예제 #1
0
 public static function isSignatureValid(sspmod_janus_REST_Request $request)
 {
     if (is_null($request->getKey())) {
         return false;
     }
     $config = sspmod_janus_DiContainer::getInstance()->getConfig();
     $user = new sspmod_janus_User();
     $user->setUserid($request->getKey());
     if (!$user->load(sspmod_janus_User::USERID_LOAD)) {
         return false;
     }
     sspmod_janus_DiContainer::preAuthenticate($user->getUserid(), 'RESTv1');
     $shared_secret = $user->getSecret();
     $data = $request->getRequestVars();
     // Sort params
     ksort($data);
     $concat_string = '';
     // Concat all params with values
     foreach ($data as $key => $value) {
         $concat_string .= $key . $value;
     }
     // Prepend shared secret
     $prepend_secret = $shared_secret . $concat_string;
     // Hash the string to the signature
     $calculated_signature = hash('sha512', $prepend_secret);
     return $request->getSignature() == $calculated_signature;
 }
 /**
  * Retrive all entities from database
  *
  * The method retrives all entities from the database together with the
  * newest revision id.
  *
  * @param string        $subject The message title
  * @param string        $message The mesage body
  * @param arrayt|string $address Address for which the messege is sent to
  * @param int           $from    Uid of user responsible for sending the message
  *
  * @return false|array All entities from the database
  */
 public function post($subject, $message, $address, $from)
 {
     $external_messengers = $this->_config->getArray('messenger.external', array());
     // Grab the user who send the message
     $user = new sspmod_janus_User($this->_config);
     $user->setUid($from);
     $user->load();
     // and prepend the userid to the message
     $message = 'User: '******'<br />' . $message;
     $addresses = array();
     if (!is_array($address)) {
         $addresses[] = $address;
     } else {
         $addresses = $address;
     }
     foreach ($addresses as $ad) {
         $subscripers = $this->_getSubscripers($ad);
         $subscripers[] = array('uid' => '0', 'type' => 'INBOX');
         foreach ($subscripers as $subscriper) {
             $st = self::execute('INSERT INTO `' . self::$prefix . 'message`
                 (
                 `uid`, 
                 `subject`, 
                 `message`, 
                 `from`, 
                 `subscription`, 
                 `created`, 
                 `ip`
                 ) VALUES (?, ?, ?, ?, ?, ?, ?);', array($subscriper['uid'], $subject, $message, $from, $ad, date('c'), $_SERVER['REMOTE_ADDR']));
             if ($st === false) {
                 SimpleSAML_Logger::error('JANUS: Error fetching all entities');
                 return false;
             }
             if (array_key_exists($subscriper['type'], $external_messengers)) {
                 $externalconfig = $external_messengers[$subscriper['type']];
                 try {
                     $messenger = sspmod_janus_Messenger::getInstance($externalconfig['class'], $externalconfig['option']);
                     $messenger->send(array('uid' => $subscriper['uid'], 'subject' => $subject, 'message' => $message, 'from' => $from, 'address' => $ad));
                 } catch (Exception $e) {
                     SimpleSAML_Logger::error('JANUS: Error sending external message. ' . var_export($messenger, true));
                 }
             }
         }
     }
     return true;
 }
 public static function method_getUser($data, &$status)
 {
     if (!isset($data["userid"])) {
         $status = 400;
         return '';
     }
     $config = SimpleSAML_Configuration::getConfig('module_janus.php');
     $user = new sspmod_janus_User($config->getValue('store'));
     $user->setUserid($data['userid']);
     $user->load(sspmod_janus_User::USERID_LOAD);
     $result = array();
     $result['uid'] = $user->getUid();
     $result['userid'] = $user->getUserid();
     $result['active'] = $user->getActive();
     $result['type'] = $user->getType();
     $result['data'] = $user->getdata();
     return $result;
 }
예제 #4
0
 /**
  * Get User information
  *
  * @access protected (see isProtected)
  * @static
  * @param array $data Request parameters for getUser method, supports:
  *                      - string $data['userid']: UserID (login name) to get data for
  * @param int $statusCode HTTP Status code to use in response
  * @return array|string User information
  */
 public static function method_getUser($data, &$statusCode)
 {
     if (!isset($data["userid"])) {
