Skip to content
Snippets Groups Projects
Commit 002dfe36 authored by Joost van Dijk's avatar Joost van Dijk
Browse files

add renewurl option to display certificate renewal link

parent 6647e4cc
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 95 additions and 47 deletions
modules/authX509/dictionaries/X509warning.definition.json
+ 15
9
View file @ 002dfe36
{ {
"warning": { "warning": {
"en": "Your certificate will expire in %days% days. Please renew your certificate in time." "en": "Your certificate will expire in %days% days."
}, },
"warning_header": { "warning_header": {
"en": "Your certificate is about to expire." "en": "Your certificate is about to expire."
}, },
"proceed": { "renew": {
"en": "Proceed" "en": "Please renew your certificate in time."
} },
"renew_url": {
"en": "Please <a href='%renewurl%'>renew<\/a> your certificate in time."
},
"proceed": {
"en": "Proceed"
}
} }
modules/authX509/dictionaries/X509warning.translation.json
+ 30
9
View file @ 002dfe36
{ {
"warning": { "warning": {
"nl": "Je certificaat verloopt over %days% dagen. Vervang tijdig je certificaat." "nl": "Je certificaat verloopt over %days% dagen.",
}, "no": "Sertifikatet ditt vil utløpe om %days% dager.",
"warning_header": { "da": "Dit certifikat udløber om %days% dage.",
"nl": "Je certificaat verloopt binnenkort." "es": "Su certificado caduca en %days% días."
}, },
"proceed": { "warning_header": {
"nl": "Verder" "nl": "Je certificaat verloopt binnenkort.",
} "no": "Sertifikatet ditt vil snart utløpe.",
"da": "Dit certifikat udløber om kort tid",
"es": "Su certificado está a punto de caducar."
},
"renew": {
"nl": "Vervang tijdig je certificaat.",
"no": "Vennligst forny sertifikatet ditt før det utløper.",
"da": "Forny venligst dit certifikat i tide.",
"es": "Por favor, renueve su certificado a tiempo."
},
"renew_url": {
"nl": "<a href='%renewurl%'>Vernieuw<\/a> tijdig je certificate.",
"no": "Vennligst <a href=‘%renewurl%’>forny<\/a> sertifikatet ditt før det utløper.",
"da": "<a href='%renewurl%'>Forny<\/a>, venligst dit certifikat før det udløber.",
"es": "Por favor, <a href=‘%renewurl%’>renueve<\/a> su certificado a tiempo."
},
"proceed": {
"nl": "Verder",
"no": "Fortsett",
"da": "Fortsæt",
"es": "Continuar"
}
} }
modules/authX509/docs/authX509.txt
+ 5
1
View file @ 002dfe36
...@@ -116,7 +116,11 @@ Example: ...@@ -116,7 +116,11 @@ Example:
10 => array( 10 => array(
'class' => 'authX509:ExpiryWarning', 'class' => 'authX509:ExpiryWarning',
'warndaysbefore' => '30', 'warndaysbefore' => '30',
'renewurl' => 'https://myca.com/renew',
), ),
Parameter `warndaysbefore` specifies the number of days the user's certificate needs to be valid before a warning is Parameter `warndaysbefore` specifies the number of days the user's certificate needs to be valid before a warning is
issued. The default is 30. issued. The default is 30.
\ No newline at end of file
Parameter `renewurl` specifies the URL of your Certification Authority. If specified, the user is suggested to renew the
certificate immediately.
modules/authX509/lib/Auth/Process/ExpiryWarning.php
+ 26
17
View file @ 002dfe36
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_ProcessingFilter { class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_ProcessingFilter {
private $warndaysbefore = 30; private $warndaysbefore = 30;
private $renewurl = null;
/** /**
* Initialize this filter. * Initialize this filter.
...@@ -35,23 +36,30 @@ class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_Process ...@@ -35,23 +36,30 @@ class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_Process
throw new Exception('Invalid value for \'warndaysbefore\'-option to authX509::ExpiryWarning filter.'); throw new Exception('Invalid value for \'warndaysbefore\'-option to authX509::ExpiryWarning filter.');
} }
} }
if (array_key_exists('renewurl', $config)) {
$this->renewurl = $config['renewurl'];
if (!is_string($this->renewurl)) {
throw new Exception('Invalid value for \'renewurl\'-option to authX509::ExpiryWarning filter.');
}
}
} }
/** /**
* Process an authentication response. * Process an authentication response.
* *
* This function saves the state, and if necessary redirects the user to the page where the user * This function saves the state, and if necessary redirects the user to the page where the user
* is informed about the expiry date of his/her certificate. * is informed about the expiry date of his/her certificate.
* *
* @param array $state The state of the response. * @param array $state The state of the response.
*/ */
public function process(&$state) { public function process(&$state) {
assert('is_array($state)'); assert('is_array($state)');
if (isset($state['isPassive']) && $state['isPassive'] === TRUE) { if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
/* We have a passive request. Skip the warning. */ /* We have a passive request. Skip the warning. */
return; return;
} }
if (!isset($_SERVER['SSL_CLIENT_CERT']) || if (!isset($_SERVER['SSL_CLIENT_CERT']) ||
($_SERVER['SSL_CLIENT_CERT'] == '')) { ($_SERVER['SSL_CLIENT_CERT'] == '')) {
...@@ -74,11 +82,12 @@ class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_Process ...@@ -74,11 +82,12 @@ class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_Process
SimpleSAML_Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days'); SimpleSAML_Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
$state['daysleft'] = $daysleft; $state['daysleft'] = $daysleft;
$state['renewurl'] = $this->renewurl;
/* Save state and redirect. */ /* Save state and redirect. */
$id = SimpleSAML_Auth_State::saveState($state, 'warning:expire'); $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
$url = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php'); $url = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php');
\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id)); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
} }
} }
modules/authX509/templates/X509warning.php
+ 15
8
View file @ 002dfe36
...@@ -14,6 +14,14 @@ $warning = $this->t('{authX509:X509warning:warning}', array( ...@@ -14,6 +14,14 @@ $warning = $this->t('{authX509:X509warning:warning}', array(
'%days%' => htmlspecialchars($this->data['daysleft']), '%days%' => htmlspecialchars($this->data['daysleft']),
)); ));
if( $this->data['renewurl']) {
$warning .= " " . $this->t('{authX509:X509warning:renew_url}', array(
'%renewurl%' => $this->data['renewurl'],
));
} else {
$warning .= " " . $this->t('{authX509:X509warning:renew}');
}
$this->data['header'] = $this->t('{authX509:X509warning:warning_header}'); $this->data['header'] = $this->t('{authX509:X509warning:warning_header}');
$this->data['autofocus'] = 'proceedbutton'; $this->data['autofocus'] = 'proceedbutton';
...@@ -23,19 +31,18 @@ $this->includeAtTemplateBase('includes/header.php'); ...@@ -23,19 +31,18 @@ $this->includeAtTemplateBase('includes/header.php');
<form style="display: inline; margin: 0px; padding: 0px" action="<?php echo htmlspecialchars($this->data['target']); ?>"> <form style="display: inline; margin: 0px; padding: 0px" action="<?php echo htmlspecialchars($this->data['target']); ?>">
<?php <?php
// Embed hidden fields... // Embed hidden fields...
foreach ($this->data['data'] as $name => $value) { foreach ($this->data['data'] as $name => $value) {
echo('<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($value) . '" />'); echo('<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($value) . '" />');
} }
?> ?>
<p><?php echo $warning; ?></p> <p><?php echo $warning; ?></p>
<input type="submit" name="proceed" id="proceedbutton" value="<?php echo htmlspecialchars($this->t('{authX509:X509warning:proceed}')) ?>" /> <input type="submit" name="proceed" id="proceedbutton" value="<?php echo htmlspecialchars($this->t('{authX509:X509warning:proceed}')) ?>" />
</form> </form>
<?php <?php
$this->includeAtTemplateBase('includes/footer.php'); $this->includeAtTemplateBase('includes/footer.php');
modules/authX509/www/expirywarning.php
+ 4
3
View file @ 002dfe36
...@@ -9,15 +9,15 @@ ...@@ -9,15 +9,15 @@
SimpleSAML_Logger::info('AuthX509 - Showing expiry warning to user'); SimpleSAML_Logger::info('AuthX509 - Showing expiry warning to user');
if (!array_key_exists('StateId', $_REQUEST)) { if (!array_key_exists('StateId', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.'); throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
} }
$id = $_REQUEST['StateId']; $id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'warning:expire'); $state = SimpleSAML_Auth_State::loadState($id, 'warning:expire');
if (array_key_exists('proceed', $_REQUEST)) { if (array_key_exists('proceed', $_REQUEST)) {
/* The user has pressed the proceed-button. */ /* The user has pressed the proceed-button. */
SimpleSAML_Auth_ProcessingChain::resumeProcessing($state); SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
} }
$globalConfig = SimpleSAML_Configuration::getInstance(); $globalConfig = SimpleSAML_Configuration::getInstance();
...@@ -26,4 +26,5 @@ $t = new SimpleSAML_XHTML_Template($globalConfig, 'authX509:X509warning.php'); ...@@ -26,4 +26,5 @@ $t = new SimpleSAML_XHTML_Template($globalConfig, 'authX509:X509warning.php');
$t->data['target'] = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php'); $t->data['target'] = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php');
$t->data['data'] = array('StateId' => $id); $t->data['data'] = array('StateId' => $id);
$t->data['daysleft'] = $state['daysleft']; $t->data['daysleft'] = $state['daysleft'];
$t->data['renewurl'] = $state['renewurl'];
$t->show(); $t->show();
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment