summaryrefslogtreecommitdiffstats
path: root/shib
diff options
context:
space:
mode:
Diffstat (limited to 'shib')
-rw-r--r--shib/api.php67
1 files changed, 53 insertions, 14 deletions
diff --git a/shib/api.php b/shib/api.php
index 0910c3d..54ebd55 100644
--- a/shib/api.php
+++ b/shib/api.php
@@ -35,10 +35,47 @@ if (empty($_SERVER['persistent-id'])) {
. " FROM user "
. " INNER JOIN organization USING (organizationid) "
. " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId));
+ // Figure out role
+ if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) {
+ $role = 'TUTOR';
+ } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false
+ || strpos(";{$_SERVER['affiliation']};", ';staff@') !== false
+ || strpos(";{$_SERVER['affiliation']};", ';faculty@') !== false) {
+ $role = 'TUTOR';
+ } else {
+ @file_put_contents('/tmp/shib-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
+ $role = 'STUDENT';
+ }
if ($user === false) {
// Not found, so we don't know which satellite to use
- // TODO: Support STUDENT mode
- $response['status'] = 'unregistered';
+ if ($role === 'STUDENT') {
+ $response['status'] = 'ok';
+ if (isset($_SERVER['givenName'])) {
+ $response['firstName'] = $_SERVER['givenName'];
+ }
+ if (isset($_SERVER['sn'])) {
+ $response['lastName'] = $_SERVER['sn'];
+ }
+ if (isset($_SERVER['mail'])) {
+ $response['mail'] = $_SERVER['mail'];
+ }
+ $response['userId'] = $shibId;
+ preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER['affiliation'], $out);
+ $out = Database::queryFirst("SELECT organizationid FROM organization_suffix WHERE suffix = :suffix", array(
+ 'suffix' => $out[2]
+ ));
+ if ($out !== false) {
+ $response['organizationId'] = $out['organizationid'];
+ }
+ // This one we send to the running master server handler
+ $rpc = $response;
+ $rpc['role'] = $role;
+ // This one we only send to the user
+ $response['satellites'] = $sat1;
+ $response['satellites2'] = $sat2;
+ } else {
+ $response['status'] = 'unregistered';
+ }
$response['id'] = $shibId;
$response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/webif/';
} else {
@@ -59,16 +96,6 @@ if (empty($_SERVER['persistent-id'])) {
$response['status'] = 'anonymous';
} else {
// Seems ok!
- // Figure out role
- if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) {
- $role = 'TUTOR';
- } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false
- || strpos(";{$_SERVER['affiliation']};", ';staff@') !== false) {
- $role = 'TUTOR';
- } else {
- @file_put_contents('/tmp/shib-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true));
- $role = 'STUDENT';
- }
// Determine satellite(s)
$res = Database::simpleQuery("SELECT satellitename, addresses, certsha256 FROM satellite"
. " WHERE organizationid = :organizationid AND userid IS NULL", array('organizationid' => $user['organizationid']));
@@ -98,16 +125,28 @@ if (empty($_SERVER['persistent-id'])) {
// This one we only send to the user
$response['satellites'] = $sat1;
$response['satellites2'] = $sat2;
+ }
+ }
+}
+
+if (isset($rpc)) {
$reply = RPC::submit($rpc);
if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) {
$response['token'] = $out[1];
$response['sessionId'] = $out[2];
} else {
+ if (empty($rpc['mail'])) {
+ $reply .= ' (No email given)';
+ }
+ if (empty($rpc['firstName'])) {
+ $reply .= ' (No first name given)';
+ }
+ if (empty($rpc['lastName'])) {
+ $reply .= ' (No last name given)';
+ }
$response['error'] = $reply;
$response['status'] = 'error';
}
- }
- }
}
Header('Content-Type: text/plain; charset=utf-8');