         $statusCode = 400;
         return '';
     }
     $config = sspmod_janus_DiContainer::getInstance()->getConfig();
     $user = new sspmod_janus_User();
     $user->setUserid($data['userid']);
     $user->load(sspmod_janus_User::USERID_LOAD);
     $result = array();
     $result['uid'] = $user->getUid();
     $result['userid'] = $user->getUserid();
     $result['active'] = $user->getActive();
     $result['type'] = $user->getType();
     $result['data'] = $user->getdata();
     return $result;
 }
예제 #5
0
파일: history.php 프로젝트: janus-ssp/janus
$securityContext = sspmod_janus_DiContainer::getInstance()->getSecurityContext();
if ((array_key_exists($userid, $allowedUsers) || $securityContext->isGranted('allentities')) && $securityContext->isGranted('entityhistory', $entity)) {
    $history_size = $mcontroller->getHistorySize();
    $history = $mcontroller->getHistory(10, $history_size);
    foreach ($history as $data) {
        $rid = $data->getRevisionid();
        $rnote = $data->getRevisionnote();
        $output .= '<section class="revision"><a href="?eid=' . $data->getEid() . '&revisionid=' . $rid . '">' . $et->t('tab_edit_entity_connection_revision') . ' ' . $rid . '</a>';
        if ($data->getRevisionid() !== $currentRevisionId) {
            $output .= ' - <a  class="janus_button" href="?compareRevision=true&amp;eid=' . $data->getEid() . '&amp;compareRevisiondid=' . $data->getRevisionid() . '&amp;revisionid=' . $currentRevisionId . '&amp;selectedtab=' . $historyTab . '">Revision history</a>';
        }
        $output .= strlen($rnote) > 80 ? ' - ' . substr($rnote, 0, 79) . '...' : ' - ' . $rnote;
        // Show edit user if present
        $user->setUid($data->getUser());
        if ($user->load()) {
            $output .= ' - ' . $user->getUserid();
        }
        $output .= ' - ' . date('Y-m-d H:i', strtotime($data->getCreated()));
        if (isset($workflowstates[$data->getWorkflow()]['name'][$et->getLanguage()])) {
            $curLang = $et->getLanguage();
        } else {
            $curLang = 'en';
        }
        if (isset($workflowstates[$data->getWorkflow()]['name'][$curLang])) {
            $output .= ' - ' . $workflowstates[$data->getWorkflow()]['name'][$curLang];
        } else {
            $output .= ' - ' . $data->getWorkflow();
        }
        $output .= '</revision>';
    }
} else {
예제 #6
0
function getMessage($params)
{
    if (!isset($params['mid'])) {
        return FALSE;
    }
    $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
    $pm = new sspmod_janus_Postman();
    $message = $pm->getMessage($params['mid']);
    if ($message['uid'] != $params['__uid'] && !$params['__superuser']) {
        echo json_encode(array('status' => 'permission_denied'));
        exit;
    }
    $user = new sspmod_janus_User();
    $user->setUid($message['from']);
    $user->load();
    $return = wordwrap($message['message'], 75, "\n", TRUE);
    return array('data' => $return, 'from' => htmlspecialchars($user->getUserid()), 'address' => htmlspecialchars($message['subscription']));
}
예제 #7
0
     }
     echo '</td></tr>';
 }
 echo '</tbody></table>';
 if ($this->data['security.context']->isGranted('addsubscriptions')) {
     echo '<h2>' . $this->t('text_subscription_add_header') . '</h2>';
     echo '<select name="subscriptions" id="subscriptions_select">';
     echo '<option> -- ' . $this->t('tab_edit_entity_select') . ' --</option>';
     foreach ($this->data['subscriptionList'] as $subscription) {
         $tmp = explode("-", $subscription);
         if ($tmp[0] == 'USER') {
             if (isset($tmp[1]) && ctype_digit((string) $tmp[1])) {
                 $user = new sspmod_janus_User($janus_config);
                 $user->setUid($tmp[1]);
                 $user->load();
                 $name = $tmp[0] . ' - ' . $user->getUserid();
             } else {
                 if (isset($tmp[1]) && $tmp[1] == 'NEW') {
                     $name = $tmp[0] . ' - ' . 'NEW';
                 } else {
                     $name = $tmp[0];
                 }
             }
         } else {
             if ($tmp[0] == 'ENTITYUPDATE') {
                 if (isset($tmp[1]) && ctype_digit((string) $tmp[1])) {
                     $entity = new sspmod_janus_Entity($janus_config);
                     $entity->setEid($tmp[1]);
                     try {
                         $entity->load();
                         $name = $tmp[0] . ' - ' . $entity->getEntityid();
예제 #8
0
파일: newUser.php 프로젝트: janus-ssp/janus
    exit;
}
$attributes = $as->getAttributes();
// Require that we can get this users id.
if (!isset($attributes[$userIdAttribute])) {
    throw new Exception('User ID is missing');
}
/** @var string $userId */
$userId = $attributes[$userIdAttribute][0];
if (isset($_POST['submit'])) {
    $csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider();
    if (!isset($_POST['csrf_token']) || !$csrf_provider->isCsrfTokenValid('add_user', $_POST['csrf_token'])) {
        SimpleSAML_Logger::warning('Janus: [SECURITY] CSRF token not found or invalid');
        throw new SimpleSAML_Error_BadRequest('Missing valid csrf token!');
    }
    // Create the user
    $user = new sspmod_janus_User($janusConfig->getValue('store'));
    $user->setUserid($userId);
    $user->setType($defaultUserType);
    $user->setActive('yes');
    $user->save();
    // Trigger an event
    $pm = new sspmod_janus_Postman();
    $pm->post('New user created', 'A new user has been created with username: '******'USER-NEW', $user->getUid());
}
$template = new SimpleSAML_XHTML_Template($sspConfig, 'janus:newuser.php', 'janus:newuser');
$template->data['userid'] = $userId;
if (isset($user)) {
    $template->data['user_created'] = TRUE;
}
$template->show();
 /**
  * Add the specified users to the entity
  *
  * @param string $eid The entity
  * @param string $uid The user to be added to the entity
  *
  * @return bool True on success and false on error
  * @since Method available since Release 1.0.0
  * @TODO Rename to addPermission or similar
  */
 public function addUserToEntity($eid, $uid)
 {
     $st = self::execute('INSERT INTO `' . self::$prefix . 'hasEntity`
             (`uid`, `eid`, `created`, `ip`)
         VALUES
             (?, ?, ?, ?);', array($uid, $eid, date('c'), $_SERVER['REMOTE_ADDR']));
     if ($st === false) {
         SimpleSAML_Logger::error('JANUS: Error fetching all entities');
         return false;
     }
     $user = new sspmod_janus_User($this->_config->getValue('store'));
     $user->setUid($uid);
     $user->load();
     $userid = $user->getUserid();
     return $userid;
 }
        if (isset($current['name'][$this->getLanguage()])) {
            $curLang = $this->getLanguage();
        } else {
            $curLang = 'en';
        }
        foreach ($history as $data) {
            echo '<a href="?eid=' . $data->getEid() . '&amp;revisionid=' . $data->getRevisionid() . '">' . $this->t('tab_edit_entity_connection_revision') . ' ' . $data->getRevisionid() . '</a>';
            if (strlen($data->getRevisionnote()) > 80) {
                echo ' - ' . substr($data->getRevisionnote(), 0, 79) . '...';
            } else {
                echo ' - ' . $data->getRevisionnote();
            }
            // Show edit user if present
            $user->setUid($data->getUser());
            if ($user->load()) {
                echo ' - ' . $user->getUserid();
            }
            echo ' - ' . date('Y-m-d H:i', strtotime($data->getCreated()));
            if (isset($wstates[$data->getWorkflow()]['name'][$curLang])) {
                echo ' - ' . $wstates[$data->getWorkflow()]['name'][$curLang];
            } else {
                echo ' - ' . $data->getWorkflow();
            }
            echo '<br />';
        }
        echo '<div id="historycontainer"><p>';
        echo $this->t('tab_edit_entity_loading_revisions');
        echo '</p></div>';
    }
} else {
    echo $this->t('error_no_access');
$authsource = $janus_config->getValue('auth', 'login-admin');
$useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
if ($session->isValid($authsource)) {
    $attributes = $session->getAttributes();
    // Check if userid exists
    if (!isset($attributes[$useridattr])) {
        throw new Exception('User ID is missing');
    }
    $userid = $attributes[$useridattr][0];
} else {
    SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php'));
}
$econtroller = new sspmod_janus_UserController($janus_config);
$usertypes = $janus_config->getValue('usertypes');
$et = new SimpleSAML_XHTML_Template($config, 'janus:newuser.php', 'janus:newuser');
if (isset($_POST['submit'])) {
    $user = new sspmod_janus_User($janus_config->getValue('store'));
    $user->setUserid($_POST['userid']);
    $user->setType($_POST['type']);
    $user->setActive('yes');
    $user->save();
    $et->data['user_created'] = TRUE;
    $pm = new sspmod_janus_Postman();
    $pm->post('New user created', 'A new user has been created with username: '******'USER-NEW', $user->getUid());
}
if (isset($_GET['userid'])) {
    $et->data['userid'] = $_GET['userid'];
}
$et->data['users'] = $econtroller->getUsers();
$et->data['usertypes'] = $usertypes;
$et->show();
function getMessage($params)
{
    if (!isset($params['mid'])) {
        return FALSE;
    }
    $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php');
    $pm = new sspmod_janus_Postman();
    $message = $pm->getMessage($params['mid']);
    $user = new sspmod_janus_User($janus_config->getValue('store'));
    $user->setUid($message['from']);
    $user->load();
    $return = wordwrap($message['message'], 75, "\n", TRUE);
    return array('data' => $return, 'from' => $user->getUserid(), 'address' => $message['subscription']);
}