From 0ac0dd923a3b1c2e2dd4e90d5460dab5fb30db99 Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Wed, 20 Oct 2010 15:47:35 +0000
Subject: [PATCH] rbac part of setMyUserAttrs finished

git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@7507 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
 .../rbacSoap/TgExtra.class.php                | 83 ++++++++++++-------
 .../rbacSoap/wsdl-8081/tgextra.wsdl           |  2 +-
 2 files changed, 56 insertions(+), 29 deletions(-)

diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
index 95e08de..2a3509c 100755
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/TgExtra.class.php
@@ -6,8 +6,6 @@
 // Version: 0.3.0
 // #######################################################
 
-
-
 class TgExtra {
 
   // Global variables
@@ -502,8 +500,6 @@ class TgExtra {
   // -----------------------------------------------------
   public function setMyUserAttributes($inRequest) {
 
-
-//// TODO all this stuff was copied from setName, need to adapt but keep the logic
     $arrModify = Array();
     $filter = "";
     $result = new booleanResponse();  // The return-result
@@ -514,43 +510,77 @@ class TgExtra {
 
     $arrUserEntry = $this->connection['user']->search( $this->config->getValue( "authentication", "base" ), $filter, "sub" );
 
+    $entry = $arrUserEntry[0];
+
     if( sizeof( $arrUserEntry ) == 1 && isset( $arrUserEntry[0]) &&  isset( $arrUserEntry[0]['dn']) ) {
 
-      $entry = $arrUserEntry[0];
+      $attrlist = explode ( " ", $this->config->getValue( "userdetails", "00order" ));
 
-      if (!in_array ("TextGridUser", $entry['objectclass'])) {
-        $arrModify['objectclass'][] = "TextGridUser";
+      $existing = Array();
+      $objectclasses = Array();
+      $ldapattr = Array();	
+      foreach ($attrlist as $attr) {
+        $det = explode ("|", $this->config->getValue( "userdetails", $attr ));
+        $existing[$attr] = $entry[strtolower($det[1])][0];
+        $ldapattr[$attr] = $det[1];
+        $objectclasses[] = $det[2];
+      }
+      $objectclasses = array_unique( $objectclasses);	
+      $notyetadded = array_diff($objectclasses, $entry['objectclass']);
+
+      if (count($notyetadded) > 0) {
+        $arrModify['objectclass'] = array_values($notyetadded);
         ldap_mod_add ($this->connection['user']->getConnection(), $entry['dn'], $arrModify);
         unset ( $arrModify );
       }
 
+      $provided = Array();
+      foreach ($inRequest->attribute as $prov) {
+	if (!in_array($prov->name, $attrlist)) {
+	  trigger_error("Attribute '".$prov->name."' provided with value '".$prov->value."', however, this RBAC instance cannot understand it.", E_USER_WARNING);
+        } else {
+          $provided[$prov->name] = $prov->value;
+        }
+      }
 
-      // only assert that these data are correct if they came from the IdP AND the IdP had sent at least the name (cn or (sn and givenname)) and one mail address
-      if( $inRequest->webAuthSecret === $this->config->getValue( "webAuth", "secret" ) && strlen($inRequest->name) > 0 && strlen ($inRequest->mail) > 0  ) {
+      // only assert that these data are correct if they came from the IdP AND the IdP had sent at least the name (surname and givenname) and one mail address
+      if( $inRequest->webAuthSecret === $this->config->getValue( "webAuth", "secret" ) 
+            && strlen($provided['surname']) > 0 
+            && strlen($provided['givenname']) > 0 
+            && strlen ($provided['mail']) > 0  ) {
         $arrModify['tgusersupplieddata'][] = "FALSE";
 
 	// only set the agreesearch flag automatically if it was not there before, i.e. on very first login
         if (! isset ($entry['tgagreesearch'] )) {
           $arrModify['tgagreesearch'][] = "TRUE";
         }
-      } elseif (isset ($entry['tgusersupplieddata']) && $entry['tgusersupplieddata'][0] === "FALSE") {
-
-        // once data came from the IdP, the flag will always remain on FALSE and only the agreesearch Flag can be set	
-        if ( $inRequest->agreeSearch ) { $arrModify['tgagreesearch'][] = "TRUE"; } else { $arrModify['tgagreesearch'][] = "FALSE"; }
-        $this->connection['user']->modify( $entry['dn'], $arrModify);
-        $result->result = true;
-        return $result;
+//      } elseif (isset ($entry['tgusersupplieddata']) && $entry['tgusersupplieddata'][0] === "FALSE") {
+//        // once data came from the IdP, the flag will always remain on FALSE and only the agreesearch Flag can be set	
+//        if ( $inRequest->agreeSearch ) { $arrModify['tgagreesearch'][] = "TRUE"; } else { $arrModify['tgagreesearch'][] = "FALSE"; }
+//        $this->connection['user']->modify( $entry['dn'], $arrModify);
+//        $result->result = true;
+//        return $result;
 
       } else  {
-	$arrModify['tgusersupplieddata'][] = "TRUE";
-
-	// only set the agreesearch flag if it came from the user
-	if ( $inRequest->agreeSearch ) { $arrModify['tgagreesearch'][] = "TRUE"; } else { $arrModify['tgagreesearch'][] = "FALSE"; }
+	// we cannot check everything, but when user changes their mail address, then we do not have a safe user handle anymore
+	if (! ($provided['mail'] === $existing['mail'])) {
+	  $arrModify['tgusersupplieddata'][] = "TRUE";
+        }
+//	// only set the agreesearch flag if it came from the user
+//	if ( $inRequest->agreeSearch ) { $arrModify['tgagreesearch'][] = "TRUE"; } else { $arrModify['tgagreesearch'][] = "FALSE"; }
       }
 
-      if ( strlen($inRequest->name) > 0 ) { $arrModify['cn'][] = $inRequest->name; }
-      if ( strlen($inRequest->organisation) > 0 ) { $arrModify['o'][] = $inRequest->organisation; }
-      if ( strlen($inRequest->mail) > 0 ) { $arrModify['mail'][] = $inRequest->mail; }
+      foreach ($provided as $attr => $value) {
+	if (is_string($value) && strlen($value) > 0 ) {
+          $arrModify[$ldapattr[$attr]][] = $value;
+	} else if (is_bool($value)) {  // this will never hold as we only have strings in the WSDL
+	  if ($value) {
+            $arrModify[$ldapattr[$attr]][] = "TRUE"; 
+          } else { 
+            $arrModify[$ldapattr[$attr]][] = "FALSE"; 
+          }
+  	}
+      }
 
       $this->connection['user']->modify( $entry['dn'], $arrModify);
 
@@ -563,7 +593,6 @@ class TgExtra {
 
     return $result;
 
-
   }
 
 
@@ -1381,8 +1410,8 @@ class TgExtra {
         $entry = $arrUserEntry[0];
 
         $result[] = new userDetail (
-				     mb_strtolower( $entry['sn'][0]), // ePPN, use sn which holds it too as uid is hidden in the dn
-				     $entry['cn'][0],  // name
+				     mb_strtolower( $entry['uid'][0]), // ePPN
+				     $entry['displayname'][0],  // name
 				     isset ($entry['mail'][0]) ? $entry['mail'][0] : null,  
 				     isset ($entry['o'][0]) ? $entry['o'][0]: null,  // organisation
 				     isset ($entry['tgagreesearch'][0]) ? ($entry['tgagreesearch'][0] === "TRUE" ? TRUE : FALSE) : null,  // bool
@@ -1392,9 +1421,7 @@ class TgExtra {
       } else { 
 	// do nothing, this ePPN was not existing or not unique
       }
-
     }
-
     return $result;
   }
 
diff --git a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
index 6186670..94b7f12 100644
--- a/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
+++ b/info.textgrid.middleware.tgauth.rbac/rbacSoap/wsdl-8081/tgextra.wsdl
@@ -128,7 +128,7 @@
         </xsd:complexType>
       </xsd:element>
 <!-- #### setMyUserAttributes #### //-->
-      <xsd:element name="getMyUserAttributesRequest">
+      <xsd:element name="setMyUserAttributesRequest">
         <xsd:complexType>
           <xsd:sequence>
             <xsd:element name="auth" type="xsd:string" minOccurs="1" maxOccurs="1"/>
-- 
GitLab