UserAPI - Code Metrics - Inspection of "take note that EAP-FAST is typically not included..." - GEANT/CAT - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 09cfdd...94b89f )

by Stefan

created 2018-03-05 09:19 UTC

UserAPI F

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	482
Duplicated Lines	0 %

Importance

Changes

Metric	Value
wmc	78
dl	0
loc	482
rs	2.1126
c	0
b	0
f	0

20 Methods

Rating	Name	Size	Complexity
A	__construct()	2	1
A	verifyDownloadAccess()	19	4
B	generateInstaller()	27	6
A	processImage()	19	2
A	downloadInstaller()	21	3
B	detectOS()	24	6
A	deviceInfo()	13	2
A	returnDevice()	6	2
A	getUserCerts()	17	3
B	profileAttributes()	22	6
B	listDevices()	19	8
B	generateNewInstaller()	34	6
A	locateDevice()	2	1
A	profileSort()	2	1
A	deviceFromRequest()	11	4
B	getCache()	17	8
A	listAllIdentityProviders()	2	1
B	testForResize()	15	7
A	orderIdentityProviders()	2	1
B	getLogo()	40	6

How to fix Complexity

<?php

/*
 * ******************************************************************************
 * Copyright 2011-2017 DANTE Ltd. and GÉANT on behalf of the GN3, GN3+, GN4-1 
 * and GN4-2 consortia
 *
 * License: see the web/copyright.php file in the file structure
 * ******************************************************************************
 */

/**
 * This is the collection of methods dedicated for the user GUI
 * @author Tomasz Wolniewicz <[email protected]>
 * @author Stefan Winter <[email protected]>
 * @package UserAPI
 *
 * Parts of this code are based on simpleSAMLPhp discojuice module.
 * This product includes GeoLite data created by MaxMind, available from
 * http://www.maxmind.com
 */

namespace core;

use \Exception;

/**
 * The basic methoods for the user GUI
 * @package UserAPI
 *
 */
class UserAPI extends CAT {

    /**
     * nothing special to be done here.
     */
    public function __construct() {
        parent::__construct();
    }

    /**
     * Prepare the device module environment and send back the link
     * This method creates a device module instance via the {@link DeviceFactory} call, 
     * then sets up the device module environment for the specific profile by calling 
     * {@link DeviceConfig::setup()} method and finally, called the devide writeInstaller meethod
     * passing the returned path name.
     * 
     * @param string $device identifier as in {@link devices.php}
     * @param int $profileId profile identifier
     *
     * @return array 
     *  array with the following fields: 
     *  profile - the profile identifier; 
     *  device - the device identifier; 
     *  link - the path name of the resulting installer
     *  mime - the mimetype of the installer
     */
    public function generateInstaller($device, $profileId, $generatedFor = "user", $token = NULL, $password = NULL) {
        $this->languageInstance->setTextDomain("devices");
        $this->loggerInstance->debug(4, "installer:$device:$profileId\n");
        $validator = new \web\lib\common\InputValidation();
        $profile = $validator->Profile($profileId);
        // test if the profile is production-ready and if not if the authenticated user is an owner
        if ($this->verifyDownloadAccess($profile) === FALSE) {
            return;
        }
        $installerProperties = [];
        $installerProperties['profile'] = $profileId;
        $installerProperties['device'] = $device;
        $cache = $this->getCache($device, $profile);
        $this->installerPath = $cache['path'];
        if ($this->installerPath !== NULL && $token == NULL && $password == NULL) {
            $this->loggerInstance->debug(4, "Using cached installer for: $device\n");
            $installerProperties['link'] = "API.php?action=downloadInstaller&lang=" . $this->languageInstance->getLang() . "&profile=$profileId&device=$device&generatedfor=$generatedFor";
            $installerProperties['mime'] = $cache['mime'];
        } else {
            $myInstaller = $this->generateNewInstaller($device, $profile, $generatedFor, $token, $password);
            if ($myInstaller['link'] !== 0) {
                $installerProperties['mime'] = $myInstaller['mime'];
            }
            $installerProperties['link'] = $myInstaller['link'];
        }
        $this->languageInstance->setTextDomain("web_user");
        return($installerProperties);
    }
    
    private function verifyDownloadAccess($profile) {
        $attribs = $profile->getCollapsedAttributes();
        if (\core\common\Entity::getAttributeValue($attribs, 'profile:production', 0) !== 'on') {
            $this->loggerInstance->debug(4, "Attempt to download a non-production ready installer for profile: $profile->identifier\n");
            $auth = new \web\lib\admin\Authentication();
            if (!$auth->isAuthenticated()) {
                $this->loggerInstance->debug(2, "User NOT authenticated, rejecting request for a non-production installer\n");
                header("HTTP/1.0 403 Not Authorized");
                return(FALSE);
            }
            $userObject = new User($_SESSION['user']);
            if (!$userObject->isIdPOwner($profile->institution)) {
                $this->loggerInstance->debug(2, "User not an owner of a non-production profile - access forbidden\n");
                header("HTTP/1.0 403 Not Authorized");
                return(FALSE);
            }
            $this->loggerInstance->debug(4, "User is the owner - allowing access\n");
        }
        return(TRUE);
    }

    /**
     * This function tries to find a cached copy of an installer for a given
     * combination of Profile and device
     * @param string $device
     * @param AbstractProfile $profile
     * @return array containing path to the installer and mime type of the file, the path is set to NULL if no cache can be returned
     */
    private function getCache($device, $profile) {
        $deviceConfig = \devices\Devices::listDevices()[$device];
        $noCache = (isset(\devices\Devices::$Options['no_cache']) && \devices\Devices::$Options['no_cache']) ? 1 : 0;
        if (isset($deviceConfig['options']['no_cache'])) {
            $noCache = $deviceConfig['options']['no_cache'] ? 1 : 0;
        }
        if ($noCache) {
            $this->loggerInstance->debug(5, "getCache: the no_cache option set for this device\n");
            return(['path' => NULL, 'mime' => NULL]);
        }
        $this->loggerInstance->debug(5, "getCache: caching option set for this device\n");
        $cache = $profile->testCache($device);
        $iPath = $cache['cache'];
        if ($iPath && is_file($iPath)) {
            return(['path' => $iPath, 'mime' => $cache['mime']]);
        }
        return(['path' => NULL, 'mime' => NULL]);
    }

    /**
     * Generates a new installer for the given combination of device and Profile
     * 
     * @param string $device
     * @param AbstractProfile $profile
     * @return array info about the new installer (mime and link)
     */
    private function generateNewInstaller($device, $profile, $generatedFor, $token, $password) {
        $this->loggerInstance->debug(5, "generateNewInstaller() - Enter");
        $factory = new DeviceFactory($device);
        $this->loggerInstance->debug(5, "generateNewInstaller() - created Device");
        $dev = $factory->device;
        $out = [];
        if (isset($dev)) {
            $dev->setup($profile, $token, $password);
            $this->loggerInstance->debug(5, "generateNewInstaller() - Device setup done");
            $installer = $dev->writeInstaller();
            $this->loggerInstance->debug(5, "generateNewInstaller() - writeInstaller complete");
            $iPath = $dev->FPATH . '/tmp/' . $installer;
            if ($iPath && is_file($iPath)) {
                if (isset($dev->options['mime'])) {
                    $out['mime'] = $dev->options['mime'];
                } else {
                    $info = new \finfo();
                    $out['mime'] = $info->file($iPath, FILEINFO_MIME_TYPE);
                }
                $this->installerPath = $dev->FPATH . '/' . $installer;
                rename($iPath, $this->installerPath);
                $integerEap = (new \core\common\EAP($dev->selectedEap))->getIntegerRep();
                $profile->updateCache($device, $this->installerPath, $out['mime'], $integerEap);
                if (CONFIG['DEBUG_LEVEL'] < 4) {
                    \core\common\Entity::rrmdir($dev->FPATH . '/tmp');
                }
                $this->loggerInstance->debug(4, "Generated installer: " . $this->installerPath . ": for: $device, EAP:" . $integerEap . "\n");
                $out['link'] = "API.php?action=downloadInstaller&lang=" . $this->languageInstance->getLang() . "&profile=" . $profile->identifier . "&device=$device&generatedfor=$generatedFor";
            } else {
                $this->loggerInstance->debug(2, "Installer generation failed for: " . $profile->identifier . ":$device:" . $this->languageInstance->getLang() . "\n");
                $out['link'] = 0;
            }
        }
        return($out);
    }

    /**
     * interface to Devices::listDevices() 
     */
    public function listDevices($showHidden = 0) {
        $returnList = [];
        $count = 0;
        if ($showHidden !== 0 && $showHidden != 1) {
            throw new Exception("show_hidden is only be allowed to be 0 or 1, but it is $showHidden!");
        }
        foreach (\devices\Devices::listDevices() as $device => $deviceProperties) {
            if (\core\common\Entity::getAttributeValue($deviceProperties, 'options', 'hidden') === 1 && $showHidden === 0) {
                continue;
            }
            $count++;
            $deviceProperties['device'] = $device;
            $group = isset($deviceProperties['group']) ? $deviceProperties['group'] : 'other';
            if (!isset($returnList[$group])) {
                $returnList[$group] = [];
            }
            $returnList[$group][$device] = $deviceProperties;
        }
        return $returnList;
    }

    /**
     * 
     * @param string $device
     * @param int $profileId
     */
    public function deviceInfo($device, $profileId) {
        $this->languageInstance->setTextDomain("devices");
        $validator = new \web\lib\common\InputValidation();
        $out = 0;
        $profile = $validator->Profile($profileId);
        $factory = new DeviceFactory($device);
        $dev = $factory->device;
        if (isset($dev)) {
            $dev->setup($profile);
            $out = $dev->writeDeviceInfo();
        }
        $this->languageInstance->setTextDomain("web_user");
        echo $out;
    }

    /**
     * Prepare the support data for a given profile
     *
     * @param int $profId profile identifier
     * @return array
     * array with the following fields:
     * - local_email
     * - local_phone
     * - local_url
     * - description
     * - devices - an array of device names and their statuses (for a given profile)
     */
    public function profileAttributes($profId) {
        $this->languageInstance->setTextDomain("devices");
        $validator = new \web\lib\common\InputValidation();
        $profile = $validator->Profile($profId);
        $attribs = $profile->getCollapsedAttributes();
        $returnArray = [];
        $returnArray['silverbullet'] = $profile instanceof ProfileSilverbullet ? 1 : 0;
        if (isset($attribs['support:email'])) {
            $returnArray['local_email'] = $attribs['support:email'][0];
        }
        if (isset($attribs['support:phone'])) {
            $returnArray['local_phone'] = $attribs['support:phone'][0];
        }
        if (isset($attribs['support:url'])) {
            $returnArray['local_url'] = $attribs['support:url'][0];
        }
        if (isset($attribs['profile:description'])) {
            $returnArray['description'] = $attribs['profile:description'][0];
        }
        $returnArray['devices'] = $profile->listDevices();
        $this->languageInstance->setTextDomain("web_user");
        return($returnArray);
    }

    /**
     * Generate and send the installer
     *
     * @param string $device identifier as in {@link devices.php}
     * @param int $prof_id profile identifier
     * @return string binary stream: installerFile
     */
    public function downloadInstaller($device, $prof_id, $generated_for = 'user', $token = NULL, $password = NULL) {
        $this->loggerInstance->debug(4, "downloadInstaller arguments: $device,$prof_id,$generated_for\n");
        $output = $this->generateInstaller($device, $prof_id, $generated_for, $token, $password);
        $this->loggerInstance->debug(4, "output from GUI::generateInstaller:");
        $this->loggerInstance->debug(4, print_r($output, true));
        if (empty($output['link']) || $output['link'] === 0) {
            header("HTTP/1.0 404 Not Found");
            return;
        }
        $validator = new \web\lib\common\InputValidation();
        $profile = $validator->Profile($prof_id);
        $profile->incrementDownloadStats($device, $generated_for);
        $file = $this->installerPath;
        $filetype = $output['mime'];
        $this->loggerInstance->debug(4, "installer MIME type:$filetype\n");
        header("Content-type: " . $filetype);
        header('Content-Disposition: inline; filename="' . basename($file) . '"');
        header('Content-Length: ' . filesize($file));
        ob_clean();
        flush();
        readfile($file);
    }

    /**
     * resizes image files
     * 
     * @param string $inputImage
     * @param string $destFile
     * @param int $width
     * @param int $height
     * @param bool $resize shall we do resizing? width and height are ignored otherwise
     * @return array
     */
    private function processImage($inputImage, $destFile, $width, $height, $resize) {
        $info = new \finfo();
        $filetype = $info->buffer($inputImage, FILEINFO_MIME_TYPE);
        $offset = 60 * 60 * 24 * 30;
        // gmdate cannot fail here - time() is its default argument (and integer), and we are adding an integer to it
        $expiresString = "Expires: " . /** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset) . " GMT";
        $blob = $inputImage;

        if ($resize === TRUE) {
            $image = new \Imagick();
            $image->readImageBlob($inputImage);
            $image->setImageFormat('PNG');
            $image->thumbnailImage($width, $height, 1);
            $blob = $image->getImageBlob();
            $this->loggerInstance->debug(4, "Writing cached logo $destFile for IdP/Federation.\n");
            file_put_contents($destFile, $blob);
        }

        return ["filetype" => $filetype, "expires" => $expiresString, "blob" => $blob];
    }

    /**
     * Get and prepare logo file 
     *
     * When called for DiscoJuice, first check if file cache exists
     * If not then generate the file and save it in the cache
     * @param int|string $identifier IdP of Federation identifier
     * @param string $type either 'idp' or 'federation' is allowed 
     * @param int $width maximum width of the generated image - if 0 then it is treated as no upper bound
     * @param int $height  maximum height of the generated image - if 0 then it is treated as no upper bound
     * @return array|null array with image information or NULL if there is no logo
     */
    protected function getLogo($identifier, $type, $width = 0, $height = 0) {
        $expiresString = '';
        $resize = FALSE;

        $attributeName = [
            'federation' => "fed:logo_file",
            'idp' => "general:logo_file",
        ];
        
        $logoFile = "";
        $validator = new \web\lib\common\InputValidation();
        switch ($type) {
            case "federation":
                $entity = $validator->Federation($identifier);
                break;
            case "idp":
                $entity = $validator->IdP($identifier);
                break;
            default:
                throw new Exception("Unknown type of logo requested!");
        }
        $filetype = 'image/png'; // default, only one code path where it can become different
        list($width, $height, $resize) = $this->testForResize($width, $height);
        if ($resize) {
            $logoFile = ROOT . '/web/downloads/logos/' . $identifier . '_' . $width . '_' . $height . '.png';
        }
        if (is_file($logoFile)) { // $logoFile could be an empty string but then we will get a FALSE
            $this->loggerInstance->debug(4, "Using cached logo $logoFile for: $identifier\n");
            $blob = file_get_contents($logoFile);
        } else {
            $logoAttribute = $entity->getAttributes($attributeName[$type]);
            if (count($logoAttribute) == 0) {
                return(NULL);
            }
            $this->loggerInstance->debug(4,"RESIZE:$width:$height\n");
            $meta = $this->processImage($logoAttribute[0]['value'], $logoFile, $width, $height, $resize);
            $filetype = $meta['filetype'];
            $expiresString = $meta['expires'];
            $blob = $meta['blob'];
        }
        return ["filetype" => $filetype, "expires" => $expiresString, "blob" => $blob];
    }
    
    private function testForResize($width, $height) {
        if (is_numeric($width) && is_numeric($height) && ($width > 0 || $height > 0)) {
            if ($height == 0) {
                $height = 10000;
            }
            if ($width == 0) {
                $width = 10000;
            }
            $resize = TRUE;
        } else {
            $width = 0;
            $height = 0;
            $resize = FALSE;
        }
        return ([$width, $height, $resize]);
    }

    /**
     * find out where the device is currently located
     * @return array
     */
    public function locateDevice() {
        return(\core\DeviceLocation::locateDevice());
    }
    
    /**
     * Lists all identity providers in the database
     * adding information required by DiscoJuice.
     * 
     * @param int $activeOnly if set to non-zero will cause listing of only those institutions which have some valid profiles defined.
     * @param string $country if set, only list IdPs in a specific country
     * @return array the list of identity providers
     *
     */
    public function listAllIdentityProviders($activeOnly = 0, $country = "") {
        return(IdPlist::listAllIdentityProviders($activeOnly, $country));
    }
    
    /**
     * Order active identity providers according to their distance and name
     * @param array $currentLocation - current location
     * @return array $IdPs -  list of arrays ('id', 'name');
     */
    public function orderIdentityProviders($country, $currentLocation = NULL) {
        return(IdPlist::orderIdentityProviders($country, $currentLocation));
    }

    /**
     * Detect the best device driver form the browser
     * Detects the operating system and returns its id 
     * display name and group membership (as in devices.php)
     * @return array|FALSE OS information, indexed by 'id', 'display', 'group'
     */
    public function detectOS() {
        $oldDomain = $this->languageInstance->setTextDomain("devices");
        $Dev = \devices\Devices::listDevices();
        $this->languageInstance->setTextDomain($oldDomain);
        $devId = $this->deviceFromRequest();
        if ($devId !== NULL) {
            $ret = $this->returnDevice($devId, $Dev[$devId]);
            if ($ret !== FALSE) {
                return($ret);
            } 
        }
// the device has not been specified or not specified correctly, try to detect if from the browser ID
        $browser = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT', FILTER_SANITIZE_STRING);
        $this->loggerInstance->debug(4, "HTTP_USER_AGENT=$browser\n");
        foreach ($Dev as $devId => $device) {
            if (!isset($device['match'])) {
                continue;
            }
            if (preg_match('/' . $device['match'] . '/', $browser)) {
                return ($this->returnDevice($devId, $device));
            }
        }
        $this->loggerInstance->debug(2, "Unrecognised system: $browser\n");
        return(false);
    }
    
    /*
     * test if devise is defined and is not hidden. If all is fine return extracted information.
     * Return FALSE if the device has not been correctly specified
     */
    private function returnDevice($devId, $device) {
        if (\core\common\Entity::getAttributeValue($device, 'options', 'hidden') !== 1) {
            $this->loggerInstance->debug(4, "Browser_id: $devId\n");
            return(['device' => $devId, 'display' => $device['display'], 'group' => $device['group']]);
        }
        return(FALSE);
    }
   
    /**
     * This methods cheks if the devide has been specified as the HTTP parameters
     * @return device id|NULL if correcty specified or FALSE otherwise
     */
    private function deviceFromRequest() {
        $devId = filter_input(INPUT_GET, 'device', FILTER_SANITIZE_STRING) ?? filter_input(INPUT_POST, 'device', FILTER_SANITIZE_STRING);
        if ($devId === NULL || $devId === FALSE) {
            $this->loggerInstance->debug(2, "Invalid device id provided\n");
            return(NULL);
        }
        if (!isset(\devices\Devices::listDevices()[$devId])) {
            $this->loggerInstance->debug(2, "Unrecognised system: $devId\n");
            return(NULL);
        }
        return($devId);
    }

    /**
     * finds all the user certificates that originated in a given token
     * @param string $token
     * @return array|false returns FALSE if a token is invalid, otherwise array of certs
     */
    public function getUserCerts($token) {
        $validator = new \web\lib\common\InputValidation();
        $cleanToken = $validator->token($token);
        if ($cleanToken) {
            // check status of this silverbullet token according to info in DB:
            // it can be VALID (exists and not redeemed, EXPIRED, REDEEMED or INVALID (non existent)
            $invitationObject = new \core\SilverbulletInvitation($cleanToken);
        } else {
            return false;
        }
        $profile = new \core\ProfileSilverbullet($invitationObject->profile, NULL);
        $userdata = $profile->userStatus($invitationObject->userId);
        $allcerts = [];
        foreach ($userdata as $content) {
            $allcerts = array_merge($allcerts, $content->associatedCertificates);
        }
        return $allcerts;
    }

    public $device;
    private $installerPath;

    /**
     * helper function to sort profiles by their name
     * @param \core\AbstractProfile $profile1 the first profile's information
     * @param \core\AbstractProfile $profile2 the second profile's information
     * @return int
     */
    private static function profileSort($profile1, $profile2) {
        return strcasecmp($profile1->name, $profile2->name);
    }

}


1			<?php
2
3			/*
4			* ******************************************************************************
5			* Copyright 2011-2017 DANTE Ltd. and GÉANT on behalf of the GN3, GN3+, GN4-1
6			* and GN4-2 consortia
7			*
8			* License: see the web/copyright.php file in the file structure
9			* ******************************************************************************
10			*/
11
12			/**
13			* This is the collection of methods dedicated for the user GUI
14			* @author Tomasz Wolniewicz <[email protected]>
15			* @author Stefan Winter <[email protected]>
16			* @package UserAPI
17			*
18			* Parts of this code are based on simpleSAMLPhp discojuice module.
19			* This product includes GeoLite data created by MaxMind, available from
20			* http://www.maxmind.com
21			*/
22
23			namespace core;
24
25			use \Exception;
26
27			/**
28			* The basic methoods for the user GUI
29			* @package UserAPI
30			*
31			*/
32			class UserAPI extends CAT {
33
34			/**
35			* nothing special to be done here.
36			*/
37			public function __construct() {
38			parent::__construct();
39			}
40
41			/**
42			* Prepare the device module environment and send back the link
43			* This method creates a device module instance via the {@link DeviceFactory} call,
44			* then sets up the device module environment for the specific profile by calling
45			* {@link DeviceConfig::setup()} method and finally, called the devide writeInstaller meethod
46			* passing the returned path name.
47			*
48			* @param string $device identifier as in {@link devices.php}
49			* @param int $profileId profile identifier
50			*
51			* @return array
52			* array with the following fields:
53			* profile - the profile identifier;
54			* device - the device identifier;
55			* link - the path name of the resulting installer
56			* mime - the mimetype of the installer
57			*/
58			public function generateInstaller($device, $profileId, $generatedFor = "user", $token = NULL, $password = NULL) {
59			$this->languageInstance->setTextDomain("devices");
60			$this->loggerInstance->debug(4, "installer:$device:$profileId\n");
61			$validator = new \web\lib\common\InputValidation();
62			$profile = $validator->Profile($profileId);
63			// test if the profile is production-ready and if not if the authenticated user is an owner
64			if ($this->verifyDownloadAccess($profile) === FALSE) {
65			return;
66			}
67			$installerProperties = [];
68			$installerProperties['profile'] = $profileId;
69			$installerProperties['device'] = $device;
70			$cache = $this->getCache($device, $profile);
71			$this->installerPath = $cache['path'];
72			if ($this->installerPath !== NULL && $token == NULL && $password == NULL) {
73			$this->loggerInstance->debug(4, "Using cached installer for: $device\n");
74			$installerProperties['link'] = "API.php?action=downloadInstaller&lang=" . $this->languageInstance->getLang() . "&profile=$profileId&device=$device&generatedfor=$generatedFor";
75			$installerProperties['mime'] = $cache['mime'];
76			} else {
77			$myInstaller = $this->generateNewInstaller($device, $profile, $generatedFor, $token, $password);
78			if ($myInstaller['link'] !== 0) {
79			$installerProperties['mime'] = $myInstaller['mime'];
80			}
81			$installerProperties['link'] = $myInstaller['link'];
82			}
83			$this->languageInstance->setTextDomain("web_user");
84			return($installerProperties);
85			}
86
87			private function verifyDownloadAccess($profile) {
88			$attribs = $profile->getCollapsedAttributes();
89			if (\core\common\Entity::getAttributeValue($attribs, 'profile:production', 0) !== 'on') {
90			$this->loggerInstance->debug(4, "Attempt to download a non-production ready installer for profile: $profile->identifier\n");
91			$auth = new \web\lib\admin\Authentication();
92			if (!$auth->isAuthenticated()) {
93			$this->loggerInstance->debug(2, "User NOT authenticated, rejecting request for a non-production installer\n");
94			header("HTTP/1.0 403 Not Authorized");
95			return(FALSE);
96			}
97			$userObject = new User($_SESSION['user']);
98			if (!$userObject->isIdPOwner($profile->institution)) {
99			$this->loggerInstance->debug(2, "User not an owner of a non-production profile - access forbidden\n");
100			header("HTTP/1.0 403 Not Authorized");
101			return(FALSE);
102			}
103			$this->loggerInstance->debug(4, "User is the owner - allowing access\n");
104			}
105			return(TRUE);
106			}
107
108			/**
109			* This function tries to find a cached copy of an installer for a given
110			* combination of Profile and device
111			* @param string $device
112			* @param AbstractProfile $profile
113			* @return array containing path to the installer and mime type of the file, the path is set to NULL if no cache can be returned
114			*/
115			private function getCache($device, $profile) {
116			$deviceConfig = \devices\Devices::listDevices()[$device];
117			$noCache = (isset(\devices\Devices::$Options['no_cache']) && \devices\Devices::$Options['no_cache']) ? 1 : 0;
118			if (isset($deviceConfig['options']['no_cache'])) {
119			$noCache = $deviceConfig['options']['no_cache'] ? 1 : 0;
120			}
121			if ($noCache) {
122			$this->loggerInstance->debug(5, "getCache: the no_cache option set for this device\n");
123			return(['path' => NULL, 'mime' => NULL]);
124			}
125			$this->loggerInstance->debug(5, "getCache: caching option set for this device\n");
