GEANT / CAT

web/lib/admin/API.php

Spacing +17 added lines, -17 removed lines

@@ -23,7 +23,7 @@ 
 
 use Exception;
 
-require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php";
+require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php";
 
 class API {
 
@@ -84,7 +84,7 @@ 
     const ACTIONS = [
         # inst-level actions
         API::ACTION_NEWINST_BY_REF => [
-            "REQ" => [API::AUXATTRIB_EXTERNALID,],
+            "REQ" => [API::AUXATTRIB_EXTERNALID, ],
             "OPT" => [
                 'general:geo_coordinates',
                 'general:logo_file',
@@ -101,7 +101,7 @@ 
             ],
         ],
         API::ACTION_NEWINST => [
-            "REQ" => [API::AUXATTRIB_INSTTYPE,], // "IdP", "SP" or "IdPSP"
+            "REQ" => [API::AUXATTRIB_INSTTYPE, ], // "IdP", "SP" or "IdPSP"
             "OPT" => [
                 'general:instname',
                 'general:geo_coordinates',
@@ -144,7 +144,7 @@ 
             "OPT" => [API::AUXATTRIB_TARGETMAIL],
             "RETVAL" => [
                 ["TOKEN URL", 
-                 "EMAIL SENT",              // dependent on TARGETMAIL input
+                 "EMAIL SENT", // dependent on TARGETMAIL input
                  "EMAIL TRANSPORT SECURE"], // dependent on TARGETMAIL input
             ]
         ],
@@ -206,7 +206,7 @@ 
         API::ACTION_ENDUSER_NEW => [
             "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID, API::AUXATTRIB_SB_USERNAME, API::AUXATTRIB_SB_EXPIRY],
             "OPT" => [],
-            "RETVAL" => [ API::AUXATTRIB_SB_USERNAME, API::AUXATTRIB_SB_USERID ],
+            "RETVAL" => [API::AUXATTRIB_SB_USERNAME, API::AUXATTRIB_SB_USERID],
         ],
         API::ACTION_ENDUSER_DEACTIVATE => [
             "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID, API::AUXATTRIB_SB_USERID],
@@ -217,7 +217,7 @@ 
             "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID],
             "OPT" => [],
             "RETVAL" => [
-                [ API::AUXATTRIB_SB_USERID => API::AUXATTRIB_SB_USERNAME],
+                [API::AUXATTRIB_SB_USERID => API::AUXATTRIB_SB_USERNAME],
             ],
         ],
         API::ACTION_TOKEN_NEW => [
@@ -226,9 +226,9 @@ 
             "RETVAL" => [
                 API::AUXATTRIB_TOKENURL, 
                 API::AUXATTRIB_TOKEN, 
-                "EMAIL SENT",             // dependent on TARGETMAIL input
+                "EMAIL SENT", // dependent on TARGETMAIL input
                 "EMAIL TRANSPORT SECURE", // dependent on TARGETMAIL input
-                "SMS SENT",               // dependent on TARGETSMS input
+                "SMS SENT", // dependent on TARGETSMS input
             ]
         ],
         API::ACTION_TOKEN_REVOKE => [
@@ -247,7 +247,7 @@ 
             "REQ" => [API::AUXATTRIB_CAT_PROFILE_ID, API::AUXATTRIB_SB_USERID],
             "OPT" => [],
             "RETVAL" => [
-                [ API::AUXATTRIB_SB_CERTSERIAL => ["ISSUED", "EXPIRY", "STATUS", "DEVICE", "CN" ]]
+                [API::AUXATTRIB_SB_CERTSERIAL => ["ISSUED", "EXPIRY", "STATUS", "DEVICE", "CN"]]
             ]
         ],
         API::ACTION_CERT_REVOKE => [
@@ -377,8 +377,8 @@ 
 
                 case \core\Options::TYPECODE_COORDINATES:
                     $extension = \core\Options::TYPECODE_TEXT;
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    $coercedInline["value"][$basename . "-" . $extension] = $oneAttrib['VALUE'];
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    $coercedInline["value"][$basename."-".$extension] = $oneAttrib['VALUE'];
                     break;
                 case \core\Options::TYPECODE_TEXT:
                 // fall-through: they all get the same treatment
@@ -388,19 +388,19 @@ 
                 // fall-through: they all get the same treatment
                 case \core\Options::TYPECODE_INTEGER:
                     $extension = $optionInfo['type'];
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    $coercedInline["value"][$basename . "-" . $extension] = $oneAttrib['VALUE'];
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    $coercedInline["value"][$basename."-".$extension] = $oneAttrib['VALUE'];
                     if ($optionInfo['flag'] == "ML") {
-                        $coercedInline["value"][$basename . "-lang"] = $oneAttrib['LANG'];
+                        $coercedInline["value"][$basename."-lang"] = $oneAttrib['LANG'];
                     }
                     break;
                 case \core\Options::TYPECODE_FILE:
                     // binary data is expected in base64 encoding. This is true
                     // also for PEM files!
                     $extension = $optionInfo['type'];
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    file_put_contents($dir['dir'] . "/" . $basename . "-" . $extension, base64_decode($oneAttrib['VALUE']));
-                    $coercedFile["value"]['tmp_name'][$basename . "-" . $extension] = $dir['dir'] . "/" . $basename . "-" . $extension;
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    file_put_contents($dir['dir']."/".$basename."-".$extension, base64_decode($oneAttrib['VALUE']));
+                    $coercedFile["value"]['tmp_name'][$basename."-".$extension] = $dir['dir']."/".$basename."-".$extension;
                     break;
                 default:
                     throw new Exception("We don't seem to know this type code!");

web/admin/inc/sendinvite.inc.php

Switch Indentation +77 added lines, -77 removed lines

@@ -100,88 +100,88 @@
 }
 
 switch ($operationMode) {
-    case OPERATION_MODE_EDIT:
-        $idp = $validator->IdP($_GET['inst_id']);
-        // editing IdPs is done from within the popup. When we're done, send the 
-        // user back to the popup (append the result of the operation later)
-        $redirect_destination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&";
-        $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination);
-        // is the user primary admin of this IdP?
-        $is_owner = $idp->isPrimaryOwner($_SESSION['user']);
-        // check if he is (also) federation admin for the federation this IdP is in. His invitations have more blessing then.
-        $fedadmin = $userObject->isFederationAdmin($idp->federation);
-        // check if he is either one, if not, complain
-        if (!$is_owner && !$fedadmin) {
-            echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst) . "</p>";
-            exit(1);
-        }
+        case OPERATION_MODE_EDIT:
+            $idp = $validator->IdP($_GET['inst_id']);
+            // editing IdPs is done from within the popup. When we're done, send the 
+            // user back to the popup (append the result of the operation later)
+            $redirect_destination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&";
+            $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination);
+            // is the user primary admin of this IdP?
+            $is_owner = $idp->isPrimaryOwner($_SESSION['user']);
+            // check if he is (also) federation admin for the federation this IdP is in. His invitations have more blessing then.
+            $fedadmin = $userObject->isFederationAdmin($idp->federation);
+            // check if he is either one, if not, complain
+            if (!$is_owner && !$fedadmin) {
+                echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst) . "</p>";
+                exit(1);
+            }
 
-        $prettyprintname = $idp->name;
-        $newtokens = $mgmt->createTokens($fedadmin, $mailaddress, $idp);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . implode(",", $mailaddress));
-        $introtext = "CO-ADMIN";
-        $participant_type = $idp->type;
-        break;
-    case OPERATION_MODE_NEWUNLINKED:
-        $redirect_destination = "../overview_federation.php?";
-        $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination);
-        // run an input check and conversion of the raw inputs... just in case
-        $newinstname = $validator->string($_POST['name']);
-        $newcountry = $validator->string($_POST['country']);
-        $participant_type = $validator->partType($_POST['participant_type']);
-        $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry);
-        if ($new_idp_authorized_fedadmin !== TRUE) {
-            throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
-        }
-        $federation = $validator->Federation($newcountry);
-        $prettyprintname = $newinstname;
-        $introtext = "NEW-FED";
-        // send the user back to his federation overview page, append the result of the operation later
-        // do the token creation magic
-        $newtokens = $mgmt->createTokens(TRUE, $mailaddress, $newinstname, 0, $newcountry, $participant_type);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE  - Token created for $participant_type " . implode(",", $mailaddress));
-        break;
-    case OPERATION_MODE_NEWFROMDB:
-        $redirect_destination = "../overview_federation.php?";
-        $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination);
-        // a real external DB entry was submitted and all the required parameters are there
-        $newexternalid = $validator->string($_POST['externals']);
-        $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid);
-        $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']);
-        if ($new_idp_authorized_fedadmin !== TRUE) {
-            throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
-        }
-        $federation = $validator->Federation($extinfo['country']);
-        $newcountry = $extinfo['country'];
-        // see if the inst name is defined in the currently set language; if not, pick its English name; if N/A, pick the last in the list
-        $prettyprintname = "";
-        foreach ($extinfo['names'] as $lang => $name) {
-            if ($lang == $languageInstance->getLang()) {
-                $prettyprintname = $name;
+            $prettyprintname = $idp->name;
+            $newtokens = $mgmt->createTokens($fedadmin, $mailaddress, $idp);
+            $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . implode(",", $mailaddress));
+            $introtext = "CO-ADMIN";
+            $participant_type = $idp->type;
+            break;
+        case OPERATION_MODE_NEWUNLINKED:
+            $redirect_destination = "../overview_federation.php?";
+            $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination);
+            // run an input check and conversion of the raw inputs... just in case
+            $newinstname = $validator->string($_POST['name']);
+            $newcountry = $validator->string($_POST['country']);
+            $participant_type = $validator->partType($_POST['participant_type']);
+            $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry);
+            if ($new_idp_authorized_fedadmin !== TRUE) {
+                throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
             }
-        }
-        if ($prettyprintname == "" && isset($extinfo['names']['en'])) {
-            $prettyprintname = $extinfo['names']['en'];
-        }
-        if ($prettyprintname == "") {
-            foreach ($extinfo['names'] as $name) {
-                $prettyprintname = $name;
+            $federation = $validator->Federation($newcountry);
+            $prettyprintname = $newinstname;
+            $introtext = "NEW-FED";
+            // send the user back to his federation overview page, append the result of the operation later
+            // do the token creation magic
+            $newtokens = $mgmt->createTokens(TRUE, $mailaddress, $newinstname, 0, $newcountry, $participant_type);
+            $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE  - Token created for $participant_type " . implode(",", $mailaddress));
+            break;
+        case OPERATION_MODE_NEWFROMDB:
+            $redirect_destination = "../overview_federation.php?";
+            $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination);
+            // a real external DB entry was submitted and all the required parameters are there
+            $newexternalid = $validator->string($_POST['externals']);
+            $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid);
+            $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']);
+            if ($new_idp_authorized_fedadmin !== TRUE) {
+                throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
             }
-        }
-        // TODO when we have access to the data
-        $participant_type = "IdPSP";
-        // fill the rest of the text
-        $introtext = "EXISTING-FED";
-        // do the token creation magic
-        $newtokens = $mgmt->createTokens(TRUE, $mailaddress, $prettyprintname, $newexternalid);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE  - Token created for " . implode(",", $mailaddress));
-        break;
-    default: // includes OPERATION_MODE_INVALID
-        $wrongcontent = print_r($_POST, TRUE);
-        echo "<pre>Wrong parameters in POST:
+            $federation = $validator->Federation($extinfo['country']);
+            $newcountry = $extinfo['country'];
+            // see if the inst name is defined in the currently set language; if not, pick its English name; if N/A, pick the last in the list
+            $prettyprintname = "";
+            foreach ($extinfo['names'] as $lang => $name) {
+                if ($lang == $languageInstance->getLang()) {
+                    $prettyprintname = $name;
+                }
+            }
+            if ($prettyprintname == "" && isset($extinfo['names']['en'])) {
+                $prettyprintname = $extinfo['names']['en'];
+            }
+            if ($prettyprintname == "") {
+                foreach ($extinfo['names'] as $name) {
+                    $prettyprintname = $name;
+                }
+            }
+            // TODO when we have access to the data
+            $participant_type = "IdPSP";
+            // fill the rest of the text
+            $introtext = "EXISTING-FED";
+            // do the token creation magic
+            $newtokens = $mgmt->createTokens(TRUE, $mailaddress, $prettyprintname, $newexternalid);
+            $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE  - Token created for " . implode(",", $mailaddress));
+            break;
+        default: // includes OPERATION_MODE_INVALID
+            $wrongcontent = print_r($_POST, TRUE);
+            echo "<pre>Wrong parameters in POST:
 " . htmlspecialchars($wrongcontent) . "
 </pre>";
-        exit(1);
+            exit(1);
 }
 
 // send, and invalidate the token immediately if the mail could not be sent!

Spacing +14 added lines, -14 removed lines

@@ -20,7 +20,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__DIR__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__DIR__)))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $auth->authenticate();
@@ -47,7 +47,7 @@ 
     $addressSegments = explode(",", $newmailaddress);
     $confirmedMails = [];
     if ($addressSegments === FALSE) {
-        header("Location: $redirect_destination" . "invitation=INVALIDSYNTAX");
+        header("Location: $redirect_destination"."invitation=INVALIDSYNTAX");
         exit;
     }
     foreach ($addressSegments as $oneAddressCandidate) {
@@ -57,7 +57,7 @@ 
         }
     }
     if (count($confirmedMails) == 0) {
-        header("Location: $redirect_destination" . "invitation=INVALIDSYNTAX");
+        header("Location: $redirect_destination"."invitation=INVALIDSYNTAX");
         exit;
     } else {
         return $confirmedMails;
@@ -104,7 +104,7 @@ 
         $idp = $validator->IdP($_GET['inst_id']);
         // editing IdPs is done from within the popup. When we're done, send the 
         // user back to the popup (append the result of the operation later)
-        $redirect_destination = "manageAdmins.inc.php?inst_id=" . $idp->identifier . "&";
+        $redirect_destination = "manageAdmins.inc.php?inst_id=".$idp->identifier."&";
         $mailaddress = abortOnBogusMail($newmailaddress, $redirect_destination);
         // is the user primary admin of this IdP?
         $is_owner = $idp->isPrimaryOwner($_SESSION['user']);
@@ -112,13 +112,13 @@ 
         $fedadmin = $userObject->isFederationAdmin($idp->federation);
         // check if he is either one, if not, complain
         if (!$is_owner && !$fedadmin) {
-            echo "<p>" . sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst) . "</p>";
+            echo "<p>".sprintf(_("Something's wrong... you are a %s admin, but not for the %s the requested %s belongs to!"), $uiElements->nomenclatureFed, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst)."</p>";
             exit(1);
         }
 
         $prettyprintname = $idp->name;
         $newtokens = $mgmt->createTokens($fedadmin, $mailaddress, $idp);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP " . $idp->identifier . " - Token created for " . implode(",", $mailaddress));
+        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP ".$idp->identifier." - Token created for ".implode(",", $mailaddress));
         $introtext = "CO-ADMIN";
         $participant_type = $idp->type;
         break;
@@ -131,7 +131,7 @@ 
         $participant_type = $validator->partType($_POST['participant_type']);
         $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($newcountry);
         if ($new_idp_authorized_fedadmin !== TRUE) {
-            throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
+            throw new Exception("Something's wrong... you want to create a new ".$uiElements->nomenclatureInst.", but are not a ".$uiElements->nomenclatureFed." admin for the ".$uiElements->nomenclatureFed." it should be in!");
         }
         $federation = $validator->Federation($newcountry);
         $prettyprintname = $newinstname;
@@ -139,7 +139,7 @@ 
         // send the user back to his federation overview page, append the result of the operation later
         // do the token creation magic
         $newtokens = $mgmt->createTokens(TRUE, $mailaddress, $newinstname, 0, $newcountry, $participant_type);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE  - Token created for $participant_type " . implode(",", $mailaddress));
+        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "ORG FUTURE  - Token created for $participant_type ".implode(",", $mailaddress));
         break;
     case OPERATION_MODE_NEWFROMDB:
         $redirect_destination = "../overview_federation.php?";
@@ -149,7 +149,7 @@ 
         $extinfo = $catInstance->getExternalDBEntityDetails($newexternalid);
         $new_idp_authorized_fedadmin = $userObject->isFederationAdmin($extinfo['country']);
         if ($new_idp_authorized_fedadmin !== TRUE) {
-            throw new Exception("Something's wrong... you want to create a new " . $uiElements->nomenclatureInst . ", but are not a " . $uiElements->nomenclatureFed . " admin for the " . $uiElements->nomenclatureFed . " it should be in!");
+            throw new Exception("Something's wrong... you want to create a new ".$uiElements->nomenclatureInst.", but are not a ".$uiElements->nomenclatureFed." admin for the ".$uiElements->nomenclatureFed." it should be in!");
         }
         $federation = $validator->Federation($extinfo['country']);
         $newcountry = $extinfo['country'];
@@ -174,12 +174,12 @@ 
         $introtext = "EXISTING-FED";
         // do the token creation magic
         $newtokens = $mgmt->createTokens(TRUE, $mailaddress, $prettyprintname, $newexternalid);
-        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE  - Token created for " . implode(",", $mailaddress));
+        $loggerInstance->writeAudit($_SESSION['user'], "NEW", "IdP FUTURE  - Token created for ".implode(",", $mailaddress));
         break;
     default: // includes OPERATION_MODE_INVALID
         $wrongcontent = print_r($_POST, TRUE);
         echo "<pre>Wrong parameters in POST:
-" . htmlspecialchars($wrongcontent) . "
+" . htmlspecialchars($wrongcontent)."
 </pre>";
         exit(1);
 }
@@ -204,14 +204,14 @@ 
 }
 
 if (count($status) == 0) {
-    header("Location: $redirect_destination" . "invitation=FAILURE");
+    header("Location: $redirect_destination"."invitation=FAILURE");
     exit;
 }
 $finalDestParams = "invitation=SUCCESS";
 if (count($status) < count($totalSegments)) { // only a subset of mails was sent, update status
     $finalDestParams = "invitation=PARTIAL";
 }
-$finalDestParams .= "&successcount=" . count($status);
+$finalDestParams .= "&successcount=".count($status);
 if ($allEncrypted === TRUE) {
     $finalDestParams .= "&transportsecurity=ENCRYPTED";
 } elseif ($allClear === TRUE) {
@@ -220,4 +220,4 @@ 
     $finalDestParams .= "&transportsecurity=PARTIAL";
 }
 
-header("Location: $redirect_destination" . $finalDestParams);
+header("Location: $redirect_destination".$finalDestParams);

web/admin/inc/manageNewInst.inc.php

Spacing +10 added lines, -10 removed lines

@@ -20,7 +20,7 @@ 
  */
 ?>
 <?php
-require_once dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php";
+require_once dirname(dirname(dirname(dirname(__FILE__))))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $uiElements = new \web\lib\admin\UIElements();
@@ -57,8 +57,8 @@ 
 <?php
 echo sprintf(_("On this page, you can add a new %s to your %s. Please fill out the form below to send out an email invitation to the new %s administrator."), $uiElements->nomenclatureInst, $uiElements->nomenclatureFed, $uiElements->nomenclatureInst);
 if (CONFIG['DB']['enforce-external-sync']) {
-    echo "<p>" . sprintf(_("You can either register a known %s (as defined in the %s database) or create a totally new %s."), $uiElements->nomenclatureInst, CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $uiElements->nomenclatureInst) . "</p>";
-    echo "<p>" . sprintf(_("The latter one is typically for an %s which is yet in a testing phase and therefore doesn't appear in the %s database yet."), $uiElements->nomenclatureInst, CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']) . "</p>";    
+    echo "<p>".sprintf(_("You can either register a known %s (as defined in the %s database) or create a totally new %s."), $uiElements->nomenclatureInst, CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'], $uiElements->nomenclatureInst)."</p>";
+    echo "<p>".sprintf(_("The latter one is typically for an %s which is yet in a testing phase and therefore doesn't appear in the %s database yet."), $uiElements->nomenclatureInst, CONFIG_CONFASSISTANT['CONSORTIUM']['display_name'])."</p>";    
 }
 ?>
 <hr/>
@@ -68,12 +68,12 @@ 
         <?php
         if (CONFIG['DB']['enforce-external-sync']) {
             echo "<tr><td>
-                <input type='radio' name='creation' value='existing'>" . sprintf(_("Existing %s:"), $uiElements->nomenclatureParticipant) . "</input>
+                <input type='radio' name='creation' value='existing'>" . sprintf(_("Existing %s:"), $uiElements->nomenclatureParticipant)."</input>
                      </td>";
 
             echo "<td colspan='4'>
                 <select id='externals' name='externals' onchange='document.sendinvite.creation[0].checked=true; document.sendinvite.mailaddr.value=this.options[this.selectedIndex].id;'>
-                    <option value='FREETEXT'>" . _("--- select IdP here ---") . "</option>";
+                    <option value='FREETEXT'>" . _("--- select IdP here ---")."</option>";
 
             foreach ($feds as $fed_value) {
                 $thefed = new \core\Federation(strtoupper($fed_value['value']));
@@ -82,7 +82,7 @@ 
                 $entities = $thefed->listExternalEntities(TRUE);
 
                 foreach ($entities as $v) {
-                    echo "<option id='" . $v['contactlist'] . "' value='" . $v['ID'] . "'>[" . $fed_value['value'] . "] " . $v['name'] . "</option>";
+                    echo "<option id='".$v['contactlist']."' value='".$v['ID']."'>[".$fed_value['value']."] ".$v['name']."</option>";
                 }
             }
 
@@ -91,16 +91,16 @@ 
         ?>
         <tr>
             <td>
-                <input type='radio' name='creation' value='new'><?php echo sprintf(_("New %s"),$uiElements->nomenclatureParticipant); ?></input>
+                <input type='radio' name='creation' value='new'><?php echo sprintf(_("New %s"), $uiElements->nomenclatureParticipant); ?></input>
             </td>
             <td>
                 <?php echo _("Name"); ?><input type='text' size='30' id='name' name='name' onchange='document.sendinvite.creation[1].checked = true'/>
             </td>
             <td>
                 <select name="participant_type">
-                    <option value="IdPSP" selected><?php printf(_("%s and %s"),$uiElements->nomenclatureInst, $uiElements->nomenclatureHotspot)?></option>
-                    <option value="IdP"><?php printf(_("%s"),$uiElements->nomenclatureInst)?></option>
-                    <option value="SP"><?php printf(_("%s"),$uiElements->nomenclatureHotspot)?></option>
+                    <option value="IdPSP" selected><?php printf(_("%s and %s"), $uiElements->nomenclatureInst, $uiElements->nomenclatureHotspot)?></option>
+                    <option value="IdP"><?php printf(_("%s"), $uiElements->nomenclatureInst)?></option>
+                    <option value="SP"><?php printf(_("%s"), $uiElements->nomenclatureHotspot)?></option>
                 </select>
             </td>
             <td><?php echo $uiElements->nomenclatureFed; ?>

web/admin/API.php

Switch Indentation +283 added lines, -283 removed lines

@@ -115,213 +115,213 @@ 
 }
 
 switch ($inputDecoded['ACTION']) {
-    case web\lib\admin\API::ACTION_NEWINST:
-        // create the inst, no admin, no attributes
-        $type = $validator->partType($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE));
-        $idp = new \core\IdP($fed->newIdP($type, "PENDING", "API"));
-        // now add all submitted attributes
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
-        $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_DELINST:
-        try {
-            $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $idp->destroy();
-        $adminApi->returnSuccess([]);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_LIST:
-        try {
-            $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $adminApi->returnSuccess($idp->listOwners());
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_ADD:
-        // IdP in question
-        try {
-            $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        // here is the token
-        $mgmt = new core\UserManagement();
-        // we know we have an admin ID but scrutinizer wants this checked more explicitly
-        $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($admin === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
-        $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
-        // done with the essentials - display in response. But if we also have an email address, send it there
-        $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
-        if ($email !== FALSE) {
-            $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
-            $success["EMAIL SENT"] = $sent["SENT"];
-            if ($sent["SENT"] === TRUE) {
-                $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
-            }
-        }
-        $adminApi->returnSuccess($success);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_DEL:
-        // IdP in question
-        try {
-            $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $currentAdmins = $idp->listOwners();
-        $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($toBeDeleted === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $found = FALSE;
-        foreach ($currentAdmins as $oneAdmin) {
-            if ($oneAdmin['MAIL'] == $toBeDeleted) {
-                $found = TRUE;
-                $mgmt = new core\UserManagement();
-                $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+        case web\lib\admin\API::ACTION_NEWINST:
+            // create the inst, no admin, no attributes
+            $type = $validator->partType($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE));
+            $idp = new \core\IdP($fed->newIdP($type, "PENDING", "API"));
+            // now add all submitted attributes
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
+            $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
+            break;
+        case web\lib\admin\API::ACTION_DELINST:
+            try {
+                $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
             }
-        }
-        if ($found) {
+            $idp->destroy();
             $adminApi->returnSuccess([]);
-        }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
-        break;
-    case web\lib\admin\API::ACTION_STATISTICS_FED:
-        $adminApi->returnSuccess($fed->downloadStats("array"));
-        break;
-    case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
-    // fall-through intended: both get mostly identical treatment
-    case web\lib\admin\API::ACTION_NEWPROF_SB:
-        try {
-            $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
-            $type = "RADIUS";
-        } else {
-            $type = "SILVERBULLET";
-        }
-        $profile = $idp->newProfile($type);
-        if ($profile === NULL) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
-            exit(1);
-        }
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
-            // auto-accept ToU?
-            if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
-                $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
-            }
-            // we're done at this point
-            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
-            continue;
-        }
-        if (!$profile instanceof core\ProfileRADIUS) {
-            throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
-        }
-        /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
-          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
-        $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
-        $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
-        if ($realm !== FALSE) {
-            if ($outer === FALSE) {
-                $outer = "";
-                $profile->setAnonymousIDSupport(FALSE);
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_LIST:
+            try {
+                $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            $adminApi->returnSuccess($idp->listOwners());
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_ADD:
+            // IdP in question
+            try {
+                $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            // here is the token
+            $mgmt = new core\UserManagement();
+            // we know we have an admin ID but scrutinizer wants this checked more explicitly
+            $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($admin === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            }
+            $newtokens = $mgmt->createTokens(true, [$admin], $idp);
+            $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+            $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
+            // done with the essentials - display in response. But if we also have an email address, send it there
+            $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
+            if ($email !== FALSE) {
+                $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
+                $success["EMAIL SENT"] = $sent["SENT"];
+                if ($sent["SENT"] === TRUE) {
+                    $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
+                }
+            }
+            $adminApi->returnSuccess($success);
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_DEL:
+            // IdP in question
+            try {
+                $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            $currentAdmins = $idp->listOwners();
+            $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($toBeDeleted === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            }
+            $found = FALSE;
+            foreach ($currentAdmins as $oneAdmin) {
+                if ($oneAdmin['MAIL'] == $toBeDeleted) {
+                    $found = TRUE;
+                    $mgmt = new core\UserManagement();
+                    $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+                }
+            }
+            if ($found) {
+                $adminApi->returnSuccess([]);
+            }
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+            break;
+        case web\lib\admin\API::ACTION_STATISTICS_FED:
+            $adminApi->returnSuccess($fed->downloadStats("array"));
+            break;
+        case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
+        // fall-through intended: both get mostly identical treatment
+        case web\lib\admin\API::ACTION_NEWPROF_SB:
+            try {
+                $idp = $validator->IdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID));
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
+                $type = "RADIUS";
             } else {
-                $outer = $outer . "@";
-                $profile->setAnonymousIDSupport(TRUE);
+                $type = "SILVERBULLET";
             }
-            $profile->setRealm($outer . $realm);
-        }
-        /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
-        $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
-        if ($testuser !== FALSE) {
-            $profile->setRealmCheckUser(TRUE, $testuser);
-        }
-        /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
+            $profile = $idp->newProfile($type);
+            if ($profile === NULL) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
+                exit(1);
+            }
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
+                // auto-accept ToU?
+                if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
+                    $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
+                }
+                // we're done at this point
+                $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+                continue;
+            }
+            if (!$profile instanceof core\ProfileRADIUS) {
+                throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
+            }
+            /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
+          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
+            $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
+            $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
+            if ($realm !== FALSE) {
+                if ($outer === FALSE) {
+                    $outer = "";
+                    $profile->setAnonymousIDSupport(FALSE);
+                } else {
+                    $outer = $outer . "@";
+                    $profile->setAnonymousIDSupport(TRUE);
+                }
+                $profile->setRealm($outer . $realm);
+            }
+            /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
+            $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
+            if ($testuser !== FALSE) {
+                $profile->setRealmCheckUser(TRUE, $testuser);
+            }
+            /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
           const AUXATTRIB_PROFILE_INPUT_VERIFY = 'ATTRIB-PROFILE-VERIFYREALM'; */
-        $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
-        $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
-        if ($enforce !== FALSE) {
-            $profile->setInputVerificationPreference($enforce, $hint);
-        }
-        /* const AUXATTRIB_PROFILE_EAPTYPE */
-        $iterator = 1;
-        foreach ($scrubbedParameters as $oneParam) {
-            if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
-                $type = new \core\common\EAP($oneParam["VALUE"]);
-                $profile->addSupportedEapMethod($type, $iterator);
-                $iterator = $iterator + 1;
+            $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
+            $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
+            if ($enforce !== FALSE) {
+                $profile->setInputVerificationPreference($enforce, $hint);
             }
-        }
-        // reinstantiate $profile freshly from DB - it was updated in the process
-        $profileFresh = new core\ProfileRADIUS($profile->identifier);
-        $profileFresh->prepShowtime();
-        $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_ENDUSER_NEW:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
-        $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
-        if ($expiryRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
-            exit(1);
-        }
-        $expiry = new DateTime($expiryRaw);
-        try {
-            $retval = $profile->addUser($user, $expiry);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed. Maybe a duplicate username, or malformed expiry date?");
-            exit(1);
-        }
-        if ($retval == 0) {// that didn't work, it seems
-            $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed subtly. Contact the administrators.");
-            exit(1);
-        }
-        $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $user, \web\lib\admin\API::AUXATTRIB_SB_USERID => $retval]);
-        break;
-    case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
-    // fall-through intended: both actions are very similar
-    case \web\lib\admin\API::ACTION_TOKEN_NEW:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
-        if ($userId === FALSE) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
-            exit(1);
-        }
-        $additionalInfo = [];
-        switch ($inputDecoded['ACTION']) { // this is where the two differ
+            /* const AUXATTRIB_PROFILE_EAPTYPE */
+            $iterator = 1;
+            foreach ($scrubbedParameters as $oneParam) {
+                if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
+                    $type = new \core\common\EAP($oneParam["VALUE"]);
+                    $profile->addSupportedEapMethod($type, $iterator);
+                    $iterator = $iterator + 1;
+                }
+            }
+            // reinstantiate $profile freshly from DB - it was updated in the process
+            $profileFresh = new core\ProfileRADIUS($profile->identifier);
+            $profileFresh->prepShowtime();
+            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
+            break;
+        case web\lib\admin\API::ACTION_ENDUSER_NEW:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
+            $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
+            if ($expiryRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+                exit(1);
+            }
+            $expiry = new DateTime($expiryRaw);
+            try {
+                $retval = $profile->addUser($user, $expiry);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed. Maybe a duplicate username, or malformed expiry date?");
+                exit(1);
+            }
+            if ($retval == 0) {// that didn't work, it seems
+                $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed subtly. Contact the administrators.");
+                exit(1);
+            }
+            $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $user, \web\lib\admin\API::AUXATTRIB_SB_USERID => $retval]);
+            break;
+        case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
+        // fall-through intended: both actions are very similar
+        case \web\lib\admin\API::ACTION_TOKEN_NEW:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
+            if ($userId === FALSE) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
+                exit(1);
+            }
+            $additionalInfo = [];
+            switch ($inputDecoded['ACTION']) { // this is where the two differ
             case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
                 $result = $profile->deactivateUser($userId);
                 break;
@@ -354,7 +354,7 @@ 
                     }
                 }
                 break;
-        }
+            }
 
         if ($result !== TRUE) {
             $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "These parameters did not lead to an existing, active user.");
@@ -362,21 +362,21 @@ 
         }
         $adminApi->returnSuccess($additionalInfo);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_LIST:
-    // fall-through: those two are similar
-    case \web\lib\admin\API::ACTION_TOKEN_LIST:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $allUsers = $profile->listAllUsers();
-        // this is where they differ
-        switch ($inputDecoded['ACTION']) {
+        case \web\lib\admin\API::ACTION_ENDUSER_LIST:
+        // fall-through: those two are similar
+        case \web\lib\admin\API::ACTION_TOKEN_LIST:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $allUsers = $profile->listAllUsers();
+            // this is where they differ
+            switch ($inputDecoded['ACTION']) {
             case \web\lib\admin\API::ACTION_ENDUSER_LIST:
                 $adminApi->returnSuccess($allUsers);
                 break;
@@ -395,71 +395,71 @@ 
                     $infoSet[$oneTokenObject->userId] = [\web\lib\admin\API::AUXATTRIB_TOKEN => $oneTokenObject->invitationTokenString, "STATUS" => $oneTokenObject->invitationTokenStatus];
                 }
                 $adminApi->returnSuccess($infoSet);
-        }
-        break;
-    case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
-        $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
-        if ($tokenRaw === FALSE) {
-            exit(1);
-        }
-        $token = new core\SilverbulletInvitation($tokenRaw);
-        if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
-            exit(1);
-        }
-        $token->revokeInvitation();
-        $adminApi->returnSuccess([]);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_LIST:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        if ($prof_id === FALSE || !is_int($user_id)) {
-            exit(1);
-        }
-        $evaluation = commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $invitations = $profile->userStatus($user_id);
-        // now pull out cert information from the object
-        $certs = [];
-        foreach ($invitations as $oneInvitation) {
-            $certs = array_merge($certs, $oneInvitation->associatedCertificates);
-        }
-        // extract relevant subset of information from cert objects
-        $certDetails = [];
-        foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username];
-        }
-        $adminApi->returnSuccess($certDetails);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_REVOKE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $cert->revokeCertificate();
-        $adminApi->returnSuccess([]);
+            }
         break;
-    default:
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
+        case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
+            $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
+            if ($tokenRaw === FALSE) {
+                exit(1);
+            }
+            $token = new core\SilverbulletInvitation($tokenRaw);
+            if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
+                exit(1);
+            }
+            $token->revokeInvitation();
+            $adminApi->returnSuccess([]);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_LIST:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            if ($prof_id === FALSE || !is_int($user_id)) {
+                exit(1);
+            }
+            $evaluation = commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $invitations = $profile->userStatus($user_id);
+            // now pull out cert information from the object
+            $certs = [];
+            foreach ($invitations as $oneInvitation) {
+                $certs = array_merge($certs, $oneInvitation->associatedCertificates);
+            }
+            // extract relevant subset of information from cert objects
+            $certDetails = [];
+            foreach ($certs as $cert) {
+                $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username];
+            }
+            $adminApi->returnSuccess($certDetails);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_REVOKE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $cert->revokeCertificate();
+            $adminApi->returnSuccess([]);
+            break;
+        default:
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
 }
\ No newline at end of file

web/admin/action_enrollment.php

Spacing +8 added lines, -8 removed lines

@@ -30,7 +30,7 @@ 
 ?>
 <?php
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 $auth = new \web\lib\admin\Authentication();
 $deco = new \web\lib\admin\PageDecoration();
@@ -70,22 +70,22 @@ 
         $federation = CONFIG_CONFASSISTANT['CONSORTIUM']['selfservice_registration'];
         break;
     default:
-        $token = $validator->token(filter_input(INPUT_GET,'token',FILTER_SANITIZE_STRING));
+        $token = $validator->token(filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING));
         $checkval = $usermgmt->checkTokenValidity($token);
 }
 
 if ($checkval < 0) {
     echo $deco->pageheader(_("Error creating new IdP binding!"), "ADMIN-IDP");
-    echo "<h1>" . _("Error creating new IdP binding!") . "</h1>";
+    echo "<h1>"._("Error creating new IdP binding!")."</h1>";
     switch ($checkval) {
         case \core\UserManagement::TOKENSTATUS_FAIL_ALREADYCONSUMED:
-            echo "<p>" . sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureInst) . "</p>";
+            echo "<p>".sprintf(_("Sorry... this token has already been used. The %s is already created. If you got the invitation from a mailing list, probably someone else used it before you."), $elements->nomenclatureInst)."</p>";
             break;
         case \core\UserManagement::TOKENSTATUS_FAIL_EXPIRED:
-            echo "<p>" . sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed) . "</p>";
+            echo "<p>".sprintf(_("Sorry... this token has expired. Invitation tokens are valid for 24 hours. The %s administrator can create a new one for you."), $elements->nomenclatureFed)."</p>";
             break;
         default:
-            echo "<p>" . _("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.") . "</p>";
+            echo "<p>"._("Sorry... you have come to the enrollment page without a valid token. Are you a nasty person? If not, you should go to <a href='overview_user.php'>your profile page</a> instead.")."</p>";
     }
     echo $deco->footer();
     throw new Exception("Terminating because something is wrong with the token we received.");
@@ -100,12 +100,12 @@ 
     case "SELF-REGISTER":
         $fed = new \core\Federation($federation);
         $newidp = new \core\IdP($fed->newIdP(core\IdP::TYPE_IDPSP, $user, "FED", "SELFSERVICE"));
-        $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - selfservice registration");
+        $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - selfservice registration");
         break;
     default:
         $newidp = $usermgmt->createIdPFromToken($token, $user);
         $usermgmt->invalidateToken($token);
-        $loggerInstance->writeAudit($user, "MOD", "IdP " . $newidp->identifier . " - Token used and invalidated");
+        $loggerInstance->writeAudit($user, "MOD", "IdP ".$newidp->identifier." - Token used and invalidated");
         break;
 }
 

core/common/OutsideComm.php

Spacing +19 added lines, -19 removed lines

@@ -117,7 +117,7 @@ 
             $loggerInstance->debug(4, "OutsideComm::mailAddressValidSecure: no MX.");
             return OutsideComm::MAILDOMAIN_NO_MX;
         }
-        $loggerInstance->debug(5, "Domain: $domain MX: " . print_r($mx, TRUE));
+        $loggerInstance->debug(5, "Domain: $domain MX: ".print_r($mx, TRUE));
         // create a pool of A and AAAA records for all the MXes
         $ipAddrs = [];
         foreach ($mx as $onemx) {
@@ -127,14 +127,14 @@ 
                 $ipAddrs[] = $oneipv4['ip'];
             }
             foreach ($v6list as $oneipv6) {
-                $ipAddrs[] = "[" . $oneipv6['ipv6'] . "]";
+                $ipAddrs[] = "[".$oneipv6['ipv6']."]";
             }
         }
         if (count($ipAddrs) == 0) {
             $loggerInstance->debug(4, "OutsideComm::mailAddressValidSecure: no mailserver hosts.");
             return OutsideComm::MAILDOMAIN_NO_HOST;
         }
-        $loggerInstance->debug(5, "Domain: $domain Addrs: " . print_r($ipAddrs, TRUE));
+        $loggerInstance->debug(5, "Domain: $domain Addrs: ".print_r($ipAddrs, TRUE));
         // connect to all hosts. If all can't connect, return MAILDOMAIN_NO_CONNECT. 
         // If at least one does not support STARTTLS or one of the hosts doesn't connect
         // , return MAILDOMAIN_NO_STARTTLS (one which we can't connect to we also
@@ -186,7 +186,7 @@ 
         switch (CONFIG_CONFASSISTANT['SMSSETTINGS']['provider']) {
             case 'Nexmo':
                 // taken from https://docs.nexmo.com/messaging/sms-api
-                $url = 'https://rest.nexmo.com/sms/json?' . http_build_query(
+                $url = 'https://rest.nexmo.com/sms/json?'.http_build_query(
                                 [
                                     'api_key' => CONFIG_CONFASSISTANT['SMSSETTINGS']['username'],
                                     'api_secret' => CONFIG_CONFASSISTANT['SMSSETTINGS']['password'],
@@ -208,14 +208,14 @@ 
                     $loggerInstance->debug(2, 'Problem with SMS invitation: no message was sent!');
                     return OutsideComm::SMS_NOTSENT;
                 }
-                $loggerInstance->debug(2, 'Total of ' . $messageCount . ' messages were attempted to send.');
+                $loggerInstance->debug(2, 'Total of '.$messageCount.' messages were attempted to send.');
 
                 $totalFailures = 0;
                 foreach ($decoded_response['messages'] as $message) {
                     if ($message['status'] == 0) {
-                        $loggerInstance->debug(2, $message['message-id'] . ": Success");
+                        $loggerInstance->debug(2, $message['message-id'].": Success");
                     } else {
-                        $loggerInstance->debug(2, $message['message-id'] . ": Failed (failure code = " . $message['status'] . ")");
+                        $loggerInstance->debug(2, $message['message-id'].": Failed (failure code = ".$message['status'].")");
                         $totalFailures++;
                     }
                 }
@@ -282,7 +282,7 @@ 
             $proto = "https://";
         }
         // then, send out the mail
-        $message = _("Hello,") . "\n\n" . wordwrap($introTexts[$introtext] . " " . $validity, 72) . "\n\n";
+        $message = _("Hello,")."\n\n".wordwrap($introTexts[$introtext]." ".$validity, 72)."\n\n";
         // default means we don't have a Reply-To.
         $replyToMessage = wordwrap(_("manually. Please do not reply to this mail; this is a send-only address."));
 
@@ -290,8 +290,8 @@ 
             // see if we are supposed to add a custom message
             $customtext = $federation->getAttributes('fed:custominvite');
             if (count($customtext) > 0) {
-                $message .= wordwrap(sprintf(_("Additional message from your %s administrator:"), Entity::$nomenclature_fed), 72) . "\n---------------------------------" .
-                        wordwrap($customtext[0]['value'], 72) . "\n---------------------------------\n\n";
+                $message .= wordwrap(sprintf(_("Additional message from your %s administrator:"), Entity::$nomenclature_fed), 72)."\n---------------------------------".
+                        wordwrap($customtext[0]['value'], 72)."\n---------------------------------\n\n";
             }
             // and add Reply-To already now
             foreach ($federation->listFederationAdmins() as $fedadmin_id) {
@@ -306,19 +306,19 @@ 
             }
         }
 
-        $message .= wordwrap(sprintf(_("To enlist as an administrator for that %s, please click on the following link:"), Entity::$nomenclature_participant), 72) . "\n\n" .
-                $proto . $_SERVER['SERVER_NAME'] . CONFIG['PATHS']['cat_base_url'] . "admin/action_enrollment.php?token=$newtoken\n\n" .
-                wordwrap(sprintf(_("If clicking the link doesn't work, you can also go to the %s Administrator Interface at"), CONFIG['APPEARANCE']['productname']), 72) . "\n\n" .
-                $proto . $_SERVER['SERVER_NAME'] . CONFIG['PATHS']['cat_base_url'] . "admin/\n\n" .
-                _("and enter the invitation token") . "\n\n" .
-                $newtoken . "\n\n$replyToMessage\n\n" .
-                wordwrap(_("Do NOT forward the mail before the token has expired - or the recipients may be able to consume the token on your behalf!"), 72) . "\n\n" .
-                wordwrap(sprintf(_("We wish you a lot of fun with the %s."), CONFIG['APPEARANCE']['productname']), 72) . "\n\n" .
+        $message .= wordwrap(sprintf(_("To enlist as an administrator for that %s, please click on the following link:"), Entity::$nomenclature_participant), 72)."\n\n".
+                $proto.$_SERVER['SERVER_NAME'].CONFIG['PATHS']['cat_base_url']."admin/action_enrollment.php?token=$newtoken\n\n".
+                wordwrap(sprintf(_("If clicking the link doesn't work, you can also go to the %s Administrator Interface at"), CONFIG['APPEARANCE']['productname']), 72)."\n\n".
+                $proto.$_SERVER['SERVER_NAME'].CONFIG['PATHS']['cat_base_url']."admin/\n\n".
+                _("and enter the invitation token")."\n\n".
+                $newtoken."\n\n$replyToMessage\n\n".
+                wordwrap(_("Do NOT forward the mail before the token has expired - or the recipients may be able to consume the token on your behalf!"), 72)."\n\n".
+                wordwrap(sprintf(_("We wish you a lot of fun with the %s."), CONFIG['APPEARANCE']['productname']), 72)."\n\n".
                 sprintf(_("Sincerely,\n\nYour friendly folks from %s Operations"), CONFIG_CONFASSISTANT['CONSORTIUM']['display_name']);
 
 
 // who to whom?
-        $mail->FromName = CONFIG['APPEARANCE']['productname'] . " Invitation System";
+        $mail->FromName = CONFIG['APPEARANCE']['productname']." Invitation System";
 
         if (isset(CONFIG['APPEARANCE']['invitation-bcc-mail']) && CONFIG['APPEARANCE']['invitation-bcc-mail'] !== NULL) {
             $mail->addBCC(CONFIG['APPEARANCE']['invitation-bcc-mail']);