From 2835d833313d9c35e05360239478c8c071670012 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 11 Feb 2009 09:45:06 +0000
Subject: [PATCH] Possible to see ldap status page by accessing secret url

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1255 44740490-163a-0410-bde0-09ae8108e29a
---
 .../ldapstatus/templates/ldapsinglehost.php   |  9 +++++
 modules/ldapstatus/www/index.php              | 35 +++++++++++++++++--
 2 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/modules/ldapstatus/templates/ldapsinglehost.php b/modules/ldapstatus/templates/ldapsinglehost.php
index 3a214cee7..480557647 100644
--- a/modules/ldapstatus/templates/ldapsinglehost.php
+++ b/modules/ldapstatus/templates/ldapsinglehost.php
@@ -62,6 +62,15 @@ foreach ($this->data['res'] AS $tag => $res) {
 #	echo ('failed: ' . $tag . '[' . $res[0] . ']'); }
 }
 
+if (array_key_exists('secretURL', $this->data)) {
+	
+	echo('<p>This page can be accessed by this secret URL:<br />');
+	echo('<pre  style="border: 1px solid #aaa; background: yellow; padding: .4em; margin: .2em;">');
+	echo(htmlentities($this->data['secretURL']));
+	echo('</pre></p>');
+	
+}
+
 echo('<p>Status:</p>');
 if ($ok) {
 	echo('<div class="inbox" style="border: 1px solid #aaa; background: yellow; padding: .4em; margin: .2em;">');
diff --git a/modules/ldapstatus/www/index.php b/modules/ldapstatus/www/index.php
index b59319e20..4b0cd3ad5 100644
--- a/modules/ldapstatus/www/index.php
+++ b/modules/ldapstatus/www/index.php
@@ -4,13 +4,41 @@
 $config = SimpleSAML_Configuration::getInstance();
 $session = SimpleSAML_Session::getInstance();
 
-if (!$session->isValid('login-admin') ) {
-	SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
-		array('RelayState' => SimpleSAML_Utilities::selfURL())
+$isAdmin = FALSE;
+$secretURL = NULL;
+if (array_key_exists('orgtest', $_REQUEST)) {
+	$secretKey = sha1('ldapstatus|' . $config->getValue('secret') . '|' . $_REQUEST['orgtest']);
+	$secretURL = SimpleSAML_Utilities::addURLparameter(
+		SimpleSAML_Utilities::selfURLNoQuery(), array(
+			'orgtest' => $_REQUEST['orgtest'],
+			'key' => $secretKey,
+		)
 	);
+	if (array_key_exists('key', $_REQUEST) && $_REQUEST['key'] == $secretKey ) {
+		// OK Access
+	} else {
+		if (!$session->isValid('login-admin') ) {
+			SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
+				array('RelayState' => SimpleSAML_Utilities::selfURL())
+			);
+		}
+		$isAdmin = TRUE;
+	}
+
+} else {
+
+	// Require admin access to overview page...
+	if (!$session->isValid('login-admin') ) {
+		SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'auth/login-admin.php',
+			array('RelayState' => SimpleSAML_Utilities::selfURL())
+		);
+	}
+	$isAdmin = TRUE;
+
 }
 
 
+
 function backtrace() {
 	return join(' - ', debug_backtrace());
 }
@@ -95,6 +123,7 @@ if (array_key_exists('orgtest', $_REQUEST)) {
 	
 	$t->data['res'] = $res;
 	$t->data['org'] = $orgs[$_REQUEST['orgtest']];
+	if ($isAdmin) $t->data['secretURL'] = $secretURL;
 	$t->show();
 	exit;
 
-- 
GitLab