public static function connectAccountToProfile($profileid, $id, $type, $name = null, $idptrace = array()) { //Check if this user account is already connected to a profile $user = SamlAuth::getUserByAccountValues($id, $type); if ($user !== null) { return; } $uaccount = new Default_Model_UserAccount(); $uaccount->researcherID = $profileid; $uaccount->accountID = $id; $uaccount->accountTypeID = $type; $uaccount->accountName = $name; $uaccount->IDPTrace = $idptrace; $uaccount->save(); $try_count = 0; while ($try_count < 10) { $uaccounts = new Default_Model_UserAccounts(); $uaccounts->filter->id->equals($uaccount->id); if (count($uaccounts->items) > 0) { break; } $try_count += 1; sleep(1); } }
public function postconnectAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $referer = trim($this->session->connectreferer); if (trim($referer) === "") { $referer = $_SERVER["HTTP_REFERER"]; $this->session->connectreferer = $referer; } if (trim($referer) === "") { $referer = "https://" . $_SERVER["HTTP_HOST"]; } //check if user is loggedin if (isset($this->session->userid) === false || is_numeric($this->session->userid) === false || intval($this->session->userid) <= 0) { header("Location: " . $referer); return; } //Check if source is given $source = trim($this->_getParam("source")); if ($source == "") { header("Location: https://" . $_SERVER["HTTP_HOST"]); return; } $this->session->connectdaccountsource = $source; $authsource = str_replace("-sp", "", strtolower(trim($source))); $connectedsource = str_replace("-sp", "-connect", strtolower(trim($source))); require_once SamlAuth::LIB_AUTOLOAD; //Initialize SAML $config = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php'); $t->data['sources'] = SimpleSAML_Auth_Source::getSourcesMatch('-connect'); if (!in_array($connectedsource, $t->data['sources'])) { header("Location: " . $referer); return; } //SAML Authentication new user account for connection $as = new SimpleSAML_Auth_Simple($connectedsource); $attributes = $as->getAttributes(); $uid = $attributes['idp:uid'][0]; if (trim($uid) == "") { $this->session->userError = array("title" => "New Account Connection", "message" => "Could not connect with new user account. Not enough information returned from account provider."); $this->_helper->redirector('postconnected'); return; } //Check if user is already connected to the requested account //If true redirect the user to the previous location (referer) $uaccount = AccountConnect::isConnectedTo($this->session, $uid, $authsource); if ($uaccount !== false) { $this->_helper->redirector('postconnected'); return; } else { //Check if this account is already connected to another profile $user = SamlAuth::getUserByAccountValues($uid, $authsource); if ($user !== null && $user->id != $this->session->userid) { $this->session->userError = array("title" => "Could not connect to " . str_replace("-", " ", $authsource) . " account", "message" => "The " . str_replace("-", " ", $authsource) . " account you tried to connect your profile to is already connected to another user profile."); $this->_helper->redirector('postconnected'); return; } } //Build account name for user account $userFirstName = isset($attributes["idp:givenName"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:givenName"][0] : ""; $userLastName = isset($attributes["idp:sn"]) === true && count($attributes["idp:givenName"]) > 0 ? $attributes["idp:sn"][0] : ""; $userFullName = trim($userFirstName . " " . $userLastName); $idptrace = isset($attributes["idp:traceidp"]) === true && count($attributes["idp:traceidp"]) > 0 ? $attributes["idp:traceidp"] : array(); if ($userFullName === "") { $userFullName = null; } //Do the account connection AccountConnect::connectAccountToProfile($this->session->userid, $uid, $authsource, $userFullName, $idptrace); //Update connected user accounts $this->session->currentUserAccounts = SamlAuth::getUserAccountsByUser($this->session->userid, true); //redirect to post connected action to logout connected account $this->_helper->redirector('postconnected'); }