public function logindevAction() { //Apply only in development enviroments if (ApplicationConfiguration::isEnviroment("production") === FALSE) { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $this->session->userid = isset($_GET["id"]) ? $_GET["id"] : NULL; $us = new Default_Model_Researchers(); $us->viewModerated = true; $us->filter->id->equals($this->session->userid); if (count($us->items) > 0) { $this->session->username = $us->items[0]->username; $this->session->fullName = $us->items[0]->name; $this->session->userRole = $us->items[0]->positionTypeID; $this->session->userCountryID = $us->items[0]->countryID; $this->session->userCountryName = $us->items[0]->country->name; $this->session->cname = $us->items[0]->cname; } else { $this->logoutAction(); } $this->view->session = $this->session; $this->view->entries = null; $users = new Default_Model_Researchers(); $users->viewModerated = true; $users->filter->id->equals($this->session->userid); if (count($users->items) > 0) { $user = $users->items[0]; setcookie("SimpleSAMLAuthToken", "09a4fcd92a07c008c2de0dcba1665580", 0, "/", null, true, true); //Create new user credentials $cred = new Default_Model_UserCredential(); $cred->researcherid = $this->session->userid; $cred->sessionid = session_id(); $cred->token = '09a4fcd92a07c008c2de0dcba1665580'; $cred->save(); $this->session->developsession = true; if ($user->deleted === true) { //Setup session variables in case of deleted profile $this->session->userDeleted = $user->deleted; if (isset($user->delInfo)) { $this->session->userDeletedById = $user->delInfo->deleter->id; $this->session->userDeletedByName = $user->delInfo->deleter->name; $this->session->userDeletedByCName = $user->delInfo->deleter->cname; $this->session->userDeletedOn = $user->delInfo->deletedOn; } else { $this->session->userDeletedById = null; $this->session->userDeletedByName = null; $this->session->userDeletedByCName = null; $this->session->userDeletedOn = null; } $this->_redirect('/saml/deletedprofile'); return; } else { //Get first user account and initialize saml session $uaccounts = new Default_Model_UserAccounts(); $uaccounts->filter->researcherid->equals($user->id); if (count($uaccounts->items) > 0) { $uaccount = $uaccounts->items[0]; SamlAuth::setupSamlSession($this->session, $uaccount, $user); } } } header('Location: https://' . $_SERVER['HTTP_HOST']); $this->session->userWarning = array("title" => "Development user", "message" => "You are currently signed in developer mode"); } }
public function isloggedinAction() { if (trim($_SERVER['REQUEST_METHOD']) === "GET") { if ($this->session->isLocked()) { $this->session->unLock(); } session_write_close(); } $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $res = "0"; header('Access-Control-Allow-Origin: *'); if ($this->session && isset($this->session->developsession) && $this->session->developsession === true) { if ($this->session->userid) { $res = "1"; } } if ($res === "0") { $source = SamlAuth::isAuthenticated(); } if ($source !== false) { $res = "1"; if (isset($_GET['profile']) && $_GET['profile'] === 'attributes' && $this->isAllowedProfileDataDomain()) { header('Content-type: application/json'); $attrs = $source->getAttributes(); if ($attrs && count($attrs) > 0) { $sourceIdentifier = false; $uid = false; $userAccount = false; try { if (isset($attrs['idp:sourceIdentifier']) && count($attrs['idp:sourceIdentifier']) === 1) { $sourceIdentifier = $attrs['idp:sourceIdentifier'][0]; $sourceIdentifier = str_replace('-sp', '', $sourceIdentifier); } if (isset($attrs['idp:uid']) && count($attrs['idp:uid']) === 1) { $uid = $attrs['idp:uid'][0]; } if ($sourceIdentifier && $uid) { $userAccount = SamlAuth::getUserAccount($uid, $sourceIdentifier); } if ($userAccount) { $attrs['entitlements'] = array('vo' => array('memberships' => VoAdmin::getUserMembership($userAccount->researcherid))); } } catch (Exception $ex) { } } echo json_encode($attrs); return; } } echo $res; }
public static function submitPendingConnectionCode($session, $code) { if (self::isValid($session) === false) { return false; } $uid = trim($session->authUid); $source = str_replace("-sp", "", trim($session->authSource)); $paccount = self::getPendingConnection($uid, $source); if (!$paccount) { return false; } if (trim($paccount->code) !== trim($code)) { return false; } $paccount->resolved = true; $paccount->resolvedOn = 'NOW()'; $paccount->save(); self::connectAccountToProfile($paccount->researcherid, $paccount->accountID, $paccount->accountType, $paccount->accountName, $session->idptrace); unset($session->isNewUser); unset($session->accountStatus); unset($session->accountPendingId); unset($session->accountPendingProfileId); unset($session->accountPendingProfileName); SamlAuth::setupSamlAuth($session); return true; }
