/** * Given an entity (like a SAML2 SP) and a list of remote entities (like a set of SAML2 IdPs) * find out which of those remote entities do not allow the entity to connect. * * @param sspmod_janus_Entity $entity * @param array $remoteEntities */ public function getReverseBlockedEntities(sspmod_janus_Entity $entity, array $remoteEntities) { if (empty($remoteEntities)) { return array(); } $remoteEids = array(); foreach ($remoteEntities as $remoteEntity) { $remoteEids[] = $remoteEntity['eid']; } $queryParams = array($entity->getEid(), $entity->getEid()); $queryParams = array_merge($queryParams, $remoteEids); $queryEidsIn = implode(', ', array_fill(0, count($remoteEids), '?')); $tablePrefix = $this->getTablePrefix(); $query = <<<SQL SELECT eid, entityid, revisionid, state, type FROM ( SELECT CONNECTION_REVISION.eid, CONNECTION_REVISION.entityid, CONNECTION_REVISION.revisionid, CONNECTION_REVISION.state, CONNECTION_REVISION.type, CONNECTION_REVISION.allowedall, (SELECT COUNT(*) > 0 FROM {$tablePrefix}allowedConnection WHERE connectionRevisionId = CONNECTION_REVISION.id) AS uses_whitelist, (SELECT COUNT(*) > 0 FROM {$tablePrefix}blockedConnection WHERE connectionRevisionId = CONNECTION_REVISION.id) AS uses_blacklist, (SELECT COUNT(*) > 0 FROM {$tablePrefix}allowedConnection WHERE connectionRevisionId = CONNECTION_REVISION.id AND remoteeid = ?) AS in_whitelist, (SELECT COUNT(*) > 0 FROM {$tablePrefix}blockedConnection WHERE connectionRevisionId = CONNECTION_REVISION.id AND remoteeid = ?) AS in_blacklist FROM {$tablePrefix}connection CONNECTION INNER JOIN {$tablePrefix}connectionRevision CONNECTION_REVISION ON CONNECTION_REVISION.eid = CONNECTION.id AND CONNECTION_REVISION.revisionid = CONNECTION.revisionNr WHERE CONNECTION.id IN ({$queryEidsIn}) ) AS LATEST_REVISION WHERE allowedall = 'no' AND ( (uses_whitelist = TRUE AND in_whitelist = FALSE) OR (uses_blacklist = TRUE AND in_blacklist = TRUE) OR (uses_blacklist = FALSE AND uses_whitelist = FALSE) ) SQL; $statement = $this->execute($query, $queryParams); return $statement->fetchAll(); }
alt="Edit" width="16" height="16" onclick="ARP.create();" /> <br /> <!-- ARP Add --> <div id="arpEdit" style="display: none;"> <script type="text/javascript"> <?php foreach ($this->data['adminentities'] as $entity) { $arpId = $entity->getArp(); $entityId = $entity->getEntityid(); $entityName = $entity->getPrettyname(); $entityData = array('eid' => $entity->getEid(), 'entityId' => $entity->getEntityid(), 'name' => $entity->getPrettyname(), 'revision' => $entity->getRevisionid()); $entityDataJson = json_encode($entityData, true); echo "ARP.setEntityForArp({$arpId}, {$entityDataJson});" . PHP_EOL; } ?> </script> <form action="" method="post" onsubmit="return ARP.validate()"> <a href="#" style="float: right;" onclick="$(this).parents('#arpEdit').hide(); return false;" > [<?php echo strtoupper($this->t('text_close')); ?> ] </a>
$userEntities = $adminUtil->getEntitiesFromUser($user->getUid()); } $reverseBlockedEntities = $adminUtil->getReverseBlockedEntities($entity, $userEntities); // Get metadatafields $mfc = $janus_config->getArray('metadatafields.' . $entity->getType()); $mb = new sspmod_janus_MetadataFieldBuilder($mfc); $et->data['metadatafields'] = $mb->getMetadataFields(); $remote_entities = array(); $remote_entities_acl_sorted = array(); // Only parse name and description in current language foreach ($remoteEntities as $remoteEntityRow) { $remoteEntity = new sspmod_janus_Entity($janus_config); $remoteEntity->setEid($remoteEntityRow["eid"]); $remoteEntity->setRevisionid($remoteEntityRow["revisionid"]); $remoteEntity->load(); $remoteEntityFormatted = array('eid' => $remoteEntity->getEid(), 'revisionid' => $remoteEntity->getRevisionid(), 'type' => $remoteEntity->getType(), 'notes' => $remoteEntity->getNotes()); // Format the name for the remote entity $remoteEntityName = $remoteEntity->getPrettyName(); if (isset($remoteEntityName)) { if (is_array($remoteEntityName)) { if (array_key_exists($language, $remoteEntityName)) { $remoteEntityFormatted['name'][$language] = $remoteEntityName[$language]; } else { reset($remoteEntityName); $remoteEntityFormatted['name'][$language] = 'No name in current language (' . current($remoteEntityName) . ')'; } } else { $remoteEntityFormatted['name'][$language] = $remoteEntityName; } } else { $remoteEntityFormatted['name'][$language] = 'No name given';
/** * Create new entity with parsed entityid * * Create a new entity and give the user access to the entity. * * @param string $entityid Entity id for the new entity * @param string $type Entity type * * @return sspmod_janus_Entity|bool Returns the entity or false on error. * @since Method available since Release 1.0.0 */ public function createNewEntity($entityid, $type) { assert('is_string($entityid)'); assert('is_string($type)'); if ($this->isEntityIdInUse($entityid, $errorMessage)) { return $errorMessage; } if ($this->hasEntityIdBeenUsed($entityid, $errorMessage)) { return $errorMessage; } $startstate = $this->_config->getString('workflowstate.default'); // Get the default ARP $default_arp = '0'; $st = $this->execute("SELECT aid FROM " . self::$prefix . "arp WHERE is_default = TRUE AND deleted = ''"); if ($st) { $rows = $st->fetchAll(); if (count($rows) === 1) { $default_arp = $rows[0]['aid']; } } // Instantiate a new entity $entity = new sspmod_janus_Entity($this->_config, true); $entity->setEntityid($entityid); $entity->setWorkflow($startstate); $entity->setType($type); $entity->setArp($default_arp); $entity->setUser($this->_user->getUid()); $entity->setRevisionnote('Entity created.'); $entity->save(); $st = $this->execute('INSERT INTO ' . self::$prefix . 'hasEntity (`uid`, `eid`, `created`, `ip`) VALUES (?, ?, ?, ?);', array($this->_user->getUid(), $entity->getEid(), date('c'), $_SERVER['REMOTE_ADDR'])); if ($st === false) { return 'error_db'; } $ec = new sspmod_janus_EntityController($this->_config); $ec->setEntity($entity); $update = false; // Get metadatafields for new type $nm_mb = new sspmod_janus_MetadatafieldBuilder($this->_config->getArray('metadatafields.' . $type)); $metadatafields = $nm_mb->getMetadatafields(); // Add all required fileds foreach ($metadatafields as $mf) { if (isset($mf->required) && $mf->required === true) { $ec->addMetadata($mf->name, $mf->default); $update = true; } } if ($update === true) { $ec->saveEntity(); } // Reset list of entities $this->_entities = null; $this->_loadEntities(); return $entity->getEid(); }
/** * Create new entity with parsed entityid * * Create a new entity and give the user access to the entity. * * @param string $entityid Entity id for the new entity * @param string $type Entity type * @param string $metadataUrl The -optional- metadata url for the new entity * * @return sspmod_janus_Entity|bool Returns the entity or false on error. * @since Method available since Release 1.0.0 */ public function createNewEntity($entityid, $type, $metadataUrl = null) { assert('is_string($entityid)'); assert('is_string($type)'); if ($this->isEntityIdInUse($entityid, $errorMessage)) { return $errorMessage; } $startstate = $this->_config->getString('workflowstate.default'); // Instantiate a new entity $entity = new sspmod_janus_Entity($this->_config, true); $entity->setEntityid($entityid); $entity->setWorkflow($startstate); $entity->setType($type); $entity->setUser($this->_user->getUid()); $entity->setRevisionnote('Entity created.'); if ($metadataUrl) { $entity->setMetadataURL($metadataUrl); } $entity->save(array()); $adminUtil = new sspmod_janus_AdminUtil(); $adminUtil->addUserToEntity($entity->getEid(), $this->_user->getUid()); $ec = sspmod_janus_DiContainer::getInstance()->getEntityController(); $ec->setEntity($entity); $update = false; // Get metadatafields for new type $nm_mb = new sspmod_janus_MetadataFieldBuilder($this->_config->getArray('metadatafields.' . $type)); $metadatafields = $nm_mb->getMetadataFields(); // Add all required fileds foreach ($metadatafields as $mf) { if (isset($mf->required) && $mf->required === true) { $ec->addMetadata($mf->name, $mf->default); $update = true; } } if ($update === true) { $ec->saveEntity(); } // Reset list of entities $this->_entities = null; $this->_loadEntities(); return $entity->getEid(); }
/** * Does the Identity Provider allow a particular connection? * * @static * @param string sspmod_janus_Entity $sp Service Provider to check for * @param string sspmod_janus_Entity $idp Identity Provider to check against * @return bool Is the connection allowed? */ protected static function _checkIdPMetadataIsConnectionAllowed(sspmod_janus_Entity $sp, sspmod_janus_Entity $idp) { $idpController = sspmod_janus_DiContainer::getInstance()->getEntityController(); $idpController->setEntity($idp); $spEid = $sp->getEid(); if ($idpController->getAllowedAll() === "yes") { return true; } $allowedSps = $idpController->getAllowedEntities(); if (count($allowedSps) > 0 && array_key_exists($spEid, $allowedSps)) { return true; } $blockedSps = $idpController->getBlockedEntities(); if (count($blockedSps) > 0 && !array_key_exists($spEid, $blockedSps)) { return true; } return false; }