From ab23338fe9f1b3ed21455867f1c032d7b146ceb8 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 2 Mar 2015 16:51:04 +0100 Subject: Initial Commit --- shib/api.php | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ shib/index.php | 1 + 2 files changed, 97 insertions(+) create mode 100644 shib/api.php create mode 120000 shib/index.php (limited to 'shib') diff --git a/shib/api.php b/shib/api.php new file mode 100644 index 0000000..0c2a297 --- /dev/null +++ b/shib/api.php @@ -0,0 +1,96 @@ +.inc.php +function slxAutoloader($class) +{ + $file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php'; + if (!file_exists($file)) + return; + require_once $file; +} +spl_autoload_register('slxAutoloader'); + + +$response = array(); + +if (empty($_SERVER['persistent-id'])) { + // No persistent id given, should not happen! + $response['status'] = 'error'; + $response['error'] = 'Shibboleth meta data missing!'; +} else { + // Query database for user + $shibId = md5($_SERVER['persistent-id']); + $user = Database::queryFirst("SELECT user.userid, user.login, user.organizationid, user.firstname, user.lastname, user.email, satellite.address " + . " FROM user " + . " INNER JOIN satellite USING (organizationid) " + . " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId)); + if ($user === false) { + // Not found, so we don't know which satellite to use + $response['status'] = 'unregistered'; + $response['id'] = $shibId; + $response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/'; + } else { + // Found, see if we got personal information, either temporarily through metadata, or from database + $firstName = $user['firstname']; + $lastName = $user['lastname']; + $mail = $user['email']; + if (empty($firstName) && isset($_SERVER['givenName'])) + $firstName = trim($_SERVER['givenName']); + if (empty($lastName) && isset($_SERVER['sn'])) + $lastName = trim($_SERVER['sn']); + if (empty($mail) && isset($_SERVER['mail'])) + $mail = trim($_SERVER['mail']); + // + $login = ( empty($user['login']) ? $shibId : $user['login'] ); + if (empty($firstName) || empty($lastName) || empty($login)) { + // This means the user did not provide personal information on signup, nor does the IdP send them + $response['status'] = 'anonymous'; + } else { + // Seems ok! + // Figure out role + if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) { + $role = 'tutor'; + } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false) { + $role = 'tutor'; + } else { + $role = 'student'; + } + // + $response['status'] = 'ok'; + $response['firstName'] = $firstName; + $response['lastName'] = $lastName; + $response['mail'] = $mail; + // This one we send to the running master server handler + $rpc = $response; + $rpc['userId'] = $user['userid']; + $rpc['role'] = $role; + $rpc['organizationid'] = $user['organizationid']; + $rpc['login'] = $login; + // This one we only send to the user + $response['satellites'] = array( + 'default' => $user['address'] + ); + $reply = RPC::submit($rpc); + if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) { + $response['token'] = $out[1]; + $response['sessionId'] = $out[2]; + } else { + $response['error'] = $reply; + $response['status'] = 'error'; + } + } + } +} + +Header('Content-Type: text/plain; charset=utf-8'); +echo json_encode($response, JSON_PRETTY_PRINT); diff --git a/shib/index.php b/shib/index.php new file mode 120000 index 0000000..9871e22 --- /dev/null +++ b/shib/index.php @@ -0,0 +1 @@ +../index.php \ No newline at end of file -- cgit v1.2.3-55-g7522