Completed
Push — master ( 08b6fd...28f794 )
by Terrence
11:28
created

DBService::setIdps()   A

Complexity

Conditions 5
Paths 2

Size

Total Lines 25

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 0
CRAP Score 30

Importance

Changes 0
Metric Value
dl 0
loc 25
ccs 0
cts 8
cp 0
rs 9.2088
c 0
b 0
f 0
cc 5
nc 2
nop 0
crap 30
1
<?php
2
3
namespace CILogon\Service;
4
5
use CILogon\Service\Util;
6
7
/**
8
 * DBService
9
 *
10
 * This class is a wrapper for the dbService servlet.  The dbService
11
 * servlet acts as a frontend to the database that stores info on users,
12
 * portal parameters, and IdPs. This was created to allow for fast
13
 * access to the database by keeping a connection open.  This class is a
14
 * rework of the old store.php class.
15
 *
16
 * Example usage:
17
 *     // For authentication, we have a bunch of attributes from an
18
 *     // identity provider. Thus get the database uid for the user
19
 *     // by using the multi-parameter version of getUser().
20
 *     $uid = '';
21
 *     $dbservice = new DBService();
22
 *     $dbservice->getUser('[email protected]',
23
 *                         'urn:mace:incommon:uiuc.edu',
24
 *                         'University of Illinois at Urbana-Champaign',
25
 *                         'John','Smith','John Smith,
26
 *                          '[email protected]');
27
 *     if (!($dbservice->status & 1)) { // OK status codes are even
28
 *         $uid = $dbservice->user_uid;
29
 *     }
30
 *
31
 *     // Later in the code, re-fetch the user using this uid
32
 *     // and print out the stored attributes.
33
 *     if (strlen($uid) > 0) {
34
 *         $dbservice->getUser($uid);
35
 *         echo 'Name = ' . $dbservice->first_name . ' ' .
36
 *                          $dbservice->last_name  . "\n";
37
 *         echo 'DN = '   . $dbservice->distinguished_name . "\n";
38
 *     }
39
 *
40
 *     // For getting/setting the Shibboleth-based IdPs, use the
41
 *     // getIdps()/setIdps() methods.  These methods utilize the
42
 *     // class member array $idp_uids for reading/writing. Two
43
 *     // convenience methods (setIdpsFromKeys($array) and
44
 *     // setIdpsFromValues($array)) are provided to populate the
45
 *     // $idp_uids array from the passed-in $array.
46
 *     $dbservice->getIdps();
47
 *     foreach($dbservice->idp_uids as $value) {
48
 *         echo "$value\n";
49
 *     }
50
 *
51
 *     $idps = array('urn:mace:incommon:ucsd.edu',
52
 *                   'urn:mace:incommon:uiuc.edu');
53
 *     $dbservice->setIdpsFromValues($idps);
54
 *     //   --- OR ---
55
 *     $idps = array('urn:mace:incommon:ucsd.edu' => 1,
56
 *                   'urn:mace:incommon:uiuc.edu' => 1);
57
 *     $dbservice->setIdpsFromKeys($idps);
58
 */
59
60
class DBService
61
{
62
    /**
63
     * @var string DEFAULTDBSERVICEURL The main URL for the dbService.
64
     *      Corresponds to the OAuth2 .war.
65
     */
66
    const DEFAULTDBSERVICEURL = 'http://localhost:8080/oauth2/dbService';
67
68
    /**
69
     * @var string OAUTH1DBSERVICEURL The URL for the OAuth 1.0a dbService.
70
     */
71
    const OAUTH1DBSERVICEURL  = 'http://localhost:8080/oauth/dbService';
72
73
    /**
74
     * @var string OAUTH2DBSERVICEURL The URL for the OAuth 2 dbService.
75
     */
76
    const OAUTH2DBSERVICEURL  = 'http://localhost:8080/oauth2/dbService';
77
78
    /**
79
     * @var array $STATUS The various STATUS_* constants, originally from
80
     *      Store.pm. The keys of the array are strings corresponding to the
81
     *      constant names. The values of the array are the integer (hex)
82
     *      values. For example, DBService::$STATUS['STATUS_OK'] = 0;
83
     *      Use 'array_search($this->status,DBService::$STATUS)' to look
84
     *      up the STATUS_* name given the status integer value.
