public static function setupSamlNewUserSession($session, $accounttype)
{
$attrs = $session->samlattrs;
//initialize session data
$session->authCredSessionId = session_id();
$session->authCredSamlAuthToken = $_COOKIE["SimpleSAMLAuthToken"];
$session->authCredId = null;
$session->userid = -1;
$session->isNewUser = true;
$session->username = $attrs["idp:uid"][0];
$session->usercname = "";
$session->userFirstName = isset($attrs["idp:givenName"]) === true && count($attrs["idp:givenName"]) > 0 ? $attrs["idp:givenName"][0] : "";
$session->userLastName = isset($attrs["idp:sn"]) === true && count($attrs["idp:givenName"]) > 0 ? $attrs["idp:sn"][0] : "";
$session->userFullName = $session->userFirstName . " " . $session->userLastName;
$session->fullName = $session->userFullName;
$session->userRole = 4;
$session->userCountryID = 0;
$session->userCountryName = "";
$session->userPrimaryEmail = isset($attrs["idp:mail"]) === true && count($attrs["idp:mail"]) > 0 ? $attrs["idp:mail"][0] : "";
if (isset($session->accountStatus) === false) {
$session->accountStatus = "new";
}
//Check invalid emails from social media user accounts
if (trim($session->userPrimaryEmail) === "" || strtolower(trim($session->userPrimaryEmail)) === strtolower(trim($session->username . "@" . $accounttype . ".com"))) {
unset($session->userPrimaryEmail);
}
//Check if user has pending connection
AccountConnect::isPending($session);
//collect session data for new user based on saml source
switch ($accounttype) {
case "x509":
break;
case "egi-sso-ldap":
break;
case "facebook":
break;
case "linkedin":
break;
case "twitter":
break;
case "google":
break;
default:
break;
}
}
public function submitconfirmationcodeAction()
{
$this->_helper->layout->disableLayout();
if ($this->session->isNewUser !== true && $this->session->userid !== -1) {
$this->_helper->viewRenderer->setNoRender();
header("Location: " . "https://" . $_SERVER['HTTP_HOST']);
return;
}
$this->view->error = null;
$this->view->session = $this->session;
$this->view->expired = false;
$code = isset($_POST["confirmationcode"]) === true ? trim($_POST["confirmationcode"]) : null;
if ($code === null) {
$this->view->error = "No confirmation code given";
return;
}
//Check if current account is already connected to a profile implicitly or through a different session
//In this case the view should inform the user and autorefresh to the portal
if (AccountConnect::isConnected($this->session) !== false) {
//Update session so user will auto login on page refresh
SamlAuth::setupSamlAuth($this->session);
$this->view->session = $this->session;
return;
}
//Check if account is not pending, which means the request has timedout.
//In this case the view should inform the user and autorefresh to display the confirmation form.
if (AccountConnect::isPending($this->session) === false) {
$this->view->error = "Your connection request has expired";
$this->view->expired = true;
//Update session so user will be redirected to the appropriate form
SamlAuth::setupSamlAuth($this->session);
return;
}
$result = AccountConnect::submitPendingConnectionCode($this->session, $code);
if ($result !== true) {
$this->view->error = "Given code is not correct";
return;
}
$this->view->session = $this->session;
}
