public function pre_process($person)
{
parent::pre_process($person);
$auth = AuthHandler::getAuthManager($this->person);
$this->discoPath = $auth->getDiscoPath();
/*
* Handle country AuthN redirect. Both can redirect, if they don't, show
* the map.
*/
$nren = NREN_Handler::getNREN($_SERVER['SERVER_NAME']);
if (!empty($nren)) {
$this->redirectToWAYF($nren);
$this->forwardToDisco($nren);
}
/* if not redirected, continue */
if (array_key_exists('country', $_GET)) {
$this->selected_country = htmlentities($_GET['country']);
$nren = NREN_Handler::getNREN($url, 1);
echo "redirecting to idp-part for " . $this->selected_country . ", stopping rendering of this page now\n";
exit(0);
}
/* textual view? */
if (array_key_exists('textual_view', $_GET)) {
if ($_GET['textual_view'] === "yes") {
$this->mapMode = false;
}
} else {
/* ok, show map */
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js', 'js/jquery-jvectormap-1.1.1.min.js', 'js/jquery-jvectormap-europe-mill-en.js'));
}
}
public function pre_process($person)
{
parent::pre_process($person);
if (!is_null($person)) {
AuthHandler::getAuthManager($this->person)->deAuthenticate(basename($_SERVER['SCRIPT_NAME']));
}
}
public function process()
{
if (!$this->person->isNRENAdmin()) {
$errorTag = PW::create();
Logger::logEvent(LOG_NOTICE, "NRENAdmin", "process()", "User " . stripslashes($this->person->getX509ValidCN()) . " tried to access the NREN-area", __LINE__, $errorTag);
$this->tpl->assign('reason', "[{$errorTag}] You are not an NREN-admin");
$this->tpl->assign('content', $this->tpl->fetch('restricted_access.tpl'));
return;
}
$this->tpl->assign('nrenName', $this->person->getNREN());
$this->tpl->assign('org_states', ConfusaConstants::$ORG_STATES);
/* Export the NREN UID key */
$map = $this->person->getNREN()->getMap();
$this->tpl->assign('nren_eppn_key', $map['eppn']);
if (isset($_GET['target'])) {
switch (Input::sanitize($_GET['target'])) {
case 'list':
/* get all info from database and publish to template */
$this->tpl->assign('subscriber_list', $this->getSubscribers());
$this->tpl->assign('self_subscriber', $this->person->getSubscriber()->getIdPName());
$this->tpl->assign('list_subscribers', true);
break;
case 'add':
$am = AuthHandler::getAuthManager($this->person);
$attributes = $am->getAttributes();
$nren = $this->person->getNREN();
if (isset($attributes[$map['epodn']])) {
$this->tpl->assign('foundUniqueName', $attributes[$map['epodn']][0]);
$this->tpl->assign('nrenOrgAttr', $map['epodn']);
}
if (isset($attributes[$map['eppn']])) {
$this->form_data['eppnAttr'] = $map['eppn'];
}
$this->tpl->assign('form_data', $this->form_data);
$this->tpl->assign('add_subscriber', true);
break;
default:
break;
}
} else {
/* get all info from database and publish to template */
$this->tpl->assign('subscriber_list', $this->getSubscribers());
$subscriber = $this->person->getSubscriber();
if (isset($subscriber)) {
$this->tpl->assign('self_subscriber', $subscriber);
} else {
$this->tpl->assign('self_subscriber', '');
Framework::error_output($this->translateTag('l10n_error_illegalattributemap', 'nrenadmin') . '<a href="attributes.php">' . $this->translateTag('item_attributes', 'menu') . '</a>.');
}
$this->tpl->assign('list_subscribers', true);
}
/* render page */
$this->tpl->assign('content', $this->tpl->fetch('nren_admin.tpl'));
}
/**
* Return the value for the key to an IdP attribute (if defined)
*
* @param attr_key string The key of the attribute
* @return string The value for the supplied attribute key
*/
private function handleAttrValueAJAX($attr_key)
{
if (empty($attr_key)) {
exit(0);
}
$auth = AuthHandler::getAuthManager($this->person);
$attr_value = @implode(", ", $auth->getAttributeValue($attr_key));
echo htmlentities("attribute={$attr_value}", ENT_COMPAT, "UTF-8");
exit(0);
}
/**
* @throws CGE_CriticalAttributeException If an attribute needed for the operation of Confusa is not found
* @throws MapNotFoundException If the NREN-map for the attributes is not found
*/
public function authenticate()
{
/* if login, trigger SAML-redirect first */
$auth = AuthHandler::getAuthManager($this->person);
$authRequired = $this->contentPage->is_protected() || isset($_GET['start_login']) && $_GET['start_login'] === 'yes';
$auth->authenticate($authRequired);
/* show a warning if the person does not have Confusa
* entitlement and ConfusaAdmin entitlement */
if ($this->person->isAuth()) {
if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_user')) == false) {
if ($this->person->testEntitlementAttribute(Config::get_config('entitlement_admin')) == false) {
$entitlement = Config::get_config('entitlement_namespace') . ":";
$entitlement .= Config::get_config('entitlement_user');
$msg = $this->contentPage->translateMessageTag('fw_error_entitlement_unset_1');
$msg .= "<br /><i>{$entitlement}</i><br /><br />";
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_2');
if (!is_null($this->person->getSubscriber())) {
$url = $this->person->getSubscriber()->getHelpURL();
$email = $this->person->getSubscriber()->getHelpEmail();
$msg .= "<br />\n";
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_3');
$msg .= '<br /><ul><li style="margin: 1em 0 0 2em">';
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_4');
$msg .= "<a href=\"mailto:{$email}\">{$email}</a></li>";
$msg .= '<li style="margin: 1em 0 0 2em">';
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_5');
$msg .= "<a href=\"{$url}\">{$url}</a></li>\n</ul><br />\n";
}
Framework::error_output($msg);
} else {
$entitlement = Config::get_config('entitlement_namespace') . ":";
$entitlement = Config::get_config('entitlement_user');
$msg = $this->contentPage->translateMessageTag('fw_error_entitlement_unset_1');
$msg .= "<br /><i>{$entitlement}</i><br /><br />";
$msg .= $this->contentPage->translateMessageTag('fw_error_entitlement_unset_6');
Framework::warning_output($msg);
}
}
} else {
/* maybe we can guess the NREN from the URL */
$this->person->setNREN(NREN_Handler::getNREN($_SERVER['SERVER_NAME']), 1);
}
/*
* Force reauthentication based on the settings if the session is too
* old */
if (Framework::$sensitive_action) {
$auth->reAuthenticate();
}
}
<?php
require_once '../confusa_include.php';
require_once 'AuthHandler.php';
require_once 'Person.php';
/* if nothing is sent via REST, close */
if (is_null($_SERVER['PATH_INFO'])) {
if (Config::get_config('debug')) {
echo "No path set!<br />\n";
}
exit(0);
}
/* valid session? */
$person = new Person();
$auth = AuthHandler::getAuthManager($person);
$auth->authenticate(true);
if (!$person->isAuth()) {
if (Config::get_config('debug')) {
echo "Client is not authenticated!<br />\n";
}
exit(0);
}
/* get path, explode and parse content. */
$path = $_SERVER['PATH_INFO'];
$res = explode("/", trim($path, "/"));
if (count($res) != 2) {
if (Config::get_config('debug')) {
echo "error with params!<br />\n";
exit(0);
}
}