85
     */
86
    public static $STATUS = array(
87
        'STATUS_OK'                        => 0x0,
88
        'STATUS_ACTION_NOT_FOUND'          => 0x1,
89
        'STATUS_NEW_USER'                  => 0x2,
90
        'STATUS_USER_UPDATED'              => 0x4,
91
        'STATUS_USER_NOT_FOUND'            => 0x6,
92
        'STATUS_USER_EXISTS'               => 0x8,
93
        'STATUS_USER_EXISTS_ERROR'         => 0xFFFA1,
94
        'STATUS_USER_NOT_FOUND_ERROR'      => 0xFFFA3,
95
        'STATUS_TRANSACTION_NOT_FOUND'     => 0xFFFA5,
96
        'STATUS_IDP_SAVE_FAILED'           => 0xFFFA7,
97
        'STATUS_DUPLICATE_PARAMETER_FOUND' => 0xFFFF1,
98
        'STATUS_INTERNAL_ERROR'            => 0xFFFF3,
99
        'STATUS_SAVE_IDP_FAILED'           => 0xFFFF5,
100
        'STATUS_MALFORMED_INPUT_ERROR'     => 0xFFFF7,
101
        'STATUS_MISSING_PARAMETER_ERROR'   => 0xFFFF9,
102
        'STATUS_NO_REMOTE_USER'            => 0xFFFFB,
103
        'STATUS_NO_IDENTITY_PROVIDER'      => 0xFFFFD,
104
        'STATUS_CLIENT_NOT_FOUND'          => 0xFFFFF,
105
        'STATUS_TRANSACTION_NOT_FOUND'     => 0x10001,
106
        'STATUS_EPTID_MISMATCH'            => 0x100001,
107
    );
108
109
    /**
110
     * @var int $status The returned status code from dbService calls
111
     */
112
    public $status;
113
114
    /**
115
     * @var string $user_uid The CILogon UID
116
     */
117
    public $user_uid;
118
119
    /**
120
     * @var string $remote_user The HTTP session REMOTE_USER
121
     */
122
    public $remote_user;
123
124
    /**
125
     * @var string $idp The Identity Provider's entityId
126
     */
127
    public $idp;
128
129
    /**
130
     * @var string $idp_display_name The Identity Provider's name
131
     */
132
    public $idp_display_name;
133
134
    /**
135
     * @var string $first_name User's given name
136
     */
137
    public $first_name;
138
139
    /**
140
     * @var string $last_name User's family name
141
     */
142
    public $last_name;
143
144
    /**
145
     * @var string $display_name User's full name
146
     */
147
    public $display_name;
148
149
    /**
150
     * @var string $email User's email address
151
     */
152
    public $email;
153
154
    /**
155
     * @var string $distinguished_name X.509 DN + email address
156
     */
157
    public $distinguished_name;
158
159
    /**
160
     * @var string $eppn eduPersonPrincipalName
161
     */
162
    public $eppn;
163
164
    /**
165
     * @var string $eptid eduPersonTargetedID
166
     */
167
    public $eptid;
168
169
    /**
170
     * @var string $open_id Old Google OpenID 2.0 identifier
171
     */
172
    public $open_id;
173
174
    /**
175
     * @var string $oidc OpenID Connect identifier
176
     */
177
    public $oidc;
178
179
    /**
180
     * @var string $affiliation eduPersonScopedAffiliation
181
     */
182
    public $affiliation;
183
184
    /**
185
     * @var string $ou Organizational Unit
186
     */
187
    public $ou;
188
189
    /**
190
     * @var string $member_of isMemberOf group information
191
     */
192
    public $member_of;
193
194
    /**
195
     * @var string $acr Authentication Context Class Ref
196
     */
197
    public $acr;
198
199
    /**
200
     * @var string $entitlement eduPersonEntitlement
201
     */
202
    public $entitlement;
203
204
    /**
205
     * @var string $serial_string CILogon serial string (e.g., A34201)
206
     */
207
    public $serial_string;
208
209
    /**
210
     * @var string $create_time Time user entry was created
211
     */
212
    public $create_time;
213
214
    /**
215
     * @var string $oauth_token OAuth 2.0 token
216
     */
217
    public $oauth_token;
218
219
    /**
220
     * @var string $cilogon_callback OAuth 1.0a callback URL
221
     */
222
    public $cilogon_callback;
223
224
    /**
225
     * @var string $cilogon_success OAuth 1.0a success URL
226
     */
227
    public $cilogon_success;
228
229
    /**
230
     * @var string $cilogon_failure OAuth 1.0a failure URL
231
     */
232
    public $cilogon_failure;
233
234
    /**
235
     * @var string $cilogon_portal_name OAuth client name
236
     */
237
    public $cilogon_portal_name;
238
239
    /**
240
     * @var string $two_factor Two factor string used by TwoFactor.php
241
     */
242
    public $two_factor;
243
244
    /**
245
     * @var array $idp_uids IdPs stored in the 'values' of the array
246
     */
247
    public $idp_uids;
248
249
    /**
250
     * @var string $client_name OAuth 2.0 client name
251
     */
252
    public $client_name;
253
254
    /**
255
     * @var string $client_id OAuth 2.0 client identifier
256
     */
257
    public $client_id;
258
259
    /**
260
     * @var string $client_home_uri OAuth 2.0 client home URL
261
     */
262
    public $client_home_uri;
263
264
    /**
265
     * @var array $client_callback_uris An array of OAuth 2.0 callback URLs
266
     */
267
    public $client_callback_uris;
268
269
    /**
270
     * @var string $dbservice URL The URL to use for the dbService
271
     */
272
    private $dbserviceurl;
273
274
    /**
275
     * __construct
276
     *
277
     * Default constructor.  All of the various class members are
278
     * initialized to 'null' or empty arrays.
