GEANT /
CAT
@@ -126,20 +126,20 @@ discard block |
||
| 126 | 126 | if ($device == "TOTAL") { |
| 127 | 127 | continue; |
| 128 | 128 | } |
| 129 | - $retstring .= "<tr><td>$device</td><td>" . $numbers['ADMIN'] . "</td><td>" . $numbers['SILVERBULLET'] . "</td><td>" . $numbers['USER'] . "</td></tr>"; |
|
| 129 | + $retstring .= "<tr><td>$device</td><td>".$numbers['ADMIN']."</td><td>".$numbers['SILVERBULLET']."</td><td>".$numbers['USER']."</td></tr>"; |
|
| 130 | 130 | } |
| 131 | - $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>" . $data['TOTAL']['ADMIN'] . "</strong></td><td><strong>" . $data['TOTAL']['SILVERBULLET'] . "</strong></td><td><strong>" . $data['TOTAL']['USER'] . "</strong></td></tr>"; |
|
| 131 | + $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>".$data['TOTAL']['ADMIN']."</strong></td><td><strong>".$data['TOTAL']['SILVERBULLET']."</strong></td><td><strong>".$data['TOTAL']['USER']."</strong></td></tr>"; |
|
| 132 | 132 | break; |
| 133 | 133 | case "XML": |
| 134 | 134 | // the calls to date() operate on current date, so there is no chance for a FALSE to be returned. Silencing scrutinizer. |
| 135 | - $retstring .= "<federation id='$this->tld' ts='" . /** @scrutinizer ignore-type */ date("Y-m-d") . "T" . /** @scrutinizer ignore-type */ date("H:i:s") . "'>\n"; |
|
| 135 | + $retstring .= "<federation id='$this->tld' ts='"./** @scrutinizer ignore-type */ date("Y-m-d")."T"./** @scrutinizer ignore-type */ date("H:i:s")."'>\n"; |
|
| 136 | 136 | foreach ($data as $device => $numbers) { |
| 137 | 137 | if ($device == "TOTAL") { |
| 138 | 138 | continue; |
| 139 | 139 | } |
| 140 | - $retstring .= " <device name='" . $device . "'>\n <downloads group='admin'>" . $numbers['ADMIN'] . "</downloads>\n <downloads group='managed_idp'>" . $numbers['SILVERBULLET'] . "</downloads>\n <downloads group='user'>" . $numbers['USER'] . "</downloads>\n </device>"; |
|
| 140 | + $retstring .= " <device name='".$device."'>\n <downloads group='admin'>".$numbers['ADMIN']."</downloads>\n <downloads group='managed_idp'>".$numbers['SILVERBULLET']."</downloads>\n <downloads group='user'>".$numbers['USER']."</downloads>\n </device>"; |
|
| 141 | 141 | } |
| 142 | - $retstring .= "<total>\n <downloads group='admin'>" . $data['TOTAL']['ADMIN'] . "</downloads>\n <downloads group='managed_idp'>" . $data['TOTAL']['SILVERBULLET'] . "</downloads>\n <downloads group='user'>" . $data['TOTAL']['USER'] . "</downloads>\n</total>\n"; |
|
| 142 | + $retstring .= "<total>\n <downloads group='admin'>".$data['TOTAL']['ADMIN']."</downloads>\n <downloads group='managed_idp'>".$data['TOTAL']['SILVERBULLET']."</downloads>\n <downloads group='user'>".$data['TOTAL']['USER']."</downloads>\n</total>\n"; |
|
| 143 | 143 | $retstring .= "</federation>"; |
| 144 | 144 | break; |
| 145 | 145 | case "array": |
@@ -221,7 +221,7 @@ discard block |
||
| 221 | 221 | $identifier = $this->databaseHandle->lastID(); |
| 222 | 222 | |
| 223 | 223 | if ($identifier == 0 || !$this->loggerInstance->writeAudit($ownerId, "NEW", "IdP $identifier")) { |
| 224 | - $text = "<p>Could not create a new " . CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_inst'] . "!</p>"; |
|
| 224 | + $text = "<p>Could not create a new ".CONFIG_CONFASSISTANT['CONSORTIUM']['nomenclature_inst']."!</p>"; |
|
| 225 | 225 | echo $text; |
| 226 | 226 | throw new Exception($text); |
| 227 | 227 | } |
@@ -149,7 +149,7 @@ discard block |
||
| 149 | 149 | $this->activationsTotal = $invitationRow->quantity; |
| 150 | 150 | $certificatesResult = $this->databaseHandle->exec("SELECT `serial_number`, `ca_type` FROM `silverbullet_certificate` WHERE `silverbullet_invitation_id` = ? ORDER BY `revocation_status`, `expiry` DESC", "i", $this->identifier); |
| 151 | 151 | $certificatesNumber = ($certificatesResult ? $certificatesResult->num_rows : 0); |
| 152 | - $this->loggerInstance->debug(5, "At token validation level, " . $certificatesNumber . " certificates exist.\n"); |
|
| 152 | + $this->loggerInstance->debug(5, "At token validation level, ".$certificatesNumber." certificates exist.\n"); |
|
| 153 | 153 | // SELECT -> resource, no boolean |
| 154 | 154 | while ($runner = mysqli_fetch_object(/** @scrutinizer ignore-type */ $certificatesResult)) { |
| 155 | 155 | $this->associatedCertificates[] = new \core\SilverbulletCertificate($runner->serial_number, $runner->ca_type); |
@@ -208,7 +208,7 @@ discard block |
||
| 208 | 208 | throw new Exception("Uh. Something went seriously wrong with URL path mangling."); |
| 209 | 209 | } |
| 210 | 210 | } |
| 211 | - $link = $link . $relPath; |
|
| 211 | + $link = $link.$relPath; |
|
| 212 | 212 | |
| 213 | 213 | if (preg_match('/admin$/', $link)) { |
| 214 | 214 | $link = substr($link, 0, -6); |
@@ -217,7 +217,7 @@ discard block |
||
| 217 | 217 | } |
| 218 | 218 | } |
| 219 | 219 | |
| 220 | - return $link . '/accountstatus/accountstatus.php?token=' . $this->invitationTokenString; |
|
| 220 | + return $link.'/accountstatus/accountstatus.php?token='.$this->invitationTokenString; |
|
| 221 | 221 | } |
| 222 | 222 | |
| 223 | 223 | /** |
@@ -244,7 +244,7 @@ discard block |
||
| 244 | 244 | $text .= sprintf(_("A new %s access credential has been created for you by your network administrator."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']); |
| 245 | 245 | $text .= " "; |
| 246 | 246 | $text .= sprintf(_("Please follow the following link with the device you want to enable for %s to get a custom %s installation program just for you. You can click on the link, copy and paste it into a browser or scan the attached QR code."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']); |
| 247 | - $text .= "\n\n" . $this->link() . "\n\n"; // gets replaced with the token value by getBody() |
|
| 247 | + $text .= "\n\n".$this->link()."\n\n"; // gets replaced with the token value by getBody() |
|
| 248 | 248 | $text .= sprintf(_("Please keep this email or bookmark this link for future use. After picking up your %s installation program, you can use the same link to get status information about your %s account."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']); |
| 249 | 249 | $text .= "\n\n"; |
| 250 | 250 | $text .= _("Regards,"); |
@@ -20,7 +20,7 @@ discard block |
||
| 20 | 20 | * <base_url>/copyright.php after deploying the software |
| 21 | 21 | */ |
| 22 | 22 | |
| 23 | -require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php"; |
|
| 23 | +require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php"; |
|
| 24 | 24 | |
| 25 | 25 | /** |
| 26 | 26 | * Checks if the profile is a valid SB profile belonging to the federation |
@@ -69,7 +69,7 @@ discard block |
||
| 69 | 69 | $inputRaw = file_get_contents('php://input'); |
| 70 | 70 | $inputDecoded = json_decode($inputRaw, TRUE); |
| 71 | 71 | if (!is_array($inputDecoded)) { |
| 72 | - $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data." . json_last_error_msg() . $inputRaw); |
|
| 72 | + $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data.".json_last_error_msg().$inputRaw); |
|
| 73 | 73 | exit(1); |
| 74 | 74 | } |
| 75 | 75 | |
@@ -158,7 +158,7 @@ discard block |
||
| 158 | 158 | throw new Exception("A required parameter is missing, and this wasn't caught earlier?!"); |
| 159 | 159 | } |
| 160 | 160 | $newtokens = $mgmt->createTokens(true, [$admin], $idp); |
| 161 | - $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0]; |
|
| 161 | + $URL = "https://".$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME'])."/action_enrollment.php?token=".array_keys($newtokens)[0]; |
|
| 162 | 162 | $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]]; |
| 163 | 163 | // done with the essentials - display in response. But if we also have an email address, send it there |
| 164 | 164 | $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL); |
@@ -195,7 +195,7 @@ discard block |
||
| 195 | 195 | if ($found) { |
| 196 | 196 | $adminApi->returnSuccess([]); |
| 197 | 197 | } |
| 198 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier); |
|
| 198 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP ".$idp->identifier); |
|
| 199 | 199 | break; |
| 200 | 200 | case web\lib\admin\API::ACTION_STATISTICS_FED: |
| 201 | 201 | $adminApi->returnSuccess($fed->downloadStats("array")); |
@@ -242,10 +242,10 @@ discard block |
||
| 242 | 242 | $outer = ""; |
| 243 | 243 | $profile->setAnonymousIDSupport(FALSE); |
| 244 | 244 | } else { |
| 245 | - $outer = $outer . "@"; |
|
| 245 | + $outer = $outer."@"; |
|
| 246 | 246 | $profile->setAnonymousIDSupport(TRUE); |
| 247 | 247 | } |
| 248 | - $profile->setRealm($outer . $realm); |
|
| 248 | + $profile->setRealm($outer.$realm); |
|
