예제 #1
0
 public static function isSignatureValid(sspmod_janus_REST_Request $request)
 {
     if (is_null($request->getKey())) {
         return false;
     }
     $config = sspmod_janus_DiContainer::getInstance()->getConfig();
     $user = new sspmod_janus_User();
     $user->setUserid($request->getKey());
     if (!$user->load(sspmod_janus_User::USERID_LOAD)) {
         return false;
     }
     sspmod_janus_DiContainer::preAuthenticate($user->getUserid(), 'RESTv1');
     $shared_secret = $user->getSecret();
     $data = $request->getRequestVars();
     // Sort params
     ksort($data);
     $concat_string = '';
     // Concat all params with values
     foreach ($data as $key => $value) {
         $concat_string .= $key . $value;
     }
     // Prepend shared secret
     $prepend_secret = $shared_secret . $concat_string;
     // Hash the string to the signature
     $calculated_signature = hash('sha512', $prepend_secret);
     return $request->getSignature() == $calculated_signature;
 }
 public function send(array $data)
 {
     $user = new sspmod_janus_User($this->_config);
     $user->setUid($data['uid']);
     $user->load();
     $to = $user->getEmail();
     $subject = '[JANUS] ' . $data['subject'];
     $body = $data['message'];
     if (!mail($to, $subject, $body, $this->_headers)) {
         throw new Exception('Could not send mail - ' . var_export($data, true));
     }
     return true;
 }
 /**
  * Retrive all entities from database
  *
  * The method retrives all entities from the database together with the
  * newest revision id.
  *
  * @param string        $subject The message title
  * @param string        $message The mesage body
  * @param arrayt|string $address Address for which the messege is sent to
  * @param int           $from    Uid of user responsible for sending the message
  *
  * @return false|array All entities from the database
  */
 public function post($subject, $message, $address, $from)
 {
     $external_messengers = $this->_config->getArray('messenger.external', array());
     // Grab the user who send the message
     $user = new sspmod_janus_User($this->_config);
     $user->setUid($from);
     $user->load();
     // and prepend the userid to the message
     $message = 'User: '******'<br />' . $message;
     $addresses = array();
     if (!is_array($address)) {
         $addresses[] = $address;
     } else {
         $addresses = $address;
     }
     foreach ($addresses as $ad) {
         $subscripers = $this->_getSubscripers($ad);
         $subscripers[] = array('uid' => '0', 'type' => 'INBOX');
         foreach ($subscripers as $subscriper) {
             $st = self::execute('INSERT INTO `' . self::$prefix . 'message`
                 (
                 `uid`, 
                 `subject`, 
                 `message`, 
                 `from`, 
                 `subscription`, 
                 `created`, 
                 `ip`
                 ) VALUES (?, ?, ?, ?, ?, ?, ?);', array($subscriper['uid'], $subject, $message, $from, $ad, date('c'), $_SERVER['REMOTE_ADDR']));
             if ($st === false) {
                 SimpleSAML_Logger::error('JANUS: Error fetching all entities');
                 return false;
             }
             if (array_key_exists($subscriper['type'], $external_messengers)) {
                 $externalconfig = $external_messengers[$subscriper['type']];
                 try {
                     $messenger = sspmod_janus_Messenger::getInstance($externalconfig['class'], $externalconfig['option']);
                     $messenger->send(array('uid' => $subscriper['uid'], 'subject' => $subject, 'message' => $message, 'from' => $from, 'address' => $ad));
                 } catch (Exception $e) {
                     SimpleSAML_Logger::error('JANUS: Error sending external message. ' . var_export($messenger, true));
                 }
             }
         }
     }
     return true;
 }
 public static function method_getUser($data, &$status)
 {
     if (!isset($data["userid"])) {
         $status = 400;
         return '';
     }
     $config = SimpleSAML_Configuration::getConfig('module_janus.php');
     $user = new sspmod_janus_User($config->getValue('store'));
     $user->setUserid($data['userid']);
     $user->load(sspmod_janus_User::USERID_LOAD);
     $result = array();
     $result['uid'] = $user->getUid();
     $result['userid'] = $user->getUserid();
     $result['active'] = $user->getActive();
     $result['type'] = $user->getType();
     $result['data'] = $user->getdata();
     return $result;
 }
예제 #5
0
 /**
  * Get User information
