1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
<?php
chdir('..');
require_once 'config.php';
/*
Header('Content-Type: text/plain; charset=utf-8');
die( json_encode($_SERVER, JSON_PRETTY_PRINT) );
// */
// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
function slxAutoloader($class)
{
$file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php';
if (!file_exists($file))
return;
require_once $file;
}
spl_autoload_register('slxAutoloader');
$response = array();
if (empty($_SERVER['persistent-id'])) {
// No persistent id given, should not happen!
$response['status'] = 'error';
$response['error'] = 'Shibboleth meta data missing!';
} else {
// Query database for user
$shibId = md5($_SERVER['persistent-id']);
$user = Database::queryFirst("SELECT user.userid, user.login, user.organizationid, user.firstname, user.lastname, user.email, satellite.address "
. " FROM user "
. " INNER JOIN satellite USING (organizationid) "
. " WHERE user.shibid = :shibid LIMIT 1", array('shibid' => $shibId));
if ($user === false) {
// Not found, so we don't know which satellite to use
$response['status'] = 'unregistered';
$response['id'] = $shibId;
$response['url'] = 'https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/';
} else {
// Found, see if we got personal information, either temporarily through metadata, or from database
$firstName = $user['firstname'];
$lastName = $user['lastname'];
$mail = $user['email'];
if (empty($firstName) && isset($_SERVER['givenName']))
$firstName = trim($_SERVER['givenName']);
if (empty($lastName) && isset($_SERVER['sn']))
$lastName = trim($_SERVER['sn']);
if (empty($mail) && isset($_SERVER['mail']))
$mail = trim($_SERVER['mail']);
//
$login = ( empty($user['login']) ? $shibId : $user['login'] );
if (empty($firstName) || empty($lastName) || empty($login)) {
// This means the user did not provide personal information on signup, nor does the IdP send them
$response['status'] = 'anonymous';
} else {
// Seems ok!
// Figure out role
if (strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) {
$role = 'tutor';
} else if (strpos(";{$_SERVER['affiliation']};", ';employee@') !== false) {
$role = 'tutor';
} else {
$role = 'student';
}
//
$response['status'] = 'ok';
$response['firstName'] = $firstName;
$response['lastName'] = $lastName;
$response['mail'] = $mail;
// This one we send to the running master server handler
$rpc = $response;
$rpc['userId'] = $user['userid'];
$rpc['role'] = $role;
$rpc['organizationid'] = $user['organizationid'];
$rpc['login'] = $login;
// This one we only send to the user
$response['satellites'] = array(
'default' => $user['address']
);
$reply = RPC::submit($rpc);
if (preg_match('/^TOKEN:(\w+) SESSIONID:(\w+)$/', $reply, $out)) {
$response['token'] = $out[1];
$response['sessionId'] = $out[2];
} else {
$response['error'] = $reply;
$response['status'] = 'error';
}
}
}
}
Header('Content-Type: text/plain; charset=utf-8');
echo json_encode($response, JSON_PRETTY_PRINT);
|