diff options
Diffstat (limited to 'shib')
-rw-r--r-- | shib/api.php | 96 | ||||
l--------- | shib/index.php | 1 |
2 files changed, 97 insertions, 0 deletions
diff --git a/shib/api.php b/shib/api.php new file mode 100644 index 0000000..0c2a297 --- /dev/null +++ b/shib/api.php @@ -0,0 +1,96 @@ +<?php + +chdir('..'); + +require_once 'config.php'; + +/* +Header('Content-Type: text/plain; charset=utf-8'); +die( json_encode($_SERVER, JSON_PRETTY_PRINT) ); + +// */ + +// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php +function slxAutoloader($class) +{ + $file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php'; + if (!file_exists($file)) + return; + require_once $file; +} +spl_autoload_register('slxAutoloader'); + + +$response = array(); + +if (empty($_SERVER['persistent-id'])) { + // No persistent id given, should not happen! + $response['status'] = 'error'; + $response['error'] = 'Shibboleth meta data missing!'; +} else { + // Query database for user + $shibId = md5($_SERVER['persistent-id']); + $user = Database::queryFirst("SELECT user.userid, user.login, user.organizationid, user.firstname, user.lastname, user.email, satellite.address " + . " FROM user " + . " INNER JOIN satellite USING (organizationid) " + . " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId)); + if ($user === false) { + // Not found, so we don't know which satellite to use + $response['status'] = 'unregistered'; + $response['id'] = $shibId; + $response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/'; + } else { + // Found, see if we got personal information, either temporarily through metadata, or from database + $firstName = $user['firstname']; + $lastName = $user['lastname']; + $mail = $user['email']; + if (empty($firstName) && isset($_SERVER['givenName'])) + $firstName = trim($_SERVER['givenName']); + if (empty($lastName) && isset($_SERVER['sn'])) + $lastName = trim($_SERVER['sn']); + if (empty($mail) && isset($_SERVER['mail'])) + $mail = trim($_SERVER['mail']); + // + $login = ( empty($user['login']) ? $shibId : $user['login'] ); + if (empty($firstName) || empty($lastName) || empty($login)) { + // This means the user did not provide personal information on signup, nor does the IdP send them + $response['status'] = 'anonymous'; + } else { + // Seems ok! + // Figure out role + if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) { + $role = 'tutor'; + } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false) { + $role = 'tutor'; + } else { + $role = 'student'; + } + // + $response['status'] = 'ok'; + $response['firstName'] = $firstName; + $response['lastName'] = $lastName; + $response['mail'] = $mail; + // This one we send to the running master server handler + $rpc = $response; + $rpc['userId'] = $user['userid']; + $rpc['role'] = $role; + $rpc['organizationid'] = $user['organizationid']; + $rpc['login'] = $login; + // This one we only send to the user + $response['satellites'] = array( + 'default' => $user['address'] + ); + $reply = RPC::submit($rpc); + if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) { + $response['token'] = $out[1]; + $response['sessionId'] = $out[2]; + } else { + $response['error'] = $reply; + $response['status'] = 'error'; + } + } + } +} + +Header('Content-Type: text/plain; charset=utf-8'); +echo json_encode($response, JSON_PRETTY_PRINT); diff --git a/shib/index.php b/shib/index.php new file mode 120000 index 0000000..9871e22 --- /dev/null +++ b/shib/index.php @@ -0,0 +1 @@ +../index.php
\ No newline at end of file |