public static function connectAccountToProfile($profileid, $id, $type, $name = null, $idptrace = array())
{
//Check if this user account is already connected to a profile
$user = SamlAuth::getUserByAccountValues($id, $type);
if ($user !== null) {
return;
}
$uaccount = new Default_Model_UserAccount();
$uaccount->researcherID = $profileid;
$uaccount->accountID = $id;
$uaccount->accountTypeID = $type;
$uaccount->accountName = $name;
$uaccount->IDPTrace = $idptrace;
$uaccount->save();
$try_count = 0;
while ($try_count < 10) {
$uaccounts = new Default_Model_UserAccounts();
$uaccounts->filter->id->equals($uaccount->id);
if (count($uaccounts->items) > 0) {
break;
}
$try_count += 1;
sleep(1);
}
}
public function postconnectAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$referer = trim($this->session->connectreferer);
if (trim($referer) === "") {
$referer = $_SERVER["HTTP_REFERER"];
$this->session->connectreferer = $referer;
}
if (trim($referer) === "") {
$referer = "https://" . $_SERVER["HTTP_HOST"];
}
//check if user is loggedin
if (isset($this->session->userid) === false || is_numeric($this->session->userid) === false || intval($this->session->userid) <= 0) {
header("Location: " . $referer);
return;
}
//Check if source is given
$source = trim($this->_getParam("source"));
if ($source == "") {
header("Location: https://" . $_SERVER["HTTP_HOST"]);
return;
}
$this->session->connectdaccountsource = $source;
$authsource = str_replace("-sp", "", strtolower(trim($source)));
$connectedsource = str_replace("-sp", "-connect", strtolower(trim($source)));
require_once SamlAuth::LIB_AUTOLOAD;
//Initialize SAML
$config = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php');
$t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-connect');
if (!in_array($connectedsource, $t->data['sources'])) {
header("Location: " . $referer);
return;
}
//SAML Authentication new user account for connection
$as = new SimpleSAML_Auth_Simple($connectedsource);
$attributes = $as->getAttributes();
$uid = $attributes['idp:uid'][0];
if (trim($uid) == "") {
$this->session->userError = array("title" => "New Account Connection", "message" => "Could not connect with new user account. Not enough information returned from account provider.");
$this->_helper->redirector('postconnected');
return;
}
//Check if user is already connected to the requested account
//If true redirect the user to the previous location (referer)
$uaccount = AccountConnect::isConnectedTo($this->session, $uid, $authsource);
if ($uaccount !== false) {
$this->_helper->redirector('postconnected');
return;
} else {
//Check if this account is already connected to another profile
$user = SamlAuth::getUserByAccountValues($uid, $authsource);
if ($user !== null && $user->id != $this->session->userid) {
$this->session->userError = array("title" => "Could not connect to " . str_replace("-", " ", $authsource) . " account", "message" => "The " . str_replace("-", " ", $authsource) . " account you tried to connect your profile to is already connected to another user profile.");
$this->_helper->redirector('postconnected');
return;
}
}
//Build account name for user account
$userFirstName = isset($attributes["idp:givenName"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:givenName"][0] : "";
$userLastName = isset($attributes["idp:sn"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:sn"][0] : "";
$userFullName = trim($userFirstName . " " . $userLastName);
$idptrace = isset($attributes["idp:traceidp"]) === true && count($attributes["idp:traceidp"]) > 0 ? $attributes["idp:traceidp"] : array();
if ($userFullName === "") {
$userFullName = null;
}
//Do the account connection
AccountConnect::connectAccountToProfile($this->session->userid, $uid, $authsource, $userFullName, $idptrace);
//Update connected user accounts
$this->session->currentUserAccounts = SamlAuth::getUserAccountsByUser($this->session->userid, true);
//redirect to post connected action to logout connected account
$this->_helper->redirector('postconnected');
}
