public static function isSignatureValid(sspmod_janus_REST_Request $request) { if (is_null($request->getKey())) { return false; } $config = sspmod_janus_DiContainer::getInstance()->getConfig(); $user = new sspmod_janus_User(); $user->setUserid($request->getKey()); if (!$user->load(sspmod_janus_User::USERID_LOAD)) { return false; } sspmod_janus_DiContainer::preAuthenticate($user->getUserid(), 'RESTv1'); $shared_secret = $user->getSecret(); $data = $request->getRequestVars(); // Sort params ksort($data); $concat_string = ''; // Concat all params with values foreach ($data as $key => $value) { $concat_string .= $key . $value; } // Prepend shared secret $prepend_secret = $shared_secret . $concat_string; // Hash the string to the signature $calculated_signature = hash('sha512', $prepend_secret); return $request->getSignature() == $calculated_signature; }
protected function _loadEntityMetadata($entityId) { $janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig(); $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); $entityController->setEntity($entityId); $entityController->loadEntity(); $this->_entityMetadata = $entityController->getMetaArray(); }
protected function _loadEntity($entityId) { $janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig(); $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); $entityController->setEntity($entityId); $entityController->loadEntity(); $this->_entityController = $entityController; return $entityController ? true : false; }
public function validate() { $entityType = $this->_entityController->getEntity()->getType(); $config = sspmod_janus_DiContainer::getInstance()->getConfig(); if ($entityType == 'saml20-idp') { $idpMetadataConfig = $this->_loadExpandedMetadataConfig($config->getArray('metadatafields.saml20-idp')); $this->_validate($idpMetadataConfig); } else { if ($entityType == 'saml20-sp') { $spMetadataConfig = $this->_loadExpandedMetadataConfig($config->getArray('metadatafields.saml20-sp')); $this->_validate($spMetadataConfig); } else { $_errors[] = 'Unknown Entity Type'; } } }
protected function _loadEntityCertificate($entityId) { $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); $entityController->setEntity($entityId); $entityController->loadEntity(); try { $certificate = $entityController->getCertificate(); } catch (Exception $e) { $this->_response->Errors[] = "Certificate data invalid!"; return false; } if (!$certificate) { $this->_response->Warnings[] = "No certificate data for this entity"; return false; } $this->_certificate = $certificate; return true; }
function addRevisionCompare(SimpleSAML_XHTML_Template $et, $eid) { $connectionService = sspmod_janus_DiContainer::getInstance()->getConnectionService(); $serializer = sspmod_janus_DiContainer::getInstance()->getSerializerBuilder(); $latestRevisionNr = 0; $revisions = $connectionService->findRevisionsByEid($eid, history_limit(), history_offset()); $revisionsData = array(); foreach ($revisions as $revision) { $json = $serializer->serialize($revision, 'json', SerializationContext::create()->setGroups(array('compare'))); // we need to sanitize the JSON otherwise the compare display breaks $json = str_replace(array('\\n', '\\r', '\\t', '\\x09'), '', $json); $revisionsData[] = array('revision' => $revision, 'json' => $json); $latestRevisionNr = $revision->getRevisionNr() > $latestRevisionNr ? $revision->getRevisionNr() : $latestRevisionNr; } if (history_offset() > 0) { $et->data['history_prev_offset'] = history_prev(); } if (count($revisions) === history_limit()) { $et->data['history_next_offset'] = history_next(); } $et->data['revisions'] = $revisionsData; $et->data['latestRevisionNbr'] = $latestRevisionNr; }
protected function _isExecuteRequired($cronTag) { $janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig(); $cronTags = $janusConfig->getArray(self::CONFIG_WITH_TAGS_TO_RUN_ON, array()); if (!in_array($cronTag, $cronTags)) { return false; // Nothing to do: it's not our time } return true; }
/** * Tries to load Pretty name from cache. * * @param string $fieldname * @return array|bool */ private function loadPrettyNameFromCache($fieldname) { $cacheProvider = sspmod_janus_DiContainer::getInstance()->getCacheProvider(); $id = $this->_id; $eid = $this->_eid; $revisionId = $this->_revisionid; // Try to get result from cache $cacheKey = 'entity-prettyname' . $eid . '-' . $revisionId; $cachedResult = $cacheProvider->fetch($cacheKey); if ($cachedResult !== false) { return $cachedResult; } $rows = $this->_loadPrettyNameFromDatabase($id, $fieldname); if (!is_array($rows)) { return false; } // Store entity pretty nane in cache, note that this does not have to be flushed since a new revision // will trigger a new version of the cache anyway $cacheProvider->save($cacheKey, $rows); return $rows; }
/** * Creates a new administrator utility. * * @since Method available since Release 1.0.0 */ public function __construct() { $this->_config = sspmod_janus_DiContainer::getInstance()->getConfig(); }
<?php /** @var $this SimpleSAML_XHTML_Template */ $csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider(); $this->data['jquery'] = array('version' => '1.6', 'core' => TRUE, 'ui' => TRUE, 'css' => TRUE); $this->data['head'] = '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/style.css" />' . "\n"; $this->data['head'] = '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/import.css" />' . "\n"; $this->includeAtTemplateBase('includes/header.php'); if (isset($this->data['message']) && substr($this->data['message'], 0, 5) === 'error') { ?> <h2 class="editentity_error"><?php echo $this->t('error_header'); ?> </h2> <p><?php echo $this->t($this->data['message']); ?> </p> <?php } ?> <hr> <?php if ($this->data['update']) { ?> <h3><?php echo $this->t('text_apply_following_changes'); ?> </h3> <div id="changes">
/** * Does the Identity Provider allow a particular connection? * * @static * @param string sspmod_janus_Entity $sp Service Provider to check for * @param string sspmod_janus_Entity $idp Identity Provider to check against * @return bool Is the connection allowed? */ protected static function _checkIdPMetadataIsConnectionAllowed(sspmod_janus_Entity $sp, sspmod_janus_Entity $idp) { $idpController = sspmod_janus_DiContainer::getInstance()->getEntityController(); $idpController->setEntity($idp); $spEid = $sp->getEid(); if ($idpController->getAllowedAll() === "yes") { return true; } $allowedSps = $idpController->getAllowedEntities(); if (count($allowedSps) > 0 && array_key_exists($spEid, $allowedSps)) { return true; } $blockedSps = $idpController->getBlockedEntities(); if (count($blockedSps) > 0 && !array_key_exists($spEid, $blockedSps)) { return true; } return false; }
<?php use Symfony\Component\HttpFoundation\Request; // If you don't want to setup permissions the proper way, just uncomment the following PHP line // read http://symfony.com/doc/current/book/installation.html#configuration-and-setup for more information //umask(0000); // This check prevents access to debug front controllers that are deployed by accident to production servers. // Feel free to remove this, extend it, or make something more sophisticated. // Custom: require Vhost to state that this can be used by setting: // SetEnv SFDEV 1 if (!getenv('SFDEV')) { header('HTTP/1.0 403 Forbidden'); exit('You are not allowed to access this file. Check ' . basename(__FILE__) . ' for more information.'); } $loader = (require_once __DIR__ . '/../app/autoload.php'); require_once __DIR__ . '/../app/AppKernel.php'; // Also load the SSP autoloader to support SSP login (see Janus/ServiceRegistry/Security/) require_once __DIR__ . '/../../../vendor/autoload.php'; $kernel = new AppKernel('dev', true); sspmod_janus_DiContainer::registerAppKernel($kernel); Request::enableHttpMethodParameterOverride(); $request = Request::createFromGlobals(); /** @var \Symfony\Component\HttpFoundation\Response $response */ $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
