loginInternal(?string $accessCode, int $sessionTimeout): array
 	{
 		if ($accessCode !== null) {
 			$entrop = strlen(count_chars($accessCode, 3));
@@ -34,15 +30,8 @@ class ShibAuth
 			}
 		}
 		// Figure out role
-		if (strpos(";{$_SERVER['entitlement']};", CONFIG_ENTITLEMENT) !== false) {
-			$role = 'TUTOR';
-		} else if (strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';employee@') !== false
-			|| strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';staff@') !== false
-			|| strpos(";{$_SERVER[CONFIG_SCOPED_AFFILIATION]};", ';faculty@') !== false) {
-			$role = 'TUTOR';
-		} else {
-			file_put_contents('/tmp/shib-student-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
-			$role = 'STUDENT';
+		$role = Util::getRole('shibauth-login');
+		if ($role === 'STUDENT') {
 			// NEW: Ignore students for now
 			return [
 				'status' => 'error',
@@ -146,6 +135,7 @@ class ShibAuth
 			if ($accessCode !== null) {
 				$rpc['accessCode'] = $accessCode;
 			}
+			$rpc['timeoutSeconds'] = $sessionTimeout;
 			$reply = RPC::submit($rpc);
 			if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) {
 				// For talking to the sat server, also referred to as userToken in Java
@@ -172,9 +162,15 @@ class ShibAuth
 		return $response;
 	}
 
-	public static function login(?string $accessCode = null): array
+	/**
+	 * Log user into master-server using the data provided by the current shibboleth session
+	 * @param string $accessCode one-time access code to retreive session data via thrift
+	 * @param int $sessionTimeout how long the created session stays valid on master server
+	 * @return array{status: string, firstName: string, lastName: string, mail: string, token: string, sessionId: string, userId: string, organizationId: string, url: string, error: string}
+	 */
+	public static function login(?string $accessCode = null, int $sessionTimeout = 0): array
 	{
-		$res = self::loginInternal($accessCode);
+		$res = self::loginInternal($accessCode, $sessionTimeout);
 		if ($res['status'] !== 'ok' && isset($res['error']) && $accessCode !== null) {
 			RPC::submit(['status' => 'error', 'error' => $res['error'], 'accessCode' => $accessCode]);
 		}
@@ -199,4 +195,4 @@ class ShibAuth
 		return $sat2;
 	}
 
-}
\ No newline at end of file
+}