public static function isSignatureValid(sspmod_janus_REST_Request $request)
{
if (is_null($request->getKey())) {
return false;
}
$config = sspmod_janus_DiContainer::getInstance()->getConfig();
$user = new sspmod_janus_User();
$user->setUserid($request->getKey());
if (!$user->load(sspmod_janus_User::USERID_LOAD)) {
return false;
}
sspmod_janus_DiContainer::preAuthenticate($user->getUserid(), 'RESTv1');
$shared_secret = $user->getSecret();
$data = $request->getRequestVars();
// Sort params
ksort($data);
$concat_string = '';
// Concat all params with values
foreach ($data as $key => $value) {
$concat_string .= $key . $value;
}
// Prepend shared secret
$prepend_secret = $shared_secret . $concat_string;
// Hash the string to the signature
$calculated_signature = hash('sha512', $prepend_secret);
return $request->getSignature() == $calculated_signature;
}
protected function _loadEntityMetadata($entityId)
{
$janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$entityController->setEntity($entityId);
$entityController->loadEntity();
$this->_entityMetadata = $entityController->getMetaArray();
}
protected function _loadEntity($entityId)
{
$janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$entityController->setEntity($entityId);
$entityController->loadEntity();
$this->_entityController = $entityController;
return $entityController ? true : false;
}
public function validate()
{
$entityType = $this->_entityController->getEntity()->getType();
$config = sspmod_janus_DiContainer::getInstance()->getConfig();
if ($entityType == 'saml20-idp') {
$idpMetadataConfig = $this->_loadExpandedMetadataConfig($config->getArray('metadatafields.saml20-idp'));
$this->_validate($idpMetadataConfig);
} else {
if ($entityType == 'saml20-sp') {
$spMetadataConfig = $this->_loadExpandedMetadataConfig($config->getArray('metadatafields.saml20-sp'));
$this->_validate($spMetadataConfig);
} else {
$_errors[] = 'Unknown Entity Type';
}
}
}
protected function _loadEntityCertificate($entityId)
{
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$entityController->setEntity($entityId);
$entityController->loadEntity();
try {
$certificate = $entityController->getCertificate();
} catch (Exception $e) {
$this->_response->Errors[] = "Certificate data invalid!";
return false;
}
if (!$certificate) {
$this->_response->Warnings[] = "No certificate data for this entity";
return false;
}
$this->_certificate = $certificate;
return true;
}
function addRevisionCompare(SimpleSAML_XHTML_Template $et, $eid)
{
$connectionService = sspmod_janus_DiContainer::getInstance()->getConnectionService();
$serializer = sspmod_janus_DiContainer::getInstance()->getSerializerBuilder();
$latestRevisionNr = 0;
$revisions = $connectionService->findRevisionsByEid($eid, history_limit(), history_offset());
$revisionsData = array();
foreach ($revisions as $revision) {
$json = $serializer->serialize($revision, 'json', SerializationContext::create()->setGroups(array('compare')));
// we need to sanitize the JSON otherwise the compare display breaks
$json = str_replace(array('\\n', '\\r', '\\t', '\\x09'), '', $json);
$revisionsData[] = array('revision' => $revision, 'json' => $json);
$latestRevisionNr = $revision->getRevisionNr() > $latestRevisionNr ? $revision->getRevisionNr() : $latestRevisionNr;
}
if (history_offset() > 0) {
$et->data['history_prev_offset'] = history_prev();
}
if (count($revisions) === history_limit()) {
$et->data['history_next_offset'] = history_next();
}
$et->data['revisions'] = $revisionsData;
$et->data['latestRevisionNbr'] = $latestRevisionNr;
}
protected function _isExecuteRequired($cronTag)
{
$janusConfig = sspmod_janus_DiContainer::getInstance()->getConfig();
$cronTags = $janusConfig->getArray(self::CONFIG_WITH_TAGS_TO_RUN_ON, array());
if (!in_array($cronTag, $cronTags)) {
return false;
// Nothing to do: it's not our time
}
return true;
}
/**
* Tries to load Pretty name from cache.
*
* @param string $fieldname
* @return array|bool
*/
private function loadPrettyNameFromCache($fieldname)
{
$cacheProvider = sspmod_janus_DiContainer::getInstance()->getCacheProvider();
$id = $this->_id;
$eid = $this->_eid;
$revisionId = $this->_revisionid;
// Try to get result from cache
$cacheKey = 'entity-prettyname' . $eid . '-' . $revisionId;
$cachedResult = $cacheProvider->fetch($cacheKey);
if ($cachedResult !== false) {
return $cachedResult;
}
$rows = $this->_loadPrettyNameFromDatabase($id, $fieldname);
if (!is_array($rows)) {
return false;
}
// Store entity pretty nane in cache, note that this does not have to be flushed since a new revision
// will trigger a new version of the cache anyway
$cacheProvider->save($cacheKey, $rows);
return $rows;
}
/**
* Creates a new administrator utility.
*
* @since Method available since Release 1.0.0
*/
public function __construct()
{
$this->_config = sspmod_janus_DiContainer::getInstance()->getConfig();
}
<?php
/** @var $this SimpleSAML_XHTML_Template */
$csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider();
$this->data['jquery'] = array('version' => '1.6', 'core' => TRUE, 'ui' => TRUE, 'css' => TRUE);
$this->data['head'] = '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/style.css" />' . "\n";
$this->data['head'] = '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/import.css" />' . "\n";
$this->includeAtTemplateBase('includes/header.php');
if (isset($this->data['message']) && substr($this->data['message'], 0, 5) === 'error') {
?>
<h2 class="editentity_error"><?php
echo $this->t('error_header');
?>
</h2>
<p><?php
echo $this->t($this->data['message']);
?>
</p>
<?php
}
?>
<hr>
<?php
if ($this->data['update']) {
?>
<h3><?php
echo $this->t('text_apply_following_changes');
?>
</h3>
<div id="changes">
/**
* Does the Identity Provider allow a particular connection?
*
* @static
* @param string sspmod_janus_Entity $sp Service Provider to check for
* @param string sspmod_janus_Entity $idp Identity Provider to check against
* @return bool Is the connection allowed?
*/
protected static function _checkIdPMetadataIsConnectionAllowed(sspmod_janus_Entity $sp, sspmod_janus_Entity $idp)
{
$idpController = sspmod_janus_DiContainer::getInstance()->getEntityController();
$idpController->setEntity($idp);
$spEid = $sp->getEid();
if ($idpController->getAllowedAll() === "yes") {
return true;
}
$allowedSps = $idpController->getAllowedEntities();
if (count($allowedSps) > 0 && array_key_exists($spEid, $allowedSps)) {
return true;
}
$blockedSps = $idpController->getBlockedEntities();
if (count($blockedSps) > 0 && !array_key_exists($spEid, $blockedSps)) {
return true;
}
return false;
}
<?php
use Symfony\Component\HttpFoundation\Request;
// If you don't want to setup permissions the proper way, just uncomment the following PHP line
// read http://symfony.com/doc/current/book/installation.html#configuration-and-setup for more information
//umask(0000);
// This check prevents access to debug front controllers that are deployed by accident to production servers.
// Feel free to remove this, extend it, or make something more sophisticated.
// Custom: require Vhost to state that this can be used by setting:
// SetEnv SFDEV 1
if (!getenv('SFDEV')) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this file. Check ' . basename(__FILE__) . ' for more information.');
}
$loader = (require_once __DIR__ . '/../app/autoload.php');
require_once __DIR__ . '/../app/AppKernel.php';
// Also load the SSP autoloader to support SSP login (see Janus/ServiceRegistry/Security/)
require_once __DIR__ . '/../../../vendor/autoload.php';
$kernel = new AppKernel('dev', true);
sspmod_janus_DiContainer::registerAppKernel($kernel);
Request::enableHttpMethodParameterOverride();
$request = Request::createFromGlobals();
/** @var \Symfony\Component\HttpFoundation\Response $response */
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);
private static function getMetadata($eid, $revision, $type = null, array $option = null)
{
assert('ctype_digit($eid)');
assert('ctype_digit($revision)');
$janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$entityController = sspmod_janus_DiContainer::getInstance()->getEntityController();
if (!($entity = $entityController->setEntity($eid, $revision))) {
self::$_error = array('Entity could not be loaded - Eid: ' . $eid . ' Revisionid: ' . $revision);
return false;
}
$metadata_raw = $entityController->getMetadata();
// Get metadata fields
$nm_mb = new sspmod_janus_MetadataFieldBuilder($janus_config->getArray('metadatafields.' . $entity->getType()));
$metadatafields_required = $nm_mb->getMetadataFields();
// Get required metadata fields
$required = array();
foreach ($metadatafields_required as $mf) {
if (isset($mf->required) && $mf->required === true) {
$required[] = $mf->name;
}
}
// Get metadata to me tested
$metadata = array();
foreach ($metadata_raw as $k => $v) {
// Metadata field not defined
if (!isset($metadatafields_required[$v->getKey()])) {
continue;
}
// Value not set for metadata
if (is_string($v->getValue()) && $v->getValue() == '') {
continue;
}
// Compute is the default values is allowed
$default_allow = false;
if (isset($metadatafields_required[$v->getKey()]->default_allow) && is_bool($metadatafields_required[$v->getKey()]->default_allow)) {
$default_allow = $metadatafields_required[$v->getKey()]->default_allow;
}
/*
* Do not include metadata if value is set to default and default
* is not allowed.
*/
if (!$default_allow && (isset($metadatafields_required[$v->getKey()]->default) && $v->getValue() == $metadatafields_required[$v->getKey()]->default)) {
continue;
}
$metadata[] = $v->getKey();
}
// Compute missing metadata that is required
$missing_required = array_diff($required, $metadata);
$entityId = $entity->getEntityid();
if (!empty($missing_required)) {
SimpleSAML_Logger::error('JANUS - Missing required metadata fields. Entity_id:' . $entityId);
self::$_error = $missing_required;
return false;
}
try {
$metaArray = $entityController->getMetaArray();
$metaArray['eid'] = $eid;
$blockedEntities = $entityController->getBlockedEntities();
$allowedEntities = $entityController->getAllowedEntities();
$disabledConsent = $entityController->getDisableConsent();
$metaFlat = '// Revision: ' . $entity->getRevisionid() . "\n";
$metaFlat .= var_export($entityId, TRUE) . ' => ' . var_export($metaArray, TRUE) . ',';
// Add authproc filter to block blocked entities
if (!empty($blockedEntities) || !empty($allowedEntities)) {
$metaFlat = substr($metaFlat, 0, -2);
if (!empty($allowedEntities)) {
$metaFlat .= " 'allowed' => array(\n";
$metaArray['allowed'] = array();
foreach ($allowedEntities as $allowedEntity) {
$metaFlat .= " '" . $allowedEntity['remoteentityid'] . "',\n";
$metaArray['allowed'][] = $allowedEntity['remoteentityid'];
}
$metaFlat .= " ),\n";
}
if (!empty($blockedEntities)) {
$metaFlat .= " 'blocked' => array(\n";
$metaArray['blocked'] = array();
foreach ($blockedEntities as $blockedEntity) {
$metaFlat .= " '" . $blockedEntity['remoteentityid'] . "',\n";
$metaArray['blocked'][] = $blockedEntity['remoteentityid'];
}
$metaFlat .= " ),\n";
}
$metaFlat .= '),';
}
// Add disable consent
if (!empty($disabledConsent)) {
$metaFlat = substr($metaFlat, 0, -2);
$metaFlat .= " 'consent.disable' => array(\n";
foreach ($disabledConsent as $key => $value) {
$metaFlat .= " '" . $key . "',\n";
}
$metaFlat .= " ),\n";
$metaFlat .= '),';
}
$maxCache = isset($option['maxCache']) ? $option['maxCache'] : null;
$maxDuration = isset($option['maxDuration']) ? $option['maxDuration'] : null;
try {
$metaBuilder = new SimpleSAML_Metadata_SAMLBuilder($entityId, $maxCache, $maxDuration);
$metaBuilder->addMetadata($metaArray['metadata-set'], $metaArray);
} catch (Exception $e) {
SimpleSAML_Logger::error('JANUS - Entity_id:' . $entityId . ' - Error generating XML metadata - ' . var_export($e, true));
self::$_error = array('Error generating XML metadata - ' . $e->getMessage());
return false;
}
// Add organization info
if (!empty($metaArray['OrganizationName']) && !empty($metaArray['OrganizationDisplayName']) && !empty($metaArray['OrganizationURL'])) {
$metaBuilder->addOrganizationInfo(array('OrganizationName' => $metaArray['OrganizationName'], 'OrganizationDisplayName' => $metaArray['OrganizationDisplayName'], 'OrganizationURL' => $metaArray['OrganizationURL']));
}
// Add contact info
if (!empty($metaArray['contact'])) {
$metaBuilder->addContact('technical', $metaArray['contact']);
}
switch ($type) {
case self::XML:
return $metaBuilder->getEntityDescriptor();
case self::XMLREADABLE:
return $metaBuilder->getEntityDescriptorText();
case self::PHPARRAY:
return $metaArray;
case self::FLATFILE:
default:
return $metaFlat;
}
} catch (Exception $exception) {
$session = SimpleSAML_Session::getInstance();
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'JANUS - Metadatageneration', $exception);
return false;
}
}
<?php
/*
* Generate metadata
*
* @author Jacob Christiansen, <*****@*****.**>
* @package SimpleSAMLphp
* @subpackeage JANUS
*/
require __DIR__ . '/_includes.php';
/* Load simpleSAMLphp, configuration and metadata */
$session = SimpleSAML_Session::getSessionFromRequest();
$config = SimpleSAML_Configuration::getInstance();
$janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$authsource = $janus_config->getValue('auth', 'login-admin');
$useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName');
$as = new SimpleSAML_Auth_Simple($authsource);
if ($as->isAuthenticated()) {
$attributes = $as->getAttributes();
// Check if userid exists
if (!isset($attributes[$useridattr])) {
throw new Exception('User ID is missing');
}
$userid = $attributes[$useridattr][0];
} else {
$session->setData('string', 'refURL', SimpleSAML_Utilities::selfURL());
SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php'));
}
if (isset($_GET['eid'])) {
$eid = $_GET['eid'];
} else {
/**
* Create new entity with parsed entityid
*
* Create a new entity and give the user access to the entity.
*
* @param string $entityid Entity id for the new entity
* @param string $type Entity type
* @param string $metadataUrl The -optional- metadata url for the new entity
*
* @return sspmod_janus_Entity|bool Returns the entity or false on error.
* @since Method available since Release 1.0.0
*/
public function createNewEntity($entityid, $type, $metadataUrl = null)
{
assert('is_string($entityid)');
assert('is_string($type)');
if ($this->isEntityIdInUse($entityid, $errorMessage)) {
return $errorMessage;
}
$startstate = $this->_config->getString('workflowstate.default');
// Instantiate a new entity
$entity = new sspmod_janus_Entity($this->_config, true);
$entity->setEntityid($entityid);
$entity->setWorkflow($startstate);
$entity->setType($type);
$entity->setUser($this->_user->getUid());
$entity->setRevisionnote('Entity created.');
if ($metadataUrl) {
$entity->setMetadataURL($metadataUrl);
}
$entity->save(array());
$adminUtil = new sspmod_janus_AdminUtil();
$adminUtil->addUserToEntity($entity->getEid(), $this->_user->getUid());
$ec = sspmod_janus_DiContainer::getInstance()->getEntityController();
$ec->setEntity($entity);
$update = false;
// Get metadatafields for new type
$nm_mb = new sspmod_janus_MetadataFieldBuilder($this->_config->getArray('metadatafields.' . $type));
$metadatafields = $nm_mb->getMetadataFields();
// Add all required fileds
foreach ($metadatafields as $mf) {
if (isset($mf->required) && $mf->required === true) {
$ec->addMetadata($mf->name, $mf->default);
$update = true;
}
}
if ($update === true) {
$ec->saveEntity();
}
// Reset list of entities
$this->_entities = null;
$this->_loadEntities();
return $entity->getEid();
}
/**
* @param array $types
* @throws InvalidArgumentException
*/
private function validateUserTypes(array $types)
{
$config = sspmod_janus_DiContainer::getInstance()->getConfig();
$allowedTypes = $config->getArray('usertypes');
foreach ($types as $type) {
if (!in_array($type, $allowedTypes)) {
throw new \InvalidArgumentException("User Type '{$type}' is not allowed");
}
}
}
/**
* Returns prefix for tables
*
* @return string
*/
public function getTablePrefix()
{
static $tablePrefix;
if (!$tablePrefix) {
$tablePrefix = sspmod_janus_DiContainer::getInstance()->getSymfonyContainer()->getParameter('database_prefix');
}
return $tablePrefix;
}
$redirectToImport = true;
function convert_stdobject_to_array($object)
{
$object = (array) $object;
foreach ($object as $key => $value) {
if (is_array($value) || is_object($value) && get_class($value) === 'stdClass') {
$object[$key] = convert_stdobject_to_array($value);
}
}
return $object;
}
try {
$metaStdClass = json_decode($_POST['meta_json']);
if ($metaStdClass) {
$metaArray = convert_stdobject_to_array($metaStdClass);
$converter = sspmod_janus_DiContainer::getInstance()->getMetaDataConverter();
$metaArray = $converter->execute($metaArray);
if ($metaArray['entityid'] === $entityController->getEntity()->getEntityid()) {
$redirectToImport = true;
$session->setData('string', 'import_type', 'json');
$session->setData('string', 'import', $_POST['meta_json']);
} else {
$msg = 'error_metadata_wrong_entity';
}
} else {
$msg = 'error_not_valid_json';
}
} catch (Exception $e) {
$msg = 'error_metadata_not_parsed';
}
}
/**
* Get disabled consent from database
*
* @return bool True on success and false on error
*/
private function _loadDisableConsent()
{
$eid = $this->_entity->getEid();
$revisionId = $this->_entity->getRevisionid();
$cacheProvider = sspmod_janus_DiContainer::getInstance()->getCacheProvider();
// Try to get result from cache
$cacheKey = 'entity-disableconsent-' . $eid . '-' . $revisionId;
$cachedResult = $cacheProvider->fetch($cacheKey);
if ($cachedResult !== false) {
$this->_disableConsent = $cachedResult;
return true;
}
$st = $this->execute('SELECT DC.*,
CONNECTION.name AS remoteentityid
FROM ' . $this->getTablePrefix() . 'disableConsent AS DC
INNER JOIN ' . $this->getTablePrefix() . 'connection AS CONNECTION
ON CONNECTION.id = DC.remoteeid
WHERE DC.`connectionRevisionId` = ?;', array($this->_entity->getId()));
if ($st === false) {
return false;
}
$row = $st->fetchAll(PDO::FETCH_ASSOC);
$this->_disableConsent = array();
foreach ($row as $data) {
$this->_disableConsent[$data['remoteentityid']] = $data;
}
// Store disable consent in cache, note that this does not have to be flushed since a new revision
// will trigger a new version of the cache anyway
$cacheProvider->save($cacheKey, $this->_disableConsent);
return true;
}
exit;
}
$et->data['update'] = $update;
$newMetadata = $entityController->getMetaArray();
unset($newMetadata['attributes']);
$newMetadata = $converter->execute($newMetadata);
$et->data['new'] = $newMetadata;
$et->data['newArp'] = $entityController->getArpAttributes();
$et->data['newAcl'] = array('AllowedAll' => $entityController->getAllowedAll(), 'Allowed' => array_map(function ($allowedEntity) use($janusConfig) {
// @todo this is very inefficient for large sets
$controller = sspmod_janus_DiContainer::getInstance()->getEntityController();
$controller->setEntity($allowedEntity['remoteeid']);
return $controller->getEntity()->getPrettyname();
}, $entityController->getAllowedEntities()), 'Blocked' => array_map(function ($blockedEntity) use($janusConfig) {
// @todo this is very inefficient for large sets
$controller = sspmod_janus_DiContainer::getInstance()->getEntityController();
$controller->setEntity($blockedEntity['remoteeid']);
return $controller->getEntity()->getPrettyname();
}, $entityController->getBlockedEntities()));
$et->data['changes'] = janus_array_diff_recursive($newMetadata, $oldMetadata);
$et->data['arpChanges'] = janus_array_diff_recursive($et->data['newArp'], $et->data['oldArp']);
$et->data['header'] = 'JANUS';
$et->data['message'] = $msg;
$et->show();
function janus_array_diff_recursive($array1, $array2)
{
if (!is_array($array2)) {
return $array1;
}
$diff = array();
if (empty($array1)) {
function addUserToEntity($params)
{
if (!isset($params['eid']) || !isset($params['uid'])) {
return FALSE;
}
$eid = $params['eid'];
$uid = $params['uid'];
# security hack - uid is actually userid ie. user@example.com - convert it to a janus uid as expected for further processing
$janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$user = new sspmod_janus_User();
$user->setUserid($uid);
if ($user->load(sspmod_janus_User::USERID_LOAD) === false) {
echo json_encode(array('status' => 'Unknown user'));
exit;
}
$actual_uid = $user->getUid();
$util = new sspmod_janus_AdminUtil();
try {
if (!($userid = $util->addUserToEntity($eid, $actual_uid))) {
return FALSE;
}
} catch (Exception $e) {
echo json_encode(array('status' => 'An unspecified error occurred'));
exit;
}
return array('eid' => $eid, 'uid' => $actual_uid, 'userid' => $userid);
}
// Added persistent, transient and unspecified to all entities as valid NameIDFormats
/**
* DbPatch makes the following variables available to PHP patches:
*
* @var $this DbPatch_Command_Patch_PHP
* @var $writer DbPatch_Core_Writer
* @var $db Zend_Db_Adapter_Abstract
* @var $phpFile string
*/
define('SAML2_NAME_ID_FORMAT_UNSPECIFIED', 'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified');
define('SAML2_NAME_ID_FORMAT_TRANSIENT', 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
define('SAML2_NAME_ID_FORMAT_PERSISTENT', 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent');
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$janusConfig = SimpleSAML_Configuration::getConfig('module_janus.php');
$userController = new sspmod_janus_UserController($janusConfig, sspmod_janus_DiContainer::getInstance()->getSecurityContext());
$userController->setUser('engine');
$entities = $userController->getEntities();
/** @var sspmod_janus_Entity $entity */
foreach ($entities as $entity) {
if ($entity->getType() != 'saml20-sp') {
continue;
}
$entity->setRevisionnote('patch-0015.php: Added persistent, transient and unspecified to all entities as valid NameIDFormats');
$entityController = new sspmod_janus_EntityController($janusConfig);
$entityController->setEntity($entity);
$entityController->addMetadata('NameIDFormats:0', SAML2_NAME_ID_FORMAT_PERSISTENT);
$entityController->addMetadata('NameIDFormats:1', SAML2_NAME_ID_FORMAT_TRANSIENT);
$entityController->addMetadata('NameIDFormats:2', SAML2_NAME_ID_FORMAT_UNSPECIFIED);
$entityController->saveEntity();
}
<?php
require_once __DIR__ . "/../app/autoload.php";
use Janus\ServiceRegistry\Entity\User;
use Janus\ServiceRegistry\Entity\Connection;
$em = sspmod_janus_DiContainer::getInstance()->getEntityManager();
/**
* Tests if all Doctrine models can be stored in the database properly
*
* NOTE: before running this, change your database name to a TEST database
*/
$user = new User('admin', array('admin'));
$em->persist($user);
$em->flush();
$userData = new User\Data($user, 'testKey', 'testValue');
$em->persist($userData);
$em->remove($userData);
$em->flush();
$subscribingUser = new User('test', array('technical'));
$em->persist($subscribingUser);
$em->flush();
$userMessage = new User\Message($user, 'testSubject', 'testMessage', $subscribingUser, 'testSubscription');
$em->persist($userMessage);
$em->flush();
$em->remove($userMessage);
$em->flush();
$userSubscription = new User\Subscription($subscribingUser, 'testSubscription', 'testType');
$em->persist($userSubscription);
$em->flush();
$em->remove($userSubscription);
$em->flush();
$template->data['selectedtab'] = $selectedtab;
$template->data['selectedSubTab'] = $selectedSubTab;
/* START TAB ARPADMIN PROVISIONING ***********************************************************************************/
if ($selectedSubTab === SELECTED_SUBTAB_ADMIN_ENTITIES) {
$template->data['adminentities'] = $userController->getEntities(true);
}
/* END TAB ARPADMIN PROVISIONING **************************************************************************************/
/* START TAB ENTITIES PROVISIONING ************************************************************************************/
if ($selectedtab == SELECTED_TAB_ENTITIES) {
require __DIR__ . '/dashboard/connections.php';
}
/* END TAB ENTITIES PROVISIONING **************************************************************************************/
// User is needed by all pages
$template->data['userid'] = $userid;
$template->data['user'] = $userController->getUser();
$template->data['security.context'] = sspmod_janus_DiContainer::getInstance()->getSecurityContext();
/* START TAB MESSAGE PROVISIONING *************************************************************************************/
if ($selectedtab == SELECTED_TAB_MESSAGE) {
$template->data['user_type'] = $user->getType();
$template->data['subscriptions'] = $subscriptions;
$template->data['subscriptionList'] = $subscriptionList;
$template->data['messages'] = $messages;
$template->data['messages_total'] = $messages_total;
$template->data['external_messengers'] = $janus_config->getArray('messenger.external');
$template->data['current_page'] = $page;
$template->data['last_page'] = ceil((double) $messages_total / $pm->getPaginationCount());
}
/* END TAB MESSAGE PROVISIONING ***************************************************************************************/
$template->data['logouturl'] = $as->getLogoutURL();
/* START TAB ARPADMIN PROVISIONING ************************************************************************************/
if ($selectedtab == SELECTED_TAB_ARPADMIN) {
/**
* Authenticate with SimpleSAMLphp.
*
* @return null|\Symfony\Component\Security\Core\Authentication\Token\TokenInterface
*/
public function authenticate()
{
$config = sspmod_janus_DiContainer::getInstance()->getConfig();
// The User Provider, to look up users and their secrets.
$userProvider = new UserService($this->getEntityManager(), $config);
// In case of the REST API v1 or the Installer we are pre authenticated.
if (self::$preAuth) {
$token = new PreAuthenticatedToken(static::$preAuth['user'], '', static::$preAuth['provider']);
$provider = new PreAuthenticatedAuthenticationProvider($userProvider, new \Symfony\Component\Security\Core\User\UserChecker(), static::$preAuth['provider']);
// Otherwise use SSP as our Authentication Provider.
} else {
$token = new SspToken();
$provider = new SspProvider($userProvider, $config);
}
// And a custom authentication manager with a single provider.
$authenticationManager = new AuthenticationProviderManager(array($provider));
// And we use that provider to authenticate, which calls triggers SSP to authenticate and
// puts it's information in our custom token.
return $authenticationManager->authenticate($token);
}
/**
* instantiate the postman
*
* @since Method available since Release 1.2.0
*/
public function __construct()
{
$this->_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$this->_paginate = $this->_config->getValue('dashboard.inbox.paginate_by', 20);
}
private function importParsedMetadata($parsedMetadata)
{
// If metadata was not parsed
if ($parsedMetadata === null) {
SimpleSAML_Logger::error('Importer - Metadata was not parsed');
return 'error_metadata_not_parsed';
}
if (isset($parsedMetadata['expire']) && $parsedMetadata['expire'] < time()) {
SimpleSAML_Logger::error('Importer - Metadata was not parsed due expiration');
return 'error_metadata_not_parsed_due_expiration';
}
// Remove entity descriptor
unset($parsedMetadata['entityDescriptor']);
unset($parsedMetadata['metadata-set']);
// Validate that entity id is the same for imported metadata and entity
if ($parsedMetadata['entityid'] != $this->_entityId) {
SimpleSAML_Logger::error('Importer - EntityId does not match');
return 'error_entityid_no_match';
} else {
unset($parsedMetadata['entityid']);
}
$parsedMetadata = $this->_removeUnusedContacts($parsedMetadata);
$parsedMetadata = $this->_removeNonSaml2Services($parsedMetadata);
$parsedMetadata = $this->_applyRequestedAttributesAsArp($parsedMetadata);
$converter = sspmod_janus_DiContainer::getInstance()->getMetaDataConverter();
$parsedMetadata = $converter->execute($parsedMetadata);
$msg = $this->_addCertificateMetaData($parsedMetadata);
if ($msg) {
return $msg;
}
foreach ($parsedMetadata as $key => $value) {
if (!empty($this->_excludedMetadataKeys) && in_array($key, $this->_excludedMetadataKeys)) {
continue;
}
if ($this->_entityController->hasMetadata($key)) {
if (!$this->_entityController->updateMetadata($key, $value)) {
SimpleSAML_Logger::info('Importer - Metadata field ' . $key . ' with value ' . $value . ' was not added.');
} else {
$this->_updated = true;
}
} else {
if (!$this->_entityController->addMetadata($key, $value)) {
SimpleSAML_Logger::info('Importer - Metadata field ' . $key . ' with value ' . $value . ' was not added.');
} else {
$this->_updated = true;
}
}
}
return 'status_metadata_parsed_ok';
}
* Main template for JANUS.
*
* @author Jacob Christiansen, <*****@*****.**>
* @author Sixto Martín, <*****@*****.**>
* @package simpleSAMLphp
* @subpackage JANUS
* @version $Id: janus-main.php 11 2009-03-27 13:51:02Z jach@wayf.dk $
* @todo Use some sort of form generator to reduce to amount of code and make it more robust
*/
$janus_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$ssp_config = SimpleSAML_Configuration::getConfig();
$csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider();
$csrf_ajax_token_json_encoded = json_encode($csrf_provider->generateCsrfToken('ajax'));
// Load custom translations for metadata fields
$customDictionaryLoader = new sspmod_janus_CustomDictionaryLoader($this);
$dictionaryDir = sspmod_janus_DiContainer::getInstance()->getRootDir() . '/dictionaries';
$customDictionaryLoader->addFromDir($dictionaryDir);
$this->cookie_name = $ssp_config->getString('session.cookie.name', 'SimpleSAMLSessionID');
$this->data['head'] = '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/style.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/simptip-mini.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/jsondiff/jsondiffpatch.html.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/components/jqueryui/themes/smoothness/jquery-ui.min.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/tablesorter.default.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/validate.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/revisions.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/arp.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/metadata.css" />' . "\n";
$this->data['head'] .= '<link rel="stylesheet" type="text/css" href="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/styles/editentity-wblist.css" />' . "\n";
$this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/components/jquery/jquery.min.js"></script>' . "\n";
$this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/components/jqueryui/ui/minified/jquery-ui.custom.min.js"></script>' . "\n";
$this->data['head'] .= '<script type="text/javascript" src="/' . $this->data['baseurlpath'] . 'module.php/janus/resources/scripts/json2-min.js"></script>' . "\n";
$user = new sspmod_janus_User();
$user->setUserid($userid);
$user->load(sspmod_janus_User::USERID_LOAD);
$eid = $_GET['eid'];
$currentRevisionId = $_GET['currentRevisionId'];
$historyTab = $_GET['historyTab'];
if (!($entity = $mcontroller->setEntity($eid))) {
throw new SimpleSAML_Error_Exception('Error in setEntity');
}
$workflowstates = $janus_config->getValue('workflowstates');
// load entity
$mcontroller->loadEntity();
// Check if user is allowed to se entity
$allowedUsers = $mcontroller->getUsers();
$output = '';
$securityContext = sspmod_janus_DiContainer::getInstance()->getSecurityContext();
if ((array_key_exists($userid, $allowedUsers) || $securityContext->isGranted('allentities')) && $securityContext->isGranted('entityhistory', $entity)) {
$history_size = $mcontroller->getHistorySize();
$history = $mcontroller->getHistory(10, $history_size);
foreach ($history as $data) {
$rid = $data->getRevisionid();
$rnote = $data->getRevisionnote();
$output .= '<section class="revision"><a href="?eid=' . $data->getEid() . '&revisionid=' . $rid . '">' . $et->t('tab_edit_entity_connection_revision') . ' ' . $rid . '</a>';
if ($data->getRevisionid() !== $currentRevisionId) {
$output .= ' - <a class="janus_button" href="?compareRevision=true&eid=' . $data->getEid() . '&compareRevisiondid=' . $data->getRevisionid() . '&revisionid=' . $currentRevisionId . '&selectedtab=' . $historyTab . '">Revision history</a>';
}
$output .= strlen($rnote) > 80 ? ' - ' . substr($rnote, 0, 79) . '...' : ' - ' . $rnote;
// Show edit user if present
$user->setUid($data->getUser());
if ($user->load()) {
$output .= ' - ' . $user->getUserid();
protected function __construct(array $option)
{
$this->_config = sspmod_janus_DiContainer::getInstance()->getConfig();
$this->_headers = $option['headers'];
}
