public function logindevAction()
{
//Apply only in development enviroments
if (ApplicationConfiguration::isEnviroment("production") === FALSE) {
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$this->session->userid = isset($_GET["id"]) ? $_GET["id"] : NULL;
$us = new Default_Model_Researchers();
$us->viewModerated = true;
$us->filter->id->equals($this->session->userid);
if (count($us->items) > 0) {
$this->session->username = $us->items[0]->username;
$this->session->fullName = $us->items[0]->name;
$this->session->userRole = $us->items[0]->positionTypeID;
$this->session->userCountryID = $us->items[0]->countryID;
$this->session->userCountryName = $us->items[0]->country->name;
$this->session->cname = $us->items[0]->cname;
} else {
$this->logoutAction();
}
$this->view->session = $this->session;
$this->view->entries = null;
$users = new Default_Model_Researchers();
$users->viewModerated = true;
$users->filter->id->equals($this->session->userid);
if (count($users->items) > 0) {
$user = $users->items[0];
setcookie("SimpleSAMLAuthToken", "09a4fcd92a07c008c2de0dcba1665580", 0, "/", null, true, true);
//Create new user credentials
$cred = new Default_Model_UserCredential();
$cred->researcherid = $this->session->userid;
$cred->sessionid = session_id();
$cred->token = '09a4fcd92a07c008c2de0dcba1665580';
$cred->save();
$this->session->developsession = true;
if ($user->deleted === true) {
//Setup session variables in case of deleted profile
$this->session->userDeleted = $user->deleted;
if (isset($user->delInfo)) {
$this->session->userDeletedById = $user->delInfo->deleter->id;
$this->session->userDeletedByName = $user->delInfo->deleter->name;
$this->session->userDeletedByCName = $user->delInfo->deleter->cname;
$this->session->userDeletedOn = $user->delInfo->deletedOn;
} else {
$this->session->userDeletedById = null;
$this->session->userDeletedByName = null;
$this->session->userDeletedByCName = null;
$this->session->userDeletedOn = null;
}
$this->_redirect('/saml/deletedprofile');
return;
} else {
//Get first user account and initialize saml session
$uaccounts = new Default_Model_UserAccounts();
$uaccounts->filter->researcherid->equals($user->id);
if (count($uaccounts->items) > 0) {
$uaccount = $uaccounts->items[0];
SamlAuth::setupSamlSession($this->session, $uaccount, $user);
}
}
}
header('Location: https://' . $_SERVER['HTTP_HOST']);
$this->session->userWarning = array("title" => "Development user", "message" => "You are currently signed in developer mode");
}
}
public function isloggedinAction()
{
if (trim($_SERVER['REQUEST_METHOD']) === "GET") {
if ($this->session->isLocked()) {
$this->session->unLock();
}
session_write_close();
}
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$res = "0";
header('Access-Control-Allow-Origin: *');
if ($this->session && isset($this->session->developsession) && $this->session->developsession === true) {
if ($this->session->userid) {
$res = "1";
}
}
if ($res === "0") {
$source = SamlAuth::isAuthenticated();
}
if ($source !== false) {
$res = "1";
if (isset($_GET['profile']) && $_GET['profile'] === 'attributes' && $this->isAllowedProfileDataDomain()) {
header('Content-type: application/json');
$attrs = $source->getAttributes();
if ($attrs && count($attrs) > 0) {
$sourceIdentifier = false;
$uid = false;
$userAccount = false;
try {
if (isset($attrs['idp:sourceIdentifier']) && count($attrs['idp:sourceIdentifier']) === 1) {
$sourceIdentifier = $attrs['idp:sourceIdentifier'][0];
$sourceIdentifier = str_replace('-sp', '', $sourceIdentifier);
}
if (isset($attrs['idp:uid']) && count($attrs['idp:uid']) === 1) {
$uid = $attrs['idp:uid'][0];
}
if ($sourceIdentifier && $uid) {
$userAccount = SamlAuth::getUserAccount($uid, $sourceIdentifier);
}
if ($userAccount) {
$attrs['entitlements'] = array('vo' => array('memberships' => VoAdmin::getUserMembership($userAccount->researcherid)));
}
} catch (Exception $ex) {
}
}
echo json_encode($attrs);
return;
}
}
echo $res;
}
public static function submitPendingConnectionCode($session, $code)
{
if (self::isValid($session) === false) {
return false;
}
$uid = trim($session->authUid);
$source = str_replace("-sp", "", trim($session->authSource));
$paccount = self::getPendingConnection($uid, $source);
if (!$paccount) {
return false;
}
if (trim($paccount->code) !== trim($code)) {
return false;
}
$paccount->resolved = true;
$paccount->resolvedOn = 'NOW()';
$paccount->save();
self::connectAccountToProfile($paccount->researcherid, $paccount->accountID, $paccount->accountType, $paccount->accountName, $session->idptrace);
unset($session->isNewUser);
unset($session->accountStatus);
unset($session->accountPendingId);
unset($session->accountPendingProfileId);
unset($session->accountPendingProfileName);
SamlAuth::setupSamlAuth($session);
return true;
}
public function indexAction()
{
trackPage('/');
if (isset($_COOKIE['rememberme']) && $this->session->userid === null) {
//save permaLink in order to handle it after login
if (array_key_exists('p', $_GET)) {
$this->session->permaLink = $_GET['p'];
}
if (APPLICATION_ENV == "production") {
header('Location: https://' . $_SERVER['HTTP_HOST'] . '/users/login');
} else {
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/users/logindev2');
}
return;
}
/*
* Check if user is signed in from a different service or browser tab.