279
     *
280
     * @param string $serviceurl (Optional) The URL of the database service
281
     *        servlet
282
     */
283
    public function __construct($serviceurl = self::DEFAULTDBSERVICEURL)
284
    {
285
        $this->clear();
286
        $this->setDBServiceURL($serviceurl);
287
    }
288
289
    /**
290
     * getDBServiceURL
291
     *
292
     * Returns the full URL of the database servlet used by the call()
293
     * function.
294
     *
295
     * @return string The URL of the database service servlet
296
     */
297
    public function getDBServiceURL()
298
    {
299
        return $this->dbserviceurl;
300
    }
301
302
    /**
303
     * setDBServiceURL
304
     *
305
     * Set the private variable $dbserviceurl to the full URL of the
306
     * database servlet, which is used by the call() function.
307
     *
308
     * @param string $serviceurl The URL of the database service servlet.
309
     */
310
    public function setDBServiceURL($serviceurl)
311
    {
312
        $this->dbserviceurl = $serviceurl;
313
    }
314
315
    /**
316
     * clear
317
     *
318
     * Set all of the class members to 'null' or empty arrays.
319
     */
320
    public function clear()
321
    {
322
        $this->clearUser();
323
        $this->clearPortal();
324
        $this->clearIdps();
325
        $this->clearClient();
326
    }
327
328
    /**
329
     * clearUser
330
     *
331
     * Set all of the class member variables associated with getUser()
332
     * to 'null'.
333
     */
334
    public function clearUser()
335
    {
336
        $this->status = null;
337
        $this->user_uid = null;
338
        $this->remote_user = null;
339
        $this->idp = null;
340
        $this->idp_display_name = null;
341
        $this->first_name = null;
342
        $this->last_name = null;
343
        $this->display_name = null;
344
        $this->email = null;
345
        $this->distinguished_name = null;
346
        $this->eppn = null;
347
        $this->eptid = null;
348
        $this->open_id = null;
349
        $this->oidc = null;
350
        $this->serial_string = null;
351
        $this->create_time = null;
352
        $this->two_factor = null;
353
        $this->affiliation = null;
354
        $this->ou = null;
355
        $this->member_of = null;
356
        $this->acr = null;
357
        $this->entitlement = null;
358
    }
359
360
    /**
361
     * clearPortal
362
     *
363
     * Set all of the class member variables associated with
364
     * getPortalParameters() to 'null'.
365
     */
366
    public function clearPortal()
367
    {
368
        $this->status = null;
369
        $this->oauth_token = null;
370
        $this->cilogon_callback = null;
371
        $this->cilogon_success = null;
372
        $this->cilogon_failure = null;
373
        $this->cilogon_portal_name = null;
374
    }
375
376
    /**
377
     * clearIdps
378
     *
379
     * Set the class member variable $idp_uids to an empty array.
380
     */
381
    public function clearIdps()
382
    {
383
        $this->status = null;
384
        $this->idp_uids = array();
385
    }
386
387
    /**
388
     * clearClient
389
     *
390
     * Set all of the class member variables associated with
391
     * getClient() to 'null'.
392
     */
393
    public function clearClient()
394
    {
395
        $this->status = null;
396
        $this->client_name = null;
397
        $this->client_id = null;
398
        $this->client_home_uri = null;
399
        $this->client_callback_uris = array();
400
    }
401
402
    /**
403
     * getUser
404
     *
405
     * This method calls the 'getUser' action of the servlet and sets
406
     * the class member variables associated with user info
407
     * appropriately.  If the servlet returns correctly (i.e. an HTTP
408
     * status code of 200), this method returns true.
409
     *
410
     * @param mixed $args Variable number of parameters: 1, or more.
411
     *        For 1 parameter : $uid (database user identifier)
412
     *        For more than 1 parameter, parameters can include:
413
     *            $remote_user, $idp, $idp_display_name,
414
     *            $first_name, $last_name, $display_name, $email,
415
     *            $eppn, $eptid, $openid, $oidc, $affiliation,
416
     *            $ou, $member_of, $acr, $entitlement
417
     *
418
     * @return bool True if the servlet returned correctly. Else false.
419
     */
420
    public function getUser(...$args)
421
    {
422
        $retval = false;
423
        $this->clearUser();
424
        $this->setDBServiceURL(static::DEFAULTDBSERVICEURL);
425
        $numargs = count($args);
426
        if ($numargs == 1) {
427
            $retval = $this->call('action=getUser&user_uid=' .
428
                urlencode($args[0]));
429
        } elseif ($numargs > 1) {
430
            $params = array('remote_user', 'idp', 'idp_display_name',
431
                            'first_name', 'last_name', 'display_name', 'email',
432
                            'eppn', 'eptid', 'open_id', 'oidc', 'affiliation',
433
                            'ou', 'member_of', 'acr', 'entitlement');
434
            $cmd = 'action=getUser';
435
            $attr_arr = array();
436
            for ($i = 0; $i < $numargs; $i++) {
437
                $arg = $args[$i];
438
                if (strlen($arg) > 0) {
439
                    if ($i >= 13) {
440
                        // Put params after $ou into JSON object
441
                        $attr_arr[$params[$i]] = $arg;
442
                    } else {
443
                        $cmd .= '&' . $params[$i] . '=' . urlencode($arg);
444
                    }
445
                }
446
            }
447
            // If any elements in $attr_arr, append converted JSON object
448
            if (count($attr_arr) > 0) {
449
                if (($attr_json = json_encode($attr_arr, JSON_FORCE_OBJECT))
450
                    !== false) {
451
                    $cmd .= '&attr_json=' . urlencode($attr_json);
452
                }
453
            }
454
            // Add 'us_idp' parameter for InCommon/Google (1) or eduGAIN (0)
455
            $us_idp = 0;
456
            $idp = $args[1];
457
            $idp_display_name = $args[2];
458
            if ((Util::getIdpList()->isRegisteredByInCommon($idp)) ||
459
                (in_array($idp_display_name, Util::$oauth2idps))) {
460
                $us_idp = 1;
461
            }
462
            $cmd .= "&us_idp=$us_idp";
463
464
            $retval = $this->call($cmd);
465
        }
466
        return $retval;
467
    }
468
469
    /**
470
     * getLastArchivedUser
471
     *
472
     * This method calls the 'getLastArchivedUser' action of the
473
     * servlet and sets the class member variables associated with user
474
     * info appropriately.  If the servlet returns correctly (i.e. an
475
     * HTTP status code of 200), this method returns true.
476
     *
477
     * @param string $uid The database user identifier
478
     * @return bool True if the servlet returned correctly. Else false.
479
     */
480
    public function getLastArchivedUser($uid)
481
    {
482
        $this->clearUser();
483
        $this->setDBServiceURL(static::DEFAULTDBSERVICEURL);
484
        return $this->call('action=getLastArchivedUser&user_uid=' .
485
            urlencode($uid));
486
    }
487
488
    /**
489
     * removeUser
490
     *
491
     * This method calls the 'removeUser' action of the servlet and
492
     * sets the class member variable $status appropriately.  If the
493
     * servlet returns correctly (i.e. an HTTP status code of 200),
494
     * this method returns true.
495
     *
496
     * @param string $uid The database user identifier
497
     * @return bool True if the servlet returned correctly. Else false.
498
     */
499
    public function removeUser($uid)
500
    {
501
        $this->clearUser();
502
        $this->setDBServiceURL(static::DEFAULTDBSERVICEURL);
503
        return $this->call('action=removeUser&user_uid=' .
504
            urlencode($uid));
505
    }
506
507
    /**
508
     * getTwoFactorInfo
509
     *
510
     * This method calls the 'getTwoFactorInfo' action of the servlet
511
     * and sets the class member variables associated with the user's
512
     * two-factor info appropriately. If the servlet returns correctly
513
     * (i.e. an HTTP status code of 200), this method returns true.
514
     * Note that this method isn't strictly necessary since the
515
     * two_factor info data is returned when getUser is called.
516
     *
517
     * @param string $uid The database user identifier
518
     * @return bool True if the servlet returned correctly. Else false.
519
     */
520
    public function getTwoFactorInfo($uid)
521
    {
522
        $this->two_factor = null;
523
        $this->setDBServiceURL(static::DEFAULTDBSERVICEURL);
524
        return $this->call('action=getTwoFactorInfo&user_uid=' .
525
            urlencode($uid));
526
    }
527
528
    /**
529
     * setTwoFactorInfo
530
     *
531
     * This method calls the 'setTwoFactorInfo' action of the servlet
532
     * and sets the class member variable associated with the user's
533
     * two-factor info appropriately. If the servlet returns correctly
534
     * (i.e. an HTTP status code of 200), this method returns true.
535
     *
536
     * @param string $uid The database user identifier
537
     * @param string $two_factor (Optional) The two-factor info string.
538
     *        Defaults to empty string.
539
     * @return bool True if the servlet returned correctly. Else false.
540
     */
541
    public function setTwoFactorInfo($uid, $two_factor = '')
542
    {
543
        $this->two_factor = $two_factor;
544
        $this->setDBServiceURL(static::DEFAULTDBSERVICEURL);
545
        return $this->call('action=setTwoFactorInfo&user_uid=' .
546
            urlencode($uid) . '&two_factor=' . urlencode($two_factor));
547
    }
548
549
    /**
550
     * getPortalParameters
551
     *
552
     * This method calls the 'getPortalParameter' action of the servlet
553
     * and sets the class member variables associated with the portal
554
     * parameters appropriately. If the servlet returns correctly (i.e.
555
     * an HTTP status code of 200), this method returns true.
556
     *
557
     * @param string $oauth_token The database OAuth identifier token
558
     * @return bool True if the servlet returned correctly. Else false.
559
     */
560
    public function getPortalParameters($oauth_token)
561
    {
562
        $this->clearPortal();
563
        $this->setDBServiceURL(static::OAUTH1DBSERVICEURL);
564
        return $this->call('action=getPortalParameter&oauth_token=' .
565
            urlencode($oauth_token));
566
    }
567
568
    /**
569
     * getIdps
570
     *
571
     * This method calls the 'getAllIdps' action of the servlet and
572
     * sets the class member array $idp_uris to contain all of the
573
     * Idps in the database, stored in the 'values' of the array.  If
574
     * the servlet returns correctly (i.e. an HTTP status code of 200),
575
     * this method returns true.
576
     *
577
     * @return bool True if the servlet returned correctly. Else false.
578
     */
579
    public function getIdps()
580
    {
581
        $this->clearIdps();
582
        $this->setDBServiceURL(static::DEFAULTDBSERVICEURL);
583
        return $this->call('action=getAllIdps');
584
    }
585
586
    /**
587
     * setIdps
588
     *
589
     * This method calls the 'setAllIdps' action of the servlet using
590
     * the class memeber array $idp_uris as the source for the Idps to
591
     * be stored to the database.  Note that if this array is empty,
592
     * an error code will be returned in the status since at least one
593
     * IdP should be saved to the database.  If you want to pass an
594
     * array of Idps to be saved, see the setIdpsFromKeys($array) and
595
     * setIdpsFromValues($array) methods.  If the servlet returns
596
     * correctly (i.e. an HTTP status code of 200), this method
597
     * returns true.
598
     *
599
     * @return bool True if the servlet returned correctly. Else false.
600
     */
601
    public function setIdps()
602
    {
603
        $retval = false;
604
        $this->setDBServiceURL(static::DEFAULTDBSERVICEURL);
605
        $idpcount = count($this->idp_uids);
606
        $idpidx = 0;
607
        if ($idpcount > 0) {
608
            // Loop through the idp_uids in chunks of 50 to deal
609
            // with query parameter limit of http browsers/servers.
610
            while ($idpidx < $idpcount) { // Loop through all IdPs
611
                $fiftyidx = 0;
612
                $idplist = '';
613
                while (($fiftyidx < 50) && // Send 50 IdPs at a time
614
                       ($idpidx < $idpcount)) {
615
                    $idplist .=  '&idp_uid=' .
616
                                 urlencode($this->idp_uids[$idpidx]);
617
                    $fiftyidx++;
618
                    $idpidx++;
619
                }
620
                $cmd = 'action=setAllIdps' . $idplist;
621
                $retval = $this->call($cmd);
622
            }
623
        }
624
        return $retval;
625
    }
626
627
    /**
628
     * setIdpsFromKeys
629
     *
630
     * This is a convenience method which calls setIdps using a
631
     * passed-in array of IdPs stored as the keys of the array.  It
632
     * first sets the class member array $idp_uids appropriately and
633
     * then calls the setIdps() method. If the servlet returns
634
     * correctly (i.e. an HTTP status code of 200), this method
635
     * returns true.  See also setIdpsFromValues().
636
     *
637
     * @param array $idps An array of IdPs to be saved, stored in the
638
     *       'keys' of the array.
639
     * @return bool True if the servlet returned correctly. Else false.
640
     */
641
    public function setIdpsFromKeys($idps)
642
    {
643
        $this->clearIdps();
644
        foreach ($idps as $key => $value) {
645
            $this->idp_uids[] = $key;
646
        }
647
        return $this->setIdps();
648
    }
649
650
    /**
651
     * setIdpsFromValues
652
     *
653
     * This is a convenience method which calls setIdps using a
654
     * passed-in array of IdPs stored as the values of the array.  It
655
     * first sets the class member array $idp_uids appropriately and
656
     * then calls the setIdps() method. If the servlet returns
657
     * correctly (i.e. an HTTP status code of 200), this method
658
     * returns true.  See also setIdpsFromKeys().
659
     *
660
     * @param array $idps An array of IdPs to be saved, stored in the
661
     *        'values' of the array.
662
     * @return bool True if the servlet returned correctly. Else false.
663
     */
664
    public function setIdpsFromValues($idps)
665
    {
666
        $this->clearIdps();
667
        foreach ($idps as $value) {
668
            $this->idp_uids[] = $value;
669
        }
670
        return $this->setIdps();
671
    }
672
673
    /**
674
     * getClient
675
     *
676
     * This method calls the 'getClient' action of the Oauth 2.0
677
     * servlet and sets the class member variables associated with
678
     * client info appropriately.  If the servlet returns correctly
679
     * (i.e. an HTTP status code of 200), this method returns true.
680
     *
681
     * @param string $cid The Oauth 2.0 Client ID (client_id).
682
     * @return bool True if the servlet returned correctly. Else false.
683
     */
684
    public function getClient($cid)
685
    {
686
        $this->clearClient();
687
        $this->setDBServiceURL(static::OAUTH2DBSERVICEURL);
688
        return $this->call('action=getClient&client_id=' .
689
            urlencode($cid));
690
    }
691
692
    /**
693
     * setTransactionState
694
     *
695
     * This method calls the 'setTransactionState' action of the Oauth
696
     * 2.0 servlet to associate the Oauth 2.0 'code' with the database
697
     * user UID. This is necessary for the Oauth 2.0 server to be able
698
     * to return information about the user (name, email address) as
699
     * well as return a certificate for the user. If the servlet
700
     * returns correctly (i.e. an HTTP status code of 200), this method
701
     * returns true. Check the 'status' return value to verify that
702
     * the transaction state was set successfully.
703
     *
704
     * @param string $code The 'code' as returned by the OAuth 2.0 server.
705
     * @param string $uid The database user UID.
706
     * @param int The Unix timestamp of the user authentication.
707
     * @param string $loa (Optional) The Level of Assurance: '' = basic,
708
     *        'openid' =  OpenID Connect (e.g., Google),
709
     *        'http://incommonfederation.org/assurance/silver' = silver
710
     * @param string $myproxyinfo (Optional) the 'info:...' string to be
711
     *        passed to MyProxy.
712
     * @return bool True if the servlet returned correctly. Else false.
713
     */
714
    public function setTransactionState(
715
        $code,
716
        $uid,
717
        $authntime,
718
        $loa = '',
719
        $myproxyinfo = ''
720
    ) {
721
        $this->setDBServiceURL(static::OAUTH2DBSERVICEURL);
722
        return $this->call(
723
            'action=setTransactionState' .
724
            '&code=' . urlencode($code) .
725
            '&user_uid=' . urlencode($uid) .
726
            '&auth_time=' . urlencode($authntime) .
727
            '&loa=' . urlencode($loa) .
728
            ((strlen($myproxyinfo) > 0) ?
729
                ('&cilogon_info=' . urlencode($myproxyinfo)) : '')
730
        );
731
    }
732
733
    /**
734
     * call
735
     *
736
     * This method does the brunt of the work for calling the
737
     * dbService servlet.  The single parameter is a string of
738
     * 'key1=value1&key2=value2&...' containing all of the parameters
739
     * for the dbService.  If the servlet returns an HTTP status code
740
     * of 200, then this method will return true.  It parses the return
741
     * output for various 'key=value' lines and stores then in the
742
     * appropriate member variables, urldecoded of course.
743
     *
744
     * @param string $params A string containing 'key=value' pairs,
745
     *        separated by ampersands ('&') as appropriate for passing to a
746
     *        URL for a GET query.
747
     * @return bool True if the servlet returned correctly. Else false.
748
     */
749
    public function call($params)
750
    {
751
        $success = false;
752
753
        $attr_json = '';
754
        $ch = curl_init();
755
        if ($ch !== false) {
756
            $url = $this->getDBServiceURL() . '?' . $params;
757
            curl_setopt($ch, CURLOPT_URL, $url);
758
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
759
            curl_setopt($ch, CURLOPT_TIMEOUT, 30);
760
            $output = curl_exec($ch);
761
            if (curl_errno($ch)) { // Send alert on curl errors
762
                Util::sendErrorAlert(
763
                    'cUrl Error',
764
                    'cUrl Error    = ' . curl_error($ch) . "\n" .
765
                    "URL Accessed  = $url"
766
                );
767
            }
768
            if (!empty($output)) {
769
                $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
770
                if ($httpcode == 200) {
771
                    $success = true;
772
                    if (preg_match('/status=([^\r\n]+)/', $output, $match)) {
773
                        $this->status = (int)(urldecode($match[1]));
774
                    }
775
                    if (preg_match('/user_uid=([^\r\n]+)/', $output, $match)) {
776
                        $this->user_uid = urldecode($match[1]);
777
                    }
778
                    if (preg_match('/remote_user=([^\r\n]+)/', $output, $match)) {
779
                        $this->remote_user = urldecode($match[1]);
780
                    }
781
                    if (preg_match('/idp=([^\r\n]+)/', $output, $match)) {
782
                        $this->idp = urldecode($match[1]);
783
                    }
784
                    if (preg_match('/idp_display_name=([^\r\n]+)/', $output, $match)) {
785
                        $this->idp_display_name = urldecode($match[1]);
786
                    }
787
                    if (preg_match('/first_name=([^\r\n]+)/', $output, $match)) {
788
                        $this->first_name = urldecode($match[1]);
789
                    }
790
                    if (preg_match('/last_name=([^\r\n]+)/', $output, $match)) {
791
                        $this->last_name = urldecode($match[1]);
792
                    }
793
                    if (preg_match('/[^_]display_name=([^\r\n]+)/', $output, $match)) {
794
                        $this->display_name = urldecode($match[1]);
795
                    }
796
                    if (preg_match('/email=([^\r\n]+)/', $output, $match)) {
797
                        $this->email = urldecode($match[1]);
798
                    }
799
                    if (preg_match('/distinguished_name=([^\r\n]+)/', $output, $match)) {
800
                        $this->distinguished_name = urldecode($match[1]);
801
                    }
802
                    if (preg_match('/eppn=([^\r\n]+)/', $output, $match)) {
803
                        $this->eppn = urldecode($match[1]);
804
                    }
805
                    if (preg_match('/eptid=([^\r\n]+)/', $output, $match)) {
806
                        $this->eptid = urldecode($match[1]);
807
                    }
808
                    if (preg_match('/open_id=([^\r\n]+)/', $output, $match)) {
809
                        $this->open_id = urldecode($match[1]);
810
                    }
811
                    if (preg_match('/oidc=([^\r\n]+)/', $output, $match)) {
812
                        $this->oidc = urldecode($match[1]);
813
                    }
814
                    if (preg_match('/affiliation=([^\r\n]+)/', $output, $match)) {
815
                        $this->affiliation = urldecode($match[1]);
816
                    }
817
                    if (preg_match('/ou=([^\r\n]+)/', $output, $match)) {
818
                        $this->ou = urldecode($match[1]);
819
                    }
820
                    if (preg_match('/attr_json=([^\r\n]+)/', $output, $match)) {
821
                        // Decode $attr_json into class members later
822
                        $attr_json = urldecode($match[1]);
823
                    }
824
                    if (preg_match('/serial_string=([^\r\n]+)/', $output, $match)) {
825
                        $this->serial_string = urldecode($match[1]);
826
                    }
827
                    if (preg_match('/create_time=([^\r\n]+)/', $output, $match)) {
828
                        $this->create_time = urldecode($match[1]);
829
                    }
830
                    if (preg_match('/oauth_token=([^\r\n]+)/', $output, $match)) {
831
                        $this->oauth_token = urldecode($match[1]);
832
                    }
833
                    if (preg_match('/cilogon_callback=([^\r\n]+)/', $output, $match)) {
834
                        $this->cilogon_callback = urldecode($match[1]);
835
                    }
836
                    if (preg_match('/cilogon_success=([^\r\n]+)/', $output, $match)) {
837
                        $this->cilogon_success = urldecode($match[1]);
838
                    }
839
                    if (preg_match('/cilogon_failure=([^\r\n]+)/', $output, $match)) {
840
                        $this->cilogon_failure = urldecode($match[1]);
841
                    }
842
                    if (preg_match('/cilogon_portal_name=([^\r\n]+)/', $output, $match)) {
843
                        $this->cilogon_portal_name = urldecode($match[1]);
844
                    }
845
                    if (preg_match('/two_factor=([^\r\n]+)/', $output, $match)) {
846
                        $this->two_factor = urldecode($match[1]);
847
                    }
848
                    if (preg_match_all('/idp_uid=([^\r\n]+)/', $output, $match)) {
849
                        foreach ($match[1] as $value) {
850
                            $this->idp_uids[] = urldecode($value);
851
                        }
852
                    }
853
                    if (preg_match('/client_name=([^\r\n]+)/', $output, $match)) {
854
                        $this->client_name = urldecode($match[1]);
855
                    }
856
                    if (preg_match('/client_id=([^\r\n]+)/', $output, $match)) {
857
                        $this->client_id = urldecode($match[1]);
858
                    }
859
                    if (preg_match('/client_home_uri=([^\r\n]+)/', $output, $match)) {
860
                        $this->client_home_uri = urldecode($match[1]);
861
                    }
862
                    if (preg_match('/client_callback_uris=([^\r\n]+)/', $output, $match)) {
863
                        $this->client_callback_uris = explode(urldecode($match[1]), ',');
864
                    }
865
                }
866
            }
867
            curl_close($ch);
868
        }
869
870
        // Convert $attr_json into array and extract elements into class members
871
        if (strlen($attr_json) > 0) {
872
            $attr_arr = json_decode($attr_json, true);
873
            if (!is_null($attr_arr)) {
874
                if (isset($attr_arr['member_of'])) {
875
                    $this->member_of = $attr_arr['member_of'];
876
                }
877
                if (isset($attr_arr['acr'])) {
878
                    $this->acr = $attr_arr['acr'];
879
                }
880
                if (isset($attr_arr['entitlement'])) {
881
                    $this->entitlement = $attr_arr['entitlement'];
882
                }
883
            }
884
        }
885
886
        return $success;
887
    }
888
889
    /**
890
     * dump
891
     *
892
     * This is a convenience method which prints out all of the
893
     * non-null / non-empty member variables to stdout.
894
     */
895
    public function dump()
896
    {
897
        if (!is_null($this->status)) {
898
            echo "status=$this->status (" .
899
            array_search($this->status, static::$STATUS) . ")\n";
900
        }
901
        if (!is_null($this->user_uid)) {
902
            echo "user_uid=$this->user_uid\n";
903
        }
904
        if (!is_null($this->remote_user)) {
905
            echo "remote_user=$this->remote_user\n";
906
        }
907
        if (!is_null($this->idp)) {
908
            echo "idp=$this->idp\n";
909
        }
910
        if (!is_null($this->idp_display_name)) {
911
            echo "idp_display_name=$this->idp_display_name\n";
912
        }
913
        if (!is_null($this->first_name)) {
914
            echo "first_name=$this->first_name\n";
915
        }
916
        if (!is_null($this->last_name)) {
917
            echo "last_name=$this->last_name\n";
918
        }
919
        if (!is_null($this->display_name)) {
920
            echo "display_name=$this->display_name\n";
921
        }
922
        if (!is_null($this->email)) {
923
            echo "email=$this->email\n";
924
        }
925
        if (!is_null($this->distinguished_name)) {
926
            echo "distinguished_name=$this->distinguished_name\n";
927
        }
928
        if (!is_null($this->eppn)) {
929
            echo "eppn=$this->eppn\n";
930
        }
931
        if (!is_null($this->eptid)) {
932
            echo "eptid=$this->eptid\n";
933
        }
934
        if (!is_null($this->open_id)) {
935
            echo "open_id=$this->open_id\n";
936
        }
937
        if (!is_null($this->oidc)) {
938
            echo "oidc=$this->oidc\n";
939
        }
940
        if (!is_null($this->affiliation)) {
941
            echo "affiliation=$this->affiliation\n";
942
        }
943
        if (!is_null($this->ou)) {
944
            echo "ou=$this->ou\n";
945
        }
946
        if (!is_null($this->member_of)) {
947
            echo "member_of=$this->member_of\n";
948
        }
949
        if (!is_null($this->acr)) {
950
            echo "acr=$this->acr\n";
951
        }
952
        if (!is_null($this->entitlement)) {
953
            echo "entitlement=$this->entitlement\n";
954
        }
955
        if (!is_null($this->serial_string)) {
956
            echo "serial_string=$this->serial_string\n";
957
        }
958
        if (!is_null($this->create_time)) {
959
            echo "create_time=$this->create_time\n";
960
        }
961
        if (!is_null($this->oauth_token)) {
962
            echo "oauth_token=$this->oauth_token\n";
963
        }
964
        if (!is_null($this->cilogon_callback)) {
965
            echo "cilogon_callback=$this->cilogon_callback\n";
966
        }
967
        if (!is_null($this->cilogon_success)) {
968
            echo "cilogon_success=$this->cilogon_success\n";
969
        }
970
        if (!is_null($this->cilogon_failure)) {
971
            echo "cilogon_failure=$this->cilogon_failure\n";
972
        }
973
        if (!is_null($this->cilogon_portal_name)) {
974
            echo "cilogon_portal_name=$this->cilogon_portal_name\n";
975
        }
976
        if (!is_null($this->two_factor)) {
977
            echo "two_factor=$this->two_factor\n";
978
        }
979
        if (count($this->idp_uids) > 0) {
980
            uasort($this->idp_uids, 'strcasecmp');
981
            echo "idp_uids={\n";
982
            foreach ($this->idp_uids as $value) {
983
                echo "    $value\n";
984
            }
985
            echo "}\n";
986
        }
987
        if (!is_null($this->client_name)) {
988
            echo "client_name=$this->client_name\n";
989
        }
990
        if (!is_null($this->client_id)) {
991
            echo "client_id=$this->client_id\n";
992
        }
993
        if (!is_null($this->client_home_uri)) {
994
            echo "client_home_uri=$this->client_home_uri\n";
995
        }
996
        if (count($this->client_callback_uris) > 0) {
997
            uasort($this->client_callback_uris, 'strcasecmp');
998
            echo "client_callback_uris={\n";
999
            foreach ($this->client_callback_uris as $value) {
1000
                echo "    $value\n";
1001
            }
1002
            echo "}\n";
1003
        }
1004
    }
1005
}
1006