Commit 1e4bc02f authored by Χάρης Παπαδόπουλος's avatar Χάρης Παπαδόπουλος
Browse files

casost upgraded with additional attributes

parent cdf24d50
...@@ -69,8 +69,9 @@ class CASLogin extends ControllerBase ...@@ -69,8 +69,9 @@ class CASLogin extends ControllerBase
public function loginGo(Request $request) public function loginGo(Request $request)
{ {
$configRowName = 'casost_sch_sso_config';
try { try {
$configRowName = 'casost_sch_sso_config';
$configRowId = $request->query->get('config'); $configRowId = $request->query->get('config');
if ($configRowId) if ($configRowId)
$configRowName = $configRowName . '_' . $configRowId; $configRowName = $configRowName . '_' . $configRowId;
...@@ -120,11 +121,7 @@ class CASLogin extends ControllerBase ...@@ -120,11 +121,7 @@ class CASLogin extends ControllerBase
} }
phpCAS::handleLogoutRequests(); phpCAS::handleLogoutRequests();
if (!phpCAS::forceAuthentication()) { if (!phpCAS::forceAuthentication()) {
$response = new Response(); return $this->redirectForbidden($configRowName, '5001');
$response->setContent('forbidden. cannot force authentication');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
} }
$attributes = phpCAS::getAttributes(); $attributes = phpCAS::getAttributes();
/* foreach ($attributes as $attr_key => $attr_value) { /* foreach ($attributes as $attr_key => $attr_value) {
...@@ -178,60 +175,85 @@ class CASLogin extends ControllerBase ...@@ -178,60 +175,85 @@ class CASLogin extends ControllerBase
return $attributes[$attribute]; return $attributes[$attribute];
}; };
$exposedRole = 'director'; $umdobject = $filterAttribute("umdobject");
$internalRole = 'epal'; $physicaldeliveryofficename = $filterAttribute("physicaldeliveryofficename");
$CASTitle = preg_replace('/\s+/', '', $filterAttribute('title'));
if ($CASTitle === 'ΠΕΡΙΦΕΡΕΙΑΚΗΔΙΕΥΘΥΝΣΗΕΚΠΑΙΔΕΥΣΗΣ-ΠΔΕ') {
$exposedRole = 'pde'; /****** the following is for production ***************************/
$internalRole = 'regioneduadmin';
} else if ($CASTitle === 'ΔΙΕΥΘΥΝΣΗΔΕ-ΔIΔΕ') { /* if (!$umdobject || $umdobject !== "Account") {
$exposedRole = 'dide'; return $this->redirectForbidden($configRowName, '5002');
$internalRole = 'eduadmin'; }
} else if ($CASTitle === 'ΕΠΑΛ') { if (!$physicaldeliveryofficename || preg_replace('/\s+/', '', $physicaldeliveryofficename) !== 'ΕΠΙΣΗΜΟΣΛΟΓΑΡΙΑΣΜΟΣ') {
$exposedRole = 'director'; return $this->redirectForbidden($configRowName, '5003');
$internalRole = 'epal'; } */
} else {
$response = new Response(); phpCAS::trace($umdobject);
$this->logger->warning(t('Access is allowed only to official school accounts or administration')); phpCAS::trace($physicaldeliveryofficename);
$response->setContent(t('Access is allowed only to official school accounts or administration')); $gsnunitcodedn = $filterAttribute('edupersonorgunitdn:gsnunitcode:extended');
$response->setStatusCode(Response::HTTP_FORBIDDEN); $gsnunitcode = substr($gsnunitcodedn, strpos($gsnunitcodedn, ";") + 1);
$response->headers->set('Content-Type', 'application/json;charset=UTF-8'); phpCAS::trace($gsnunitcode);
return $response; $userAssigned = $this->assignRoleToUser($gsnunitcode);
if (sizeof($userAssigned) === 0) {
return $this->redirectForbidden($configRowName, '5004');
} }
// $this->logger->warning('redirecturl=' . $this->redirectUrl); // $this->logger->warning('redirecturl=' . $this->redirectUrl);
$epalToken = $this->authenticatePhase2($request, $CASUser, $internalRole, $filterAttribute('cn')); $epalToken = $this->authenticatePhase2($request, $CASUser, $userAssigned, $filterAttribute('cn'));
