priority() - Code Metrics - Inspection of "PSR1 is a difficult beast. At least it seems I fou..." - GEANT/CAT - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 3e6070...95d24c )

by Stefan

created 2019-04-19 13:19 UTC

priority() A

↳ Parent: Project

Complexity

Conditions	5
Paths	2

Size

Total Lines	6
Code Lines	4

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	5
eloc	4
nc	2
nop	3
dl	0
loc	6
rs	9.6111
c	0
b	0
f	0

<?php
/*
 * *****************************************************************************
 * Contributions to this work were made on behalf of the GÉANT project, a 
 * project that has received funding from the European Union’s Framework 
 * Programme 7 under Grant Agreements No. 238875 (GN3) and No. 605243 (GN3plus),
 * Horizon 2020 research and innovation programme under Grant Agreements No. 
 * 691567 (GN4-1) and No. 731122 (GN4-2).
 * On behalf of the aforementioned projects, GEANT Association is the sole owner
 * of the copyright in all material which was developed by a member of the GÉANT
 * project. GÉANT Vereniging (Association) is registered with the Chamber of 
 * Commerce in Amsterdam with registration number 40535155 and operates in the 
 * UK as a branch of GÉANT Vereniging.
 * 
 * Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. 
 * UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK
 *
 * License: see the web/copyright.inc.php file in the file structure or
 *          <base_url>/copyright.php after deploying the software
 */

/**
 * This page is used to edit a RADIUS profile by its administrator.
 * 
 * @author Stefan Winter <[email protected]>
 */

?>
<?php
require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";

$deco = new \web\lib\admin\PageDecoration();
$validator = new \web\lib\common\InputValidation();
$uiElements = new web\lib\admin\UIElements();

echo $deco->defaultPagePrelude(sprintf(_("%s: IdP Enrollment Wizard (Step 3)"), \config\Master::CONFIG['APPEARANCE']['productname']));
require_once "inc/click_button_js.php";
?>
<script src="js/XHR.js" type="text/javascript"></script>
<script src="js/option_expand.js" type="text/javascript"></script>

<!-- JQuery --> 
<script type="text/javascript" src="../external/jquery/jquery-migrate.js"></script> 
<script type="text/javascript" src="../external/jquery/jquery-ui.js"></script> 
<!-- EAP sorting code -->
<script type="text/javascript" src="js/eapSorter.js"></script> 
<link rel='stylesheet' type='text/css' href='css/eapSorter.css' />
<!-- EAP sorting code end -->
<?php
// initialize inputs
$my_inst = $validator->existingIdP($_GET['inst_id'], $_SESSION['user']);
$anonLocal = "anonymous";
$useAnon = FALSE;
$checkuserOuter = FALSE;
$checkuserValue = "anonymous";
$verify = FALSE;
$hint = FALSE;
$realm = "";
$prefill_name = "";
$blacklisted = FALSE;

if (isset($_GET['profile_id'])) { // oh! We should edit an existing profile, not create a new one!
    $wizardStyle = FALSE;
    $my_profile = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier);
    if (!$my_profile instanceof \core\ProfileRADIUS) {
        throw new Exception("This page is only for editing RADIUS profiles!");
    }

    $useAnon = $my_profile->getAttributes("internal:use_anon_outer");
    if (count($useAnon) > 0) {
        $useAnon = $useAnon[0]['value'];
        $anonLocal = $my_profile->getAttributes("internal:anon_local_value")[0]['value'];
    }

    $checkuserOuter = $my_profile->getAttributes("internal:checkuser_outer");
    if (count($checkuserOuter) > 0) {
        $checkuserOuter = $checkuserOuter[0]['value'];
        $checkuserValue = $my_profile->getAttributes("internal:checkuser_value")[0]['value'];
    }

    $verify = $my_profile->getAttributes("internal:verify_userinput_suffix")[0]['value'];
    $hint = $my_profile->getAttributes("internal:hint_userinput_suffix")[0]['value'];
    $realm = $my_profile->getAttributes("internal:realm")[0]['value'];

    $prefill_name = $my_profile->name;
    $prefill_methods = $my_profile->getEapMethodsinOrderOfPreference();
    $profile_options = $my_profile->getAttributes();
    // is there a general redirect? it is one which have device = 0
    $blacklistEntries = $my_profile->getAttributes("device-specific:redirect");
    $blacklisted = FALSE;
    foreach ($blacklistEntries as $oneEntry) {
        if ($oneEntry['device'] === NULL) { // don't act on device-level redirects
            $blacklisted = $oneEntry['value'];
        }
    }
} else {
    $wizardStyle = TRUE;
    $my_profile = NULL;
    $prefill_methods = [];
    $profile_options = [];
    $fed = new \core\Federation($my_inst->federation);
    $minting = $fed->getAttributes("fed:minted_ca_file");
    if (count($minting) > 0) {
        $temp_profile = $my_inst->newProfile(core\AbstractProfile::PROFILETYPE_RADIUS);
        foreach ($minting as $oneMint) {
            $temp_profile->addAttribute("eap:ca_file", $oneMint['lang'], base64_encode($oneMint['value']));
        }
        $my_profile = new \core\ProfileRADIUS($temp_profile->identifier);
        $profile_options = $my_profile->getAttributes();
    }
}
?>
</head>
<body>
    <?php
    echo $deco->productheader("ADMIN-IDP");
    ?>
    <h1>
        <?php
        if ($wizardStyle) {
            echo _("Step 3: Defining a user group profile");
        } else {
            printf(_("Edit profile '%s' ..."), $prefill_name);
        }
        ?>
    </h1>
    <?php
    echo $uiElements->instLevelInfoBoxes($my_inst);

