Skip to content
Snippets Groups Projects
Commit de5b9d08 authored by Jaime Perez Crespo's avatar Jaime Perez Crespo
Browse files

Reformat code.

parent 2f32282e
No related branches found
No related tags found
No related merge requests found
<?php
/*
* consentAdmin - Consent administration module
*
* This module enables the user to add and remove consents given for a given
* Service Provider.
*
* The module relies on methods and functions from the Consent module and can
* not be user without it.
*
* Author: Mads Freen <freek@ruc.dk>, Jacob Christiansen <jach@wayf.dk>
*/
/*
* Runs the processingchain and ignores all filter which have user
* interaction.
*/
function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes = FALSE) {
/*
* Create a new processing chain
*/
$pc = new SimpleSAML_Auth_ProcessingChain($idp_metadata, $sp_metadata, 'idp');
/*
* Construct the state.
* REMEMBER: Do not set Return URL if you are calling processStatePassive
*/
$authProcState = array(
'Attributes' => $attributes,
'Destination' => $sp_metadata,
'Source' => $idp_metadata,
'isPassive' => TRUE,
);
/*
* Call processStatePAssive.
* We are not interested in any user interaction, only modifications to the attributes
*/
$pc->processStatePassive($authProcState);
$attributes = $authProcState['Attributes'];
/*
* Generate identifiers and hashes
*/
$destination = $sp_metadata['metadata-set'] . '|' . $sp_entityid;
$targeted_id = sspmod_consent_Auth_Process_Consent::getTargetedID($userid, $source, $destination);
$attribute_hash = sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes, $hashAttributes);
SimpleSAML_Logger::info('consentAdmin: user: ' . $userid);
SimpleSAML_Logger::info('consentAdmin: target: ' . $targeted_id);
SimpleSAML_Logger::info('consentAdmin: attribute: ' . $attribute_hash);
/* Return values */
return array($targeted_id, $attribute_hash, $attributes);
}
// Get config object
$config = SimpleSAML_Configuration::getInstance();
$cA_config = SimpleSAML_Configuration::getConfig('module_consentAdmin.php');
$authority = $cA_config->getValue('authority');
$as = new SimpleSAML_Auth_Simple($authority);
// If request is a logout request
if(array_key_exists('logout', $_REQUEST)) {
$returnURL = $cA_config->getValue('returnURL');
$as->logout($returnURL);
}
$hashAttributes = $cA_config->getValue('attributes.hash');
/* Check if valid local session exists */
$as->requireAuth();
// Get released attributes
$attributes = $as->getAttributes();
// Get metadata storage handler
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/*
* Get IdP id and metadata
*/
$local_idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$local_idp_metadata = $metadata->getMetaData($local_idp_entityid, 'saml20-idp-hosted');
if($as->getAuthData('saml:sp:IdP') !== NULL) {
/*
* From a remote idp (as bridge)
*/
$idp_entityid = $as->getAuthData('saml:sp:IdP');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-remote');
} else {
/*
* from the local idp
*/
$idp_entityid = $local_idp_entityid;
$idp_metadata = $local_idp_metadata;
}
// Get user ID
$userid_attributename = (isset($local_idp_metadata['userid.attribute']) && is_string($local_idp_metadata['userid.attribute'])) ? $local_idp_metadata['userid.attribute'] : 'eduPersonPrincipalName';
$userids = $attributes[$userid_attributename];
if (empty($userids)) {
throw new Exception('Could not generate useridentifier for storing consent. Attribute [' .
$userid_attributename . '] was not available.');
}
$userid = $userids[0];
// Get all SP metadata
$all_sp_metadata = $metadata->getList('saml20-sp-remote');
// Parse action, if any
$action = null;
$sp_entityid = null;
if (!empty($_GET['cv'])) {
$sp_entityid=$_GET['cv'];
}
if (!empty($_GET['action'])) {
$action=$_GET["action"];
}
SimpleSAML_Logger::critical('consentAdmin: sp: ' .$sp_entityid.' action: '.$action);
// Remove services, whitch have consent disabled
if(isset($idp_metadata['consent.disable'])) {
foreach($idp_metadata['consent.disable'] AS $disable) {
if(array_key_exists($disable, $all_sp_metadata)) {
unset($all_sp_metadata[$disable]);
}
}
}
SimpleSAML_Logger::info('consentAdmin: '.$idp_entityid);
// Calc correct source
$source = $idp_metadata['metadata-set'] . '|' . $idp_entityid;
// Parse consent config
$consent_storage = sspmod_consent_Store::parseStoreConfig($cA_config->getValue('consentadmin'));
// Calc correct user ID hash
$hashed_user_id = sspmod_consent_Auth_Process_Consent::getHashedUserID($userid, $source);
// If a checkbox have been clicked
if ($action !== null && $sp_entityid !== null) {
// Get SP metadata
$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
// Run AuthProc filters
list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes);
// Add a consent (or update if attributes have changed and old consent for SP and IdP exists)
if($action == 'true') {
$isStored = $consent_storage->saveConsent($hashed_user_id, $targeted_id, $attribute_hash);
if($isStored) {
$res = "added";
} else {
$res = "updated";
}
// Remove consent
} else if($action == 'false') {
// Got consent, so this is a request to remove it
$rowcount = $consent_storage->deleteConsent($hashed_user_id, $targeted_id, $attribute_hash);
if($rowcount > 0) {
$res = "removed";
}
// Unknown action (should not happen)
} else {
SimpleSAML_Logger::info('consentAdmin: unknown action');
$res = "unknown";
}
/*
* Init template to enable translation of status messages
*/
$et = new SimpleSAML_XHTML_Template($config, 'consentAdmin:consentadminajax.php', 'consentAdmin:consentadmin');
$et->data['res'] = $res;
$et->show();
exit;
}
// Get all consents for user
$user_consent_list = $consent_storage->getConsents($hashed_user_id);
// Parse list of consents
$user_consent = array();
foreach ($user_consent_list as $c) {
$user_consent[$c[0]]=$c[1];
}
$template_sp_content = array();
// Init template
$et = new SimpleSAML_XHTML_Template($config, 'consentAdmin:consentadmin.php', 'consentAdmin:consentadmin');
$sp_empty_name = $et->getTag('sp_empty_name');
$sp_empty_description = $et->getTag('sp_empty_description');
// Process consents for all SP
foreach ($all_sp_metadata as $sp_entityid => $sp_values) {
// Get metadata for SP
$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
// Run attribute filters
list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid, $attributes, $userid, $hashAttributes);
// Check if consent exists
if (array_key_exists($targeted_id, $user_consent)) {
$sp_status = "changed";
SimpleSAML_Logger::info('consentAdmin: changed');
// Check if consent is valid. (Possible that attributes has changed)
if ($user_consent[$targeted_id] == $attribute_hash) {
SimpleSAML_Logger::info('consentAdmin: ok');
$sp_status = "ok";
}
// Consent does not exists
} else {
SimpleSAML_Logger::info('consentAdmin: none');
$sp_status = "none";
}
// Set name of SP
if(isset($sp_values['name']) && is_array($sp_values['name'])) {
$sp_name = $sp_metadata['name'];
} else if(isset($sp_values['name']) && is_string($sp_values['name'])) {
$sp_name = $sp_metadata['name'];
} elseif(isset($sp_values['OrganizationDisplayName']) && is_array($sp_values['OrganizationDisplayName'])) {
$sp_name = $sp_metadata['OrganizationDisplayName'];
} else {
$sp_name = $sp_empty_name;
}
// Set description of SP
if(empty($sp_metadata['description']) || !is_array($sp_metadata['description'])) {
$sp_description = $sp_empty_description;
} else {
$sp_description = $sp_metadata['description'];
}
// Add a URL to the service if present in metadata
$sp_service_url = isset($sp_metadata['ServiceURL']) ? $sp_metadata['ServiceURL'] : null;
// Fill out array for the template
$sp_list[$sp_entityid] = array(
'spentityid' => $sp_entityid,
'name' => $sp_name,
'description' => $sp_description,
'consentStatus' => $sp_status,
'consentValue' => $sp_entityid,
'attributes_by_sp' => $attributes_new,
'serviceurl' => $sp_service_url,
);
}
$et->data['header'] = 'Consent Administration';
$et->data['spList'] = $sp_list;
$et->data['showDescription'] = $cA_config->getValue('showDescription');
$et->show();
<?php
/*
* consentAdmin - Consent administration module
*
* This module enables the user to add and remove consents given for a given
* Service Provider.
*
* The module relies on methods and functions from the Consent module and can
* not be user without it.
*
* Author: Mads Freek <freek@ruc.dk>, Jacob Christiansen <jach@wayf.dk>
*/
/*
* Runs the processing chain and ignores all filter which have user
* interaction.
*/
function driveProcessingChain(
$idp_metadata,
$source,
$sp_metadata,
$sp_entityid,
$attributes,
$userid,
$hashAttributes = false
) {
/*
* Create a new processing chain
*/
$pc = new SimpleSAML_Auth_ProcessingChain($idp_metadata, $sp_metadata, 'idp');
/*
* Construct the state.
* REMEMBER: Do not set Return URL if you are calling processStatePassive
*/
$authProcState = array(
'Attributes' => $attributes,
'Destination' => $sp_metadata,
'Source' => $idp_metadata,
'isPassive' => true,
);
/*
* Call processStatePAssive.
* We are not interested in any user interaction, only modifications to the attributes
*/
$pc->processStatePassive($authProcState);
$attributes = $authProcState['Attributes'];
/*
* Generate identifiers and hashes
*/
$destination = $sp_metadata['metadata-set'].'|'.$sp_entityid;
$targeted_id = sspmod_consent_Auth_Process_Consent::getTargetedID($userid, $source, $destination);
$attribute_hash = sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes, $hashAttributes);
SimpleSAML_Logger::info('consentAdmin: user: '.$userid);
SimpleSAML_Logger::info('consentAdmin: target: '.$targeted_id);
SimpleSAML_Logger::info('consentAdmin: attribute: '.$attribute_hash);
/* Return values */
return array($targeted_id, $attribute_hash, $attributes);
}
// Get config object
$config = SimpleSAML_Configuration::getInstance();
$cA_config = SimpleSAML_Configuration::getConfig('module_consentAdmin.php');
$authority = $cA_config->getValue('authority');
$as = new SimpleSAML_Auth_Simple($authority);
// If request is a logout request
if (array_key_exists('logout', $_REQUEST)) {
$returnURL = $cA_config->getValue('returnURL');
$as->logout($returnURL);
}
$hashAttributes = $cA_config->getValue('attributes.hash');
/* Check if valid local session exists */
$as->requireAuth();
// Get released attributes
$attributes = $as->getAttributes();
// Get metadata storage handler
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/*
* Get IdP id and metadata
*/
$local_idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$local_idp_metadata = $metadata->getMetaData($local_idp_entityid, 'saml20-idp-hosted');
if ($as->getAuthData('saml:sp:IdP') !== null) {
// from a remote idp (as bridge)
$idp_entityid = $as->getAuthData('saml:sp:IdP');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-remote');
} else {
// from the local idp
$idp_entityid = $local_idp_entityid;
$idp_metadata = $local_idp_metadata;
}
// Get user ID
$userid_attributename = (isset($local_idp_metadata['userid.attribute']) && is_string($local_idp_metadata['userid.attribute'])) ? $local_idp_metadata['userid.attribute'] : 'eduPersonPrincipalName';
$userids = $attributes[$userid_attributename];
if (empty($userids)) {
throw new Exception('Could not generate useridentifier for storing consent. Attribute ['.
$userid_attributename.'] was not available.');
}
$userid = $userids[0];
// Get all SP metadata
$all_sp_metadata = $metadata->getList('saml20-sp-remote');
// Parse action, if any
$action = null;
$sp_entityid = null;
if (!empty($_GET['cv'])) {
$sp_entityid = $_GET['cv'];
}
if (!empty($_GET['action'])) {
$action = $_GET["action"];
}
SimpleSAML_Logger::critical('consentAdmin: sp: '.$sp_entityid.' action: '.$action);
// Remove services, whitch have consent disabled
if (isset($idp_metadata['consent.disable'])) {
foreach ($idp_metadata['consent.disable'] AS $disable) {
if (array_key_exists($disable, $all_sp_metadata)) {
unset($all_sp_metadata[$disable]);
}
}
}
SimpleSAML_Logger::info('consentAdmin: '.$idp_entityid);
// Calc correct source
$source = $idp_metadata['metadata-set'].'|'.$idp_entityid;
// Parse consent config
$consent_storage = sspmod_consent_Store::parseStoreConfig($cA_config->getValue('consentadmin'));
// Calc correct user ID hash
$hashed_user_id = sspmod_consent_Auth_Process_Consent::getHashedUserID($userid, $source);
// If a checkbox have been clicked
if ($action !== null && $sp_entityid !== null) {
// Get SP metadata
$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
// Run AuthProc filters
list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata,
$sp_entityid, $attributes, $userid, $hashAttributes);
// Add a consent (or update if attributes have changed and old consent for SP and IdP exists)
if ($action == 'true') {
$isStored = $consent_storage->saveConsent($hashed_user_id, $targeted_id, $attribute_hash);
if ($isStored) {
$res = "added";
} else {
$res = "updated";
}
// Remove consent
} else {
if ($action == 'false') {
// Got consent, so this is a request to remove it
$rowcount = $consent_storage->deleteConsent($hashed_user_id, $targeted_id, $attribute_hash);
if ($rowcount > 0) {
$res = "removed";
}
// Unknown action (should not happen)
} else {
SimpleSAML_Logger::info('consentAdmin: unknown action');
$res = "unknown";
}
}
// init template to enable translation of status messages
$et = new SimpleSAML_XHTML_Template($config, 'consentAdmin:consentadminajax.php', 'consentAdmin:consentadmin');
$et->data['res'] = $res;
$et->show();
exit;
}
// Get all consents for user
$user_consent_list = $consent_storage->getConsents($hashed_user_id);
// Parse list of consents
$user_consent = array();
foreach ($user_consent_list as $c) {
$user_consent[$c[0]] = $c[1];
}
$template_sp_content = array();
// Init template
$et = new SimpleSAML_XHTML_Template($config, 'consentAdmin:consentadmin.php', 'consentAdmin:consentadmin');
$sp_empty_name = $et->getTag('sp_empty_name');
$sp_empty_description = $et->getTag('sp_empty_description');
// Process consents for all SP
foreach ($all_sp_metadata as $sp_entityid => $sp_values) {
// Get metadata for SP
$sp_metadata = $metadata->getMetaData($sp_entityid, 'saml20-sp-remote');
// Run attribute filters
list($targeted_id, $attribute_hash, $attributes_new) = driveProcessingChain($idp_metadata, $source, $sp_metadata,
$sp_entityid, $attributes, $userid, $hashAttributes);
// Check if consent exists
if (array_key_exists($targeted_id, $user_consent)) {
$sp_status = "changed";
SimpleSAML_Logger::info('consentAdmin: changed');
// Check if consent is valid. (Possible that attributes has changed)
if ($user_consent[$targeted_id] == $attribute_hash) {
SimpleSAML_Logger::info('consentAdmin: ok');
$sp_status = "ok";
}
// Consent does not exists
} else {
SimpleSAML_Logger::info('consentAdmin: none');
$sp_status = "none";
}
// Set name of SP
if (isset($sp_values['name']) && is_array($sp_values['name'])) {
$sp_name = $sp_metadata['name'];
} else {
if (isset($sp_values['name']) && is_string($sp_values['name'])) {
$sp_name = $sp_metadata['name'];
} elseif (isset($sp_values['OrganizationDisplayName']) && is_array($sp_values['OrganizationDisplayName'])) {
$sp_name = $sp_metadata['OrganizationDisplayName'];
} else {
$sp_name = $sp_empty_name;
}
}
// Set description of SP
if (empty($sp_metadata['description']) || !is_array($sp_metadata['description'])) {
$sp_description = $sp_empty_description;
} else {
$sp_description = $sp_metadata['description'];
}
// Add a URL to the service if present in metadata
$sp_service_url = isset($sp_metadata['ServiceURL']) ? $sp_metadata['ServiceURL'] : null;
// Fill out array for the template
$sp_list[$sp_entityid] = array(
'spentityid' => $sp_entityid,
'name' => $sp_name,
'description' => $sp_description,
'consentStatus' => $sp_status,
'consentValue' => $sp_entityid,
'attributes_by_sp' => $attributes_new,
'serviceurl' => $sp_service_url,
);
}
$et->data['header'] = 'Consent Administration';
$et->data['spList'] = $sp_list;
$et->data['showDescription'] = $cA_config->getValue('showDescription');
$et->show();
<?php
/*
* consentSimpleAdmin - Simple Consent administration module
*
* This module is a simplification of the danish consent administration module.
*
* @author Andreas Åkre Solberg <andreas.solberg@uninett.no>
* @author Mads Freen - WAYF
* @author Jacob Christiansen - WAYF
* @package simpleSAMLphp
*/
// Get config object
$config = SimpleSAML_Configuration::getInstance();
$consentconfig = SimpleSAML_Configuration::getConfig('module_consentSimpleAdmin.php');
$as = $consentconfig->getValue('auth');
$as = new SimpleSAML_Auth_Simple($as);
$as->requireAuth();
// Get all attributes
$attributes = $as->getAttributes();
// Get user ID
$userid_attributename = $consentconfig->getValue('userid', 'eduPersonPrincipalName');
if (empty($attributes[$userid_attributename])) {
throw new Exception('Could not generate useridentifier for storing consent. Attribute [' .
$userid_attributename . '] was not available.');
}
$userid = $attributes[$userid_attributename][0];
// Get metadata storage handler
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
/*
* Get IdP id and metadata
*/
if($as->getAuthData('saml:sp:IdP') !== null) {
// From a remote idp (as bridge)
$idp_entityid = $as->getAuthData('saml:sp:IdP');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-remote');
} else {
// from the local idp
$idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted');
}
SimpleSAML_Logger::debug('consentAdmin: IdP is ['.$idp_entityid . ']');
$source = $idp_metadata['metadata-set'] . '|' . $idp_entityid;
// Parse consent config
$consent_storage = sspmod_consent_Store::parseStoreConfig($consentconfig->getValue('store'));
// Calc correct user ID hash
$hashed_user_id = sspmod_consent_Auth_Process_Consent::getHashedUserID($userid, $source);
// Check if button with withdraw all consent was clicked.
if (array_key_exists('withdraw', $_REQUEST)) {
SimpleSAML_Logger::info('consentAdmin: UserID ['.$hashed_user_id . '] has requested to withdraw all consents given...');
$consent_storage->deleteAllConsents($hashed_user_id);
}
// Get all consents for user
$user_consent_list = $consent_storage->getConsents($hashed_user_id);
$consentServices = array();
foreach($user_consent_list AS $c) $consentServices[$c[1]] = 1;
SimpleSAML_Logger::debug('consentAdmin: no of consents [' . count($user_consent_list) . '] no of services [' . count($consentServices) . ']');
// Init template
$t = new SimpleSAML_XHTML_Template($config, 'consentSimpleAdmin:consentadmin.php');
$t->data['consentServices'] = count($consentServices);
$t->data['consents'] = count($user_consent_list);
$t->show();
<?php
/*
* consentSimpleAdmin - Simple Consent administration module
*
* This module is a simplification of the danish consent administration module.
*
* @author Andreas Åkre Solberg <andreas.solberg@uninett.no>
* @author Mads Freek - WAYF
* @author Jacob Christiansen - WAYF
* @package SimpleSAMLphp
*/
// Get config object
$config = SimpleSAML_Configuration::getInstance();
$consentconfig = SimpleSAML_Configuration::getConfig('module_consentSimpleAdmin.php');
$as = $consentconfig->getValue('auth');
$as = new SimpleSAML_Auth_Simple($as);
$as->requireAuth();
// Get all attributes
$attributes = $as->getAttributes();
// Get user ID
$userid_attributename = $consentconfig->getValue('userid', 'eduPersonPrincipalName');
if (empty($attributes[$userid_attributename])) {
throw new Exception('Could not generate useridentifier for storing consent. Attribute ['.
$userid_attributename.'] was not available.');
}
$userid = $attributes[$userid_attributename][0];
// Get metadata storage handler
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
// Get IdP id and metadata
if ($as->getAuthData('saml:sp:IdP') !== null) {
// From a remote idp (as bridge)
$idp_entityid = $as->getAuthData('saml:sp:IdP');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-remote');
} else {
// from the local idp
$idp_entityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp_metadata = $metadata->getMetaData($idp_entityid, 'saml20-idp-hosted');
}
SimpleSAML_Logger::debug('consentAdmin: IdP is ['.$idp_entityid.']');
$source = $idp_metadata['metadata-set'].'|'.$idp_entityid;
// Parse consent config
$consent_storage = sspmod_consent_Store::parseStoreConfig($consentconfig->getValue('store'));
// Calc correct user ID hash
$hashed_user_id = sspmod_consent_Auth_Process_Consent::getHashedUserID($userid, $source);
// Check if button with withdraw all consent was clicked.
if (array_key_exists('withdraw', $_REQUEST)) {
SimpleSAML_Logger::info('consentAdmin: UserID ['.$hashed_user_id.'] has requested to withdraw all consents given...');
$consent_storage->deleteAllConsents($hashed_user_id);
}
// Get all consents for user
$user_consent_list = $consent_storage->getConsents($hashed_user_id);
$consentServices = array();
foreach ($user_consent_list AS $c) {
$consentServices[$c[1]] = 1;
}
SimpleSAML_Logger::debug('consentAdmin: no of consents ['.count($user_consent_list).'] no of services ['.count($consentServices).']');
// Init template
$t = new SimpleSAML_XHTML_Template($config, 'consentSimpleAdmin:consentadmin.php');
$t->data['consentServices'] = count($consentServices);
$t->data['consents'] = count($user_consent_list);
$t->show();
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment