GEANT /
CAT
@@ -53,14 +53,14 @@ |
||
| 53 | 53 | } |
| 54 | 54 | |
| 55 | 55 | switch ($_GET['token']) { |
| 56 | - case "SELF-REGISTER": |
|
| 57 | - $token = "SELF-REGISTER"; |
|
| 58 | - $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW; |
|
| 59 | - $federation = CONFIG_CONFASSISTANT['CONSORTIUM']['selfservice_registration']; |
|
| 60 | - break; |
|
| 61 | - default: |
|
| 62 | - $token = $validator->token(filter_input(INPUT_GET,'token',FILTER_SANITIZE_STRING)); |
|
| 63 | - $checkval = $usermgmt->checkTokenValidity($token); |
|
| 56 | + case "SELF-REGISTER": |
|
| 57 | + $token = "SELF-REGISTER"; |
|
| 58 | + $checkval = \core\UserManagement::TOKENSTATUS_OK_NEW; |
|
| 59 | + $federation = CONFIG_CONFASSISTANT['CONSORTIUM']['selfservice_registration']; |
|
| 60 | + break; |
|
| 61 | + default: |
|
| 62 | + $token = $validator->token(filter_input(INPUT_GET,'token',FILTER_SANITIZE_STRING)); |
|
| 63 | + $checkval = $usermgmt->checkTokenValidity($token); |
|
| 64 | 64 | } |
| 65 | 65 | |
| 66 | 66 | if ($checkval < 0) { |
@@ -96,6 +96,12 @@ |
||
| 96 | 96 | */ |
| 97 | 97 | protected $frontendHandle; |
| 98 | 98 | |
| 99 | + /** |
|
| 100 | + * @param integer $idpIdentifier |
|
| 101 | + * @param string $deviceId |
|
| 102 | + * @param string $area |
|
| 103 | + * @param string $lang |
|
| 104 | + */ |
|
| 99 | 105 | protected function saveDownloadDetails($idpIdentifier, $profileId, $deviceId, $area, $lang, $eapType) { |
| 100 | 106 | if (CONFIG['PATHS']['logdir']) { |
| 101 | 107 | $file = fopen(CONFIG['PATHS']['logdir'] . "/download_details.log", "a"); |
@@ -216,7 +216,7 @@ |
||
| 216 | 216 | * realm (and indirectly that of the links and statuses of involved proxies |
| 217 | 217 | * and returns a judgment whether external Monitoring API tests are warranted |
| 218 | 218 | * or not |
| 219 | - * @return boolean TRUE if external tests have to be run |
|
| 219 | + * @return boolean|null TRUE if external tests have to be run |
|
| 220 | 220 | */ |
| 221 | 221 | private function CATInternalTests() { |
| 222 | 222 | // we are expecting to get a REJECT from all runs, because that means the packet got through to the IdP. |
@@ -77,84 +77,84 @@ |
||
| 77 | 77 | } |
| 78 | 78 | |
| 79 | 79 | switch ($operationMode) { |
| 80 | - case OPERATION_MODE_EDIT: |
|
| 81 | - $idp = $validator->IdP($_GET['inst_id']); |
|
| 82 | - // editing IdPs is done from within the popup. When we're done, send the |
|
| 83 | - // user back to the popup (append the result of the operation later) |
|
| 84 | - $redirect_destination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&"; |
|
| 85 | - $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination); |
|
| 86 | - // is the user primary admin of this IdP? |
|
| 87 | - $is_owner = $idp->isPrimaryOwner($_SESSION['user']); |
|
| 88 | - // check if he is (also) federation admin for the federation this IdP is in. His invitations have more blessing then. |
|
| 89 | - $fedadmin = $userObject->isFederationAdmin($idp->federation); |
|
| 90 | - // check if he is either one, if not, complain |
|
| 91 | - if (!$is_owner && !$fedadmin) { |
|
| 92 | - echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclature_fed, $uiElements->nomenclature_fed, $uiElements->nomenclature_inst) . "</p>"; |
|
| 93 | - exit(1); |
|
| 94 | - } |
|
| 80 | + case OPERATION_MODE_EDIT: |
|
| 81 | + $idp = $validator->IdP($_GET['inst_id']); |
|
| 82 | + // editing IdPs is done from within the popup. When we're done, send the |
|
| 83 | + // user back to the popup (append the result of the operation later) |
|
| 84 | + $redirect_destination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&"; |
|
| 85 | + $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination); |
|
| 86 | + // is the user primary admin of this IdP? |
|
| 87 | + $is_owner = $idp->isPrimaryOwner($_SESSION['user']); |
|
| 88 | + // check if he is (also) federation admin for the federation this IdP is in. His invitations have more blessing then. |
|
| 89 | + $fedadmin = $userObject->isFederationAdmin($idp->federation); |
|
| 90 | + // check if he is either one, if not, complain |
|
| 91 | + if (!$is_owner && !$fedadmin) { |
|
| 92 | + echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclature_fed, $uiElements->nomenclature_fed, $uiElements->nomenclature_inst) . "</p>"; |
|
| 93 | + exit(1); |
|
| 94 | + } |
|
| 95 | 95 | |
| 96 | - $prettyprintname = $idp->name; |
|
| 97 | - $newtoken = $mgmt->createToken($fedadmin, $mailaddress, $idp); |
|
| 98 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . $mailaddress); |
|
| 99 | - $introtext = sprintf(_("a %s of the %s %s \"%s\" has invited you to manage the %s together with him."), $uiElements->nomenclature_fed, CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $uiElements->nomenclature_inst, $prettyprintname, $uiElements->nomenclature_inst) . " " . sprintf(_("This invitation is valid for 24 hours from now, i.e. until %s."), strftime("%x %X", time() + 86400)); |
|
| 100 | - break; |
|
| 101 | - case OPERATION_MODE_NEWUNLINKED: |
|
| 102 | - $redirect_destination = "../overview_federation.php?"; |
|
| 103 | - $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination); |
|
| 104 | - // run an input check and conversion of the raw inputs... just in case |
|
| 105 | - $newinstname = $validator->string($_POST['name']); |
|
| 106 | - $newcountry = $validator->string($_POST['country']); |
|
| 107 | - $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry); |
|
| 108 | - if ($new_idp_authorized_fedadmin !== TRUE) { |
|
| 109 | - throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclature_inst . ", but are not a " . $uiElements->nomenclature_fed . " admin for the " . $uiElements->nomenclature_fed . " it should be in!"); |
|
| 110 | - } |
|
| 111 | - $federation = $validator->Federation($newcountry); |
|
| 112 | - $prettyprintname = $newinstname; |
|
| 113 | - $introtext = sprintf(_("a %s %s has invited you to manage the future %s \"%s\" (%s)."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $uiElements->nomenclature_fed, $uiElements->nomenclature_inst, $prettyprintname, $newcountry) . " " . sprintf(_("This invitation is valid for 24 hours from now, i.e. until %s."), strftime("%x %X", time() + 86400)); |
|
| 114 | - // send the user back to his federation overview page, append the result of the operation later |
|
| 115 | - // do the token creation magic |
|
| 116 | - $newtoken = $mgmt->createToken(TRUE, $mailaddress, $newinstname, 0, $newcountry); |
|
| 117 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE - Token created for " . $mailaddress); |
|
| 118 | - break; |
|
| 119 | - case OPERATION_MODE_NEWFROMDB: |
|
| 120 | - $redirect_destination = "../overview_federation.php?"; |
|
| 121 | - $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination); |
|
| 122 | - // a real external DB entry was submitted and all the required parameters are there |
|
| 123 | - $newexternalid = $validator->string($_POST['externals']); |
|
| 124 | - $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid); |
|
| 125 | - $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']); |
|
| 126 | - if ($new_idp_authorized_fedadmin !== TRUE) { |
|
| 127 | - throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclature_inst . ", but are not a " . $uiElements->nomenclature_fed . " admin for the " . $uiElements->nomenclature_fed . " it should be in!"); |
|
| 128 | - } |
|
| 129 | - $federation = $validator->Federation($extinfo['country']); |
|
| 130 | - $newcountry = $extinfo['country']; |
|
| 131 | - // see if the inst name is defined in the currently set language; if not, pick its English name; if N/A, pick the last in the list |
|
| 132 | - $prettyprintname = ""; |
|
| 133 | - foreach ($extinfo['names'] as $lang => $name) { |
|
| 134 | - if ($lang == $languageInstance->getLang()) { |
|
| 135 | - $prettyprintname = $name; |
|
| 96 | + $prettyprintname = $idp->name; |
|
| 97 | + $newtoken = $mgmt->createToken($fedadmin, $mailaddress, $idp); |
|
| 98 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . $mailaddress); |
|
| 99 | + $introtext = sprintf(_("a %s of the %s %s \"%s\" has invited you to manage the %s together with him."), $uiElements->nomenclature_fed, CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $uiElements->nomenclature_inst, $prettyprintname, $uiElements->nomenclature_inst) . " " . sprintf(_("This invitation is valid for 24 hours from now, i.e. until %s."), strftime("%x %X", time() + 86400)); |
|
| 100 | + break; |
|
| 101 | + case OPERATION_MODE_NEWUNLINKED: |
|
| 102 | + $redirect_destination = "../overview_federation.php?"; |
|
| 103 | + $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination); |
|
| 104 | + // run an input check and conversion of the raw inputs... just in case |
|
| 105 | + $newinstname = $validator->string($_POST['name']); |
|
| 106 | + $newcountry = $validator->string($_POST['country']); |
|
| 107 | + $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry); |
|
| 108 | + if ($new_idp_authorized_fedadmin !== TRUE) { |
|
| 109 | + throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclature_inst . ", but are not a " . $uiElements->nomenclature_fed . " admin for the " . $uiElements->nomenclature_fed . " it should be in!"); |
|
| 136 | 110 | } |
| 137 | - } |
|
| 138 | - if ($prettyprintname == "" && isset($extinfo['names']['en'])) { |
|
| 139 | - $prettyprintname = $extinfo['names']['en']; |
|
| 140 | - } |
|
| 141 | - if ($prettyprintname == "") { |
|
| 142 | - foreach ($extinfo['names'] as $name) { |
|
| 143 | - $prettyprintname = $name; |
|
| 111 | + $federation = $validator->Federation($newcountry); |
|
| 112 | + $prettyprintname = $newinstname; |
|
| 113 | + $introtext = sprintf(_("a %s %s has invited you to manage the future %s \"%s\" (%s)."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $uiElements->nomenclature_fed, $uiElements->nomenclature_inst, $prettyprintname, $newcountry) . " " . sprintf(_("This invitation is valid for 24 hours from now, i.e. until %s."), strftime("%x %X", time() + 86400)); |
|
| 114 | + // send the user back to his federation overview page, append the result of the operation later |
|
| 115 | + // do the token creation magic |
|
| 116 | + $newtoken = $mgmt->createToken(TRUE, $mailaddress, $newinstname, 0, $newcountry); |
|
| 117 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE - Token created for " . $mailaddress); |
|
| 118 | + break; |
|
| 119 | + case OPERATION_MODE_NEWFROMDB: |
|
| 120 | + $redirect_destination = "../overview_federation.php?"; |
|
| 121 | + $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination); |
|
| 122 | + // a real external DB entry was submitted and all the required parameters are there |
|
| 123 | + $newexternalid = $validator->string($_POST['externals']); |
|
| 124 | + $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid); |
|
| 125 | + $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']); |
|
| 126 | + if ($new_idp_authorized_fedadmin !== TRUE) { |
|
| 127 | + throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclature_inst . ", but are not a " . $uiElements->nomenclature_fed . " admin for the " . $uiElements->nomenclature_fed . " it should be in!"); |
|
| 144 | 128 | } |
| 145 | - } |
|
| 146 | - // fill the rest of the text |
|
| 147 | - $introtext = sprintf(_("a %s %s has invited you to manage the %s \"%s\"."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $uiElements->nomenclature_fed, $uiElements->nomenclature_inst, $prettyprintname) . " " . sprintf(_("This invitation is valid for 24 hours from now, i.e. until %s."), strftime("%x %X", time() + 86400)); |
|
| 148 | - // do the token creation magic |
|
| 149 | - $newtoken = $mgmt->createToken(TRUE, $mailaddress, $prettyprintname, $newexternalid); |
|
| 150 | - $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE - Token created for " . $mailaddress); |
|
| 151 | - break; |
|
| 152 | - default: // includes OPERATION_MODE_INVALID |
|
| 153 | - $wrongcontent = print_r($_POST, TRUE); |
|
| 154 | - echo "<pre>Wrong parameters in POST: |
|
| 129 | + $federation = $validator->Federation($extinfo['country']); |
|
| 130 | + $newcountry = $extinfo['country']; |
|
| 131 | + // see if the inst name is defined in the currently set language; if not, pick its English name; if N/A, pick the last in the list |
|
| 132 | + $prettyprintname = ""; |
|
| 133 | + foreach ($extinfo['names'] as $lang => $name) { |
|
| 134 | + if ($lang == $languageInstance->getLang()) { |
|
| 135 | + $prettyprintname = $name; |
|
| 136 | + } |
|
| 137 | + } |
|
| 138 | + if ($prettyprintname == "" && isset($extinfo['names']['en'])) { |
|
| 139 | + $prettyprintname = $extinfo['names']['en']; |
|
| 140 | + } |
|
| 141 | + if ($prettyprintname == "") { |
|
| 142 | + foreach ($extinfo['names'] as $name) { |
|
| 143 | + $prettyprintname = $name; |
|
| 144 | + } |
|
| 145 | + } |
|
| 146 | + // fill the rest of the text |
|
| 147 | + $introtext = sprintf(_("a %s %s has invited you to manage the %s \"%s\"."), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $uiElements->nomenclature_fed, $uiElements->nomenclature_inst, $prettyprintname) . " " . sprintf(_("This invitation is valid for 24 hours from now, i.e. until %s."), strftime("%x %X", time() + 86400)); |
|
| 148 | + // do the token creation magic |
|
| 149 | + $newtoken = $mgmt->createToken(TRUE, $mailaddress, $prettyprintname, $newexternalid); |
|
| 150 | + $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE - Token created for " . $mailaddress); |
|
| 151 | + break; |
|
| 152 | + default: // includes OPERATION_MODE_INVALID |
|
| 153 | + $wrongcontent = print_r($_POST, TRUE); |
|
| 154 | + echo "<pre>Wrong parameters in POST: |
|
| 155 | 155 | " . htmlspecialchars($wrongcontent) . " |
| 156 | 156 | </pre>"; |
| 157 | - exit(1); |
|
| 157 | + exit(1); |
|
| 158 | 158 | } |
| 159 | 159 | // are we on https? |
| 160 | 160 | $proto = "http://"; |
@@ -254,7 +254,7 @@ |
||
| 254 | 254 | * create a CSR |
| 255 | 255 | * |
| 256 | 256 | * @param resource $privateKey the private key to create the CSR with |
| 257 | - * @return array with the CSR and some meta info |
|
| 257 | + * @return integer with the CSR and some meta info |
|
| 258 | 258 | */ |
| 259 | 259 | private function generateCsr($privateKey) { |
| 260 | 260 | // token leads us to the NRO, to set the OU property of the cert |
@@ -138,6 +138,7 @@ discard block |
||
| 138 | 138 | * |
| 139 | 139 | * @param string $device |
| 140 | 140 | * @param AbstractProfile $profile |
| 141 | + * @param string $generatedFor |
|
| 141 | 142 | * @return array info about the new installer (mime and link) |
| 142 | 143 | */ |
| 143 | 144 | private function generateNewInstaller($device, $profile, $generatedFor, $token, $password) { |
@@ -327,6 +328,7 @@ discard block |
||
| 327 | 328 | * @param string either 'idp' or 'federation' is allowed |
| 328 | 329 | * @param int $width maximum width of the generated image - if 0 then it is treated as no upper bound |
| 329 | 330 | * @param int $height maximum height of the generated image - if 0 then it is treated as no upper bound |
| 331 | + * @param string $type |
|
| 330 | 332 | * @return array|null array with image information or NULL if there is no logo |
| 331 | 333 | */ |
| 332 | 334 | protected function getLogo($identifier, $type, $width = 0, $height = 0) { |
@@ -371,6 +373,10 @@ discard block |
||
| 371 | 373 | return ["filetype" => $filetype, "expires" => $expiresString, "blob" => $blob]; |
| 372 | 374 | } |
| 373 | 375 | |
| 376 | + /** |
|
| 377 | + * @param integer $width |
|
| 378 | + * @param integer $height |
|
| 379 | + */ |
|
| 374 | 380 | private function testForResize($width, $height) { |
| 375 | 381 | if (is_numeric($width) && is_numeric($height) && ($width > 0 || $height > 0)) { |
| 376 | 382 | if ($height == 0) { |
@@ -474,6 +480,7 @@ discard block |
||
| 474 | 480 | /** |
| 475 | 481 | * Order active identity providers according to their distance and name |
| 476 | 482 | * @param array $currentLocation - current location |
| 483 | + * @param string $country |
|
| 477 | 484 | * @return array $IdPs - list of arrays ('id', 'name'); |
| 478 | 485 | */ |
| 479 | 486 | public function orderIdentityProviders($country, $currentLocation = NULL) { |
@@ -142,6 +142,9 @@ discard block |
||
| 142 | 142 | return $retval; |
| 143 | 143 | } |
| 144 | 144 | |
| 145 | + /** |
|
| 146 | + * @param integer $rowid |
|
| 147 | + */ |
|
| 145 | 148 | private function selectElement($rowid, $list) { |
| 146 | 149 | $jsmagic = "onchange=' |
| 147 | 150 | if (/#ML#/.test(document.getElementById(\"option-S" . $rowid . "-select\").value)) { |
@@ -183,6 +186,10 @@ discard block |
||
| 183 | 186 | return ["TEXT" => $retval, "ACTIVE" => $activelisttype]; |
| 184 | 187 | } |
| 185 | 188 | |
| 189 | + /** |
|
| 190 | + * @param integer $rowid |
|
| 191 | + * @param boolean $makeVisible |
|
| 192 | + */ |
|
| 186 | 193 | private function selectLanguage($rowid, $makeVisible) { |
| 187 | 194 | $retval = "<select style='display:" . ($makeVisible ? "block" : "none") . "' name='value[S$rowid-lang]' id='S" . $rowid . "-input-langselect'> |
| 188 | 195 | <option value='' name='select_language' selected>" . _("select language") . "</option> |
@@ -203,6 +210,9 @@ discard block |
||
| 203 | 210 | \core\Options::TYPECODE_TEXT => ["html" => "textarea cols='30' rows='3'", "tail" => '></textarea'], |
| 204 | 211 | ]; |
| 205 | 212 | |
| 213 | + /** |
|
| 214 | + * @param integer $rowid |
|
| 215 | + */ |
|
| 206 | 216 | private function inputFields($rowid, $activetype) { |
| 207 | 217 | $retval = ""; |
| 208 | 218 | foreach (OptionDisplay::HTML_DATATYPE_TEXTS as $key => $type) { |
@@ -235,7 +245,7 @@ discard block |
||
| 235 | 245 | * @param int $rowid the HTML field base name of the option to be displayed |
| 236 | 246 | * @param string $optionName the name of the option to display |
| 237 | 247 | * @param string $optionValue the value of the option to display |
| 238 | - * @param mixed $optionLang the language of the option to display |
|
| 248 | + * @param null|string $optionLang the language of the option to display |
|
| 239 | 249 | * @return string HTML code |
| 240 | 250 | * @throws Exception |
| 241 | 251 | */ |
@@ -287,6 +287,9 @@ discard block |
||
| 287 | 287 | } |
| 288 | 288 | } |
| 289 | 289 | |
| 290 | + /** |
|
| 291 | + * @param Type $eaptype |
|
| 292 | + */ |
|
| 290 | 293 | private function setServerSideCredentials($eaptype) { |
| 291 | 294 | $attr = $this->attributes; |
| 292 | 295 | $serversidecredential = new ServerSideCredential(); |
@@ -331,6 +334,9 @@ discard block |
||
| 331 | 334 | return($clientsidecredential); |
| 332 | 335 | } |
| 333 | 336 | |
| 337 | + /** |
|
| 338 | + * @param Type $eaptype |
|
| 339 | + */ |
|
| 334 | 340 | private function setEapMethod($eaptype) { |
| 335 | 341 | $attr = $this->attributes; |
| 336 | 342 | $eapmethod = new EAPMethod(); |
@@ -138,6 +138,9 @@ discard block |
||
| 138 | 138 | return($out); |
| 139 | 139 | } |
| 140 | 140 | |
| 141 | + /** |
|
| 142 | + * @param integer $maxSize |
|
| 143 | + */ |
|
| 141 | 144 | private function scaleLogo($imagePath, $maxSize) { |
| 142 | 145 | $imageObject = new \Imagick($imagePath); |
| 143 | 146 | $imageSize = $imageObject->getImageGeometry(); |
@@ -226,6 +229,9 @@ discard block |
||
| 226 | 229 | $this->loggerInstance->debug(4, "compileNSIS:$command\n"); |
| 227 | 230 | } |
| 228 | 231 | |
| 232 | + /** |
|
| 233 | + * @param string $type |
|
| 234 | + */ |
|
| 229 | 235 | private function getSupport($attr, $type) { |
| 230 | 236 | $supportString = [ |
| 231 | 237 | 'email' => 'SUPPORT', |
