Skip to content
Snippets Groups Projects
Commit 4e0c3d3a authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Changes for being compliant with new GDPR law

parent c02895f4
No related branches found
No related tags found
No related merge requests found
......@@ -98,7 +98,10 @@ if ($user === null) {
$user->addIdentity($identity);
$userHandler->saveUser($user);
$session->userToLogin = $user;
$session->save();
header('Location: ' . $BASE_PATH . '/tou-check');
die();
}
$auditLog->info("LOGIN,Facebook," . $user->id);
......
......@@ -92,7 +92,10 @@ if ($client->getAccessToken()) {
$user->addIdentity($identity);
$userHandler->saveUser($user);
$session->userToLogin = $user;
$session->save();
header('Location: ' . $BASE_PATH . '/tou-check');
die();
}
$auditLog->info("LOGIN,Google," . $user->id);
......
......@@ -118,7 +118,10 @@ if ($info2['http_code'] === 200) {
$user->addIdentity($identity);
$userHandler->saveUser($user);
$session->userToLogin = $user;
$session->save();
header('Location: ' . $BASE_PATH . '/tou-check');
die();
}
$auditLog->info("LOGIN,LinkedIn," . $user->id);
......
......@@ -57,7 +57,10 @@ if (isset($_SERVER['Shib-Session-ID'])) {
$user->addIdentity($identity);
$userHandler->saveUser($user);
$session->userToLogin = $user;
$session->save();
header('Location: ' . $BASE_PATH . '/tou-check');
die();
}
$auditLog->info("LOGIN,eduGAIN," . $user->id);
......
......@@ -32,29 +32,14 @@
include '../../include/init.php';
startSession();
function saveUserFromX509Data($x509Data) {
global $session, $userHandler;
$user = new RAP\User();
$identity = new RAP\Identity(RAP\Identity::X509);
$identity->email = $x509Data->email;
$identity->name = $x509Data->name;
$identity->surname = $x509Data->surname;
$identity->typedId = $x509Data->serialNumber;
$identity->institution = $x509Data->institution;
$user->addIdentity($identity);
$userHandler->saveUser($user);
if (isset($_SERVER['SSL_CLIENT_VERIFY']) && isset($_SERVER['SSL_CLIENT_V_REMAIN']) &&
$_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS' && $_SERVER['SSL_CLIENT_V_REMAIN'] > 0) {
$session->x509DataToRegister = null;
$session->save();
$x509Data = RAP\X509Data::parse($_SERVER);
return $user;
}
$user = $userHandler->findUserByIdentity(RAP\Identity::X509, $x509Data->serialNumber);
if ($user === null) {
/**
* We want to extract name and surname from the X.509 certificate, however X.509
* puts name and surname together (inside the CN field).
......@@ -64,34 +49,21 @@ function saveUserFromX509Data($x509Data) {
* the page views/x509-name-surname.php is shown to the user before completing the
* registration, in order to allow him/her selecting the correct name and surname.
*/
if ($session->x509DataToRegister !== null && $session->x509DataToRegister->name !== null) {
$user = saveUserFromX509Data($session->x509DataToRegister);
} else {
if (isset($_SERVER['SSL_CLIENT_VERIFY']) && isset($_SERVER['SSL_CLIENT_V_REMAIN']) &&
$_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS' && $_SERVER['SSL_CLIENT_V_REMAIN'] > 0) {
$x509Data = RAP\X509Data::parse($_SERVER);
$user = $userHandler->findUserByIdentity(RAP\Identity::X509, $x509Data->serialNumber);
if ($user === null) {
if ($x509Data->name === null) {
$session->x509DataToRegister = $x509Data;
$session->save();
header('Location: ' . $BASE_PATH . '/x509-name-surname');
die();
} else {
$user = saveUserFromX509Data($x509Data);
$session->userToLogin = $x509Data->toUser();
$session->save();
header('Location: ' . $BASE_PATH . '/tou-check');
}
die();
} else {
$auditLog->info("LOGIN,X.509," . $user->id);
$callbackHandler->manageLoginRedirect($user, $session);
}
} else {
http_response_code(500);
die("Unable to verify client certificate");
}
}
$auditLog->info("LOGIN,X.509," . $user->id);
$callbackHandler->manageLoginRedirect($user, $session);
......@@ -37,6 +37,10 @@ class SessionData {
public $user;
public $userSearchResults;
public $x509DataToRegister;
// user which is going to perform the login (we need to store this in the
// session because we need to check the Terms of Use user consensus, so we
// redirect to another page after retrieving user data.
public $userToLogin;
/**
* @todo: move DAO away from here
......
