diff --git a/info.textgrid.middleware.tgauth.webauth/WebAuthN/PutAttributes.php b/info.textgrid.middleware.tgauth.webauth/WebAuthN/PutAttributes.php
new file mode 100755
index 0000000000000000000000000000000000000000..2463852fba1eab9c3a127f9922c3df1cb9638723
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.webauth/WebAuthN/PutAttributes.php
@@ -0,0 +1,93 @@
+<?php
+// #######################################################
+// Author: Martin Haase / DAASI International GmbH / TextGrid
+// Creation date: 2010-10-19
+// Modification date: 2010-XX
+// Version: 0.1
+// #######################################################
+
+include("../tglib/RBAC.class.php");
+include("../tglib/WebUtils.class.php");
+
+$configfile = "../../../config_tgwebauth.xml";
+
+$util = new WebUtils;
+
+$authZinstance = $_REQUEST["authZinstance"];
+$remote_user = $_REQUEST["remote_user"];
+
+if ($_REQUEST["loginmode"] == 1) {
+ $loginmode = TRUE;
+} else {
+ $loginmode = FALSE;
+}
+
+if ( !(isset($authZinstance)) || strlen($authZinstance) <= 0 ) {
+ $util->printAuthFailure("No TgAuth Instance provided",
+ "Please provide a valid string in the authZinstance variable.",
+ null,
+ null );
+ exit;
+}
+
+$rbac = new RBAC ( $configfile, $authZinstance );
+
+$Sid = $_REQUEST["Sid"];
+
+$attributes = $rbac->getUserAttributes( $Sid );
+$newattributes = array();
+$thedisplayname = "anonymous";
+
+//phpinfo();
+foreach ($attributes as $a) {
+ if ($util->isBoolean($a)) {
+ if (isset ( $_REQUEST[$a->name])) {
+ $na = new StdClass();
+ $na->name = $a->name;
+ $na->value = TRUE;
+ $newattributes[] = $na;
+ } else {
+ $na = new StdClass();
+ $na->name = $a->name;
+ $na->value = FALSE;
+ $newattributes[] = $na;
+ }
+ } else if (isset ( $_REQUEST[$a->name]) && !isset ($a->value)
+ || ( isset( $a->value) && !$_REQUEST[$a->name] === $a->value)) {
+ $na = new StdClass();
+ $na->name = $a->name;
+ $na->value = $_REQUEST[$a->name];
+ $newattributes[] = $na;
+ }
+ if ($a->name === "displayname" && isset ($a->value)) { // set Display Name
+ $thedisplayname = $a->value;
+ }
+ if ($na->name === "displayname") { // Overwrite if set anew
+ $thedisplayname = $na->value;
+ }
+}
+
+$res = $rbac->setAttributes($newattributes, $Sid, $loginmode );
+if ((is_array($res) && $res['success'] == FALSE) || (is_object($res) && $res->result == FALSE)) {
+ echo "something went wrong". serialize($res);
+ exit;
+}
+
+if ($loginmode) {
+ $util->printAuthSuccess("Authentication Succeeded",
+ $thedisplayname,
+ array("remote_user" => $remote_user,
+ "scstatus" => "set Attributes",
+ "Sid" => $Sid,
+ "rbacbase" => $authZinstance,
+ "identity_provider" => "unknown",
+ "identified_user" => array("authnmethod" => "ePPN")
+ ),
+ array("slcmode" => FALSE) // SLCs only via Shibboleth
+ );
+} else {
+ $util->printSetAttributesSuccess($thedisplayname);
+}
+exit;
+
+?>
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/WebAuthN/TextGrid-WebAuth-Community.php b/info.textgrid.middleware.tgauth.webauth/WebAuthN/TextGrid-WebAuth-Community.php
index 700e1771536e7667e4b18e3bf532cc10cd6d518a..4d2a4d3303ea181f03cc2ef18ef9e88d7ea20e59 100644
--- a/info.textgrid.middleware.tgauth.webauth/WebAuthN/TextGrid-WebAuth-Community.php
+++ b/info.textgrid.middleware.tgauth.webauth/WebAuthN/TextGrid-WebAuth-Community.php
@@ -2,8 +2,8 @@
// #######################################################
// Author: Martin Haase / DAASI International GmbH / TextGrid
// Creation date: 2010-09-23
-// Modification date: 2010-09-03
-// Version: 0.1
+// Modification date: 2010-10-19
+// Version: 0.2
// #######################################################
include("../tglib/LDAP.class.php");
@@ -24,6 +24,9 @@ if ( !(isset($authZinstance)) || strlen($authZinstance) <= 0 ) {
exit;
}
+$rbac = new RBAC ( $configfile, $authZinstance );
+
+// Variant 1: Authentication at Community LDAP
if (isset ($_REQUEST["loginname"]) && strlen($_REQUEST["loginname"]) > 0
&& isset ($_REQUEST["password"]) && strlen($_REQUEST["password"]) > 0) {
// now authenticating
@@ -36,31 +39,73 @@ if (isset ($_REQUEST["loginname"]) && strlen($_REQUEST["loginname"]) > 0
null );
exit;
}
+ $ProvidedAttributes = $ldap->getUserAttributes();
+ $_SERVER["REMOTE_USER"] = $AuthNResult["TGID"];
+}
+
+
+// Variant 2: Shibboleth gave us the right REMOTE_USER.
