From db0225db8ff4993e4c91024a42b002ba3c813564 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 19 Oct 2016 10:46:20 +0200 Subject: Handle missing meta data from IdP when logging in via api --- shib/api.php | 67 +++++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 53 insertions(+), 14 deletions(-) (limited to 'shib') diff --git a/shib/api.php b/shib/api.php index 0910c3d..54ebd55 100644 --- a/shib/api.php +++ b/shib/api.php @@ -35,10 +35,47 @@ if (empty($_SERVER['persistent-id'])) { . " FROM user " . " INNER JOIN organization USING (organizationid) " . " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId)); + // Figure out role + if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) { + $role = 'TUTOR'; + } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false + || strpos(";{$_SERVER['affiliation']};", ';staff@') !== false + || strpos(";{$_SERVER['affiliation']};", ';faculty@') !== false) { + $role = 'TUTOR'; + } else { + @file_put_contents('/tmp/shib-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true)); + $role = 'STUDENT'; + } if ($user === false) { // Not found, so we don't know which satellite to use - // TODO: Support STUDENT mode - $response['status'] = 'unregistered'; + if ($role === 'STUDENT') { + $response['status'] = 'ok'; + if (isset($_SERVER['givenName'])) { + $response['firstName'] = $_SERVER['givenName']; + } + if (isset($_SERVER['sn'])) { + $response['lastName'] = $_SERVER['sn']; + } + if (isset($_SERVER['mail'])) { + $response['mail'] = $_SERVER['mail']; + } + $response['userId'] = $shibId; + preg_match('/(^|;)[^@]+@([^;]+)/', $_SERVER['affiliation'], $out); + $out = Database::queryFirst("SELECT organizationid FROM organization_suffix WHERE suffix = :suffix", array( + 'suffix' => $out[2] + )); + if ($out !== false) { + $response['organizationId'] = $out['organizationid']; + } + // This one we send to the running master server handler + $rpc = $response; + $rpc['role'] = $role; + // This one we only send to the user + $response['satellites'] = $sat1; + $response['satellites2'] = $sat2; + } else { + $response['status'] = 'unregistered'; + } $response['id'] = $shibId; $response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/webif/'; } else { @@ -59,16 +96,6 @@ if (empty($_SERVER['persistent-id'])) { $response['status'] = 'anonymous'; } else { // Seems ok! - // Figure out role - if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) { - $role = 'TUTOR'; - } else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false - || strpos(";{$_SERVER['affiliation']};", ';staff@') !== false) { - $role = 'TUTOR'; - } else { - @file_put_contents('/tmp/shib-' . time() . '-' . $_SERVER['REMOTE_ADDR'] . '.txt', print_r($_SERVER, true)); - $role = 'STUDENT'; - } // Determine satellite(s) $res = Database::simpleQuery("SELECT satellitename, addresses, certsha256 FROM satellite" . " WHERE organizationid = :organizationid AND userid IS NULL", array('organizationid' => $user['organizationid'])); @@ -98,16 +125,28 @@ if (empty($_SERVER['persistent-id'])) { // This one we only send to the user $response['satellites'] = $sat1; $response['satellites2'] = $sat2; + } + } +} + +if (isset($rpc)) { $reply = RPC::submit($rpc); if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) { $response['token'] = $out[1]; $response['sessionId'] = $out[2]; } else { + if (empty($rpc['mail'])) { + $reply .= ' (No email given)'; + } + if (empty($rpc['firstName'])) { + $reply .= ' (No first name given)'; + } + if (empty($rpc['lastName'])) { + $reply .= ' (No last name given)'; + } $response['error'] = $reply; $response['status'] = 'error'; } - } - } } Header('Content-Type: text/plain; charset=utf-8'); -- cgit v1.2.3-55-g7522