From 07fed5a0f4b3a3581d6ff483cf3d7c850199dc30 Mon Sep 17 00:00:00 2001
From: Mads Freek Petersen <freek@wayf.dk>
Date: Tue, 28 Apr 2009 10:11:33 +0000
Subject: [PATCH] ConsentAdmin config in separate module config file. Added
 option to include attribute values in consent hash. Various fixex.

All from jach@wayf.dk



git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1477 44740490-163a-0410-bde0-09ae8108e29a
---
 .../config-templates/module_consentAdmin.php  |  25 +++
 .../dictionaries/consentadmin.php             | 177 ------------------
 modules/consentAdmin/www/consentAdmin.php     |  50 ++---
 3 files changed, 42 insertions(+), 210 deletions(-)
 create mode 100644 modules/consentAdmin/config-templates/module_consentAdmin.php

diff --git a/modules/consentAdmin/config-templates/module_consentAdmin.php b/modules/consentAdmin/config-templates/module_consentAdmin.php
new file mode 100644
index 000000000..dd338f702
--- /dev/null
+++ b/modules/consentAdmin/config-templates/module_consentAdmin.php
@@ -0,0 +1,25 @@
+<?php
+/**
+ * Config file for consentAdmin
+ *
+ * @author Jacob Christiansen, <jach@wayf.dk>
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+$config = array(
+	/*
+	 * Configuration for the database connection.
+	 */
+	'consentadmin'  => array(
+		'consent:Database',
+		'dsn'		=>	'mysql:host=DBHOST;dbname=DBNAME',
+		'username'	=>	'USERNAME', 
+		'password'	=>	'PASSWORD',
+	),
+	
+	// Hash attributes including values or not
+	'attributes.hash' => TRUE,
+
+	// Where to direct the user after logout
+	'relaystate' => 'www.wayf.dk',
+);
diff --git a/modules/consentAdmin/dictionaries/consentadmin.php b/modules/consentAdmin/dictionaries/consentadmin.php
index a11f8ff20..e69de29bb 100644
--- a/modules/consentAdmin/dictionaries/consentadmin.php
+++ b/modules/consentAdmin/dictionaries/consentadmin.php
@@ -1,177 +0,0 @@
-<?php
-
-// consentadmin dictionary
-
-/*
-	'' => array(
-		'en' => '',
-		'no' => '',
-		'nn' => '',
-        'da' => '',
-		'es' => '',
-		'fr' => '',
-		'de' => '',
-		'nl' => '',
-		'lu' => '',
-		'sl' => '',
-	),
-
-
-* 
-* */
-
-
-$lang = array(
-
-
-// WAYF: Additional attributes START
-
-	'attribute_org' => array(
-		'en' => 'Organisation',
-		'da' => 'Organisation',
-	),
-
-	'added' => array(
-		'en' => 'Consent Added',
-		'da' => 'Samtykke givet',
-	),
-
-	'removed' => array(
-		'en' => 'Consent Removed',
-		'da' => 'Samtykke slettet',
-	),
-
-	'updated' => array(
-		'en' => 'Consent Updated',
-		'da' => 'Samtykke Opdateret!!!',
-	),
-
-	'unknown' => array(
-		'en' => 'Unknown ...',
-		'da' => 'Ukendt ...',
-	),
-
-	'attribute_id' => array(
-		'en' => 'Identity',
-		'da' => 'Identitet',
-	),
-
-	'attribute_injected' => array(
-		'en' => 'Injected attribut',
-		'da' => 'Injiceret attribut',
-	),
-	
-// WAYF: Additional attributes END
-	
-
-// Text
-
-	'show' => array(
-		'en' => 'Show',
-        'da' => 'Vis',
-	),
-
-	'hide' => array(
-		'en' => 'Hide',
-        'da' => 'Skjul',
-	),
-	
-	'attributes_text' => array(
-		'en' => 'attributes',
-        'da' => 'attributter',
-	),
-	
-
-	'consentadmin_header' => array(
-		'en' => 'Consent Administration',
-        'da' => 'Administrer dine samtykker',
-	),
-
-	'consentadmin_description1' => array(
-		'en' => 'Here you can view and edit your consent for the Service Providers.',
-
-        'da' => '
- WAYF videregiver kun oplysninger til eksterne tjenester, hvis du giver dit samtykke til det. Hvilke oplysninger det drejer sig om, varierer alt efter hvad tjenesteudbyderen har behov for. Det kan for eksempel være:
-<ul>
-<li>	Dit navn
-<li>	Din e-mail-adresse
-<li>	Din institution
-<li>	Etc.
-</ul>
-
-Hvis du sætter et flueben ud for <b>Husk dette samtykke</b>, vil du ikke blive spurgt, næste gang du besøger tjenesteudbyderen. 
-SĂĄ husker WAYF, at du allerede har givet samtykke til at videregive oplysninger til tjenesteudbyderen. 
-<p>Nedenfor er opført de tjenester, som du for øjeblikket har givet løbende samtykke til:</a>
-', //da
-		),
-
-		'consentadmin_description2' => array(
-		'en' => '
-<h3>How to delete your consent</h3>
-Uncheck the box corresponding to the service provider
-
-<h3>Links</h3>
-<ul>
-<li><a href="https://www.wayf.dk">Start</a> </li>
-
-<li><a href="https://www.wayf.dk/FAQ">FAQ</a> </li>
-</ul>
-', // en
-		        'da' => '
-<h3>SĂĄdan sletter du et samtykke</h3>
-Fjern fluebenet ud for tjenesten, samtykket tilhører.
-<h3>Hvilke data gemmer WAYF om dig?</h3>
-<ul>
-<li>	NĂĄr du giver dit samtykke, henter WAYF dine oplysninger fra din institution og sender de relevante videre til tjenesteudbyderen
-<li>	Ingen af oplysningerne gemmes af WAYF
-<li>	Hvis du har bedt WAYF huske dit samtykke, gemmes personhenførbare data heller ikke hos WAYF. Oplysningen om, at du har givet dit samtykke, gemmes på en ikke-personhenførbar måde
-</ul>
-
-<h3>Hvilke rettigheder har du?</h3>
-Du har ret til at trække et samtykke tilbage.
-<h3>Hvor længe gemmes dine samtykker?</h3>
-Et samtykke slettes tre ĂĄr efter, at du sidst har benyttet det.
-<h3>Hvordan beskyttes mine oplysninger?</h3>
-WAYF foretager behandlinger af personoplysninger i henhold til persondataloven (lov nr. 429 af 31. maj 2000 med senere ændringer). Du kan læse nærmere om registreredes rettigheder i persondatalovens afsnit III.
-<a href="http://www.datatilsynet.dk/lovgivning/persondataloven/">Persondataloven</a>
-
-<h3>Links</h3>
-<ul>
-<li><a href="https://www.wayf.dk">Start</a> </li>
-
-<li><a href="https://www.wayf.dk/FAQ">FAQ</a> </li>
-</ul>
-', // da
-	),	
-		
-		
-	'login' => array(
-		'en' => 'login',
-        'da' => 'login',
-	),
-		   		
-	'service_providers_for' => array(
-		'en' => 'Service Providers for',
-        'da' => 'Service Providers for',
-		),
-		
-  
-  
-  'service_provider_header' => array(
-		'en' => 'Service Provider',
-        'da' => 'Service Provider',
-		),
-		
-	'status_header' => array(
-		'en' => 'Consent status',
-        'da' => 'Samtykke status',		
-		),
-		
-	'show_hide_attributes' => array(
-		'en' => 'show/hide attributes',
-        'da' => 'vis/skjul attributter',		
-		),
-		
-);
-
-
diff --git a/modules/consentAdmin/www/consentAdmin.php b/modules/consentAdmin/www/consentAdmin.php
index 73f3d0a0f..9204d15fb 100644
--- a/modules/consentAdmin/www/consentAdmin.php
+++ b/modules/consentAdmin/www/consentAdmin.php
@@ -8,14 +8,14 @@
  * The module relies on methods and functions from the Consent module and can
  * not be user without it.
  *
- * Author: Mads Freen - WAYF, Jacob Christiansen - WAYF
+ * Author: Mads Freen <freek@ruc.dk>, Jacob Christiansen <jach@wayf.dk>
  */
 
 /*
  * Runs the processingchain and ignores all filter which have user 
  * interaction.
  */
-function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid) {
+function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes = FALSE) {
 
 	/* 
 	 * Create a new processing chain 
@@ -47,7 +47,7 @@ function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid
 	$destination = $sp_metadata['metadata-set'] . '|' . $sp_entityid;
 
 	$targeted_id    = sspmod_consent_Auth_Process_Consent::getTargetedID($userid, $source, $destination);
-	$attribute_hash = sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes, false);
+	$attribute_hash = sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes, $hashAttributes);
 
 	SimpleSAML_Logger::info('consentAdmin: user: ' . $hashed_user_id);
 	SimpleSAML_Logger::info('consentAdmin: target: ' . $targeted_id);
@@ -59,6 +59,9 @@ function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid
 
 // Get config object
 $config = SimpleSAML_Configuration::getInstance();
+$cA_config = $config->copyFromBase('consentAdmin', 'module_consentAdmin.php');
+
+$hashAttributes = $cA_config->getValue('attributes.hash');
 
 // Get session object
 $session = SimpleSAML_Session::getInstance();
@@ -126,7 +129,7 @@ SimpleSAML_Logger::info('consentAdmin: '.$idp_entityid);
 $source = $idp_metadata['metadata-set'] . '|' . $idp_entityid;
 
 // Parse consent config
-$consent_storage = sspmod_consent_Store::parseStoreConfig($config->getValue('consentadmin'));
+$consent_storage = sspmod_consent_Store::parseStoreConfig($cA_config->getValue('consentadmin'));
 
 // Calc correct user ID hash
 $hashed_user_id = sspmod_consent_Auth_Process_Consent::getHashedUserID($userid, $source);
@@ -137,7 +140,7 @@ if ($action != null && $sp_entityid != null) {
 	$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
 
 	// Run AuthProc filters
-	list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid);
+	list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes);
 
 	// Add a consent (or update if attributes have changed and old consent for SP and IdP exists)
 	if($action == 'true') {
@@ -177,40 +180,21 @@ foreach ($user_consent_list as $c) {
 	$user_consent[$c[0]]=$c[1];
 }
 
-$sp_empty_name = array(
-	'en' => '(name not specified)',
-	'no' => '(namn ikke spesifisert)',
-	'nn' => '(name not specified)',
-	'da' => '(navn ikke angivet)',
-	'en' => '(name not specified)',
-	'fr' => '(name not specified)',
-	'de' => '(name nicht definiert)',
-	'nl' => '(name not specified)',
-	'lu' => '(name not specified)',
-	'sl' => '(name not specified)',
-); // TODO: Should be moved to language file
-$sp_empty_description = array(
-	'en' => '(no description)',
-	'no' => '(ingen beskrivelse)',
-	'nn' => '(no description)',
-	'da' => '(ingen beskrivelse)',
-	'es' => '(no description)',
-	'fr' => '(no description)',
-	'de' => '(no description)',
-	'nl' => '(no description)',
-	'lu' => '(no description)',
-	'sl' => '(no description)',
-); // TODO: Should be moved to language file
 
 $template_sp_content = array();
 
+// Init template
+$et = new SimpleSAML_XHTML_Template($config, 'consentAdmin:consentadmin.php', 'consentAdmin:consentadmin');
+$sp_empty_name = $et->getTag('sp_empty_name');
+$sp_empty_description = $et->getTag('sp_empty_description');
+
 // Process consents for all SP
 foreach ($all_sp_metadata as $sp_entityid => $sp_values) {
 	// Get metadata for SP
 	$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
 
 	// Run attribute filters
-	list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid);
+	list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes);
 
 	// Check if consent exists
 	if (array_key_exists($targeted_id, $user_consent)) {
@@ -252,10 +236,10 @@ foreach ($all_sp_metadata as $sp_entityid => $sp_values) {
 	);
 }
 
-// Init template
-$et = new SimpleSAML_XHTML_Template($config, 'consentAdmin:consentadmin.php', 'consentAdmin:consentadmin');
+$relaystate = $cA_config->getValue('relaystate');
+
 $et->data['header'] = 'Consent Administration';
-$et->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=https://www.wayf.dk">Logout</a> ]'; // TODO: Fix RelayState. Should be set in config
+$et->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState='. $relaystate .'">Logout</a> ]';
 $et->data['spList'] = $sp_list;
 $et->show();
 ?>
-- 
GitLab