casost upgraded with additional attributes

parent cdf24d50
......@@ -69,8 +69,9 @@ class CASLogin extends ControllerBase
public function loginGo(Request $request)
{
$configRowName = 'casost_sch_sso_config';
try {
$configRowName = 'casost_sch_sso_config';
$configRowId = $request->query->get('config');
if ($configRowId)
$configRowName = $configRowName . '_' . $configRowId;
......@@ -120,11 +121,7 @@ class CASLogin extends ControllerBase
}
phpCAS::handleLogoutRequests();
if (!phpCAS::forceAuthentication()) {
$response = new Response();
$response->setContent('forbidden. cannot force authentication');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
return $this->redirectForbidden($configRowName, '5001');
}
$attributes = phpCAS::getAttributes();
/* foreach ($attributes as $attr_key => $attr_value) {
......@@ -178,60 +175,85 @@ class CASLogin extends ControllerBase
return $attributes[$attribute];
};
$exposedRole = 'director';
$internalRole = 'epal';
$CASTitle = preg_replace('/\s+/', '', $filterAttribute('title'));
if ($CASTitle === 'ΠΕΡΙΦΕΡΕΙΑΚΗΔΙΕΥΘΥΝΣΗΕΚΠΑΙΔΕΥΣΗΣ-ΠΔΕ') {
$exposedRole = 'pde';
$internalRole = 'regioneduadmin';
} else if ($CASTitle === 'ΔΙΕΥΘΥΝΣΗΔΕ-ΔIΔΕ') {
$exposedRole = 'dide';
$internalRole = 'eduadmin';
} else if ($CASTitle === 'ΕΠΑΛ') {
$exposedRole = 'director';
$internalRole = 'epal';
} else {
$response = new Response();
$this->logger->warning(t('Access is allowed only to official school accounts or administration'));
$response->setContent(t('Access is allowed only to official school accounts or administration'));
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json;charset=UTF-8');
return $response;
$umdobject = $filterAttribute("umdobject");
$physicaldeliveryofficename = $filterAttribute("physicaldeliveryofficename");
/****** the following is for production ***************************/
/* if (!$umdobject || $umdobject !== "Account") {
return $this->redirectForbidden($configRowName, '5002');
}
if (!$physicaldeliveryofficename || preg_replace('/\s+/', '', $physicaldeliveryofficename) !== 'ΕΠΙΣΗΜΟΣΛΟΓΑΡΙΑΣΜΟΣ') {
return $this->redirectForbidden($configRowName, '5003');
} */
phpCAS::trace($umdobject);
phpCAS::trace($physicaldeliveryofficename);
$gsnunitcodedn = $filterAttribute('edupersonorgunitdn:gsnunitcode:extended');
$gsnunitcode = substr($gsnunitcodedn, strpos($gsnunitcodedn, ";") + 1);
phpCAS::trace($gsnunitcode);
$userAssigned = $this->assignRoleToUser($gsnunitcode);
if (sizeof($userAssigned) === 0) {
return $this->redirectForbidden($configRowName, '5004');
}
// $this->logger->warning('redirecturl=' . $this->redirectUrl);
$epalToken = $this->authenticatePhase2($request, $CASUser, $internalRole, $filterAttribute('cn'));
$epalToken = $this->authenticatePhase2($request, $CASUser, $userAssigned, $filterAttribute('cn'));
if ($epalToken) {
if ('casost_sch_sso_config' === $configRowName) {
/* $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false); */
return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $exposedRole, 302, []);
return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
} else {
\Drupal::service('page_cache_kill_switch')->trigger();
return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $exposedRole, 302, []);
return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
}
// $headers = array("auth_token" => $epalToken, "auth_role" => "director");
// return new RedirectResponse($this->redirectUrl, 302, $headers);
} else {
$response = new Response();
$response->setContent('No proper authentication');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
return $this->redirectForbidden($configRowName, '5005');
}
} catch (\Exception $e) {
$this->logger->warning($e->getMessage());
$response = new Response();
$response->setContent('Unexpected Problem');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
return $this->redirectForbidden($configRowName, '6000');
}
}
private function assignRoleToUser($registry_no) {
$schools = $this->entityTypeManager->getStorage('eepal_school')->loadByProperties(array('registry_no' => $registry_no));
$school = reset($schools);
if ($school) {
return array("id" => $school->id(), "exposedRole" => "director", "internalRole" => "epal");
}
$eduAdmins = $this->entityTypeManager->getStorage('eepal_admin_area')->loadByProperties(array('registry_no' => $registry_no));
$eduAdmin = reset($eduAdmins);
if ($eduAdmin) {
return array("id" => $eduAdmin->id(), "exposedRole" => "dide", "internalRole" => "eduadmin");
}
$regionAdmins = $this->entityTypeManager->getStorage('eepal_region')->loadByProperties(array('registry_no' => $registry_no));
$regionAdmin = reset($regionAdmins);
if ($regionAdmin) {
return array("id" => $regionAdmin->id(), "exposedRole" => "pde", "internalRole" => "regioneduadmin");
}
return array();
}
private function redirectForbidden($configRowName, $errorCode) {
session_unset();
session_destroy();
\Drupal::service('page_cache_kill_switch')->trigger();
if ('casost_sch_sso_config' === $configRowName) {
return new RedirectResponse($this->redirectUrl.'&error_code=' . $errorCode, 302, []);
} else {
return new RedirectResponseWithCookieExt($this->redirectUrl .'&error_code=' . $errorCode, 302, []);
}
}
public function authenticatePhase2($request, $CASUser, $internalRole, $cn)
private function authenticatePhase2($request, $CASUser, $userAssigned, $cn)
{
$trx = $this->connection->startTransaction();
try {
......@@ -260,7 +282,8 @@ class CASLogin extends ControllerBase
$user->setEmail($CASUser);
$user->setUsername($epalToken); //This username must be unique and accept only a-Z,0-9, - _ @ .
$user->activate();
$user->set('init', $cn);
// $user->set('init', $cn);
$user->set('init', $userAssigned["id"]);
//Set Language
$language_interface = \Drupal::languageManager()->getCurrentLanguage();
......@@ -269,7 +292,7 @@ class CASLogin extends ControllerBase
$user->set('preferred_admin_langcode', $language_interface->getId());
//Adding default user role
$user->addRole($internalRole);
$user->addRole($userAssigned["internalRole"]);
$user->save();
}
......
......@@ -60,8 +60,9 @@ class CASLogout extends ControllerBase
public function logoutGo(Request $request)
{
$configRowName = 'casost_sch_sso_config';
try {
$configRowName = 'casost_sch_sso_config';
$configRowId = $request->query->get('config');
if ($configRowId) {
$configRowName = $configRowName.'_'.$configRowId;
......@@ -86,12 +87,7 @@ class CASLogout extends ControllerBase
$this->allowed2 = $CASOSTConfig->allowed2->value;
$this->allowed2Value = $CASOSTConfig->allowed2value->value;
} else {
$response = new Response();
$response->setContent('forbidden. No config');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
return $this->redirectForbidden($configRowName, '7001');
}
// Enable debugging
......@@ -111,14 +107,7 @@ class CASLogout extends ControllerBase
$user = reset($users);
if (!$user) {
$this->logger->warning('user not found');
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $response;
return $this->redirectForbidden($configRowName, '7002');
}
// phpCAS::handleLogoutRequests();
......@@ -127,6 +116,10 @@ class CASLogout extends ControllerBase
// session_destroy();
$user->setPassword(uniqid('pw'));
$user->save();
$response = new Response();
$response->setContent('logout successful');
$response->setStatusCode(Response::HTTP_OK);
......@@ -145,12 +138,18 @@ class CASLogout extends ControllerBase
return $response;
} catch (\Exception $e) {
$this->logger->warning($e->getMessage());
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json');
return $this->redirectForbidden($configRowName, '8000');
}
}
return $response;
private function redirectForbidden($configRowName, $errorCode) {
session_unset();
session_destroy();
\Drupal::service('page_cache_kill_switch')->trigger();
if ('casost_sch_sso_config' === $configRowName) {
return new RedirectResponse($this->redirectUrl.'&error_code=' . $errorCode, 302, []);
} else {
return new RedirectResponseWithCookieExt($this->redirectUrl .'&error_code=' . $errorCode, 302, []);
}
}
}
......@@ -41,6 +41,7 @@ use Drupal\user\UserInterface;
* entity_keys = {
* "id" = "id",
* "label" = "name",
* "registry_no" = "registry_no",
* "uuid" = "uuid",
* "uid" = "user_id",
* "langcode" = "langcode",
......@@ -85,6 +86,21 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
return $this;
}
/**
* {@inheritdoc}
*/
public function getRegistry_no() {
return $this->get('registry_no')->value;
}
/**
* {@inheritdoc}
*/
public function setRegistry_no($registry_no) {
$this->set('registry_no', $registry_no);
return $this;
}
/**
* {@inheritdoc}
*/
......@@ -196,7 +212,28 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
/*
$fields['registry_no'] = BaseFieldDefinition::create('string')
->setLabel(t('Registry No'))
->setDescription(t('The registry no of the Eepal admin area entity.'))
->setSettings(array(
'max_length' => 50,
'text_processing' => 0,
))
->setDefaultValue('0000000')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
))
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
/*
$fields['region_to_belong'] = BaseFieldDefinition::create('integer')
->setLabel(t('region_to_belong'))
->setDescription(t('Περιφερειακή Διεύθυνση στην οποία ανήκει.'))
......@@ -241,8 +278,8 @@ class EepalAdminArea extends ContentEntityBase implements EepalAdminAreaInterfac
))
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
$fields['status'] = BaseFieldDefinition::create('boolean')
->setLabel(t('Publishing status'))
->setDescription(t('A boolean indicating whether the Eepal admin area is published.'))
......
......@@ -41,6 +41,7 @@ use Drupal\user\UserInterface;
* entity_keys = {
* "id" = "id",
* "label" = "name",
* "registry_no" = "registry_no",
* "uuid" = "uuid",
* "uid" = "user_id",
* "langcode" = "langcode",
......@@ -85,6 +86,21 @@ class EepalRegion extends ContentEntityBase implements EepalRegionInterface {
return $this;
}
/**
* {@inheritdoc}
*/
public function getRegistry_no() {
return $this->get('registry_no')->value;
}
/**
* {@inheritdoc}
*/
public function setRegistry_no($registry_no) {
$this->set('registry_no', $registry_no);
return $this;
}
/**
* {@inheritdoc}
*/
......@@ -196,6 +212,26 @@ class EepalRegion extends ContentEntityBase implements EepalRegionInterface {
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
$fields['registry_no'] = BaseFieldDefinition::create('string')
->setLabel(t('Registry no'))
->setDescription(t('The registry number of the Eepal region entity.'))
->setSettings(array(
'max_length' => 50,
'text_processing' => 0,
))
->setDefaultValue('0000000')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
))
->setDisplayConfigurable('form', TRUE)
->setDisplayConfigurable('view', TRUE);
$fields['status'] = BaseFieldDefinition::create('boolean')
->setLabel(t('Publishing status'))
->setDescription(t('A boolean indicating whether the Eepal region is published.'))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment