/**
* Handle the forwarding of the user to the proper IdP0 after the WAYF screen.
*
* @param string $serviceName
* @throws EngineBlock_Corto_Module_Services_Exception
* @throws EngineBlock_Exception
* @throws EngineBlock_Corto_Module_Services_SessionLostException
*/
public function serve($serviceName)
{
$selectedIdp = urldecode($_REQUEST['idp']);
if (!$selectedIdp) {
throw new EngineBlock_Corto_Module_Services_Exception('No IdP selected after WAYF');
}
// Retrieve the request from the session.
$id = $_POST['ID'];
if (!$id) {
throw new EngineBlock_Exception('Missing ID for AuthnRequest after WAYF', EngineBlock_Exception::CODE_NOTICE);
}
$authnRequestRepository = new EngineBlock_Saml2_AuthnRequestSessionRepository($this->_server->getSessionLog());
$request = $authnRequestRepository->findRequestById($id);
if (!$request) {
throw new EngineBlock_Corto_Module_Services_SessionLostException('Session lost after WAYF');
}
// Flush log if SP or IdP has additional logging enabled
$sp = $this->_server->getRepository()->fetchServiceProviderByEntityId($request->getIssuer());
$idp = $this->_server->getRepository()->fetchIdentityProviderByEntityId($selectedIdp);
if (EngineBlock_SamlHelper::doRemoteEntitiesRequireAdditionalLogging(array($sp, $idp))) {
$application = EngineBlock_ApplicationSingleton::getInstance();
$application->flushLog('Activated additional logging for the SP or IdP');
$log = $application->getLogInstance();
$log->info('Raw HTTP request', array('http_request' => (string) $application->getHttpRequest()));
}
$this->_server->sendAuthenticationRequest($request, $selectedIdp);
}
public function execute()
{
$spEntityId = $this->_spMetadata['EntityId'];
$serviceRegistryAdapter = $this->_getServiceRegistryAdapter();
$arp = $serviceRegistryAdapter->getArp($spEntityId);
if ($arp) {
EngineBlock_ApplicationSingleton::getLog()->info("Applying attribute release policy {$arp['name']} for {$spEntityId}");
$newAttributes = array();
foreach ($this->_responseAttributes as $attribute => $attributeValues) {
if (!isset($arp['attributes'][$attribute])) {
EngineBlock_ApplicationSingleton::getLog()->info("ARP: Removing attribute {$attribute}");
continue;
}
$allowedValues = $arp['attributes'][$attribute];
if (in_array('*', $allowedValues)) {
// Passthrough all values
$newAttributes[$attribute] = $attributeValues;
continue;
}
foreach ($attributeValues as $attributeValue) {
if (in_array($attributeValue, $allowedValues)) {
if (!isset($newAttributes[$attribute])) {
$newAttributes[$attribute] = array();
}
$newAttributes[$attribute][] = $attributeValue;
}
}
}
$this->_responseAttributes = $newAttributes;
}
}
/**
* Get THE instance of the application singleton.
*
* @static
* @return EngineBlock_ApplicationSingleton
*/
public static function getInstance()
{
if (!isset(self::$s_instance)) {
self::$s_instance = new self();
}
return self::$s_instance;
}
protected function _getAccessToken($conf, $subjectId, $requireNew)
{
$cache = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getApplicationCache();
if (!$requireNew && $cache instanceof Zend_Cache_Backend_Apc) {
$accessToken = $cache->load(self::ACCESS_TOKEN_KEY);
if ($accessToken) {
return $accessToken;
}
}
// for example https://api.dev.surfconext.nl/v1/oauth2/token
$baseUrl = $this->_ensureTrailingSlash($conf->baseUrl) . 'v1/oauth2/token';
$client = new Zend_Http_Client($baseUrl);
try {
$response = $client->setConfig(array('timeout' => 15))->setHeaders(Zend_Http_Client::CONTENT_TYPE, Zend_Http_Client::ENC_URLENCODED)->setAuth($conf->key, $conf->secret)->setParameterPost('grant_type', 'client_credentials')->request(Zend_Http_Client::POST);
$result = json_decode($response->getBody(), true);
if (isset($result['access_token'])) {
$accessToken = $result['access_token'];
if ($cache instanceof Zend_Cache_Backend_Apc) {
$cache->save($accessToken, self::ACCESS_TOKEN_KEY);
}
return $accessToken;
}
throw new EngineBlock_VirtualOrganization_AccessTokenNotGrantedException('AccessToken not granted for EB as SP. Check SR and the Group Provider endpoint log.');
} catch (Exception $exception) {
$additionalInfo = EngineBlock_Log_Message_AdditionalInfo::create()->setUserId($subjectId)->setDetails($exception->getTraceAsString());
EngineBlock_ApplicationSingleton::getLog()->error("Error in connecting to API(s) for access token grant" . $exception->getMessage(), array('additional_info' => $additionalInfo->toArray()));
throw new EngineBlock_VirtualOrganization_AccessTokenNotGrantedException('AccessToken not granted for EB as SP. Check SR and the Group Provider endpoint log', EngineBlock_Exception::CODE_ALERT, $exception);
}
}
/**
* Send a mail based on the configuration in the emails table
*
* @throws EngineBlock_Exception in case there is no EmailConfiguration in emails table
* @param $emailAddress the email address of the recipient
* @param $emailType the pointer to the emails configuration
* @param $replacements array where the key is a variable (e.g. {user}) and the value the string where the variable should be replaced
* @return void
*/
public function sendMail($emailAddress, $emailType, $replacements)
{
$dbh = $this->_getDatabaseConnection();
$query = "SELECT email_text, email_from, email_subject, is_html FROM emails where email_type = ?";
$parameters = array($emailType);
$statement = $dbh->prepare($query);
$statement->execute($parameters);
$rows = $statement->fetchAll();
if (count($rows) !== 1) {
EngineBlock_ApplicationSingleton::getLog()->err("Unable to send mail because of missing email configuration: " . $emailType);
return;
}
$emailText = $rows[0]['email_text'];
foreach ($replacements as $key => $value) {
// Single value replacement
if (!is_array($value)) {
$emailText = str_ireplace($key, $value, $emailText);
} else {
$replacement = '<ul>';
foreach ($value as $valElem) {
$replacement .= '<li>' . $valElem . '</li>';
}
$replacement .= '</ul>';
$emailText = str_ireplace($key, $replacement, $emailText);
}
}
$emailFrom = $rows[0]['email_from'];
$emailSubject = $rows[0]['email_subject'];
$mail = new Zend_Mail('UTF-8');
$mail->setBodyHtml($emailText, 'utf-8', 'utf-8');
$mail->setFrom($emailFrom, "SURFconext Support");
$mail->addTo($emailAddress);
$mail->setSubject($emailSubject);
$mail->send();
}
/**
* @return array|Zend_Rest_Client_Result
*/
public function get($args = array())
{
if (!isset($args[0])) {
$args[0] = $this->_uri->getPath();
}
$this->_data['rest'] = 1;
$data = array_slice($args, 1) + $this->_data;
$response = $this->restGet($args[0], $data);
/**
* @var Zend_Http_Client $httpClient
*/
$httpClient = $this->getHttpClient();
EngineBlock_ApplicationSingleton::getLog()->debug("REST Request: " . $httpClient->getLastRequest());
EngineBlock_ApplicationSingleton::getLog()->debug("REST Response: " . $httpClient->getLastResponse()->getBody());
$this->_data = array();
//Initializes for next Rest method.