private static function getMetadata($eid, $revision, $type = null, array $option = null) { assert('ctype_digit($eid)'); assert('ctype_digit($revision)'); $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); if (!($entity = $entityController->setEntity($eid, $revision))) { self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revision); return false; } $metadata_raw = $entityController->getMetadata(); // Get metadata fields $nm_mb = new sspmod_janus_MetadataFieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType())); $metadatafields_required = $nm_mb->getMetadataFields(); // Get required metadata fields $required = array(); foreach ($metadatafields_required as $mf) { if (isset($mf->required) && $mf->required === true) { $required[] = $mf->name; } } // Get metadata to me tested $metadata = array(); foreach ($metadata_raw as $k => $v) { // Metadata field not defined if (!isset($metadatafields_required[$v->getKey()])) { continue; } // Value not set for metadata if (is_string($v->getValue()) && $v->getValue() == '') { continue; } // Compute is the default values is allowed $default_allow = false; if (isset($metadatafields_required[$v->getKey()]->default_allow) && is_bool($metadatafields_required[$v->getKey()]->default_allow)) { $default_allow = $metadatafields_required[$v->getKey()]->default_allow; } /* * Do not include metadata if value is set to default and default * is not allowed. */ if (!$default_allow && (isset($metadatafields_required[$v->getKey()]->default) && $v->getValue() == $metadatafields_required[$v->getKey()]->default)) { continue; } $metadata[] = $v->getKey(); } // Compute missing metadata that is required $missing_required = array_diff($required, $metadata); $entityId = $entity->getEntityid(); if (!empty($missing_required)) { SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityId); self::$_error = $missing_required; return false; } try { $metaArray = $entityController->getMetaArray(); $metaArray['eid'] = $eid; $blockedEntities = $entityController->getBlockedEntities(); $allowedEntities = $entityController->getAllowedEntities(); $disabledConsent = $entityController->getDisableConsent(); $metaFlat = '// Revision: ' . $entity->getRevisionid() . "\n"; $metaFlat .= var_export($entityId, TRUE) . ' => ' . var_export($metaArray, TRUE) . ','; // Add authproc filter to block blocked entities if (!empty($blockedEntities) || !empty($allowedEntities)) { $metaFlat = substr($metaFlat, 0, -2); if (!empty($allowedEntities)) { $metaFlat .= " 'allowed' => array(\n"; $metaArray['allowed'] = array(); foreach ($allowedEntities as $allowedEntity) { $metaFlat .= " '" . $allowedEntity['remoteentityid'] . "',\n"; $metaArray['allowed'][] = $allowedEntity['remoteentityid']; } $metaFlat .= " ),\n"; } if (!empty($blockedEntities)) { $metaFlat .= " 'blocked' => array(\n"; $metaArray['blocked'] = array(); foreach ($blockedEntities as $blockedEntity) { $metaFlat .= " '" . $blockedEntity['remoteentityid'] . "',\n"; $metaArray['blocked'][] = $blockedEntity['remoteentityid']; } $metaFlat .= " ),\n"; } $metaFlat .= '),'; } // Add disable consent if (!empty($disabledConsent)) { $metaFlat = substr($metaFlat, 0, -2); $metaFlat .= " 'consent.disable' => array(\n"; foreach ($disabledConsent as $key => $value) { $metaFlat .= " '" . $key . "',\n"; } $metaFlat .= " ),\n"; $metaFlat .= '),'; } $maxCache = isset($option['maxCache']) ? $option['maxCache'] : null; $maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null; try { $metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId, $maxCache, $maxDuration); $metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray); } catch (Exception $e) { SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityId . ' - Error generating XML metadata - ' . var_export($e, true)); self::$_error = array('Error generating XML metadata - ' . $e->getMessage()); return false; } // Add organization info if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) { $metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL'])); } // Add contact info if (!empty($metaArray['contact'])) { $metaBuilder->addContact('technical', $metaArray['contact']); } switch ($type) { case self::XML: return $metaBuilder->getEntityDescriptor(); case self::XMLREADABLE: return $metaBuilder->getEntityDescriptorText(); case self::PHPARRAY: return $metaArray; case self::FLATFILE: default: return $metaFlat; } } catch (Exception $exception) { $session = SimpleSAML_Session::getInstance(); SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception); return false; } }
<?php /* * Generate metadata * * @author Jacob Christiansen, <*****@*****.**> * @package SimpleSAMLphp * @subpackeage JANUS */ require __DIR__ . '/_includes.php'; /* Load simpleSAMLphp, configuration and metadata */ $session = SimpleSAML_Session::getSessionFromRequest(); $config = SimpleSAML_Configuration::getInstance(); $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $authsource = $janus_config->getValue('auth', 'login-admin'); $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName'); $as = new SimpleSAML_Auth_Simple($authsource); if ($as->isAuthenticated()) { $attributes = $as->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { $session->setData('string', 'refURL', SimpleSAML_Utilities::selfURL()); SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php')); } if (isset($_GET['eid'])) { $eid = $_GET['eid']; } else {
/** * Create new entity with parsed entityid * * Create a new entity and give the user access to the entity. * * @param string $entityid Entity id for the new entity * @param string $type Entity type * @param string $metadataUrl The -optional- metadata url for the new entity * * @return sspmod_janus_Entity|bool Returns the entity or false on error. * @since Method available since Release 1.0.0 */ public function createNewEntity($entityid, $type, $metadataUrl = null) { assert('is_string($entityid)'); assert('is_string($type)'); if ($this->isEntityIdInUse($entityid, $errorMessage)) { return $errorMessage; } $startstate = $this->_config->getString('workflowstate.default'); // Instantiate a new entity $entity = new sspmod_janus_Entity($this->_config, true); $entity->setEntityid($entityid); $entity->setWorkflow($startstate); $entity->setType($type); $entity->setUser($this->_user->getUid()); $entity->setRevisionnote('Entity created.'); if ($metadataUrl) { $entity->setMetadataURL($metadataUrl); } $entity->save(array()); $adminUtil = new sspmod_janus_AdminUtil(); $adminUtil->addUserToEntity($entity->getEid(), $this->_user->getUid()); $ec = sspmod_janus_DiContainer::getInstance()->getEntityController(); $ec->setEntity($entity); $update = false; // Get metadatafields for new type $nm_mb = new sspmod_janus_MetadataFieldBuilder($this->_config->getArray('metadatafields.' . $type)); $metadatafields = $nm_mb->getMetadataFields(); // Add all required fileds foreach ($metadatafields as $mf) { if (isset($mf->required) && $mf->required === true) { $ec->addMetadata($mf->name, $mf->default); $update = true; } } if ($update === true) { $ec->saveEntity(); } // Reset list of entities $this->_entities = null; $this->_loadEntities(); return $entity->getEid(); }
/** * @param array $types * @throws InvalidArgumentException */ private function validateUserTypes(array $types) { $config = sspmod_janus_DiContainer::getInstance()->getConfig(); $allowedTypes = $config->getArray('usertypes'); foreach ($types as $type) { if (!in_array($type, $allowedTypes)) { throw new \InvalidArgumentException("User Type '{$type}' is not allowed"); } } }
/** * Returns prefix for tables * * @return string */ public function getTablePrefix() { static $tablePrefix; if (!$tablePrefix) { $tablePrefix = sspmod_janus_DiContainer::getInstance()->getSymfonyContainer()->getParameter('database_prefix'); } return $tablePrefix; }
