Google Git
Sign in
apache / vcl / cf065939dae37cc47e46c6b869960c3234c85614 / . / web / .ht-inc / authmethods / shibauth.php
blob: 33d7b5d2169d6c266a767b3189c0e693556a75f8 [file] [log] [blame]
<?php
/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/**
* \file
*/
////////////////////////////////////////////////////////////////////////////////
///
/// \fn updateShibUser($userid)
///
/// \param $userid - id of a user in userid@affiliation form
///
/// \return an array with these keys:\n
/// \b firstname
/// \b lastname
/// \b email
/// \b unityid - userid for user
/// \b affilid - id from affiliation table for user's affiliation
/// \b id - id of user from user table
///
/// \brief updates user's first name, last name, and email address, and
/// lastupdated timestamp in the user table from data provided by shibboleth
///
////////////////////////////////////////////////////////////////////////////////
function updateShibUser($userid) {
global $mysqli_link_vcl;
$rc = getAffilidAndLogin($userid, $affilid);
if($rc == -1)
return NULL;
$displast = '';
if(array_key_exists('displayName', $_SERVER) &&
! empty($_SERVER['displayName'])) {
# split displayName into first and last names
if(preg_match('/,/', $_SERVER['displayName'])) {
$names = explode(',', $_SERVER['displayName']);
$user['firstname'] = preg_replace('/^\s+/', '', $names[1]);
$user['firstname'] = preg_replace('/\s+$/', '', $user['firstname']);
$displast = preg_replace('/^\s+/', '', $names[0]);
$displast = preg_replace('/\s+$/', '', $displast);
}
else {
$names = explode(' ', $_SERVER['displayName']);
$displast = array_pop($names);
$user['firstname'] = array_shift($names);
}
}
elseif(array_key_exists('givenName', $_SERVER) &&
! empty($_SERVER['givenName']))
$user['firstname'] = $_SERVER['givenName'];
else
$user['firstname'] = '';
if(array_key_exists('sn', $_SERVER) &&
! empty($_SERVER['sn']))
$user["lastname"] = $_SERVER['sn'];
else
$user['lastname'] = $displast;
if(array_key_exists('mail', $_SERVER))
$user["email"] = $_SERVER['mail'];
$user['unityid'] = $userid;
$user['affilid'] = $affilid;
# check to see if this user already exists in our db
$query = "SELECT id "
. "FROM user "
. "WHERE unityid = '$userid' AND "
. "affiliationid = $affilid";
$qh = doQuery($query, 101);
if(! $row = mysqli_fetch_assoc($qh)) {
# add user to our db
$user['id'] = addShibUser($user);
return $user;
}
# update user's data in db
$user['id'] = $row['id'];
$first = vcl_mysql_escape_string($user['firstname']);
$last = vcl_mysql_escape_string($user['lastname']);
$query = "UPDATE user "
. "SET firstname = '$first', "
. "lastname = '$last', ";
if(array_key_exists('email', $user)) {
$email = vcl_mysql_escape_string($user['email']);
$query .= "email = '$email', ";
}
$query .= "lastupdated = NOW(), "
. "validated = 1 "
. "WHERE id = {$user['id']}";
doQuery($query, 101, 'vcl', 1);
return $user;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn addShibUser($user)
///
/// \param $user - array of user data with these keys:\n
/// \b unityid - userid\n
/// \b affilid - id from affiliation table matching user's affiliation\n
/// \b firstname\n
/// \b lastname\n
/// \b email
///
/// \return id from user table for user
///
/// \brief adds $user to the user table
///
////////////////////////////////////////////////////////////////////////////////
function addShibUser($user) {
global $mysqli_link_vcl;
$unityid = vcl_mysql_escape_string($user['unityid']);
$first = vcl_mysql_escape_string($user['firstname']);
$last = vcl_mysql_escape_string($user['lastname']);
$query = "INSERT INTO user "
. "(unityid, "
. "affiliationid, "
. "firstname, "
. "lastname, ";
if(array_key_exists('email', $user))
$query .= "email, ";
$query .= "emailnotices, "
. "lastupdated) "
. "VALUES ("
. "'$unityid', "
. "{$user['affilid']}, "
. "'$first', "
. "'$last', ";
if(array_key_exists('email', $user)) {
$email = vcl_mysql_escape_string($user['email']);
$query .= "'$email', ";
}
$query .= "0, "
. "NOW())";
doQuery($query, 101, 'vcl', 1);
if(mysqli_affected_rows($mysqli_link_vcl)) {
$user['id'] = mysqli_insert_id($mysqli_link_vcl);
return $user['id'];
}
else
return NULL;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn updateShibGroups($usernid, $groups)
///
/// \param $usernid - id from user table
/// \param $groups - data provided in the eduPersonScopedAffiliation attribute
/// or an array with a single element where the key is 'shibaffil' and the
/// value matches an entry for shibname from the affiliation table
///
/// \brief converts the shibboleth affiliation to VCL affiliation, prepends
/// 'shib-' to each of the group names and calls updateGroups to add the user
/// to each of the shibboleth groups; if $groups is the array option, user is
/// added to a single group named "All <affil name> users" where <affil name>
/// is the name field from the affiliation table
///
////////////////////////////////////////////////////////////////////////////////
function updateShibGroups($usernid, $groups) {
if(is_array($groups) && array_key_exists('shibaffil', $groups)) {
$shibaffil = $groups['shibaffil'];
$groups = '';
}
$groups = explode(';', $groups);
$newusergroups = array();
foreach($groups as $group) {
# make sure $group contains non-whitespace
if(! preg_match('/\w/', $group))
continue;
list($name, $shibaffil) = explode('@', $group);
# get id for the group's affiliation
$query = "SELECT id FROM affiliation WHERE shibname = '$shibaffil'";
$qh = doQuery($query, 101);
$row = mysqli_fetch_assoc($qh);
$affilid = $row['id'];
# prepend shib- and escape it for mysql
$grp = vcl_mysql_escape_string("shib-" . $name);
array_push($newusergroups, getUserGroupID($grp, $affilid));
}
$query = "SELECT id, name FROM affiliation WHERE shibname = '$shibaffil'";
$qh = doQuery($query, 101);
$row = mysqli_fetch_assoc($qh);
$affilid = $row['id'];
$grp = vcl_mysql_escape_string("All {$row['name']} Users");
array_push($newusergroups, getUserGroupID($grp, $affilid));
$newusergroups = array_unique($newusergroups);
if(! empty($newusergroups))
updateGroups($newusergroups, $usernid);
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn addShibUserStub($affilid, $userid)
///
/// \param $affilid - id of user's affiliation
/// \param $userid - user's login id
///
/// \return an array of user information with the following keys:\n
/// \b first - empty string\n
/// \b last - empty string\n
/// \b email - empty string\n
/// \b emailnotices - 0 or 1, whether or not emails should be sent to user
///
/// \brief adds $userid to database with both lastupdate and validated set to 0
///
////////////////////////////////////////////////////////////////////////////////
function addShibUserStub($affilid, $userid) {
global $mysqli_link_vcl;
$query = "INSERT INTO user "
. "(unityid, "
. "affiliationid, "
. "emailnotices, "
. "lastupdated, "
. "validated) "
. "VALUES ("
. "'$userid', "
. "'$affilid', "
. "0, "
. "0, "
. "0)";
doQuery($query);
if(mysqli_affected_rows($mysqli_link_vcl))
return dbLastInsertID();
else
return NULL;
}
?>