throw new Exception('User ID is missing');
    }
    $userid = $attributes[$useridattr][0];
} else {
    $session->setData('string', 'refURL', SimpleSAML_Utilities::selfURL());
    SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php'));
}
function check_uri($uri)
{
    if (preg_match('/^[a-z][a-z0-9+-\\.]*:.+$/i', $uri) == 1) {
        return TRUE;
    }
    return FALSE;
}
$mcontrol = new sspmod_janus_UserController($janus_config);
$pm = new sspmod_janus_Postman();
if (!($user = $mcontrol->setUser($userid))) {
    throw new SimpleSAML_Error_Exception('Error in setUser');
}
$selectedtab = isset($_REQUEST['selectedtab']) ? $_REQUEST['selectedtab'] : 1;
if (isset($_POST['add_usersubmit'])) {
    if (empty($_POST['userid']) || empty($_POST['type'])) {
        $msg = 'error_user_not_created_due_params';
    } else {
        $check_user = new sspmod_janus_User($janus_config->getValue('store'));
        $check_user->setUserid($_POST['userid']);
        if ($check_user->load(sspmod_janus_User::USERID_LOAD) != FALSE) {
            $msg = 'error_user_already_exists';
        } else {
            $new_user = new sspmod_janus_User($janus_config->getValue('store'));
            $new_user->setUserid($_POST['userid']);
function updateSubscription($params)
{
    if (!isset($params['uid'])) {
        return FALSE;
    }
    if (!isset($params['sid'])) {
        return FALSE;
    }
    if (!isset($params['type'])) {
        return FALSE;
    }
    // only the user herself can update a subscription
    if ($params['uid'] != $params['__uid']) {
        echo json_encode(array('status' => 'permission_denied'));
        exit;
    }
    // check for user only updating her own subscriptions is in $pm->updateSubscription
    $pm = new sspmod_janus_Postman();
    $return = $pm->updateSubscription($params['sid'], $params['uid'], $params['type']);
    return $return;
}
Exemple #3
0
    exit;
}
$attributes = $as->getAttributes();
// Require that we can get this users id.
if (!isset($attributes[$userIdAttribute])) {
    throw new Exception('User ID is missing');
}
/** @var string $userId */
$userId = $attributes[$userIdAttribute][0];
if (isset($_POST['submit'])) {
    $csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider();
    if (!isset($_POST['csrf_token']) || !$csrf_provider->isCsrfTokenValid('add_user', $_POST['csrf_token'])) {
        SimpleSAML_Logger::warning('Janus: [SECURITY] CSRF token not found or invalid');
        throw new SimpleSAML_Error_BadRequest('Missing valid csrf token!');
    }
    // Create the user
    $user = new sspmod_janus_User($janusConfig->getValue('store'));
    $user->setUserid($userId);
    $user->setType($defaultUserType);
    $user->setActive('yes');
    $user->save();
    // Trigger an event
    $pm = new sspmod_janus_Postman();
    $pm->post('New user created', 'A new user has been created with username: '******'USER-NEW', $user->getUid());
}
$template = new SimpleSAML_XHTML_Template($sspConfig, 'janus:newuser.php', 'janus:newuser');
$template->data['userid'] = $userId;
if (isset($user)) {
    $template->data['user_created'] = TRUE;
}
$template->show();
Exemple #4
0
    } else {
        throw new SimpleSAML_Error_Exception("Unknown import type: '{$importType}'");
    }
}
if (!empty($_POST) && isset($_POST['apply'])) {
    if (!isset($_POST['csrf_token']) || !$csrf_provider->isCsrfTokenValid('import_entity', $_POST['csrf_token'])) {
        SimpleSAML_Logger::warning('Janus: [SECURITY] CSRF token not found or invalid');
        throw new SimpleSAML_Error_BadRequest('Missing valid csrf token!');
    }
    // Update entity if updated
    if ($update) {
        $entityController->saveEntity();
        $entityController->loadEntity();
        $entity = $entityController->getEntity();
        // Notify users who have asked to be updated when
        $pm = new sspmod_janus_Postman();
        $addresses[] = 'ENTITYUPDATE-' . $entity->getEid();
        $editLink = SimpleSAML_Module::getModuleURL('janus/editentity.php', array('eid' => $entity->getEid(), 'revisionid' => $entity->getRevisionid()));
        $pm->post('Entity updated - ' . $entity->getEntityid(), 'Permalink: <a href="' . htmlspecialchars($editLink) . '">' . htmlspecialchars($editLink) . '</a><br /><br />' . htmlspecialchars($entity->getRevisionnote()) . '<br /><br />' . htmlspecialchars($note), $addresses, $user->getUid());
    }
    $session->deleteData('string', 'meta_xml');
    $session->deleteData('string', 'meta_json');
    SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/editentity.php'), array('eid' => $entity->getEid(), 'revisionid' => $entity->getRevisionid()));
    exit;
}
$et->data['update'] = $update;
$newMetadata = $entityController->getMetaArray();
unset($newMetadata['attributes']);
$newMetadata = $converter->execute($newMetadata);
$et->data['new'] = $newMetadata;
$et->data['newArp'] = $entityController->getArpAttributes();
Exemple #5
0
 /**
  * Saves the user data to the database.
  *
  * Method for saving the user data to the database. If the user data has not
  * been modified the methos just returns true. If an error occures and the
  * data is not saved the method returns false.
  *
  * @return bool true if data is saved end false if data is not saved.
  * @throws \Exception
  */
 public function save()
 {
     // If the user is not modified, just return
     if (!$this->_modified) {
         return true;
     }
     $entityManager = $this->getEntityManager();
     $this->validateUserTypes($this->_type);
     // uid is empty. This is a new user
     if (empty($this->_uid)) {
         // Test if username already exists
         $existingUser = $entityManager->getRepository('Janus\\ServiceRegistry\\Entity\\User')->findOneBy(array('username' => $this->_userid));
         if ($existingUser instanceof User) {
             return false;
         }
         // Create new user
         $user = new User($this->_userid, $this->_type, $this->_email, $this->_active === 'yes');
         $entityManager->persist($user);
         $entityManager->flush();
         // Get new uid
         $this->_uid = $user->getId();
         $pm = new sspmod_janus_Postman();
         $pm->subscribe($this->_uid, 'USER-' . $this->_uid);
         $pm->post('New user created', 'A new user have been created. User ID: ' . htmlspecialchars($this->_userid) . ' Uid: ' . htmlspecialchars($this->_uid), 'USERCREATE', htmlspecialchars($this->_uid));
         unset($pm);
     } else {
         // Update existing user
         $existingUser = $this->getUserService()->findById($this->_uid);
         if (!$existingUser instanceof User) {
             throw new \Exception("User '{$this->_uid}' does not exist");
         }
         $existingUser->update($this->_userid, $this->_type, $this->_email, $this->_active === 'yes', $this->_data, $this->_secret);
         $entityManager->persist($existingUser);
         $entityManager->flush();
     }
     $this->_modified = false;
     return true;
 }
$authsource = $janus_config->getValue('auth', 'login-admin');
$useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
if ($session->isValid($authsource)) {
    $attributes = $session->getAttributes();
    // Check if userid exists
    if (!isset($attributes[$useridattr])) {
        throw new Exception('User ID is missing');
    }
    $userid = $attributes[$useridattr][0];
} else {
    SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php'));
}
$econtroller = new sspmod_janus_UserController($janus_config);
$usertypes = $janus_config->getValue('usertypes');
$et = new SimpleSAML_XHTML_Template($config, 'janus:newuser.php', 'janus:newuser');
if (isset($_POST['submit'])) {
    $user = new sspmod_janus_User($janus_config->getValue('store'));
    $user->setUserid($_POST['userid']);
    $user->setType($_POST['type']);
    $user->setActive('yes');
    $user->save();
    $et->data['user_created'] = TRUE;
    $pm = new sspmod_janus_Postman();
    $pm->post('New user created', 'A new user has been created with username: '******'USER-NEW', $user->getUid());
}
if (isset($_GET['userid'])) {
    $et->data['userid'] = $_GET['userid'];
}
$et->data['users'] = $econtroller->getUsers();
$et->data['usertypes'] = $usertypes;
$et->show();
 /**
  * Saves the user data to the database.
  *
  * Method for saving the user data to the database. If the user data has not
  * been modified the methos just returns true. If an error occures and the
  * data is not saved the method returns false.
  *
  * @return bool true if data is saved end false if data is not saved.
