/** * Dispatch function to support migration to MA. * @param unknown_type $account_id */ function geni_loadUser() { global $in_maintenance_mode; // TODO: Look up in cache here if (!array_key_exists('eppn', $_SERVER)) { // Required attributes were not found - redirect to a gentle error page send_attribute_fail_email(); incommon_attribute_redirect(); } // Load current user based on Shibboleth environment $eppn = strtolower($_SERVER['eppn']); $sfcred = NULL; global $speaks_for_enabled; $sfcred = fetch_speaks_for($eppn, $expires); if ($sfcred === FALSE) { /* A DB error occurred. */ if (isset($speaks_for_enabled) && $speaks_for_enabled) { return NULL; } } else { if (is_null($sfcred)) { if (isset($speaks_for_enabled) && $speaks_for_enabled) { error_log("No speaks for cred on file for eppn '{$eppn}'"); relative_redirect('speaks-for.php'); } } } $user = geni_load_user_by_eppn($eppn, $sfcred); // Non-operators can't use the portal while in maintenance: they go to the 'Maintenance" page if ($in_maintenance_mode && !$user->isAllowed(CS_ACTION::ADMINISTER_MEMBERS, CS_CONTEXT_TYPE::MEMBER, null)) { error_log($user->prettyName() . " tried to access portal during maintenance"); relative_redirect("maintenance_redirect_page.php"); } // TODO: Insert user in cache here return $user; }
} } $key_token = NULL; if (array_key_exists('AUTH_TYPE', $_SERVER) && strcmp($_SERVER['AUTH_TYPE'], 'shibboleth') == 0) { /* Shibboleth authentication is present. Look for EPPN. */ if (array_key_exists('eppn', $_SERVER)) { /* Our key token is the EPPN with shibboleth authentication. */ $key_token = $_SERVER['eppn']; } } /* Bail out because no key token was found. */ if (is_null($key_token)) { header('Unauthorized', true, 401); exit; } $cred = fetch_speaks_for($key_token, $expires); if ($cred === false) { // A database error occurred $cred_info = '<i>DB Error fetching credential</i><br/>'; } elseif (is_null($cred)) { $cred_info = '<i>No credential in DB</i><br/>'; } else { $cred_info = "<i>Credential expires {$expires}</i><br/>"; } /*------------------------------------------------------------ * Page display starts here *------------------------------------------------------------ */ show_header('GENI Portal: Authorization', FALSE); ?> <script src="<?php