Added services list when no callback is defined and other improvements

10cb0602 · Sonia Zorba · 7106bbe9 · 10cb0602 · 10cb0602 · 7106bbe9
Commit 10cb0602 authored 8 years ago by Sonia Zorba
--- a/auth/oauth2/linkedin_token.php
+++ b/auth/oauth2/linkedin_token.php
@@ -61,17 +61,19 @@ curl_setopt($conn1, CURLOPT_POSTFIELDS, $post_string);
 //perform our request
 $result1 = curl_exec($conn1);
+$info1 = curl_getinfo($conn1);
-if ($result1) {
+if ($info1['http_code'] === 200) {
    $my_token = json_decode($result1, TRUE);
    $access_token = $my_token['access_token'];
    $expires_in = $my_token['expires_in'];
    curl_close($conn1);
 } else {
    //show information regarding the error
-    $errorMessage = curl_errno($conn1) . "-";
+    $errorMessage = "Error: LinkedIn server response code: " . $info1['http_code'] . " - ";
-    $errorMessage = $errorMessage . curl_error($conn1);
+    $errorMessage .= curl_error($conn1);
    curl_close($conn1);
+    http_response_code(500);
    die($errorMessage);
 }
@@ -84,8 +86,9 @@ curl_setopt($conn2, CURLOPT_HTTPHEADER, array(
 curl_setopt($conn2, CURLOPT_RETURNTRANSFER, true);
 $result = curl_exec($conn2);
+$info2 = curl_getinfo($conn2);
-if ($result) {
+if ($info2['http_code'] === 200) {
    $data = json_decode($result, TRUE);
    curl_close($conn2);
@@ -116,7 +119,7 @@ if ($result) {
    $callbackHandler->manageLoginRedirect($user, $session);
 } else {
    //show information regarding the error
-    $errorMessage = curl_errno($conn2) . "-";
+    $errorMessage = "Error: LinkedIn server response code: " . $info2['http_code'] . " - ";
    $errorMessage = $errorMessage . curl_error($conn2);
    curl_close($conn2);
    die($errorMessage);

--- a/classes/CallbackHandler.php
+++ b/classes/CallbackHandler.php
@@ -36,37 +36,65 @@ class CallbackHandler {
        $this->callbacks = $callbacks;
    }
+    /**
+     * If a callback URL is not in the configured list we should return null.
+     */
+    public function filterCallbackURL($callbackURL) {
+        foreach ($this->callbacks as $callback) {
+            if ($callback['url'] === $callbackURL) {
+                return $callbackURL;
+            }
+        }
+        return null;
+    }
    /**
     * returns null if the callback URL is not listed in configuration file.
     */
    public function getCallbackTitle($callbackURL) {
-        if ($callbackURL === null) {
+        foreach ($this->callbacks as $callback) {
-            return "Account Management";
+            if ($callback['url'] === $callbackURL) {
+                return $callback['title'];
+            }
+        }
+        return null;
    }
+    public function getCallbackLogo($callbackURL) {
        foreach ($this->callbacks as $callback) {
            if ($callback['url'] === $callbackURL) {
-                return $callback['title'];
+                if (array_key_exists('logo', $callback)) {
+                    return $callback['logo'];
+                } else {
+                    return null;
+                }
            }
        }
-        throw new \Exception("Unauthorized callback URL");
+        return null;
    }
    public function manageLoginRedirect($user, SessionData $session) {
-        if ($session->getCallbackURL() !== null) {
+        if ($session->getCallbackURL() === null) {
-            // External login using token
+            http_response_code(401);
-            header('Location: ' . $this->getLoginWithTokenURL($user->id, $session->getCallbackURL()));
+            die("Unauthorized callback URL");
-            die();
+        }
-        } else {
+        if ($session->getCallbackURL() === $this->basePath . '/') {
            // Login in session
            $session->user = $user;
            $session->save();
            // Return to index
            header('Location: ' . $this->basePath);
            die();
+        } else {
+            // External login using token
+            header('Location: ' . $this->getLoginWithTokenURL($user->id, $session->getCallbackURL()));
+            die();
        }
    }