if ($response->getStatus() !== 200) {
throw new EngineBlock_Exception("Response status !== 200: " . var_export($httpClient->getLastRequest(), true) . var_export($response, true) . var_export($response->getBody(), true));
}
if (strpos($response->getHeader("Content-Type"), "application/json") !== false) {
return json_decode($response->getBody(), true);
} else {
try {
return new Zend_Rest_Client_Result($response->getBody());
} catch (Zend_Rest_Client_Result_Exception $e) {
throw new EngineBlock_Exception('Error parsing response' . var_export($httpClient->getLastRequest(), true) . var_export($response, true) . var_export($response->getBody(), true), null, $e);
}
}
}
/**
* Validate the license information
*
* @param string $userId
* @param array $spMetadata
* @param array $idpMetadata
* @return string
*/
public function validate($userId, array $spMetadata, array $idpMetadata)
{
if (!$this->_active) {
return EngineBlock_LicenseEngine_ValidationManager::LICENSE_UNKNOWN;
}
$client = new Zend_Http_Client($this->_url);
$client->setConfig(array('timeout' => 15));
try {
$client->setHeaders(Zend_Http_Client::CONTENT_TYPE, 'application/json; charset=utf-8')->setParameterGet('userId', urlencode($userId))->setParameterGet('serviceProviderEntityId', urlencode($spMetadata['EntityId']))->setParameterGet('identityProviderEntityId', urlencode($idpMetadata['EntityId']))->request('GET');
$body = $client->getLastResponse()->getBody();
$response = json_decode($body, true);
$status = $response['status'];
} catch (Exception $exception) {
$additionalInfo = new EngineBlock_Log_Message_AdditionalInfo($userId, $idpMetadata['EntityId'], $spMetadata['EntityId'], $exception->getTraceAsString());
EngineBlock_ApplicationSingleton::getLog()->error("Could not connect to License Manager" . $exception->getMessage(), $additionalInfo);
return EngineBlock_LicenseEngine_ValidationManager::LICENSE_UNKNOWN;
}
if ($status['returnUrl']) {
$currentResponse = EngineBlock_ApplicationSingleton::getInstance()->getHttpResponse();
$currentResponse->setRedirectUrl($status['returnUrl']);
$currentResponse->send();
exit;
} else {
if ($status['licenseStatus']) {
return $status['licenseStatus'];
} else {
return EngineBlock_LicenseEngine_ValidationManager::LICENSE_UNKNOWN;
}
}
}
public function indexAction($url)
{
$this->setNoRender();
// let shindig do the rendering
set_include_path(ENGINEBLOCK_FOLDER_SHINDIG . PATH_SEPARATOR . get_include_path());
include_once 'src/common/Config.php';
include_once 'src/common/File.php';
// You can't inject a Config, so force it to try loading
// and ignore errors from config file not being there :(
global $shindigConfig;
$shindigConfig = array();
@Config::setConfig(array('allow_plaintext_token' => true, 'person_service' => 'EngineBlock_Shindig_DataService', 'activity_service' => 'EngineBlock_Shindig_DataService', 'group_service' => 'EngineBlock_Shindig_DataService'));
spl_autoload_register(array(get_class($this), 'shindigAutoLoad'));
// Shindig expects urls to be moiunted on /social/rest so we enforce that.
$_SERVER['REQUEST_URI'] = '/social/rest/' . $url;
// We only support JSON
$_SERVER['CONTENT_TYPE'] = 'application/json';
// Shindig wants a security token, but interface F in coin is auth-less so we fake one.
$_REQUEST["st"] = $_GET["st"] = $_POST["st"] = "o:v:a:d:u:m:c";
$requestMethod = EngineBlock_ApplicationSingleton::getInstance()->getHttpRequest()->getMethod();
$methodName = 'do' . ucfirst(strtolower($requestMethod));
$servletInstance = new DataServiceServlet();
if (is_callable(array($servletInstance, $methodName))) {
$servletInstance->{$methodName}();
} else {
echo "Invalid method";
// @todo Error out
}
}
/**
*
* @example /profile/group-oauth/consume/provider2?oauth_token=request-token
*
* @param string $providerId
* @return void
*/
public function consumeAction($providerId)
{
$this->setNoRender();
$providerConfig = $this->_getProviderConfiguration($providerId);
$consumer = new Zend_Oauth_Consumer($providerConfig->auth);
$queryParameters = $this->_getRequest()->getQueryParameters();
if (empty($queryParameters)) {
throw new EngineBlock_Exception('Unable to consume access token, no query parameters given');
}
if (!isset($_SESSION['request_token'][$providerId])) {
throw new EngineBlock_Exception("Unable to consume access token, no request token (session lost?)");
}
$requestToken = unserialize($_SESSION['request_token'][$providerId]);
$token = $consumer->getAccessToken($queryParameters, $requestToken);
$userId = $this->attributes['nameid'][0];
$provider = EngineBlock_Group_Provider_OpenSocial_Oauth_ThreeLegged::createFromConfigs($providerConfig, $userId);
$provider->setAccessToken($token);
if (!$provider->validatePreconditions()) {
EngineBlock_ApplicationSingleton::getLog()->err("Unable to test OpenSocial 3-legged Oauth provider because not all preconditions have been matched?", new EngineBlock_Log_Message_AdditionalInfo($userId, null, null, null));
$this->providerId = $providerId;
$this->renderAction("Error");
} else {
// Now that we have an Access Token, we can discard the Request Token
$_SESSION['request_token'][$providerId] = null;
$this->_redirectToUrl($_SESSION['return_url']);
}
}
protected function _bootstrapTranslations()
{
$translationFiles = array('en' => ENGINEBLOCK_FOLDER_ROOT . 'languages/en.php', 'nl' => ENGINEBLOCK_FOLDER_ROOT . 'languages/nl.php');
$translationCacheProxy = new EngineBlock_Translate_CacheProxy($translationFiles, $this->_application->getDiContainer()->getApplicationCache());
$translate = $translationCacheProxy->load();
// If the URL has &lang=nl in it or the lang var is posted, or a lang cookie was set, then use that locale
$httpRequest = $this->_application->getHttpRequest();
$cookieLang = $httpRequest->getCookie('lang');
$getLang = $httpRequest->getQueryParameter('lang');
$postLang = $httpRequest->getPostParameter('lang');
$lang = null;
if ($getLang) {
$lang = strtolower($getLang);
} else {
if ($postLang) {
$lang = strtolower($postLang);
} else {
$lang = strtolower($cookieLang);
}
}
$langCookieConfig = $this->_application->getConfigurationValue('cookie')->lang;
$cookieDomain = $langCookieConfig->domain;
$cookieExpiry = null;
if (isset($langCookieConfig->expiry) && $langCookieConfig->expiry > 0) {
$cookieExpiry = time() + $langCookieConfig->expiry;
}
if ($lang && $translate->getAdapter()->isAvailable($lang)) {
$translate->setLocale($lang);
$this->_application->getHttpResponse()->setCookie('lang', $lang, $cookieExpiry, '/', $cookieDomain);
} else {
$translate->setLocale('en');
$this->_application->getHttpResponse()->setCookie('lang', 'en', $cookieExpiry, '/', $cookieDomain);
}
$this->_application->setTranslator($translate);
}
public function saml2AttributesToLdapAttributes($attributes)
{
$log = EngineBlock_ApplicationSingleton::getLog();
$required = $this->_saml2Required;
$ldapAttributes = array();
foreach ($attributes as $saml2Name => $values) {
// Map it to an LDAP attribute
if (isset($this->_s2lMap[$saml2Name])) {
if (count($values) > 1) {
$log->notice("Ignoring everything but first value of {$saml2Name}", array('attribute_values' => $values));
}
$ldapAttributes[$this->_s2lMap[$saml2Name]] = $values[0];
}
// Check off against required attribute list
$requiredAttributeKey = array_search($saml2Name, $required);
if ($requiredAttributeKey !== false) {
unset($required[$requiredAttributeKey]);
}
}
if (!empty($required)) {
$log->error('Missing required SAML2 fields in attributes', array('required_fields' => $required, 'attributes' => $attributes));
throw new EngineBlock_Exception_MissingRequiredFields('Missing required SAML2 fields in attributes');
}
return $ldapAttributes;
}
public function metadataAction()
{
$this->setNoRender();
$request = EngineBlock_ApplicationSingleton::getInstance()->getHttpRequest();
$entityId = $request->getQueryParameter("entityid");
$gadgetUrl = $request->getQueryParameter('gadgeturl');
// If we were only handed a gadget url, no entity id, lookup the Service Provider entity id
if ($gadgetUrl && !$entityId) {
$identifiers = $this->_getRegistry()->findIdentifiersByMetadata('coin:gadgetbaseurl', $gadgetUrl);
if (count($identifiers) > 1) {
EngineBlock_ApplicationSingleton::getLog()->warn("Multiple identifiers found for gadgetbaseurl: '{$gadgetUrl}'");
throw new EngineBlock_Exception('Multiple identifiers found for gadgetbaseurl');
}
if (count($identifiers) === 0) {
EngineBlock_ApplicationSingleton::getInstance()->getLog()->warn("No Entity Id found for gadgetbaseurl '{$gadgetUrl}'");
$this->_getResponse()->setHeader('Content-Type', 'application/json');
$this->_getResponse()->setBody(json_encode(new stdClass()));
return;
}
$entityId = $identifiers[0];
}
if (!$entityId) {
throw new EngineBlock_Exception('No entity id provided to get metadata for?!');
}
if (isset($_REQUEST["keys"])) {
$result = $this->_getRegistry()->getMetaDataForKeys($entityId, explode(",", $_REQUEST["keys"]));
} else {
$result = $this->_getRegistry()->getMetadata($entityId);
}
$result['entityId'] = $entityId;
$this->_getResponse()->setHeader('Content-Type', 'application/json');
$this->_getResponse()->setBody(json_encode($result));
}
public function tearDown()
{
if (!$this->_originalConfig) {
return true;
}
EngineBlock_ApplicationSingleton::getInstance()->setConfiguration($this->_originalConfig);
}
public function execute()
{
$metadataRepository = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getMetadataRepository();
$allowedIdpEntityIds = $metadataRepository->findAllowedIdpEntityIdsForSp($this->_serviceProvider);
if (!in_array($this->_identityProvider->entityId, $allowedIdpEntityIds)) {
throw new EngineBlock_Corto_Exception_InvalidConnection("Disallowed response by SP configuration. " . "Response from IdP '{$this->_identityProvider->entityId}' to SP '{$this->_serviceProvider->entityId}'");
}
}
protected function _setIsMember()
{
if (!isset($this->_responseAttributes[static::URN_IS_MEMBER_OF])) {
$this->_responseAttributes[static::URN_IS_MEMBER_OF] = array();
}
$configuration = EngineBlock_ApplicationSingleton::getInstance()->getConfiguration();
$this->_responseAttributes[static::URN_IS_MEMBER_OF][] = $configuration->addgueststatus->guestqualifier;
}
public function displayAction($exception)
{
$this->_getResponse()->setStatus(500, 'Internal Server Error');
$application = EngineBlock_ApplicationSingleton::getInstance();
if ($application->getConfigurationValue('debug', false)) {
$this->exception = $exception;
}
}
public function displayAction($exception)
{
header('HTTP/1.1 500 Internal Server Error', true, 500);
$application = EngineBlock_ApplicationSingleton::getInstance();
if ($application->getConfigurationValue('debug', false)) {
$this->exception = $exception;
}
}
public function setup()
{
$this->proxyServerMock = $this->mockProxyServer();
$diContainer = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer();
$this->xmlConverterMock = $this->mockXmlConverter($diContainer[EngineBlock_Application_DiContainer::XML_CONVERTER]);
$this->consentFactoryMock = $diContainer[EngineBlock_Application_DiContainer::CONSENT_FACTORY];
$this->consentMock = $this->mockConsent();
}
protected function _getUserDirectory()
{
if ($this->_userDirectory == NULL) {
$ldapConfig = EngineBlock_ApplicationSingleton::getInstance()->getConfiguration()->ldap;
$this->_userDirectory = new EngineBlock_UserDirectory($ldapConfig);
}
return $this->_userDirectory;
}
public function indexAction()
{
$this->previewOnly = $this->_getRequest()->getQueryParameter('preview') ? true : false;
$deprovisionEngine = new EngineBlock_Deprovisioning();
$this->deprovisionPreview = $deprovisionEngine->deprovision($this->previewOnly);
$this->deprovisionConfig = EngineBlock_ApplicationSingleton::getInstance()->getConfiguration()->cron->deprovision;
$this->_redirectToController("Index");
}
public function execute()
{
if (!$this->_collabPersonId) {
throw new EngineBlock_Corto_Filter_Command_Exception_PreconditionFailed('Missing collabPersonId');
}
$config = EngineBlock_ApplicationSingleton::getInstance()->getConfiguration();
$licenseEngine = new EngineBlock_LicenseEngine_ValidationManager($config);
$licenseCode = $licenseEngine->validate($this->_collabPersonId, $this->_spMetadata, $this->_idpMetadata);
$this->_responseAttributes[EngineBlock_LicenseEngine_ValidationManager::LICENSE_SAML_ATTRIBUTE] = array($licenseCode);
}
public function testItAddsANonEmptyStringToTheRecord()
{
// Assert the log ID is bootstrapped.
$logId = EngineBlock_ApplicationSingleton::getInstance()->getLogRequestId();
$this->assertInternalType('string', $logId);
$this->assertNotEmpty($logId);
$processor = new EngineBlock_Log_Monolog_Processor_RequestIdProcessor();
$record = $processor(array('extra' => array()));
$this->assertEquals($logId, $record['extra']['request_id'], 'Appended log request ID and bootstrapped log request ID do not match');
}
public function indexAction()
{
$this->setNoRender();
$configuration = EngineBlock_ApplicationSingleton::getInstance()->getConfigurationValue('engineApi');
if (!$configuration) {
throw new EngineBlock_Exception('API access disabled');
}
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="EngineBlock API"');
header('HTTP/1.1 401 Unauthorized');
echo json_encode('Unauthenticated');
exit;
}
if ($_SERVER['PHP_AUTH_USER'] !== $configuration->user) {
header('WWW-Authenticate: Basic realm="EngineBlock API"');
header('HTTP/1.1 401 Unauthorized');
echo json_encode('Invalid credentials');
exit;
}
if ($_SERVER['PHP_AUTH_PW'] !== $configuration->password) {
header('WWW-Authenticate: Basic realm="EngineBlock API"');
header('HTTP/1.1 401 Unauthorized');
echo json_encode('Invalid credentials');
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('HTTP/1.1 400 Bad Request');
echo json_encode('Not a POST request');
return;
}
ini_set('memory_limit', '265M');
$body = $this->_getRequest()->getRawBody();
if (!$body) {
header('HTTP/1.1 400 Bad Request');
echo json_encode('No body');
exit;
}
$connections = json_decode($body);
if (!$connections) {
header('HTTP/1.1 400 Bad Request');
echo json_encode('Unable to decode body as JSON');
exit;
}
if (!is_object($connections) || !isset($connections->connections) && !is_object($connections->connections)) {
header('HTTP/1.1 400 Bad Request');
echo json_encode('Unrecognized structure for JSON');
exit;
}
$assembler = new JanusPushMetadataAssembler();
$roles = $assembler->assemble($connections->connections);
$doctrineRepository = DoctrineMetadataRepository::createFromConfig(array(), EngineBlock_ApplicationSingleton::getInstance()->getDiContainer());
$result = $doctrineRepository->synchronize($roles);
echo json_encode($result);
}
/**
* @param SAML2_Response $response
* @param SimpleSAML_Configuration $idpConfig
*/
private function addSigns(SAML2_Response $response, SimpleSAML_Configuration $idpConfig)
{
$assertions = $response->getAssertions();
$className = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getMessageUtilClassName();
// Special case the 'normal' message verification class name so we have IDE support.