+// We create a Session here, also vor Variant1
+if (isset ($_SERVER["REMOTE_USER"])) { // this holds for shib, too
+
// now creating session, activating roles, etc, in RBAC
- $rbac = new RBAC ( $configfile, $authZinstance );
- $CSResult = $rbac->createSession( $AuthNResult["TGID"], $AuthNResult["LDAPname"] );
- if (! $CSResult["success"]) {
+
+ $CSResult = $rbac->createSession( $_SERVER["REMOTE_USER"] );
+ if (isset ($AuthNResult)) {
+ $CSResult["rbachash"]["identity_provider"] = $AuthNResult["LDAPname"];
+ }
+
+ if (!$CSResult["success"]) {
$util->printAuthFailure("Failure Creating Session in RBAC",
$CSResult["detail"],
$_REQUEST["loginname"],
- array_merge( $CSResult["rbachash"],
- array("identity_provider" => $AuthNResult["LDAPname"] )
- )
+ $CSResult["rbachash"]
);
exit;
}
- $util->printAuthSuccess("Authentication Succeeded",
- $_REQUEST["loginname"],
- array_merge( $CSResult["rbachash"],array("identity_provider" => $AuthNResult["LDAPname"] ) ),
- array("slcmode" => FALSE) // SLCs only via Shibboleth
- );
-
-
-} else if (isset ($_REQUEST["sid"]) && strlen($_REQUEST["sid"]) > 0 ) {
- // displaySID or completeDetails
+ $Sid = $CSResult["rbachash"]["Sid"];
+ $AttributeMap = Array ('surname' => 'sn',
+ 'organisation' => 'o',
+ 'givenname' => 'givenName',
+ 'displayname' => 'cn',
+ 'mail' => 'mail'
+ );
+ if (!isset ($ldap)) {
+ $ProvidedAttributes = Array();
+ if (isset($_SERVER["givenName"])) { $ProvidedAttributes['givenName'] = $_SERVER["givenName"];}
+ if (isset($_SERVER["sn"])) { $ProvidedAttributes['sn'] = $_SERVER["sn"];}
+ if (isset($_SERVER["cn"])) { $ProvidedAttributes['cn'] = $_SERVER["cn"];}
+ if (isset($_SERVER["mail"])) { $ProvidedAttributes['mail'] = $_SERVER["mail"];}
+ if (isset($_SERVER["o"])) { $ProvidedAttributes['o'] = $_SERVER["o"];}
+ }
+}
+// This is Variant 3: No Session Creation, but just a desire to see (and update) User Attributes
+else if (isset ($_REQUEST["sid"]) && strlen($_REQUEST["sid"]) > 0 ) {
+// we might have come directly here using the sid and use an earlier session
+ $Sid = $_REQUEST["sid"];
+} else {
+ trigger_error("WebAuth does not know what to do, exiting.", E_USER_WARNING);
+ exit;
}
+// no matter where we came from we need to retrieve attributes from RBAC
+$attributes = $rbac->getUserAttributes( $Sid );
+// if we already have enough attributes and just created a session, possibly update
+// them if there came different ones, and then finally print welcome screen causing
+// the TextGridLab to take over the Sid
+if ($rbac->enoughUserAttributes( $Sid ) && isset ($_SERVER["REMOTE_USER"])) {
+ $util->printAuthSuccess("Authentication Succeeded",
+ $_REQUEST["loginname"],
+ $CSResult["rbachash"],
+ array("slcmode" => FALSE) // SLCs only via Shibboleth
+ );
+ $rbac->updateAttributes ( $ProvidedAttributes, $AttributeMap ); // not vital and second-order
+} else {
+ // now presenting the form, let JavaScript take care for the non-empty-check and the help
+ // the form will return either displaying the Sid or just a ACK
+ $util->printAttributeForm( $attributes, $ProvidedAttributes, $AttributeMap, $Sid, $authZinstance, $_SERVER["REMOTE_USER"]);
+}
?>
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/WebAuthN/iso3166_en_code_lists.txt b/info.textgrid.middleware.tgauth.webauth/WebAuthN/iso3166_en_code_lists.txt
new file mode 100644
index 0000000000000000000000000000000000000000..f1bb23437842a7b458e2d6f029020428d6d125e2
--- /dev/null
+++ b/info.textgrid.middleware.tgauth.webauth/WebAuthN/iso3166_en_code_lists.txt
@@ -0,0 +1,248 @@
+This list states the country names (official short names in English) in alphabetical order as given in ISO 3166-1 and the corresponding ISO 3166-1-alpha-2 code elements. The list is updated whenever a change to the official code list in ISO 3166-1 is effected by the ISO 3166/MA. It lists 240 official short names and code elements. One line of text contains one entry. A country name and its code element are separated by a semicolon (;).
+
+AFGHANISTAN;AF
+ÅLAND ISLANDS;AX
+ALBANIA;AL
+ALGERIA;DZ
+AMERICAN SAMOA;AS
+ANDORRA;AD
+ANGOLA;AO
+ANGUILLA;AI
+ANTARCTICA;AQ
+ANTIGUA AND BARBUDA;AG
+ARGENTINA;AR
+ARMENIA;AM
+ARUBA;AW
+AUSTRALIA;AU
+AUSTRIA;AT
+AZERBAIJAN;AZ
+BAHAMAS;BS
+BAHRAIN;BH
+BANGLADESH;BD
+BARBADOS;BB
+BELARUS;BY
+BELGIUM;BE
+BELIZE;BZ
+BENIN;BJ
+BERMUDA;BM
+BHUTAN;BT
+BOLIVIA, PLURINATIONAL STATE OF;BO
+BOSNIA AND HERZEGOVINA;BA
+BOTSWANA;BW
+BOUVET ISLAND;BV
+BRAZIL;BR
+BRITISH INDIAN OCEAN TERRITORY;IO
+BRUNEI DARUSSALAM;BN
+BULGARIA;BG
+BURKINA FASO;BF
+BURUNDI;BI
+CAMBODIA;KH
+CAMEROON;CM
+CANADA;CA
+CAPE VERDE;CV
+CAYMAN ISLANDS;KY
+CENTRAL AFRICAN REPUBLIC;CF
+CHAD;TD
+CHILE;CL
+CHINA;CN
+CHRISTMAS ISLAND;CX
+COCOS (KEELING) ISLANDS;CC
+COLOMBIA;CO
+COMOROS;KM
+CONGO;CG
+CONGO, THE DEMOCRATIC REPUBLIC OF THE;CD
+COOK ISLANDS;CK
+COSTA RICA;CR
+CÔTE D'IVOIRE;CI
+CROATIA;HR
+CUBA;CU
+CYPRUS;CY
+CZECH REPUBLIC;CZ
+DENMARK;DK
+DJIBOUTI;DJ
+DOMINICA;DM
+DOMINICAN REPUBLIC;DO
+ECUADOR;EC
+EGYPT;EG
+EL SALVADOR;SV
+EQUATORIAL GUINEA;GQ
+ERITREA;ER
+ESTONIA;EE
+ETHIOPIA;ET
+FALKLAND ISLANDS (MALVINAS);FK
+FAROE ISLANDS;FO
+FIJI;FJ
+FINLAND;FI
+FRANCE;FR
+FRENCH GUIANA;GF
+FRENCH POLYNESIA;PF
+FRENCH SOUTHERN TERRITORIES;TF
+GABON;GA
+GAMBIA;GM
+GEORGIA;GE
+GERMANY;DE
+GHANA;GH
+GIBRALTAR;GI
+GREECE;GR
+GREENLAND;GL
+GRENADA;GD
+GUADELOUPE;GP
+GUAM;GU
+GUATEMALA;GT
+GUERNSEY;GG
+GUINEA;GN
+GUINEA-BISSAU;GW
+GUYANA;GY
+HAITI;HT
+HEARD ISLAND AND MCDONALD ISLANDS;HM
+HOLY SEE (VATICAN CITY STATE);VA
+HONDURAS;HN
+HONG KONG;HK
+HUNGARY;HU
+ICELAND;IS
+INDIA;IN
+INDONESIA;ID
+IRAN, ISLAMIC REPUBLIC OF;IR
+IRAQ;IQ
+IRELAND;IE
+ISLE OF MAN;IM
+ISRAEL;IL
+ITALY;IT
+JAMAICA;JM
+JAPAN;JP
+JERSEY;JE
+JORDAN;JO
+KAZAKHSTAN;KZ
+KENYA;KE
+KIRIBATI;KI
+KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF;KP
+KOREA, REPUBLIC OF;KR
+KUWAIT;KW
+KYRGYZSTAN;KG
+LAO PEOPLE'S DEMOCRATIC REPUBLIC;LA
+LATVIA;LV
+LEBANON;LB
+LESOTHO;LS
+LIBERIA;LR
+LIBYAN ARAB JAMAHIRIYA;LY
+LIECHTENSTEIN;LI
+LITHUANIA;LT
+LUXEMBOURG;LU
+MACAO;MO
+MACEDONIA, THE FORMER YUGOSLAV REPUBLIC OF;MK
+MADAGASCAR;MG
+MALAWI;MW
+MALAYSIA;MY
+MALDIVES;MV
+MALI;ML
+MALTA;MT
+MARSHALL ISLANDS;MH
+MARTINIQUE;MQ
+MAURITANIA;MR
+MAURITIUS;MU
+MAYOTTE;YT
+MEXICO;MX
+MICRONESIA, FEDERATED STATES OF;FM
+MOLDOVA, REPUBLIC OF;MD
+MONACO;MC
+MONGOLIA;MN
+MONTENEGRO;ME
+MONTSERRAT;MS
+MOROCCO;MA
+MOZAMBIQUE;MZ
+MYANMAR;MM
+NAMIBIA;NA
+NAURU;NR
+NEPAL;NP
+NETHERLANDS;NL
+NETHERLANDS ANTILLES;AN
+NEW CALEDONIA;NC
+NEW ZEALAND;NZ
+NICARAGUA;NI
+NIGER;NE
+NIGERIA;NG
+NIUE;NU
+NORFOLK ISLAND;NF
+NORTHERN MARIANA ISLANDS;MP
+NORWAY;NO
+OMAN;OM
+PAKISTAN;PK
+PALAU;PW
+PALESTINIAN TERRITORY, OCCUPIED;PS
+PANAMA;PA
+PAPUA NEW GUINEA;PG
+PARAGUAY;PY
+PERU;PE
+PHILIPPINES;PH
+PITCAIRN;PN
+POLAND;PL
+PORTUGAL;PT
+PUERTO RICO;PR
+QATAR;QA
+REUNION;RE
+ROMANIA;RO
+RUSSIAN FEDERATION;RU
+RWANDA;RW
+SAINT BARTHÉLEMY;BL
+SAINT HELENA;SH
+SAINT KITTS AND NEVIS;KN
+SAINT LUCIA;LC
+SAINT MARTIN;MF
+SAINT PIERRE AND MIQUELON;PM
+SAINT VINCENT AND THE GRENADINES;VC
+SAMOA;WS
+SAN MARINO;SM
+SAO TOME AND PRINCIPE;ST
+SAUDI ARABIA;SA
+SENEGAL;SN
+SERBIA;RS
+SEYCHELLES;SC
+SIERRA LEONE;SL
+SINGAPORE;SG
+SLOVAKIA;SK
+SLOVENIA;SI
+SOLOMON ISLANDS;SB
+SOMALIA;SO
+SOUTH AFRICA;ZA
+SOUTH GEORGIA AND THE SOUTH SANDWICH ISLANDS;GS
+SPAIN;ES
+SRI LANKA;LK
+SUDAN;SD
+SURINAME;SR
+SVALBARD AND JAN MAYEN;SJ
+SWAZILAND;SZ
+SWEDEN;SE
+SWITZERLAND;CH
+SYRIAN ARAB REPUBLIC;SY
+TAIWAN, PROVINCE OF CHINA;TW
+TAJIKISTAN;TJ
+TANZANIA, UNITED REPUBLIC OF;TZ
+THAILAND;TH
+TIMOR-LESTE;TL
+TOGO;TG
+TOKELAU;TK
+TONGA;TO
+TRINIDAD AND TOBAGO;TT
+TUNISIA;TN
+TURKEY;TR
+TURKMENISTAN;TM
+TURKS AND CAICOS ISLANDS;TC
+TUVALU;TV
+UGANDA;UG
+UKRAINE;UA
+UNITED ARAB EMIRATES;AE
+UNITED KINGDOM;GB
+UNITED STATES;US
+UNITED STATES MINOR OUTLYING ISLANDS;UM
+URUGUAY;UY
+UZBEKISTAN;UZ
+VANUATU;VU
+VENEZUELA;VE
+VIET NAM;VN
+VIRGIN ISLANDS, BRITISH;VG
+VIRGIN ISLANDS, U.S.;VI
+WALLIS AND FUTUNA;WF
+WESTERN SAHARA;EH
+YEMEN;YE
+ZAMBIA;ZM
+ZIMBABWE;ZW
diff --git a/info.textgrid.middleware.tgauth.webauth/tglib/RBAC.class.php b/info.textgrid.middleware.tgauth.webauth/tglib/RBAC.class.php
index faf1273309d395a1f9b0e9eacd75c4039929b384..35c6e6e3d06dfbb386b264b033078b29d0884f10 100644
--- a/info.textgrid.middleware.tgauth.webauth/tglib/RBAC.class.php
+++ b/info.textgrid.middleware.tgauth.webauth/tglib/RBAC.class.php
@@ -17,6 +17,12 @@ class RBAC {
protected $sessionCreatorPw;
protected $setnamessecret;
+ protected $soapExtra;
+ protected $soapPolicy;
+ protected $soapReview;
+ protected $soapAdministration;
+
+ protected $userAttributes;
public function __construct( $configfilepath , $authZinstance ) {
require_once( "soapTypes.inc.php" );
@@ -37,6 +43,14 @@ class RBAC {
$this->sessionCreatorPw = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:sessioncreator/c:password")->item(0)->nodeValue;
$this->setnamessecret = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:setnamessecret")->item(0)->nodeValue;
+ // -----------------------------------------------------
+ // You'll need these services
+ // -----------------------------------------------------
+ $this->soapExtra = new SoapClient( $this->rbacbase . "wsdl/tgextra.wsdl" );
+ $this->soapPolicy = new SoapClient( $this->rbacbase . "wsdl/tgsystem.wsdl" );
+ $this->soapReview = new SoapClient( $this->rbacbase . "wsdl/tgreview.wsdl" );
+ $this->soapAdministration = new SoapClient( $this->rbacbase . "wsdl/tgadministration.wsdl" );
+
}
public function createSession ( $remote_user ) {
@@ -70,15 +84,8 @@ class RBAC {
"rbachash" => $rbachash);
exit;
}
- $$rbachash["scstatus"] .= "Authentication Method: ". $identified_user['authnmethod'] . "; ";
+ $rbachash["scstatus"] .= "Authentication Method: ". $identified_user['authnmethod'] . "; ";
- // -----------------------------------------------------
- // You'll need these services
- // -----------------------------------------------------
- $soapExtra = new SoapClient( $this->rbacbase . "wsdl/tgextra.wsdl" );
- $soapPolicy = new SoapClient( $this->rbacbase . "wsdl/tgsystem.wsdl" );
- $soapReview = new SoapClient( $this->rbacbase . "wsdl/tgreview.wsdl" );
- $soapAdministration = new SoapClient( $this->rbacbase . "wsdl/tgadministration.wsdl" );
// -----------------------------------------------------
// Before you can create a session you have to
@@ -90,10 +97,10 @@ class RBAC {
$serviceAuthReq->password = $this->sessionCreatorPw;
try {
- $serviceAuthResponse = $soapExtra->authenticate( $serviceAuthReq );
+ $serviceAuthResponse = $this->soapExtra->authenticate( $serviceAuthReq );
if( preg_match( "/[0-9a-z]{2,}/i", $serviceAuthResponse->auth ) ) {
- $$rbachash["scstatus"] .= "WebAuth authenticated at RBAC, received a service SessionId. " ;
+ $rbachash["scstatus"] .= "WebAuth authenticated at RBAC, received a service SessionId. " ;
}
} catch( SoapFault $f ) {
@@ -108,15 +115,15 @@ class RBAC {
// Now you can try to add an active role to your session creator session
// -----------------------------------------------------
$addRoleReq = new addActiveRoleRequest();
- $addRoleReq->username = $sessionCreatorUid;
+ $addRoleReq->username = $this->sessionCreatorUid;
$addRoleReq->role = "sessionCreator,Anwendung";
$addRoleReq->auth = $serviceAuthResponse->auth;
try {
- $addRoleResponse = $soapExtra->tgAddActiveRole( $addRoleReq );
+ $addRoleResponse = $this->soapExtra->tgAddActiveRole( $addRoleReq );
if( $addRoleResponse->result ) {
- $$rbachash["scstatus"] .= "Added active role of application; ";
+ $rbachash["scstatus"] .= "Added active role of application; ";
} else {
return array("success" => FALSE,
"rbachash" => $rbachash,
@@ -138,7 +145,7 @@ class RBAC {
$userexistreq->username = $remote_user;
try {
- $existresult = $soapExtra->userExists($userexistreq);
+ $existresult = $this->soapExtra->userExists($userexistreq);
if (! $existresult->result) {
// -----------------------------------------------
@@ -149,9 +156,9 @@ class RBAC {
$adduserrequest->password = "gnuelpfix"; // this is not relevant and will never be checked
try {
- $addedUser = $soapAdministration->addUser($adduserrequest);
+ $addedUser = $this->soapAdministration->addUser($adduserrequest);
if ($addedUser) {
- $$rbachash["scstatus"] .= "Added user information to authorization database; ";
+ $rbachash["scstatus"] .= "Added user information to authorization database; ";
} else {
return array("success" => FALSE,
"rbachash" => $rbachash,
@@ -166,7 +173,7 @@ class RBAC {
exit;
}
} else {
- $$rbachash["scstatus"] .= "user exists in authentication database; ";
+ $rbachash["scstatus"] .= "user exists in authentication database; ";
}
} catch (SoapFault $f) {
return array("success" => FALSE,
@@ -194,9 +201,9 @@ class RBAC {
$rolesobject->username = $remote_user;
try {
- $roleResponse = $soapReview->authorizedRoles($rolesobject);
+ $roleResponse = $this->soapReview->authorizedRoles($rolesobject);
- $$rbachash["scstatus"] .= "Received all available roles for user; ";
+ $rbachash["scstatus"] .= "Received all available roles for user; ";
} catch (Soapfault $f) {
return array("success" => FALSE,
"rbachash" => $rbachash,
@@ -214,7 +221,7 @@ class RBAC {
// ------------------------------------------------
// Get a newly generated sid from the RBAC system
try {
- $Sid = $soapExtra->getSid();
+ $Sid = $this->soapExtra->getSid();
$Sid = $Sid->sid;
$rbachash["Sid"] = $Sid;
} catch (Soapfault $f) {
@@ -228,11 +235,11 @@ class RBAC {
// Creating the session...
$creReq->sid = $Sid;
try {
- $creResponse = $soapPolicy->createSession( $creReq );
+ $creResponse = $this->soapPolicy->createSession( $creReq );
if( $creResponse->result ) {
- $$rbachash["scstatus"] .= "Created sessions with active roles; ";
+ $rbachash["scstatus"] .= "Created sessions with active roles; ";
} else {
return array("success" => FALSE,
"rbachash" => $rbachash,
@@ -258,12 +265,67 @@ class RBAC {
return preg_replace('/[";+<>,\\\]/', "X", $string);
}
- function setUserDetails ( $Sid, $stringhash ) {
+ function getUserAttributes ( $Sid ) {
+ $getMyUAR = new StdClass();
+ $getMyUAR->auth = $Sid;
+
+ try {
+ $ua = $this->soapExtra->getMyUserAttributes($getMyUAR);
+ $this->userAttributes = $ua->attribute;
+ return $ua->attribute;
+ } catch (SoapFault $f) {
+ return array("success" => FALSE,
+ "detail" => "SOAP FAULT (getMyUserAttributes)!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail );
+ }
+
+ }
+
+ function enoughUserAttributes ( $Sid ) {
+ if (!isset($this->userAttributes)) {
+ $this->getUserAttributes( $Sid );
+ }
+ // $file = fopen ("/tmp/xxxR.log", "w+");
+ // fwrite ($file, serialize ($this->userAttributes ) ."\n");
+ // fclose ($file);
+
+ foreach ($this->userAttributes as $a) {
+ if ($a->mandatory) {
+ if (!isset($a->value)) {
+ return FALSE;
+ } else {
+ if (is_string($a->value) && strlen($a->value) < 1) {
+ return FALSE;
+ }
+ }
+ }
+ }
+ return TRUE;
+ }
+
+ function updateAttributes ( $map ) {
+ return TRUE;
+ }
+ function setAttributes ( $attrs, $Sid, $loginmode ) {
+ $setMyUserAttributesRequest = new StdClass();
+ $setMyUserAttributesRequest->attribute = $attrs;
+ $setMyUserAttributesRequest->auth = $Sid;
+ if ($loginmode) {
+ $setMyUserAttributesRequest->webAuthSecret = $this->setnamessecret;
+ } else {
+ $setMyUserAttributesRequest->webAuthSecret = "";
+ }
+ try {
+ $res = $this->soapExtra->setMyUserAttributes($setMyUserAttributesRequest);
+ return $res;
+ } catch (SoapFault $f) {
+ return array("success" => FALSE,
+ "detail" => "SOAP FAULT (setMyUserAttributes)!: " . $f->faultcode . " / " . $f->faultstring . " / " . $f->detail );
+ }
}
-
+
}
?>
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/tglib/WebUtils.class.php b/info.textgrid.middleware.tgauth.webauth/tglib/WebUtils.class.php
index 8dd593bf61da50e007ac43eed983fdbb875f22cd..f6c2d77eeaa4ace16495f6d0ed6d9c4d20b1f8f9 100644
--- a/info.textgrid.middleware.tgauth.webauth/tglib/WebUtils.class.php
+++ b/info.textgrid.middleware.tgauth.webauth/tglib/WebUtils.class.php
@@ -13,7 +13,6 @@ class WebUtils {
public function __construct() {
-
}
public function printAuthSuccess($heading,$loginname,$rbachash,$slc) {
@@ -133,6 +132,169 @@ class WebUtils {
echo "<meta http-equiv=\"Content-Type\" content=\"text/html;charset=utf-8\" />\n";
}
+ public function printAttributeForm ( $existingAttrs, $providedAttrs, $attrMap, $Sid, $authZinstance, $remote_user) {
+ if (isset ($providedAttrs)) {
+ $loginmode = TRUE;
+ $title = "Please Complete your User Attributes";
+ } else {
+ $loginmode = FALSE;
+ $title = "Your User Attributes for Modification";
+ }
+
+ $this->printHeader ($title);
+
+ echo "<meta name=\"remote_principal\" content=\"".$remote_user."\"/>\n";
+ echo "<meta name=\"rbac_sessionid\" content=\"".$Sid."\"/>\n";
+
+ echo "<script type=\"text/javascript\">\n";
+ echo "function chkFormular () {\n";
+
+ foreach ($existingAttrs as $a) {
+ if ($a->mandatory) {
+ echo " if (document.Formular.". $a->name . ".value == \"\") {\n";
+ echo " alert(\"Please specify your ".$a->displayname .". \\n(".$a->description . ").\");\n";
+ echo " document.Formular.". $a->name . ".focus();\n";
+ echo " return false;\n";
+ echo " }\n";
+ }
+ }
+ echo " if (document.Formular.mail.value.indexOf(\"@\") == -1 ){\n";
+ echo " alert(\"Please specify your valid E-Mail-Address.\");\n";
+ echo " document.Formular.mail.focus();\n";
+ echo " return false;\n";
+ echo " }\n";
+
+ echo "}\n"; // end of chkFormular
+
+ echo "</script>";
+
+ echo "</head>\n<body>\n";
+ echo "<h2>$title</h2>\n";
+
+ echo "<form name=\"Formular\" action=\"PutAttributes.php\" method=\"post\" onsubmit=\"return chkFormular()\">\n";
+ echo "<table>\n";
+ foreach ($existingAttrs as $a) {
+ $oldval = "";
+ if (isset ($a->value)) {
+ $oldval = $a->value;
+ }
+ if (isset($attrMap[$a->name]) && isset($providedAttrs[$attrMap[$a->name]])) {
+ $oldval = $providedAttrs[$attrMap[$a->name]];
+ }
+ if ($this->isBoolean ($a)) {
+ if ($oldval === "TRUE") {
+ $checked = "checked=\"checked\"";
+ } else {
+ $checked = "";
+ }
+ }
+ if ($a->mandatory) {
+ $mandatory = "<span style=\"color:red\">*</span>";
+ } else {
+ $mandatory = "";
+ }
+
+ echo "<tr><td>".$a->displayname." ${mandatory}</td>";
+ if ($this->isBoolean ($a)) {
+ echo "<td><input type=\"checkbox\" name=\"". $a->name . "\" value=\"yes\" ${checked}/></td>\n";
+ } else if ($this->isISO3166format ($a)) {
+ if ($oldval === "") {$oldval = "DE";} // pre-assume German Scholars
+ echo "<td>";
+ $this->formatISO3166list( $a->name, $oldval);
+ echo "</td>\n";
+ } else { // assume string
+ echo "<td><input type=\"text\" size=\"50\" name=\"". $a->name . "\" value=\"". $oldval ."\"/></td>\n";
+ }
+ echo "<td><div onmouseover=\"this.innerHTML = '". $a->description ."'\"\n";
+ echo " onmouseout=\"this.innerHTML = '?'\"> ?</div></td></tr>\n";
+ }
+ echo "</table>\n";
+ echo "<input type=\"hidden\" name=\"loginmode\" value=\"" . $loginmode . "\" />\n";
+ echo "<input type=\"hidden\" name=\"remote_user\" value=\"" . $remote_user . "\" />\n";
+ echo "<input type=\"hidden\" name=\"Sid\" value=\"" . $Sid . "\" />\n";
+ echo "<input type=\"hidden\" name=\"authZinstance\" value=\"" . $authZinstance . "\" />\n";
+ echo "<input type=\"submit\" value=\"Submit\"><input type=\"reset\" value=\"Cancel\">\n";
+ echo "</form>\n";
+ echo "\n</body>\n</html>";
+ }
+
+ public function printSetAttributesSuccess ($thedisplayname) {
+ $this->printHeader("Successfully updated User Attributes");
+ echo "</head><body>\n";
+ echo "Thank you, ${thedisplayname}, your user attributes are now up to date.<br/>\n";
+ echo "You can close this dialogue.\n";
+ echo "\n</body>\n</html>";
+ }
+
+
+ public function isBoolean ($attr) {
+ // TODO this is a hack yet
+ if ($attr->name === "agreesearch") {
+ return TRUE;
+ } else {
+ return FALSE;
+ }
+ }
+
+ public function isISO3166format ($attr) {
+ // TODO this is a hack yet
+ if ($attr->name === "citizenship" || $attr->name === "country") {
+ return TRUE;
+ } else {
+ return FALSE;
+ }
+ }
+
+ public function formatISO3166list ( $listname, $preselected ) {
+ $list = $this->list_iso3166();
+
+ echo "<select name=\"${listname}\" size=\"1\">\n";
+ foreach ($list as $code => $name) {
+ if ($code === $preselected) {
+ $selected = "selected=\"selected\"";
+ } else {
+ $selected = "";
+ }
+ echo "<option ${selected} value=\"${code}\">${name}</option>\n";
+ }
+ echo "</select>";
+ }
+
+ // taken from http://code.google.com/p/hm2k/source/browse/trunk/code/php/functions/iso3166.php
+ function list_iso3166($key=false) { // Returns a list of ISO 3166 alpha 2 country codes and names in an array
+
+ // Make a static copy of this file on your server
+ $url='http://www.iso.org/iso/iso3166_en_code_lists.txt';
+
+ // Path/Filename of the local copy (if present)
+ $file='iso3166_en_code_lists.txt';
+
+ // Can we find a local copy?
+ if (!file_exists($file)) { $file=$url; }
+
+ // Put the data into a list...
+ $list=@file_get_contents($file);
+
+ // No list? Return
+ if (empty($list)) { return; }
+
+ // Process list
+ $lines=explode("\n",$list);
+ $list=array();
+ foreach ($lines as $line) {
+ $line=explode(';',$line);
+ if (isset($line[1])) {
+ $list[trim($line[1])]=trim($line[0]);
+ }
+ }
+
+ // Shift first line (info line) off the array
+ array_shift($list);
+
+ //Return either entire list as array or just a key.
+ return isset($list[$key])?$list[$key]:$list;
+ }
+
}
?>
\ No newline at end of file