This repository has been archived by the owner on Sep 19, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b88f3c4
commit bc3ec33
Showing
3 changed files
with
109 additions
and
71 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,23 +2,25 @@ | |
|
||
namespace SimpleSAML\Module\perun\Auth\Process; | ||
|
||
use SimpleSAML\Auth\ProcessingFilter; | ||
use SimpleSAML\Module\perun\Adapter; | ||
use SimpleSAML\Error\Exception; | ||
use SimpleSAML\Logger; | ||
use SimpleSAML\Module; | ||
use SimpleSAML\Module\perun\UpdateUESThread; | ||
|
||
/** | ||
* Class sspmod_perun_Auth_Process_UpdateUserExtSource | ||
* | ||
* This filter updates userExtSource attributes when he logs in. | ||
* | ||
* @author Dominik Baránek <[email protected]> | ||
* @author Pavel Vyskočil <[email protected]> | ||
*/ | ||
class UpdateUserExtSource extends \SimpleSAML\Auth\ProcessingFilter | ||
class UpdateUserExtSource extends ProcessingFilter | ||
{ | ||
private $attrMap; | ||
private $attrsToConversion; | ||
private $adapter; | ||
const UES_ATTR_NMS = 'urn:perun:ues:attribute-def:def:'; | ||
|
||
public function __construct($config, $reserved) | ||
{ | ||
|
@@ -39,77 +41,19 @@ public function __construct($config, $reserved) | |
} | ||
|
||
$this->attrMap = (array)$config['attrMap']; | ||
$this->adapter = Adapter::getInstance(Adapter::RPC); | ||
} | ||
|
||
public function process(&$request) | ||
{ | ||
assert(is_array($request)); | ||
try { | ||
$userExtSource = $this->adapter->getUserExtSource( | ||
$request['Attributes']['sourceIdPEntityID'][0], | ||
$request['Attributes']['sourceIdPEppn'][0] | ||
); | ||
if ($userExtSource === null) { | ||
throw new Exception( | ||
'sspmod_perun_Auth_Process_UpdateUserExtSource: there is no UserExtSource with ExtSource ' . | ||
$request['Attributes']['sourceIdPEntityID'][0] . " and Login " . | ||
$request['Attributes']['sourceIdPEppn'][0] | ||
); | ||
} | ||
|
||
$attributes = $this->adapter->getUserExtSourceAttributes($userExtSource['id'], array_keys($this->attrMap)); | ||
|
||
if ($attributes === null) { | ||
throw new Exception( | ||
'sspmod_perun_Auth_Process_UpdateUserExtSource: getting attributes was not successful.' | ||
); | ||
} | ||
|
||
$attributesToUpdate = []; | ||
foreach ($attributes as $attribute) { | ||
$attrName = self::UES_ATTR_NMS . $attribute['friendlyName']; | ||
if (isset($this->attrMap[$attrName]) && isset($request['Attributes'][$this->attrMap[$attrName]])) { | ||
$attr = $request['Attributes'][$this->attrMap[$attrName]]; | ||
|
||
if (in_array(self::UES_ATTR_NMS . $attribute['friendlyName'], $this->attrsToConversion)) { | ||
$arrayAsString = ['']; | ||
foreach ($attr as $value) { | ||
$arrayAsString[0] .= $value . ';'; | ||
} | ||
if (!empty($arrayAsString[0])) { | ||
$arrayAsString[0] = substr($arrayAsString[0], 0, -1); | ||
} | ||
$attr = $arrayAsString; | ||
} | ||
|
||
if (strpos($attribute['type'], 'String') || | ||
strpos($attribute['type'], 'Integer') || | ||
strpos($attribute['type'], 'Boolean')) { | ||
$valueFromIdP = $attr[0]; | ||
} elseif (strpos($attribute['type'], 'Array') || strpos($attribute['type'], 'Map')) { | ||
$valueFromIdP = $attr; | ||
} else { | ||
throw new Exception( | ||
'sspmod_perun_Auth_Process_UpdateUserExtSource: unsupported type of attribute.' | ||
); | ||
} | ||
if ($valueFromIdP !== $attribute['value']) { | ||
$attribute['value'] = $valueFromIdP; | ||
array_push($attributesToUpdate, $attribute); | ||
} | ||
} | ||
} | ||
|
||
if (!empty($attributesToUpdate)) { | ||
$this->adapter->setUserExtSourceAttributes($userExtSource['id'], $attributesToUpdate); | ||
} | ||
$this->adapter->updateUserExtSourceLastAccess($userExtSource['id']); | ||
} catch (\Exception $ex) { | ||
Logger::warning( | ||
'sspmod_perun_Auth_Process_UpdateUserExtSource: update was not successful: ' . | ||
$ex->getMessage() . ' Skip to next filter.' | ||
); | ||
} | ||
$data = [ | ||
'attributes' => $request['Attributes'], | ||
'attrMap' => $this->attrMap, | ||
'attrsToConversion' => $this->attrsToConversion, | ||
'perunUserId' => $request['perun']['user']->getId() | ||
]; | ||
|
||
$cmd = 'curl -X POST -H "Content-Type: application/json" -d \'' . json_encode($data) . '\' ' . | ||
Module::getModuleURL('perun/updateUes.php') . ' > /dev/null &'; | ||
exec($cmd); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
<?php | ||
|
||
/** | ||
* Script for updating UES in separate thread | ||
* | ||
* @author Pavel Vyskočil <[email protected]> | ||
*/ | ||
|
||
use SimpleSAML\Logger; | ||
use SimpleSAML\Module\perun\Adapter; | ||
|
||
$adapter = Adapter::getInstance(Adapter::RPC); | ||
|
||
$entityBody = file_get_contents('php://input'); | ||
$body = json_decode($entityBody, true); | ||
|
||
$attributes = $body['attributes']; | ||
$attrMap = $body['attrMap']; | ||
$attrsToConversion = $body['attrsToConversion']; | ||
$perunUserId = $body['perunUserId']; | ||
|
||
const UES_ATTR_NMS = 'urn:perun:ues:attribute-def:def:'; | ||
|
||
try { | ||
$userExtSource = $adapter->getUserExtSource( | ||
$attributes['sourceIdPEntityID'][0], | ||
$attributes['sourceIdPEppn'][0] | ||
); | ||
if ($userExtSource === null) { | ||
throw new Exception( | ||
'sspmod_perun_Auth_Process_UpdateUserExtSource: there is no UserExtSource with ExtSource ' . | ||
$attributes['sourceIdPEntityID'][0] . " and Login " . | ||
$attributes['sourceIdPEppn'][0] | ||
); | ||
} | ||
|
||
$attributes = $adapter->getUserExtSourceAttributes($userExtSource['id'], array_keys($attrMap)); | ||
|
||
if ($attributes === null) { | ||
throw new Exception( | ||
'sspmod_perun_Auth_Process_UpdateUserExtSource: getting attributes was not successful.' | ||
); | ||
} | ||
|
||
$attributesToUpdate = []; | ||
foreach ($attributes as $attribute) { | ||
$attrName = UES_ATTR_NMS . $attribute['friendlyName']; | ||
if (isset($attrMap[$attrName], $attributes[$attrMap[$attrName]])) { | ||
$attr = $attributes[$attrMap[$attrName]]; | ||
|
||
if (in_array(UES_ATTR_NMS . $attribute['friendlyName'], $attrsToConversion)) { | ||
$arrayAsString = ['']; | ||
foreach ($attr as $value) { | ||
$arrayAsString[0] .= $value . ';'; | ||
} | ||
if (!empty($arrayAsString[0])) { | ||
$arrayAsString[0] = substr($arrayAsString[0], 0, -1); | ||
} | ||
$attr = $arrayAsString; | ||
} | ||
|
||
if (strpos($attribute['type'], 'String') || | ||
strpos($attribute['type'], 'Integer') || | ||
strpos($attribute['type'], 'Boolean')) { | ||
$valueFromIdP = $attr[0]; | ||
} elseif (strpos($attribute['type'], 'Array') || strpos($attribute['type'], 'Map')) { | ||
$valueFromIdP = $attr; | ||
} else { | ||
throw new Exception( | ||
'sspmod_perun_updateUes: unsupported type of attribute.' | ||
); | ||
} | ||
if ($valueFromIdP !== $attribute['value']) { | ||
$attribute['value'] = $valueFromIdP; | ||
array_push($attributesToUpdate, $attribute); | ||
} | ||
} | ||
} | ||
|
||
if (!empty($attributesToUpdate)) { | ||
$adapter->setUserExtSourceAttributes($userExtSource['id'], $attributesToUpdate); | ||
} | ||
|
||
$adapter->updateUserExtSourceLastAccess($userExtSource['id']); | ||
|
||
Logger::debug('sspmod_perun_updateUes - Updating UES for user with userId: ' . $perunUserId . ' was successful.'); | ||
} catch (\Exception $ex) { | ||
Logger::warning( | ||
'sspmod_perun_updateUes: Updating UES for user with userId: ' . $perunUserId . ' was not successful: ' . | ||
$ex->getMessage() | ||
); | ||
} |