public function indexAction() { trackPage('/'); if (isset($_COOKIE['rememberme']) && $this->session->userid === null) { //save permaLink in order to handle it after login if (array_key_exists('p', $_GET)) { $this->session->permaLink = $_GET['p']; } if (APPLICATION_ENV == "production") { header('Location: https://' . $_SERVER['HTTP_HOST'] . '/users/login'); } else { header('Location: http://' . $_SERVER['HTTP_HOST'] . '/users/logindev2'); } return; } /* * Check if user is signed in from a different service or browser tab. */ if ($this->session->isLocked()) { $this->session->unLock(); } if ($this->session !== null && $this->session->developsession === true) { //do nothing. It's local development instance where no SImpleSaml installed } else { $auth = SamlAuth::isAuthenticated(); if ($auth === false) { //if logged in but not authdicated the clear session if (isset($this->session->userid) && is_numeric($this->session->userid)) { SamlAuth::logout($this->session); $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); header('Location: http://' . $_SERVER["HTTP_HOST"]); return; } } else { if (isset($this->session) === false || isset($this->session->userid) === false || is_numeric($this->session->userid) === false) { //if authenticated but not logged in setup user session $this->session = new Zend_Session_Namespace('default'); $attributes = $auth->getAttributes(); $uid = $attributes['idp:uid'][0]; $_SESSION['identity'] = $uid; $_SESSION['logouturl'] = $auth->getLogoutURL(); $this->session->samlattrs = $attributes; $this->session->samlauthsource = isset($attributes["idp:sourceIdentifier"]) ? $attributes["idp:sourceIdentifier"][0] : ""; SamlAuth::setupSamlAuth($this->session); if ($this->session->isNewUser === true) { header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/newaccount'); return; } //Check and redirect if user account is blocked if ($this->session->accountStatus === "blocked") { header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/blockedaccount'); return; } //Check and redirect if user is deleted if ($this->session->userDeleted === true) { header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/deletedprofile'); return; } } } } $this->session->appCriteria = null; $this->session->pplCriteria = null; $this->session->certLogin = false; $this->view->username = $this->session->username; if ($this->session->userid !== null) { $ppl = new Default_Model_Researchers(); $ppl->filter->id->equals($this->session->userid); $user = $ppl->items[0]; $this->view->user = $user; /* Get count of user requests */ $urs = new Default_Model_UserRequests(); $s2 = new Default_Model_PermissionsFilter(); $s2->actor->equals($this->session->userguid); $s3 = new Default_Model_UserRequestStatesFilter(); $s3->name->equals("submitted"); $urs->filter->chain($s2->chain($s3, "AND"), "AND"); $reqsitems = $urs->items; $uritems = array_merge($reqsitems); //Fetch user requests for NILs if (userIsAdminOrManager($this->session->userid) === false && userIsNIL($this->session->userid) === true) { $nilusers = new Default_Model_UserRequests(); $s1 = new Default_Model_UserRequestTypesFilter(); $s1->id->numequals(3); $s2 = new Default_Model_ResearchersFilter(); $s2->countryid->equals($this->session->userCountryID); $s3 = new Default_Model_UserRequestStatesFilter(); $s3->name->equals("submitted"); $s4 = new Default_Model_ActorGroupsFilter(); $s4->id->numequals(-3); $nilusers->filter->chain($s1->chain($s2->chain($s3->chain($s4, "AND"), "AND"), "AND"), "AND"); if (count($nilusers->items) > 0) { $uritems = array_merge($uritems, $nilusers->items); $uritems = array_filter($uritems, 'uniqueDBObjectFilter'); } } $this->view->userRequests = count($uritems); } $p = ''; if ($this->session->permaLink != '') { $p = $this->session->permaLink; $this->session->permaLink = ''; } elseif (array_key_exists('p', $_GET)) { $p = $_GET["p"]; } else { //TODO : needs review $p = $_SERVER["QUERY_STRING"]; $pos = strpos($p, "p="); if ($pos === false) { $p = ''; } else { $p = substr($p, 2, strlen($p) - 2); } } if ($p != "") { if ($p == "reports") { $this->view->permaLink = $p; } elseif ($p == "brokenlinks") { $this->view->permaLink = $p; } elseif (substr($p, 0, 6) == "about:") { $this->view->permaLink = $p; } elseif (substr($p, 0, 5) == "apps:") { $this->view->permaLink = $p; } elseif (substr($p, 0, 7) == "people:") { $this->view->permaLink = $p; } else { $pp = base64_decode($p); $pp = mb_convert_encoding($pp, 'UTF-8'); $this->view->permaLink = $pp; } } }