Merge pull request #168 from BaranekD/wayf_sp_name

Dominik František Bučík · web-flow · commit 40e1acf9190f · 2021-11-24T10:01:59.000+01:00
feat: WAYF displays a name of the service
diff --git a/config-templates/module_perun.php b/config-templates/module_perun.php
@@ -261,6 +261,9 @@
                 'entityIds' => [],
             ],
         ],
+        'display_sp_name' => false,
+        // interface needed just in case of display_sp_name => true
+        'interface' => 'rpc',
     ],
 
     'warning_test_sp_config' => [
diff --git a/config-templates/perun_attributes.php b/config-templates/perun_attributes.php
@@ -22,6 +22,11 @@
         'ldap' => 'dynamicRegistration',
         'type' => 'bool',
     ],
+    'perunFacilityAttr_entityID' => [
+        'rpc' => 'urn:perun:facility:attribute-def:def:entityID',
+        'ldap' => 'entityID',
+        'type' => 'string',
+    ],
     'perunFacilityAttr_OIDCClientID' => [
         'rpc' => 'urn:perun:facility:attribute-def:def:OIDCClientID',
         'ldap' => 'OIDCClientID',
@@ -62,6 +67,11 @@
         'ldap' => 'capabilities',
         'type' => 'map',
     ],
+    'perunFacilityAttr_spname' => [
+        'rpc' => 'urn:perun:facility:attribute-def:def:serviceName',
+        'ldap' => 'serviceName',
+        'type' => 'map',
+    ],
 
     /*
      * USER ATTRIBUTES
diff --git a/dictionaries/disco.definition.json b/dictionaries/disco.definition.json
@@ -1,7 +1,11 @@
 {
   "header": {
     "en": "Choose how to log in",
-    "cs": "Vyberte čím se chcete přihlásit"
+    "cs": "Vyberte, čím se chcete přihlásit"
+  },
+  "header_display_service": {
+    "en": "to the service",
+    "cs": "ke službě"
   },
   "institutional_account": {
     "en": "your institutional account",
diff --git a/lib/Adapter.php b/lib/Adapter.php
@@ -126,10 +126,18 @@ abstract public function getVoAttributesValues($vo, $attributes);
     abstract public function getFacilityAttribute($facility, $attrName);
 
     /**
-     * @param string $spEntityId
+     * @param string $spEntityId Value of the entityID identifier
      * @return Facility facility
      */
-    abstract public function getFacilityByEntityId($spEntityId);
+    abstract public function getFacilityByEntityId($spEntityId, $entityIdAttr);
+
+    /**
+     * @param string $clientId Value of the client_id identifier
+     * @param string $clientIdAttr Internal name of the client_id attribute, defaults to 'perunFacilityAttr_OIDCClientID'
+     * this key has to be present in the attribute map configuration (see perun_attributes.php config template)
+     * @return Facility facility
+     */
+    abstract public function getFacilityByClientId($clientId, $clientIdAttr);
 
     /**
      * @param string $spEntityId entity id of the sp
diff --git a/lib/AdapterLdap.php b/lib/AdapterLdap.php
@@ -284,11 +284,15 @@ public function getFacilitiesByEntityId($spEntityId)
         return $this->fallbackAdapter->getFacilitiesByEntityId($spEntityId);
     }
 
-    public function getFacilityByEntityId($spEntityId)
+    public function getFacilityByEntityId($spEntityId, $entityIdAttr = 'perunFacilityAttr_entityID')
     {
+        $attrName = AttributeUtils::getLdapAttrName($entityIdAttr);
+        if (empty($attributeName)) {
+            throw new Exception("No attribute configuration in LDAP found for attribute ${entityIdAttr}");
+        }
         $ldapResult = $this->connector->searchForEntity(
             $this->ldapBase,
-            '(&(objectClass=perunFacility)(entityID=' . $spEntityId . '))',
+            "(&(objectClass=perunFacility)(${attrName}=${spEntityId}))",
             [self::PERUN_FACILITY_ID, self::CN, self::DESCRIPTION]
         );
 
@@ -307,6 +311,33 @@ public function getFacilityByEntityId($spEntityId)
         return $facility;
     }
 
+    public function getFacilityByClientId($clientId, $clientIdAttr = 'perunFacilityAttr_OIDCClientID')
+    {
+        $attrName = AttributeUtils::getLdapAttrName($clientIdAttr);
+        if (empty($attributeName)) {
+            throw new Exception("No attribute configuration in LDAP found for attribute ${clientIdAttr}");
+        }
+        $ldapResult = $this->connector->searchForEntity(
+            $this->ldapBase,
+            "(&(objectClass=perunFacility)(${attrName}=${clientId}))",
+            [self::PERUN_FACILITY_ID, self::CN, self::DESCRIPTION]
+        );
+
+        if (empty($ldapResult)) {
+            Logger::warning('perun:AdapterLdap: No facility with clientId \'' . $clientId . '\' found.');
+            return null;
+        }
+
+        $facility = new Facility(
+            $ldapResult[self::PERUN_FACILITY_ID][0],
+            $ldapResult[self::CN][0],
+            $ldapResult[self::DESCRIPTION][0],
+            $clientId
+        );
+
+        return $facility;
+    }
+
     public function getEntitylessAttribute($attrName)
     {
         return $this->fallbackAdapter->getEntitylessAttribute($attrName);
diff --git a/lib/AdapterRpc.php b/lib/AdapterRpc.php
@@ -323,9 +323,10 @@ public function getFacilityAdmins($facility)
 
     public function getFacilityAttribute($facility, $attrName)
     {
+        $attrNameRpc = AttributeUtils::getRpcAttrName($attrName);
         $perunAttr = $this->connector->get('attributesManager', 'getAttribute', [
             'facility' => $facility->getId(),
-            'attributeName' => $attrName,
+            'attributeName' => $attrNameRpc,
         ]);
 
         return $perunAttr['value'];
@@ -368,10 +369,14 @@ public function getUsersGroupsOnFacility($spEntityId, $userId)
         return $this->removeDuplicateEntities($groups);
     }
 
-    public function getFacilityByEntityId($spEntityId)
+    public function getFacilityByEntityId($spEntityId, $entityIdAttr = 'perunFacilityAttr_entityID')
     {
+        $attributeName = AttributeUtils::getRpcAttrName($entityIdAttr);
+        if (empty($attributeName)) {
+            throw new Exception("No attribute configuration in RPC found for attribute ${entityIdAttr}");
+        }
         $perunAttr = $this->connector->get('facilitiesManager', 'getFacilitiesByAttribute', [
-            'attributeName' => 'urn:perun:facility:attribute-def:def:entityID',
+            'attributeName' => $attributeName,
             'attributeValue' => $spEntityId,
         ]);
 
@@ -390,6 +395,30 @@ public function getFacilityByEntityId($spEntityId)
         return new Facility($perunAttr[0]['id'], $perunAttr[0]['name'], $perunAttr[0]['description'], $spEntityId);
     }
 
+    public function getFacilityByClientId($clientId, $clientIdAttr = 'perunFacilityAttr_OIDCClientID')
+    {
+        $attributeName = AttributeUtils::getRpcAttrName($clientIdAttr);
+        if (empty($attributeName)) {
+            throw new Exception("No attribute configuration in RPC found for attribute ${clientIdAttr}");
+        }
+        $perunAttr = $this->connector->get('facilitiesManager', 'getFacilitiesByAttribute', [
+            'attributeName' => $attributeName,
+            'attributeValue' => $clientId,
+        ]);
+
+        if (empty($perunAttr)) {
+            Logger::warning('perun:AdapterRpc: No facility with clientId \'' . $clientId . '\' found.');
+            return null;
+        }
+
+        if (count($perunAttr) > 1) {
+            Logger::warning('perun:AdapterRpc: There is more than one facility with clientId \'' . $clientId . '.');
+            return null;
+        }
+
+        return new Facility($perunAttr[0]['id'], $perunAttr[0]['name'], $perunAttr[0]['description'], $clientId);
+    }
+
     /**
      * Returns member by User and Vo
      *
diff --git a/lib/Disco.php b/lib/Disco.php
@@ -33,6 +33,10 @@ class Disco extends PowerIdPDisco
     # ROOT CONFIGURATION ENTRY
     public const WAYF = 'wayf_config';
 
+    public const INTERFACE = 'interface';
+
+    public const RPC = 'rpc';
+
     # CONFIGURATION ENTRIES
     public const BOXED = 'boxed';
 
@@ -42,6 +46,8 @@ class Disco extends PowerIdPDisco
 
     public const DISABLE_WHITELISTING = 'disable_whitelisting';
 
+    public const DISPLAY_SP = 'display_sp_name';
+
     # CONFIGURATION ENTRIES IDP BLOCKS
     public const IDP_BLOCKS = 'idp_blocks_config';
 
@@ -121,6 +127,22 @@ class Disco extends PowerIdPDisco
 
     public const SAML_SP_SSO = 'saml:sp:sso';
 
+    public const NAME = 'name';
+
+    # DISPLAY SERVICE NAME KEYS
+
+    public const CLIENT_ID_PREFIX = 'urn:cesnet:proxyidp:client_id:';
+
+    public const SERVICE_NAME_ATTR = 'service_name_attr';
+
+    public const SERVICE_NAME_DEFAULT_ATTR_NAME = 'perunFacilityAttr_spname';
+
+    public const CLIENT_ID_ATTR = 'client_id_attr';
+
+    public const ENTITY_ID_ATTR = 'entity_id_attr';
+
+    # VARIABLES
+
     private $originalsp;
 
     private array $originalAuthnContextClassRef = [];
@@ -129,6 +151,12 @@ class Disco extends PowerIdPDisco
 
     private $perunModuleConfiguration;
 
+    private $displaySpName;
+
+    private $spName;
+
+    private $adapter;
+
     private $proxyIdpEntityId;
 
     public function __construct(array $metadataSets, $instance)
@@ -156,12 +184,14 @@ public function __construct(array $metadataSets, $instance)
             if ($state !== null) {
                 if (isset($state[self::SAML_REQUESTED_AUTHN_CONTEXT][self::AUTHN_CONTEXT_CLASS_REF])) {
                     $this->originalAuthnContextClassRef = $state[self::SAML_REQUESTED_AUTHN_CONTEXT][self::AUTHN_CONTEXT_CLASS_REF];
+
                     $this->removeAuthContextClassRefWithPrefixes($state);
                     if (isset($state['IdPMetadata']['entityid'])) {
                         $this->proxyIdpEntityId = $state['IdPMetadata']['entityid'];
                     }
                     State::saveState($state, self::SAML_SP_SSO);
                 }
+
                 $e = explode('=', $returnURL)[0];
                 $newReturnURL = $e . '=' . urlencode($id);
                 $_GET[self::RETURN] = $newReturnURL;
@@ -239,6 +269,11 @@ public function handleRequest()
         }
 
         $t = new DiscoTemplate($this->config);
+        $this->displaySpName = $this->wayfConfiguration->getBoolean(self::DISPLAY_SP, false);
+        if ($this->displaySpName) {
+            $this->fillSpName($t);
+        }
+
         $t->data[self::ORIGINAL_SP] = $this->originalsp;
         $t->data[self::IDP_LIST] = $this->idplistStructured($idpList);
         $t->data[self::PREFERRED_IDP] = $preferredIdP;
@@ -248,6 +283,8 @@ public function handleRequest()
         $t->data[self::AUTHN_CONTEXT_CLASS_REF] = $this->originalAuthnContextClassRef;
         $t->data[self::WARNING_ATTRIBUTES] = $warningAttributes;
         $t->data[self::WAYF] = $this->wayfConfiguration;
+        $t->data[self::NAME] = $this->spName;
+        $t->data[self::DISPLAY_SP] = $this->displaySpName;
         $t->show();
     }
 
@@ -844,4 +881,73 @@ private static function constructSearchData($idpMetadata): string
 
         return strtolower(str_replace('"', '', iconv('UTF-8', 'US-ASCII//TRANSLIT', $res)));
     }
+
+    private static function substrInArray($needle, array $haystack)
+    {
+        foreach ($haystack as $item) {
+            if (strpos($item, $needle) !== false) {
+                return $item;
+            }
+        }
+
+        return null;
+    }
+
+    private function fillSpName($t)
+    {
+        $clientIdWithPrefix = self::substrInArray(self::CLIENT_ID_PREFIX, $this->originalAuthnContextClassRef);
+
+        $this->adapter = Adapter::getInstance($this->wayfConfiguration->getString(self::INTERFACE, self::RPC));
+        try {
+            if ($clientIdWithPrefix !== null) {
+                $parts = explode(':', $clientIdWithPrefix);
+                $clientId = end($parts);
+
+                $clientIdAttr = $this->wayfConfiguration->getString(self::CLIENT_ID_ATTR, null);
+                if ($clientIdAttr === null) {
+                    $facility = $this->adapter->getFacilityByClientId($clientId);
+                } else {
+                    $facility = $this->adapter->getFacilityByClientId($clientId, $clientIdAttr);
+                }
+
+                if ($facility !== null) {
+                    $spNameAttrName = $this->wayfConfiguration->getString(
+                        self::SERVICE_NAME_ATTR,
+                        self::SERVICE_NAME_DEFAULT_ATTR_NAME
+                    );
+                    $spNameMap = $this->adapter->getFacilityAttribute($facility, $spNameAttrName);
+                    if (! empty($spNameMap)) {
+                        $this->spName = $t->getTranslation($spNameMap);
+                    }
+                }
+            } else {
+                $entityId = $this->originalsp['entityid'];
+                $entityIdAttr = $this->wayfConfiguration->getString(self::ENTITY_ID_ATTR, null);
+                if ($entityIdAttr === null) {
+                    $facility = $this->adapter->getFacilityByEntityId($entityId);
+                } else {
+                    $facility = $this->adapter->getFacilityByEntityId($entityId, $entityIdAttr);
+                }
+
+                if ($facility !== null) {
+                    $spNameAttr = $this->wayfConfiguration->getString(
+                        self::SERVICE_NAME_ATTR,
+                        self::SERVICE_NAME_DEFAULT_ATTR_NAME
+                    );
+                    $spNameMap = $this->adapter->getFacilityAttribute($facility, $spNameAttr);
+                    if (! empty($spNameMap)) {
+                        $this->spName = $t->getTranslation($spNameMap);
+                    }
+                }
+                if (empty($entityId)) {
+                    if (! empty($this->originalsp[self::NAME])) {
+                        $this->spName = $t->translate->getTranslation($this->originalsp[self::NAME]);
+                    }
+                }
+            }
+        } catch (\Exception $e) {
+            Logger::warning("Fill SP name - caught exception ${e}");
+            //OK, we will just display the disco
+        }
+    }
 }
diff --git a/themes/perun/perun/disco-tpl.php b/themes/perun/perun/disco-tpl.php
@@ -29,6 +29,8 @@
     Module::getModuleUrl('perun/res/css/disco.css') . '" />';
 
 $wayfConfig = $this->data[Disco::WAYF];
+$displaySpName = $this->data[Disco::DISPLAY_SP];
+$spName = $this->data[Disco::NAME];
 
 $translateModule = $wayfConfig->getString(Disco::TRANSLATE_MODULE, 'disco');
 $addInstitutionConfig = $wayfConfig->getConfigItem(Disco::ADD_INSTITUTION, null);
@@ -55,6 +57,10 @@
     $this->data['header'] = $this->t('{perun:disco:add_institution}');
 } else {
     $this->data['header'] = $this->t('{perun:disco:header}');
+
+    if ($displaySpName && ! empty($spName)) {
+        $this->data['header'] .= ' ' . $this->t('{perun:disco:header_display_service}') . ' ' . $spName;
+    }
 }
 
 $this->includeAtTemplateBase('includes/header.php');
