Skip to content
Snippets Groups Projects
Commit 40824ca8 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Join implementation changes

parent b03c9c9a
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
classes/IdTokenBuilder.php
+ 6
2
View file @ 40824ca8
...@@ -27,7 +27,7 @@ class IdTokenBuilder { ...@@ -27,7 +27,7 @@ class IdTokenBuilder {
$payloadArr = array( $payloadArr = array(
'iss' => $this->locator->config->jwtIssuer, 'iss' => $this->locator->config->jwtIssuer,
'sub' => $user->id, 'sub' => strval($user->id),
'iat' => intval($accessToken->creationTime), 'iat' => intval($accessToken->creationTime),
'exp' => intval($accessToken->expirationTime), 'exp' => intval($accessToken->expirationTime),
'name' => $user->getCompleteName(), 'name' => $user->getCompleteName(),
...@@ -49,6 +49,10 @@ class IdTokenBuilder { ...@@ -49,6 +49,10 @@ class IdTokenBuilder {
} }
} }
if ($accessToken->joinUser !== null) {
$payloadArr['alt_sub'] = strval($accessToken->joinUser);
}
return $payloadArr; return $payloadArr;
} }
......
classes/UserHandler.php
+ 21
21
View file @ 40824ca8
...@@ -63,44 +63,28 @@ class UserHandler { ...@@ -63,44 +63,28 @@ class UserHandler {
} }
} }
/**
* Build an URL for the web service endpoint that needs to be called in order
* to move groups from one user to the other during a join operation.
* @return string grouper URL for the PrepareToJoinServlet
*/
private function getJoinURL() {
$joinURL = $this->grouperConfig['wsURL'];
if (substr($joinURL, -1) !== '/') {
$joinURL .= '/';
}
$joinURL .= 'ia2join';
return $joinURL;
}
public function joinUsers(User $user1, User $user2): User { public function joinUsers(User $user1, User $user2): User {
$userId1 = $user1->id; $userId1 = $user1->id;
$userId2 = $user2->id; $userId2 = $user2->id;
// Call Grouper for moving groups and privileges from one user to the other // Call Grouper for moving groups and privileges from one user to the other
if (isset($this->locator->config->gmsConfig)) { if (isset($this->locator->config->gms)) {
// TODO: change with new GMS // TODO: change with new GMS
//create cURL connection //create cURL connection
$conn = curl_init($this->getJoinURL()); $conn = curl_init($this->locator->config->gms->joinEndpoint);
//set options //set options
curl_setopt($conn, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($conn, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($conn, CURLOPT_RETURNTRANSFER, true); curl_setopt($conn, CURLOPT_RETURNTRANSFER, true);
curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($conn, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($conn, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($conn, CURLOPT_USERPWD, $this->grouperConfig['user'] . ":" . $this->grouperConfig['password']); curl_setopt($conn, CURLOPT_HTTPHEADER, ['Authorization: Bearer '
. $this->getJoinIdToken($userId1, $userId2)]);
//set data to be posted //set data to be posted
curl_setopt($conn, CURLOPT_POST, 1); curl_setopt($conn, CURLOPT_POST, 1);
curl_setopt($conn, CURLOPT_POSTFIELDS, "subject1Id=RAP:$userId1&subject2Id=RAP:$userId2");
//perform the request //perform the request
$response = curl_exec($conn); $response = curl_exec($conn);
...@@ -111,8 +95,9 @@ class UserHandler { ...@@ -111,8 +95,9 @@ class UserHandler {
} else { } else {
//show information regarding the error //show information regarding the error
curl_close($conn); curl_close($conn);
error_log($response);
http_response_code(500); http_response_code(500);
die('Error: Grouper response code: ' . $info['http_code']); die('Error: GMS response code: ' . $info['http_code'] . "\n");
} }
} }
...@@ -128,4 +113,19 @@ class UserHandler { ...@@ -128,4 +113,19 @@ class UserHandler {
return $user1; return $user1;
} }
private function getJoinIdToken(int $userId1, int $userId2): string {
$gmsId = $this->locator->config->gms->id;
$accessToken = new AccessToken();
$accessToken->clientId = $gmsId;
$accessToken->userId = $userId1;
$accessToken->joinUser = $userId2;
// shorter expiration
$accessToken->expirationTime = $accessToken->creationTime + 100;
$accessToken->scope = ['openid'];
return $this->locator->getIdTokenBuilder()->getIdToken($accessToken);
}
} }
classes/model/AccessToken.php
+ 1
0
View file @ 40824ca8
...@@ -19,6 +19,7 @@ class AccessToken { ...@@ -19,6 +19,7 @@ class AccessToken {
public $redirectUri; public $redirectUri;
public $clientId; public $clientId;
public $scope; public $scope;
public $joinUser;
public function isExpired(): bool { public function isExpired(): bool {
return $this->expirationTime < time(); return $this->expirationTime < time();
......
config-example.json
+ 2
3
View file @ 40824ca8
...@@ -45,8 +45,7 @@ ...@@ -45,8 +45,7 @@
} }
}, },
"gms": { "gms": {
"baseUrl": "https://sso.ia2.inaf.it/gms", "id": "gms",
"clientId": "rap", "joinEndpoint": "http://localhost:8082/gms/ws/jwt/join"
"clientSecret": "rap-secret"
} }
} }
exec/join.php 0 → 100644
+ 31
0
View file @ 40824ca8
<?php
if($argc !== 3) {
echo "Usage: php $argv[0] <user_id_1> <user_id_2>\n";
echo "The second id will be deleted.\n";
exit(1);
}
chdir(dirname(__FILE__));
include '../include/init.php';
$dao = $locator->getUserDAO();
$handler = $locator->getUserHandler();
$tokenBuilder = $locator->getIdTokenBuilder();
$user1 = $dao->findUserById((int) $argv[1]);
if($user1 === null) {
echo "User $argv[1] not found";
exit(1);
}
$user2 = $dao->findUserById((int) $argv[2]);
if($user2 === null) {
echo "User $argv[2] not found";
exit(1);
}
$handler->joinUsers($user1, $user2);
echo "OK\n";
include/rest-web-service.php
+ 0
61
View file @ 40824ca8
...@@ -2,41 +2,10 @@ ...@@ -2,41 +2,10 @@
/** /**
* REST Web Service using http://flightphp.com/ * REST Web Service using http://flightphp.com/
* This Web Service should be called only by authorized applications external to
* RAP, so this directory should be password protected.
*
* Apache configuration:
* <Location "/rap-ia2/ws">
* AuthType basic
* AuthName RAP
* AuthUserFile rap-service-passwd
* Require valid-user
* </Location>
*/ */
// //
$WS_PREFIX = '/ws'; $WS_PREFIX = '/ws';
/**
* Retrieve user information from login token.
*/
Flight::route('GET ' . $WS_PREFIX . '/user-info', function() {
global $dao;
$token = Flight::request()->query['token'];
$userData = $dao->findLoginToken($token);
if (is_null($userData)) {
http_response_code(404);
die("Token not found");
}
$dao->deleteLoginToken($token);
header('Content-Type: text/plain');
echo $userData;
});
/** /**
* Retrieve user information from user ID. * Retrieve user information from user ID.
*/ */
...@@ -117,33 +86,3 @@ Flight::route('POST ' . $WS_PREFIX . '/user', function() { ...@@ -117,33 +86,3 @@ Flight::route('POST ' . $WS_PREFIX . '/user', function() {
Flight::json($user); Flight::json($user);
}); });
/**
* Performs a join.
*/
Flight::route('POST ' . $WS_PREFIX . '/join', function() {
global $locator;
$locator->getOAuth2RequestHandler()->validateToken();
$postData = Flight::request()->data;
$userId1 = $postData['user1'];
$userId2 = $postData['user2'];
$user1 = $locator->getUserDAO()->findUserById($userId1);
if ($user1 === null) {
throw new BadRequestException("User " . $userId1 . " doesn't exists");
}
$user2 = $locator->getUserDAO()->findUserById($userId2);
if ($user2 === null) {
throw new BadRequestException("User " . $userId2 . " doesn't exists");
}
$locator->getUserHandler()->joinUsers($user1, $user2);
// if the join has success, returns the remaining user id
echo $userId1;
});
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment