From 8a9b8695da461785f5fce00c14a2085f4130bd8f Mon Sep 17 00:00:00 2001 From: Sonia Zorba Date: Thu, 22 Aug 2019 17:57:06 +0200 Subject: [PATCH] Admin panel bugfix and Docker changes --- Dockerfile | 11 ++++++++--- classes/Locator.php | 2 +- docker/rap.conf | 27 +++++++++++++++++++++++++++ include/admin.php | 23 ++++++++++++----------- include/front-controller.php | 7 ++++--- views/admin/index.php | 8 ++++---- 6 files changed, 56 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6de6318..98be7a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,10 +15,13 @@ RUN apt-get update && \ make \ wget \ ca-certificates \ + ssl-cert \ vim # Copying Shibboleth SP configuration -COPY docker/shibboleth2.xml /etc/shibboleth/ +COPY docker/shibboleth/shibboleth2.xml /etc/shibboleth/ +COPY docker/shibboleth/sp-key.pem /etc/shibboleth/ +COPY docker/shibboleth/sp-cert.pem /etc/shibboleth/ # Installing Embedded Discovery Service WORKDIR /usr/local/src @@ -39,6 +42,8 @@ RUN a2enconf rap.conf # Enable mod_rewrite (for Flight framework) RUN a2enmod rewrite +RUN a2enmod ssl +RUN a2ensite default-ssl # Copying RAP php files WORKDIR /var/www/html @@ -48,5 +53,5 @@ WORKDIR /var/www/html/rap-ia2 RUN mkdir -p logs RUN chown -R www-data logs -# Starting Apache -CMD apachectl -D FOREGROUND +# Starting shibd & Apache +CMD service shibd start && apachectl -D FOREGROUND diff --git a/classes/Locator.php b/classes/Locator.php index 35fe982..75e183d 100644 --- a/classes/Locator.php +++ b/classes/Locator.php @@ -25,7 +25,7 @@ class Locator { } public function getProtocol(): string { - return stripos($_SERVER['SERVER_PROTOCOL'], 'https') ? 'https://' : 'http://'; + return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://'; } public function getBasePath(): string { diff --git a/docker/rap.conf b/docker/rap.conf index dc0c73a..e3cf285 100644 --- a/docker/rap.conf +++ b/docker/rap.conf @@ -1,3 +1,30 @@ AllowOverride All + + + Options Indexes FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + SSLVerifyClient require + SSLVerifyDepth 10 + SSLOptions +ExportCertData + + + + AuthType shibboleth + ShibRequestSetting requireSession 1 + Require valid-user + + +# +# AuthType shibboleth +# ShibRequestSetting requireSession 1 +# Require valid-user +# + + + Order deny,allow + Deny From All + diff --git a/include/admin.php b/include/admin.php index b8814ce..06f6f87 100644 --- a/include/admin.php +++ b/include/admin.php @@ -7,9 +7,10 @@ function checkUser() { - startSession(); + session_start(); + global $locator; - global $session; + $session = $locator->getSession(); if ($session->getUser() === null) { http_response_code(401); die("You must be registered to perform this action"); @@ -29,9 +30,9 @@ Flight::route('GET /admin', function() { Flight::route('GET /admin/oauth2_clients', function() { checkUser(); - global $dao; + global $locator; - $clients = $dao->getOAuth2Clients(); + $clients = $locator->getOAuth2ClientDAO()->getOAuth2Clients(); Flight::json($clients); }); @@ -39,9 +40,9 @@ Flight::route('GET /admin/oauth2_clients', function() { Flight::route('POST /admin/oauth2_clients', function() { checkUser(); - global $dao; + global $locator; - $client = $dao->createOAuth2Client(buildOAuth2ClientFromData()); + $client = $locator->getOAuth2ClientDAO()->createOAuth2Client(buildOAuth2ClientFromData()); Flight::json($client); }); @@ -49,9 +50,9 @@ Flight::route('POST /admin/oauth2_clients', function() { Flight::route('PUT /admin/oauth2_clients', function() { checkUser(); - global $dao; + global $locator; - $client = $dao->updateOAuth2Client(buildOAuth2ClientFromData()); + $client = $locator->getOAuth2ClientDAO()->updateOAuth2Client(buildOAuth2ClientFromData()); Flight::json($client); }); @@ -59,9 +60,9 @@ Flight::route('PUT /admin/oauth2_clients', function() { Flight::route('DELETE /admin/oauth2_clients/@id', function($id) { checkUser(); - global $dao; + global $locator; - $dao->deleteOAuth2Client($id); + $locator->getOAuth2ClientDAO()->deleteOAuth2Client($id); // Return no content Flight::halt(204); @@ -76,7 +77,7 @@ function buildOAuth2ClientFromData() { if (isset($data['id'])) { $client->id = $data['id']; } - $client->name = $data['name']; + $client->title = $data['title']; $client->icon = $data['icon']; $client->client = $data['client']; $client->secret = $data['secret']; diff --git a/include/front-controller.php b/include/front-controller.php index 2b2ab02..f65a202 100644 --- a/include/front-controller.php +++ b/include/front-controller.php @@ -133,7 +133,7 @@ Flight::route('GET /logout', function() { }); function sendAuthRedirect($url) { - startSession(); + session_start(); // reload callback from query to avoid problem with session shared between // multiple browser tabs setCallback(Flight::request()->query['callback']); @@ -218,8 +218,9 @@ Flight::route('/local', function() { */ Flight::route('GET /x509-name-surname', function() { - startSession(); - global $session, $BASE_PATH, $VERSION; + session_start(); + global $locator, $BASE_PATH, $VERSION; + $session = $locator->getSession(); if ($session->getX509DataToRegister() !== null && $session->getX509DataToRegister()->name === null) { Flight::render('x509-name-surname.php', array('title' => 'Select name and surname', diff --git a/views/admin/index.php b/views/admin/index.php index 16c4f5b..1122da5 100644 --- a/views/admin/index.php +++ b/views/admin/index.php @@ -24,15 +24,15 @@ include 'include/header.php'; - {{client.name}} + {{client.title}}  
- +
-

{{client.name}}

- +

{{client.title}}

+
-- GitLab