GEANT /
CAT
@@ -98,103 +98,103 @@ |
||
| 98 | 98 | } |
| 99 | 99 | |
| 100 | 100 | switch ($operationMode) { |
| 101 | - case OPERATION_MODE_EDIT: |
|
| 102 | - $idp = $validator->existingIdP($_GET['inst_id']); |
|
| 103 | - // editing IdPs is done from within the popup. When we're done, send the |
|
| 104 | - // user back to the popup (append the result of the operation later) |
|
| 105 | - $redirectDestination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&"; |
|
| 106 | - if (count($validAddresses) == 0) { |
|
| 107 | - header("Location: $redirectDestination" . "invitation=INVALIDSYNTAX"); |
|
| 108 | - exit(1); |
|
| 109 | - } |
|
| 110 | - // is the user primary admin of this IdP? |
|
| 111 | - $is_owner = $idp->isPrimaryOwner($_SESSION['user']); |
|
| 112 | - // check if he is (also) federation admin for the federation this IdP is in. His invitations have more blessing then. |
|
| 113 | - $fedadmin = $userObject->isFederationAdmin($idp->federation); |
|
| 114 | - // check if he is either one, if not, complain |
|
| 115 | - if (!$is_owner && !$fedadmin) { |
|
| 116 | - echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureParticipant) . "</p>"; |
|
| 117 | - exit(1); |
|
| 118 | - } |
|
| 101 | + case OPERATION_MODE_EDIT: |
|
| 102 | + $idp = $validator->existingIdP($_GET['inst_id']); |
|
| 103 | + // editing IdPs is done from within the popup. When we're done, send the |
|
| 104 | + // user back to the popup (append the result of the operation later) |
|
| 105 | + $redirectDestination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&"; |
|
| 106 | + if (count($validAddresses) == 0) { |
|
| 107 | + header("Location: $redirectDestination" . "invitation=INVALIDSYNTAX"); |
|
| 108 | + exit(1); |
|
| 109 | + } |
|
| 110 | + // is the user primary admin of this IdP? |
|
| 111 | + $is_owner = $idp->isPrimaryOwner($_SESSION['user']); |
|
| 112 | + // check if he is (also) federation admin for the federation this IdP is in. His invitations have more blessing then. |
|
| 113 | + $fedadmin = $userObject->isFederationAdmin($idp->federation); |
|
| 114 | + // check if he is either one, if not, complain |
|
| 115 | + if (!$is_owner && !$fedadmin) { |
|
| 116 | + echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureParticipant) . "</p>"; |
|
| 117 | + exit(1); |
|
| 118 | + } |
|
| 119 | 119 | |
| 120 | - $prettyprintname = $idp->name; |
|
| 121 | - $newtokens = $mgmt->createTokens($fedadmin, $validAddresses, $idp); |
|
| 122 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . implode(",", $validAddresses)); |
|
| 123 | - $introtext = "CO-ADMIN"; |
|
| 124 | - $participant_type = $idp->type; |
|
| 125 | - break; |
|
| 126 | - case OPERATION_MODE_NEWUNLINKED: |
|
| 127 | - $redirectDestination = "../overview_federation.php?"; |
|
| 128 | - if (count($validAddresses) == 0) { |
|
| 129 | - header("Location: $redirectDestination"."invitation=INVALIDSYNTAX"); |
|
| 130 | - exit(1); |
|
| 131 | - } |
|
| 132 | - // run an input check and conversion of the raw inputs... just in case |
|
| 133 | - $newinstname = $validator->string($_POST['name']); |
|
| 134 | - $newcountry = $validator->string($_POST['country']); |
|
| 135 | - $participant_type = $validator->partType($_POST['participant_type']); |
|
| 136 | - $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry); |
|
| 137 | - if ($new_idp_authorized_fedadmin !== TRUE) { |
|
| 138 | - throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureParticipant . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!"); |
|
| 139 | - } |
|
| 140 | - $federation = $validator->existingFederation($newcountry); |
|
| 141 | - $prettyprintname = $newinstname; |
|
| 142 | - $introtext = "NEW-FED"; |
|
| 143 | - // send the user back to his federation overview page, append the result of the operation later |
|
| 144 | - // do the token creation magic |
|
| 145 | - $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $newinstname, 0, $newcountry, $participant_type); |
|
| 146 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE - Token created for $participant_type " . implode(",", $validAddresses)); |
|
| 147 | - break; |
|
| 148 | - case OPERATION_MODE_NEWFROMDB: |
|
| 149 | - $redirectDestination = "../overview_federation.php?"; |
|
| 150 | - if (count($validAddresses) == 0) { |
|
| 151 | - header("Location: $redirectDestination"."invitation=INVALIDSYNTAX"); |
|
| 152 | - exit(1); |
|
| 153 | - } |
|
| 154 | - // a real external DB entry was submitted and all the required parameters are there |
|
| 155 | - $externals = $validator->string($_POST['externals']); |
|
| 156 | - [$fedId, $newexternalid] = explode('-', $externals, 2); |
|
| 157 | - $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid, strtoupper($fedId).'01'); |
|
| 158 | - $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']); |
|
| 159 | - if ($new_idp_authorized_fedadmin !== TRUE) { |
|
| 160 | - throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureParticipant . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!"); |
|
| 161 | - } |
|
| 162 | - $federation = $validator->existingFederation($extinfo['country']); |
|
| 163 | - $newcountry = $extinfo['country']; |
|
| 164 | - // see if the inst name is defined in the currently set language; if not, pick its English name; if N/A, pick the last in the list |
|
| 165 | - $prettyprintname = ""; |
|
| 166 | - foreach ($extinfo['names'] as $lang => $name) { |
|
| 167 | - if ($lang == $languageInstance->getLang()) { |
|
| 168 | - $prettyprintname = $name; |
|
| 120 | + $prettyprintname = $idp->name; |
|
| 121 | + $newtokens = $mgmt->createTokens($fedadmin, $validAddresses, $idp); |
|
| 122 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . implode(",", $validAddresses)); |
|
| 123 | + $introtext = "CO-ADMIN"; |
|
| 124 | + $participant_type = $idp->type; |
|
| 125 | + break; |
|
| 126 | + case OPERATION_MODE_NEWUNLINKED: |
|
| 127 | + $redirectDestination = "../overview_federation.php?"; |
|
| 128 | + if (count($validAddresses) == 0) { |
|
| 129 | + header("Location: $redirectDestination"."invitation=INVALIDSYNTAX"); |
|
| 130 | + exit(1); |
|
| 169 | 131 | } |
| 170 | - } |
|
| 171 | - if ($prettyprintname == "" && isset($extinfo['names']['en'])) { |
|
| 172 | - $prettyprintname = $extinfo['names']['en']; |
|
| 173 | - } |
|
| 174 | - if ($prettyprintname == "") { |
|
| 175 | - foreach ($extinfo['names'] as $name) { |
|
| 176 | - $prettyprintname = $name; |
|
| 132 | + // run an input check and conversion of the raw inputs... just in case |
|
| 133 | + $newinstname = $validator->string($_POST['name']); |
|
| 134 | + $newcountry = $validator->string($_POST['country']); |
|
| 135 | + $participant_type = $validator->partType($_POST['participant_type']); |
|
| 136 | + $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry); |
|
| 137 | + if ($new_idp_authorized_fedadmin !== TRUE) { |
|
| 138 | + throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureParticipant . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!"); |
|
| 177 | 139 | } |
| 178 | - } |
|
| 179 | - if(\config\Master::FUNCTIONALITY_FLAGS['SINGLE_SERVICE'] === 'MSP') { |
|
| 180 | - $participant_type = \core\IdP::TYPE_SP; |
|
| 181 | - } else { |
|
| 182 | - $participant_type = $extinfo['type']; |
|
| 183 | - } |
|
| 184 | - // fill the rest of the text |
|
| 185 | - $introtext = "EXISTING-FED"; |
|
| 186 | - // do the token creation magic |
|
| 187 | - $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $prettyprintname, $newexternalid, $fedId); |
|
| 188 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE - Token created for " . implode(",", $validAddresses)); |
|
| 189 | - break; |
|
| 190 | - default: // includes OPERATION_MODE_INVALID |
|
| 191 | - // second param is TRUE, so the variable *will* contain a string |
|
| 192 | - // i.e. ignore Scrutinizer type warning later |
|
| 193 | - $wrongcontent = print_r($_POST, TRUE); |
|
| 194 | - echo "<pre>Wrong parameters in POST: |
|
| 140 | + $federation = $validator->existingFederation($newcountry); |
|
| 141 | + $prettyprintname = $newinstname; |
|
| 142 | + $introtext = "NEW-FED"; |
|
| 143 | + // send the user back to his federation overview page, append the result of the operation later |
|
| 144 | + // do the token creation magic |
|
| 145 | + $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $newinstname, 0, $newcountry, $participant_type); |
|
| 146 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE - Token created for $participant_type " . implode(",", $validAddresses)); |
|
| 147 | + break; |
|
| 148 | + case OPERATION_MODE_NEWFROMDB: |
|
| 149 | + $redirectDestination = "../overview_federation.php?"; |
|
| 150 | + if (count($validAddresses) == 0) { |
|
| 151 | + header("Location: $redirectDestination"."invitation=INVALIDSYNTAX"); |
|
| 152 | + exit(1); |
|
| 153 | + } |
|
| 154 | + // a real external DB entry was submitted and all the required parameters are there |
|
| 155 | + $externals = $validator->string($_POST['externals']); |
|
| 156 | + [$fedId, $newexternalid] = explode('-', $externals, 2); |
|
| 157 | + $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid, strtoupper($fedId).'01'); |
|
| 158 | + $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']); |
|
| 159 | + if ($new_idp_authorized_fedadmin !== TRUE) { |
|
| 160 | + throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureParticipant . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!"); |
|
| 161 | + } |
|
| 162 | + $federation = $validator->existingFederation($extinfo['country']); |
|
| 163 | + $newcountry = $extinfo['country']; |
|
| 164 | + // see if the inst name is defined in the currently set language; if not, pick its English name; if N/A, pick the last in the list |
|
| 165 | + $prettyprintname = ""; |
|
| 166 | + foreach ($extinfo['names'] as $lang => $name) { |
|
| 167 | + if ($lang == $languageInstance->getLang()) { |
|
| 168 | + $prettyprintname = $name; |
|
| 169 | + } |
|
| 170 | + } |
|
| 171 | + if ($prettyprintname == "" && isset($extinfo['names']['en'])) { |
|
| 172 | + $prettyprintname = $extinfo['names']['en']; |
|
| 173 | + } |
|
| 174 | + if ($prettyprintname == "") { |
|
| 175 | + foreach ($extinfo['names'] as $name) { |
|
| 176 | + $prettyprintname = $name; |
|
| 177 | + } |
|
| 178 | + } |
|
| 179 | + if(\config\Master::FUNCTIONALITY_FLAGS['SINGLE_SERVICE'] === 'MSP') { |
|
| 180 | + $participant_type = \core\IdP::TYPE_SP; |
|
| 181 | + } else { |
|
| 182 | + $participant_type = $extinfo['type']; |
|
| 183 | + } |
|
| 184 | + // fill the rest of the text |
|
| 185 | + $introtext = "EXISTING-FED"; |
|
| 186 | + // do the token creation magic |
|
| 187 | + $newtokens = $mgmt->createTokens(TRUE, $validAddresses, $prettyprintname, $newexternalid, $fedId); |
|
| 188 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE - Token created for " . implode(",", $validAddresses)); |
|
| 189 | + break; |
|
| 190 | + default: // includes OPERATION_MODE_INVALID |
|
| 191 | + // second param is TRUE, so the variable *will* contain a string |
|
| 192 | + // i.e. ignore Scrutinizer type warning later |
|
| 193 | + $wrongcontent = print_r($_POST, TRUE); |
|
| 194 | + echo "<pre>Wrong parameters in POST: |
|
| 195 | 195 | " . htmlspecialchars(/** @scrutinizer ignore-type */ $wrongcontent) . " |
| 196 | 196 | </pre>"; |
| 197 | - exit(1); |
|
| 197 | + exit(1); |
|
| 198 | 198 | } |
| 199 | 199 | |
| 200 | 200 | // send, and invalidate the token immediately if the mail could not be sent! |
@@ -461,17 +461,17 @@ discard block |
||
| 461 | 461 | } |
| 462 | 462 | echo "<td class='inst_td'> |
| 463 | 463 | <input type='hidden' name='inst' value='" |
| 464 | - . $index."'>" |
|
| 465 | - . "<span style='display:none' class='inst_name'>".$my_idp."</span>" |
|
| 466 | - . "<span>". $idp_instance->name."</span>" |
|
| 467 | - . " (<a href='overview_org.php?inst_id=" |
|
| 468 | - . $idp_instance->identifier."'>" |
|
| 469 | - . (in_array($index, $userIdps) ? _("manage") : _("view")) |
|
| 470 | - . "</a>)" |
|
| 471 | - . (empty($listOfSilverbulletRealms) ? "" : "<ul><li>" ) |
|
| 472 | - . implode("</li><li>", $listOfSilverbulletRealms) |
|
| 473 | - . (empty($listOfSilverbulletRealms) ? "" : "</li><ul>" ) |
|
| 474 | - . "</td>"; |
|
| 464 | + . $index."'>" |
|
| 465 | + . "<span style='display:none' class='inst_name'>".$my_idp."</span>" |
|
| 466 | + . "<span>". $idp_instance->name."</span>" |
|
| 467 | + . " (<a href='overview_org.php?inst_id=" |
|
| 468 | + . $idp_instance->identifier."'>" |
|
| 469 | + . (in_array($index, $userIdps) ? _("manage") : _("view")) |
|
| 470 | + . "</a>)" |
|
| 471 | + . (empty($listOfSilverbulletRealms) ? "" : "<ul><li>" ) |
|
| 472 | + . implode("</li><li>", $listOfSilverbulletRealms) |
|
| 473 | + . (empty($listOfSilverbulletRealms) ? "" : "</li><ul>" ) |
|
| 474 | + . "</td>"; |
|
| 475 | 475 | // deployment status; need to dive into profiles for this |
| 476 | 476 | // show happy eyeballs if at least one profile is configured/showtime |
| 477 | 477 | if(\config\Master::FUNCTIONALITY_FLAGS['SINGLE_SERVICE'] !== 'MSP') { |
@@ -528,8 +528,8 @@ discard block |
||
| 528 | 528 | echo "<form method='post' action='overview_federation.php' accept-charset='UTF-8'> |
| 529 | 529 | <input type='hidden' name='invitation_id' value='".$oneinvite['token']."'/> |
| 530 | 530 | <button class='delete' type='submit' name='submitbutton' value='".web\lib\common\FormElements::BUTTON_DELETE."'>"._("Revoke Invitation")."</button> " |
| 531 | - . sprintf(_("(expires %s)"), $oneinvite['expiry']) |
|
| 532 | - . "</form>"; |
|
| 531 | + . sprintf(_("(expires %s)"), $oneinvite['expiry']) |
|
| 532 | + . "</form>"; |
|
| 533 | 533 | } |
| 534 | 534 | echo " </td>"; |
| 535 | 535 | echo " </tr>"; |
