GEANT / CAT

web/admin/API.php

Switch Indentation +412 added lines, -412 removed lines

@@ -84,149 +84,149 @@ 
 }
 
 switch ($inputDecoded['ACTION']) {
-    case web\lib\admin\API::ACTION_NEWINST:
-        // create the inst, no admin, no attributes
-        $typeRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE);
-        if ($typeRaw === FALSE) {
-            throw new Exception("We did not receive a valid participant type!");
-        }
-        $type = $validator->partType($typeRaw);
-        $idp = new \core\IdP($fed->newIdP($type, "PENDING", "API"));
-        // now add all submitted attributes
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
-        $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_DELINST:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $idp->destroy();
-        $adminApi->returnSuccess([]);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_LIST:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $adminApi->returnSuccess($idp->listOwners());
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_ADD:
-        // IdP in question
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        // here is the token
-        $mgmt = new core\UserManagement();
-        // we know we have an admin ID but scrutinizer wants this checked more explicitly
-        $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($admin === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
-        $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
-        // done with the essentials - display in response. But if we also have an email address, send it there
-        $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
-        if ($email !== FALSE) {
-            $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
-            $success["EMAIL SENT"] = $sent["SENT"];
-            if ($sent["SENT"] === TRUE) {
-                $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
+        case web\lib\admin\API::ACTION_NEWINST:
+            // create the inst, no admin, no attributes
+            $typeRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_INSTTYPE);
+            if ($typeRaw === FALSE) {
+                throw new Exception("We did not receive a valid participant type!");
             }
-        }
-        $adminApi->returnSuccess($success);
-        break;
-    case web\lib\admin\API::ACTION_ADMIN_DEL:
-        // IdP in question
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        $currentAdmins = $idp->listOwners();
-        $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
-        if ($toBeDeleted === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        }
-        $found = FALSE;
-        foreach ($currentAdmins as $oneAdmin) {
-            if ($oneAdmin['MAIL'] == $toBeDeleted) {
-                $found = TRUE;
-                $mgmt = new core\UserManagement();
-                $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+            $type = $validator->partType($typeRaw);
+            $idp = new \core\IdP($fed->newIdP($type, "PENDING", "API"));
+            // now add all submitted attributes
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($idp, $inputs["POST"], $inputs["FILES"]);
+            $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_CAT_INST_ID => $idp->identifier]);
+            break;
+        case web\lib\admin\API::ACTION_DELINST:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
             }
-        }
-        if ($found) {
+            $idp->destroy();
             $adminApi->returnSuccess([]);
-        }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
-        break;
-    case web\lib\admin\API::ACTION_STATISTICS_FED:
-        $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
-        $adminApi->returnSuccess($fed->downloadStats("array", $detail));
-        break;
-    case \web\lib\admin\API::ACTION_FEDERATION_LISTIDP:
-        $retArray = [];
-        $noLogo = null;
-        $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
-        $logoFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_NOLOGO);
-        $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
-        $idpStatFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_ADD_STATS);
-        if ($logoFlag === "TRUE") {
-            $noLogo = 'general:logo_file';
-        }
-        if ($idpIdentifier === FALSE) {
-            $allIdPs = $fed->listIdentityProviders(0);
-            if ($idpStatFlag === "TRUE") {
-                $fedStats = $fed->downloadStats('array', $detail);
-            }
-            foreach ($allIdPs as $instanceId => $oneIdP) {
-                $theIdP = $oneIdP["instance"];
-                $retArray[$instanceId] = $theIdP->getAttributes(null, $noLogo);
-                if ($idpStatFlag === "TRUE") {
-                    $retArray[$instanceId]['STAT'] = $fedStats[$instanceId];
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_LIST:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            $adminApi->returnSuccess($idp->listOwners());
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_ADD:
+            // IdP in question
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            // here is the token
+            $mgmt = new core\UserManagement();
+            // we know we have an admin ID but scrutinizer wants this checked more explicitly
+            $admin = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($admin === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            }
+            $newtokens = $mgmt->createTokens(true, [$admin], $idp);
+            $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+            $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
+            // done with the essentials - display in response. But if we also have an email address, send it there
+            $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
+            if ($email !== FALSE) {
+                $sent = \core\common\OutsideComm::adminInvitationMail($email, "EXISTING-FED", array_keys($newtokens)[0], $idp->name, $fed, $idp->type);
+                $success["EMAIL SENT"] = $sent["SENT"];
+                if ($sent["SENT"] === TRUE) {
+                    $success["EMAIL TRANSPORT SECURE"] = $sent["TRANSPORT"];
                 }
             }
-        } else {
+            $adminApi->returnSuccess($success);
+            break;
+        case web\lib\admin\API::ACTION_ADMIN_DEL:
+            // IdP in question
             try {
-                $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
             } catch (Exception $e) {
                 $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
                 exit(1);
             }
-            $retArray[$idpIdentifier] = $thisIdP->getAttributes(null, $noLogo);
-            foreach ($thisIdP->listProfiles() as $oneProfile) {
-                $retArray[$idpIdentifier]["PROFILES"][$oneProfile->identifier] = $oneProfile->getAttributes(null, $noLogo);
+            $currentAdmins = $idp->listOwners();
+            $toBeDeleted = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_ADMINID);
+            if ($toBeDeleted === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
             }
-        }
-        foreach ($retArray as $instNumber => $oneInstData) {
-            foreach ($oneInstData as $attribNumber => $oneAttrib) {
-                if ($oneAttrib['name'] == "general:logo_file") {
-                    // JSON doesn't cope well with raw binary data, so b64 it
-                    $retArray[$instNumber][$attribNumber]['value'] = base64_encode($oneAttrib['value']);
+            $found = FALSE;
+            foreach ($currentAdmins as $oneAdmin) {
+                if ($oneAdmin['MAIL'] == $toBeDeleted) {
+                    $found = TRUE;
+                    $mgmt = new core\UserManagement();
+                    $mgmt->removeAdminFromIdP($idp, $oneAdmin['ID']);
+                }
+            }
+            if ($found) {
+                $adminApi->returnSuccess([]);
+            }
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+            break;
+        case web\lib\admin\API::ACTION_STATISTICS_FED:
+            $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
+            $adminApi->returnSuccess($fed->downloadStats("array", $detail));
+            break;
+        case \web\lib\admin\API::ACTION_FEDERATION_LISTIDP:
+            $retArray = [];
+            $noLogo = null;
+            $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
+            $logoFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_NOLOGO);
+            $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
+            $idpStatFlag = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::FLAG_ADD_STATS);
+            if ($logoFlag === "TRUE") {
+                $noLogo = 'general:logo_file';
+            }
+            if ($idpIdentifier === FALSE) {
+                $allIdPs = $fed->listIdentityProviders(0);
+                if ($idpStatFlag === "TRUE") {
+                    $fedStats = $fed->downloadStats('array', $detail);
                 }
-                if ($attribNumber == "PROFILES") {
-                    // scan for included fed:logo_file and b64 escape it, t2oo
-                    foreach ($oneAttrib as $profileNumber => $profileContent) {
-                            foreach ($profileContent as $oneProfileIterator => $oneProfileContent) {
-                                    if ($oneProfileContent['name'] == "fed:logo_file" || $oneProfileContent['name'] == "general:logo_file" || $oneProfileContent['name'] == "eap:ca_file") {
-                                            $retArray[$instNumber]["PROFILES"][$profileNumber][$oneProfileIterator]['value'] = base64_encode($oneProfileContent['value']);
-                                    }
-                            }
+                foreach ($allIdPs as $instanceId => $oneIdP) {
+                    $theIdP = $oneIdP["instance"];
+                    $retArray[$instanceId] = $theIdP->getAttributes(null, $noLogo);
+                    if ($idpStatFlag === "TRUE") {
+                        $retArray[$instanceId]['STAT'] = $fedStats[$instanceId];
+                    }
+                }
+            } else {
+                try {
+                    $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                } catch (Exception $e) {
+                    $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                    exit(1);
+                }
+                $retArray[$idpIdentifier] = $thisIdP->getAttributes(null, $noLogo);
+                foreach ($thisIdP->listProfiles() as $oneProfile) {
+                    $retArray[$idpIdentifier]["PROFILES"][$oneProfile->identifier] = $oneProfile->getAttributes(null, $noLogo);
+                }
+            }
+            foreach ($retArray as $instNumber => $oneInstData) {
+                foreach ($oneInstData as $attribNumber => $oneAttrib) {
+                    if ($oneAttrib['name'] == "general:logo_file") {
+                        // JSON doesn't cope well with raw binary data, so b64 it
+                        $retArray[$instNumber][$attribNumber]['value'] = base64_encode($oneAttrib['value']);
+                    }
+                    if ($attribNumber == "PROFILES") {
+                        // scan for included fed:logo_file and b64 escape it, t2oo
+                        foreach ($oneAttrib as $profileNumber => $profileContent) {
+                                foreach ($profileContent as $oneProfileIterator => $oneProfileContent) {
+                                        if ($oneProfileContent['name'] == "fed:logo_file" || $oneProfileContent['name'] == "general:logo_file" || $oneProfileContent['name'] == "eap:ca_file") {
+                                                $retArray[$instNumber]["PROFILES"][$profileNumber][$oneProfileIterator]['value'] = base64_encode($oneProfileContent['value']);
+                                        }
+                                }
+                        }
                     }
                 }
             }
-        }
         
 /*        
                     $retArray[$idpIdentifier] = [];
@@ -237,102 +237,102 @@ 
  * 
  */        
         
-        $adminApi->returnSuccess($retArray);
-        break;
-    case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
-    // fall-through intended: both get mostly identical treatment
-    case web\lib\admin\API::ACTION_NEWPROF_SB:
-        try {
-            $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
-        } catch (Exception $e) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
-            exit(1);
-        }
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
-            $type = "RADIUS";
-        } else {
-            $type = "SILVERBULLET";
-        }
-        $profile = $idp->newProfile($type);
-        if ($profile === NULL) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
-            exit(1);
-        }
-        $inputs = $adminApi->uglify($scrubbedParameters);
-        $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
-        if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
-            // auto-accept ToU?
-            if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
-                $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
-            }
-            // we're done at this point
-            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+            $adminApi->returnSuccess($retArray);
             break;
-        }
-        if (!$profile instanceof core\ProfileRADIUS) {
-            throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
-        }
-        /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
-          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
-        $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
-        $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
-        if ($realm !== FALSE) {
-            if ($outer === FALSE) {
-                $outer = "";
-                $profile->setAnonymousIDSupport(FALSE);
+        case \web\lib\admin\API::ACTION_NEWPROF_RADIUS:
+        // fall-through intended: both get mostly identical treatment
+        case web\lib\admin\API::ACTION_NEWPROF_SB:
+            try {
+                $idp = $validator->existingIdP($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID), NULL, $fed);
+            } catch (Exception $e) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                exit(1);
+            }
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_RADIUS) {
+                $type = "RADIUS";
             } else {
-                $outer = $outer . "@";
-                $profile->setAnonymousIDSupport(TRUE);
+                $type = "SILVERBULLET";
             }
-            $profile->setRealm($outer . $realm);
-        }
-        /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
-        $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
-        if ($testuser !== FALSE) {
-            $profile->setRealmCheckUser(TRUE, $testuser);
-        }
-        /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
+            $profile = $idp->newProfile($type);
+            if ($profile === NULL) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INTERNAL_ERROR, "Unable to create a new Profile, for no apparent reason. Please contact support.");
+                exit(1);
+            }
+            $inputs = $adminApi->uglify($scrubbedParameters);
+            $optionParser->processSubmittedFields($profile, $inputs["POST"], $inputs["FILES"]);
+            if ($inputDecoded['ACTION'] == web\lib\admin\API::ACTION_NEWPROF_SB) {
+                // auto-accept ToU?
+                if ($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_TOU) !== FALSE) {
+                    $profile->addAttribute("hiddenprofile:tou_accepted", NULL, 1);
+                }
+                // we're done at this point
+                $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profile->identifier]);
+                break;
+            }
+            if (!$profile instanceof core\ProfileRADIUS) {
+                throw new Exception("Can't be. This is only here to convince Scrutinizer that we're really talking RADIUS.");
+            }
+            /* const AUXATTRIB_PROFILE_REALM = 'ATTRIB-PROFILE-REALM';
+          const AUXATTRIB_PROFILE_OUTERVALUE = 'ATTRIB-PROFILE-OUTERVALUE'; */
+            $realm = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_REALM);
+            $outer = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_OUTERVALUE);
+            if ($realm !== FALSE) {
+                if ($outer === FALSE) {
+                    $outer = "";
+                    $profile->setAnonymousIDSupport(FALSE);
+                } else {
+                    $outer = $outer . "@";
+                    $profile->setAnonymousIDSupport(TRUE);
+                }
+                $profile->setRealm($outer . $realm);
+            }
+            /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
+            $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
+            if ($testuser !== FALSE) {
+                $profile->setRealmCheckUser(TRUE, $testuser);
+            }
+            /* const AUXATTRIB_PROFILE_INPUT_HINT = 'ATTRIB-PROFILE-HINTREALM';
           const AUXATTRIB_PROFILE_INPUT_VERIFY = 'ATTRIB-PROFILE-VERIFYREALM'; */
-        $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
-        $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
-        if ($enforce !== FALSE) {
-            $profile->setInputVerificationPreference($enforce, $hint);
-        }
-        /* const AUXATTRIB_PROFILE_EAPTYPE */
-        $iterator = 1;
-        foreach ($scrubbedParameters as $oneParam) {
-            if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
-                $type = new \core\common\EAP($oneParam["VALUE"]);
-                $profile->addSupportedEapMethod($type, $iterator);
-                $iterator = $iterator + 1;
+            $hint = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_HINT);
+            $enforce = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_INPUT_VERIFY);
+            if ($enforce !== FALSE) {
+                $profile->setInputVerificationPreference($enforce, $hint);
             }
-        }
-        // reinstantiate $profile freshly from DB - it was updated in the process
-        $profileFresh = new core\ProfileRADIUS($profile->identifier);
-        $profileFresh->prepShowtime();
-        $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
-        break;
-    case web\lib\admin\API::ACTION_ENDUSER_NEW:
-    // fall-through intentional, those two actions are doing nearly identical things
-    case web\lib\admin\API::ACTION_ENDUSER_CHANGEEXPIRY:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
-        $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
-        if ($expiryRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+            /* const AUXATTRIB_PROFILE_EAPTYPE */
+            $iterator = 1;
+            foreach ($scrubbedParameters as $oneParam) {
+                if ($oneParam['NAME'] == web\lib\admin\API::AUXATTRIB_PROFILE_EAPTYPE && is_int($oneParam["VALUE"])) {
+                    $type = new \core\common\EAP($oneParam["VALUE"]);
+                    $profile->addSupportedEapMethod($type, $iterator);
+                    $iterator = $iterator + 1;
+                }
+            }
+            // reinstantiate $profile freshly from DB - it was updated in the process
+            $profileFresh = new core\ProfileRADIUS($profile->identifier);
+            $profileFresh->prepShowtime();
+            $adminApi->returnSuccess([\web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID => $profileFresh->identifier]);
             break;
-        }
-        $expiry = new DateTime($expiryRaw);
-        try {
-            switch ($inputDecoded['ACTION']) {
+        case web\lib\admin\API::ACTION_ENDUSER_NEW:
+        // fall-through intentional, those two actions are doing nearly identical things
+        case web\lib\admin\API::ACTION_ENDUSER_CHANGEEXPIRY:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $user = $validator->string($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME));
+            $expiryRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_EXPIRY);
+            if ($expiryRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The expiry date wasn't found in the request.");
+                break;
+            }
+            $expiry = new DateTime($expiryRaw);
+            try {
+                switch ($inputDecoded['ACTION']) {
                 case web\lib\admin\API::ACTION_ENDUSER_NEW:
                     $retval = $profile->addUser($user, $expiry);
                     break;
@@ -345,7 +345,7 @@ 
                         $retval = 1; // function doesn't have any failure vectors not raising an Exception and doesn't return a value
                     }
                     break;
-            }
+                }
         } catch (Exception $e) {
             $adminApi->returnError(web\lib\admin\API::ERROR_INTERNAL_ERROR, "The operation failed. Maybe a duplicate username, or malformed expiry date?");
             exit(1);
@@ -356,25 +356,25 @@ 
         }
         $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $user, \web\lib\admin\API::AUXATTRIB_SB_USERID => $retval]);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
-    // fall-through intended: both actions are very similar
-    case \web\lib\admin\API::ACTION_TOKEN_NEW:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
-        if ($userId === FALSE) {
-            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
-            exit(1);
-        }
-        $additionalInfo = [];
-        switch ($inputDecoded['ACTION']) { // this is where the two differ
+        case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
+        // fall-through intended: both actions are very similar
+        case \web\lib\admin\API::ACTION_TOKEN_NEW:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $userId = $validator->integer($adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID));
+            if ($userId === FALSE) {
+                $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "User ID is not an integer.");
+                exit(1);
+            }
+            $additionalInfo = [];
+            switch ($inputDecoded['ACTION']) { // this is where the two differ
             case \web\lib\admin\API::ACTION_ENDUSER_DEACTIVATE:
                 $result = $profile->deactivateUser($userId);
                 break;
@@ -407,7 +407,7 @@ 
                     }
                 }
                 break;
-        }
+            }
 
         if ($result !== TRUE) {
             $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "These parameters did not lead to an existing, active user.");
@@ -415,69 +415,69 @@ 
         }
         $adminApi->returnSuccess($additionalInfo);
         break;
-    case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
-        $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-		$certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
-        if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
-            // we need at least one of those
-            $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");
-            break;
-        }
-        if ($certSerial !== FALSE) { // we got a cert serial
-            $serial = explode(":", $certSerial);
-            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+        case \web\lib\admin\API::ACTION_ENDUSER_IDENTIFY:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
             }
-        if ($certCN !== FALSE) { // we got a cert CN
-            $cert = new \core\SilverbulletCertificate($certCN);
-        }
-        if ($cert !== NULL) { // we found a cert; verify it and extract userId
-            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-                return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate not found.");
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
             }
-            if ($cert->profileId != $profile->identifier) {
-                return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate does not belong to this profile.");
+            list($idp, $profile) = $evaluation;
+            $userId = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            $userName = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERNAME);
+            $certSerial = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+		    $certCN = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTCN);
+            if ($userId === FALSE && $userName === FALSE && $certSerial === FALSE && $certCN === FALSE) {
+                // we need at least one of those
+                $adminApi->returnError(\web\lib\admin\API::ERROR_MISSING_PARAMETER, "At least one of User ID, Username, certificate serial, or certificate CN is required.");
+                break;
             }
-            $userId = $cert->userId;
-        }
-        if ($userId !== FALSE) {
-            $userList = $profile->getUserById($userId);
-        }
-        if ($userName !== FALSE) {
-            $userList = $profile->getUserByName($userName);
-        }
-        if (count($userList) === 1) {
-            foreach ($userList as $oneUserId => $oneUserName) {
-                return $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $oneUserName, \web\lib\admin\API::AUXATTRIB_SB_USERID => $oneUserId]);
+            if ($certSerial !== FALSE) { // we got a cert serial
+                $serial = explode(":", $certSerial);
+                $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+                }
+            if ($certCN !== FALSE) { // we got a cert CN
+                $cert = new \core\SilverbulletCertificate($certCN);
             }
-        }
-        $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "No matching user found in this profile.");
-        break;
-    case \web\lib\admin\API::ACTION_ENDUSER_LIST:
-    // fall-through: those two are similar
-    case \web\lib\admin\API::ACTION_TOKEN_LIST:
-        $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($profile_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $allUsers = $profile->listAllUsers();
-        // this is where they differ
-        switch ($inputDecoded['ACTION']) {
+            if ($cert !== NULL) { // we found a cert; verify it and extract userId
+                if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                    return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate not found.");
+                }
+                if ($cert->profileId != $profile->identifier) {
+                    return $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Certificate does not belong to this profile.");
+                }
+                $userId = $cert->userId;
+            }
+            if ($userId !== FALSE) {
+                $userList = $profile->getUserById($userId);
+            }
+            if ($userName !== FALSE) {
+                $userList = $profile->getUserByName($userName);
+            }
+            if (count($userList) === 1) {
+                foreach ($userList as $oneUserId => $oneUserName) {
+                    return $adminApi->returnSuccess([web\lib\admin\API::AUXATTRIB_SB_USERNAME => $oneUserName, \web\lib\admin\API::AUXATTRIB_SB_USERID => $oneUserId]);
+                }
+            }
+            $adminApi->returnError(\web\lib\admin\API::ERROR_INVALID_PARAMETER, "No matching user found in this profile.");
+            break;
+        case \web\lib\admin\API::ACTION_ENDUSER_LIST:
+        // fall-through: those two are similar
+        case \web\lib\admin\API::ACTION_TOKEN_LIST:
+            $profile_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($profile_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $profile_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            $allUsers = $profile->listAllUsers();
+            // this is where they differ
+            switch ($inputDecoded['ACTION']) {
             case \web\lib\admin\API::ACTION_ENDUSER_LIST:
                 $adminApi->returnSuccess($allUsers);
                 break;
@@ -496,123 +496,123 @@ 
                     $infoSet[$oneTokenObject->userId] = [\web\lib\admin\API::AUXATTRIB_TOKEN => $oneTokenObject->invitationTokenString, "STATUS" => $oneTokenObject->invitationTokenStatus];
                 }
                 $adminApi->returnSuccess($infoSet);
-        }
-        break;
-    case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
-        $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
-        if ($tokenRaw === FALSE) {
-            exit(1);
-        }
-        $token = new core\SilverbulletInvitation($tokenRaw);
-        if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
-            exit(1);
-        }
-        $token->revokeInvitation();
-        $adminApi->returnSuccess([]);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_LIST:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
-        if ($prof_id === FALSE || !is_int($user_id)) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        $invitations = $profile->userStatus($user_id);
-        // now pull out cert information from the object
-        $certs = [];
-        foreach ($invitations as $oneInvitation) {
-            $certs = array_merge($certs, $oneInvitation->associatedCertificates);
-        }
-        // extract relevant subset of information from cert objects
-        $certDetails = [];
-        foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
-        }
-        $adminApi->returnSuccess($certDetails);
-        break;
-    case \web\lib\admin\API::ACTION_CERT_REVOKE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $cert->revokeCertificate();
-        $adminApi->returnSuccess([]);
+            }
         break;
-    case \web\lib\admin\API::ACTION_CERT_ANNOTATE:
-        $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
-        if ($prof_id === FALSE) {
-            exit(1);
-        }
-        $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
-        if ($evaluation === FALSE) {
-            exit(1);
-        }
-        list($idp, $profile) = $evaluation;
-        // tear apart the serial
-        $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
-        if ($serialRaw === FALSE) {
-            exit(1);
-        }
-        $serial = explode(":", $serialRaw);
-        $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
-        if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
-        }
-        if ($cert->profileId != $profile->identifier) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
-        }
-        $annotationRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTANNOTATION);
-        if ($annotationRaw === FALSE) {
-            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Unable to extract annotation.");
+        case \web\lib\admin\API::ACTION_TOKEN_REVOKE:
+            $tokenRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TOKEN);
+            if ($tokenRaw === FALSE) {
+                exit(1);
+            }
+            $token = new core\SilverbulletInvitation($tokenRaw);
+            if ($token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_VALID && $token->invitationTokenStatus !== core\SilverbulletInvitation::SB_TOKENSTATUS_PARTIALLY_REDEEMED) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "This is not a currently valid token.");
+                exit(1);
+            }
+            $token->revokeInvitation();
+            $adminApi->returnSuccess([]);
             break;
-        }
-        $annotation = json_decode($annotationRaw, TRUE);
-        $cert->annotate($annotation);
-        $adminApi->returnSuccess([]);
-
-        break;
-    case web\lib\admin\API::ACTION_STATISTICS_INST:
-        $retArray = [];
-        $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
-        if ($idpIdentifier === FALSE) {
-            throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
-        } else {
-            try {
-                $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
-            } catch (Exception $e) {
-                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+        case \web\lib\admin\API::ACTION_CERT_LIST:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            $user_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_USERID);
+            if ($prof_id === FALSE || !is_int($user_id)) {
                 exit(1);
             }
-            $retArray[$idpIdentifier] = [];
-            foreach ($thisIdP->listProfiles() as $oneProfile) {
-                $retArray[$idpIdentifier][$oneProfile->identifier] = $oneProfile->getUserDownloadStats();
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
             }
-        }
-        $adminApi->returnSuccess($retArray);
-        break;
-    default:
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
+            list($idp, $profile) = $evaluation;
+            $invitations = $profile->userStatus($user_id);
+            // now pull out cert information from the object
+            $certs = [];
+            foreach ($invitations as $oneInvitation) {
+                $certs = array_merge($certs, $oneInvitation->associatedCertificates);
+            }
+            // extract relevant subset of information from cert objects
+            $certDetails = [];
+            foreach ($certs as $cert) {
+                $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
+            }
+            $adminApi->returnSuccess($certDetails);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_REVOKE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $cert->revokeCertificate();
+            $adminApi->returnSuccess([]);
+            break;
+        case \web\lib\admin\API::ACTION_CERT_ANNOTATE:
+            $prof_id = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_PROFILE_ID);
+            if ($prof_id === FALSE) {
+                exit(1);
+            }
+            $evaluation = $adminApi->commonSbProfileChecks($fed, $prof_id);
+            if ($evaluation === FALSE) {
+                exit(1);
+            }
+            list($idp, $profile) = $evaluation;
+            // tear apart the serial
+            $serialRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTSERIAL);
+            if ($serialRaw === FALSE) {
+                exit(1);
+            }
+            $serial = explode(":", $serialRaw);
+            $cert = new \core\SilverbulletCertificate($serial[1], $serial[0]);
+            if ($cert->status == \core\SilverbulletCertificate::CERTSTATUS_INVALID) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial not found.");
+            }
+            if ($cert->profileId != $profile->identifier) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Serial does not belong to this profile.");
+            }
+            $annotationRaw = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_SB_CERTANNOTATION);
+            if ($annotationRaw === FALSE) {
+                $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "Unable to extract annotation.");
+                break;
+            }
+            $annotation = json_decode($annotationRaw, TRUE);
+            $cert->annotate($annotation);
+            $adminApi->returnSuccess([]);
+
+            break;
+        case web\lib\admin\API::ACTION_STATISTICS_INST:
+            $retArray = [];
+            $idpIdentifier = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_CAT_INST_ID);
+            if ($idpIdentifier === FALSE) {
+                throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
+            } else {
+                try {
+                    $thisIdP = $validator->existingIdP($idpIdentifier, NULL, $fed);
+                } catch (Exception $e) {
+                    $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "IdP identifier does not exist!");
+                    exit(1);
+                }
+                $retArray[$idpIdentifier] = [];
+                foreach ($thisIdP->listProfiles() as $oneProfile) {
+                    $retArray[$idpIdentifier][$oneProfile->identifier] = $oneProfile->getUserDownloadStats();
+                }
+            }
+            $adminApi->returnSuccess($retArray);
+            break;
+        default:
+            $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_ACTION, "Not implemented yet.");
 }
\ No newline at end of file

Spacing +7 added lines, -7 removed lines

@@ -20,7 +20,7 @@ 
  *          <base_url>/copyright.php after deploying the software
  */
 
-require_once dirname(dirname(dirname(__FILE__))) . "/config/_config.php";
+require_once dirname(dirname(dirname(__FILE__)))."/config/_config.php";
 
 // no SAML auth on this page. The API key authenticates the entity
 
@@ -38,7 +38,7 @@ 
 
 $inputDecoded = json_decode($inputRaw, TRUE);
 if (!is_array($inputDecoded)) {
-    $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data." . json_last_error_msg() . $inputRaw);
+    $adminApi->returnError(web\lib\admin\API::ERROR_MALFORMED_REQUEST, "Unable to decode JSON POST data.".json_last_error_msg().$inputRaw);
     exit(1);
 }
 
@@ -132,7 +132,7 @@ 
             throw new Exception("A required parameter is missing, and this wasn't caught earlier?!");
         }
         $newtokens = $mgmt->createTokens(true, [$admin], $idp);
-        $URL = "https://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/action_enrollment.php?token=" . array_keys($newtokens)[0];
+        $URL = "https://".$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME'])."/action_enrollment.php?token=".array_keys($newtokens)[0];
         $success = ["TOKEN URL" => $URL, "TOKEN" => array_keys($newtokens)[0]];
         // done with the essentials - display in response. But if we also have an email address, send it there
         $email = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_TARGETMAIL);
@@ -169,7 +169,7 @@ 
         if ($found) {
             $adminApi->returnSuccess([]);
         }
-        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP " . $idp->identifier);
+        $adminApi->returnError(web\lib\admin\API::ERROR_INVALID_PARAMETER, "The admin with ID $toBeDeleted is not associated to IdP ".$idp->identifier);
         break;
     case web\lib\admin\API::ACTION_STATISTICS_FED:
         $detail = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_DETAIL);
@@ -281,10 +281,10 @@ 
                 $outer = "";
                 $profile->setAnonymousIDSupport(FALSE);
             } else {
-                $outer = $outer . "@";
+                $outer = $outer."@";
                 $profile->setAnonymousIDSupport(TRUE);
             }
-            $profile->setRealm($outer . $realm);
+            $profile->setRealm($outer.$realm);
         }
         /* const AUXATTRIB_PROFILE_TESTUSER = 'ATTRIB-PROFILE-TESTUSER'; */
         $testuser = $adminApi->firstParameterInstance($scrubbedParameters, web\lib\admin\API::AUXATTRIB_PROFILE_TESTUSER);
@@ -531,7 +531,7 @@ 
         // extract relevant subset of information from cert objects
         $certDetails = [];
         foreach ($certs as $cert) {
-            $certDetails[$cert->ca_type . ":" . $cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
+            $certDetails[$cert->ca_type.":".$cert->serial] = ["ISSUED" => $cert->issued, "EXPIRY" => $cert->expiry, "STATUS" => $cert->status, "DEVICE" => $cert->device, "CN" => $cert->username, "ANNOTATION" => $cert->annotation];
         }
         $adminApi->returnSuccess($certDetails);
         break;

web/lib/admin/API.php

Spacing +13 added lines, -13 removed lines

@@ -254,7 +254,7 @@ 
     const ACTIONS = [
         // Inst-level actions.
         API::ACTION_NEWINST_BY_REF => [
-            "REQ" => [API::AUXATTRIB_EXTERNALID,],
+            "REQ" => [API::AUXATTRIB_EXTERNALID, ],
             "OPT" => [
                 'general:geo_coordinates',
                 'general:logo_file',
@@ -271,7 +271,7 @@ 
             "FLAG" => [],
         ],
         API::ACTION_NEWINST => [
-            "REQ" => [API::AUXATTRIB_INSTTYPE,], // "IdP", "SP" or "IdPSP"
+            "REQ" => [API::AUXATTRIB_INSTTYPE, ], // "IdP", "SP" or "IdPSP"
             "OPT" => [
                 'general:instname',
                 'general:geo_coordinates',
@@ -490,7 +490,7 @@ 
     public function scrub($inputJson, $fedObject) {        
         $optionInstance = \core\Options::instance();
         $parameters = [];
-        $allPossibleAttribs = array_merge(API::ACTIONS[$inputJson['ACTION']]['REQ'], API::ACTIONS[$inputJson['ACTION']]['OPT'],  API::ACTIONS[$inputJson['ACTION']]['FLAG']);
+        $allPossibleAttribs = array_merge(API::ACTIONS[$inputJson['ACTION']]['REQ'], API::ACTIONS[$inputJson['ACTION']]['OPT'], API::ACTIONS[$inputJson['ACTION']]['FLAG']);
         // some actions don't need parameters. Don't get excited when there aren't any.
         if (!isset($inputJson['PARAMETERS'])) {
             $inputJson['PARAMETERS'] = [];
@@ -533,7 +533,7 @@ 
                         break;
                 }   
             } elseif (preg_match("/^FLAG-/", $oneIncomingParam['NAME'])) {
-                if ($oneIncomingParam['VALUE'] != "TRUE" && $oneIncomingParam['VALUE'] != "FALSE" ) {
+                if ($oneIncomingParam['VALUE'] != "TRUE" && $oneIncomingParam['VALUE'] != "FALSE") {
                     continue;
                 }
             } else {
@@ -591,8 +591,8 @@ 
 
                 case \core\Options::TYPECODE_COORDINATES:
                     $extension = \core\Options::TYPECODE_TEXT;
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    $coercedInline["value"][$basename . "-" . $extension] = $oneAttrib['VALUE'];
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    $coercedInline["value"][$basename."-".$extension] = $oneAttrib['VALUE'];
                     break;
                 case \core\Options::TYPECODE_TEXT:
                 // Fall-through: they all get the same treatment.
@@ -602,18 +602,18 @@ 
                 // Fall-through: they all get the same treatment.
                 case \core\Options::TYPECODE_INTEGER:
                     $extension = $optionInfo['type'];
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    $coercedInline["value"][$basename . "-" . $extension] = $oneAttrib['VALUE'];
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    $coercedInline["value"][$basename."-".$extension] = $oneAttrib['VALUE'];
                     if ($optionInfo['flag'] == "ML") {
-                        $coercedInline["value"][$basename . "-lang"] = $oneAttrib['LANG'];
+                        $coercedInline["value"][$basename."-lang"] = $oneAttrib['LANG'];
                     }
                     break;
                 case \core\Options::TYPECODE_FILE:
                     // Binary data is expected in base64 encoding. This is true also for PEM files!
                     $extension = $optionInfo['type'];
-                    $coercedInline["option"][$basename] = $oneAttrib['NAME'] . "#";
-                    file_put_contents($dir['dir'] . "/" . $basename . "-" . $extension, base64_decode($oneAttrib['VALUE']));
-                    $coercedFile["value"]['tmp_name'][$basename . "-" . $extension] = $dir['dir'] . "/" . $basename . "-" . $extension;
+                    $coercedInline["option"][$basename] = $oneAttrib['NAME']."#";
+                    file_put_contents($dir['dir']."/".$basename."-".$extension, base64_decode($oneAttrib['VALUE']));
+                    $coercedFile["value"]['tmp_name'][$basename."-".$extension] = $dir['dir']."/".$basename."-".$extension;
                     break;
                 default:
                     throw new Exception("We don't seem to know this type code!");
@@ -642,7 +642,7 @@ 
     public function returnSuccess($details) {
         $output = json_encode(["result" => "SUCCESS", "details" => $details], JSON_PRETTY_PRINT);
         if ($output === FALSE) {
-            $this->returnError(API::ERROR_INTERNAL_ERROR, "Unable to JSON encode return data: ". json_last_error(). " - ". json_last_error_msg());
+            $this->returnError(API::ERROR_INTERNAL_ERROR, "Unable to JSON encode return data: ".json_last_error()." - ".json_last_error_msg());
         }
         else {
             echo $output;

core/Federation.php

Spacing +9 added lines, -9 removed lines

@@ -103,7 +103,7 @@ 
                 } else { // this device has stats, but doesn't exist in current config. We don't even know its display name, so display its raw representation
                     $displayName = sprintf(_("(discontinued) %s"), $queryResult->dev_id);
                 }
-                if (! isset($dataArray[$inst_id])) {
+                if (!isset($dataArray[$inst_id])) {
                     $dataArray[$inst_id] = [];
                 }
             }
@@ -111,7 +111,7 @@ 
                 $dataArray[$inst_id][$displayName] = ["ADMIN" => $queryResult->dl_admin, "SILVERBULLET" => $queryResult->dl_sb, "USER" => $queryResult->dl_user];
             } elseif ($detail === 'PROFILES') {
                 $profile_id = $queryResult->profile_id;
-                if (! isset($dataArray[$inst_id][$profile_id])) {
+                if (!isset($dataArray[$inst_id][$profile_id])) {
                     $dataArray[$inst_id][$profile_id] = [];
                 }
                 $dataArray[$inst_id][$profile_id][$displayName] = ["ADMIN" => $queryResult->dl_admin, "SILVERBULLET" => $queryResult->dl_sb, "USER" => $queryResult->dl_user];
@@ -160,20 +160,20 @@ 
                     if ($device == "TOTAL") {
                         continue;
                     }
-                    $retstring .= "<tr><td>$device</td><td>" . $numbers['ADMIN'] . "</td><td>" . $numbers['SILVERBULLET'] . "</td><td>" . $numbers['USER'] . "</td></tr>";
+                    $retstring .= "<tr><td>$device</td><td>".$numbers['ADMIN']."</td><td>".$numbers['SILVERBULLET']."</td><td>".$numbers['USER']."</td></tr>";
                 }
-                $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>" . $data['TOTAL']['ADMIN'] . "</strong></td><td><strong>" . $data['TOTAL']['SILVERBULLET'] . "</strong></td><td><strong>" . $data['TOTAL']['USER'] . "</strong></td></tr>";
+                $retstring .= "<tr><td><strong>TOTAL</strong></td><td><strong>".$data['TOTAL']['ADMIN']."</strong></td><td><strong>".$data['TOTAL']['SILVERBULLET']."</strong></td><td><strong>".$data['TOTAL']['USER']."</strong></td></tr>";
                 break;
             case "XML":
                 // the calls to date() operate on current date, so there is no chance for a FALSE to be returned. Silencing scrutinizer.
-                $retstring .= "<federation id='$this->tld' ts='" . /** @scrutinizer ignore-type */ date("Y-m-d") . "T" . /** @scrutinizer ignore-type */ date("H:i:s") . "'>\n";
+                $retstring .= "<federation id='$this->tld' ts='"./** @scrutinizer ignore-type */ date("Y-m-d")."T"./** @scrutinizer ignore-type */ date("H:i:s")."'>\n";
                 foreach ($data as $device => $numbers) {
                     if ($device == "TOTAL") {
                         continue;
                     }
-                    $retstring .= "  <device name='" . $device . "'>\n    <downloads group='admin'>" . $numbers['ADMIN'] . "</downloads>\n    <downloads group='managed_idp'>" . $numbers['SILVERBULLET'] . "</downloads>\n    <downloads group='user'>" . $numbers['USER'] . "</downloads>\n  </device>";
+                    $retstring .= "  <device name='".$device."'>\n    <downloads group='admin'>".$numbers['ADMIN']."</downloads>\n    <downloads group='managed_idp'>".$numbers['SILVERBULLET']."</downloads>\n    <downloads group='user'>".$numbers['USER']."</downloads>\n  </device>";
                 }
-                $retstring .= "<total>\n  <downloads group='admin'>" . $data['TOTAL']['ADMIN'] . "</downloads>\n  <downloads group='managed_idp'>" . $data['TOTAL']['SILVERBULLET'] . "</downloads>\n  <downloads group='user'>" . $data['TOTAL']['USER'] . "</downloads>\n</total>\n";
+                $retstring .= "<total>\n  <downloads group='admin'>".$data['TOTAL']['ADMIN']."</downloads>\n  <downloads group='managed_idp'>".$data['TOTAL']['SILVERBULLET']."</downloads>\n  <downloads group='user'>".$data['TOTAL']['USER']."</downloads>\n</total>\n";
                 $retstring .= "</federation>";
                 break;
             case "array":
@@ -273,7 +273,7 @@ 
         $identifier = $this->databaseHandle->lastID();
 
         if ($identifier == 0 || !$this->loggerInstance->writeAudit($ownerId, "NEW", "Organisation $identifier")) {
-            $text = "<p>Could not create a new " . common\Entity::$nomenclature_participant . "!</p>";
+            $text = "<p>Could not create a new ".common\Entity::$nomenclature_participant."!</p>";
             echo $text;
             throw new Exception($text);
         }
@@ -417,7 +417,7 @@ 
             return; // no update to fetch
         }
         $certDetails = openssl_x509_parse($entryInQuestion['CERT']);
-        $expiry = "20" . $certDetails['validTo'][0] . $certDetails['validTo'][1] . "-" . $certDetails['validTo'][2] . $certDetails['validTo'][3] . "-" . $certDetails['validTo'][4] . $certDetails['validTo'][5];
+        $expiry = "20".$certDetails['validTo'][0].$certDetails['validTo'][1]."-".$certDetails['validTo'][2].$certDetails['validTo'][3]."-".$certDetails['validTo'][4].$certDetails['validTo'][5];
         openssl_x509_export($entryInQuestion['CERT'], $pem);
         $updateQuery = "UPDATE federation_servercerts SET status = 'ISSUED', certificate = ?, expiry = ? WHERE ca_name = 'eduPKI' AND request_serial = ?";
         $this->databaseHandle->exec($updateQuery, "ssi", $pem, $expiry, $reqSerial);