*/
if ($this->session->isLocked()) {
$this->session->unLock();
}
if ($this->session !== null && $this->session->developsession === true) {
//do nothing. It's local development instance where no SImpleSaml installed
} else {
$auth = SamlAuth::isAuthenticated();
if ($auth === false) {
//if logged in but not authdicated the clear session
if (isset($this->session->userid) && is_numeric($this->session->userid)) {
SamlAuth::logout($this->session);
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
header('Location: http://' . $_SERVER["HTTP_HOST"]);
return;
}
} else {
if (isset($this->session) === false || isset($this->session->userid) === false || is_numeric($this->session->userid) === false) {
//if authenticated but not logged in setup user session
$this->session = new Zend_Session_Namespace('default');
$attributes = $auth->getAttributes();
$uid = $attributes['idp:uid'][0];
$_SESSION['identity'] = $uid;
$_SESSION['logouturl'] = $auth->getLogoutURL();
$this->session->samlattrs = $attributes;
$this->session->samlauthsource = isset($attributes["idp:sourceIdentifier"]) ? $attributes["idp:sourceIdentifier"][0] : "";
SamlAuth::setupSamlAuth($this->session);
if ($this->session->isNewUser === true) {
header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/newaccount');
return;
}
//Check and redirect if user account is blocked
if ($this->session->accountStatus === "blocked") {
header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/blockedaccount');
return;
}
//Check and redirect if user is deleted
if ($this->session->userDeleted === true) {
header('Location: https://' . $_SERVER['HTTP_HOST'] . '/saml/deletedprofile');
return;
}
}
}
}
$this->session->appCriteria = null;
$this->session->pplCriteria = null;
$this->session->certLogin = false;
$this->view->username = $this->session->username;
if ($this->session->userid !== null) {
$ppl = new Default_Model_Researchers();
$ppl->filter->id->equals($this->session->userid);
$user = $ppl->items[0];
$this->view->user = $user;
/* Get count of user requests */
$urs = new Default_Model_UserRequests();
$s2 = new Default_Model_PermissionsFilter();
$s2->actor->equals($this->session->userguid);
$s3 = new Default_Model_UserRequestStatesFilter();
$s3->name->equals("submitted");
$urs->filter->chain($s2->chain($s3, "AND"), "AND");
$reqsitems = $urs->items;
$uritems = array_merge($reqsitems);
//Fetch user requests for NILs
if (userIsAdminOrManager($this->session->userid) === false && userIsNIL($this->session->userid) === true) {
$nilusers = new Default_Model_UserRequests();
$s1 = new Default_Model_UserRequestTypesFilter();
$s1->id->numequals(3);
$s2 = new Default_Model_ResearchersFilter();
$s2->countryid->equals($this->session->userCountryID);
$s3 = new Default_Model_UserRequestStatesFilter();
$s3->name->equals("submitted");
$s4 = new Default_Model_ActorGroupsFilter();
$s4->id->numequals(-3);
$nilusers->filter->chain($s1->chain($s2->chain($s3->chain($s4, "AND"), "AND"), "AND"), "AND");
if (count($nilusers->items) > 0) {
$uritems = array_merge($uritems, $nilusers->items);
$uritems = array_filter($uritems, 'uniqueDBObjectFilter');
}
}
$this->view->userRequests = count($uritems);
}
$p = '';
if ($this->session->permaLink != '') {
$p = $this->session->permaLink;
$this->session->permaLink = '';
} elseif (array_key_exists('p', $_GET)) {
$p = $_GET["p"];
} else {
//TODO : needs review
$p = $_SERVER["QUERY_STRING"];
$pos = strpos($p, "p=");
if ($pos === false) {
$p = '';
} else {
$p = substr($p, 2, strlen($p) - 2);
}
}
if ($p != "") {
if ($p == "reports") {
$this->view->permaLink = $p;
} elseif ($p == "brokenlinks") {
$this->view->permaLink = $p;
} elseif (substr($p, 0, 6) == "about:") {
$this->view->permaLink = $p;
} elseif (substr($p, 0, 5) == "apps:") {
$this->view->permaLink = $p;
} elseif (substr($p, 0, 7) == "people:") {
$this->view->permaLink = $p;
} else {
$pp = base64_decode($p);
$pp = mb_convert_encoding($pp, 'UTF-8');
$this->view->permaLink = $pp;
}
}
}