126			$cache = $profile->testCache($device);
127			$iPath = $cache['cache'];
128			if ($iPath && is_file($iPath)) {
129			return(['path' => $iPath, 'mime' => $cache['mime']]);
130			}
131			return(['path' => NULL, 'mime' => NULL]);
132			}
133
134			/**
135			* Generates a new installer for the given combination of device and Profile
136			*
137			* @param string $device
138			* @param AbstractProfile $profile
139			* @return array info about the new installer (mime and link)
140			*/
141			private function generateNewInstaller($device, $profile, $generatedFor, $token, $password) {
142			$this->loggerInstance->debug(5, "generateNewInstaller() - Enter");
143			$factory = new DeviceFactory($device);
144			$this->loggerInstance->debug(5, "generateNewInstaller() - created Device");
145			$dev = $factory->device;
146			$out = [];
147			if (isset($dev)) {
148			$dev->setup($profile, $token, $password);
149			$this->loggerInstance->debug(5, "generateNewInstaller() - Device setup done");
150			$installer = $dev->writeInstaller();
151			$this->loggerInstance->debug(5, "generateNewInstaller() - writeInstaller complete");
152			$iPath = $dev->FPATH . '/tmp/' . $installer;
153			if ($iPath && is_file($iPath)) {
154			if (isset($dev->options['mime'])) {
155			$out['mime'] = $dev->options['mime'];
156			} else {
157			$info = new \finfo();
158			$out['mime'] = $info->file($iPath, FILEINFO_MIME_TYPE);
159			}
160			$this->installerPath = $dev->FPATH . '/' . $installer;
161			rename($iPath, $this->installerPath);
162			$integerEap = (new \core\common\EAP($dev->selectedEap))->getIntegerRep();
163			$profile->updateCache($device, $this->installerPath, $out['mime'], $integerEap);
164			if (CONFIG['DEBUG_LEVEL'] < 4) {
165			\core\common\Entity::rrmdir($dev->FPATH . '/tmp');
166			}
167			$this->loggerInstance->debug(4, "Generated installer: " . $this->installerPath . ": for: $device, EAP:" . $integerEap . "\n");
168			$out['link'] = "API.php?action=downloadInstaller&lang=" . $this->languageInstance->getLang() . "&profile=" . $profile->identifier . "&device=$device&generatedfor=$generatedFor";
169			} else {
170			$this->loggerInstance->debug(2, "Installer generation failed for: " . $profile->identifier . ":$device:" . $this->languageInstance->getLang() . "\n");
171			$out['link'] = 0;
172			}
173			}
174			return($out);
175			}
176
177			/**
178			* interface to Devices::listDevices()
179			*/
180			public function listDevices($showHidden = 0) {
181			$returnList = [];
182			$count = 0;
183			if ($showHidden !== 0 && $showHidden != 1) {
184			throw new Exception("show_hidden is only be allowed to be 0 or 1, but it is $showHidden!");
185			}
186			foreach (\devices\Devices::listDevices() as $device => $deviceProperties) {
187			if (\core\common\Entity::getAttributeValue($deviceProperties, 'options', 'hidden') === 1 && $showHidden === 0) {
188			continue;
189			}
190			$count++;
191			$deviceProperties['device'] = $device;
192			$group = isset($deviceProperties['group']) ? $deviceProperties['group'] : 'other';
193			if (!isset($returnList[$group])) {
194			$returnList[$group] = [];
195			}
196			$returnList[$group][$device] = $deviceProperties;
197			}
198			return $returnList;
199			}
200
201			/**
202			*
203			* @param string $device
204			* @param int $profileId
205			*/
206			public function deviceInfo($device, $profileId) {
207			$this->languageInstance->setTextDomain("devices");
208			$validator = new \web\lib\common\InputValidation();
209			$out = 0;
210			$profile = $validator->Profile($profileId);
211			$factory = new DeviceFactory($device);
212			$dev = $factory->device;
213			if (isset($dev)) {
214			$dev->setup($profile);
215			$out = $dev->writeDeviceInfo();
216			}
217			$this->languageInstance->setTextDomain("web_user");
218			echo $out;
219			}
220
221			/**
222			* Prepare the support data for a given profile
223			*
224			* @param int $profId profile identifier
225			* @return array
226			* array with the following fields:
227			* - local_email
228			* - local_phone
229			* - local_url
230			* - description
231			* - devices - an array of device names and their statuses (for a given profile)
232			*/
233			public function profileAttributes($profId) {
234			$this->languageInstance->setTextDomain("devices");
235			$validator = new \web\lib\common\InputValidation();
236			$profile = $validator->Profile($profId);
237			$attribs = $profile->getCollapsedAttributes();
238			$returnArray = [];
239			$returnArray['silverbullet'] = $profile instanceof ProfileSilverbullet ? 1 : 0;
240			if (isset($attribs['support:email'])) {
241			$returnArray['local_email'] = $attribs['support:email'][0];
242			}
243			if (isset($attribs['support:phone'])) {
244			$returnArray['local_phone'] = $attribs['support:phone'][0];
245			}
246			if (isset($attribs['support:url'])) {
247			$returnArray['local_url'] = $attribs['support:url'][0];
248			}
249			if (isset($attribs['profile:description'])) {
250			$returnArray['description'] = $attribs['profile:description'][0];
251			}
252			$returnArray['devices'] = $profile->listDevices();
253			$this->languageInstance->setTextDomain("web_user");
254			return($returnArray);
255			}
256
257			/**
258			* Generate and send the installer
259			*
260			* @param string $device identifier as in {@link devices.php}
261			* @param int $prof_id profile identifier
262			* @return string binary stream: installerFile
263			*/
264			public function downloadInstaller($device, $prof_id, $generated_for = 'user', $token = NULL, $password = NULL) {
265			$this->loggerInstance->debug(4, "downloadInstaller arguments: $device,$prof_id,$generated_for\n");
266			$output = $this->generateInstaller($device, $prof_id, $generated_for, $token, $password);
267			$this->loggerInstance->debug(4, "output from GUI::generateInstaller:");
268			$this->loggerInstance->debug(4, print_r($output, true));
269			if (empty($output['link']) \|\| $output['link'] === 0) {
270			header("HTTP/1.0 404 Not Found");
271			return;
272			}
273			$validator = new \web\lib\common\InputValidation();
274			$profile = $validator->Profile($prof_id);
275			$profile->incrementDownloadStats($device, $generated_for);
276			$file = $this->installerPath;
277			$filetype = $output['mime'];
278			$this->loggerInstance->debug(4, "installer MIME type:$filetype\n");
279			header("Content-type: " . $filetype);
280			header('Content-Disposition: inline; filename="' . basename($file) . '"');
281			header('Content-Length: ' . filesize($file));
282			ob_clean();
283			flush();
284			readfile($file);
285			}
286
287			/**
288			* resizes image files
289			*
290			* @param string $inputImage
291			* @param string $destFile
292			* @param int $width
293			* @param int $height
294			* @param bool $resize shall we do resizing? width and height are ignored otherwise
295			* @return array
296			*/
297			private function processImage($inputImage, $destFile, $width, $height, $resize) {
298			$info = new \finfo();
299			$filetype = $info->buffer($inputImage, FILEINFO_MIME_TYPE);
300			$offset = 60 * 60 * 24 * 30;
301			// gmdate cannot fail here - time() is its default argument (and integer), and we are adding an integer to it
302			$expiresString = "Expires: " . /** @scrutinizer ignore-type */ gmdate("D, d M Y H:i:s", time() + $offset) . " GMT";
303			$blob = $inputImage;
304
305			if ($resize === TRUE) {
306			$image = new \Imagick();
307			$image->readImageBlob($inputImage);
308			$image->setImageFormat('PNG');
309			$image->thumbnailImage($width, $height, 1);
310			$blob = $image->getImageBlob();
311			$this->loggerInstance->debug(4, "Writing cached logo $destFile for IdP/Federation.\n");
312			file_put_contents($destFile, $blob);
313			}
314
315			return ["filetype" => $filetype, "expires" => $expiresString, "blob" => $blob];
316			}
317
318			/**
319			* Get and prepare logo file
320			*
321			* When called for DiscoJuice, first check if file cache exists
322			* If not then generate the file and save it in the cache
323			* @param int\|string $identifier IdP of Federation identifier
324			* @param string $type either 'idp' or 'federation' is allowed
325			* @param int $width maximum width of the generated image - if 0 then it is treated as no upper bound
326			* @param int $height maximum height of the generated image - if 0 then it is treated as no upper bound
327			* @return array\|null array with image information or NULL if there is no logo
328			*/
329			protected function getLogo($identifier, $type, $width = 0, $height = 0) {
330			$expiresString = '';
331			$resize = FALSE;
			0 ignored issues – show Unused Code introduced 2018-01-12 08:29 UTC by Report Bug Copy Issue Report The assignment to `$resize` is dead and can be removed. Loading history...
332			$attributeName = [
333			'federation' => "fed:logo_file",
334			'idp' => "general:logo_file",
335			];
336
337			$logoFile = "";
338			$validator = new \web\lib\common\InputValidation();
339			switch ($type) {
340			case "federation":
341			$entity = $validator->Federation($identifier);
342			break;
343			case "idp":
344			$entity = $validator->IdP($identifier);
345			break;
346			default:
347			throw new Exception("Unknown type of logo requested!");
348			}
349			$filetype = 'image/png'; // default, only one code path where it can become different
350			list($width, $height, $resize) = $this->testForResize($width, $height);
351			if ($resize) {
352			$logoFile = ROOT . '/web/downloads/logos/' . $identifier . '_' . $width . '_' . $height . '.png';
353			}
354			if (is_file($logoFile)) { // $logoFile could be an empty string but then we will get a FALSE
355			$this->loggerInstance->debug(4, "Using cached logo $logoFile for: $identifier\n");
356			$blob = file_get_contents($logoFile);
357			} else {
358			$logoAttribute = $entity->getAttributes($attributeName[$type]);
359			if (count($logoAttribute) == 0) {
360			return(NULL);
361			}
362			$this->loggerInstance->debug(4,"RESIZE:$width:$height\n");
363			$meta = $this->processImage($logoAttribute[0]['value'], $logoFile, $width, $height, $resize);
364			$filetype = $meta['filetype'];
365			$expiresString = $meta['expires'];
366			$blob = $meta['blob'];
367			}
368			return ["filetype" => $filetype, "expires" => $expiresString, "blob" => $blob];
369			}
370
371			private function testForResize($width, $height) {
372			if (is_numeric($width) && is_numeric($height) && ($width > 0 \|\| $height > 0)) {
373			if ($height == 0) {
374			$height = 10000;
375			}
376			if ($width == 0) {
377			$width = 10000;
378			}
379			$resize = TRUE;
380			} else {
381			$width = 0;
382			$height = 0;
383			$resize = FALSE;
384			}
385			return ([$width, $height, $resize]);
386			}
387
388			/**
389			* find out where the device is currently located
390			* @return array
391			*/
392			public function locateDevice() {
393			return(\core\DeviceLocation::locateDevice());
394			}
395
396			/**
397			* Lists all identity providers in the database
398			* adding information required by DiscoJuice.
399			*
400			* @param int $activeOnly if set to non-zero will cause listing of only those institutions which have some valid profiles defined.
401			* @param string $country if set, only list IdPs in a specific country
402			* @return array the list of identity providers
403			*
404			*/
405			public function listAllIdentityProviders($activeOnly = 0, $country = "") {
406			return(IdPlist::listAllIdentityProviders($activeOnly, $country));
407			}
408
409			/**
410			* Order active identity providers according to their distance and name
411			* @param array $currentLocation - current location
412			* @return array $IdPs - list of arrays ('id', 'name');
413			*/
414			public function orderIdentityProviders($country, $currentLocation = NULL) {
415			return(IdPlist::orderIdentityProviders($country, $currentLocation));
416			}
417
418			/**
419			* Detect the best device driver form the browser
420			* Detects the operating system and returns its id
421			* display name and group membership (as in devices.php)
422			* @return array\|FALSE OS information, indexed by 'id', 'display', 'group'
423			*/
424			public function detectOS() {
425			$oldDomain = $this->languageInstance->setTextDomain("devices");
426			$Dev = \devices\Devices::listDevices();
427			$this->languageInstance->setTextDomain($oldDomain);
428			$devId = $this->deviceFromRequest();
429			if ($devId !== NULL) {
430			$ret = $this->returnDevice($devId, $Dev[$devId]);
431			if ($ret !== FALSE) {
432			return($ret);
433			}
434			}
435			// the device has not been specified or not specified correctly, try to detect if from the browser ID
436			$browser = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT', FILTER_SANITIZE_STRING);
437			$this->loggerInstance->debug(4, "HTTP_USER_AGENT=$browser\n");
438			foreach ($Dev as $devId => $device) {
439			if (!isset($device['match'])) {
440			continue;
441			}
442			if (preg_match('/' . $device['match'] . '/', $browser)) {
443			return ($this->returnDevice($devId, $device));
444			}
445			}
446			$this->loggerInstance->debug(2, "Unrecognised system: $browser\n");
447			return(false);
448			}
449
450			/*
451			* test if devise is defined and is not hidden. If all is fine return extracted information.
452			* Return FALSE if the device has not been correctly specified
453			*/
454			private function returnDevice($devId, $device) {
455			if (\core\common\Entity::getAttributeValue($device, 'options', 'hidden') !== 1) {
456			$this->loggerInstance->debug(4, "Browser_id: $devId\n");
457			return(['device' => $devId, 'display' => $device['display'], 'group' => $device['group']]);
458			}
459			return(FALSE);
460			}
461
462			/**
463			* This methods cheks if the devide has been specified as the HTTP parameters
464			* @return device id\|NULL if correcty specified or FALSE otherwise
465			*/
466			private function deviceFromRequest() {
467			$devId = filter_input(INPUT_GET, 'device', FILTER_SANITIZE_STRING) ?? filter_input(INPUT_POST, 'device', FILTER_SANITIZE_STRING);
468			if ($devId === NULL \|\| $devId === FALSE) {
469			$this->loggerInstance->debug(2, "Invalid device id provided\n");
470			return(NULL);
471			}
472			if (!isset(\devices\Devices::listDevices()[$devId])) {
473			$this->loggerInstance->debug(2, "Unrecognised system: $devId\n");
474			return(NULL);
475			}
476			return($devId);
477			}
478
479			/**
480			* finds all the user certificates that originated in a given token
481			* @param string $token
482			* @return array\|false returns FALSE if a token is invalid, otherwise array of certs
483			*/
484			public function getUserCerts($token) {
485			$validator = new \web\lib\common\InputValidation();
486			$cleanToken = $validator->token($token);
487			if ($cleanToken) {
488			// check status of this silverbullet token according to info in DB:
489			// it can be VALID (exists and not redeemed, EXPIRED, REDEEMED or INVALID (non existent)
490			$invitationObject = new \core\SilverbulletInvitation($cleanToken);
491			} else {
492			return false;
493			}
494			$profile = new \core\ProfileSilverbullet($invitationObject->profile, NULL);
495			$userdata = $profile->userStatus($invitationObject->userId);
496			$allcerts = [];
497			foreach ($userdata as $content) {
498			$allcerts = array_merge($allcerts, $content->associatedCertificates);
499			}
500			return $allcerts;
501			}
502
503			public $device;
504			private $installerPath;
505
506			/**
507			* helper function to sort profiles by their name
508			* @param \core\AbstractProfile $profile1 the first profile's information
509			* @param \core\AbstractProfile $profile2 the second profile's information
510			* @return int
511			*/
512			private static function profileSort($profile1, $profile2) {
513			return strcasecmp($profile1->name, $profile2->name);
514			}
515
516			}
517

GEANT / CAT

Push — master ( 09cfdd...94b89f )

UserAPI F

Complexity

Size/Duplication

Importance

20 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like