diff --git a/Dockerfile b/Dockerfile
index 6de6318ced5a1f38d01f3cff4a9ebb62b59ff521..98be7a84d85f6ae8f685ceec7f988bdf76be5450 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,10 +15,13 @@ RUN apt-get update && \
make \
wget \
ca-certificates \
+ ssl-cert \
vim
# Copying Shibboleth SP configuration
-COPY docker/shibboleth2.xml /etc/shibboleth/
+COPY docker/shibboleth/shibboleth2.xml /etc/shibboleth/
+COPY docker/shibboleth/sp-key.pem /etc/shibboleth/
+COPY docker/shibboleth/sp-cert.pem /etc/shibboleth/
# Installing Embedded Discovery Service
WORKDIR /usr/local/src
@@ -39,6 +42,8 @@ RUN a2enconf rap.conf
# Enable mod_rewrite (for Flight framework)
RUN a2enmod rewrite
+RUN a2enmod ssl
+RUN a2ensite default-ssl
# Copying RAP php files
WORKDIR /var/www/html
@@ -48,5 +53,5 @@ WORKDIR /var/www/html/rap-ia2
RUN mkdir -p logs
RUN chown -R www-data logs
-# Starting Apache
-CMD apachectl -D FOREGROUND
+# Starting shibd & Apache
+CMD service shibd start && apachectl -D FOREGROUND
diff --git a/classes/Locator.php b/classes/Locator.php
index 35fe98275fd6c16848b37d7469e57b664b537d50..75e183d2594ff42e145816831f9614dba5b162e0 100644
--- a/classes/Locator.php
+++ b/classes/Locator.php
@@ -25,7 +25,7 @@ class Locator {
}
public function getProtocol(): string {
- return stripos($_SERVER['SERVER_PROTOCOL'], 'https') ? 'https://' : 'http://';
+ return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://';
}
public function getBasePath(): string {
diff --git a/docker/rap.conf b/docker/rap.conf
index dc0c73acb632e79fffd05daebcebd70f7f20c291..e3cf285df6fb910fefb41bff02c9c614ce52dd4c 100644
--- a/docker/rap.conf
+++ b/docker/rap.conf
@@ -1,3 +1,30 @@
AllowOverride All
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Order allow,deny
+ allow from all
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ SSLOptions +ExportCertData
+
+
+
+ AuthType shibboleth
+ ShibRequestSetting requireSession 1
+ Require valid-user
+
+
+#
+# AuthType shibboleth
+# ShibRequestSetting requireSession 1
+# Require valid-user
+#
+
+
+ Order deny,allow
+ Deny From All
+
diff --git a/include/admin.php b/include/admin.php
index b8814ce96dca381611b7684c1805f945c072cdd2..06f6f87bc20e147e5b93bb087c6dc2b93153c388 100644
--- a/include/admin.php
+++ b/include/admin.php
@@ -7,9 +7,10 @@
function checkUser() {
- startSession();
+ session_start();
+ global $locator;
- global $session;
+ $session = $locator->getSession();
if ($session->getUser() === null) {
http_response_code(401);
die("You must be registered to perform this action");
@@ -29,9 +30,9 @@ Flight::route('GET /admin', function() {
Flight::route('GET /admin/oauth2_clients', function() {
checkUser();
- global $dao;
+ global $locator;
- $clients = $dao->getOAuth2Clients();
+ $clients = $locator->getOAuth2ClientDAO()->getOAuth2Clients();
Flight::json($clients);
});
@@ -39,9 +40,9 @@ Flight::route('GET /admin/oauth2_clients', function() {
Flight::route('POST /admin/oauth2_clients', function() {
checkUser();
- global $dao;
+ global $locator;
- $client = $dao->createOAuth2Client(buildOAuth2ClientFromData());
+ $client = $locator->getOAuth2ClientDAO()->createOAuth2Client(buildOAuth2ClientFromData());
Flight::json($client);
});
@@ -49,9 +50,9 @@ Flight::route('POST /admin/oauth2_clients', function() {
Flight::route('PUT /admin/oauth2_clients', function() {
checkUser();
- global $dao;
+ global $locator;
- $client = $dao->updateOAuth2Client(buildOAuth2ClientFromData());
+ $client = $locator->getOAuth2ClientDAO()->updateOAuth2Client(buildOAuth2ClientFromData());
Flight::json($client);
});
@@ -59,9 +60,9 @@ Flight::route('PUT /admin/oauth2_clients', function() {
Flight::route('DELETE /admin/oauth2_clients/@id', function($id) {
checkUser();
- global $dao;
+ global $locator;
- $dao->deleteOAuth2Client($id);
+ $locator->getOAuth2ClientDAO()->deleteOAuth2Client($id);
// Return no content
Flight::halt(204);
@@ -76,7 +77,7 @@ function buildOAuth2ClientFromData() {
if (isset($data['id'])) {
$client->id = $data['id'];
}
- $client->name = $data['name'];
+ $client->title = $data['title'];
$client->icon = $data['icon'];
$client->client = $data['client'];
$client->secret = $data['secret'];
diff --git a/include/front-controller.php b/include/front-controller.php
index 2b2ab02b67fd72df238619b47ee2b14ee15517ad..f65a202e2b7704da815bf912a54a974308d8d131 100644
--- a/include/front-controller.php
+++ b/include/front-controller.php
@@ -133,7 +133,7 @@ Flight::route('GET /logout', function() {
});
function sendAuthRedirect($url) {
- startSession();
+ session_start();
// reload callback from query to avoid problem with session shared between
// multiple browser tabs
setCallback(Flight::request()->query['callback']);
@@ -218,8 +218,9 @@ Flight::route('/local', function() {
*/
Flight::route('GET /x509-name-surname', function() {
- startSession();
- global $session, $BASE_PATH, $VERSION;
+ session_start();
+ global $locator, $BASE_PATH, $VERSION;
+ $session = $locator->getSession();
if ($session->getX509DataToRegister() !== null && $session->getX509DataToRegister()->name === null) {
Flight::render('x509-name-surname.php', array('title' => 'Select name and surname',
diff --git a/views/admin/index.php b/views/admin/index.php
index 16c4f5b3a13c729c9d4f5b815697f86ba89cd664..1122da59d9eaedf39d4c270b9f11053948b59741 100644
--- a/views/admin/index.php
+++ b/views/admin/index.php
@@ -24,15 +24,15 @@ include 'include/header.php';
- {{client.name}}
+ {{client.title}}