    echo "<form enctype='multipart/form-data' action='edit_profile_result.php?inst_id=$my_inst->identifier" . ($my_profile !== NULL ? "&amp;profile_id=" . $my_profile->identifier : "") . "' method='post' accept-charset='UTF-8'>
                <input type='hidden' name='MAX_FILE_SIZE' value='" . \config\Master::CONFIG['MAX_UPLOAD_SIZE'] . "'>";
    $optionDisplay = new \web\lib\admin\OptionDisplay($profile_options, "Profile");
    ?>
    <fieldset class="option_container">
        <legend>
            <strong><?php echo _("General Profile properties"); ?></strong>
        </legend>
        <?php
        if ($wizardStyle) {
            echo "<p>" . _("We will now define a profile for your user group(s).  You can add as many profiles as you like by choosing the appropriate button on the end of the page. After we are done, the wizard is finished and you will be taken to the main IdP administration page.") . "</p>";
        }
        ?>
        <h3><?php echo _("Profile Name and RADIUS realm"); ?></h3>
        <?php
        if ($wizardStyle) {
            echo "<p>" . _("First of all we need a name for the profile. This will be displayed to end users, so you may want to choose a descriptive name like 'Professors', 'Students of the Faculty of Bioscience', etc.") . "</p>";
            echo "<p>" . _("Optionally, you can provide a longer descriptive text about who this profile is for. If you specify it, it will be displayed on the download page after the user has selected the profile name in the list.") . "</p>";
            echo "<p>" . _("You can also tell us your RADIUS realm. ");
            if (\config\Master::CONFIG['FUNCTIONALITY_LOCATIONS']['DIAGNOSTICS'] !== NULL) {
                printf(_("This is useful if you want to use the sanity check module later, which tests reachability of your realm in the %s infrastructure. "), \config\ConfAssistant::CONFIG['CONSORTIUM']['display_name']);
            }
            echo _("It is required to enter the realm name if you want to support anonymous outer identities (see below).") . "</p>";
        }

        echo $optionDisplay->prefilledOptionTable("profile");
        ?>
        <button type='button' class='newoption' onclick='getXML("profile")'><?php echo _("Add new option"); ?></button>
        <table>
            <?php
            ?>
            <tr>

                <td>
                    <label for="realm">
                        <?php echo _("Realm:"); ?>
                    </label>
                </td>
                <td>
                    <?php echo "<input id='realm' name='realm' value='$realm' onkeyup='
                                 if (this.value.length > 0)
                                      { this.form.elements[\"anon_support\"].removeAttribute(\"disabled\");
                                        document.getElementById(\"anon_support_label\").removeAttribute(\"style\");
                                        
                                        this.form.elements[\"checkuser_support\"].removeAttribute(\"disabled\");
                                        document.getElementById(\"checkuser_label\").removeAttribute(\"style\");
                                        
                                        document.getElementById(\"verify_label\").removeAttribute(\"style\");
                                        document.getElementById(\"hint_label\").removeAttribute(\"style\");

                                      } else
                                      { this.form.elements[\"anon_support\"].checked = false;
                                        this.form.elements[\"anon_support\"].setAttribute(\"disabled\", \"disabled\");
                                        this.form.elements[\"anon_local\"].setAttribute(\"disabled\", \"disabled\");
                                        document.getElementById(\"anon_support_label\").setAttribute(\"style\", \"color:#999999\");
                                        
                                        this.form.elements[\"checkuser_support\"].checked = false;
                                        this.form.elements[\"checkuser_support\"].setAttribute(\"disabled\", \"disabled\");
                                        this.form.elements[\"checkuser_local\"].setAttribute(\"disabled\", \"disabled\");
                                        document.getElementById(\"checkuser_label\").setAttribute(\"style\", \"color:#999999\");
                                                                                
                                        this.form.elements[\"hint_support\"].checked = false;
                                        this.form.elements[\"hint_support\"].setAttribute(\"disabled\", \"disabled\");
                                        
                                        document.getElementById(\"hint_label\").setAttribute(\"style\", \"color:#999999\");
                                      };'/>"; ?>

                </td>

            </tr>

        </table>
        <h3><?php echo _("Realm Options"); ?></h3>

        <?php
        if ($wizardStyle) {
            echo "<p>" . sprintf(_("Some installers support a feature called 'Anonymous outer identity'. If you don't know what this is, please read <a href='%s'>this article</a>."), "https://confluence.terena.org/display/H2eduroam/eap-types") . "</p>";
            echo "<p>" . _("On some platforms, the installers can suggest username endings and/or verify the user input to contain the realm suffix.") . "</p>";
            echo "<p>" . _("The realm check feature needs to know an outer ID which actually gets a chance to authenticate. If your RADIUS server lets only select usernames pass, it is useful to supply the information which of those (outer ID) username we can use for testing.") . "</p>";
        }
        ?>
        <p>


