From 7b17223904214024018f626715926fa729941d3c Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 4 Mar 2015 18:43:06 +0100 Subject: Fourth Commit --- inc/crypto.inc.php | 29 ++++++++++++++ inc/user.inc.php | 43 ++++++++++++++++++-- modules/edit.inc.php | 41 +++++++++++++++++++ modules/login.inc.php | 7 ++++ modules/main.inc.php | 74 +++++++++++++++++++++++++---------- modules/register.inc.php | 2 +- shib/api.php | 2 +- style/default.css | 4 ++ templates/main/guest.html | 2 +- templates/main/logged-in-testacc.html | 53 +++++++++++++++++++++++++ 10 files changed, 229 insertions(+), 28 deletions(-) create mode 100644 inc/crypto.inc.php create mode 100644 modules/edit.inc.php create mode 100644 templates/main/logged-in-testacc.html diff --git a/inc/crypto.inc.php b/inc/crypto.inc.php new file mode 100644 index 0000000..56f5073 --- /dev/null +++ b/inc/crypto.inc.php @@ -0,0 +1,29 @@ + Session::getUid())); - return self::$user !== false; + self::$user = Database::queryFirst('SELECT userid, shibid, login, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid())); + self::$isInDb = self::$user !== false; + return self::$isInDb; } // Try bwIDM etc. if (!$hasSession) { @@ -190,12 +198,35 @@ class User } } + public static function updatePassword($pass) + { + if (!self::isLoggedIn() || self::$isShib || !self::$isInDb) + return false; + $pw = Crypto::hash6($pass); + $ret = Database::exec('UPDATE user SET password = :pass WHERE userid = :user LIMIT 1', array( + 'pass' => $pw, + 'user' => self::getId() + )); + return $ret == 1; + } + + + public static function updateMail($mail) + { + if (!self::isLoggedIn() || self::$isShib || !self::$isInDb) + return false; + $ret = Database::exec('UPDATE user SET email = :mail WHERE userid = :user LIMIT 1', array( + 'mail' => $mail, + 'user' => self::getId() + )); + return $ret == 1 || $mail === self::get('email'); + } public static function login($user, $pass) { $ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); if ($ret === false) return false; - if (!Crypto::verify($pass, $ret['passwd'])) + if (!Crypto::verify($pass, $ret['password'])) return false; Session::create(); Session::setUid($ret['userid']); @@ -212,7 +243,11 @@ class User @setcookie($name, '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); } Session::delete(); - Header('Location: ?do=Logout&noredirect=yes'); + if (self::$isShib) { + Header('Location: ?do=Logout&noredirect=yes'); + } else { + Header('Location: ?do=Main'); + } exit(0); } diff --git a/modules/edit.inc.php b/modules/edit.inc.php new file mode 100644 index 0000000..e3770ce --- /dev/null +++ b/modules/edit.inc.php @@ -0,0 +1,41 @@ +renderLocalAccount(); + return; + } + if (!User::isShibbolethAuth()) { + // Should not be possible + Message::addError('Sie sind nicht korrekt authentifiziert. Bitte melden Sie sich erneut an.'); + Session::delete(); + return; + } + // --- Below here we know the user via shibboleth + if (User::isInDatabase()) { + // User is also in DB, so he signed up for the service + $this->renderShibbolethRegistered(); + return; } + // User is not in DB, so he might want so sign up for the service - see if conditions are met + if (User::getOrganization() !== false) { + // Organization is known, show signup form + $this->renderShibbolethUnregistered(); + return; + } + // Nothing we can do here, show error message :-( + if (User::getRemoteOrganizationId() !== false) { + // Organization is not known, see if we at least have an idea + Message::addWarning('Ihre Hochschule/Einrichtung {{0}} ist leider nicht bekannt. Bitte kontaktieren Sie den Support.', User::getRemoteOrganizationId()); + } else { + // No idea where the user is coming from + Message::addError('Ihr IdP sendet leider keine Informationen über Ihre Hochschul-/Einrichtungszugehörigkeit'); + } + } + + private function renderShibbolethRegistered() + { + Render::addTemplate('main/logged-in'); + } + + private function renderShibbolethUnregistered() + { + $data = User::getData(); + $data['organization'] = User::getOrganizationName(); + Render::addTemplate('main/deploy', $data); + } + + private function renderLocalAccount() + { + $data = User::getData(); + $data['organization'] = User::getOrganizationName(); + Render::addTemplate('main/logged-in-testacc', $data); } } diff --git a/modules/register.inc.php b/modules/register.inc.php index ca5f4bf..3dd3b89 100644 --- a/modules/register.inc.php +++ b/modules/register.inc.php @@ -11,7 +11,7 @@ class Page_Register extends Page Util::redirect('?do=Main'); } if (!User::isShibbolethAuth()) - Util::redirect('/secure-all/?do=Main'); + Util::redirect(CONFIG_PREFIX . 'shib/?do=Main'); if (Request::post('agb') === 'on') { // Put stuff in DB User::deploy(Request::post('share') !== 'on'); diff --git a/shib/api.php b/shib/api.php index 0c2a297..58b9c80 100644 --- a/shib/api.php +++ b/shib/api.php @@ -38,7 +38,7 @@ if (empty($_SERVER['persistent-id'])) { // Not found, so we don't know which satellite to use $response['status'] = 'unregistered'; $response['id'] = $shibId; - $response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/'; + $response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/webif/'; } else { // Found, see if we got personal information, either temporarily through metadata, or from database $firstName = $user['firstname']; diff --git a/style/default.css b/style/default.css index 07e8a44..1a68547 100644 --- a/style/default.css +++ b/style/default.css @@ -43,6 +43,10 @@ p { border-top-right-radius: 0; } +span.form-control { + color: #777; +} + .form-narrow { max-width: 600px; padding: 10px; diff --git a/templates/main/guest.html b/templates/main/guest.html index 76b77ab..14cc902 100644 --- a/templates/main/guest.html +++ b/templates/main/guest.html @@ -1,7 +1,7 @@
Sie sind nicht authentifiziert. Bitte wählen Sie:
diff --git a/templates/main/logged-in-testacc.html b/templates/main/logged-in-testacc.html new file mode 100644 index 0000000..a9e6f28 --- /dev/null +++ b/templates/main/logged-in-testacc.html @@ -0,0 +1,53 @@ +

+ Sie sind mit Ihrem Test-Account {{login}} angemeldet. Sie können Ihr Passwort oder Ihre e-Mail-Adresse ändern. +

+ +
+ +
+ +
+
+ + Einrichtung + + {{organization}} +
+
+ + Vorname + + {{firstname}} +
+
+ + Nachname + + {{lastname}} +
+
+ + Mail + + +
+
+ + Passwort + + +
+
+ + Wiederholen + + +
+
+ +
+ +
+ +
+
-- cgit v1.2.3-55-g7522