casost upgraded with additional attributes

1e4bc02f · Χάρης Παπαδόπουλος · cdf24d50 · 1e4bc02f · 1e4bc02f · 1e4bc02f
Commit 1e4bc02f authored May 16, 2017 by Χάρης Παπαδόπουλος
--- a/drupal/modules/casost/src/Controller/CASLogin.php
+++ b/drupal/modules/casost/src/Controller/CASLogin.php
@@ -69,8 +69,9 @@ class CASLogin extends ControllerBase
    public function loginGo(Request $request)
    {

+        $configRowName = 'casost_sch_sso_config';
        try {
-            $configRowName = 'casost_sch_sso_config';
+
            $configRowId = $request->query->get('config');
            if ($configRowId)
                $configRowName = $configRowName . '_' . $configRowId;
@@ -120,11 +121,7 @@ class CASLogin extends ControllerBase
            }
            phpCAS::handleLogoutRequests();
            if (!phpCAS::forceAuthentication()) {
-                $response = new Response();
-                $response->setContent('forbidden. cannot force authentication');
-                $response->setStatusCode(Response::HTTP_FORBIDDEN);
-                $response->headers->set('Content-Type', 'application/json');
-                return $response;
+                return $this->redirectForbidden($configRowName, '5001');
            }
            $attributes = phpCAS::getAttributes();
 /*            foreach ($attributes as $attr_key => $attr_value) {
@@ -178,60 +175,85 @@ class CASLogin extends ControllerBase
                return $attributes[$attribute];
            };

-            $exposedRole = 'director';
-            $internalRole = 'epal';
-            $CASTitle = preg_replace('/\s+/', '', $filterAttribute('title'));
-            if ($CASTitle === 'ΠΕΡΙΦΕΡΕΙΑΚΗΔΙΕΥΘΥΝΣΗΕΚΠΑΙΔΕΥΣΗΣ-ΠΔΕ') {
-                $exposedRole = 'pde';
-                $internalRole = 'regioneduadmin';
-            } else if ($CASTitle === 'ΔΙΕΥΘΥΝΣΗΔΕ-ΔIΔΕ') {
-                $exposedRole = 'dide';
-                $internalRole = 'eduadmin';
-            } else if ($CASTitle === 'ΕΠΑΛ') {
-                $exposedRole = 'director';
-                $internalRole = 'epal';
-            } else {
-                $response = new Response();
-                $this->logger->warning(t('Access is allowed only to official school accounts or administration'));
-                $response->setContent(t('Access is allowed only to official school accounts or administration'));
-                $response->setStatusCode(Response::HTTP_FORBIDDEN);
-                $response->headers->set('Content-Type', 'application/json;charset=UTF-8');
-                return $response;
+            $umdobject = $filterAttribute("umdobject");
+            $physicaldeliveryofficename = $filterAttribute("physicaldeliveryofficename");
+
+
+/****** the following is for production ***************************/
+
+        /*    if (!$umdobject || $umdobject !== "Account") {
+                return $this->redirectForbidden($configRowName, '5002');
+            }
+            if (!$physicaldeliveryofficename || preg_replace('/\s+/', '', $physicaldeliveryofficename) !== 'ΕΠΙΣΗΜΟΣΛΟΓΑΡΙΑΣΜΟΣ') {
+                return $this->redirectForbidden($configRowName, '5003');
+            } */
+
+            phpCAS::trace($umdobject);
+            phpCAS::trace($physicaldeliveryofficename);
+            $gsnunitcodedn = $filterAttribute('edupersonorgunitdn:gsnunitcode:extended');
+            $gsnunitcode = substr($gsnunitcodedn, strpos($gsnunitcodedn, ";") + 1);
+            phpCAS::trace($gsnunitcode);
+            $userAssigned = $this->assignRoleToUser($gsnunitcode);
+            if (sizeof($userAssigned) === 0) {
+                return $this->redirectForbidden($configRowName, '5004');
            }

 // $this->logger->warning('redirecturl=' . $this->redirectUrl);
-            $epalToken = $this->authenticatePhase2($request, $CASUser, $internalRole, $filterAttribute('cn'));
+            $epalToken = $this->authenticatePhase2($request, $CASUser, $userAssigned, $filterAttribute('cn'));
            if ($epalToken) {
                if ('casost_sch_sso_config' === $configRowName) {
                /*    $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
                    $cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false); */

-                    return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $exposedRole, 302, []);
+                    return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
                } else {
                    \Drupal::service('page_cache_kill_switch')->trigger();
-                    return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $exposedRole, 302, []);
+                    return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
                }
 //                $headers = array("auth_token" => $epalToken, "auth_role" => "director");
 //                return new RedirectResponse($this->redirectUrl, 302, $headers);
            } else {
-                $response = new Response();
-                $response->setContent('No proper authentication');
-                $response->setStatusCode(Response::HTTP_FORBIDDEN);
-                $response->headers->set('Content-Type', 'application/json');
-                return $response;
+                return $this->redirectForbidden($configRowName, '5005');
            }

