public static function isSignatureValid(sspmod_janus_REST_Request $request) { if (is_null($request->getKey())) { return false; } $config = sspmod_janus_DiContainer::getInstance()->getConfig(); $user = new sspmod_janus_User(); $user->setUserid($request->getKey()); if (!$user->load(sspmod_janus_User::USERID_LOAD)) { return false; } sspmod_janus_DiContainer::preAuthenticate($user->getUserid(), 'RESTv1'); $shared_secret = $user->getSecret(); $data = $request->getRequestVars(); // Sort params ksort($data); $concat_string = ''; // Concat all params with values foreach ($data as $key => $value) { $concat_string .= $key . $value; } // Prepend shared secret $prepend_secret = $shared_secret . $concat_string; // Hash the string to the signature $calculated_signature = hash('sha512', $prepend_secret); return $request->getSignature() == $calculated_signature; }
public function send(array $data) { $user = new sspmod_janus_User($this->_config); $user->setUid($data['uid']); $user->load(); $to = $user->getEmail(); $subject = '[JANUS] ' . $data['subject']; $body = $data['message']; if (!mail($to, $subject, $body, $this->_headers)) { throw new Exception('Could not send mail - ' . var_export($data, true)); } return true; }
/** * Retrive all entities from database * * The method retrives all entities from the database together with the * newest revision id. * * @param string $subject The message title * @param string $message The mesage body * @param arrayt|string $address Address for which the messege is sent to * @param int $from Uid of user responsible for sending the message * * @return false|array All entities from the database */ public function post($subject, $message, $address, $from) { $external_messengers = $this->_config->getArray('messenger.external', array()); // Grab the user who send the message $user = new sspmod_janus_User($this->_config); $user->setUid($from); $user->load(); // and prepend the userid to the message $message = 'User: '******'<br />' . $message; $addresses = array(); if (!is_array($address)) { $addresses[] = $address; } else { $addresses = $address; } foreach ($addresses as $ad) { $subscripers = $this->_getSubscripers($ad); $subscripers[] = array('uid' => '0', 'type' => 'INBOX'); foreach ($subscripers as $subscriper) { $st = self::execute('INSERT INTO `' . self::$prefix . 'message` ( `uid`, `subject`, `message`, `from`, `subscription`, `created`, `ip` ) VALUES (?, ?, ?, ?, ?, ?, ?);', array($subscriper['uid'], $subject, $message, $from, $ad, date('c'), $_SERVER['REMOTE_ADDR'])); if ($st === false) { SimpleSAML_Logger::error('JANUS: Error fetching all entities'); return false; } if (array_key_exists($subscriper['type'], $external_messengers)) { $externalconfig = $external_messengers[$subscriper['type']]; try { $messenger = sspmod_janus_Messenger::getInstance($externalconfig['class'], $externalconfig['option']); $messenger->send(array('uid' => $subscriper['uid'], 'subject' => $subject, 'message' => $message, 'from' => $from, 'address' => $ad)); } catch (Exception $e) { SimpleSAML_Logger::error('JANUS: Error sending external message. ' . var_export($messenger, true)); } } } } return true; }
public static function isSignatureValid(sspmod_janus_REST_Request $request) { if (is_null($request->getKey())) { return false; } $config = SimpleSAML_Configuration::getConfig('module_janus.php'); $user = new sspmod_janus_User($config->getValue('store')); $user->setUserid($request->getKey()); $user->load(sspmod_janus_User::USERID_LOAD); $shared_secret = $user->getSecret(); $data = $request->getRequestVars(); // Sort params ksort($data); $concat_string = ''; // Concat all params with values foreach ($data as $key => $value) { $concat_string .= $key . $value; } // Prepend shared secret $prepend_secret = $shared_secret . $concat_string; // Hash the string to the signature $calculated_signature = hash('sha512', $prepend_secret); return $request->getSignature() == $calculated_signature; }
public static function method_getUser($data, &$status) { if (!isset($data["userid"])) { $status = 400; return ''; } $config = SimpleSAML_Configuration::getConfig('module_janus.php'); $user = new sspmod_janus_User($config->getValue('store')); $user->setUserid($data['userid']); $user->load(sspmod_janus_User::USERID_LOAD); $result = array(); $result['uid'] = $user->getUid(); $result['userid'] = $user->getUserid(); $result['active'] = $user->getActive(); $result['type'] = $user->getType(); $result['data'] = $user->getdata(); return $result; }
/** * Get User information * * @access protected (see isProtected) * @static * @param array $data Request parameters for getUser method, supports: * - string $data['userid']: UserID (login name) to get data for * @param int $statusCode HTTP Status code to use in response * @return array|string User information */ public static function method_getUser($data, &$statusCode) { if (!isset($data["userid"])) { $statusCode = 400; return ''; } $config = sspmod_janus_DiContainer::getInstance()->getConfig(); $user = new sspmod_janus_User(); $user->setUserid($data['userid']); $user->load(sspmod_janus_User::USERID_LOAD); $result = array(); $result['uid'] = $user->getUid(); $result['userid'] = $user->getUserid(); $result['active'] = $user->getActive(); $result['type'] = $user->getType(); $result['data'] = $user->getdata(); return $result; }
<div id="history"> <?php if ($this->data['uiguard']->hasPermission('entityhistory', $wfstate, $this->data['user']->getType())) { $history_size = $this->data['mcontroller']->getHistorySize(); if ($history_size === 0) { echo "Not history fo entity " . $this->data['entity']->getEntityId() . '<br /><br />'; } else { echo '<h2>' . $this->t('tab_edit_entity_history') . '</h2>'; if ($history_size > 10) { $history = $this->data['mcontroller']->getHistory(0, 10); echo '<p><a id="showhide">' . $this->t('tab_edit_entity_show_hide') . '</a></p>'; } else { $history = $this->data['mcontroller']->getHistory(); } $user = new sspmod_janus_User($janus_config->getValue('store')); $wstates = $janus_config->getArray('workflowstates'); if (isset($current['name'][$this->getLanguage()])) { $curLang = $this->getLanguage(); } else { $curLang = 'en'; } foreach ($history as $data) { echo '<a href="?eid=' . $data->getEid() . '&revisionid=' . $data->getRevisionid() . '">' . $this->t('tab_edit_entity_connection_revision') . ' ' . $data->getRevisionid() . '</a>'; if (strlen($data->getRevisionnote()) > 80) { echo ' - ' . substr($data->getRevisionnote(), 0, 79) . '...'; } else { echo ' - ' . $data->getRevisionnote(); } // Show edit user if present $user->setUid($data->getUser());
exit; } $attributes = $as->getAttributes(); // Require that we can get this users id. if (!isset($attributes[$userIdAttribute])) { throw new Exception('User ID is missing'); } /** @var string $userId */ $userId = $attributes[$userIdAttribute][0]; if (isset($_POST['submit'])) { $csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider(); if (!isset($_POST['csrf_token']) || !$csrf_provider->isCsrfTokenValid('add_user', $_POST['csrf_token'])) { SimpleSAML_Logger::warning('Janus: [SECURITY] CSRF token not found or invalid'); throw new SimpleSAML_Error_BadRequest('Missing valid csrf token!'); } // Create the user $user = new sspmod_janus_User($janusConfig->getValue('store')); $user->setUserid($userId); $user->setType($defaultUserType); $user->setActive('yes'); $user->save(); // Trigger an event $pm = new sspmod_janus_Postman(); $pm->post('New user created', 'A new user has been created with username: '******'USER-NEW', $user->getUid()); } $template = new SimpleSAML_XHTML_Template($sspConfig, 'janus:newuser.php', 'janus:newuser'); $template->data['userid'] = $userId; if (isset($user)) { $template->data['user_created'] = TRUE; } $template->show();
$session->setData('string', 'refURL', SimpleSAML_Utilities::selfURL()); SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php')); } function check_uri($uri) { if (preg_match('/^[a-z][a-z0-9+-\\.]*:.+$/i', $uri) == 1) { return TRUE; } return FALSE; } // Get metadata to present remote entitites $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); // Get Entity controller $mcontroller = new sspmod_janus_EntityController($janus_config); // Get the user $user = new sspmod_janus_User($janus_config->getValue('store')); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); // Get Admin util which we use to retrieve entities $autil = new sspmod_janus_AdminUtil(); // Function to fix up PHP's messing up POST input containing dots, etc. function getRealPOST() { $vars = array(); $input = file_get_contents("php://input"); if (!empty($input)) { $pairs = explode("&", $input); foreach ($pairs as $pair) { $nv = explode("=", $pair); $name = urldecode($nv[0]); $value = urldecode($nv[1]);
/** * Add the specified users to the entity * * @param string $eid The entity * @param string $uid The user to be added to the entity * * @return bool True on success and false on error * @since Method available since Release 1.0.0 * @TODO Rename to addPermission or similar */ public function addUserToEntity($eid, $uid) { $st = self::execute('INSERT INTO `' . self::$prefix . 'hasEntity` (`uid`, `eid`, `created`, `ip`) VALUES (?, ?, ?, ?);', array($uid, $eid, date('c'), $_SERVER['REMOTE_ADDR'])); if ($st === false) { SimpleSAML_Logger::error('JANUS: Error fetching all entities'); return false; } $user = new sspmod_janus_User($this->_config->getValue('store')); $user->setUid($uid); $user->load(); $userid = $user->getUserid(); return $userid; }
/** * Retrive all users in the system * * The method will retrive all users in the system. NOTE this method will be * moved/rewritten in the future. * * @return array All users in the system */ public function getUsers() { $st = $this->execute('SELECT * FROM ' . $this->getTablePrefix() . 'user ORDER BY `userid`;'); $rs = $st->fetchAll(PDO::FETCH_ASSOC); $users = array(); foreach ($rs as $row) { $user = new sspmod_janus_User(); $user->setUid($row['uid']); $user->load(); $users[] = $user; } return $users; }
function addUserToEntity($params) { if (!isset($params['eid']) || !isset($params['uid'])) { return FALSE; } $eid = $params['eid']; $uid = $params['uid']; # security hack - uid is actually userid ie. user@example.com - convert it to a janus uid as expected for further processing $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $user = new sspmod_janus_User(); $user->setUserid($uid); if ($user->load(sspmod_janus_User::USERID_LOAD) === false) { echo json_encode(array('status' => 'Unknown user')); exit; } $actual_uid = $user->getUid(); $util = new sspmod_janus_AdminUtil(); try { if (!($userid = $util->addUserToEntity($eid, $actual_uid))) { return FALSE; } } catch (Exception $e) { echo json_encode(array('status' => 'An unspecified error occurred')); exit; } return array('eid' => $eid, 'uid' => $actual_uid, 'userid' => $userid); }
// Validate user if ($session->isValid($authsource)) { $attributes = $session->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { echo $et->t('error_no_access'); exit; } // Get Entity controller $mcontroller = new sspmod_janus_EntityController($janus_config); // Get the user $user = new sspmod_janus_User($janus_config->getValue('store')); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); // Get the correct entity $eid = $_GET['eid']; if (!($entity = $mcontroller->setEntity($eid))) { throw new SimpleSAML_Error_Exception('Error in setEntity'); } $workflowstates = $janus_config->getValue('workflowstates'); // load entity $mcontroller->loadEntity(); // Check if user is allowed to se entity $allowedUsers = $mcontroller->getUsers(); $uiguard = new sspmod_janus_UIguard($janus_config->getValue('access')); $output = ''; $wfstate = $entity->getWorkflow();
$csrf_provider = sspmod_janus_DiContainer::getInstance()->getCsrfProvider(); // Get data from config /** @var $authenticationSource string */ $authenticationSource = $janusConfig->getValue('auth', 'login-admin'); /** @var $userIdAttribute string */ $userIdAttribute = $janusConfig->getValue('useridattr', 'eduPersonPrincipalName'); $as = new SimpleSAML_Auth_Simple($authenticationSource); // Validate user if ($as->isAuthenticated()) { $attributes = $as->getAttributes(); // Check if user id exists if (!isset($attributes[$userIdAttribute])) { throw new Exception('User ID is missing'); } $userid = $attributes[$userIdAttribute][0]; $user = new sspmod_janus_User($janusConfig->getValue('store')); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); } else { $session->setData('string', 'refURL', SimpleSAML_Utilities::selfURL()); SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php')); exit; } $importData = $session->getData('string', 'import'); $importType = $session->getData('string', 'import_type'); if (!$importData && !$importType) { throw new SimpleSAML_Error_Exception('Nothing to import!'); } if (!isset($_GET['eid'])) { throw new SimpleSAML_Error_Exception('No entity selected!'); }
$attributes = $session->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { $returnURL = $session->getData('string', 'refURL'); if (is_null($returnURL)) { $returnURL = SimpleSAML_Utilities::selfURL(); } else { $session->deleteData('string', 'refURL'); } SimpleSAML_Auth_Default::initLogin($authsource, $returnURL, NULL, $_GET); } $user = new sspmod_janus_User(); $user->setUserid($userid); if (!$user->load(sspmod_janus_User::USERID_LOAD)) { $autocreatenewuser = $janus_config->getValue('user.autocreate', false); if ($autocreatenewuser) { SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/newUser.php'), array('userid' => $userid)); } else { SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/noNewUser.php'), array('userid' => $userid)); } } else { if ($user->getActive() === 'yes') { SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/dashboard.php/entities')); } else { $session->doLogout(); SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php?error=error_index_user_inactive')); }
$config = SimpleSAML_Configuration::getInstance(); $janus_config = sspmod_janus_DiContainer::getInstance()->getConfig(); $util = new sspmod_janus_AdminUtil(); $access = false; $user = null; // Validate user if ($session->isValid($janus_config->getValue('auth'))) { $useridattr = $janus_config->getValue('useridattr'); $attributes = $session->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; // Get the user $user = new sspmod_janus_User(); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); // Check for permission $securityContext = sspmod_janus_DiContainer::getInstance()->getSecurityContext(); if ($securityContext->isGranted('exportallentities')) { $access = true; } } // Get default options $md_options['types'] = array(); $md_options['states'] = array(); $md_options['exclude'] = array(); $md_options['postprocessor'] = null; $md_options['ignore_errors'] = false; $md_options = array_merge($md_options, $janus_config->getArray('mdexport.default_options'));
$authsource = $janus_config->getValue('auth', 'login-admin'); $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName'); if ($session->isValid($authsource)) { $attributes = $session->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php')); } $econtroller = new sspmod_janus_UserController($janus_config); $usertypes = $janus_config->getValue('usertypes'); $et = new SimpleSAML_XHTML_Template($config, 'janus:newuser.php', 'janus:newuser'); if (isset($_POST['submit'])) { $user = new sspmod_janus_User($janus_config->getValue('store')); $user->setUserid($_POST['userid']); $user->setType($_POST['type']); $user->setActive('yes'); $user->save(); $et->data['user_created'] = TRUE; $pm = new sspmod_janus_Postman(); $pm->post('New user created', 'A new user has been created with username: '******'USER-NEW', $user->getUid()); } if (isset($_GET['userid'])) { $et->data['userid'] = $_GET['userid']; } $et->data['users'] = $econtroller->getUsers(); $et->data['usertypes'] = $usertypes; $et->show();
function editUser($params) { if (empty($params['uid']) || empty($params['userid']) || !isset($params['active']) || empty($params['type'])) { return array('status' => 'missing_param'); } $janus_config = SimpleSAML_Configuration::getConfig('module_janus.php'); $uid = $params['uid']; $user = new sspmod_janus_User($janus_config->getValue('store')); $user->setUid($uid); $user->load(sspmod_janus_User::UID_LOAD); $user->setActive($params['active']); $user->setUserid($params['userid']); $user->setType($params['type']); $user->save(); return array('uid' => $uid); }
} if ($this->data['security.context']->isGranted('editsubscriptions')) { echo ' <a id="edit_subscription_link_' . $subscription['sid'] . '" class="janus_button" onclick="editSubscription(' . $this->data['user']->getUid() . ', ' . $subscription['sid'] . ');">' . $this->t('admin_edit') . '</a>'; } echo '</td></tr>'; } echo '</tbody></table>'; if ($this->data['security.context']->isGranted('addsubscriptions')) { echo '<h2>' . $this->t('text_subscription_add_header') . '</h2>'; echo '<select name="subscriptions" id="subscriptions_select">'; echo '<option> -- ' . $this->t('tab_edit_entity_select') . ' --</option>'; foreach ($this->data['subscriptionList'] as $subscription) { $tmp = explode("-", $subscription); if ($tmp[0] == 'USER') { if (isset($tmp[1]) && ctype_digit((string) $tmp[1])) { $user = new sspmod_janus_User($janus_config); $user->setUid($tmp[1]); $user->load(); $name = $tmp[0] . ' - ' . $user->getUserid(); } else { if (isset($tmp[1]) && $tmp[1] == 'NEW') { $name = $tmp[0] . ' - ' . 'NEW'; } else { $name = $tmp[0]; } } } else { if ($tmp[0] == 'ENTITYUPDATE') { if (isset($tmp[1]) && ctype_digit((string) $tmp[1])) { $entity = new sspmod_janus_Entity($janus_config); $entity->setEid($tmp[1]);
/** * Retrive all users in the system * * The method will retrive all users in the system. NOTE this method will be * moved/rewritten in the future. * * @return array All users in the system */ public function getUsers() { $st = $this->execute('SELECT * FROM ' . self::$prefix . 'user;'); $rs = $st->fetchAll(PDO::FETCH_ASSOC); $users = array(); foreach ($rs as $row) { $user = new sspmod_janus_User($this->_config->getValue('store')); $user->setUid($row['uid']); $user->load(); $users[] = $user; } return $users; }
$mcontrol = new sspmod_janus_UserController($janus_config); $pm = new sspmod_janus_Postman(); if (!($user = $mcontrol->setUser($userid))) { throw new SimpleSAML_Error_Exception('Error in setUser'); } $selectedtab = isset($_REQUEST['selectedtab']) ? $_REQUEST['selectedtab'] : 1; if (isset($_POST['add_usersubmit'])) { if (empty($_POST['userid']) || empty($_POST['type'])) { $msg = 'error_user_not_created_due_params'; } else { $check_user = new sspmod_janus_User($janus_config->getValue('store')); $check_user->setUserid($_POST['userid']); if ($check_user->load(sspmod_janus_User::USERID_LOAD) != FALSE) { $msg = 'error_user_already_exists'; } else { $new_user = new sspmod_janus_User($janus_config->getValue('store')); $new_user->setUserid($_POST['userid']); $new_user->setType($_POST['type']); if (isset($_POST['active']) && $_POST['active'] == 'on') { $active = 'yes'; } else { $active = 'no'; } $new_user->setActive($active); $new_user->setData($_POST['userdata']); if (!$new_user->save()) { $msg = 'error_user_not_created'; } else { SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::selfURLNoQuery(), array('selectedtab' => $selectedtab)); } }
$loggedInUsername = sspmod_janus_DiContainer::getInstance()->getLoggedInUsername(); } catch (Exception $ex) { SimpleSAML_Utilities::redirectTrustedUrl(SimpleSAML_Module::getModuleURL('janus/index.php'), $_GET); exit; } function check_uri($uri) { if (preg_match('/^[a-z][a-z0-9+-\\.]*:.+$/i', $uri) == 1) { return TRUE; } return FALSE; } // Get Entity controller $entityController = sspmod_janus_DiContainer::getInstance()->getEntityController(); // Get the user $user = new sspmod_janus_User(); $user->setUserid($loggedInUsername); $user->load(sspmod_janus_User::USERID_LOAD); // Get Admin util which we use to retrieve entities $adminUtil = new sspmod_janus_AdminUtil(); // @todo move to separate class // Function to fix up PHP's messing up POST input containing dots, etc. function getRealPOST() { $vars = array(); $input = file_get_contents("php://input"); if (!empty($input)) { $pairs = explode("&", $input); foreach ($pairs as $pair) { $nv = explode("=", $pair); $name = urldecode($nv[0]);
// Validate user if ($as->isAuthenticated()) { $attributes = $as->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { echo $et->t('error_no_access'); exit; } // Get Entity controller $mcontroller = sspmod_janus_DiContainer::getInstance()->getEntityController(); // Get the user $user = new sspmod_janus_User(); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); $eid = $_GET['eid']; $currentRevisionId = $_GET['currentRevisionId']; $historyTab = $_GET['historyTab']; if (!($entity = $mcontroller->setEntity($eid))) { throw new SimpleSAML_Error_Exception('Error in setEntity'); } $workflowstates = $janus_config->getValue('workflowstates'); // load entity $mcontroller->loadEntity(); // Check if user is allowed to se entity $allowedUsers = $mcontroller->getUsers(); $output = ''; $securityContext = sspmod_janus_DiContainer::getInstance()->getSecurityContext();
// Get data from config $authsource = $janus_config->getValue('auth', 'login-admin'); $useridattr = $janus_config->getValue('useridattr', 'eduPersonPrincipalName'); // Only valid users are allowed to se UI if ($session->isValid($authsource)) { $attributes = $session->getAttributes(); // Check if userid exists if (!isset($attributes[$useridattr])) { throw new Exception('User ID is missing'); } $userid = $attributes[$useridattr][0]; } else { SimpleSAML_Utilities::redirect(SimpleSAML_Module::getModuleURL('janus/index.php')); } // Get the user $user = new sspmod_janus_User($janus_config->getValue('store')); $user->setUserid($userid); $user->load(sspmod_janus_User::USERID_LOAD); $et = new SimpleSAML_XHTML_Template($config, 'janus:exportentities.php', 'janus:exportentities'); $et->data['user_type'] = $user->getType(); $et->data['uiguard'] = new sspmod_janus_UIguard($janus_config->getValue('access')); $et->data['types'] = $util->getAllowedTypes(); $et->data['states'] = $janus_config->getArray('workflowstates'); $et->data['external'] = $janus_config->getArray('export.external'); $et->data['header'] = 'JANUS'; if (isset($_GET['msg'])) { $et->data['msg'] = $_GET['msg']; } $et->show(); exit; }