/**
* Return if this person may request a new certificate. This is dependant
* on a few conditions:
* - person is fully decorated
* - 'confusa' entitlement is set
* - subscriber of the person is in state 'subscribed'
*
* @return permission object containing
* permissionGranted true/false based on whether the permission was granted
* reasons array with reasons for granting/rejecting the permissions
*/
public function mayRequestCertificate()
{
$permission = new Permission();
$permission->setPermission(true);
$translator = new Translator();
$translator->guessBestLanguage($this);
if (empty($this->eppn)) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_malfeppn', 'reasons'));
}
if (empty($this->given_name)) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_nogivenname', 'reasons'));
}
if (empty($this->email)) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_noemailaddr', 'reasons'));
}
if (is_null($this->getNREN()->getCountry()) || $this->getNREN()->getCountry() == "") {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_nocountryname', 'reasons'));
}
$subscriberOrgName = $this->subscriber->getOrgName();
if (empty($subscriberOrgName)) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_malfsubsname', 'reasons'));
}
if (Config::get_config('capi_test') && Config::get_config('ca_mode') === CA_COMODO && $subscriberOrgName == ConfusaConstants::$CAPI_TEST_O_PREFIX) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_reas_malfsubsname', 'reasons'));
}
if (empty($this->entitlement) || !$this->testEntitlementAttribute(Config::get_config('entitlement_user'))) {
$permission->setPermission(false);
$permission->addReason(Config::get_config('entitlement_user') . " " . $translator->getTextForTag('l10n_reas_noentitlement', 'reasons'));
}
$query = "SELECT org_state FROM subscribers WHERE name=?";
/* Bubble up exceptions */
$res = MDB2Wrapper::execute($query, array('text'), array($this->subscriber->getIdPName()));
if (count($res) == 0) {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_instunkn1', 'reasons') . " " . $this->subscriber->getIdPName() . " " . $translator->getTextForTag('l10n_instunkn2', 'reasons'));
return $permission;
} else {
if (count($res) > 1) {
throw new CGE_AuthException("More than one DB-entry with same subscriberOrgName " . $this->subscriber->getOrgName());
}
}
if ($res[0]['org_state'] !== 'subscribed') {
$permission->setPermission(false);
$permission->addReason($translator->getTextForTag('l10n_instnsubscr1', 'reasons') . " " . $this->subscriber->getIdPName() . " " . $translator->getTextForTag('l10n_instnsubscr2', 'reasons'));
}
return $permission;
}
$tpl = new Smarty();
$tpl->template_dir = Config::get_config('install_path') . 'templates';
$tpl->compile_dir = ConfusaConstants::$SMARTY_TEMPLATES_C;
$tpl->cache_dir = ConfusaConstants::$SMARTY_CACHE;
$subscriber = $person->getSubscriber();
if (isset($subscriber)) {
$help_email = $subscriber->getHelpEmail();
$tpl->assign('help_email', $help_email);
}
$tpl->assign('consent_val', $consent_val);
$tpl->assign('consumer_key', $consumer_key);
$tpl->assign('consumer_name', $consumer_info['name']);
$tpl->assign('consumer_description', $consumer_info['description']);
$tpl->assign('access_duration', $accTokenValidity);
$translator = new Translator();
$translator->guessBestLanguage($person);
$translator->decorateTemplate($tpl, 'oauth');
$tpl->display('api/oauth_consent.tpl');
break;
case '/consent':
$person = new Person();
$auth_idp = new Confusa_Auth_IdP($person);
$auth_idp->authenticate(FALSE);
if (!$person->isAuth()) {
header("HTTP/1.1 412 Precondition Failed");
echo "May not call the consent endpoint before the user " . "authenticated with their IdP!";
exit;
}
if ($_SESSION['oauth_authZ'] !== TRUE) {
header("HTTP/1.1 412 Precondition Failed");
echo "May not call the consent endpoint before the user " . "passed the authorization endpoint!";