summaryrefslogtreecommitdiffstats
path: root/shib/api.php
diff options
context:
space:
mode:
Diffstat (limited to 'shib/api.php')
-rw-r--r--shib/api.php96
1 files changed, 96 insertions, 0 deletions
diff --git a/shib/api.php b/shib/api.php
new file mode 100644
index 0000000..0c2a297
--- /dev/null
+++ b/shib/api.php
@@ -0,0 +1,96 @@
+<?php
+
+chdir('..');
+
+require_once 'config.php';
+
+/*
+Header('Content-Type: text/plain; charset=utf-8');
+die( json_encode($_SERVER, JSON_PRETTY_PRINT) );
+
+// */
+
+// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
+function slxAutoloader($class)
+{
+ $file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php';
+ if (!file_exists($file))
+ return;
+ require_once $file;
+}
+spl_autoload_register('slxAutoloader');
+
+
+$response = array();
+
+if (empty($_SERVER['persistent-id'])) {
+ // No persistent id given, should not happen!
+ $response['status'] = 'error';
+ $response['error'] = 'Shibboleth meta data missing!';
+} else {
+ // Query database for user
+ $shibId = md5($_SERVER['persistent-id']);
+ $user = Database::queryFirst("SELECT user.userid, user.login, user.organizationid, user.firstname, user.lastname, user.email, satellite.address "
+ . " FROM user "
+ . " INNER JOIN satellite USING (organizationid) "
+ . " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId));
+ if ($user === false) {
+ // Not found, so we don't know which satellite to use
+ $response['status'] = 'unregistered';
+ $response['id'] = $shibId;
+ $response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/';
+ } else {
+ // Found, see if we got personal information, either temporarily through metadata, or from database
+ $firstName = $user['firstname'];
+ $lastName = $user['lastname'];
+ $mail = $user['email'];
+ if (empty($firstName) && isset($_SERVER['givenName']))
+ $firstName = trim($_SERVER['givenName']);
+ if (empty($lastName) && isset($_SERVER['sn']))
+ $lastName = trim($_SERVER['sn']);
+ if (empty($mail) && isset($_SERVER['mail']))
+ $mail = trim($_SERVER['mail']);
+ //
+ $login = ( empty($user['login']) ? $shibId : $user['login'] );
+ if (empty($firstName) || empty($lastName) || empty($login)) {
+ // This means the user did not provide personal information on signup, nor does the IdP send them
+ $response['status'] = 'anonymous';
+ } else {
+ // Seems ok!
+ // Figure out role
+ if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) {
+ $role = 'tutor';
+ } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false) {
+ $role = 'tutor';
+ } else {
+ $role = 'student';
+ }
+ //
+ $response['status'] = 'ok';
+ $response['firstName'] = $firstName;
+ $response['lastName'] = $lastName;
+ $response['mail'] = $mail;
+ // This one we send to the running master server handler
+ $rpc = $response;
+ $rpc['userId'] = $user['userid'];
+ $rpc['role'] = $role;
+ $rpc['organizationid'] = $user['organizationid'];
+ $rpc['login'] = $login;
+ // This one we only send to the user
+ $response['satellites'] = array(
+ 'default' => $user['address']
+ );
+ $reply = RPC::submit($rpc);
+ if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) {
+ $response['token'] = $out[1];
+ $response['sessionId'] = $out[2];
+ } else {
+ $response['error'] = $reply;
+ $response['status'] = 'error';
+ }
+ }
+ }
+}
+
+Header('Content-Type: text/plain; charset=utf-8');
+echo json_encode($response, JSON_PRETTY_PRINT);