if ($className === 'sspmod_saml_Message') {
sspmod_saml_Message::addSign($idpConfig, SimpleSAML_Configuration::loadFromArray(array()), $assertions[0]);
return;
}
$className::addSign($idpConfig, SimpleSAML_Configuration::loadFromArray(array()), $assertions[0]);
}
public function processedAssertionAction()
{
$this->setNoRender();
$application = EngineBlock_ApplicationSingleton::getInstance();
try {
$proxyServer = new EngineBlock_Corto_Adapter();
$proxyServer->processedAssertionConsumer();
} catch (EngineBlock_Corto_Exception_UserNotMember $e) {
$application->getLogInstance()->warn('User not a member error');
$application->getHttpResponse()->setRedirectUrl('/authentication/feedback/vomembershiprequired');
}
}
protected function _sendIntroductionMail(array $attributes)
{
if (!isset($attributes['urn:mace:dir:attribute-def:mail'])) {
return;
}
$config = EngineBlock_ApplicationSingleton::getInstance()->getConfiguration();
if (!isset($config->email->sendWelcomeMail) || !$config->email->sendWelcomeMail) {
return;
}
$emailAddress = $attributes['urn:mace:dir:attribute-def:mail'][0];
$this->_mailer->sendMail($emailAddress, EngineBlock_Corto_Module_Services::INTRODUCTION_EMAIL, array('{user}' => $this->_preferredNameAttributeFilter->getAttribute($attributes)));
}
/**
* Creates services objects with their own specific needs
*
* @param string $className
* @param EngineBlock_Corto_ProxyServer $server
* @return EngineBlock_Corto_Module_Service_Abstract
*/
private function factoryService($className, EngineBlock_Corto_ProxyServer $server)
{
$diContainer = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer();
switch ($className) {
case 'EngineBlock_Corto_Module_Service_ProvideConsent':
return new EngineBlock_Corto_Module_Service_ProvideConsent($server, $diContainer[EngineBlock_Application_DiContainer::XML_CONVERTER], $diContainer[EngineBlock_Application_DiContainer::CONSENT_FACTORY]);
case 'EngineBlock_Corto_Module_Service_ProcessConsent':
$preferredNameAttributeFilter = new EngineBlock_User_PreferredNameAttributeFilter();
return new EngineBlock_Corto_Module_Service_ProcessConsent($server, $diContainer[EngineBlock_Application_DiContainer::XML_CONVERTER], $diContainer[EngineBlock_Application_DiContainer::CONSENT_FACTORY], $diContainer[EngineBlock_Application_DiContainer::MAILER], $preferredNameAttributeFilter);
default:
return new $className($server, $diContainer[EngineBlock_Application_DiContainer::XML_CONVERTER]);
}
}
/**
* @throws EngineBlock_Corto_Exception_MissingRequiredFields
*/
public function execute()
{
// ServiceRegistry override of SchacHomeOrganization, set it and skip validation
$excluded = array();
if ($this->_identityProvider->schacHomeOrganization) {
$this->_responseAttributes[self::URN_MACE_TERENA_SCHACHOMEORG] = array($this->_identityProvider->schacHomeOrganization);
$excluded[] = static::URN_MACE_TERENA_SCHACHOMEORG;
}
$validationResult = EngineBlock_ApplicationSingleton::getInstance()->getDiContainer()->getAttributeValidator()->validate($this->_responseAttributes, $excluded);
if ($validationResult->hasErrors()) {
throw new EngineBlock_Corto_Exception_MissingRequiredFields('Errors validating attributes' . ' errors: ' . print_r($validationResult->getErrors(), true) . ' attributes: ' . print_r($this->_responseAttributes, true));
}
}
public function mapTo(array $rootElement)
{
$publication = EngineBlock_ApplicationSingleton::getInstance()->getConfiguration()->edugain->publication;
if (!isset($rootElement['md:Extensions'])) {
$rootElement['md:Extensions'] = array(EngineBlock_Corto_XmlToArray::ATTRIBUTE_PFX . "xmlns:mdrpi" => "urn:oasis:names:tc:SAML:metadata:rpi");
}
if (!isset($rootElement['md:Extensions']['mdrpi:PublicationInfo'])) {
$publicationInfo = array(EngineBlock_Corto_XmlToArray::ATTRIBUTE_PFX . "creationInstant" => date(DateTime::W3C), EngineBlock_Corto_XmlToArray::ATTRIBUTE_PFX . "publisher" => $publication->publisher);
$publicationInfo['mdrpi:UsagePolicy'] = array(array(EngineBlock_Corto_XmlToArray::ATTRIBUTE_PFX . 'xml:lang' => "en", EngineBlock_Corto_XmlToArray::VALUE_PFX => $publication->policy));
$rootElement['md:Extensions']['mdrpi:PublicationInfo'] = array($publicationInfo);
}
return $rootElement;
}
protected function _handleDispatchException(Exception $e)
{
$application = EngineBlock_ApplicationSingleton::getInstance();
$application->reportError($e);
if (!$this->_useErrorHandling) {
throw $e;
} else {
$errorConfiguration = $application->getConfiguration()->error;
$module = $errorConfiguration->module;
$controllerName = $errorConfiguration->controller;
$action = $errorConfiguration->action;
$controllerInstance = $this->_getControllerInstance($module, $controllerName);
$controllerInstance->handleAction($action, array($e));
}
}