--- a/classes/GrouperClient.php
+++ b/classes/GrouperClient.php
-<?php
-/* ----------------------------------------------------------------------------
- *               INAF - National Institute for Astrophysics
- *               IRA  - Radioastronomical Institute - Bologna
- *               OATS - Astronomical Observatory - Trieste
- * ----------------------------------------------------------------------------
- *
- * Copyright (C) 2016 Istituto Nazionale di Astrofisica
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License Version 3 as published by the
- * Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- */
-namespace RAP;
-class GrouperClient {
-    private $client;
-    function __construct($config) {
-        $this->client = new \SoapClient($config['wsdlURL'], array(
-            'login' => $config['user'],
-            'password' => $config['password'],
-            'trace' => 1,
-            // See: https://bugs.php.net/bug.php?id=36226
-            'features' => SOAP_SINGLE_ELEMENT_ARRAYS
-                )
-        );
-    }
-    private function getBaseRequestParams() {
-        return array(
-            'clientVersion' => 'v2_3_000'
-        );
-    }
-    private function startsWith($haystack, $needle) {
-        return strpos($haystack, "$needle", 0) === 0;
-    }
-    private function isSuccess($response) {
-        $success = isset($response->return->resultMetadata) && $response->return->resultMetadata->resultCode === 'SUCCESS';
-        if (!$success) {
-            throw new \Exception("Web Service Failure. Response=" . json_encode($response));
-        }
-        return $success;
-    }
-    public function getSubjectGroups($subjectId) {
-        $params = $this->getBaseRequestParams();
-        $params['subjectLookups'] = array(
-            'subjectId' => $subjectId,
-            'subjectSourceId' => 'RAP'
-        );
-        $response = $this->client->getGroups($params);
-        if ($this->isSuccess($response)) {
-            if (count($response->return->results) === 1) {
-                $groups = [];
-                if ($response->return->results[0]->wsGroups !== null) {
-                    foreach ($response->return->results[0]->wsGroups as $group) {
-                        if (!$this->startsWith($group->name, 'etc:')) {
-                            array_push($groups, $group->name);
-                        }
-                    }
-                }
-                return $groups;
-            } else {
-                throw new \Exception("Wrong results number. Response=" . json_encode($response));
-            }
-        }
-    }
-    public function getSubjectPrivileges($subjectId) {
-        $params = $this->getBaseRequestParams();
-        $params['subjectId'] = $subjectId;
-        $params['subjectSourceId'] = 'RAP';
-        $response = $this->client->getGrouperPrivilegesLite($params);
-        $privilegesMap = [];
-        if ($this->isSuccess($response)) {
-            if ($response->return->privilegeResults !== null) {
-                foreach ($response->return->privilegeResults as $item) {
-                    $groupName = $item->wsGroup->name;
-                    $privilege = $item->privilegeName;
-                    if (!array_key_exists($groupName, $privilegesMap)) {
-                        $groupPrivileges = [];
-                    } else {
-                        $groupPrivileges = $privilegesMap[$groupName];
-                    }
-                    $groupPrivileges[] = $privilege;
-                    $privilegesMap[$groupName] = $groupPrivileges;
-                }
-            }
-        }
-        return $privilegesMap;
-    }
-    private function getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames) {
-        $params = $this->getBaseRequestParams();
-        $params['wsSubjectLookups'] = array(
-            'subjectId' => $subjectId,
-            'subjectSourceId' => 'RAP'
-        );
-        $params['wsGroupLookup'] = array(
-            'groupName' => $groupName
-        );
-        $params['privilegeNames'] = $privilegeNames;
-        return $params;
-    }
-    public function assignPrivileges($subjectId, $groupName, $privilegeNames) {
-        $params = $this->getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames);
-        $params['allowed'] = 'T'; // true
-        return $this->client->assignGrouperPrivileges($params);
-    }
-    public function removePrivileges($subjectId, $groupName, $privilegeNames) {
-        $params = $this->getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames);
-        $params['allowed'] = 'F'; // false
-        return $this->client->assignGrouperPrivileges($params);
-    }
-    public function addMemberships($subjectId, $groups) {
-        foreach ($groups as $group) {
-            $params = $this->getBaseRequestParams();
-            $params['subjectId'] = $subjectId;
-            $params['subjectSourceId'] = 'RAP';
-            $params['groupName'] = $group;
-            $this->client->addMemberLite($params);
-        }
-    }
-    public function removeMemberships($subjectId, $groups) {
-        foreach ($groups as $group) {
-            $params = $this->getBaseRequestParams();
-            $params['subjectId'] = $subjectId;
-            $params['subjectSourceId'] = 'RAP';
-            $params['groupName'] = $group;
-            $this->client->deleteMemberLite($params);
-        }
-    }
-}
--- a/classes/MailSender.php
+++ b/classes/MailSender.php
@@ -72,9 +72,12 @@ class MailSender {
            $body .= "<br/>";
        }
-        $body .= "<br/>If you and this user are the same person click on the following link for joining your accounts:<br/>";
+        $body .= "<br/>If you and this user are <b>the same person</b> click on the following link for joining your accounts:<br/>";
        $body .= "<a href=\"$confirmJoinURL\" target=\"blank_\">$confirmJoinURL</a>";
-        $body .= "<br/><br/>Otherwise you can ignore this email<br/><br/>";
+        $body .= "<br/><br/>Otherwise you can ignore this email.<br/>";
+        $body .= '<p><b>Please don\'t use this functionality for sharing resources between your coworkers</b>, use <a href="https://sso.ia2.inaf.it/grouper">Grouper</a> for that.</p>';
+        $body .= '<br/>';
        $body .= "<b>*** This is an automatically generated email, please do not reply to this message ***</b><br/>";
        $body .= "If you need information please contact <a href=\"mailto:ia2@oats.inaf.it\">IA2 Staff</a>";

--- a/classes/MySQLDAO.php
+++ b/classes/MySQLDAO.php
@@ -208,7 +208,8 @@ class MySQLDAO implements DAO {
                . " i.`id`, `type`, `typed_id`, `email`, `name`, `surname`, `institution`, `eppn`"
                . " FROM identity i"
                . " JOIN `user` u on u.id = i.user_id"
-                . " WHERE `email` LIKE :email OR `name` LIKE :name OR `surname` LIKE :surname";
+                . " WHERE `email` LIKE :email OR `name` LIKE :name OR `surname` LIKE :surname"
+                . " OR CONCAT(`name`,' ',`surname`) LIKE :namesurname";
        $stmt = $dbh->prepare($query);
@@ -216,6 +217,7 @@ class MySQLDAO implements DAO {
        $stmt->bindParam(':email', $searchParam);
        $stmt->bindParam(':name', $searchParam);
        $stmt->bindParam(':surname', $searchParam);
+        $stmt->bindParam(':namesurname', $searchParam);
        $stmt->execute();

--- a/classes/SessionData.php
+++ b/classes/SessionData.php
@@ -29,6 +29,7 @@ class SessionData {
    private $dao;
    private $callbackURL;
    private $callbackTitle;
+    private $callbackLogo;
    public $user;
    public $userSearchResults;
    public $x509DataToRegister;
@@ -51,8 +52,9 @@ class SessionData {
    }
    public function setCallbackURL(CallbackHandler $callbackHandler, $callbackURL) {
-        $this->callbackURL = $callbackURL;
+        $this->callbackURL = $callbackHandler->filterCallbackURL($callbackURL);
        $this->callbackTitle = $callbackHandler->getCallbackTitle($callbackURL);
+        $this->callbackLogo = $callbackHandler->getCallbackLogo($callbackURL);
        $this->save();
    }
@@ -64,6 +66,10 @@ class SessionData {
        return $this->callbackTitle;
    }
+    public function getCallbackLogo() {
+        return $this->callbackLogo;
+    }
    public function searchUser($searchText) {
        $users = $this->dao->searchUser($searchText);

--- a/classes/UserHandler.php
+++ b/classes/UserHandler.php
@@ -60,30 +60,47 @@ class UserHandler {
        return $this->dao->findUserByIdentity($type, $identifier);
    }
-    public function joinUsers($userId1, $userId2) {
+    private function getJoinURL() {
+        $joinURL = $this->grouperConfig['wsURL'];
-        if ($this->grouperConfig !== null) {
+        if (substr($joinURL, -1) !== '/') {
-            $gc = new GrouperClient($this->grouperConfig);
+            $joinURL .= '/';
+        }
+        $joinURL .= 'ia2join';
-            $grouperUser1 = 'RAP:' . $userId1;
+        return $joinURL;
-            $grouperUser2 = 'RAP:' . $userId2;
+    }
-            $groupsToMove = $gc->getSubjectGroups($grouperUser2);
+    public function joinUsers($userId1, $userId2) {
-            $privilegesMap = $gc->getSubjectPrivileges($grouperUser2);
-            // Adding memberships
+        if ($this->grouperConfig !== null) {
-            $gc->addMemberships($grouperUser1, $groupsToMove);
-            // Adding privileges
-            foreach ($privilegesMap as $groupName => $privileges) {
-                $gc->assignPrivileges($grouperUser1, $groupName, $privileges);
-            }
-            // Removing privileges
+            //create cURL connection
-            foreach ($privilegesMap as $groupName => $privileges) {
+            $conn = curl_init($this->getJoinURL());
-                $gc->removePrivileges($grouperUser2, $groupName, $privileges);
+            //set options
+            curl_setopt($conn, CURLOPT_CONNECTTIMEOUT, 30);
+            curl_setopt($conn, CURLOPT_RETURNTRANSFER, true);
+            curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true);
+            curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1);
+            curl_setopt($conn, CURLOPT_USERPWD, $this->grouperConfig['user'] . ":" . $this->grouperConfig['password']);
+            //set data to be posted
+            curl_setopt($conn, CURLOPT_POST, 1);
+            curl_setopt($conn, CURLOPT_POSTFIELDS, "subject1Id=RAP:$userId1&subject2Id=RAP:$userId2");
+            //perform the request
+            $response = curl_exec($conn);
+            $info = curl_getinfo($conn);
+            if ($info['http_code'] === 200) {
+                curl_close($conn);
+            } else {
+                //show information regarding the error
+                curl_close($conn);
+                http_response_code(500);
+                die('Error: Grouper response code: ' . $info['http_code']);
            }
-            // Removing memberships
-            $gc->removeMemberships($grouperUser2, $groupsToMove);
        }
        $this->dao->joinUsers($userId1, $userId2);

--- a/config.php
+++ b/config.php
@@ -23,7 +23,7 @@
 */
 $CONTEXT_ROOT = "/rap-ia2";
-$VERSION = "1.0.0";
+$VERSION = "1.0.1";
 $PROTOCOL = stripos($_SERVER['SERVER_PROTOCOL'], 'https') ? 'https://' : 'http://';
 $BASE_PATH = $PROTOCOL . $_SERVER['HTTP_HOST'] . $CONTEXT_ROOT;
@@ -34,7 +34,13 @@ $LOG_LEVEL = Monolog\Logger::DEBUG;
 $CALLBACKS = [
    array(
        'url' => 'http://localhost:8087/grouper',
-        'title' => 'Login to Grouper'
+        'title' => 'Login to Grouper',
+        'logo' => 'grouper.png'
+    ),
+    array(
+        'url' => 'http://localhost/rap-ia2/',
+        'title' => 'Account Management',
+        'logo' => 'account-manager.png'
    )
 ];
@@ -73,7 +79,12 @@ $AUTHENTICATION_METHODS = array(
 );
 $GROUPER = array(
-    'wsdlURL' => 'http://localhost:8087/grouper-ws/services/GrouperService_v2_3?wsdl',
+    'wsURL' => 'http://localhost:8087/grouper-ws/',
    'user' => 'GrouperSystem',
    'password' => '***REMOVED***'
 );
+/*$GROUPER = array(
+    'wsURL' => 'https://sso.ia2.inaf.it/grouper-ws/',
+    'user' => 'GrouperSystem',
+    'password' => '***REMOVED***321'
+);*/
--- a/css/animation.css
+++ b/css/animation.css
+@charset "UTF-8";
 /*
   Animation example, for spinners
 */
@@ -83,3 +84,68 @@
        transform: rotate(359deg);
    }
 }
+/*!
+ * animate.css -http://daneden.me/animate
+ * Version - 3.5.2
+ * Licensed under the MIT license - http://opensource.org/licenses/MIT
+ *
+ * Copyright (c) 2017 Daniel Eden
+ */
+.animated {
+    animation-duration: 1s;
+    animation-fill-mode: both;
+}
+.animated.infinite {
+    animation-iteration-count: infinite;
+}
+.animated.hinge {
+    animation-duration: 2s;
+}
+.animated.flipOutX,
+.animated.flipOutY,
+.animated.bounceIn,
+.animated.bounceOut {
+    animation-duration: .75s;
+}
+@keyframes bounceIn {
+    from, 20%, 40%, 60%, 80%, to {
+        animation-timing-function: cubic-bezier(0.215, 0.610, 0.355, 1.000);
+    }
+    0% {
+        opacity: 0;
+        transform: scale3d(.3, .3, .3);
+    }
+    20% {
+        transform: scale3d(1.1, 1.1, 1.1);
+    }
+    40% {
+        transform: scale3d(.9, .9, .9);
+    }
+    60% {
+        opacity: 1;
+        transform: scale3d(1.03, 1.03, 1.03);
+    }
+    80% {
+        transform: scale3d(.97, .97, .97);
+    }
+    to {
+        opacity: 1;
+        transform: scale3d(1, 1, 1);
+    }
+}
+.bounceIn {
+    animation-name: bounceIn;
+}
\ No newline at end of file
--- a/css/style.css
+++ b/css/style.css
@@ -27,7 +27,7 @@ body {
    vertical-align: middle;
 }
-@keyframes pulse {
+@keyframes home_pulse {
    from {
        transform: scale(1, 1);
    }
@@ -64,7 +64,7 @@ body {
 .home-box .img-wrapper a:hover {
    animation-duration: 0.2s;
    animation-fill-mode: both;
-    animation-name: pulse;
+    animation-name: home_pulse;
    animation-timing-function: ease-in;
 }
@@ -175,3 +175,14 @@ body {
 .primary-identity-icon a:hover {
    color: #888;
 }
+.services-list-wrapper {
+    font-size: 18px;
+}
+.services-list-wrapper .btn-link {
+    font-size: 17px;
+}
+.service-logo {
+    padding-right: 10px;
+    max-height: 50px;
+}
\ No newline at end of file
--- a/include/footer.php
+++ b/include/footer.php
+<br/>
+<div class="row">
+    <div class="col-sm-8 col-sm-offset-2">
+        <div class="alert alert-info text-center">
+            <div class="animated bounceIn hinge">
+                <span class="glyphicon glyphicon-info-sign"></span>
+                <strong>Need help?</strong> Please read our <a href="https://sso.ia2.inaf.it/home/index.php?lang=en"><u>User guide</u></a> and <a href="https://sso.ia2.inaf.it/home/faq.php?lang=en"><u>FAQ</u></a>.
+            </div>
+        </div>
+    </div>
+</div>
+<div class="text-center">
+    <a href="https://sso.ia2.inaf.it/home/privacy.php?lang=en" target="blank_">Privacy policy</a>
+</div>
 </div>
 <div class="waiting hide">
    <span class="icon-wrapper">

--- a/include/front-controller.php
+++ b/include/front-controller.php
@@ -20,8 +20,11 @@ function setCallback($callback) {
 Flight::route('/', function() {
    startSession();
    $callback = setCallback(Flight::request()->data['callback']);
-    global $session, $callbackHandler, $AUTHENTICATION_METHODS;
+    global $session, $callbackHandler, $BASE_PATH, $AUTHENTICATION_METHODS;
-    if ($callback !== null && $session->user !== null) {
+    if ($callback === null && $session->user === null) {
+        Flight::render('services-list.php', array('title' => 'RAP',
+            'action' => $BASE_PATH . '/'));
+    } else if ($callback !== null && $session->user !== null) {
        $redirectURL = $callbackHandler->getLoginWithTokenURL($session->user->id, $callback);
        Flight::redirect($redirectURL);
    } else {

--- a/include/header.php
+++ b/include/header.php
@@ -7,8 +7,8 @@
        <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous" />
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
        <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
-        <link rel="stylesheet" href="css/style.css" />
+        <link rel="stylesheet" href="css/style.css?v=2" />
-        <link rel="stylesheet" href="css/animation.css" />
+        <link rel="stylesheet" href="css/animation.css?v=2" />
        <script src="js/script.js"></script>
    </head>
    <body>

--- a/service-logos/account-manager.png
+++ b/service-logos/account-manager.png
--- a/service-logos/asiago.gif
+++ b/service-logos/asiago.gif
--- a/service-logos/grouper.png
+++ b/service-logos/grouper.png
--- a/service-logos/tng.png
+++ b/service-logos/tng.png
--- a/views/index.php
+++ b/views/index.php
@@ -6,7 +6,16 @@ include 'include/header.php';
 <?php if ($session->user === null) { ?>
    <div class="row">
        <div class="col-xs-12">
-            <h1 class="text-center page-title"><?php echo $session->getCallbackTitle(); ?></h1>
+            <h1 class="text-center page-title">
+                <?php
+                if ($session->getCallbackLogo() != null) {
+                    ?>
+                    <img class="service-logo" src="service-logos/<?php echo $session->getCallbackLogo(); ?>" alt="" />
+                    <?php
+                }
+                echo $session->getCallbackTitle();
+                ?>
+            </h1>
        </div>
    </div>
    <div class="row" id="auth-panel">

--- a/views/services-list.php
+++ b/views/services-list.php
+<?php
+include 'include/header.php';
+?>
+<div class="col-sm-offset-2 col-sm-10 services-list-wrapper">
+    <p>Please choose the service where you want to login:</p>
+    <ul>
+        <li>
+            <form action="<?php echo $action; ?>" method="POST">
+                <input name="callback" type="hidden" value="http://archives.ia2.inaf.it/tng/rest/login/rapinput" />
+                <input type="submit" class="btn btn-link" value="Telescopio Nazionale Galileo (TNG) portal" />
+            </form>
+        </li>
+        <li>
+            <form action="<?php echo $action; ?>" method="POST">
+                <input name="callback" type="hidden" value="http://archives.ia2.inaf.it/aao/rest/login/rapinput" />
+                <input type="submit" class="btn btn-link" value="Asiago Astrophysical Observatory portal" />
+            </form>
+        </li>
+        <li>
+            <form action="<?php echo $action; ?>" method="POST">
+                <input name="callback" type="hidden" value="<?php echo $action; ?>" />
+                <input type="submit" class="btn btn-link" value="RAP Account Management" />
+            </form>
+        </li>
+        <li>
+            <form action="<?php echo $action; ?>" method="POST">
+                <input name="callback" type="hidden" value="https://sso.ia2.inaf.it/grouper" />
+                <input type="submit" class="btn btn-link" value="Grouper (groups management)" />
+            </form>
+        </li>
+    </ul>
+    <br/>
+</div>
+<?php
+include 'include/footer.php';