コード例 #1
0
ファイル: Person.php プロジェクト: henrikau/confusa
 /**
  * Return if this person may request a new certificate. This is dependant
  * on a few conditions:
  * 		- person is fully decorated
  * 		- 'confusa' entitlement is set
  * 		- subscriber of the person is in state 'subscribed'
  *
  * @return permission object containing
  * 		permissionGranted true/false based on whether the permission was granted
  * 		reasons array with reasons for granting/rejecting the permissions
  */
 public function mayRequestCertificate()
 {
     $permission = new Permission();
     $permission->setPermission(true);
     $translator = new Translator();
     $translator->guessBestLanguage($this);
     if (empty($this->eppn)) {
         $permission->setPermission(false);
         $permission->addReason($translator->getTextForTag('l10n_reas_malfeppn', 'reasons'));
     }
     if (empty($this->given_name)) {
         $permission->setPermission(false);
         $permission->addReason($translator->getTextForTag('l10n_reas_nogivenname', 'reasons'));
     }
     if (empty($this->email)) {
         $permission->setPermission(false);
         $permission->addReason($translator->getTextForTag('l10n_reas_noemailaddr', 'reasons'));
     }
     if (is_null($this->getNREN()->getCountry()) || $this->getNREN()->getCountry() == "") {
         $permission->setPermission(false);
         $permission->addReason($translator->getTextForTag('l10n_reas_nocountryname', 'reasons'));
     }
     $subscriberOrgName = $this->subscriber->getOrgName();
     if (empty($subscriberOrgName)) {
         $permission->setPermission(false);
         $permission->addReason($translator->getTextForTag('l10n_reas_malfsubsname', 'reasons'));
     }
     if (Config::get_config('capi_test') && Config::get_config('ca_mode') === CA_COMODO && $subscriberOrgName == ConfusaConstants::$CAPI_TEST_O_PREFIX) {
         $permission->setPermission(false);
         $permission->addReason($translator->getTextForTag('l10n_reas_malfsubsname', 'reasons'));
     }
     if (empty($this->entitlement) || !$this->testEntitlementAttribute(Config::get_config('entitlement_user'))) {
         $permission->setPermission(false);
         $permission->addReason(Config::get_config('entitlement_user') . " " . $translator->getTextForTag('l10n_reas_noentitlement', 'reasons'));
     }
     $query = "SELECT org_state FROM subscribers WHERE name=?";
     /* Bubble up exceptions */
     $res = MDB2Wrapper::execute($query, array('text'), array($this->subscriber->getIdPName()));
     if (count($res) == 0) {
         $permission->setPermission(false);
         $permission->addReason($translator->getTextForTag('l10n_instunkn1', 'reasons') . " " . $this->subscriber->getIdPName() . " " . $translator->getTextForTag('l10n_instunkn2', 'reasons'));
         return $permission;
     } else {
         if (count($res) > 1) {
             throw new CGE_AuthException("More than one DB-entry with same subscriberOrgName " . $this->subscriber->getOrgName());
         }
     }
     if ($res[0]['org_state'] !== 'subscribed') {
         $permission->setPermission(false);
         $permission->addReason($translator->getTextForTag('l10n_instnsubscr1', 'reasons') . " " . $this->subscriber->getIdPName() . " " . $translator->getTextForTag('l10n_instnsubscr2', 'reasons'));
     }
     return $permission;
 }
コード例 #2
0
ファイル: oauth.php プロジェクト: henrikau/confusa
     $tpl = new Smarty();
     $tpl->template_dir = Config::get_config('install_path') . 'templates';
     $tpl->compile_dir = ConfusaConstants::$SMARTY_TEMPLATES_C;
     $tpl->cache_dir = ConfusaConstants::$SMARTY_CACHE;
     $subscriber = $person->getSubscriber();
     if (isset($subscriber)) {
         $help_email = $subscriber->getHelpEmail();
         $tpl->assign('help_email', $help_email);
     }
     $tpl->assign('consent_val', $consent_val);
     $tpl->assign('consumer_key', $consumer_key);
     $tpl->assign('consumer_name', $consumer_info['name']);
     $tpl->assign('consumer_description', $consumer_info['description']);
     $tpl->assign('access_duration', $accTokenValidity);
     $translator = new Translator();
     $translator->guessBestLanguage($person);
     $translator->decorateTemplate($tpl, 'oauth');
     $tpl->display('api/oauth_consent.tpl');
     break;
 case '/consent':
     $person = new Person();
     $auth_idp = new Confusa_Auth_IdP($person);
     $auth_idp->authenticate(FALSE);
     if (!$person->isAuth()) {
         header("HTTP/1.1 412 Precondition Failed");
         echo "May not call the consent endpoint before the user " . "authenticated with their IdP!";
         exit;
     }
     if ($_SESSION['oauth_authZ'] !== TRUE) {
         header("HTTP/1.1 412 Precondition Failed");
         echo "May not call the consent endpoint before the user " . "passed the authorization endpoint!";