            <!-- UI table to align elements-->
        <table>
            <tr>
                <!-- checkbox for "verify-->
                <td>
                    <span id='verify_label'>
                        <?php echo _("Verify user input to contain realm suffix:"); ?>
                    </span>
                </td>
                <td>
                    <input type='checkbox' <?php
                    echo ($verify != FALSE ? "checked" : "" );
                    ?> name='verify_support' onclick='
                            if (this.form.elements["verify_support"].checked !== true || this.form.elements["realm"].value.length == 0) {
                                this.form.elements["hint_support"].setAttribute("disabled", "disabled");
                            } else {
                                this.form.elements["hint_support"].removeAttribute("disabled");
                            }
                            ;'/>
                    <span id='hint_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'>
                        <?php echo _("Prefill user input with realm suffix:"); ?>
                    </span>
                    <input type='checkbox' <?php echo ($verify == FALSE ? "disabled" : "" ); ?> name='hint_support' <?php echo ( $hint != FALSE ? "checked" : "" ); ?> />
                </td>
            </tr>
            <tr>

                <!-- checkbox and input field for anonymity support, available only when realm is known-->
                <td>
                    <span id='anon_support_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'>
                        <?php echo _("Enable Anonymous Outer Identity:"); ?>
                    </span>
                </td>
                <td>
                    <input type='checkbox' <?php echo ($useAnon != FALSE ? "checked" : "" ) . ($realm == "" ? " disabled" : "" ); ?> name='anon_support' onclick='
                            if (this.form.elements["anon_support"].checked !== true) {
                                this.form.elements["anon_local"].setAttribute("disabled", "disabled");
                            } else {
                                this.form.elements["anon_local"].removeAttribute("disabled");
                            }
                            ;'/>
                    <input type='text' <?php echo ($checkuserOuter == FALSE ? "disabled" : "" ); ?> name='anon_local' value='<?php echo $anonLocal; ?>'/>
                </td>    
            </tr>
            <tr>

                <!-- checkbox and input field for check realm outer id, available only when realm is known-->
                <td>
                    <span id='checkuser_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'>
                        <?php echo _("Use special Outer Identity for realm checks:"); ?>
                    </span>
                </td>
                <td>
                    <input type='checkbox' <?php echo ($checkuserOuter != FALSE ? "checked" : "" ) . ($realm == "" ? " disabled" : "" ); ?> name='checkuser_support' onclick='
                            if (this.form.elements["checkuser_support"].checked !== true) {
                                this.form.elements["checkuser_local"].setAttribute("disabled", "disabled");
                            } else {
                                this.form.elements["checkuser_local"].removeAttribute("disabled");
                            }
                            ;'/>
                    <input type='text' <?php echo ($checkuserOuter == FALSE ? "disabled" : "" ); ?> name='checkuser_local' value='<?php echo $checkuserValue; ?>'/>
                </td>
            </tr>
        </table>
    </p>

    <h3><?php echo _("Installer Download Location"); ?></h3>

    <?php
    if ($wizardStyle) {
        echo "<p>" . _("The CAT has a download area for end users. There, they will, for example, learn about the support pointers you entered earlier. The CAT can also immediately offer the installers for the profile for download. If you don't want that, you can instead enter a web site location where you want your users to be redirected to. You, as the administrator, can still download the profiles to place them on that page (see the 'Compatibility Matrix' button on the dashboard).") . "</p>";
    }
    ?>
    <p>

        <?php
        echo "<span id='redirect_label' style='" . ($realm == "" ? "color:#999999" : "" ) . "'><label for='redirect'>" . _("Redirect end users to own web page:") . "</label></span>
                          <input type='checkbox'  name='redirect' id='redirect' " . ($blacklisted === FALSE ? "" : "checked " ) . "onclick='
                              if (this.form.elements[\"redirect\"].checked != true) {
                                this.form.elements[\"redirect_target\"].setAttribute(\"disabled\", \"disabled\");
                              } else {
                                this.form.elements[\"redirect_target\"].removeAttribute(\"disabled\");
                              };'/>
                          <input type='text' name='redirect_target' " . ($blacklisted !== FALSE ? "value='$blacklisted'" : "disabled" ) . "/>";
        ?>
    </p>

</fieldset>
<fieldset class="option_container">
    <legend><strong><?php echo _("Supported EAP types"); ?></strong></legend>
    <?php
    if ($wizardStyle) {
        echo "<p>" . _("Now, we need to know which EAP types your IdP supports. If you support multiple EAP types, you can assign every type a priority (1=highest). This tool will always generate an automatic installer for the EAP type with the highest priority; only if the user's device can't use that EAP type, we will use an EAP type further down in the list.") . "</p>";
    }
    ?>
    <?php

    $methods = \core\common\EAP::listKnownEAPTypes();
    ?>

    <?php
// new EAP sorting code  

    foreach ($methods as $a) {
        $display = $a->getPrintableRep();
        $enabled = FALSE;
        foreach ($prefill_methods as $prio => $value) {
            if ($a->getPrintableRep() == $value->getPrintableRep()) {
                $enabled = TRUE;
                $countactive = $prio + 1;
            }
        }
    }
    ?>
    <div>
        <table style="border:none">
            <tr>
                <th style="vertical-align:top; padding:1em">
                    <?php echo _('Supported EAP types for this profile'); ?>
                </th>
                <td id="supported_eap">
                    <ol id="sortable1" class="eapmethods">
                        <?php
                        $D = [];
                        foreach ($prefill_methods as $prio => $value) {
                            print '<li>' . $value->getPrintableRep() . "</li>\n";
                            $D[$value->getPrintableRep()] = $prio;
                        }
                        ?>
                    </ol>
                </td>
                <td rowspan=3 style="text-align:center; width:12em; padding:1em">
                    <?php echo _('Use "drag &amp; drop" to mark an EAP method and move it to the supported (green) area. Prioritisation is done automatically, depending on where you "drop" the method.'); ?>
                </td>
            </tr>
            <tr id="eap_bottom_row">
                <td colspan="2"> </td>
            </tr>
            <tr>
                <th style="vertical-align:top; padding:1em">
                    <?php echo _('Unsupported EAP types'); ?>
                </th>
                <td style="vertical-align:top" id="unsupported_eap">
                    <ol id="sortable2" class="eapmethods">
                        <?php
                        foreach ($methods as $a) {
                            if ($a == \core\common\EAP::EAPTYPE_SILVERBULLET) {
                                continue;
                            }
                            $display = $a->getPrintableRep();
                            if (!isset($D[$a->getPrintableRep()])) {
                                print '<li class="eap1">' . $a->getPrintableRep() . "</li>\n";
                            }
                        }
                        ?>
                    </ol>
                </td>
            </tr>
        </table>
    </div>
    <?php
    foreach ($methods as $a) {
        $display = $a->getPrintableRep();
        $v = isset($D[$display]) ? $D[$display] : '';
        print '<input type="hidden" class="eapm" name="' . $display . '" id="EAP-' . $display . '" value="' . $display . '">';
        print '<input type="hidden" class="eapmv" name="' . $display . '-priority" id="EAP-' . $display . '-priority" value="' . $v . '">';
    }
    ?>
    <br style="clear:both;" />
</fieldset>
<?php
$idp_options = $my_inst->getAttributes();

$optionsAlreadySet = array_column($idp_options, "name");

$has_support_options = [];
$has_media_options = [];
$has_eap_options = [];
$support_text = "";
$media_text = "";
$eap_text = "";

foreach ($optionsAlreadySet as $optionNames) {
    if (preg_match("/^support:/", $optionNames)) {
        $has_support_options[$optionNames] = "SET";
        $support_text .= "<li><strong>" . $uiElements->displayName($optionNames) . "</strong></li>";
    }
    if (preg_match("/^media:/", $optionNames)) {
        $has_media_options[$$optionNames] = "SET";
        $media_text .= "<li><strong>" . $uiElements->displayName($optionNames) . "</strong></li>";
    }
}
$fields = [
    "support" => _("Helpdesk Details for this profile"),
    "eap" => _("EAP Details for this profile"),
    "media" => _("Media Properties for this profile")];

foreach ($fields as $name => $description) {
    echo "<fieldset class='option_container' id='" . $name . "_override'>
    <legend><strong>$description</strong></legend>
    <p>";

    if (count(${"has_" . $name . "_options"}) > 0) {
        printf(ngettext("The option %s is already defined IdP-wide. If you set it here on profile level, this setting will override the IdP-wide one.", "The options %s are already defined IdP-wide. If you set them here on profile level, these settings will override the IdP-wide ones.", count(${"has_" . $name . "_options"})), "<ul>" . ${$name . "_text"} . "</ul>");
    }

    echo "</p>";
    echo $optionDisplay->prefilledOptionTable($name);
    echo "<button type='button' class='newoption' onclick='getXML(\"$name\")'>" . _("Add new option") . "</button>";
    echo "</fieldset>";
}

if ($wizardStyle) {
    echo "<p>" . _("When you are sure that everything is correct, please click on 'Save data' and you will be taken to your IdP Dashboard page.") . "</p>";
}
echo "<p><button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button><button type='button' class='delete' name='abortbutton' value='abort' onclick='javascript:window.location = \"overview_idp.php?inst_id=$my_inst->identifier\"'>" . _("Discard changes") . "</button></p></form>";
echo $deco->footer();


1			<?php
2			/*
3			* *****************************************************************************
4			* Contributions to this work were made on behalf of the GÉANT project, a
5			* project that has received funding from the European Union’s Framework
6			* Programme 7 under Grant Agreements No. 238875 (GN3) and No. 605243 (GN3plus),
7			* Horizon 2020 research and innovation programme under Grant Agreements No.
8			* 691567 (GN4-1) and No. 731122 (GN4-2).
9			* On behalf of the aforementioned projects, GEANT Association is the sole owner
10			* of the copyright in all material which was developed by a member of the GÉANT
11			* project. GÉANT Vereniging (Association) is registered with the Chamber of
12			* Commerce in Amsterdam with registration number 40535155 and operates in the
13			* UK as a branch of GÉANT Vereniging.
14			*
15			* Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands.
16			* UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK
17			*
18			* License: see the web/copyright.inc.php file in the file structure or
19			* <base_url>/copyright.php after deploying the software
20			*/
21
22			/**
23			* This page is used to edit a RADIUS profile by its administrator.
24			*
25			* @author Stefan Winter <[email protected]>
26			*/
27
28			?>
29			<?php
30			require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
31
32			$deco = new \web\lib\admin\PageDecoration();
33			$validator = new \web\lib\common\InputValidation();
34			$uiElements = new web\lib\admin\UIElements();
35
36			echo $deco->defaultPagePrelude(sprintf(_("%s: IdP Enrollment Wizard (Step 3)"), \config\Master::CONFIG['APPEARANCE']['productname']));
37			require_once "inc/click_button_js.php";
38			?>
39			<script src="js/XHR.js" type="text/javascript"></script>
40			<script src="js/option_expand.js" type="text/javascript"></script>
41
42			<!-- JQuery -->
43			<script type="text/javascript" src="../external/jquery/jquery-migrate.js"></script>
44			<script type="text/javascript" src="../external/jquery/jquery-ui.js"></script>
45			<!-- EAP sorting code -->
46			<script type="text/javascript" src="js/eapSorter.js"></script>
47			<link rel='stylesheet' type='text/css' href='css/eapSorter.css' />
48			<!-- EAP sorting code end -->
49			<?php
50			// initialize inputs
51			$my_inst = $validator->existingIdP($_GET['inst_id'], $_SESSION['user']);
52			$anonLocal = "anonymous";
53			$useAnon = FALSE;
54			$checkuserOuter = FALSE;
55			$checkuserValue = "anonymous";
56			$verify = FALSE;
57			$hint = FALSE;
58			$realm = "";
59			$prefill_name = "";
60			$blacklisted = FALSE;
61
62			if (isset($_GET['profile_id'])) { // oh! We should edit an existing profile, not create a new one!
63			$wizardStyle = FALSE;
64			$my_profile = $validator->existingProfile($_GET['profile_id'], $my_inst->identifier);
65			if (!$my_profile instanceof \core\ProfileRADIUS) {
66			throw new Exception("This page is only for editing RADIUS profiles!");
67			}
68
69			$useAnon = $my_profile->getAttributes("internal:use_anon_outer");
70			if (count($useAnon) > 0) {
71			$useAnon = $useAnon[0]['value'];
72			$anonLocal = $my_profile->getAttributes("internal:anon_local_value")[0]['value'];
73			}
74
75			$checkuserOuter = $my_profile->getAttributes("internal:checkuser_outer");
76			if (count($checkuserOuter) > 0) {
77			$checkuserOuter = $checkuserOuter[0]['value'];
78			$checkuserValue = $my_profile->getAttributes("internal:checkuser_value")[0]['value'];
79			}
80
81			$verify = $my_profile->getAttributes("internal:verify_userinput_suffix")[0]['value'];
82			$hint = $my_profile->getAttributes("internal:hint_userinput_suffix")[0]['value'];
83			$realm = $my_profile->getAttributes("internal:realm")[0]['value'];
84
85			$prefill_name = $my_profile->name;
86			$prefill_methods = $my_profile->getEapMethodsinOrderOfPreference();
87			$profile_options = $my_profile->getAttributes();
88			// is there a general redirect? it is one which have device = 0
89			$blacklistEntries = $my_profile->getAttributes("device-specific:redirect");
90			$blacklisted = FALSE;
91			foreach ($blacklistEntries as $oneEntry) {
92			if ($oneEntry['device'] === NULL) { // don't act on device-level redirects
93			$blacklisted = $oneEntry['value'];
94			}
95			}
96			} else {
97			$wizardStyle = TRUE;
98			$my_profile = NULL;
99			$prefill_methods = [];
100			$profile_options = [];
101			$fed = new \core\Federation($my_inst->federation);
102			$minting = $fed->getAttributes("fed:minted_ca_file");
103			if (count($minting) > 0) {
104			$temp_profile = $my_inst->newProfile(core\AbstractProfile::PROFILETYPE_RADIUS);
105			foreach ($minting as $oneMint) {
106			$temp_profile->addAttribute("eap:ca_file", $oneMint['lang'], base64_encode($oneMint['value']));
107			}
108			$my_profile = new \core\ProfileRADIUS($temp_profile->identifier);
109			$profile_options = $my_profile->getAttributes();
110			}
111			}
112			?>
113			</head>
114			<body>
115			<?php
116			echo $deco->productheader("ADMIN-IDP");
117			?>
118			<h1>
119			<?php
120			if ($wizardStyle) {
121			echo _("Step 3: Defining a user group profile");
122			} else {
123			printf(_("Edit profile '%s' ..."), $prefill_name);
124			}
125			?>
126			</h1>
127			<?php
128			echo $uiElements->instLevelInfoBoxes($my_inst);
129
130			echo "<form enctype='multipart/form-data' action='edit_profile_result.php?inst_id=$my_inst->identifier" . ($my_profile !== NULL ? "&profile_id=" . $my_profile->identifier : "") . "' method='post' accept-charset='UTF-8'>
131			<input type='hidden' name='MAX_FILE_SIZE' value='" . \config\Master::CONFIG['MAX_UPLOAD_SIZE'] . "'>";
132			$optionDisplay = new \web\lib\admin\OptionDisplay($profile_options, "Profile");
133			?>
134			<fieldset class="option_container">
135			<legend>
136			<strong><?php echo _("General Profile properties"); ?></strong>
137			</legend>
138			<?php
139			if ($wizardStyle) {
140			echo "<p>" . _("We will now define a profile for your user group(s). You can add as many profiles as you like by choosing the appropriate button on the end of the page. After we are done, the wizard is finished and you will be taken to the main IdP administration page.") . "</p>";
141			}
142			?>
143			<h3><?php echo _("Profile Name and RADIUS realm"); ?></h3>
144			<?php
145			if ($wizardStyle) {
146			echo "<p>" . _("First of all we need a name for the profile. This will be displayed to end users, so you may want to choose a descriptive name like 'Professors', 'Students of the Faculty of Bioscience', etc.") . "</p>";
147			echo "<p>" . _("Optionally, you can provide a longer descriptive text about who this profile is for. If you specify it, it will be displayed on the download page after the user has selected the profile name in the list.") . "</p>";
148			echo "<p>" . _("You can also tell us your RADIUS realm. ");
149			if (\config\Master::CONFIG['FUNCTIONALITY_LOCATIONS']['DIAGNOSTICS'] !== NULL) {
150			printf(_("This is useful if you want to use the sanity check module later, which tests reachability of your realm in the %s infrastructure. "), \config\ConfAssistant::CONFIG['CONSORTIUM']['display_name']);
151			}
152			echo _("It is required to enter the realm name if you want to support anonymous outer identities (see below).") . "</p>";
153			}
154
155			echo $optionDisplay->prefilledOptionTable("profile");
156			?>
157			<button type='button' class='newoption' onclick='getXML("profile")'><?php echo _("Add new option"); ?></button>
158			<table>
159			<?php
160			?>
161			<tr>
162
163			<td>
164			<label for="realm">
165			<?php echo _("Realm:"); ?>
166			</label>
167			</td>
168			<td>
169			<?php echo "<input id='realm' name='realm' value='$realm' onkeyup='
170			if (this.value.length > 0)
171			{ this.form.elements[\"anon_support\"].removeAttribute(\"disabled\");
172			document.getElementById(\"anon_support_label\").removeAttribute(\"style\");
173
174			this.form.elements[\"checkuser_support\"].removeAttribute(\"disabled\");
175			document.getElementById(\"checkuser_label\").removeAttribute(\"style\");
176
177			document.getElementById(\"verify_label\").removeAttribute(\"style\");
178			document.getElementById(\"hint_label\").removeAttribute(\"style\");
179
180			} else
181			{ this.form.elements[\"anon_support\"].checked = false;
182			this.form.elements[\"anon_support\"].setAttribute(\"disabled\", \"disabled\");
183			this.form.elements[\"anon_local\"].setAttribute(\"disabled\", \"disabled\");
184			document.getElementById(\"anon_support_label\").setAttribute(\"style\", \"color:#999999\");
185
186			this.form.elements[\"checkuser_support\"].checked = false;
187			this.form.elements[\"checkuser_support\"].setAttribute(\"disabled\", \"disabled\");
188			this.form.elements[\"checkuser_local\"].setAttribute(\"disabled\", \"disabled\");
189			document.getElementById(\"checkuser_label\").setAttribute(\"style\", \"color:#999999\");
190
191			this.form.elements[\"hint_support\"].checked = false;
192			this.form.elements[\"hint_support\"].setAttribute(\"disabled\", \"disabled\");
193
194			document.getElementById(\"hint_label\").setAttribute(\"style\", \"color:#999999\");
195			};'/>"; ?>
196
197			</td>
198
199			</tr>
200
201			</table>
202			<h3><?php echo _("Realm Options"); ?></h3>
203
204			<?php
205			if ($wizardStyle) {
206			echo "<p>" . sprintf(_("Some installers support a feature called 'Anonymous outer identity'. If you don't know what this is, please read <a href='%s'>this article</a>."), "https://confluence.terena.org/display/H2eduroam/eap-types") . "</p>";
207			echo "<p>" . _("On some platforms, the installers can suggest username endings and/or verify the user input to contain the realm suffix.") . "</p>";
208			echo "<p>" . _("The realm check feature needs to know an outer ID which actually gets a chance to authenticate. If your RADIUS server lets only select usernames pass, it is useful to supply the information which of those (outer ID) username we can use for testing.") . "</p>";
209			}
210			?>
211			<p>
212
213
214			<!-- UI table to align elements-->
215			<table>
216			<tr>
217			<!-- checkbox for "verify-->
218			<td>
219			<span id='verify_label'>
220			<?php echo _("Verify user input to contain realm suffix:"); ?>
221			</span>
222			</td>
223			<td>
224			<input type='checkbox' <?php
225			echo ($verify != FALSE ? "checked" : "" );
226			?> name='verify_support' onclick='
227			if (this.form.elements["verify_support"].checked !== true \|\| this.form.elements["realm"].value.length == 0) {
228			this.form.elements["hint_support"].setAttribute("disabled", "disabled");
229			} else {
230			this.form.elements["hint_support"].removeAttribute("disabled");
231			}
232			;'/>
233			<span id='hint_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'>
234			<?php echo _("Prefill user input with realm suffix:"); ?>
235			</span>
236			<input type='checkbox' <?php echo ($verify == FALSE ? "disabled" : "" ); ?> name='hint_support' <?php echo ( $hint != FALSE ? "checked" : "" ); ?> />
237			</td>
238			</tr>
239			<tr>
240
241			<!-- checkbox and input field for anonymity support, available only when realm is known-->
242			<td>
243			<span id='anon_support_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'>
244			<?php echo _("Enable Anonymous Outer Identity:"); ?>
245			</span>
246			</td>
247			<td>
248			<input type='checkbox' <?php echo ($useAnon != FALSE ? "checked" : "" ) . ($realm == "" ? " disabled" : "" ); ?> name='anon_support' onclick='
249			if (this.form.elements["anon_support"].checked !== true) {
250			this.form.elements["anon_local"].setAttribute("disabled", "disabled");
251			} else {
252			this.form.elements["anon_local"].removeAttribute("disabled");
253			}
254			;'/>
255			<input type='text' <?php echo ($checkuserOuter == FALSE ? "disabled" : "" ); ?> name='anon_local' value='<?php echo $anonLocal; ?>'/>
256			</td>
257			</tr>
258			<tr>
259
260			<!-- checkbox and input field for check realm outer id, available only when realm is known-->
261			<td>
262			<span id='checkuser_label' style='<?php echo ($realm == "" ? "color:#999999" : "" ); ?>'>
263			<?php echo _("Use special Outer Identity for realm checks:"); ?>
264			</span>
265			</td>
266			<td>
267			<input type='checkbox' <?php echo ($checkuserOuter != FALSE ? "checked" : "" ) . ($realm == "" ? " disabled" : "" ); ?> name='checkuser_support' onclick='
268			if (this.form.elements["checkuser_support"].checked !== true) {
269			this.form.elements["checkuser_local"].setAttribute("disabled", "disabled");
270			} else {
271			this.form.elements["checkuser_local"].removeAttribute("disabled");
272			}
273			;'/>
274			<input type='text' <?php echo ($checkuserOuter == FALSE ? "disabled" : "" ); ?> name='checkuser_local' value='<?php echo $checkuserValue; ?>'/>
275			</td>
276			</tr>
277			</table>
278			</p>
279
280			<h3><?php echo _("Installer Download Location"); ?></h3>
281
282			<?php
283			if ($wizardStyle) {
284			echo "<p>" . _("The CAT has a download area for end users. There, they will, for example, learn about the support pointers you entered earlier. The CAT can also immediately offer the installers for the profile for download. If you don't want that, you can instead enter a web site location where you want your users to be redirected to. You, as the administrator, can still download the profiles to place them on that page (see the 'Compatibility Matrix' button on the dashboard).") . "</p>";
285			}
286			?>
287			<p>
288
289			<?php
290			echo "<span id='redirect_label' style='" . ($realm == "" ? "color:#999999" : "" ) . "'><label for='redirect'>" . _("Redirect end users to own web page:") . "</label></span>
291			<input type='checkbox' name='redirect' id='redirect' " . ($blacklisted === FALSE ? "" : "checked " ) . "onclick='
292			if (this.form.elements[\"redirect\"].checked != true) {
293			this.form.elements[\"redirect_target\"].setAttribute(\"disabled\", \"disabled\");
294			} else {
295			this.form.elements[\"redirect_target\"].removeAttribute(\"disabled\");
296			};'/>
297			<input type='text' name='redirect_target' " . ($blacklisted !== FALSE ? "value='$blacklisted'" : "disabled" ) . "/>";
298			?>
299			</p>
300
301			</fieldset>
302			<fieldset class="option_container">
303			<legend><strong><?php echo _("Supported EAP types"); ?></strong></legend>
304			<?php
305			if ($wizardStyle) {
306			echo "<p>" . _("Now, we need to know which EAP types your IdP supports. If you support multiple EAP types, you can assign every type a priority (1=highest). This tool will always generate an automatic installer for the EAP type with the highest priority; only if the user's device can't use that EAP type, we will use an EAP type further down in the list.") . "</p>";
307			}
308			?>
309			<?php
310
311			$methods = \core\common\EAP::listKnownEAPTypes();
312			?>
313
314			<?php
315			// new EAP sorting code
316
317			foreach ($methods as $a) {
318			$display = $a->getPrintableRep();
319			$enabled = FALSE;
320			foreach ($prefill_methods as $prio => $value) {
321			if ($a->getPrintableRep() == $value->getPrintableRep()) {
322			$enabled = TRUE;
323			$countactive = $prio + 1;
324			}
325			}
326			}
327			?>
328			<div>
329			<table style="border:none">
330			<tr>
331			<th style="vertical-align:top; padding:1em">
332			<?php echo _('Supported EAP types for this profile'); ?>
333			</th>
334			<td id="supported_eap">
335			<ol id="sortable1" class="eapmethods">
336			<?php
337			$D = [];
338			foreach ($prefill_methods as $prio => $value) {
339			print '<li>' . $value->getPrintableRep() . "</li>\n";
340			$D[$value->getPrintableRep()] = $prio;
341			}
342			?>
343			</ol>
344			</td>
345			<td rowspan=3 style="text-align:center; width:12em; padding:1em">
346			<?php echo _('Use "drag & drop" to mark an EAP method and move it to the supported (green) area. Prioritisation is done automatically, depending on where you "drop" the method.'); ?>
347			</td>
348			</tr>
349			<tr id="eap_bottom_row">
350			<td colspan="2"> </td>
351			</tr>
352			<tr>
353			<th style="vertical-align:top; padding:1em">
354			<?php echo _('Unsupported EAP types'); ?>
355			</th>
356			<td style="vertical-align:top" id="unsupported_eap">
357			<ol id="sortable2" class="eapmethods">
358			<?php
359			foreach ($methods as $a) {
360			if ($a == \core\common\EAP::EAPTYPE_SILVERBULLET) {
361			continue;
362			}
363			$display = $a->getPrintableRep();
364			if (!isset($D[$a->getPrintableRep()])) {
365			print '<li class="eap1">' . $a->getPrintableRep() . "</li>\n";
366			}
367			}
368			?>
369			</ol>
370			</td>
371			</tr>
372			</table>
373			</div>
374			<?php
375			foreach ($methods as $a) {
376			$display = $a->getPrintableRep();
377			$v = isset($D[$display]) ? $D[$display] : '';
378			print '<input type="hidden" class="eapm" name="' . $display . '" id="EAP-' . $display . '" value="' . $display . '">';
379			print '<input type="hidden" class="eapmv" name="' . $display . '-priority" id="EAP-' . $display . '-priority" value="' . $v . '">';
380			}
381			?>
382			<br style="clear:both;" />
383			</fieldset>
384			<?php
385			$idp_options = $my_inst->getAttributes();
386
387			$optionsAlreadySet = array_column($idp_options, "name");
388
389			$has_support_options = [];
390			$has_media_options = [];
391			$has_eap_options = [];
392			$support_text = "";
393			$media_text = "";
394			$eap_text = "";
395
396			foreach ($optionsAlreadySet as $optionNames) {
397			if (preg_match("/^support:/", $optionNames)) {
398			$has_support_options[$optionNames] = "SET";
399			$support_text .= "<li><strong>" . $uiElements->displayName($optionNames) . "</strong></li>";
400			}
401			if (preg_match("/^media:/", $optionNames)) {
402			$has_media_options[$$optionNames] = "SET";
403			$media_text .= "<li><strong>" . $uiElements->displayName($optionNames) . "</strong></li>";
404			}
405			}
406			$fields = [
407			"support" => _("Helpdesk Details for this profile"),
408			"eap" => _("EAP Details for this profile"),
409			"media" => _("Media Properties for this profile")];
410
411			foreach ($fields as $name => $description) {
412			echo "<fieldset class='option_container' id='" . $name . "_override'>
413			<legend><strong>$description</strong></legend>
414			<p>";
415
416			if (count(${"has_" . $name . "_options"}) > 0) {
417			printf(ngettext("The option %s is already defined IdP-wide. If you set it here on profile level, this setting will override the IdP-wide one.", "The options %s are already defined IdP-wide. If you set them here on profile level, these settings will override the IdP-wide ones.", count(${"has_" . $name . "_options"})), "<ul>" . ${$name . "_text"} . "</ul>");
418			}
419
420			echo "</p>";
421			echo $optionDisplay->prefilledOptionTable($name);
422			echo "<button type='button' class='newoption' onclick='getXML(\"$name\")'>" . _("Add new option") . "</button>";
423			echo "</fieldset>";
424			}
425
426			if ($wizardStyle) {
427			echo "<p>" . _("When you are sure that everything is correct, please click on 'Save data' and you will be taken to your IdP Dashboard page.") . "</p>";
428			}
429			echo "<p><button type='submit' name='submitbutton' value='" . web\lib\common\FormElements::BUTTON_SAVE . "'>" . _("Save data") . "</button><button type='button' class='delete' name='abortbutton' value='abort' onclick='javascript:window.location = \"overview_idp.php?inst_id=$my_inst->identifier\"'>" . _("Discard changes") . "</button></p></form>";
430			echo $deco->footer();
431

GEANT / CAT

Push — master ( 3e6070...95d24c )

priority() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like