......@@ -88,6 +88,9 @@ class X509Data {
$this->email = $AyAlt[1];
}
}
if ($this->email === null && isset($parsedX509["subject"]) && isset($parsedX509["subject"]["emailAddress"])) {
$this->email = $parsedX509["subject"]["emailAddress"];
}
$this->serialNumber = $parsedX509["serialNumber"];
......@@ -200,4 +203,20 @@ class X509Data {
return $parsedData;
}
public function toUser() {
$user = new User();
$identity = new Identity(Identity::X509);
$identity->email = $this->email;
$identity->name = $this->name;
$identity->surname = $this->surname;
$identity->typedId = $this->serialNumber;
$identity->institution = $this->institution;
$user->addIdentity($identity);
return $user;
}
}
......@@ -159,6 +159,7 @@ Flight::route('GET /x509-name-surname', function() {
} else {
// Redirect to index
header("Location: " . $BASE_PATH);
die();
}
});
......@@ -170,11 +171,54 @@ Flight::route('POST /submit-x509-name', function() {
$selectedNameIndex = Flight::request()->data['selected-name'];
error_log('index=' . $selectedNameIndex);
startSession();
global $session, $BASE_PATH;
if ($session->x509DataToRegister !== null) {
$session->x509DataToRegister->selectCandidateName($selectedNameIndex);
header("Location: " . $BASE_PATH . '/x509');
$session->userToLogin = $session->x509DataToRegister->toUser();
$session->x509DataToRegister = null;
$session->save();
header("Location: " . $BASE_PATH . '/tou-check');
die();
} else {
die('X.509 data not returned');
}
});
Flight::route('GET /tou-check', function() {
startSession();
global $session, $BASE_PATH, $VERSION;
if ($session->userToLogin === null) {
die("User data not retrieved.");
} else {
Flight::render('tou-check.php', array('title' => 'Terms of Use acceptance',
'user' => $session->userToLogin,
'version' => $VERSION,
'registration_url' => $BASE_PATH . '/register'));
}
});
Flight::route('GET /register', function() {
startSession();
global $session, $userHandler, $auditLog, $callbackHandler;
if ($session->userToLogin === null) {
die("User data not retrieved.");
} else {
$user = $session->userToLogin;
$userHandler->saveUser($user);
$session->userToLogin = null;
$session->save();
$auditLog->info("LOGIN," . $user->identities[0]->type . "," . $user->id);
$callbackHandler->manageLoginRedirect($user, $session);
}
});
$('#tou-ck').on('change', function () {
if ($(this).is(':checked')) {
$('#tou-submit').removeClass('hide');
} else {
$('#tou-submit').addClass('hide');
}
});
......@@ -14,6 +14,7 @@ CREATE TABLE `identity` (
`surname` varchar(255) DEFAULT NULL,
`institution` varchar(255) DEFAULT NULL,
`eppn` varchar(255) DEFAULT NULL,
`tou_accepted` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
FOREIGN KEY (`user_id`) REFERENCES `user`(`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
......
<?php
include 'include/header.php';
?>
<br/>
<div class="text-center">
<p>If you proceed, following data will be stored into IA2 user database:</p>
</div>
<div class="row">
<div class="col-xs-12 col-sm-8 col-sm-offset-2 col-md-6 col-md-offset-3">
<div class="panel">
<div class="panel-body">
<?php
$readOnly = true;
include 'include/user-data.php';
?>
</div>
</div>
</div>
</div>
<div class="row text-center">
<strong>
<span class="glyphicon glyphicon-info-sign"></span>
For using IA2 services you need to accept our <a href="https://sso.ia2.inaf.it/home/privacy.php?lang=en" target="blank_">privacy policy</a>.
</strong>
<div class="checkbox">
<label>
<input type="checkbox" id="tou-ck" />
I accept IA2 services Terms of Use.
</label>
</div>
<form method="GET" action="<?php echo $registration_url; ?>">
<input type="submit" class="btn btn-primary hide" id="tou-submit" value="Submit" />
</form>
</div>
<script src="js/tou.js"></script>
<br/>
<?php
include 'include/footer.php';
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment