Started refactoring for making the code more testable. Added first unit test

a3a886de · Sonia Zorba · 9eea552f · a3a886de · a3a886de · 9eea552f
Commit a3a886de authored 6 years ago by Sonia Zorba
--- a/.gitignore
+++ b/.gitignore
 composer.lock
 config.php
+config.json
 logs/
 vendor/
 client-icons/

--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ Requirements:
 On Ubuntu:
-    sudo apt install apache2 mariadb-server libapache2-mod-php mariadb-server
+    sudo apt install apache2 mariadb-server libapache2-mod-php mariadb-server php7.2-xml
 ### PHP

--- a/auth/oauth2/index.php
+++ b/auth/oauth2/index.php
-<?php
-include '../../include/init.php';
-startSession();
-global $dao;
-if (!isset($_REQUEST['client_id'])) {
-    http_response_code(400);
-    die("Client id is required");
-}
-if (!isset($_REQUEST['redirect_uri'])) {
-    http_response_code(400);
-    die("Redirect URI is required");
-}
-$clientId = $_REQUEST['client_id'];
-$redirectUrl = $_REQUEST['redirect_uri'];
-$client = $dao->getOAuth2ClientByClientId($clientId);
-if ($client === null) {
-    http_response_code(400);
-    die("Invalid client id: " . $clientId);
-}
-if ($client->redirectUrl !== $redirectUrl) {
-    http_response_code(400);
-    die("Invalid client redirect URI: " . $redirectUrl);
-}
-$alg;
-if (isset($_REQUEST['alg'])) {
-    $alg = $_REQUEST['alg'];
-} else {
-    $alg = "RS256";
-}
-if (isset($_GET['code'])) {
-} else {
-    if (!isset($_REQUEST['state'])) {
-        http_response_code(400);
-        die("State is required");
-    }
-}
-$oauth2Data = new \RAP\OAuth2Data();
-$oauth2Data->clientName = $client->name;
-$oauth2Data->clientIcon = $client->icon;
-$oauth2Data->clientId = $client->id;
-$oauth2Data->redirectUrl = $client->redirectUrl;
-global $session;
-$session->setOAuth2Data($oauth2Data);
\ No newline at end of file
--- a/classes/AuthPageModel.php
+++ b/classes/AuthPageModel.php
+<?php
+namespace RAP;
+/**
+ * Model for the main RAP page (authentication method choice).
+ */
+class AuthPageModel {
+    // boolean flags
+    public $eduGAIN;
+    public $orcid;
+    public $x509;
+    public $google;
+    public $facebook;
+    public $linkedIn;
+    public $localIdP;
+    //
+    public $clientIcon;
+    public $clientTitle;
+    public $localIdPConfig;
+    public function __construct(\RAP\Locator $locator, \RAP\RAPClient $client) {
+        $config = $locator->config;
+        $this->setupAuthenticationMethodFlags($config, $client);
+        if ($this->localIdP) {
+            $this->localIdPConfig = $config->authenticationMethods->LocalIdP;
+        }
+        if (isset($client->icon)) {
+            $this->clientIcon = $client->getIconBasePath() . $client->icon;
+        }
+        $this->clientTitle = $client->title;
+    }
+    private function setupAuthenticationMethodFlags($config, $client) {
+        $this->eduGAIN = isset($config->authenticationMethods->eduGAIN) &&
+                in_array(AuthenticationMethods::EDU_GAIN, $client->authMethods);
+        $this->orcid = isset($config->authenticationMethods->Orcid) &&
+                in_array(AuthenticationMethods::ORCID, $client->authMethods);
+        $this->x509 = isset($config->authenticationMethods->X509) &&
+                in_array(AuthenticationMethods::X509, $client->authMethods);
+        $this->google = isset($config->authenticationMethods->Google) &&
+                in_array(AuthenticationMethods::GOOGLE, $client->authMethods);
+        $this->facebook = isset($config->authenticationMethods->Facebook) &&
+                in_array(AuthenticationMethods::FACEBOOK, $client->authMethods);
+        $this->linkedIn = isset($config->authenticationMethods->LinkedIn) &&
+                in_array(AuthenticationMethods::LINKED_IN, $client->authMethods);
+        $this->localIdP = isset($config->authenticationMethods->LocalIdP) &&
+                in_array(AuthenticationMethods::LOCAL_IDP, $client->authMethods);
+    }
+}
--- a/classes/AuthenticationMethods.php
+++ b/classes/AuthenticationMethods.php
+<?php
+namespace RAP;
+abstract class AuthenticationMethods {
+    const EDU_GAIN = "eduGAIN";
+    const ORCID = "Orcid";
+    const X509 = "X.509";
+    const GOOGLE = "Google";
+    const LINKED_IN = "LinkedIn";
+    const FACEBOOK = "Facebook";
+    const LOCAL_IDP = "LocalIdP";
+    public static function getAllMethods() {
+        return [
+            AuthenticationMethods::EDU_GAIN,
+            AuthenticationMethods::ORCID,
+            AuthenticationMethods::X509,
+            AuthenticationMethods::GOOGLE,
+            AuthenticationMethods::LINKED_IN,
+            AuthenticationMethods::FACEBOOK,
+            AuthenticationMethods::LOCAL_IDP
+        ];
+    }
+}
--- a/classes/DAO.php
+++ b/classes/DAO.php
@@ -130,9 +130,9 @@ interface DAO {
     */
    function getOAuth2Clients();
-    function createOAuth2Client($client);
+    function createOAuth2Client($client) : OAuth2Client;
-    function updateOAuth2Client($client);
+    function updateOAuth2Client($client) : OAuth2Client;
    function deleteOAuth2Client($clientId);
@@ -140,5 +140,5 @@ interface DAO {
     * Retrieve the client from the configured client id (the one associated to
     * the secret, not the database id).
     */
-    function getOAuth2ClientByClientId($clientId);
+    function getOAuth2ClientByClientId($clientId) : ?OAuth2Client;
 }
--- a/classes/InternalClient.php
+++ b/classes/InternalClient.php
+<?php
+namespace RAP;
+class InternalClient extends RAPClient {
+    public function __construct() {
+        $this->authMethods = AuthenticationMethods::getAllMethods();
+    }
+    public function getIconBasePath() {
+        return 'service-logos/';
+    }
+}
--- a/classes/Locator.php
+++ b/classes/Locator.php
+<?php
+namespace RAP;
+/**
+ * Class implementing the locator pattern in order to implement a rough dependency injection.
+ */
+class Locator {
+    public $config;
+    private $serviceLogger;
+    private $auditLogger;
+    private $dao;
+    private $session;
+    private $version;
+    public function __construct($config) {
+        $this->config = $config;
+        $this->setupLoggers();
+        $this->setupDAO();
+        $this->version = file_get_contents(ROOT . '/version.txt');
+    }
+    public function getVersion(): string {
+        return $this->version;
+    }
+    public function getProtocol(): string {
+        return stripos($_SERVER['SERVER_PROTOCOL'], 'https') ? 'https://' : 'http://';
+    }
+    public function getBasePath(): string {
+        return $this->getProtocol() . $_SERVER['HTTP_HOST'] . $this->config->contextRoot;
+    }
+    public function getDAO(): DAO {
+        return $this->dao;
+    }
+    public function getCallbackHandler(): CallbackHandler {
+        return new \RAP\CallbackHandler($dao, $this->getBasePath());
+    }
+    public function getUserHandler(): UserHandler {
+        return new \RAP\UserHandler($this->dao);
+    }
+    public function getMailSender(): MailSender {
+        return new \RAP\MailSender($_SERVER['HTTP_HOST'], $this->getBasePath());
+    }
+    /**
+     * Retrieve the SessionData object from the $_SESSION PHP variable. Create a
+     * new one if it is necessary.
+     */
+    public function getSession(): SessionData {
+        if (isset($_SESSION[\RAP\SessionData::KEY])) {
+            $this->session = $_SESSION[SessionData::KEY];
+        } else {
+            $this->session = new \RAP\SessionData();
+            $this->session->save();
+        }
+        return $this->session;
+    }
+    public function getServiceLogger() {
+        return $this->serviceLogger;
+    }
+    public function getAuditLogger() {
+        return $this->auditLogger;
+    }
+    private function setupLoggers() {
+        // Monolog require timezone to be set
+        date_default_timezone_set($this->config->timeZone);
+        $logLevel = array_search($this->config->logLevel, \Monolog\Logger::getLevels());
+        $this->serviceLogger = new \Monolog\Logger('serviceLogger');
+        $this->serviceLogger->pushHandler(new \Monolog\Handler\StreamHandler($this->config->serviceLogFile, $logLevel));
+        $this->auditLogger = new \Monolog\Logger('auditLogger');
+        $this->auditLogger->pushHandler(new \Monolog\Handler\StreamHandler($this->config->auditLogFile, $logLevel));
+    }
+    private function setupDAO() {
+        $databaseConfig = $this->config->databaseConfig;
+        switch ($databaseConfig->dbtype) {
+            case 'MySQL':
+                $this->dao = new \RAP\MySQLDAO($databaseConfig);
+                break;
+            default:
+                throw new Exception($databaseConfig->dbtype . ' not supported yet');
+        }
+    }
+}
--- a/classes/MySQLDAO.php
+++ b/classes/MySQLDAO.php
@@ -38,8 +38,8 @@ class MySQLDAO implements DAO {
    }
    public function getDBHandler() {
-        $connectionString = "mysql:host=" . $this->config['hostname'] . ";dbname=" . $this->config['dbname'];
+        $connectionString = "mysql:host=" . $this->config->hostname . ";dbname=" . $this->config->dbname;
-        $dbh = new PDO($connectionString, $this->config['username'], $this->config['password']);
+        $dbh = new PDO($connectionString, $this->config->username, $this->config->password);
        // For transaction errors (see https://stackoverflow.com/a/9659366/771431)
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        return $dbh;
@@ -336,7 +336,7 @@ class MySQLDAO implements DAO {
        $dbh = $this->getDBHandler();
        // Load clients info
-        $queryClient = "SELECT id, name, icon, client, secret, redirect_url, scope FROM oauth2_client";
+        $queryClient = "SELECT id, title, icon, client, secret, redirect_url, scope FROM oauth2_client";
        $stmtClients = $dbh->prepare($queryClient);
        $stmtClients->execute();
@@ -345,7 +345,7 @@ class MySQLDAO implements DAO {
        foreach ($stmtClients->fetchAll() as $row) {
            $client = new OAuth2Client();
            $client->id = $row['id'];
-            $client->name = $row['name'];
+            $client->title = $row['title'];
            $client->icon = $row['icon'];
            $client->client = $row['client'];
            $client->secret = $row['secret'];
@@ -373,16 +373,16 @@ class MySQLDAO implements DAO {
        return $clients;
    }
-    function createOAuth2Client($client) {
+    function createOAuth2Client($client) : OAuth2Client {
        $dbh = $this->getDBHandler();
        try {
            $dbh->beginTransaction();
-            $stmt = $dbh->prepare("INSERT INTO `oauth2_client`(`name`, `icon`, `client`, `secret`, `redirect_url`, `scope`)"
+            $stmt = $dbh->prepare("INSERT INTO `oauth2_client`(`title`, `icon`, `client`, `secret`, `redirect_url`, `scope`)"
-                    . " VALUES(:name, :icon, :client, :secret, :redirect_url, :scope)");
+                    . " VALUES(:title, :icon, :client, :secret, :redirect_url, :scope)");
-            $stmt->bindParam(':name', $client->name);
+            $stmt->bindParam(':title', $client->title);
            $stmt->bindParam(':icon', $client->icon);
            $stmt->bindParam(':client', $client->client);
            $stmt->bindParam(':secret', $client->secret);
@@ -412,17 +412,17 @@ class MySQLDAO implements DAO {
        return $client;
    }
-    function updateOAuth2Client($client) {
+    function updateOAuth2Client($client) : OAuth2Client {
        $dbh = $this->getDBHandler();
        try {
            $dbh->beginTransaction();
-            $stmt = $dbh->prepare("UPDATE `oauth2_client` SET `name` = :name, `icon` = :icon, "
+            $stmt = $dbh->prepare("UPDATE `oauth2_client` SET `title` = :title, `icon` = :icon, "
                    . " `client` = :client, `secret` = :secret, `redirect_url` = :redirect_url, `scope` = :scope "
                    . " WHERE id = :id");
-            $stmt->bindParam(':name', $client->name);
+            $stmt->bindParam(':title', $client->title);
            $stmt->bindParam(':icon', $client->icon);
            $stmt->bindParam(':client', $client->client);
            $stmt->bindParam(':secret', $client->secret);
@@ -478,11 +478,11 @@ class MySQLDAO implements DAO {
        }
    }
-    function getOAuth2ClientByClientId($clientId) {
+    function getOAuth2ClientByClientId($clientId) : ?OAuth2Client {
        $dbh = $this->getDBHandler();
        // Load clients info
-        $queryClient = "SELECT id, name, icon, client, secret, redirect_url, scope FROM oauth2_client WHERE client = :client";
+        $queryClient = "SELECT id, title, icon, client, secret, redirect_url, scope FROM oauth2_client WHERE client = :client";
        $stmtClient = $dbh->prepare($queryClient);
        $stmtClient->bindParam(':client', $clientId);
        $stmtClient->execute();
@@ -500,7 +500,7 @@ class MySQLDAO implements DAO {
        $client = new OAuth2Client();
        $client->id = $row['id'];
-        $client->name = $row['name'];
+        $client->title = $row['title'];
        $client->icon = $row['icon'];
        $client->client = $row['client'];
        $client->secret = $row['secret'];

--- a/classes/OAuth2Client.php
+++ b/classes/OAuth2Client.php
@@ -27,16 +27,16 @@ namespace RAP;
 /**
 * Data model for storing information about a RAP client connecting using OAuth2.
 */
-class OAuth2Client {
+class OAuth2Client extends RAPClient {
    public $id;
-    public $name;
-    public $icon;
    public $client;
    public $secret;
    public $redirectUrl;
    public $scope;
-    // list of AuthN methods
-    public $authMethods = [];
+    public function getIconBasePath() {
+        return 'client-icons/';
+    }
 }
--- a/classes/OAuth2Data.php
+++ b/classes/OAuth2Data.php
@@ -4,9 +4,8 @@ namespace RAP;
 class OAuth2Data {
-    public $clientName;
-    public $clientIcon;
    public $clientId;
    public $redirectUrl;
+    public $state;
 }
--- a/classes/OAuth2RequestHandler.php
+++ b/classes/OAuth2RequestHandler.php
+<?php
+namespace RAP;
+class OAuth2RequestHandler {
+    private $locator;
+    public function __construct(\RAP\Locator $locator) {
+        $this->locator = $locator;
+    }
+    public function handleAuthorizeRequest() {
+        if (!isset($_REQUEST['client_id'])) {
+            throw new \RAP\BadRequestException("Client id is required");
+        }
+        if (!isset($_REQUEST['redirect_uri'])) {
+            throw new \RAP\BadRequestException("Redirect URI is required");
+        }
+        $clientId = $_REQUEST['client_id'];
+        $redirectUrl = $_REQUEST['redirect_uri'];
+        $client = $this->locator->getDAO()->getOAuth2ClientByClientId($clientId);
+        if ($client === null) {
+            throw new \RAP\BadRequestException("Invalid client id: " . $clientId);
+        }
+        if ($client->redirectUrl !== $redirectUrl) {
+            throw new \RAP\BadRequestException("Invalid client redirect URI: " . $redirectUrl);
+        }
+        $alg;
+        if (isset($_REQUEST['alg'])) {
+            $alg = $_REQUEST['alg'];
+        } else {
+            $alg = "RS256";
+        }
+        if (isset($_GET['code'])) {
+        } else {
+            $this->executeStateFlow($client);
+        }
+    }
+    private function executeStateFlow(OAuth2Client $client) {
+        if (!isset($_REQUEST['state'])) {
+            throw new \RAP\BadRequestException("State is required");
+        }
+        // Storing OAuth2 data in session
+        $oauth2Data = new \RAP\OAuth2Data();
+        $oauth2Data->clientId = $client->client;
+        $oauth2Data->redirectUrl = $client->redirectUrl;
+        $oauth2Data->state = $_REQUEST['state'];
+        $session = $this->locator->getSession();
+        $session->setOAuth2Data($oauth2Data);
+    }
+}
--- a/classes/RAPClient.php
+++ b/classes/RAPClient.php
+<?php
+namespace RAP;
+abstract class RAPClient {
+    public $title;
+    public $icon;
+    // list of AuthN methods supported by the client
+    public $authMethods = [];
+    public abstract function getIconBasePath();
+}
--- a/classes/SessionData.php
+++ b/classes/SessionData.php
@@ -30,10 +30,8 @@ namespace RAP;
 */
 class SessionData {
-    private $dao;
+    const KEY = "SessionData";
-    private $callbackURL;
-    private $callbackTitle;
-    private $callbackLogo;
    public $user;
    public $userSearchResults;
    public $x509DataToRegister;
@@ -43,73 +41,11 @@ class SessionData {
    public $userToLogin;
    public $oauth2Data;
-    /**
-     * @todo: move DAO away from here
-     */
-    public function __construct(DAO $dao) {
-        $this->dao = $dao;
-    }
    /**
     * Store the data into the $_SESSION PHP variable
     */
    public function save() {
-        $_SESSION['SessionData'] = $this;
+        $_SESSION[SessionData::KEY] = $this;
-    }
-    /**
-     * Retrieve the SessionData object from the $_SESSION PHP variable. Create a
-     * new one if it is necessary.
-     * @param \RAP\DAO $dao
-     * @return \RAP\SessionData the SessionData object
-     */
-    public static function get(DAO $dao) {
-        if (!isset($_SESSION['SessionData'])) {
-            $session = new SessionData($dao);
-            $session->save();
-        }
-        return $_SESSION['SessionData'];
-    }
-    public function setCallbackURL(CallbackHandler $callbackHandler, $callbackURL) {
-        $this->callbackURL = $callbackHandler->filterCallbackURL($callbackURL);
-        $this->callbackTitle = $callbackHandler->getCallbackTitle($callbackURL);
-        $this->callbackLogo = $callbackHandler->getCallbackLogo($callbackURL);
-        $this->save();
-    }
-    public function getCallbackURL() {
-        return $this->callbackURL;
-    }
-    public function getCallbackTitle() {
-        return $this->callbackTitle;
-    }
-    public function getCallbackLogo() {
-        return $this->callbackLogo;
-    }
-    /**
-     * Perform a user search and store the results inside the session. This is
-     * used for achieving the user selection using the dropdown menu in the join
-     * request modal.
-     * @param string $searchText
-     */
-    public function searchUser($searchText) {
-        $users = $this->dao->searchUser($searchText);
-        $this->userSearchResults = [];
-        foreach ($users as $user) {
-            // this search shouldn't contains the user itself
-            if ($user->id !== $this->user->id) {
-                $searchResult = UserSearchResult::buildFromUser($user);
-                array_push($this->userSearchResults, $searchResult);
-            }
-        }
-        $this->save();
    }
    /**
@@ -124,9 +60,13 @@ class SessionData {
        }
    }
-    public function setOAuth2Data($oauth2Data) {
+    public function setOAuth2Data(OAuth2Data $oauth2Data) {
        $this->oauth2Data = $oauth2Data;
        $this->save();
    }
+    public function getOAuth2Data(): ?OAuth2Data {
+        return $this->oauth2Data;
+    }
 }
--- a/classes/exceptions/BadRequestException.php
+++ b/classes/exceptions/BadRequestException.php
+<?php
+namespace RAP;
+class BadRequestException extends \Exception {
+    public $message;
+    public function __construct($message) {
+        $this->message = $message;
+    }
+}
--- a/composer.json
+++ b/composer.json
 {
+    "name": "ia2/rap",
+    "description": "Remote Authentication Portal",
+    "license": "GPL-3.0-or-later",
    "require": {
        "mikecao/flight": "1.3.2",
        "google/apiclient": "2.1.3",
        "facebook/graph-sdk": "^5.5",
        "monolog/monolog": "^1.22",
        "phpmailer/phpmailer": "^6.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^8.2"
+    },
+    "autoload": {
+        "classmap": [
+            "classes/"
+        ]
    }
 }
--- a/config-example.json
+++ b/config-example.json
+{
+    "contextRoot": "/rap-ia2",
+    "serviceLogFile": "/var/www/html/rap-ia2/logs/rap-service.log",
+    "auditLogFile": "/var/www/html/rap-ia2/logs/rap-audit.log",
+    "timeZone": "Europe/Rome",
+    "logLevel": "DEBUG",
+    "databaseConfig": {
+        "dbtype": "MySQL",
+        "hostname": "localhost",
+        "port": 3306,
+        "username": "rap",
+        "password": "XXXXXX",
+        "dbname": "rap"
+    },
+    "authenticationMethods": {
+        "eduGAIN": {},
+        "Google": {
+            "id": "XXXXXX",
+            "secret": "XXXXXX",
+            "callback": "/auth/social/google_token.php"
+        },
+        "Facebook": {
+            "id": "XXXXXX",
+            "secret": "XXXXXX",
+            "version": "v3.0",
+            "callback": "/auth/social/facebook_token.php"
+        },
+        "LinkedIn": {
+            "id": "XXXXXX",
+            "secret": "XXXXXX",
+            "callback": "/auth/social/linkedin_token.php"
+        },
+        "X.509": {},
+        "DirectIdP": {
+            "url": "https://sso.ia2.inaf.it/Shibboleth.sso/Login?entityID=https://sso.ia2.inaf.it/idp/shibboleth&target=https://sso.ia2.inaf.it/rap-ia2/auth/saml2/aai.php",
+            "logo": "img/ia2-logo-60x60.png",
+            "logo_alt": "IA2 logo",
+            "description": "Use the IA2 Logo to Login if you have an account provided by IA2 or self registered"
+        }
+    }
+}
\ No newline at end of file
--- a/include/front-controller.php
+++ b/include/front-controller.php
@@ -3,7 +3,7 @@
 /**
 * Front Controller using http://flightphp.com/
 * In all these calls user session must exist, so we have to start it at the 
- * beginning using the startSession() function.
+ * beginning using the session_start() function.
 */
 //
@@ -22,25 +22,52 @@ function setCallback($callback) {
 * services list if a valid callback is not found
 */
 Flight::route('/', function() {
-    startSession();
-    $callback = setCallback(Flight::request()->data['callback']);
+    session_start();
-    global $session, $callbackHandler, $BASE_PATH, $AUTHENTICATION_METHODS, $VERSION;
+    global $locator;
-    if ($callback === null && $session->user === null) {
+    $action = Flight::request()->query['action'];
+    switch ($action) {
+        case "oaut2client":
+            $clientId = $locator->getSession()->getOAuth2Data()->clientId;
+            $client = $locator->getDAO()->getOAuth2ClientByClientId($clientId);
+            $authPageModel = new \RAP\AuthPageModel($locator, $client);
+            renderMainPage($authPageModel);
+            break;
+        default:
            Flight::render('services-list.php', array('title' => 'RAP',
-            'version' => $VERSION,
+                'version' => $locator->getVersion(),
-            'action' => $BASE_PATH . '/'));
+                'action' => $locator->getBasePath() . '/'));
-    } else if ($callback !== null && $session->user !== null) {
+            break;
-        $redirectURL = $callbackHandler->getLoginWithTokenURL($session->user->id, $callback);
-        Flight::redirect($redirectURL);
-    } else {
-        Flight::render('index.php', array('title' => 'RAP',
-            'version' => $VERSION,
-            'session' => $session, 'auth' => $AUTHENTICATION_METHODS));
    }
 });
+function renderMainPage(RAP\AuthPageModel $authPageModel) {
+    global $locator;
+    Flight::render('main-page.php', array('title' => 'RAP',
+        'version' => $locator->getVersion(), 'model' => $authPageModel));
+}
+Flight::route('/oauth2/authorize', function() {
+    session_start();
+    global $locator;
+    $requestHandler = new \RAP\OAuth2RequestHandler($locator);
+    $requestHandler->handleAuthorizeRequest();
+    Flight::redirect('/?action=oaut2client');
+});
+Flight::route('GET /admin', function() {
+    session_start();
+    global $locator;
+});
 Flight::route('GET /logout', function() {
-    startSession();
+    session_start();
    session_destroy();
    Flight::redirect('/');
 });
@@ -73,77 +100,13 @@ Flight::route('/x509', function() {
    sendAuthRedirect('/auth/x509/certlogin.php');
 });
-Flight::route('/direct', function() {
+Flight::route('/local', function() {
    global $AUTHENTICATION_METHODS;
    sendAuthRedirect($AUTHENTICATION_METHODS['DirectIdP']['url']);
 });
 /**
- * Render the join confirmation page (confirmation link received by email).
+ * Render the page for selecting the correct name and username from candidates
- */
-Flight::route('GET /confirm-join', function() {
-    $token = Flight::request()->query['token'];
-    if ($token === null) {
-        http_response_code(422);
-        die("Token not found");
-    }
-    global $dao, $VERSION;
-    $userIds = $dao->findJoinRequest($token);
-    if ($userIds === null) {
-        http_response_code(422);
-        die("Invalid token");
-    }
-    $applicantUser = $dao->findUserById($userIds[0]);
-    $targetUser = $dao->findUserById($userIds[1]);
-    Flight::render('confirm-join.php', array('title' => 'RAP',
-        'version' => $VERSION,
-        'token' => $token,
-        'applicantUser' => $applicantUser,
-        'targetUser' => $targetUser));
-});
-/**
- * Confirm a join and show the page containing the operation status.
- */
-Flight::route('POST /confirm-join', function() {
-    global $dao, $userHandler, $auditLog;
-    $token = Flight::request()->data['token'];
-    if ($token === null) {
-        http_response_code(422);
-        die("Token not found");
-    }
-    $userIds = $dao->findJoinRequest($token);
-    if ($userIds === null) {
-        http_response_code(422);
-        die("Invalid token");
-    }
-    $auditLog->info("JOIN," . $userIds[0] . "," . $userIds[1]);
-    $userHandler->joinUsers($userIds[0], $userIds[1]);
-    $dao->deleteJoinRequest($token);
-    // Force user to relogin to see changes to him/her identities
-    session_start();
-    session_destroy();
-    global $BASE_PATH, $VERSION;
-    Flight::render('join-success.php', array('title' => 'Success - RAP Join Request',
-        'version' => $VERSION,
-        'basePath' => $BASE_PATH));
-});
-/**
- * Render the page for selecting th correct name and username from candidates
 * list during a X.509 registration.
 */
 Flight::route('GET /x509-name-surname', function() {

--- a/include/init.php
+++ b/include/init.php
@@ -24,7 +24,6 @@
 /**
 * Initialization file called by all the other pages.
- * Probably some global variables should be removed from here.
 */
 define('ROOT', dirname(dirname(__FILE__)));
@@ -40,31 +39,9 @@ spl_autoload_register(function ($class_name) {
 // Loading dependecy classes
 include ROOT . '/vendor/autoload.php';
-// Loading configuration
-include ROOT . '/config.php';
-// Setup logging
-// Monolog require timezone to be set
-date_default_timezone_set("Europe/Rome");
-$log = new Monolog\Logger('mainLogger');
-$log->pushHandler(new Monolog\Handler\StreamHandler($LOG_PATH, $LOG_LEVEL));
-$auditLog = new Monolog\Logger('auditLogger');
-$auditLog->pushHandler(new Monolog\Handler\StreamHandler($AUDIT_LOG_PATH, $LOG_LEVEL));
-switch ($DATABASE['dbtype']) {
-    case 'MySQL':
-        $dao = new RAP\MySQLDAO($DATABASE);
-        break;
-    default:
-        throw new Exception($DATABASE['dbtype'] . ' not supported yet');
-}
-$callbackHandler = new RAP\CallbackHandler($dao, $BASE_PATH, $CALLBACKS);
+// Loading configuration
-$userHandler = new RAP\UserHandler($dao, $GROUPER);
+$config = json_decode(file_get_contents(ROOT . '/config.json'));
-$mailSender = new RAP\MailSender($_SERVER['HTTP_HOST'], $BASE_PATH);
-function startSession() {
+// Generating locator (global registry)
-    session_start();
+$locator = new \RAP\Locator($config);
-    global $session, $dao;
-    $session = RAP\SessionData::get($dao);
-}
--- a/js/admin.js
+++ b/js/admin.js
@@ -38,7 +38,7 @@
                if (client.id === null) {
                    deleteOAuth2Client();
                } else {
-                    $('#client-to-delete').text(client.name);
+                    $('#client-to-delete').text(client.title);
                    $('#confirm-delete-client-modal').modal('show');
                }
            }
@@ -48,7 +48,7 @@
    function getNewClient() {
        var client = {
            id: null,
-            name: null,
+            title: null,
            icon: null,
            client: null,
            secret: null,