if ($epalToken) { if ($epalToken) {
if ('casost_sch_sso_config' === $configRowName) { if ('casost_sch_sso_config' === $configRowName) {
/* $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false); /* $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false); */ $cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false); */
return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $exposedRole, 302, []); return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
} else { } else {
\Drupal::service('page_cache_kill_switch')->trigger(); \Drupal::service('page_cache_kill_switch')->trigger();
return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $exposedRole, 302, []); return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
} }
// $headers = array("auth_token" => $epalToken, "auth_role" => "director"); // $headers = array("auth_token" => $epalToken, "auth_role" => "director");
// return new RedirectResponse($this->redirectUrl, 302, $headers); // return new RedirectResponse($this->redirectUrl, 302, $headers);
} else { } else {
$response = new Response(); return $this->redirectForbidden($configRowName, '5005');
$response->setContent('No proper authentication');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
} }
} catch (\Exception $e) { } catch (\Exception $e) {
$this->logger->warning($e->getMessage()); $this->logger->warning($e->getMessage());
$response = new Response(); return $this->redirectForbidden($configRowName, '6000');
$response->setContent('Unexpected Problem'); }
$response->setStatusCode(Response::HTTP_FORBIDDEN); }
$response->headers->set('Content-Type', 'application/json');
return $response; private function assignRoleToUser($registry_no) {
$schools = $this->entityTypeManager->getStorage('eepal_school')->loadByProperties(array('registry_no' => $registry_no));
$school = reset($schools);
if ($school) {
return array("id" => $school->id(), "exposedRole" => "director", "internalRole" => "epal");
}
$eduAdmins = $this->entityTypeManager->getStorage('eepal_admin_area')->loadByProperties(array('registry_no' => $registry_no));
$eduAdmin = reset($eduAdmins);
if ($eduAdmin) {
return array("id" => $eduAdmin->id(), "exposedRole" => "dide", "internalRole" => "eduadmin");
}
$regionAdmins = $this->entityTypeManager->getStorage('eepal_region')->loadByProperties(array('registry_no' => $registry_no));
$regionAdmin = reset($regionAdmins);
if ($regionAdmin) {
return array("id" => $regionAdmin->id(), "exposedRole" => "pde", "internalRole" => "regioneduadmin");
}
return array();
}
private function redirectForbidden($configRowName, $errorCode) {
session_unset();
session_destroy();
\Drupal::service('page_cache_kill_switch')->trigger();
if ('casost_sch_sso_config' === $configRowName) {
return new RedirectResponse($this->redirectUrl.'&error_code=' . $errorCode, 302, []);
} else {
return new RedirectResponseWithCookieExt($this->redirectUrl .'&error_code=' . $errorCode, 302, []);
} }
} }
public function authenticatePhase2($request, $CASUser, $internalRole, $cn) private function authenticatePhase2($request, $CASUser, $userAssigned, $cn)
{ {
$trx = $this->connection->startTransaction(); $trx = $this->connection->startTransaction();
try { try {
...@@ -260,7 +282,8 @@ class CASLogin extends ControllerBase ...@@ -260,7 +282,8 @@ class CASLogin extends ControllerBase
$user->setEmail($CASUser); $user->setEmail($CASUser);
$user->setUsername($epalToken); //This username must be unique and accept only a-Z,0-9, - _ @ . $user->setUsername($epalToken); //This username must be unique and accept only a-Z,0-9, - _ @ .
