From bd0048972cdc1eafbef104bc6e06d675efb8673a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 17 Feb 2009 09:33:37 +0000
Subject: [PATCH] Add simple consent admin module...
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1279 44740490-163a-0410-bde0-09ae8108e29a
---
.../module_consentSimpleAdmin.php | 16 +++
modules/consentSimpleAdmin/default-disable | 0
.../dictionaries/consentsimpleadmin.php | 40 ++++++
.../docs/ConsentDocs.txt.old | 128 ++++++++++++++++++
.../hooks/hook_frontpage.php | 23 ++++
.../templates/consentadmin.php | 34 +++++
.../templates/consentstats.php | 20 +++
.../consentSimpleAdmin/www/consentAdmin.php | 98 ++++++++++++++
.../consentSimpleAdmin/www/consentStats.php | 33 +++++
9 files changed, 392 insertions(+)
create mode 100644 modules/consentSimpleAdmin/config-templates/module_consentSimpleAdmin.php
create mode 100644 modules/consentSimpleAdmin/default-disable
create mode 100644 modules/consentSimpleAdmin/dictionaries/consentsimpleadmin.php
create mode 100644 modules/consentSimpleAdmin/docs/ConsentDocs.txt.old
create mode 100644 modules/consentSimpleAdmin/hooks/hook_frontpage.php
create mode 100755 modules/consentSimpleAdmin/templates/consentadmin.php
create mode 100755 modules/consentSimpleAdmin/templates/consentstats.php
create mode 100644 modules/consentSimpleAdmin/www/consentAdmin.php
create mode 100644 modules/consentSimpleAdmin/www/consentStats.php
diff --git a/modules/consentSimpleAdmin/config-templates/module_consentSimpleAdmin.php b/modules/consentSimpleAdmin/config-templates/module_consentSimpleAdmin.php
new file mode 100644
index 000000000..02a665b01
--- /dev/null
+++ b/modules/consentSimpleAdmin/config-templates/module_consentSimpleAdmin.php
@@ -0,0 +1,16 @@
+<?php
+
+
+$config = array(
+
+ 'store' => array(
+ 'consent:Database',
+ 'dsn' => 'pgsql:host=sql.uninett.no;dbname=andreas_consent',
+ 'username' => 'simplesaml',
+ 'password' => 'xxxx',
+ ),
+
+ 'auth' => 'example-static',
+ 'userid', 'eduPersonPrincipalName',
+
+);
diff --git a/modules/consentSimpleAdmin/default-disable b/modules/consentSimpleAdmin/default-disable
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/consentSimpleAdmin/dictionaries/consentsimpleadmin.php b/modules/consentSimpleAdmin/dictionaries/consentsimpleadmin.php
new file mode 100644
index 000000000..77c953b68
--- /dev/null
+++ b/modules/consentSimpleAdmin/dictionaries/consentsimpleadmin.php
@@ -0,0 +1,40 @@
+<?php
+
+$lang = array(
+ 'header' => array (
+ 'no' => 'Tilbaketrekning av samtykke',
+ 'en' => 'Consent withdrawal',
+ ),
+ 'granted' => array (
+ 'no' => 'Du har tidligere gitt samtykke %NO% ganger til %OF% forskjellige tjenester.',
+ 'en' => 'You have earlier granted %NO% consents to %OF% different services.',
+ ),
+ 'info' => array (
+ 'no' => 'Dersom du trekker tilbake alle tidligere gitte samtykker, så vil du hver gang du besøker en tjeneste på nytt bli spurt om du aksepterer at en gitt liste med personlig informasjon blir overført til tjenesten.',
+ 'en' => 'If you withdraw all consents given, you will be asked again each time you visit a new service, whether or not you would like to accept that a given set of personal information are transferred.',
+ ),
+ 'withdraw' => array (
+ 'no' => 'Trekk tilbake alle tidligere gitte samtykker',
+ 'en' => 'Withdraw all consent given',
+ ),
+ 'headerstats' => array (
+ 'no' => 'Samtykke statistikk',
+ 'en' => 'Consent Storage Statistics',
+ ),
+ 'stattotal' => array (
+ 'no' => 'Samtykkelageret inneholder %NO% innslag.',
+ 'en' => 'Consent storage contains %NO% entries.',
+ ),
+ 'statusers' => array (
+ 'no' => '%NO% unike brukere har avgitt samtykke.',
+ 'en' => '%NO% unique users have given consent.',
+ ),
+ 'statservices' => array (
+ 'no' => 'Samtykke er avgitt til %NO% unike tjenester.',
+ 'en' => 'Consent is given to %NO% unique services.',
+ ),
+
+);
+
+
+?>
\ No newline at end of file
diff --git a/modules/consentSimpleAdmin/docs/ConsentDocs.txt.old b/modules/consentSimpleAdmin/docs/ConsentDocs.txt.old
new file mode 100644
index 000000000..58254a98b
--- /dev/null
+++ b/modules/consentSimpleAdmin/docs/ConsentDocs.txt.old
@@ -0,0 +1,128 @@
+Using the Consent and ConsentAdmin modules
+
+When the Consent module is active, the end user must give his consent when attributes are sent to an SP.
+The Consent module can be configured to save the given consents to a database.
+The user is then given the option to store the consent for later. Then the next time the attributes will be sent right away.
+
+When the Consent module is using persistent storage, you can activate the optional ConsentAdmin module.
+With this, the user can view and remove his consents for various SP's.
+
+Installing the Consent module
+
+The Consent module is part of the simplesamlphp standard sources.
+
+It consists of the following files
+
+dictionaries/consent.php
+templates/default/consent.php
+lib/SimpleSAML/Consent/Consent.php
+lib/SimpleSAML/Consent/ConsentStorage.php
+
+Create the Consent database.
+
+Activate Consent module on IdP.
+
+Edit metadata/saml20-idp-hosted.php and set
+ requireconsent
+to true
+
+Configuring persistent storage of the Consent module.
+
+Create a database with the Consent schema and necessary user rights.
+For now, the examples assume you are using the MySQL database.
+Consult the database documentation to see how you grant permission to the database user which the Consent module must use.
+
+The database schema is shown in the lib/SimpleSAML/Consent/ConsentStorage.php file:
+
+/**
+ * The Consent Storage class is used for storing Attribute Release consents.
+ *
+ * CREATE TABLE consent (
+ * hashed_user_id varchar(128) NOT NULL,
+ * service_id varchar(128) NOT NULL,
+ * attribute varchar(128) NOT NULL,
+ * consent_date datetime NOT NULL,
+ * usage_date datetime NOT NULL,
+ * PRIMARY KEY USING BTREE (hashed_user_id, service_id)
+ * );
+ *
+
+Edit the Consent section of config/config.php and set the database and user information.
+Remember to activate persistent Consent storage by setting the
+ consent_usestorage
+attribute to true
+
+/*
+ * Configuration of Consent storage used for attribute consent.
+ * connect, user and passwd is used with PDO (in example Mysql)
+ */
+ 'consent_usestorage' => true,
+ 'consent_userid' => 'eduPersonPrincipalName',
+ 'consent_salt' => 'sdkfjhsidu87werwe8r79w8e7r',
+ 'consent_pdo_connect' => 'mysql:host=sql.example.org;dbname=simplesamlconsent',
+ 'consent_pdo_user' => 'simplesamluser',
+ 'consent_pdo_passwd' => 'xxxx',
+
+Installing the ConsentAdmin module
+The ConsentAdmin module adds a user interface to SimpleSaml which allows the end user to edit his/her consents for all the Service Providers.
+
+The ConsentAdmin module consists of the following files in the SimpleSaml directory structure:
+
+dictionaries/consentadmin.php
+docs/ConsentDocs.txt
+templates/default/consentadmin.php
+www/consent/ConsentAdminLib.php
+www/consent/consentAdmin.php
+www/consent/ConsentLib.php
+www/consent/consentSubmit.php
+www/consent/includes/
+www/consent/includes/consentSimpleAjax.js
+
+Dictionaries
+
+As you can see in the Consent file listing, the consent module uses two of its own dictionaries for translations, consent.php and consentadmin.php.
+The dictionaries are work-in-progress!
+Additionally, it uses the attributes.php dictionary for showing localised attribute names.
+
+From the ConsentAdmin source files, you can copy these manually to the right places.
+If you received the ConsentAdmin as a .tgz archive you can untar them directly into the SimpleSaml source files with these commands
+
+ $ cd <your simplesaml source root>
+ $ tar -wkzxvf <ConsentAdmin.tgz>
+
+Configuring the Idp
+The ConsentAdmin module uses the IdP's list of remote SP's (configured in metadata/saml20-sp-remote.php). It uses the attributes 'name' and 'description'.
+Both these attributes must specify an array for language translations.
+Example:
+
+ saml2sp.example.org' => array(
+ 'AssertionConsumerService' => 'https://saml2sp.example.org/simplesaml/saml2/sp/AssertionConsumerService.php',
+ 'SingleLogoutService' => 'https://saml2sp.example.org/simplesaml/saml2/sp/SingleLogoutService.php',
+
+ 'name' => array(
+ 'en' => 'Saml2 SP english',
+ 'no' => 'Saml2 SP bokmĂĄl',
+ 'nn' => 'Saml2 SP nynorsk',
+ 'da' => 'Saml2 SP dansk',
+ 'es' => 'Saml2 SP español',
+ 'fr' => 'Saml2 SP français',
+ 'de' => 'Saml2 SP deutsch',
+ 'nl' => 'Saml2 SP dutch',
+ 'lu' => 'Saml2 SP Luxembourgish',
+ 'sl' => 'Saml2 SP Slovenščina',
+ ),
+ 'description' => array(
+ 'en' => 'Saml2 SP description english',
+ 'no' => 'Saml2 SP description bokmĂĄl',
+ 'nn' => 'Saml2 SP description nynorsk',
+ 'da' => 'Saml2 SP description dansk',
+ 'es' => 'Saml2 SP description español',
+ 'fr' => 'Saml2 SP description français',
+ 'de' => 'Saml2 SP description deutsch',
+ 'nl' => 'Saml2 SP description dutch',
+ 'lu' => 'Saml2 SP description Luxembourgish',
+ 'sl' => 'Saml2 SP description Slovenščina',
+ ),
+ ),
+
+
\ No newline at end of file
diff --git a/modules/consentSimpleAdmin/hooks/hook_frontpage.php b/modules/consentSimpleAdmin/hooks/hook_frontpage.php
new file mode 100644
index 000000000..743ef22f0
--- /dev/null
+++ b/modules/consentSimpleAdmin/hooks/hook_frontpage.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Hook to add the simple consenet admin module to the frontpage.
+ *
+ * @param array &$links The links on the frontpage, split into sections.
+ */
+function consentSimpleAdmin_hook_frontpage(&$links) {
+ assert('is_array($links)');
+ assert('array_key_exists("links", $links)');
+
+ $links['links'][] = array(
+ 'href' => SimpleSAML_Module::getModuleURL('consentSimpleAdmin/consentAdmin.php'),
+ 'text' => '{consentSimpleAdmin:consentsimpleadmin:header}',
+ );
+ $links['links'][] = array(
+ 'href' => SimpleSAML_Module::getModuleURL('consentSimpleAdmin/consentStats.php'),
+ 'text' => '{consentSimpleAdmin:consentsimpleadmin:headerstats}',
+ );
+
+}
+
+
+?>
diff --git a/modules/consentSimpleAdmin/templates/consentadmin.php b/modules/consentSimpleAdmin/templates/consentadmin.php
new file mode 100755
index 000000000..3bf4c727c
--- /dev/null
+++ b/modules/consentSimpleAdmin/templates/consentadmin.php
@@ -0,0 +1,34 @@
+<?php
+
+$this->data['header'] = $this->t('{consentSimpleAdmin:consentsimpleadmin:header}');
+$this->includeAtTemplateBase('includes/header.php');
+
+?>
+
+
+
+<p><?php
+
+echo '<p>' . $this->t('{consentSimpleAdmin:consentsimpleadmin:granted}', array(
+ '%NO%' => (string)$this->data['consents'],
+ '%OF%' => (string)$this->data['consentServices'],
+)) . '</p>';
+
+
+echo '<p>' . $this->t('{consentSimpleAdmin:consentsimpleadmin:info}') . '</p>';
+
+
+?></p>
+
+<!-- <p>You have granted <?php echo $this->data['consents']; ?> consents to <?php echo $this->data['consentServices']; ?> different services.</p>
+
+<p>If you withdraw all consents given, you will be asked again each time you visit a new service, whether or not you would like to accept that a given set of attributes are transferred.</p> -->
+
+<form method="get" action="consentAdmin.php">
+
+ <input type="submit" name="withdraw" value="<?php echo $this->t('{consentSimpleAdmin:consentsimpleadmin:withdraw}'); ?>" />
+
+</form>
+<!-- Withdraw all consent given -->
+
+<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
diff --git a/modules/consentSimpleAdmin/templates/consentstats.php b/modules/consentSimpleAdmin/templates/consentstats.php
new file mode 100755
index 000000000..731a689f6
--- /dev/null
+++ b/modules/consentSimpleAdmin/templates/consentstats.php
@@ -0,0 +1,20 @@
+<?php
+
+$this->data['header'] = $this->t('{consentSimpleAdmin:consentsimpleadmin:headerstats}');
+$this->includeAtTemplateBase('includes/header.php');
+
+?>
+
+
+<p><?php
+
+echo '<p>' . $this->t('{consentSimpleAdmin:consentsimpleadmin:stattotal}', array('%NO%' => $this->data['stats']['total'])) . '</p>';
+echo '<p>' . $this->t('{consentSimpleAdmin:consentsimpleadmin:statusers}', array('%NO%' => $this->data['stats']['users'])) . '</p>';
+echo '<p>' . $this->t('{consentSimpleAdmin:consentsimpleadmin:statservices}', array('%NO%' => $this->data['stats']['services'])) . '</p>';
+
+
+
+?></p>
+
+
+<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
diff --git a/modules/consentSimpleAdmin/www/consentAdmin.php b/modules/consentSimpleAdmin/www/consentAdmin.php
new file mode 100644
index 000000000..17c05c71c
--- /dev/null
+++ b/modules/consentSimpleAdmin/www/consentAdmin.php
@@ -0,0 +1,98 @@
+<?php
+/*
+ * consentSimpleAdmin - Simple Consent administration module
+ *
+ * This module is a simplification of the danish consent administration module.
+ *
+ * @author Andreas Ă…kre Solberg <andreas.solberg@uninett.no>
+ * @author Mads Freen - WAYF
+ * @author Jacob Christiansen - WAYF
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+
+
+// Get config object
+$config = SimpleSAML_Configuration::getInstance();
+$consentconfig = $config->copyFromBase('consentSimpleAdminConfig', 'module_consentSimpleAdmin.php');
+
+// Get session object
+$session = SimpleSAML_Session::getInstance();
+
+$as = $consentconfig->getValue('auth');
+if (!$session->isValid($as)) {
+ SimpleSAML_Auth_Default::initLogin($as, SimpleSAML_Utilities::selfURL());
+}
+
+
+// Get user ID
+$userid_attributename = $consentconfig->getValue('userid', 'eduPersonPrincipalName');
+$userids = ($session->getAttribute($userid_attributename));
+
+if (empty($userids)) {
+ throw new Exception('Could not generate useridentifier for storing consent. Attribute [' .
+ $userid_attributename . '] was not available.');
+}
+
+$userid = $userids[0];
+
+// Get metadata storage handler
+$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+
+// Get all attributes
+$attributes = $session->getAttributes();
+
+/*
+ * Get IdP id and metadata
+ */
+if($session->getIdP() != null) {
+ // From a remote idp (as bridge)
+ $idp_entityid = $session->getIdP();
+ $idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-remote');
+} else {
+ // from the local idp
+ $idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+ $idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted');
+}
+
+SimpleSAML_Logger::debug('consentAdmin: IdP is ['.$idp_entityid . ']');
+
+$source = $idp_metadata['metadata-set'] . '|' . $idp_entityid;
+
+
+// Parse consent config
+$consent_storage = sspmod_consent_Store::parseStoreConfig($consentconfig->getValue('store'));
+
+// Calc correct user ID hash
+$hashed_user_id = sspmod_consent_Auth_Process_Consent::getHashedUserID($userid, $source);
+
+
+
+// Check if button with withdraw all consent was clicked.
+if (array_key_exists('withdraw', $_REQUEST)) {
+
+ SimpleSAML_Logger::info('consentAdmin: UserID ['.$hashed_user_id . '] has requested to withdraw all consents given...');
+
+ $consent_storage->deleteAllConsents($hashed_user_id);
+
+}
+
+
+
+// Get all consents for user
+$user_consent_list = $consent_storage->getConsents($hashed_user_id);
+
+$consentServices = array();
+foreach($user_consent_list AS $c) $consentServices[$c[1]] = 1;
+
+SimpleSAML_Logger::debug('consentAdmin: no of consents [' . count($user_consent_list) . '] no of services [' . count($consentServices) . ']');
+
+// Init template
+$t = new SimpleSAML_XHTML_Template($config, 'consentSimpleAdmin:consentadmin.php');
+
+$t->data['consentServices'] = count($consentServices);
+$t->data['consents'] = count($user_consent_list);
+
+
+$t->show();
+?>
diff --git a/modules/consentSimpleAdmin/www/consentStats.php b/modules/consentSimpleAdmin/www/consentStats.php
new file mode 100644
index 000000000..433f4434d
--- /dev/null
+++ b/modules/consentSimpleAdmin/www/consentStats.php
@@ -0,0 +1,33 @@
+<?php
+/*
+ * consentSimpleAdmin - Simple Consent administration module
+ *
+ * shows statistics.
+ *
+ * @author Andreas Ă…kre Solberg <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+
+
+// Get config object
+$config = SimpleSAML_Configuration::getInstance();
+$consentconfig = $config->copyFromBase('consentSimpleAdminConfig', 'module_consentSimpleAdmin.php');
+
+
+// Parse consent config
+$consent_storage = sspmod_consent_Store::parseStoreConfig($consentconfig->getValue('store'));
+
+// Get all consents for user
+$stats = $consent_storage->getStatistics();
+
+#print_r($stats); exit;
+
+// Init template
+$t = new SimpleSAML_XHTML_Template($config, 'consentSimpleAdmin:consentstats.php');
+
+$t->data['stats'] = $stats;
+
+
+$t->show();
+?>
--
GitLab