  * @todo Clean up
  * @todo Remove exceptions, return true/false
  */
 public function save()
 {
     // If the user is not modified, just return
     if (!$this->_modified) {
         return true;
     }
     // uid is empty. This is a new user
     if (empty($this->_uid)) {
         // Test if email address already exists
         $st = $this->execute('SELECT count(*) AS `count` 
             FROM ' . self::$prefix . 'user 
             WHERE `userid` = ?;', array($this->_userid));
         if ($st === false) {
             throw new SimpleSAML_Error_Exception('JANUS:User:save - Error executing statement : ' . self::formatError($st->errorInfo()));
         }
         $row = $st->fetchAll(PDO::FETCH_ASSOC);
         if ($row[0]['count'] > 0) {
             return false;
         }
         // Create new User
         $st = $this->execute('INSERT INTO ' . self::$prefix . 'user 
             (`uid`, 
             `userid`, 
             `type`, 
             `email`, 
             `active`, 
             `update`, 
             `created`, 
             `ip`) 
             VALUES 
             (null, ?, ?, ?, ?, ?, ?, ?)', array($this->_userid, serialize($this->_type), $this->_email, $this->_active, date('c'), date('c'), $_SERVER['REMOTE_ADDR']));
         // Get new uid
         $this->_uid = self::$db->lastInsertId();
         $pm = new sspmod_janus_Postman();
         $pm->subscribe($this->_uid, 'USER-' . $this->_uid);
         $pm->post('New user created', 'A new user have been created. User ID: ' . $this->_userid . ' Uid: ' . $this->_uid, 'USERCREATE', $this->_uid);
         unset($pm);
     } else {
         // Update existing user
         $st = $this->execute('UPDATE ' . self::$prefix . 'user set 
             `userid` = ?,
             `type` = ?, 
             `email` = ?, 
             `active` = ?, 
             `update` = ?, 
             `ip` = ?, 
             `data` = ?,
             `secret` = ? 
             WHERE 
             `uid` = ?;', array($this->_userid, serialize($this->_type), $this->_email, $this->_active, date('c'), $_SERVER['REMOTE_ADDR'], $this->_data, $this->_secret, $this->_uid));
     }
     if ($st === false) {
         throw new SimpleSAML_Error_Exception('JANUS:User:save - Error executing statement : ' . self::$db->errorInfo());
     }
     $this->_modified = false;
     return true;
 }
function updateSubscription($params)
{
    if (!isset($params['uid'])) {
        return FALSE;
    }
    if (!isset($params['sid'])) {
        return FALSE;
    }
    if (!isset($params['type'])) {
        return FALSE;
    }
    $pm = new sspmod_janus_Postman();
    $return = $pm->updateSubscription($params['sid'], $params['uid'], $params['type']);
    return $return;
}
    $norevision = array('da' => 'Ingen revisionsnote', 'en' => 'No revision note');
    // Set revision note
    if (empty($_POST['revisionnote'])) {
        if (array_key_exists($language, $norevision)) {
            $entity->setRevisionnote($norevision[$language]);
        } else {
            $entity->setRevisionnote($norevision['en']);
        }
    } else {
        $entity->setRevisionnote($_POST['revisionnote']);
    }
    // Update entity if updated
    if ($update) {
        $mcontroller->saveEntity();
        $mcontroller->loadEntity();
        $pm = new sspmod_janus_Postman();
        $addresses[] = 'ENTITYUPDATE-' . $eid;
        $directlink = SimpleSAML_Module::getModuleURL('janus/editentity.php', array('eid' => $entity->getEid(), 'revisionid' => $entity->getRevisionid()));
        $pm->post('Entity updated - ' . $entity->getEntityid(), 'Permalink: <a href="' . $directlink . '">' . $directlink . '</a><br /><br />' . $entity->getRevisionnote() . '<br /><br />' . $note, $addresses, $user->getUid());
    }
    SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('eid' => $eid, 'msg' => $msg));
}
// Get remote entities
if ($entity->getType() == 'saml20-sp') {
    $loaded_entities = array_merge($autil->getEntitiesByStateType(null, 'saml20-idp'), $autil->getEntitiesByStateType(null, 'shib13-idp'));
} else {
    if ($entity->getType() == 'saml20-idp') {
        $loaded_entities = array_merge($autil->getEntitiesByStateType(null, 'saml20-sp'), $autil->getEntitiesByStateType(null, 'shib13-sp'));
    } else {
        if ($entity->getType() == 'shib13-sp') {
            $loaded_entities = array_merge($autil->getEntitiesByStateType(null, 'saml20-idp'), $autil->getEntitiesByStateType(null, 'shib13-idp'));