  *
  * @access protected (see isProtected)
  * @static
  * @param array $data Request parameters for getUser method, supports:
  *                      - string $data['userid']: UserID (login name) to get data for
  * @param int $statusCode HTTP Status code to use in response
  * @return array|string User information
  */
 public static function method_getUser($data, &$statusCode)
 {
     if (!isset($data["userid"])) {
         $statusCode = 400;
         return '';
     }
     $config = sspmod_janus_DiContainer::getInstance()->getConfig();
     $user = new sspmod_janus_User();
     $user->setUserid($data['userid']);
     $user->load(sspmod_janus_User::USERID_LOAD);
     $result = array();
     $result['uid'] = $user->getUid();
     $result['userid'] = $user->getUserid();
     $result['active'] = $user->getActive();
     $result['type'] = $user->getType();
     $result['data'] = $user->getdata();
     return $result;
 }
 public static function isSignatureValid(sspmod_janus_REST_Request $request)
 {
     if (is_null($request->getKey())) {
         return false;
     }
     $config = SimpleSAML_Configuration::getConfig('module_janus.php');
     $user = new sspmod_janus_User($config->getValue('store'));
     $user->setUserid($request->getKey());
     $user->load(sspmod_janus_User::USERID_LOAD);
     $shared_secret = $user->getSecret();
     $data = $request->getRequestVars();
     // Sort params
     ksort($data);
     $concat_string = '';
     // Concat all params with values
     foreach ($data as $key => $value) {
         $concat_string .= $key . $value;
     }
     // Prepend shared secret
     $prepend_secret = $shared_secret . $concat_string;
     // Hash the string to the signature
     $calculated_signature = hash('sha512', $prepend_secret);
     return $request->getSignature() == $calculated_signature;
 }
예제 #7
0
파일: history.php 프로젝트: janus-ssp/janus
    $attributes = $as->getAttributes();
    // Check if userid exists
    if (!isset($attributes[$useridattr])) {
        throw new Exception('User ID is missing');
    }
    $userid = $attributes[$useridattr][0];
} else {
    echo $et->t('error_no_access');
    exit;
}
// Get Entity controller
$mcontroller = sspmod_janus_DiContainer::getInstance()->getEntityController();
// Get the user
$user = new sspmod_janus_User();
$user->setUserid($userid);
$user->load(sspmod_janus_User::USERID_LOAD);
$eid = $_GET['eid'];
$currentRevisionId = $_GET['currentRevisionId'];
$historyTab = $_GET['historyTab'];
if (!($entity = $mcontroller->setEntity($eid))) {
    throw new SimpleSAML_Error_Exception('Error in setEntity');
}
$workflowstates = $janus_config->getValue('workflowstates');
// load entity
$mcontroller->loadEntity();
// Check if user is allowed to se entity
$allowedUsers = $mcontroller->getUsers();
$output = '';
$securityContext = sspmod_janus_DiContainer::getInstance()->getSecurityContext();
if ((array_key_exists($userid, $allowedUsers) || $securityContext->isGranted('allentities')) && $securityContext->isGranted('entityhistory', $entity)) {
    $history_size = $mcontroller->getHistorySize();
예제 #8
0
function addUserToEntity($params)
{
    if (!isset($params['eid']) || !isset($params['uid'])) {
        return FALSE;
    }
    $eid = $params['eid'];
    $uid = $params['uid'];
    # security hack - uid is actually userid ie. user@example.com - convert it to a janus uid as expected for further processing
    $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
    $user = new sspmod_janus_User();
    $user->setUserid($uid);
    if ($user->load(sspmod_janus_User::USERID_LOAD) === false) {
        echo json_encode(array('status' => 'Unknown user'));
        exit;
    }
    $actual_uid = $user->getUid();
    $util = new sspmod_janus_AdminUtil();
    try {
        if (!($userid = $util->addUserToEntity($eid, $actual_uid))) {
            return FALSE;
        }
    } catch (Exception $e) {
        echo json_encode(array('status' => 'An unspecified error occurred'));
        exit;
    }
    return array('eid' => $eid, 'uid' => $actual_uid, 'userid' => $userid);
}
    }
    return FALSE;
}
$mcontrol = new sspmod_janus_UserController($janus_config);
$pm = new sspmod_janus_Postman();
if (!($user = $mcontrol->setUser($userid))) {
    throw new SimpleSAML_Error_Exception('Error in setUser');
}
$selectedtab = isset($_REQUEST['selectedtab']) ? $_REQUEST['selectedtab'] : 1;
if (isset($_POST['add_usersubmit'])) {
    if (empty($_POST['userid']) || empty($_POST['type'])) {
        $msg = 'error_user_not_created_due_params';
    } else {
        $check_user = new sspmod_janus_User($janus_config->getValue('store'));
        $check_user->setUserid($_POST['userid']);
        if ($check_user->load(sspmod_janus_User::USERID_LOAD) != FALSE) {
            $msg = 'error_user_already_exists';
        } else {
            $new_user = new sspmod_janus_User($janus_config->getValue('store'));
            $new_user->setUserid($_POST['userid']);
            $new_user->setType($_POST['type']);
            if (isset($_POST['active']) && $_POST['active'] == 'on') {
                $active = 'yes';
            } else {
                $active = 'no';
            }
            $new_user->setActive($active);
            $new_user->setData($_POST['userdata']);
            if (!$new_user->save()) {
                $msg = 'error_user_not_created';
            } else {
예제 #10
0
         echo '  <a id="edit_subscription_link_' . $subscription['sid'] . '" class="janus_button" onclick="editSubscription(' . $this->data['user']->getUid() . ', ' . $subscription['sid'] . ');">' . $this->t('admin_edit') . '</a>';
     }
     echo '</td></tr>';
 }
 echo '</tbody></table>';
 if ($this->data['security.context']->isGranted('addsubscriptions')) {
     echo '<h2>' . $this->t('text_subscription_add_header') . '</h2>';
     echo '<select name="subscriptions" id="subscriptions_select">';
     echo '<option> -- ' . $this->t('tab_edit_entity_select') . ' --</option>';
     foreach ($this->data['subscriptionList'] as $subscription) {
         $tmp = explode("-", $subscription);
         if ($tmp[0] == 'USER') {
             if (isset($tmp[1]) && ctype_digit((string) $tmp[1])) {
                 $user = new sspmod_janus_User($janus_config);
                 $user->setUid($tmp[1]);
                 $user->load();
                 $name = $tmp[0] . ' - ' . $user->getUserid();
             } else {
                 if (isset($tmp[1]) && $tmp[1] == 'NEW') {
                     $name = $tmp[0] . ' - ' . 'NEW';
                 } else {
                     $name = $tmp[0];
                 }
             }
         } else {
             if ($tmp[0] == 'ENTITYUPDATE') {
                 if (isset($tmp[1]) && ctype_digit((string) $tmp[1])) {
                     $entity = new sspmod_janus_Entity($janus_config);
                     $entity->setEid($tmp[1]);
                     try {
                         $entity->load();
예제 #11
0
    // Check if userid exists
    if (!isset($attributes[$useridattr])) {
        throw new Exception('User ID is missing');
    }
    $userid = $attributes[$useridattr][0];
} else {
    $returnURL = $session->getData('string', 'refURL');
    if (is_null($returnURL)) {
        $returnURL = SimpleSAML_Utilities::selfURL();
    } else {
        $session->deleteData('string', 'refURL');
    }
    SimpleSAML_Auth_Default::initLogin($authsource, $returnURL, NULL, $_GET);
}
$user = new sspmod_janus_User();
$user->setUserid($userid);
if (!$user->load(sspmod_janus_User::USERID_LOAD)) {
    $autocreatenewuser = $janus_config->getValue('user.autocreate', false);
    if ($autocreatenewuser) {
        SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/newUser.php'), array('userid' => $userid));
    } else {
        SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/noNewUser.php'), array('userid' => $userid));
    }
} else {
    if ($user->getActive() === 'yes') {
        SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/dashboard.php/entities'));
    } else {
        $session->doLogout();
        SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php?error=error_index_user_inactive'));
    }
}
 /**
  * Add the specified users to the entity
  *
  * @param string $eid The entity
  * @param string $uid The user to be added to the entity
  *
  * @return bool True on success and false on error
  * @since Method available since Release 1.0.0
  * @TODO Rename to addPermission or similar
  */
 public function addUserToEntity($eid, $uid)
 {
     $st = self::execute('INSERT INTO `' . self::$prefix . 'hasEntity`
             (`uid`, `eid`, `created`, `ip`)
         VALUES
             (?, ?, ?, ?);', array($uid, $eid, date('c'), $_SERVER['REMOTE_ADDR']));
     if ($st === false) {
         SimpleSAML_Logger::error('JANUS: Error fetching all entities');
         return false;
     }
     $user = new sspmod_janus_User($this->_config->getValue('store'));
     $user->setUid($uid);
     $user->load();
     $userid = $user->getUserid();
     return $userid;
 }
 /**
  * Retrive all users in the system
  *
  * The method will retrive all users in the system. NOTE this method will be
  * moved/rewritten in the future.
  *
  * @return array All users in the system
  */
 public function getUsers()
 {
     $st = $this->execute('SELECT * FROM ' . self::$prefix . 'user;');
     $rs = $st->fetchAll(PDO::FETCH_ASSOC);
     $users = array();
     foreach ($rs as $row) {
         $user = new sspmod_janus_User($this->_config->getValue('store'));
         $user->setUid($row['uid']);
         $user->load();
         $users[] = $user;
     }
     return $users;
 }
        $wstates = $janus_config->getArray('workflowstates');
        if (isset($current['name'][$this->getLanguage()])) {
            $curLang = $this->getLanguage();
        } else {
            $curLang = 'en';
        }
        foreach ($history as $data) {
            echo '<a href="?eid=' . $data->getEid() . '&amp;revisionid=' . $data->getRevisionid() . '">' . $this->t('tab_edit_entity_connection_revision') . ' ' . $data->getRevisionid() . '</a>';
            if (strlen($data->getRevisionnote()) > 80) {
                echo ' - ' . substr($data->getRevisionnote(), 0, 79) . '...';
            } else {
                echo ' - ' . $data->getRevisionnote();
            }
            // Show edit user if present
            $user->setUid($data->getUser());
            if ($user->load()) {
                echo ' - ' . $user->getUserid();
            }
            echo ' - ' . date('Y-m-d H:i', strtotime($data->getCreated()));
            if (isset($wstates[$data->getWorkflow()]['name'][$curLang])) {
                echo ' - ' . $wstates[$data->getWorkflow()]['name'][$curLang];
            } else {
                echo ' - ' . $data->getWorkflow();
            }
            echo '<br />';
        }
        echo '<div id="historycontainer"><p>';
        echo $this->t('tab_edit_entity_loading_revisions');
        echo '</p></div>';
    }
} else {
function editUser($params)
{
    if (empty($params['uid']) || empty($params['userid']) || !isset($params['active']) || empty($params['type'])) {
        return array('status' => 'missing_param');
    }
    $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php');
    $uid = $params['uid'];
    $user = new sspmod_janus_User($janus_config->getValue('store'));
    $user->setUid($uid);
    $user->load(sspmod_janus_User::UID_LOAD);
    $user->setActive($params['active']);
    $user->setUserid($params['userid']);
    $user->setType($params['type']);
    $user->save();
    return array('uid' => $uid);
}
예제 #16
0
 /**
  * Retrive all users in the system
  *
  * The method will retrive all users in the system. NOTE this method will be
  * moved/rewritten in the future.
  *
  * @return array All users in the system
  */
 public function getUsers()
 {
     $st = $this->execute('SELECT * FROM ' . $this->getTablePrefix() . 'user ORDER BY `userid`;');
     $rs = $st->fetchAll(PDO::FETCH_ASSOC);
     $users = array();
     foreach ($rs as $row) {
         $user = new sspmod_janus_User();
         $user->setUid($row['uid']);
         $user->load();
         $users[] = $user;
     }
     return $users;
 }