From 002dfe36af4b1b1bb626ea6a266fd229db6dae27 Mon Sep 17 00:00:00 2001
From: Joost van Dijk <argine@xs4all.nl>
Date: Wed, 27 May 2015 14:25:21 +0200
Subject: [PATCH] add renewurl option to display certificate renewal link
---
.../dictionaries/X509warning.definition.json | 24 +++++++----
.../dictionaries/X509warning.translation.json | 39 +++++++++++++----
modules/authX509/docs/authX509.txt | 6 ++-
.../lib/Auth/Process/ExpiryWarning.php | 43 +++++++++++--------
modules/authX509/templates/X509warning.php | 23 ++++++----
modules/authX509/www/expirywarning.php | 7 +--
6 files changed, 95 insertions(+), 47 deletions(-)
diff --git a/modules/authX509/dictionaries/X509warning.definition.json b/modules/authX509/dictionaries/X509warning.definition.json
index 4770dcf2c..e74d30775 100644
--- a/modules/authX509/dictionaries/X509warning.definition.json
+++ b/modules/authX509/dictionaries/X509warning.definition.json
@@ -1,11 +1,17 @@
{
- "warning": {
- "en": "Your certificate will expire in %days% days. Please renew your certificate in time."
- },
- "warning_header": {
- "en": "Your certificate is about to expire."
- },
- "proceed": {
- "en": "Proceed"
- }
+ "warning": {
+ "en": "Your certificate will expire in %days% days."
+ },
+ "warning_header": {
+ "en": "Your certificate is about to expire."
+ },
+ "renew": {
+ "en": "Please renew your certificate in time."
+ },
+ "renew_url": {
+ "en": "Please <a href='%renewurl%'>renew<\/a> your certificate in time."
+},
+ "proceed": {
+ "en": "Proceed"
+ }
}
diff --git a/modules/authX509/dictionaries/X509warning.translation.json b/modules/authX509/dictionaries/X509warning.translation.json
index 11ac94b55..3472585eb 100644
--- a/modules/authX509/dictionaries/X509warning.translation.json
+++ b/modules/authX509/dictionaries/X509warning.translation.json
@@ -1,11 +1,32 @@
{
- "warning": {
- "nl": "Je certificaat verloopt over %days% dagen. Vervang tijdig je certificaat."
- },
- "warning_header": {
- "nl": "Je certificaat verloopt binnenkort."
- },
- "proceed": {
- "nl": "Verder"
- }
+ "warning": {
+ "nl": "Je certificaat verloopt over %days% dagen.",
+ "no": "Sertifikatet ditt vil utløpe om %days% dager.",
+ "da": "Dit certifikat udløber om %days% dage.",
+ "es": "Su certificado caduca en %days% dĂas."
+ },
+ "warning_header": {
+ "nl": "Je certificaat verloopt binnenkort.",
+ "no": "Sertifikatet ditt vil snart utløpe.",
+ "da": "Dit certifikat udløber om kort tid",
+ "es": "Su certificado está a punto de caducar."
+ },
+ "renew": {
+ "nl": "Vervang tijdig je certificaat.",
+ "no": "Vennligst forny sertifikatet ditt før det utløper.",
+ "da": "Forny venligst dit certifikat i tide.",
+ "es": "Por favor, renueve su certificado a tiempo."
+ },
+ "renew_url": {
+ "nl": "<a href='%renewurl%'>Vernieuw<\/a> tijdig je certificate.",
+ "no": "Vennligst <a href=â€%renewurl%’>forny<\/a> sertifikatet ditt før det utløper.",
+ "da": "<a href='%renewurl%'>Forny<\/a>, venligst dit certifikat før det udløber.",
+ "es": "Por favor, <a href=â€%renewurl%’>renueve<\/a> su certificado a tiempo."
+ },
+ "proceed": {
+ "nl": "Verder",
+ "no": "Fortsett",
+ "da": "Fortsæt",
+ "es": "Continuar"
+ }
}
diff --git a/modules/authX509/docs/authX509.txt b/modules/authX509/docs/authX509.txt
index f37c8ee25..0f3d12621 100644
--- a/modules/authX509/docs/authX509.txt
+++ b/modules/authX509/docs/authX509.txt
@@ -116,7 +116,11 @@ Example:
10 => array(
'class' => 'authX509:ExpiryWarning',
'warndaysbefore' => '30',
+ 'renewurl' => 'https://myca.com/renew',
),
Parameter `warndaysbefore` specifies the number of days the user's certificate needs to be valid before a warning is
-issued. The default is 30.
\ No newline at end of file
+issued. The default is 30.
+
+Parameter `renewurl` specifies the URL of your Certification Authority. If specified, the user is suggested to renew the
+certificate immediately.
diff --git a/modules/authX509/lib/Auth/Process/ExpiryWarning.php b/modules/authX509/lib/Auth/Process/ExpiryWarning.php
index f9dedf573..259228e77 100644
--- a/modules/authX509/lib/Auth/Process/ExpiryWarning.php
+++ b/modules/authX509/lib/Auth/Process/ExpiryWarning.php
@@ -17,6 +17,7 @@
class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_ProcessingFilter {
private $warndaysbefore = 30;
+ private $renewurl = null;
/**
* Initialize this filter.
@@ -35,23 +36,30 @@ class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_Process
throw new Exception('Invalid value for \'warndaysbefore\'-option to authX509::ExpiryWarning filter.');
}
}
+
+ if (array_key_exists('renewurl', $config)) {
+ $this->renewurl = $config['renewurl'];
+ if (!is_string($this->renewurl)) {
+ throw new Exception('Invalid value for \'renewurl\'-option to authX509::ExpiryWarning filter.');
+ }
+ }
}
/**
- * Process an authentication response.
- *
- * This function saves the state, and if necessary redirects the user to the page where the user
- * is informed about the expiry date of his/her certificate.
- *
- * @param array $state The state of the response.
- */
- public function process(&$state) {
- assert('is_array($state)');
+ * Process an authentication response.
+ *
+ * This function saves the state, and if necessary redirects the user to the page where the user
+ * is informed about the expiry date of his/her certificate.
+ *
+ * @param array $state The state of the response.
+ */
+ public function process(&$state) {
+ assert('is_array($state)');
- if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
- /* We have a passive request. Skip the warning. */
- return;
- }
+ if (isset($state['isPassive']) && $state['isPassive'] === TRUE) {
+ /* We have a passive request. Skip the warning. */
+ return;
+ }
if (!isset($_SERVER['SSL_CLIENT_CERT']) ||
($_SERVER['SSL_CLIENT_CERT'] == '')) {
@@ -74,11 +82,12 @@ class sspmod_authX509_Auth_Process_ExpiryWarning extends SimpleSAML_Auth_Process
SimpleSAML_Logger::warning('authX509: user certificate expires in ' . $daysleft . ' days');
$state['daysleft'] = $daysleft;
+ $state['renewurl'] = $this->renewurl;
/* Save state and redirect. */
- $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
- $url = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php');
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
- }
+ $id = SimpleSAML_Auth_State::saveState($state, 'warning:expire');
+ $url = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php');
+ \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
+ }
}
diff --git a/modules/authX509/templates/X509warning.php b/modules/authX509/templates/X509warning.php
index b391ddda2..496775065 100644
--- a/modules/authX509/templates/X509warning.php
+++ b/modules/authX509/templates/X509warning.php
@@ -14,6 +14,14 @@ $warning = $this->t('{authX509:X509warning:warning}', array(
'%days%' => htmlspecialchars($this->data['daysleft']),
));
+if( $this->data['renewurl']) {
+ $warning .= " " . $this->t('{authX509:X509warning:renew_url}', array(
+ '%renewurl%' => $this->data['renewurl'],
+ ));
+} else {
+ $warning .= " " . $this->t('{authX509:X509warning:renew}');
+}
+
$this->data['header'] = $this->t('{authX509:X509warning:warning_header}');
$this->data['autofocus'] = 'proceedbutton';
@@ -23,19 +31,18 @@ $this->includeAtTemplateBase('includes/header.php');
<form style="display: inline; margin: 0px; padding: 0px" action="<?php echo htmlspecialchars($this->data['target']); ?>">
- <?php
- // Embed hidden fields...
- foreach ($this->data['data'] as $name => $value) {
- echo('<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($value) . '" />');
- }
- ?>
+ <?php
+ // Embed hidden fields...
+ foreach ($this->data['data'] as $name => $value) {
+ echo('<input type="hidden" name="' . htmlspecialchars($name) . '" value="' . htmlspecialchars($value) . '" />');
+ }
+ ?>
<p><?php echo $warning; ?></p>
- <input type="submit" name="proceed" id="proceedbutton" value="<?php echo htmlspecialchars($this->t('{authX509:X509warning:proceed}')) ?>" />
+ <input type="submit" name="proceed" id="proceedbutton" value="<?php echo htmlspecialchars($this->t('{authX509:X509warning:proceed}')) ?>" />
</form>
<?php
-
$this->includeAtTemplateBase('includes/footer.php');
diff --git a/modules/authX509/www/expirywarning.php b/modules/authX509/www/expirywarning.php
index f09a425cc..200b76c9f 100644
--- a/modules/authX509/www/expirywarning.php
+++ b/modules/authX509/www/expirywarning.php
@@ -9,15 +9,15 @@
SimpleSAML_Logger::info('AuthX509 - Showing expiry warning to user');
if (!array_key_exists('StateId', $_REQUEST)) {
- throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
+ throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.');
}
$id = $_REQUEST['StateId'];
$state = SimpleSAML_Auth_State::loadState($id, 'warning:expire');
if (array_key_exists('proceed', $_REQUEST)) {
- /* The user has pressed the proceed-button. */
- SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
+ /* The user has pressed the proceed-button. */
+ SimpleSAML_Auth_ProcessingChain::resumeProcessing($state);
}
$globalConfig = SimpleSAML_Configuration::getInstance();
@@ -26,4 +26,5 @@ $t = new SimpleSAML_XHTML_Template($globalConfig, 'authX509:X509warning.php');
$t->data['target'] = SimpleSAML_Module::getModuleURL('authX509/expirywarning.php');
$t->data['data'] = array('StateId' => $id);
$t->data['daysleft'] = $state['daysleft'];
+$t->data['renewurl'] = $state['renewurl'];
$t->show();
--
GitLab