| 249 | 249 | } |
| 250 | 250 | /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */ |
| 251 | 251 | $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER); |
@@ -429,7 +429,7 @@ discard block |
||
| 429 | 429 | // extract relevant subset of information from cert objects |
| 430 | 430 | $certDetails = []; |
| 431 | 431 | foreach ($certs as $cert) { |
| 432 | - $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username]; |
|
| 432 | + $certDetails[$cert->ca_type.":".$cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username]; |
|
| 433 | 433 | } |
| 434 | 434 | $adminApi->returnSuccess($certDetails); |
| 435 | 435 | break; |
@@ -115,212 +115,212 @@ discard block |
||
| 115 | 115 | } |
| 116 | 116 | |
| 117 | 117 | switch ($inputDecoded['ACTION']) { |
| 118 | - case web\lib\admin\API::ACTION_NEWINST: |
|
| 119 | - // create the inst, no admin, no attributes |
|
| 120 | - $idp = new \core\IdP($fed->newIdP("PENDING", "API")); |
|
| 121 | - // now add all submitted attributes |
|
| 122 | - $inputs = $adminApi->uglify($scrubbedParameters); |
|
| 123 | - $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]); |
|
| 124 | - $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]); |
|
| 125 | - break; |
|
| 126 | - case web\lib\admin\API::ACTION_DELINST: |
|
| 127 | - try { |
|
| 128 | - $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 129 | - } catch (Exception $e) { |
|
| 130 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 131 | - exit(1); |
|
| 132 | - } |
|
| 133 | - $idp->destroy(); |
|
| 134 | - $adminApi->returnSuccess([]); |
|
| 135 | - break; |
|
| 136 | - case web\lib\admin\API::ACTION_ADMIN_LIST: |
|
| 137 | - try { |
|
| 138 | - $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 139 | - } catch (Exception $e) { |
|
| 140 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 141 | - exit(1); |
|
| 142 | - } |
|
| 143 | - $adminApi->returnSuccess($idp->listOwners()); |
|
| 144 | - break; |
|
| 145 | - case web\lib\admin\API::ACTION_ADMIN_ADD: |
|
| 146 | - // IdP in question |
|
| 147 | - try { |
|
| 148 | - $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 149 | - } catch (Exception $e) { |
|
| 150 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 151 | - exit(1); |
|
| 152 | - } |
|
| 153 | - // here is the token |
|
| 154 | - $mgmt = new core\UserManagement(); |
|
| 155 | - // we know we have an admin ID but scrutinizer wants this checked more explicitly |
|
| 156 | - $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID); |
|
| 157 | - if ($admin === FALSE) { |
|
| 158 | - throw new Exception("A required parameter is missing, and this wasn't caught earlier?!"); |
|
| 159 | - } |
|
| 160 | - $newtokens = $mgmt->createTokens(true, [$admin], $idp); |
|
| 161 | - $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0]; |
|
| 162 | - $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]]; |
|
| 163 | - // done with the essentials - display in response. But if we also have an email address, send it there |
|
| 164 | - $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL); |
|
| 165 | - if ($email !== FALSE) { |
|
| 166 | - $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed); |
|
| 167 | - $success["EMAIL SENT"] = $sent["SENT"]; |
|
| 168 | - if ($sent["SENT"] === TRUE) { |
|
| 169 | - $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"]; |
|
| 118 | + case web\lib\admin\API::ACTION_NEWINST: |
|
| 119 | + // create the inst, no admin, no attributes |
|
| 120 | + $idp = new \core\IdP($fed->newIdP("PENDING", "API")); |
|
| 121 | + // now add all submitted attributes |
|
| 122 | + $inputs = $adminApi->uglify($scrubbedParameters); |
|
| 123 | + $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]); |
|
| 124 | + $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]); |
|
| 125 | + break; |
|
| 126 | + case web\lib\admin\API::ACTION_DELINST: |
|
| 127 | + try { |
|
| 128 | + $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 129 | + } catch (Exception $e) { |
|
| 130 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 131 | + exit(1); |
|
| 170 | 132 | } |
| 171 | - } |
|
| 172 | - $adminApi->returnSuccess($success); |
|
| 173 | - break; |
|
| 174 | - case web\lib\admin\API::ACTION_ADMIN_DEL: |
|
| 175 | - // IdP in question |
|
| 176 | - try { |
|
| 177 | - $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 178 | - } catch (Exception $e) { |
|
| 179 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 180 | - exit(1); |
|
| 181 | - } |
|
| 182 | - $currentAdmins = $idp->listOwners(); |
|
| 183 | - $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID); |
|
| 184 | - if ($toBeDeleted === FALSE) { |
|
| 185 | - throw new Exception("A required parameter is missing, and this wasn't caught earlier?!"); |
|
| 186 | - } |
|
| 187 | - $found = FALSE; |
|
| 188 | - foreach ($currentAdmins as $oneAdmin) { |
|
| 189 | - if ($oneAdmin['MAIL'] == $toBeDeleted) { |
|
| 190 | - $found = TRUE; |
|
| 191 | - $mgmt = new core\UserManagement(); |
|
| 192 | - $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']); |
|
| 193 | - } |
|
| 194 | - } |
|
| 195 | - if ($found) { |
|
| 133 | + $idp->destroy(); |
|
| 196 | 134 | $adminApi->returnSuccess([]); |
| 197 | - } |
|
| 198 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier); |
|
| 199 | - break; |
|
| 200 | - case web\lib\admin\API::ACTION_STATISTICS_FED: |
|
| 201 | - $adminApi->returnSuccess($fed->downloadStats("array")); |
|
| 202 | - break; |
|
| 203 | - case \web\lib\admin\API::ACTION_NEWPROF_RADIUS: |
|
| 204 | - // fall-through intended: both get mostly identical treatment |
|
| 205 | - case web\lib\admin\API::ACTION_NEWPROF_SB: |
|
| 206 | - try { |
|
| 207 | - $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 208 | - } catch (Exception $e) { |
|
| 209 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 210 | - exit(1); |
|
| 211 | - } |
|
| 212 | - if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) { |
|
| 213 | - $type = "RADIUS"; |
|
| 214 | - } else { |
|
| 215 | - $type = "SILVERBULLET"; |
|
| 216 | - } |
|
| 217 | - $profile = $idp->newProfile($type); |
|
| 218 | - if ($profile === NULL) { |
|
| 219 | - $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support."); |
|
| 220 | - exit(1); |
|
| 221 | - } |
|
| 222 | - $inputs = $adminApi->uglify($scrubbedParameters); |
|
| 223 | - $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]); |
|
| 224 | - if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) { |
|
| 225 | - // auto-accept ToU? |
|
| 226 | - if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) { |
|
| 227 | - $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1); |
|
| 228 | - } |
|
| 229 | - // we're done at this point |
|
| 230 | - $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]); |
|
| 231 | - continue; |
|
| 232 | - } |
|
| 233 | - if (!$profile instanceof core\ProfileRADIUS) { |
|
| 234 | - throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS."); |
|
| 235 | - } |
|
| 236 | - /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM'; |
|
| 237 | - const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */ |
|
| 238 | - $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM); |
|
| 239 | - $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE); |
|
| 240 | - if ($realm !== FALSE) { |
|
| 241 | - if ($outer === FALSE) { |
|
| 242 | - $outer = ""; |
|
| 243 | - $profile->setAnonymousIDSupport(FALSE); |
|
| 135 | + break; |
|
| 136 | + case web\lib\admin\API::ACTION_ADMIN_LIST: |
|
| 137 | + try { |
|
| 138 | + $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 139 | + } catch (Exception $e) { |
|
| 140 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 141 | + exit(1); |
|
| 142 | + } |
|
| 143 | + $adminApi->returnSuccess($idp->listOwners()); |
|
| 144 | + break; |
|
| 145 | + case web\lib\admin\API::ACTION_ADMIN_ADD: |
|
| 146 | + // IdP in question |
|
| 147 | + try { |
|
| 148 | + $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 149 | + } catch (Exception $e) { |
|
| 150 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 151 | + exit(1); |
|
| 152 | + } |
|
| 153 | + // here is the token |
|
| 154 | + $mgmt = new core\UserManagement(); |
|
| 155 | + // we know we have an admin ID but scrutinizer wants this checked more explicitly |
|
| 156 | + $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID); |
|
| 157 | + if ($admin === FALSE) { |
|
| 158 | + throw new Exception("A required parameter is missing, and this wasn't caught earlier?!"); |
|
| 159 | + } |
|
| 160 | + $newtokens = $mgmt->createTokens(true, [$admin], $idp); |
|
| 161 | + $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0]; |
|
| 162 | + $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]]; |
|
| 163 | + // done with the essentials - display in response. But if we also have an email address, send it there |
|
| 164 | + $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL); |
|
| 165 | + if ($email !== FALSE) { |
|
| 166 | + $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed); |
|
| 167 | + $success["EMAIL SENT"] = $sent["SENT"]; |
|
| 168 | + if ($sent["SENT"] === TRUE) { |
|
| 169 | + $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"]; |
|
| 170 | + } |
|
| 171 | + } |
|
| 172 | + $adminApi->returnSuccess($success); |
|
| 173 | + break; |
|
| 174 | + case web\lib\admin\API::ACTION_ADMIN_DEL: |
|
| 175 | + // IdP in question |
|
| 176 | + try { |
|
| 177 | + $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 178 | + } catch (Exception $e) { |
|
| 179 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 180 | + exit(1); |
|
| 181 | + } |
|
| 182 | + $currentAdmins = $idp->listOwners(); |
|
| 183 | + $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID); |
|
| 184 | + if ($toBeDeleted === FALSE) { |
|
| 185 | + throw new Exception("A required parameter is missing, and this wasn't caught earlier?!"); |
|
| 186 | + } |
|
| 187 | + $found = FALSE; |
|
| 188 | + foreach ($currentAdmins as $oneAdmin) { |
|
| 189 | + if ($oneAdmin['MAIL'] == $toBeDeleted) { |
|
| 190 | + $found = TRUE; |
|
| 191 | + $mgmt = new core\UserManagement(); |
|
| 192 | + $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']); |
|
| 193 | + } |
|
| 194 | + } |
|
| 195 | + if ($found) { |
|
| 196 | + $adminApi->returnSuccess([]); |
|
| 197 | + } |
|
| 198 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier); |
|
| 199 | + break; |
|
| 200 | + case web\lib\admin\API::ACTION_STATISTICS_FED: |
|
| 201 | + $adminApi->returnSuccess($fed->downloadStats("array")); |
|
| 202 | + break; |
|
| 203 | + case \web\lib\admin\API::ACTION_NEWPROF_RADIUS: |
|
| 204 | + // fall-through intended: both get mostly identical treatment |
|
| 205 | + case web\lib\admin\API::ACTION_NEWPROF_SB: |
|
| 206 | + try { |
|
| 207 | + $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID)); |
|
| 208 | + } catch (Exception $e) { |
|
| 209 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!"); |
|
| 210 | + exit(1); |
|
| 211 | + } |
|
| 212 | + if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) { |
|
| 213 | + $type = "RADIUS"; |
|
| 244 | 214 | } else { |
| 245 | - $outer = $outer . "@"; |
|
| 246 | - $profile->setAnonymousIDSupport(TRUE); |
|
| 215 | + $type = "SILVERBULLET"; |
|
| 247 | 216 | } |
| 248 | - $profile->setRealm($outer . $realm); |
|
| 249 | - } |
|
| 250 | - /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */ |
|
| 251 | - $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER); |
|
| 252 | - if ($testuser !== FALSE) { |
|
| 253 | - $profile->setRealmCheckUser(TRUE, $testuser); |
|
| 254 | - } |
|
| 255 | - /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM'; |
|
| 217 | + $profile = $idp->newProfile($type); |
|
| 218 | + if ($profile === NULL) { |
|
| 219 | + $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support."); |
|
| 220 | + exit(1); |
|
| 221 | + } |
|
| 222 | + $inputs = $adminApi->uglify($scrubbedParameters); |
|
| 223 | + $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]); |
|
| 224 | + if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) { |
|
| 225 | + // auto-accept ToU? |
|
| 226 | + if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) { |
|
| 227 | + $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1); |
|
| 228 | + } |
|
| 229 | + // we're done at this point |
|
| 230 | + $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]); |
|
| 231 | + continue; |
|
| 232 | + } |
|
| 233 | + if (!$profile instanceof core\ProfileRADIUS) { |
|
| 234 | + throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS."); |
|
| 235 | + } |
|
| 236 | + /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM'; |
|
| 237 | + const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */ |
|
| 238 | + $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM); |
|
| 239 | + $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE); |
|
| 240 | + if ($realm !== FALSE) { |
|
| 241 | + if ($outer === FALSE) { |
|
| 242 | + $outer = ""; |
|
| 243 | + $profile->setAnonymousIDSupport(FALSE); |
|
| 244 | + } else { |
|
| 245 | + $outer = $outer . "@"; |
|
| 246 | + $profile->setAnonymousIDSupport(TRUE); |
|
| 247 | + } |
|
| 248 | + $profile->setRealm($outer . $realm); |
|
| 249 | + } |
|
| 250 | + /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */ |
|
| 251 | + $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER); |
|
| 252 | + if ($testuser !== FALSE) { |
|
| 253 | + $profile->setRealmCheckUser(TRUE, $testuser); |
|
| 254 | + } |
|
| 255 | + /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM'; |
|
| 256 | 256 | const AUXATTRIB_PROFILE_INPUT_VERIFY = 'ATTRIB-PROFILE-VERIFYREALM'; */ |
| 257 | - $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT); |
|
| 258 | - $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY); |
|
| 259 | - if ($enforce !== FALSE) { |
|
| 260 | - $profile->setInputVerificationPreference($enforce, $hint); |
|
| 261 | - } |
|
| 262 | - /* const AUXATTRIB_PROFILE_EAPTYPE */ |
|
| 263 | - $iterator = 1; |
|
| 264 | - foreach ($scrubbedParameters as $oneParam) { |
|
| 265 | - if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) { |
|
| 266 | - $type = new \core\common\EAP($oneParam["VALUE"]); |
|
| 267 | - $profile->addSupportedEapMethod($type, $iterator); |
|
| 268 | - $iterator = $iterator + 1; |
|
| 257 | + $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT); |
|
| 258 | + $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY); |
|
| 259 | + if ($enforce !== FALSE) { |
|
| 260 | + $profile->setInputVerificationPreference($enforce, $hint); |
|
| 269 | 261 | } |
| 270 | - } |
|
| 271 | - // reinstantiate $profile freshly from DB - it was updated in the process |
|
| 272 | - $profileFresh = new core\ProfileRADIUS($profile->identifier); |
|
| 273 | - $profileFresh->prepShowtime(); |
|
| 274 | - $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]); |
|
| 275 | - break; |
|
| 276 | - case web\lib\admin\API::ACTION_ENDUSER_NEW: |
|
| 277 | - $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 278 | - if ($prof_id === FALSE) { |
|
| 279 | - exit(1); |
|
| 280 | - } |
|
| 281 | - $evaluation = commonSbProfileChecks($fed, $prof_id); |
|
| 282 | - if ($evaluation === FALSE) { |
|
| 283 | - exit(1); |
|
| 284 | - } |
|
| 285 | - list($idp, $profile) = $evaluation; |
|
| 286 | - $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME)); |
|
| 287 | - $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY); |
|
| 288 | - if ($expiryRaw === FALSE) { |
|
| 289 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request."); |
|
| 290 | - exit(1); |
|
| 291 | - } |
|
| 292 | - $expiry = new DateTime($expiryRaw); |
|
| 293 | - try { |
|
| 294 | - $retval = $profile->addUser($user, $expiry); |
|
| 295 | - } catch (Exception $e) { |
|
| 296 | - $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed. Maybe a duplicate username, or malformed expiry date?"); |
|
| 297 | - exit(1); |
|
| 298 | - } |
|
| 299 | - if ($retval == 0) {// that didn't work, it seems |
|
| 300 | - $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed subtly. Contact the administrators."); |
|
| 301 | - exit(1); |
|
| 302 | - } |
|
| 303 | - $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $user, \web\lib\admin\API::AUXATTRIB_SB_USERID => $retval]); |
|
| 304 | - break; |
|
| 305 | - case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE: |
|
| 306 | - // fall-through intended: both actions are very similar |
|
| 307 | - case \web\lib\admin\API::ACTION_TOKEN_NEW: |
|
| 308 | - $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 309 | - if ($profile_id === FALSE) { |
|
| 310 | - exit(1); |
|
| 311 | - } |
|
| 312 | - $evaluation = commonSbProfileChecks($fed, $profile_id); |
|
| 313 | - if ($evaluation === FALSE) { |
|
| 314 | - exit(1); |
|
| 315 | - } |
|
| 316 | - list($idp, $profile) = $evaluation; |
|
| 317 | - $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID)); |
|
| 318 | - if ($userId === FALSE) { |
|
| 319 | - $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer."); |
|
| 320 | - exit(1); |
|
| 321 | - } |
|
| 322 | - $additionalInfo = []; |
|
| 323 | - switch ($inputDecoded['ACTION']) { // this is where the two differ |
|
| 262 | + /* const AUXATTRIB_PROFILE_EAPTYPE */ |
|
| 263 | + $iterator = 1; |
|
| 264 | + foreach ($scrubbedParameters as $oneParam) { |
|