        } catch (\Exception $e) {
            $this->logger->warning($e->getMessage());
-            $response = new Response();
-            $response->setContent('Unexpected Problem');
-            $response->setStatusCode(Response::HTTP_FORBIDDEN);
-            $response->headers->set('Content-Type', 'application/json');
-            return $response;
+            return $this->redirectForbidden($configRowName, '6000');
+        }
+    }
+
+    private function assignRoleToUser($registry_no) {
+        $schools = $this->entityTypeManager->getStorage('eepal_school')->loadByProperties(array('registry_no' => $registry_no));
+        $school = reset($schools);
+        if ($school) {
+            return array("id" => $school->id(), "exposedRole" => "director", "internalRole" => "epal");
+        }
+        $eduAdmins = $this->entityTypeManager->getStorage('eepal_admin_area')->loadByProperties(array('registry_no' => $registry_no));
+        $eduAdmin = reset($eduAdmins);
+        if ($eduAdmin) {
+            return array("id" => $eduAdmin->id(), "exposedRole" => "dide", "internalRole" => "eduadmin");
+        }
+        $regionAdmins = $this->entityTypeManager->getStorage('eepal_region')->loadByProperties(array('registry_no' => $registry_no));
+        $regionAdmin = reset($regionAdmins);
+        if ($regionAdmin) {
+            return array("id" => $regionAdmin->id(), "exposedRole" => "pde", "internalRole" => "regioneduadmin");
+        }
+        return array();
+
+    }
+
+    private function redirectForbidden($configRowName, $errorCode) {
+        session_unset();
+        session_destroy();
+        \Drupal::service('page_cache_kill_switch')->trigger();
+        if ('casost_sch_sso_config' === $configRowName) {
+            return new RedirectResponse($this->redirectUrl.'&error_code=' . $errorCode, 302, []);
+        } else {
+            return new RedirectResponseWithCookieExt($this->redirectUrl .'&error_code=' . $errorCode, 302, []);
        }
    }

-    public function authenticatePhase2($request, $CASUser, $internalRole, $cn)
+    private function authenticatePhase2($request, $CASUser, $userAssigned, $cn)
    {
    $trx = $this->connection->startTransaction();
    try {
@@ -260,7 +282,8 @@ class CASLogin extends ControllerBase
            $user->setEmail($CASUser);
            $user->setUsername($epalToken); //This username must be unique and accept only a-Z,0-9, - _ @ .
            $user->activate();
-            $user->set('init', $cn);
+//            $user->set('init', $cn);
+            $user->set('init', $userAssigned["id"]);

            //Set Language
            $language_interface = \Drupal::languageManager()->getCurrentLanguage();
@@ -269,7 +292,7 @@ class CASLogin extends ControllerBase
            $user->set('preferred_admin_langcode', $language_interface->getId());

            //Adding default user role
-            $user->addRole($internalRole);
+            $user->addRole($userAssigned["internalRole"]);
            $user->save();
        }


--- a/drupal/modules/casost/src/Controller/CASLogout.php
+++ b/drupal/modules/casost/src/Controller/CASLogout.php
@@ -60,8 +60,9 @@ class CASLogout extends ControllerBase

    public function logoutGo(Request $request)
    {
+        $configRowName = 'casost_sch_sso_config';
        try {
-            $configRowName = 'casost_sch_sso_config';
+
            $configRowId = $request->query->get('config');
            if ($configRowId) {
                $configRowName = $configRowName.'_'.$configRowId;
@@ -86,12 +87,7 @@ class CASLogout extends ControllerBase
                $this->allowed2 = $CASOSTConfig->allowed2->value;
                $this->allowed2Value = $CASOSTConfig->allowed2value->value;
            } else {
-                $response = new Response();
-                $response->setContent('forbidden. No config');
-                $response->setStatusCode(Response::HTTP_FORBIDDEN);
-                $response->headers->set('Content-Type', 'application/json');
-
-                return $response;
+                return $this->redirectForbidden($configRowName, '7001');
            }

            // Enable debugging
@@ -111,14 +107,7 @@ class CASLogout extends ControllerBase
            $user = reset($users);

            if (!$user) {
-                $this->logger->warning('user not found');
-
-                $response = new Response();
-                $response->setContent('forbidden');
-                $response->setStatusCode(Response::HTTP_FORBIDDEN);
-                $response->headers->set('Content-Type', 'application/json');
-
-                return $response;
+                return $this->redirectForbidden($configRowName, '7002');
            }
 //            phpCAS::handleLogoutRequests();

@@ -127,6 +116,10 @@ class CASLogout extends ControllerBase
 //            session_destroy();
            $user->setPassword(uniqid('pw'));
            $user->save();
+
+
+
+
            $response = new Response();
            $response->setContent('logout successful');
            $response->setStatusCode(Response::HTTP_OK);
@@ -145,12 +138,18 @@ class CASLogout extends ControllerBase
            return $response;
        } catch (\Exception $e) {
            $this->logger->warning($e->getMessage());
-            $response = new Response();
-            $response->setContent('forbidden');
-            $response->setStatusCode(Response::HTTP_FORBIDDEN);
-            $response->headers->set('Content-Type', 'application/json');
+            return $this->redirectForbidden($configRowName, '8000');
+        }
+    }

-            return $response;
+    private function redirectForbidden($configRowName, $errorCode) {
+        session_unset();
+        session_destroy();
+        \Drupal::service('page_cache_kill_switch')->trigger();
+        if ('casost_sch_sso_config' === $configRowName) {
+            return new RedirectResponse($this->redirectUrl.'&error_code=' . $errorCode, 302, []);
+        } else {
+            return new RedirectResponseWithCookieExt($this->redirectUrl .'&error_code=' . $errorCode, 302, []);
        }
    }
 }
--- a/drupal/modules/epalreadydata/src/Entity/EepalAdminArea.php
+++ b/drupal/modules/epalreadydata/src/Entity/EepalAdminArea.php
@@ -41,6 +41,7 @@ use Drupal\user\UserInterface;
 *   entity_keys = {
 *     "id" = "id",
 *     "label" = "name",
+ *     "registry_no" = "registry_no",
 *     "uuid" = "uuid",
 *     "uid" = "user_id",
 *     "langcode" = "langcode",
@@ -85,6 +86,21 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
    return $this;
  }

+  /**
+   * {@inheritdoc}
+   */
+  public function getRegistry_no() {
+    return $this->get('registry_no')->value;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function setRegistry_no($registry_no) {
+    $this->set('registry_no', $registry_no);
+    return $this;
+  }
+
  /**
   * {@inheritdoc}
   */
@@ -196,7 +212,28 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
      ->setDisplayConfigurable('form', TRUE)
      ->setDisplayConfigurable('view', TRUE);

-	 /* 
+
+      $fields['registry_no'] = BaseFieldDefinition::create('string')
+        ->setLabel(t('Registry No'))
+        ->setDescription(t('The registry no of the Eepal admin area entity.'))
+        ->setSettings(array(
+          'max_length' => 50,
+          'text_processing' => 0,
+        ))
+        ->setDefaultValue('0000000')
+        ->setDisplayOptions('view', array(
+          'label' => 'above',
+          'type' => 'string',
+          'weight' => -4,
+        ))
+        ->setDisplayOptions('form', array(
+          'type' => 'string_textfield',
+          'weight' => -4,
+        ))
+        ->setDisplayConfigurable('form', TRUE)
+        ->setDisplayConfigurable('view', TRUE);
+
+	 /*
     $fields['region_to_belong'] = BaseFieldDefinition::create('integer')
        ->setLabel(t('region_to_belong'))
        ->setDescription(t('Περιφερειακή Διεύθυνση στην οποία ανήκει.'))
@@ -241,8 +278,8 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
            ))
        ->setDisplayConfigurable('form', TRUE)
        ->setDisplayConfigurable('view', TRUE);
-		
-		
+
+
 	$fields['status'] = BaseFieldDefinition::create('boolean')
      ->setLabel(t('Publishing status'))
      ->setDescription(t('A boolean indicating whether the Eepal admin area is published.'))

--- a/drupal/modules/epalreadydata/src/Entity/EepalRegion.php
+++ b/drupal/modules/epalreadydata/src/Entity/EepalRegion.php
@@ -41,6 +41,7 @@ use Drupal\user\UserInterface;
 *   entity_keys = {
 *     "id" = "id",
 *     "label" = "name",
+ *     "registry_no" = "registry_no",
 *     "uuid" = "uuid",
 *     "uid" = "user_id",
 *     "langcode" = "langcode",
@@ -85,6 +86,21 @@ class EepalRegion extends ContentEntityBase implements EepalRegionInterface {
    return $this;
  }

+  /**
+   * {@inheritdoc}
+   */
+  public function getRegistry_no() {
+    return $this->get('registry_no')->value;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function setRegistry_no($registry_no) {
+    $this->set('registry_no', $registry_no);
+    return $this;
+  }
+
  /**
   * {@inheritdoc}
   */
@@ -196,6 +212,26 @@ class EepalRegion extends ContentEntityBase implements EepalRegionInterface {
      ->setDisplayConfigurable('form', TRUE)
      ->setDisplayConfigurable('view', TRUE);

+      $fields['registry_no'] = BaseFieldDefinition::create('string')
+        ->setLabel(t('Registry no'))
+        ->setDescription(t('The registry number of the Eepal region entity.'))
+        ->setSettings(array(
+          'max_length' => 50,
+          'text_processing' => 0,
+        ))
+        ->setDefaultValue('0000000')
+        ->setDisplayOptions('view', array(
+          'label' => 'above',
+          'type' => 'string',
+          'weight' => -4,
+        ))
+        ->setDisplayOptions('form', array(
+          'type' => 'string_textfield',
+          'weight' => -4,
+        ))
+        ->setDisplayConfigurable('form', TRUE)
+        ->setDisplayConfigurable('view', TRUE);
+
    $fields['status'] = BaseFieldDefinition::create('boolean')
      ->setLabel(t('Publishing status'))
      ->setDescription(t('A boolean indicating whether the Eepal region is published.'))