$redirectToImport = true; function convert_stdobject_to_array($object) { $object = (array) $object; foreach ($object as $key => $value) { if (is_array($value) || is_object($value) && get_class($value) === 'stdClass') { $object[$key] = convert_stdobject_to_array($value); } } return $object; } try { $metaStdClass = json_decode($_POST['meta_json']); if ($metaStdClass) { $metaArray = convert_stdobject_to_array($metaStdClass); $converter = sspmod_janus_DiContainer::getInstance()->getMetaDataConverter(); $metaArray = $converter->execute($metaArray); if ($metaArray['entityid'] === $entityController->getEntity()->getEntityid()) { $redirectToImport = true; $session->setData('string', 'import_type', 'json'); $session->setData('string', 'import', $_POST['meta_json']); } else { $msg = 'error_metadata_wrong_entity'; } } else { $msg = 'error_not_valid_json'; } } catch (Exception $e) { $msg = 'error_metadata_not_parsed'; } }
/** * Get disabled consent from database * * @return bool True on success and false on error */ private function _loadDisableConsent() { $eid = $this->_entity->getEid(); $revisionId = $this->_entity->getRevisionid(); $cacheProvider = sspmod_janus_DiContainer::getInstance()->getCacheProvider(); // Try to get result from cache $cacheKey = 'entity-disableconsent-' . $eid . '-' . $revisionId; $cachedResult = $cacheProvider->fetch($cacheKey); if ($cachedResult !== false) { $this->_disableConsent = $cachedResult; return true; } $st = $this->execute('SELECT DC.*, CONNECTION.name AS remoteentityid FROM ' . $this->getTablePrefix() . 'disableConsent AS DC INNER JOIN ' . $this->getTablePrefix() . 'connection AS CONNECTION ON CONNECTION.id = DC.remoteeid WHERE DC.`connectionRevisionId` = ?;', array($this->_entity->getId())); if ($st === false) { return false; } $row = $st->fetchAll(PDO::FETCH_ASSOC); $this->_disableConsent = array(); foreach ($row as $data) { $this->_disableConsent[$data['remoteentityid']] = $data; } // Store disable consent in cache, note that this does not have to be flushed since a new revision // will trigger a new version of the cache anyway $cacheProvider->save($cacheKey, $this->_disableConsent); return true; }
exit; } $et->data['update'] = $update; $newMetadata = $entityController->getMetaArray(); unset($newMetadata['attributes']); $newMetadata = $converter->execute($newMetadata); $et->data['new'] = $newMetadata; $et->data['newArp'] = $entityController->getArpAttributes(); $et->data['newAcl'] = array('AllowedAll' => $entityController->getAllowedAll(), 'Allowed' => array_map(function ($allowedEntity) use($janusConfig) { // @todo this is very inefficient for large sets $controller = sspmod_janus_DiContainer::getInstance()->getEntityController(); $controller->setEntity($allowedEntity['remoteeid']); return $controller->getEntity()->getPrettyname(); }, $entityController->getAllowedEntities()), 'Blocked' => array_map(function ($blockedEntity) use($janusConfig) { // @todo this is very inefficient for large sets $controller = sspmod_janus_DiContainer::getInstance()->getEntityController(); $controller->setEntity($blockedEntity['remoteeid']); return $controller->getEntity()->getPrettyname(); }, $entityController->getBlockedEntities())); $et->data['changes'] = janus_array_diff_recursive($newMetadata, $oldMetadata); $et->data['arpChanges'] = janus_array_diff_recursive($et->data['newArp'], $et->data['oldArp']); $et->data['header'] = 'JANUS'; $et->data['message'] = $msg; $et->show(); function janus_array_diff_recursive($array1, $array2) { if (!is_array($array2)) { return $array1; } $diff = array(); if (empty($array1)) {
function addUserToEntity($params) { if (!isset($params['eid']) || !isset($params['uid'])) { return FALSE; } $eid = $params['eid']; $uid = $params['uid']; # security hack - uid is actually userid ie. user@example.com - convert it to a janus uid as expected for further processing $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $user = new sspmod_janus_User(); $user->setUserid($uid); if ($user->load(sspmod_janus_User::USERID_LOAD) === false) { echo json_encode(array('status' => 'Unknown user')); exit; } $actual_uid = $user->getUid(); $util = new sspmod_janus_AdminUtil(); try { if (!($userid = $util->addUserToEntity($eid, $actual_uid))) { return FALSE; } } catch (Exception $e) { echo json_encode(array('status' => 'An unspecified error occurred')); exit; } return array('eid' => $eid, 'uid' => $actual_uid, 'userid' => $userid); }
// Added persistent, transient and unspecified to all entities as valid NameIDFormats /** * DbPatch makes the following variables available to PHP patches: * * @var $this DbPatch_Command_Patch_PHP * @var $writer DbPatch_Core_Writer * @var $db Zend_Db_Adapter_Abstract * @var $phpFile string */ define('SAML2_NAME_ID_FORMAT_UNSPECIFIED', 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified'); define('SAML2_NAME_ID_FORMAT_TRANSIENT', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'); define('SAML2_NAME_ID_FORMAT_PERSISTENT', 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'); $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; $janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php'); $userController = new sspmod_janus_UserController($janusConfig, sspmod_janus_DiContainer::getInstance()->getSecurityContext()); $userController->setUser('engine'); $entities = $userController->getEntities(); /** @var sspmod_janus_Entity $entity */ foreach ($entities as $entity) { if ($entity->getType() != 'saml20-sp') { continue; } $entity->setRevisionnote('patch-0015.php: Added persistent, transient and unspecified to all entities as valid NameIDFormats'); $entityController = new sspmod_janus_EntityController($janusConfig); $entityController->setEntity($entity); $entityController->addMetadata('NameIDFormats:0', SAML2_NAME_ID_FORMAT_PERSISTENT); $entityController->addMetadata('NameIDFormats:1', SAML2_NAME_ID_FORMAT_TRANSIENT); $entityController->addMetadata('NameIDFormats:2', SAML2_NAME_ID_FORMAT_UNSPECIFIED); $entityController->saveEntity(); }
<?php require_once __DIR__ . "/../app/autoload.php"; use Janus\ServiceRegistry\Entity\User; use Janus\ServiceRegistry\Entity\Connection; $em = sspmod_janus_DiContainer::getInstance()->getEntityManager(); /** * Tests if all Doctrine models can be stored in the database properly * * NOTE: before running this, change your database name to a TEST database */ $user = new User('admin', array('admin')); $em->persist($user); $em->flush(); $userData = new User\Data($user, 'testKey', 'testValue'); $em->persist($userData); $em->remove($userData); $em->flush(); $subscribingUser = new User('test', array('technical')); $em->persist($subscribingUser); $em->flush(); $userMessage = new User\Message($user, 'testSubject', 'testMessage', $subscribingUser, 'testSubscription'); $em->persist($userMessage); $em->flush(); $em->remove($userMessage); $em->flush(); $userSubscription = new User\Subscription($subscribingUser, 'testSubscription', 'testType'); $em->persist($userSubscription); $em->flush(); $em->remove($userSubscription); $em->flush();
$template->data['selectedtab'] = $selectedtab; $template->data['selectedSubTab'] = $selectedSubTab; /* START TAB ARPADMIN PROVISIONING ***********************************************************************************/ if ($selectedSubTab === SELECTED_SUBTAB_ADMIN_ENTITIES) { $template->data['adminentities'] = $userController->getEntities(true); } /* END TAB ARPADMIN PROVISIONING **************************************************************************************/ /* START TAB ENTITIES PROVISIONING ************************************************************************************/ if ($selectedtab == SELECTED_TAB_ENTITIES) { require __DIR__ . '/dashboard/connections.php'; } /* END TAB ENTITIES PROVISIONING **************************************************************************************/ // User is needed by all pages $template->data['userid'] = $userid; $template->data['user'] = $userController->getUser(); $template->data['security.context'] = sspmod_janus_DiContainer::getInstance()->getSecurityContext(); /* START TAB MESSAGE PROVISIONING *************************************************************************************/ if ($selectedtab == SELECTED_TAB_MESSAGE) { $template->data['user_type'] = $user->getType(); $template->data['subscriptions'] = $subscriptions; $template->data['subscriptionList'] = $subscriptionList; $template->data['messages'] = $messages; $template->data['messages_total'] = $messages_total; $template->data['external_messengers'] = $janus_config->getArray('messenger.external'); $template->data['current_page'] = $page; $template->data['last_page'] = ceil((double) $messages_total / $pm->getPaginationCount()); } /* END TAB MESSAGE PROVISIONING ***************************************************************************************/ $template->data['logouturl'] = $as->getLogoutURL(); /* START TAB ARPADMIN PROVISIONING ************************************************************************************/ if ($selectedtab == SELECTED_TAB_ARPADMIN) {
/** * Authenticate with SimpleSAMLphp. * * @return null|\Symfony\Component\Security\Core\Authentication\Token\TokenInterface */ public function authenticate() { $config = sspmod_janus_DiContainer::getInstance()->getConfig(); // The User Provider, to look up users and their secrets. $userProvider = new UserService($this->getEntityManager(), $config); // In case of the REST API v1 or the Installer we are pre authenticated. if (self::$preAuth) { $token = new PreAuthenticatedToken(static::$preAuth['user'], '', static::$preAuth['provider']); $provider = new PreAuthenticatedAuthenticationProvider($userProvider, new \Symfony\Component\Security\Core\User\UserChecker(), static::$preAuth['provider']); // Otherwise use SSP as our Authentication Provider. } else { $token = new SspToken(); $provider = new SspProvider($userProvider, $config); } // And a custom authentication manager with a single provider. $authenticationManager = new AuthenticationProviderManager(array($provider)); // And we use that provider to authenticate, which calls triggers SSP to authenticate and // puts it's information in our custom token. return $authenticationManager->authenticate($token); }
/** * instantiate the postman * * @since Method available since Release 1.2.0 */ public function __construct() { $this->_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $this->_paginate = $this->_config->getValue('dashboard.inbox.paginate_by', 20); }
private function importParsedMetadata($parsedMetadata) { // If metadata was not parsed if ($parsedMetadata === null) { SimpleSAML_Logger::error('Importer - Metadata was not parsed'); return 'error_metadata_not_parsed'; } if (isset($parsedMetadata['expire']) && $parsedMetadata['expire'] < time()) { SimpleSAML_Logger::error('Importer - Metadata was not parsed due expiration'); return 'error_metadata_not_parsed_due_expiration'; } // Remove entity descriptor unset($parsedMetadata['entityDescriptor']); unset($parsedMetadata['metadata-set']); // Validate that entity id is the same for imported metadata and entity if ($parsedMetadata['entityid'] != $this->_entityId) { SimpleSAML_Logger::error('Importer - EntityId does not match'); return 'error_entityid_no_match'; } else { unset($parsedMetadata['entityid']); } $parsedMetadata = $this->_removeUnusedContacts($parsedMetadata); $parsedMetadata = $this->_removeNonSaml2Services($parsedMetadata); $parsedMetadata = $this->_applyRequestedAttributesAsArp($parsedMetadata); $converter = sspmod_janus_DiContainer::getInstance()->getMetaDataConverter(); $parsedMetadata = $converter->execute($parsedMetadata); $msg = $this->_addCertificateMetaData($parsedMetadata); if ($msg) { return $msg; } foreach ($parsedMetadata as $key => $value) { if (!empty($this->_excludedMetadataKeys) && in_array($key, $this->_excludedMetadataKeys)) { continue; } if ($this->_entityController->hasMetadata($key)) { if (!$this->_entityController->updateMetadata($key, $value)) { SimpleSAML_Logger::info('Importer - Metadata field ' . $key . ' with value ' . $value . ' was not added.'); } else { $this->_updated = true; } } else { if (!$this->_entityController->addMetadata($key, $value)) { SimpleSAML_Logger::info('Importer - Metadata field ' . $key . ' with value ' . $value . ' was not added.'); } else { $this->_updated = true; } } } return 'status_metadata_parsed_ok'; }
* Main template for JANUS. * * @author Jacob Christiansen, <*****@*****.**> * @author Sixto Martín, <*****@*****.**> * @package simpleSAMLphp * @subpackage JANUS * @version $Id: janus-main.php 11 2009-03-27 13:51:02Z jach@wayf.dk $ * @todo Use some sort of form generator to reduce to amount of code and make it more robust */ $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $ssp_config = SimpleSAML_Configuration::getConfig(); $csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider(); $csrf_ajax_token_json_encoded = json_encode($csrf_provider->generateCsrfToken('ajax')); // Load custom translations for metadata fields $customDictionaryLoader = new sspmod_janus_CustomDictionaryLoader($this); $dictionaryDir = sspmod_janus_DiContainer::getInstance()->getRootDir() . '/dictionaries'; $customDictionaryLoader->addFromDir($dictionaryDir); $this->cookie_name = $ssp_config->getString('session.cookie.name', 'SimpleSAMLSessionID'); $this->data['head'] = '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/style.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/simptip-mini.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/jsondiff/jsondiffpatch.html.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/components/jqueryui/themes/smoothness/jquery-ui.min.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/tablesorter.default.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/validate.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/revisions.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/arp.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/metadata.css" />' . "\n"; $this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/editentity-wblist.css" />' . "\n"; $this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/components/jquery/jquery.min.js"></script>' . "\n"; $this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/components/jqueryui/ui/minified/jquery-ui.custom.min.js"></script>' . "\n"; $this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/scripts/json2-min.js"></script>' . "\n";
$user = new sspmod_janus_User(); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); $eid = $_GET['eid']; $currentRevisionId = $_GET['currentRevisionId']; $historyTab = $_GET['historyTab']; if (!($entity = $mcontroller->setEntity($eid))) { throw new SimpleSAML_Error_Exception('Error in setEntity'); } $workflowstates = $janus_config->getValue('workflowstates'); // load entity $mcontroller->loadEntity(); // Check if user is allowed to se entity $allowedUsers = $mcontroller->getUsers(); $output = ''; $securityContext = sspmod_janus_DiContainer::getInstance()->getSecurityContext(); if ((array_key_exists($userid, $allowedUsers) || $securityContext->isGranted('allentities')) && $securityContext->isGranted('entityhistory', $entity)) { $history_size = $mcontroller->getHistorySize(); $history = $mcontroller->getHistory(10, $history_size); foreach ($history as $data) { $rid = $data->getRevisionid(); $rnote = $data->getRevisionnote(); $output .= '<section class="revision"><a href="?eid=' . $data->getEid() . '&revisionid=' . $rid . '">' . $et->t('tab_edit_entity_connection_revision') . ' ' . $rid . '</a>'; if ($data->getRevisionid() !== $currentRevisionId) { $output .= ' - <a class="janus_button" href="?compareRevision=true&eid=' . $data->getEid() . '&compareRevisiondid=' . $data->getRevisionid() . '&revisionid=' . $currentRevisionId . '&selectedtab=' . $historyTab . '">Revision history</a>'; } $output .= strlen($rnote) > 80 ? ' - ' . substr($rnote, 0, 79) . '...' : ' - ' . $rnote; // Show edit user if present $user->setUid($data->getUser()); if ($user->load()) { $output .= ' - ' . $user->getUserid();
protected function __construct(array $option) { $this->_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $this->_headers = $option['headers']; }