| 265 | + if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) { |
|
| 266 | + $type = new \core\common\EAP($oneParam["VALUE"]); |
|
| 267 | + $profile->addSupportedEapMethod($type, $iterator); |
|
| 268 | + $iterator = $iterator + 1; |
|
| 269 | + } |
|
| 270 | + } |
|
| 271 | + // reinstantiate $profile freshly from DB - it was updated in the process |
|
| 272 | + $profileFresh = new core\ProfileRADIUS($profile->identifier); |
|
| 273 | + $profileFresh->prepShowtime(); |
|
| 274 | + $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]); |
|
| 275 | + break; |
|
| 276 | + case web\lib\admin\API::ACTION_ENDUSER_NEW: |
|
| 277 | + $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 278 | + if ($prof_id === FALSE) { |
|
| 279 | + exit(1); |
|
| 280 | + } |
|
| 281 | + $evaluation = commonSbProfileChecks($fed, $prof_id); |
|
| 282 | + if ($evaluation === FALSE) { |
|
| 283 | + exit(1); |
|
| 284 | + } |
|
| 285 | + list($idp, $profile) = $evaluation; |
|
| 286 | + $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME)); |
|
| 287 | + $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY); |
|
| 288 | + if ($expiryRaw === FALSE) { |
|
| 289 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request."); |
|
| 290 | + exit(1); |
|
| 291 | + } |
|
| 292 | + $expiry = new DateTime($expiryRaw); |
|
| 293 | + try { |
|
| 294 | + $retval = $profile->addUser($user, $expiry); |
|
| 295 | + } catch (Exception $e) { |
|
| 296 | + $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed. Maybe a duplicate username, or malformed expiry date?"); |
|
| 297 | + exit(1); |
|
| 298 | + } |
|
| 299 | + if ($retval == 0) {// that didn't work, it seems |
|
| 300 | + $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed subtly. Contact the administrators."); |
|
| 301 | + exit(1); |
|
| 302 | + } |
|
| 303 | + $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $user, \web\lib\admin\API::AUXATTRIB_SB_USERID => $retval]); |
|
| 304 | + break; |
|
| 305 | + case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE: |
|
| 306 | + // fall-through intended: both actions are very similar |
|
| 307 | + case \web\lib\admin\API::ACTION_TOKEN_NEW: |
|
| 308 | + $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 309 | + if ($profile_id === FALSE) { |
|
| 310 | + exit(1); |
|
| 311 | + } |
|
| 312 | + $evaluation = commonSbProfileChecks($fed, $profile_id); |
|
| 313 | + if ($evaluation === FALSE) { |
|
| 314 | + exit(1); |
|
| 315 | + } |
|
| 316 | + list($idp, $profile) = $evaluation; |
|
| 317 | + $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID)); |
|
| 318 | + if ($userId === FALSE) { |
|
| 319 | + $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer."); |
|
| 320 | + exit(1); |
|
| 321 | + } |
|
| 322 | + $additionalInfo = []; |
|
| 323 | + switch ($inputDecoded['ACTION']) { // this is where the two differ |
|
| 324 | 324 | case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE: |
| 325 | 325 | $result = $profile->deactivateUser($userId); |
| 326 | 326 | break; |
@@ -353,7 +353,7 @@ discard block |
||
| 353 | 353 | } |
| 354 | 354 | } |
| 355 | 355 | break; |
| 356 | - } |
|
| 356 | + } |
|
| 357 | 357 | |
| 358 | 358 | if ($result !== TRUE) { |
| 359 | 359 | $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "These parameters did not lead to an existing, active user."); |
@@ -361,65 +361,65 @@ discard block |
||
| 361 | 361 | } |
| 362 | 362 | $adminApi->returnSuccess($additionalInfo); |
| 363 | 363 | break; |
| 364 | - case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY: |
|
| 365 | - $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 366 | - if ($profile_id === FALSE) { |
|
| 367 | - exit(1); |
|
| 368 | - } |
|
| 369 | - $evaluation = commonSbProfileChecks($fed, $profile_id); |
|
| 370 | - if ($evaluation === FALSE) { |
|
| 371 | - exit(1); |
|
| 372 | - } |
|
| 373 | - list($idp, $profile) = $evaluation; |
|
| 374 | - $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID); |
|
| 375 | - $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME); |
|
| 376 | - $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL); |
|
| 377 | - if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE) { |
|
| 378 | - // we need at least one of those |
|
| 379 | - $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, or certificate serial is required."); |
|
| 380 | - } |
|
| 381 | - $userlist = $profile->listAllUsers(); |
|
| 382 | - if ($userName === FALSE && $certSerial === FALSE) { // we got a user ID |
|
| 383 | - if (!isset($userlist[$userId])) { |
|
| 384 | - return $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "This user ID does not exist in this profile."); |
|
| 364 | + case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY: |
|
| 365 | + $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 366 | + if ($profile_id === FALSE) { |
|
| 367 | + exit(1); |
|
| 385 | 368 | } |
| 386 | - $adminApi->returnSuccess([$userId => $userlist[$userId]]); |
|
| 387 | - } |
|
| 388 | - if ($userId === FALSE && $certSerial === FALSE) { // we got a username |
|
| 389 | - $key = array_search($userName, $userlist); |
|
| 390 | - if ($key === FALSE) { |
|
| 391 | - return $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "This username does not exist in this profile."); |
|
| 369 | + $evaluation = commonSbProfileChecks($fed, $profile_id); |
|
| 370 | + if ($evaluation === FALSE) { |
|
| 371 | + exit(1); |
|
| 392 | 372 | } |
| 393 | - $adminApi->returnSuccess([$key => $userlist[$key]]); |
|
| 394 | - } |
|
| 395 | - if ($userId === FALSE && $userName === FALSE) { // we got a cert serial |
|
| 396 | - $serial = explode(":", $certSerial); |
|
| 397 | - $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]); |
|
| 398 | - if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) { |
|
| 399 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found."); |
|
| 373 | + list($idp, $profile) = $evaluation; |
|
| 374 | + $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID); |
|
| 375 | + $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME); |
|
| 376 | + $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL); |
|
| 377 | + if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE) { |
|
| 378 | + // we need at least one of those |
|
| 379 | + $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, or certificate serial is required."); |
|
| 400 | 380 | } |
| 401 | - if ($cert->profileId != $profile->identifier) { |
|
| 402 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile."); |
|
| 381 | + $userlist = $profile->listAllUsers(); |
|
| 382 | + if ($userName === FALSE && $certSerial === FALSE) { // we got a user ID |
|
| 383 | + if (!isset($userlist[$userId])) { |
|
| 384 | + return $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "This user ID does not exist in this profile."); |
|
| 385 | + } |
|
| 386 | + $adminApi->returnSuccess([$userId => $userlist[$userId]]); |
|
| 403 | 387 | } |
| 404 | - $adminApi->returnSuccess([$cert->userId => $userlist[$cert->userId]]); |
|
| 405 | - } |
|
| 406 | - $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "Only exactly one of User ID, username or cert serial can be specified."); |
|
| 407 | - break; |
|
| 408 | - case \web\lib\admin\API::ACTION_ENDUSER_LIST: |
|
| 409 | - // fall-through: those two are similar |
|
| 410 | - case \web\lib\admin\API::ACTION_TOKEN_LIST: |
|
| 411 | - $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 412 | - if ($profile_id === FALSE) { |
|
| 413 | - exit(1); |
|
| 414 | - } |
|
| 415 | - $evaluation = commonSbProfileChecks($fed, $profile_id); |
|
| 416 | - if ($evaluation === FALSE) { |
|
| 417 | - exit(1); |
|
| 418 | - } |
|
| 419 | - list($idp, $profile) = $evaluation; |
|
| 420 | - $allUsers = $profile->listAllUsers(); |
|
| 421 | - // this is where they differ |
|
| 422 | - switch ($inputDecoded['ACTION']) { |
|
| 388 | + if ($userId === FALSE && $certSerial === FALSE) { // we got a username |
|
| 389 | + $key = array_search($userName, $userlist); |
|
| 390 | + if ($key === FALSE) { |
|
| 391 | + return $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "This username does not exist in this profile."); |
|
| 392 | + } |
|
| 393 | + $adminApi->returnSuccess([$key => $userlist[$key]]); |
|
| 394 | + } |
|
| 395 | + if ($userId === FALSE && $userName === FALSE) { // we got a cert serial |
|
| 396 | + $serial = explode(":", $certSerial); |
|
| 397 | + $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]); |
|
| 398 | + if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) { |
|
| 399 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found."); |
|
| 400 | + } |
|
| 401 | + if ($cert->profileId != $profile->identifier) { |
|
| 402 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile."); |
|
| 403 | + } |
|
| 404 | + $adminApi->returnSuccess([$cert->userId => $userlist[$cert->userId]]); |
|
| 405 | + } |
|
| 406 | + $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "Only exactly one of User ID, username or cert serial can be specified."); |
|
| 407 | + break; |
|
| 408 | + case \web\lib\admin\API::ACTION_ENDUSER_LIST: |
|
| 409 | + // fall-through: those two are similar |
|
| 410 | + case \web\lib\admin\API::ACTION_TOKEN_LIST: |
|
| 411 | + $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 412 | + if ($profile_id === FALSE) { |
|
| 413 | + exit(1); |
|
| 414 | + } |
|
| 415 | + $evaluation = commonSbProfileChecks($fed, $profile_id); |
|
| 416 | + if ($evaluation === FALSE) { |
|
| 417 | + exit(1); |
|
| 418 | + } |
|
| 419 | + list($idp, $profile) = $evaluation; |
|
| 420 | + $allUsers = $profile->listAllUsers(); |
|
| 421 | + // this is where they differ |
|
| 422 | + switch ($inputDecoded['ACTION']) { |
|
| 423 | 423 | case \web\lib\admin\API::ACTION_ENDUSER_LIST: |
| 424 | 424 | $adminApi->returnSuccess($allUsers); |
| 425 | 425 | break; |
@@ -438,71 +438,71 @@ discard block |
||
| 438 | 438 | $infoSet[$oneTokenObject->userId] = [\web\lib\admin\API::AUXATTRIB_TOKEN => $oneTokenObject->invitationTokenString, "STATUS" => $oneTokenObject->invitationTokenStatus]; |
| 439 | 439 | } |
| 440 | 440 | $adminApi->returnSuccess($infoSet); |
| 441 | - } |
|
| 442 | - break; |
|
| 443 | - case \web\lib\admin\API::ACTION_TOKEN_REVOKE: |
|
| 444 | - $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN); |
|
| 445 | - if ($tokenRaw === FALSE) { |
|
| 446 | - exit(1); |
|
| 447 | - } |
|
| 448 | - $token = new core\SilverbulletInvitation($tokenRaw); |
|
| 449 | - if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) { |
|
| 450 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token."); |
|
| 451 | - exit(1); |
|
| 452 | - } |
|
| 453 | - $token->revokeInvitation(); |
|
| 454 | - $adminApi->returnSuccess([]); |
|
| 455 | - break; |
|
| 456 | - case \web\lib\admin\API::ACTION_CERT_LIST: |
|
| 457 | - $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 458 | - $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID); |
|
| 459 | - if ($prof_id === FALSE || !is_int($user_id)) { |
|
| 460 | - exit(1); |
|
| 461 | - } |
|
| 462 | - $evaluation = commonSbProfileChecks($fed, $prof_id); |
|
| 463 | - if ($evaluation === FALSE) { |
|
| 464 | - exit(1); |
|
| 465 | - } |
|
| 466 | - list($idp, $profile) = $evaluation; |
|
| 467 | - $invitations = $profile->userStatus($user_id); |
|
| 468 | - // now pull out cert information from the object |
|
| 469 | - $certs = []; |
|
| 470 | - foreach ($invitations as $oneInvitation) { |
|
| 471 | - $certs = array_merge($certs, $oneInvitation->associatedCertificates); |
|
| 472 | - } |
|
| 473 | - // extract relevant subset of information from cert objects |
|
| 474 | - $certDetails = []; |
|
| 475 | - foreach ($certs as $cert) { |
|
| 476 | - $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username]; |
|
| 477 | - } |
|
| 478 | - $adminApi->returnSuccess($certDetails); |
|
| 479 | - break; |
|
| 480 | - case \web\lib\admin\API::ACTION_CERT_REVOKE: |
|
| 481 | - $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 482 | - if ($prof_id === FALSE) { |
|
| 483 | - exit(1); |
|
| 484 | - } |
|
| 485 | - $evaluation = commonSbProfileChecks($fed, $prof_id); |
|
| 486 | - if ($evaluation === FALSE) { |
|
| 487 | - exit(1); |
|
| 488 | - } |
|
| 489 | - list($idp, $profile) = $evaluation; |
|
| 490 | - // tear apart the serial |
|
| 491 | - $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL); |
|
| 492 | - if ($serialRaw === FALSE) { |
|
| 493 | - exit(1); |
|
| 494 | - } |
|
| 495 | - $serial = explode(":", $serialRaw); |
|
| 496 | - $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]); |
|
| 497 | - if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) { |
|
| 498 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found."); |
|
| 499 | - } |
|
| 500 | - if ($cert->profileId != $profile->identifier) { |
|
| 501 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile."); |
|
| 502 | - } |
|
| 503 | - $cert->revokeCertificate(); |
|
| 504 | - $adminApi->returnSuccess([]); |
|
| 441 | + } |
|
| 505 | 442 | break; |
| 506 | - default: |
|
| 507 | - $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet."); |
|
| 443 | + case \web\lib\admin\API::ACTION_TOKEN_REVOKE: |
|
| 444 | + $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN); |
|
| 445 | + if ($tokenRaw === FALSE) { |
|
| 446 | + exit(1); |
|
| 447 | + } |
|
| 448 | + $token = new core\SilverbulletInvitation($tokenRaw); |
|
| 449 | + if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) { |
|
| 450 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token."); |
|
| 451 | + exit(1); |
|
| 452 | + } |
|
| 453 | + $token->revokeInvitation(); |
|
| 454 | + $adminApi->returnSuccess([]); |
|
| 455 | + break; |
|
| 456 | + case \web\lib\admin\API::ACTION_CERT_LIST: |
|
| 457 | + $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 458 | + $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID); |
|
| 459 | + if ($prof_id === FALSE || !is_int($user_id)) { |
|
| 460 | + exit(1); |
|
| 461 | + } |
|
| 462 | + $evaluation = commonSbProfileChecks($fed, $prof_id); |
|
| 463 | + if ($evaluation === FALSE) { |
|
| 464 | + exit(1); |
|
| 465 | + } |
|
| 466 | + list($idp, $profile) = $evaluation; |
|
| 467 | + $invitations = $profile->userStatus($user_id); |
|
| 468 | + // now pull out cert information from the object |
|
| 469 | + $certs = []; |
|
| 470 | + foreach ($invitations as $oneInvitation) { |
|
| 471 | + $certs = array_merge($certs, $oneInvitation->associatedCertificates); |
|
| 472 | + } |
|
| 473 | + // extract relevant subset of information from cert objects |
|
| 474 | + $certDetails = []; |
|
| 475 | + foreach ($certs as $cert) { |
|
| 476 | + $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username]; |
|
| 477 | + } |
|
| 478 | + $adminApi->returnSuccess($certDetails); |
|
| 479 | + break; |
|
| 480 | + case \web\lib\admin\API::ACTION_CERT_REVOKE: |
|
| 481 | + $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID); |
|
| 482 | + if ($prof_id === FALSE) { |
|
| 483 | + exit(1); |
|
| 484 | + } |
|
| 485 | + $evaluation = commonSbProfileChecks($fed, $prof_id); |
|
| 486 | + if ($evaluation === FALSE) { |
|
| 487 | + exit(1); |
|
| 488 | + } |
|
| 489 | + list($idp, $profile) = $evaluation; |
|
| 490 | + // tear apart the serial |
|
| 491 | + $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL); |
|
| 492 | + if ($serialRaw === FALSE) { |
|
| 493 | + exit(1); |
|
| 494 | + } |
|
| 495 | + $serial = explode(":", $serialRaw); |
|
| 496 | + $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]); |
|
| 497 | + if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) { |
|
| 498 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found."); |
|
| 499 | + } |
|
| 500 | + if ($cert->profileId != $profile->identifier) { |
|
| 501 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile."); |
|
| 502 | + } |
|
| 503 | + $cert->revokeCertificate(); |
|
| 504 | + $adminApi->returnSuccess([]); |
|
| 505 | + break; |
|
| 506 | + default: |
|
| 507 | + $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet."); |
|
| 508 | 508 | } |
| 509 | 509 | \ No newline at end of file |
@@ -143,8 +143,8 @@ |
||
| 143 | 143 | "OPT" => [API::AUXATTRIB_TARGETMAIL], |
| 144 | 144 | "RETVAL" => [ |
| 145 | 145 | ["TOKEN URL", |
| 146 | - "EMAIL SENT", // dependent on TARGETMAIL input |
|
| 147 | - "EMAIL TRANSPORT SECURE"], // dependent on TARGETMAIL input |
|
| 146 | + "EMAIL SENT", // dependent on TARGETMAIL input |
|
| 147 | + "EMAIL TRANSPORT SECURE"], // dependent on TARGETMAIL input |
|
| 148 | 148 | ] |
| 149 | 149 | ], |
| 150 | 150 | API::ACTION_ADMIN_DEL => [ |
@@ -23,7 +23,7 @@ discard block |
||
| 23 | 23 | |
| 24 | 24 | use Exception; |
| 25 | 25 | |
| 26 | -require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php"; |
|
| 26 | +require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php"; |
|
| 27 | 27 | |
| 28 | 28 | class API { |
| 29 | 29 | |
@@ -84,7 +84,7 @@ discard block |
||
| 84 | 84 | const ACTIONS = [ |
| 85 | 85 | # inst-level actions |
| 86 | 86 | API::ACTION_NEWINST_BY_REF => [ |
| 87 | - "REQ" => [API::AUXATTRIB_EXTERNALID,], |
|
| 87 | + "REQ" => [API::AUXATTRIB_EXTERNALID, ], |
|
| 88 | 88 | "OPT" => [ |
| 89 | 89 | 'general:geo_coordinates', |
| 90 | 90 | 'general:logo_file', |
@@ -144,7 +144,7 @@ discard block |
||
| 144 | 144 | "OPT" => [API::AUXATTRIB_TARGETMAIL], |
| 145 | 145 | "RETVAL" => [ |
| 146 | 146 | ["TOKEN URL", |
| 147 | - "EMAIL SENT", // dependent on TARGETMAIL input |
|
| 147 | + "EMAIL SENT", // dependent on TARGETMAIL input |
|
| 148 | 148 | "EMAIL TRANSPORT SECURE"], // dependent on TARGETMAIL input |
| 149 | 149 | ] |
| 150 | 150 | ], |
@@ -206,7 +206,7 @@ discard block |
||
| 206 | 206 | API::ACTION_ENDUSER_NEW => [ |
| 207 | 207 | "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID, API::AUXATTRIB_SB_USERNAME, API::AUXATTRIB_SB_EXPIRY], |
| 208 | 208 | "OPT" => [], |
| 209 | - "RETVAL" => [ API::AUXATTRIB_SB_USERNAME, API::AUXATTRIB_SB_USERID ], |
|
| 209 | + "RETVAL" => [API::AUXATTRIB_SB_USERNAME, API::AUXATTRIB_SB_USERID], |
|
| 210 | 210 | ], |
| 211 | 211 | API::ACTION_ENDUSER_DEACTIVATE => [ |
| 212 | 212 | "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID, API::AUXATTRIB_SB_USERID], |
@@ -217,14 +217,14 @@ discard block |
||
| 217 | 217 | "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID], |
| 218 | 218 | "OPT" => [], |
| 219 | 219 | "RETVAL" => [ |
| 220 | - [ API::AUXATTRIB_SB_USERID => API::AUXATTRIB_SB_USERNAME], |
|
| 220 | + [API::AUXATTRIB_SB_USERID => API::AUXATTRIB_SB_USERNAME], |
|
| 221 | 221 | ], |
| 222 | 222 | ], |
| 223 | 223 | API::ACTION_ENDUSER_IDENTIFY => [ |
| 224 | 224 | "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID], |
| 225 | 225 | "OPT" => [API::AUXATTRIB_SB_USERID, API::AUXATTRIB_SB_USERNAME, API::AUXATTRIB_SB_CERTSERIAL], |
| 226 | 226 | "RETVAL" => [ |
| 227 | - [ API::AUXATTRIB_SB_USERID => API::AUXATTRIB_SB_USERNAME], |
|
| 227 | + [API::AUXATTRIB_SB_USERID => API::AUXATTRIB_SB_USERNAME], |
|
| 228 | 228 | ], |
| 229 | 229 | ], |
| 230 | 230 | |
@@ -234,9 +234,9 @@ discard block |
||
| 234 | 234 | "RETVAL" => [ |
| 235 | 235 | API::AUXATTRIB_TOKENURL, |
| 236 | 236 | API::AUXATTRIB_TOKEN, |
| 237 | - "EMAIL SENT", // dependent on TARGETMAIL input |
|
| 237 | + "EMAIL SENT", // dependent on TARGETMAIL input |
|
| 238 | 238 | "EMAIL TRANSPORT SECURE", // dependent on TARGETMAIL input |
| 239 | - "SMS SENT", // dependent on TARGETSMS input |
|
| 239 | + "SMS SENT", // dependent on TARGETSMS input |
|
| 240 | 240 | ] |
| 241 | 241 | ], |
| 242 | 242 | API::ACTION_TOKEN_REVOKE => [ |
@@ -255,7 +255,7 @@ discard block |
||
| 255 | 255 | "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID, API::AUXATTRIB_SB_USERID], |
| 256 | 256 | "OPT" => [], |
| 257 | 257 | "RETVAL" => [ |
| 258 | - [ API::AUXATTRIB_SB_CERTSERIAL => ["ISSUED", "EXPIRY", "STATUS", "DEVICE", "CN" ]] |
|
| 258 | + [API::AUXATTRIB_SB_CERTSERIAL => ["ISSUED", "EXPIRY", "STATUS", "DEVICE", "CN"]] |
|
| 259 | 259 | ] |
| 260 | 260 | ], |
| 261 | 261 | API::ACTION_CERT_REVOKE => [ |
@@ -386,8 +386,8 @@ discard block |
||
| 386 | 386 | |
| 387 | 387 | case \core\Options::TYPECODE_COORDINATES: |
| 388 | 388 | $extension = \core\Options::TYPECODE_TEXT; |
| 389 | - $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#"; |
|
| 390 | - $coercedInline["value"][$basename . "-" . $extension] = $oneAttrib['VALUE']; |
|
| 389 | + $coercedInline["option"][$basename] = $oneAttrib['NAME']."#"; |
|
| 390 | + $coercedInline["value"][$basename."-".$extension] = $oneAttrib['VALUE']; |
|
| 391 | 391 | break; |
| 392 | 392 | case \core\Options::TYPECODE_TEXT: |
| 393 | 393 | // fall-through: they all get the same treatment |
@@ -397,19 +397,19 @@ discard block |
||
| 397 | 397 | // fall-through: they all get the same treatment |
| 398 | 398 | case \core\Options::TYPECODE_INTEGER: |
| 399 | 399 | $extension = $optionInfo['type']; |
| 400 | - $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#"; |
|
| 401 | - $coercedInline["value"][$basename . "-" . $extension] = $oneAttrib['VALUE']; |
|
| 400 | + $coercedInline["option"][$basename] = $oneAttrib['NAME']."#"; |
|
| 401 | + $coercedInline["value"][$basename."-".$extension] = $oneAttrib['VALUE']; |
|
| 402 | 402 | if ($optionInfo['flag'] == "ML") { |
| 403 | - $coercedInline["value"][$basename . "-lang"] = $oneAttrib['LANG']; |
|
| 403 | + $coercedInline["value"][$basename."-lang"] = $oneAttrib['LANG']; |
|
| 404 | 404 | } |
| 405 | 405 | break; |
| 406 | 406 | case \core\Options::TYPECODE_FILE: |
| 407 | 407 | // binary data is expected in base64 encoding. This is true |
| 408 | 408 | // also for PEM files! |
| 409 | 409 | $extension = $optionInfo['type']; |
| 410 | - $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#"; |
|
| 411 | - file_put_contents($dir['dir'] . "/" . $basename . "-" . $extension, base64_decode($oneAttrib['VALUE'])); |
|
| 412 | - $coercedFile["value"]['tmp_name'][$basename . "-" . $extension] = $dir['dir'] . "/" . $basename . "-" . $extension; |
|
| 410 | + $coercedInline["option"][$basename] = $oneAttrib['NAME']."#"; |
|
| 411 | + file_put_contents($dir['dir']."/".$basename."-".$extension, base64_decode($oneAttrib['VALUE'])); |
|
| 412 | + $coercedFile["value"]['tmp_name'][$basename."-".$extension] = $dir['dir']."/".$basename."-".$extension; |
|
| 413 | 413 | break; |
| 414 | 414 | default: |
| 415 | 415 | throw new Exception("We don't seem to know this type code!"); |
@@ -146,7 +146,7 @@ discard block |
||
| 146 | 146 | } else { |
| 147 | 147 | $this->databaseHandle->exec("INSERT INTO ownership (user_id, institution_id, blesslevel, orig_mail) VALUES(?, ?, ?, ?)", "siss", $owner, $catId, $level, $destMail); |
| 148 | 148 | } |
| 149 | - $this->loggerInstance->writeAudit((string) $owner, "OWN", "IdP " . $invitationDetails->cat_institution_id . " - added user as owner"); |
|
| 149 | + $this->loggerInstance->writeAudit((string) $owner, "OWN", "IdP ".$invitationDetails->cat_institution_id." - added user as owner"); |
|
| 150 | 150 | common\Entity::outOfThePotatoes(); |
| 151 | 151 | return new IdP($invitationDetails->cat_institution_id); |
| 152 | 152 | } |
@@ -168,7 +168,7 @@ discard block |
||
| 168 | 168 | $idp = new IdP($fed->newIdP($owner, $invitationDetails->invite_issuer_level, $invitationDetails->invite_dest_mail, $bestnameguess)); |
| 169 | 169 | } |
| 170 | 170 | $idp->addAttribute("general:instname", 'C', $bestnameguess); |
| 171 | - $this->loggerInstance->writeAudit($owner, "NEW", "IdP " . $idp->identifier . " - created from invitation"); |
|
| 171 | + $this->loggerInstance->writeAudit($owner, "NEW", "IdP ".$idp->identifier." - created from invitation"); |
|
| 172 | 172 | |
| 173 | 173 | // in case we have more admins in the queue which were invited to |
| 174 | 174 | // administer the same inst but haven't redeemed their invitations |
@@ -182,7 +182,7 @@ discard block |
||
| 182 | 182 | WHERE invite_created >= TIMESTAMPADD(DAY, -1, NOW()) AND used = 0 AND name = ? AND country = ? AND ( cat_institution_id IS NULL OR external_db_uniquehandle IS NULL ) ", "ss", $invitationDetails->name, $invitationDetails->country); |
| 183 | 183 | // SELECT -> resource, no boolean |
| 184 | 184 | while ($pendingDetail = mysqli_fetch_object(/** @scrutinizer ignore-type */ $otherPending)) { |
| 185 | - $this->databaseHandle->exec("UPDATE invitations SET cat_institution_id = " . $idp->identifier . " WHERE id = " . $pendingDetail->id); |
|
| 185 | + $this->databaseHandle->exec("UPDATE invitations SET cat_institution_id = ".$idp->identifier." WHERE id = ".$pendingDetail->id); |
|
| 186 | 186 | } |
| 187 | 187 | common\Entity::outOfThePotatoes(); |
| 188 | 188 | return $idp; |
@@ -276,9 +276,9 @@ discard block |
||
| 276 | 276 | $retval = []; |
| 277 | 277 | $invitations = $this->databaseHandle->exec("SELECT cat_institution_id, country, name, invite_issuer_level, invite_dest_mail, invite_token , TIMESTAMPADD(DAY, 1, invite_created) as expiry |
| 278 | 278 | FROM invitations |
| 279 | - WHERE cat_institution_id " . ( $idpIdentifier != 0 ? "= $idpIdentifier" : "IS NULL") . " AND invite_created >= TIMESTAMPADD(DAY, -1, NOW()) AND used = 0"); |
|
| 279 | + WHERE cat_institution_id " . ($idpIdentifier != 0 ? "= $idpIdentifier" : "IS NULL")." AND invite_created >= TIMESTAMPADD(DAY, -1, NOW()) AND used = 0"); |
|
| 280 | 280 | // SELECT -> resource, not boolean |
| 281 | - $this->loggerInstance->debug(4, "Retrieving pending invitations for " . ($idpIdentifier != 0 ? "IdP $idpIdentifier" : "IdPs awaiting initial creation" ) . ".\n"); |
|
| 281 | + $this->loggerInstance->debug(4, "Retrieving pending invitations for ".($idpIdentifier != 0 ? "IdP $idpIdentifier" : "IdPs awaiting initial creation").".\n"); |
|
| 282 | 282 | while ($invitationQuery = mysqli_fetch_object(/** @scrutinizer ignore-type */ $invitations)) { |
| 283 | 283 | $retval[] = ["country" => $invitationQuery->country, "name" => $invitationQuery->name, "mail" => $invitationQuery->invite_dest_mail, "token" => $invitationQuery->invite_token, "expiry" => $invitationQuery->expiry]; |
| 284 | 284 | } |
@@ -23,54 +23,54 @@ |
||
| 23 | 23 | this is just an include file for Gui class definition |
| 24 | 24 | */ |
| 25 | 25 | $Faq = [ |
| 26 | - [ |
|
| 26 | + [ |
|
| 27 | 27 | 'id'=>'idp_not_listed', |
| 28 | 28 | 'title'=>_("My organisation is not listed. Can't I just use any of the other ones?"), |
| 29 | 29 | 'text'=>_("No! The installers contain security settings which are specific to the organisation. If you are not from that organisation, your device will detect that you are about to send your username and credential to an unauthorised server and will abort the login. Using an installer from a different organisation is <i>guaranteed to not work</i>!") |
| 30 | - ], |
|
| 31 | - [ |
|
| 30 | + ], |
|
| 31 | + [ |
|
| 32 | 32 | 'id'=>'idp_not_listed', |
| 33 | 33 | 'title'=>_("What can I do to get my organisation listed?"), |
| 34 | 34 | 'text'=>sprintf(_("Contact %s administrators within your organisation and request that they add their organisation to the system. It will take at most one hour of their time to get things done."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
| 35 | 35 | ], |
| 36 | - [ |
|
| 36 | + [ |
|
| 37 | 37 | 'id'=>'device_not_listed', |
| 38 | 38 | 'title'=>sprintf(_("My device is not listed! Does that mean I can't do %s?"),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
| 39 | 39 | 'text'=>sprintf(_("No. The CAT tool can only support Operating Systems which can be automatically configured in some way. Many other devices can still be used with %s, but must be configured manually. Please contact your organisation to get help in setting up such a device."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
| 40 | - ], |
|
| 40 | + ], |
|
| 41 | 41 | |
| 42 | - [ |
|
| 42 | + [ |
|
| 43 | 43 | 'title'=>sprintf(_("I can connect to %s simply by providing username and password, what is the point of using an installer?"),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
| 44 | 44 | 'text'=>sprintf(_("When you are connecting from an unconfigured device your security is at risk. The very point of preconfiguration is to set up security, when this is done, your device will first confirm that it talks to the correct authentication server and will never send your password to an untrusted one.")) |
| 45 | 45 | ], |
| 46 | - [ |
|
| 46 | + [ |
|
| 47 | 47 | 'title'=>sprintf(_("Is it safe to use %s installers?"),CONFIG['APPEARANCE']['productname']), |
| 48 | 48 | 'text'=>sprintf(_("%s installers configure security settings on your device, therefore you should be sure that you are using genuine ones."),CONFIG['APPEARANCE']['productname']).' '.( isset(CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']) && CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'] != "" ? sprintf(_("This is why %s installers are digitally signed by %s. Watch out for a system message confirming this."),CONFIG['APPEARANCE']['productname'],CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']):""), |
| 49 | 49 | |
| 50 | 50 | ], |
| 51 | - [ |
|
| 51 | + [ |
|
| 52 | 52 | 'title'=>_("Windows 'SmartScreen' or 'Internet Explorer' tell me that the file is not commonly downloaded and possibly harmful. Should I be concerned?"), |
| 53 | 53 | 'text'=>_("Contrary to what the name suggests, 'SmartScreen' isn't actually very smart. The warning merely means that the file has not yet been downloaded by enough users to make Microsoft consider it popular (which would strangely enough make it be considered 'safe'). This message alone is not a security problem.")." ".(isset(CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']) && CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'] != "" ? sprintf(_("So long as the file is carrying a valid signature from %s, the download is safe."),CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'])." ":"").sprintf(_("Please see also Microsoft's FAQ regarding SmartScreen at %s."),"<a href='http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9?SignedIn=1'>Microsoft FAQ</a>") |
| 54 | 54 | |
| 55 | 55 | ], |
| 56 | - [ |
|
| 56 | + [ |
|
| 57 | 57 | 'title'=>sprintf(_("I can see %s network and my device is configured but it does not connect, what can be the cause?"),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
| 58 | - 'text'=>sprintf(_("There can be a number of different reasons. The network you see may not be a genuine %s one and your device silently drops the connection attempt; there may be something wrong with the configuration of the network; your account may have expired; there may be a connection problem with your home authentication server; you may have broken the regulations of the network you are using and have been refused access as a consequence. You should contact your organisation and report the problem, the administrators should be able to trace your connections."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 58 | + 'text'=>sprintf(_("There can be a number of different reasons. The network you see may not be a genuine %s one and your device silently drops the connection attempt; there may be something wrong with the configuration of the network; your account may have expired; there may be a connection problem with your home authentication server; you may have broken the regulations of the network you are using and have been refused access as a consequence. You should contact your organisation and report the problem, the administrators should be able to trace your connections."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 59 | 59 | ], |
| 60 | - [ |
|
| 60 | + [ |
|
| 61 | 61 | 'id'=>'contact', |
| 62 | 62 | 'title'=>sprintf(_("I have a question about this web site. Whom should I contact?")), |
| 63 | 63 | 'text'=>sprintf(_("You should send a mail to %s."),CONFIG['APPEARANCE']['support-contact']['display']) |
| 64 | - ], |
|
| 64 | + ], |
|
| 65 | 65 | ]; |
| 66 | 66 | |
| 67 | 67 | if (CONFIG_CONFASSISTANT['CONSORTIUM']['name'] == "eduroam") { |
| 68 | 68 | $eduroamDb = new core\ExternalEduroamDBData(); |
| 69 | 69 | $SPs = $eduroamDb->allServiceProviders(); |
| 70 | - array_push($Faq, |
|
| 71 | - [ |
|
| 72 | - 'id'=>'what_is_'.CONFIG_CONFASSISTANT['CONSORTIUM']['name'], |
|
| 73 | - 'title'=>sprintf(_("What is this %s thing anyway?"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
|
| 74 | - 'text'=>sprintf(_("%s is a global WiFi roaming consortium which gives members of education and research access to the internet <i>for free</i> on all %s hotspots on the planet. There are several million %s users already, enjoying free internet access on more than %d hotspots! Visit <a href='http://www.eduroam.org'>the %s homepage</a> or <a href='http://monitor.eduroam.org/map_service_loc.php'>the %s location map</a> for more details."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'],CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'],CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], count($SPs), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 75 | - ]); |
|
| 70 | + array_push($Faq, |
|
| 71 | + [ |
|
| 72 | + 'id'=>'what_is_'.CONFIG_CONFASSISTANT['CONSORTIUM']['name'], |
|
| 73 | + 'title'=>sprintf(_("What is this %s thing anyway?"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
|
| 74 | + 'text'=>sprintf(_("%s is a global WiFi roaming consortium which gives members of education and research access to the internet <i>for free</i> on all %s hotspots on the planet. There are several million %s users already, enjoying free internet access on more than %d hotspots! Visit <a href='http://www.eduroam.org'>the %s homepage</a> or <a href='http://monitor.eduroam.org/map_service_loc.php'>the %s location map</a> for more details."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'],CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'],CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], count($SPs), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 75 | + ]); |
|
| 76 | 76 | } |
@@ -31,36 +31,36 @@ discard block |
||
| 31 | 31 | [ |
| 32 | 32 | 'id'=>'idp_not_listed', |
| 33 | 33 | 'title'=>_("What can I do to get my organisation listed?"), |
| 34 | - 'text'=>sprintf(_("Contact %s administrators within your organisation and request that they add their organisation to the system. It will take at most one hour of their time to get things done."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 34 | + 'text'=>sprintf(_("Contact %s administrators within your organisation and request that they add their organisation to the system. It will take at most one hour of their time to get things done."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 35 | 35 | ], |
| 36 | 36 | [ |
| 37 | 37 | 'id'=>'device_not_listed', |
| 38 | - 'title'=>sprintf(_("My device is not listed! Does that mean I can't do %s?"),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
|
| 39 | - 'text'=>sprintf(_("No. The CAT tool can only support Operating Systems which can be automatically configured in some way. Many other devices can still be used with %s, but must be configured manually. Please contact your organisation to get help in setting up such a device."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 38 | + 'title'=>sprintf(_("My device is not listed! Does that mean I can't do %s?"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
|
| 39 | + 'text'=>sprintf(_("No. The CAT tool can only support Operating Systems which can be automatically configured in some way. Many other devices can still be used with %s, but must be configured manually. Please contact your organisation to get help in setting up such a device."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 40 | 40 | ], |
| 41 | 41 | |
| 42 | 42 | [ |
| 43 | - 'title'=>sprintf(_("I can connect to %s simply by providing username and password, what is the point of using an installer?"),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
|
| 43 | + 'title'=>sprintf(_("I can connect to %s simply by providing username and password, what is the point of using an installer?"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
|
| 44 | 44 | 'text'=>sprintf(_("When you are connecting from an unconfigured device your security is at risk. The very point of preconfiguration is to set up security, when this is done, your device will first confirm that it talks to the correct authentication server and will never send your password to an untrusted one.")) |
| 45 | 45 | ], |
| 46 | 46 | [ |
| 47 | - 'title'=>sprintf(_("Is it safe to use %s installers?"),CONFIG['APPEARANCE']['productname']), |
|
| 48 | - 'text'=>sprintf(_("%s installers configure security settings on your device, therefore you should be sure that you are using genuine ones."),CONFIG['APPEARANCE']['productname']).' '.( isset(CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']) && CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'] != "" ? sprintf(_("This is why %s installers are digitally signed by %s. Watch out for a system message confirming this."),CONFIG['APPEARANCE']['productname'],CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']):""), |
|
| 47 | + 'title'=>sprintf(_("Is it safe to use %s installers?"), CONFIG['APPEARANCE']['productname']), |
|
| 48 | + 'text'=>sprintf(_("%s installers configure security settings on your device, therefore you should be sure that you are using genuine ones."), CONFIG['APPEARANCE']['productname']).' '.(isset(CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']) && CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'] != "" ? sprintf(_("This is why %s installers are digitally signed by %s. Watch out for a system message confirming this."), CONFIG['APPEARANCE']['productname'], CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']) : ""), |
|
| 49 | 49 | |
| 50 | 50 | ], |
| 51 | 51 | [ |
| 52 | 52 | 'title'=>_("Windows 'SmartScreen' or 'Internet Explorer' tell me that the file is not commonly downloaded and possibly harmful. Should I be concerned?"), |
| 53 | - 'text'=>_("Contrary to what the name suggests, 'SmartScreen' isn't actually very smart. The warning merely means that the file has not yet been downloaded by enough users to make Microsoft consider it popular (which would strangely enough make it be considered 'safe'). This message alone is not a security problem.")." ".(isset(CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']) && CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'] != "" ? sprintf(_("So long as the file is carrying a valid signature from %s, the download is safe."),CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'])." ":"").sprintf(_("Please see also Microsoft's FAQ regarding SmartScreen at %s."),"<a href='http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9?SignedIn=1'>Microsoft FAQ</a>") |
|
| 53 | + 'text'=>_("Contrary to what the name suggests, 'SmartScreen' isn't actually very smart. The warning merely means that the file has not yet been downloaded by enough users to make Microsoft consider it popular (which would strangely enough make it be considered 'safe'). This message alone is not a security problem.")." ".(isset(CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name']) && CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'] != "" ? sprintf(_("So long as the file is carrying a valid signature from %s, the download is safe."), CONFIG_CONFASSISTANT['CONSORTIUM']['signer_name'])." " : "").sprintf(_("Please see also Microsoft's FAQ regarding SmartScreen at %s."), "<a href='http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions-IE9?SignedIn=1'>Microsoft FAQ</a>") |
|
| 54 | 54 | |
| 55 | 55 | ], |
| 56 | 56 | [ |
| 57 | - 'title'=>sprintf(_("I can see %s network and my device is configured but it does not connect, what can be the cause?"),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
|
| 58 | - 'text'=>sprintf(_("There can be a number of different reasons. The network you see may not be a genuine %s one and your device silently drops the connection attempt; there may be something wrong with the configuration of the network; your account may have expired; there may be a connection problem with your home authentication server; you may have broken the regulations of the network you are using and have been refused access as a consequence. You should contact your organisation and report the problem, the administrators should be able to trace your connections."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 57 | + 'title'=>sprintf(_("I can see %s network and my device is configured but it does not connect, what can be the cause?"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
|
| 58 | + 'text'=>sprintf(_("There can be a number of different reasons. The network you see may not be a genuine %s one and your device silently drops the connection attempt; there may be something wrong with the configuration of the network; your account may have expired; there may be a connection problem with your home authentication server; you may have broken the regulations of the network you are using and have been refused access as a consequence. You should contact your organisation and report the problem, the administrators should be able to trace your connections."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 59 | 59 | ], |
| 60 | 60 | [ |
| 61 | 61 | 'id'=>'contact', |
| 62 | 62 | 'title'=>sprintf(_("I have a question about this web site. Whom should I contact?")), |
| 63 | - 'text'=>sprintf(_("You should send a mail to %s."),CONFIG['APPEARANCE']['support-contact']['display']) |
|
| 63 | + 'text'=>sprintf(_("You should send a mail to %s."), CONFIG['APPEARANCE']['support-contact']['display']) |
|
| 64 | 64 | ], |
| 65 | 65 | ]; |
| 66 | 66 | |
@@ -71,6 +71,6 @@ discard block |
||
| 71 | 71 | [ |
| 72 | 72 | 'id'=>'what_is_'.CONFIG_CONFASSISTANT['CONSORTIUM']['name'], |
| 73 | 73 | 'title'=>sprintf(_("What is this %s thing anyway?"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']), |
| 74 | - 'text'=>sprintf(_("%s is a global WiFi roaming consortium which gives members of education and research access to the internet <i>for free</i> on all %s hotspots on the planet. There are several million %s users already, enjoying free internet access on more than %d hotspots! Visit <a href='http://www.eduroam.org'>the %s homepage</a> or <a href='http://monitor.eduroam.org/map_service_loc.php'>the %s location map</a> for more details."),CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'],CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'],CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], count($SPs), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 74 | + 'text'=>sprintf(_("%s is a global WiFi roaming consortium which gives members of education and research access to the internet <i>for free</i> on all %s hotspots on the planet. There are several million %s users already, enjoying free internet access on more than %d hotspots! Visit <a href='http://www.eduroam.org'>the %s homepage</a> or <a href='http://monitor.eduroam.org/map_service_loc.php'>the %s location map</a> for more details."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], count($SPs), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) |
|
| 75 | 75 | ]); |
| 76 | 76 | } |