$user->activate(); $user->activate();
$user->set('init', $cn); // $user->set('init', $cn);
$user->set('init', $userAssigned["id"]);
//Set Language //Set Language
$language_interface = \Drupal::languageManager()->getCurrentLanguage(); $language_interface = \Drupal::languageManager()->getCurrentLanguage();
...@@ -269,7 +292,7 @@ class CASLogin extends ControllerBase ...@@ -269,7 +292,7 @@ class CASLogin extends ControllerBase
$user->set('preferred_admin_langcode', $language_interface->getId()); $user->set('preferred_admin_langcode', $language_interface->getId());
//Adding default user role //Adding default user role
$user->addRole($internalRole); $user->addRole($userAssigned["internalRole"]);
$user->save(); $user->save();
} }
......
...@@ -60,8 +60,9 @@ class CASLogout extends ControllerBase ...@@ -60,8 +60,9 @@ class CASLogout extends ControllerBase
public function logoutGo(Request $request) public function logoutGo(Request $request)
{ {
$configRowName = 'casost_sch_sso_config';
try { try {
$configRowName = 'casost_sch_sso_config';
$configRowId = $request->query->get('config'); $configRowId = $request->query->get('config');
if ($configRowId) { if ($configRowId) {
$configRowName = $configRowName.'_'.$configRowId; $configRowName = $configRowName.'_'.$configRowId;
...@@ -86,12 +87,7 @@ class CASLogout extends ControllerBase ...@@ -86,12 +87,7 @@ class CASLogout extends ControllerBase
$this->allowed2 = $CASOSTConfig->allowed2->value; $this->allowed2 = $CASOSTConfig->allowed2->value;
$this->allowed2Value = $CASOSTConfig->allowed2value->value; $this->allowed2Value = $CASOSTConfig->allowed2value->value;
} else { } else {
$response = new Response(); return $this->redirectForbidden($configRowName, '7001');
$response->setContent('forbidden. No config');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
} }
// Enable debugging // Enable debugging
...@@ -111,14 +107,7 @@ class CASLogout extends ControllerBase ...@@ -111,14 +107,7 @@ class CASLogout extends ControllerBase
$user = reset($users); $user = reset($users);
if (!$user) { if (!$user) {
$this->logger->warning('user not found'); return $this->redirectForbidden($configRowName, '7002');
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
} }
// phpCAS::handleLogoutRequests(); // phpCAS::handleLogoutRequests();
...@@ -127,6 +116,10 @@ class CASLogout extends ControllerBase ...@@ -127,6 +116,10 @@ class CASLogout extends ControllerBase
// session_destroy(); // session_destroy();
$user->setPassword(uniqid('pw')); $user->setPassword(uniqid('pw'));
$user->save(); $user->save();
$response = new Response(); $response = new Response();
$response->setContent('logout successful'); $response->setContent('logout successful');
$response->setStatusCode(Response::HTTP_OK); $response->setStatusCode(Response::HTTP_OK);
...@@ -145,12 +138,18 @@ class CASLogout extends ControllerBase ...@@ -145,12 +138,18 @@ class CASLogout extends ControllerBase
return $response; return $response;
} catch (\Exception $e) { } catch (\Exception $e) {
$this->logger->warning($e->getMessage()); $this->logger->warning($e->getMessage());
$response = new Response(); return $this->redirectForbidden($configRowName, '8000');
$response->setContent('forbidden'); }
$response->setStatusCode(Response::HTTP_FORBIDDEN); }
$response->headers->set('Content-Type', 'application/json');
return $response; private function redirectForbidden($configRowName, $errorCode) {
session_unset();
session_destroy();
\Drupal::service('page_cache_kill_switch')->trigger();
if ('casost_sch_sso_config' === $configRowName) {
return new RedirectResponse($this->redirectUrl.'&error_code=' . $errorCode, 302, []);
} else {
return new RedirectResponseWithCookieExt($this->redirectUrl .'&error_code=' . $errorCode, 302, []);
} }
} }
} }
...@@ -41,6 +41,7 @@ use Drupal\user\UserInterface; ...@@ -41,6 +41,7 @@ use Drupal\user\UserInterface;
* entity_keys = { * entity_keys = {
* "id" = "id", * "id" = "id",
* "label" = "name", * "label" = "name",
* "registry_no" = "registry_no",
* "uuid" = "uuid", * "uuid" = "uuid",
* "uid" = "user_id", * "uid" = "user_id",
* "langcode" = "langcode", * "langcode" = "langcode",
...@@ -85,6 +86,21 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac ...@@ -85,6 +86,21 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
return $this; return $this;
} }
/**
* {@inheritdoc}
*/
public function getRegistry_no() {
return $this->get('registry_no')->value;
}
/**
* {@inheritdoc}
*/
public function setRegistry_no($registry_no) {
$this->set('registry_no', $registry_no);
return $this;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
...@@ -196,7 +212,28 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac ...@@ -196,7 +212,28 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
->setDisplayConfigurable('form', TRUE) ->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE); ->setDisplayConfigurable('view', TRUE);
/*
$fields['registry_no'] = BaseFieldDefinition::create('string')
->setLabel(t('Registry No'))
->setDescription(t('The registry no of the Eepal admin area entity.'))
->setSettings(array(
'max_length' => 50,
'text_processing' => 0,
))
->setDefaultValue('0000000')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
))
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
/*
$fields['region_to_belong'] = BaseFieldDefinition::create('integer') $fields['region_to_belong'] = BaseFieldDefinition::create('integer')
->setLabel(t('region_to_belong')) ->setLabel(t('region_to_belong'))
->setDescription(t('Περιφερειακή Διεύθυνση στην οποία ανήκει.')) ->setDescription(t('Περιφερειακή Διεύθυνση στην οποία ανήκει.'))
...@@ -241,8 +278,8 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac ...@@ -241,8 +278,8 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
)) ))
->setDisplayConfigurable('form', TRUE) ->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE); ->setDisplayConfigurable('view', TRUE);
$fields['status'] = BaseFieldDefinition::create('boolean') $fields['status'] = BaseFieldDefinition::create('boolean')
->setLabel(t('Publishing status')) ->setLabel(t('Publishing status'))
->setDescription(t('A boolean indicating whether the Eepal admin area is published.')) ->setDescription(t('A boolean indicating whether the Eepal admin area is published.'))
......
...@@ -41,6 +41,7 @@ use Drupal\user\UserInterface; ...@@ -41,6 +41,7 @@ use Drupal\user\UserInterface;
* entity_keys = { * entity_keys = {
* "id" = "id", * "id" = "id",
* "label" = "name", * "label" = "name",
* "registry_no" = "registry_no",
* "uuid" = "uuid", * "uuid" = "uuid",
* "uid" = "user_id", * "uid" = "user_id",
* "langcode" = "langcode", * "langcode" = "langcode",
...@@ -85,6 +86,21 @@ class EepalRegion extends ContentEntityBase implements EepalRegionInterface { ...@@ -85,6 +86,21 @@ class EepalRegion extends ContentEntityBase implements EepalRegionInterface {
return $this; return $this;
} }
/**
* {@inheritdoc}
*/
public function getRegistry_no() {
return $this->get('registry_no')->value;
}
/**
* {@inheritdoc}
*/
public function setRegistry_no($registry_no) {
$this->set('registry_no', $registry_no);
return $this;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
...@@ -196,6 +212,26 @@ class EepalRegion extends ContentEntityBase implements EepalRegionInterface { ...@@ -196,6 +212,26 @@ class EepalRegion extends ContentEntityBase implements EepalRegionInterface {
->setDisplayConfigurable('form', TRUE) ->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE); ->setDisplayConfigurable('view', TRUE);
$fields['registry_no'] = BaseFieldDefinition::create('string')
->setLabel(t('Registry no'))
->setDescription(t('The registry number of the Eepal region entity.'))
->setSettings(array(
'max_length' => 50,
'text_processing' => 0,
))
->setDefaultValue('0000000')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
))
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
$fields['status'] = BaseFieldDefinition::create('boolean') $fields['status'] = BaseFieldDefinition::create('boolean')
->setLabel(t('Publishing status')) ->setLabel(t('Publishing status'))
->setDescription(t('A boolean indicating whether the Eepal region is published.')) ->setDescription(t('A boolean indicating whether the Eepal region is published.'))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment