Merge pull request #33 from pajavyskocil/fixGetPerunUser

Changed login and registration process

Author: tauceti2

CHANGELOG.md

@@ -4,13 +4,18 @@ All notable changes to this project will be documented in this file.
  ## [Unreleased]
  [Added]
  - Added badges to README
- - Added new property to Facility model: description
  - Added page with configurable table of SPs on Proxy
+ - Added new model Member
+ - Added new model Resource
+ - New methods for getting data from Perun LDAP and Perun RPC
 
-[Changed]
-- Connectors methods are not static for now.
-- Added constructors to Adapters, which allows specified config file for each connections.
-- New properties voId and uniqueName in Group model
+ [Changed]
+ - Connectors methods are not static for now.
+ - Added constructors to Adapters, which allows specified config file for each connections.
+ - New properties voId and uniqueName in Group model
+ - Function getSpGroup require only one param($spEntityId)
+ - Function unauthorize in PerunIdentity is now public
+ - Changed the login and registration process
 
  ## [v1.0.0]
 

config-templates/processFilterConfigurations-example.md

@@ -1,3 +1,27 @@
+## PerunIdentity
+
+Example how to configure PerunIdentity module:
+```php
+24 => array(
+        'class' => 'perun:ProxyFilter',
+        'filterSPs' => $perunEntityIds,
+        'config' => array(
+                'class' => 'perun:PerunIdentity',
+                'uidsAttr' => array('eduPersonUniqueId', 'eduPersonPrincipalName', 'eduPersonTargetedIDString', 'nameid', 'uid'),
+                'voShortName' => 'einfra',
+                'registerUrlBase' => 'https://perun.cesnet.cz/allfed/registrar',
+                'registerUrl' => 'https://login.cesnet.cz/register',
+                'interface' => 'ldap',
+                'facilityCheckGroupMembershipAttr' => 'urn:perun:facility:attribute-def:def:checkGroupMembership',
+                'facilityVoShortNamesAttr' => 'urn:perun:facility:attribute-def:virt:voShortNames',
+                'facilityDynamicRegistrationAttr' => 'urn:perun:facility:attribute-def:def:dynamicRegistration',
+                'facilityRegisterUrlAttr' => 'urn:perun:facility:attribute-def:def:registerUrl',
+                'facilityAllowRegistrationToGroups' => 'urn:perun:facility:attribute-def:def:allowRegistration',
+        ),
+),
+```
+
+
 ## IdPAttribute
 
 Example how to enable filter IdPAttribute:

dictionaries/perun.definition.json

@@ -1,11 +1,27 @@
 {
-  "choose-group-tpl_header": {
-	"en": "Select group which fits you most",
-	"cs": "Vyberte si odpovídající skupinu"
+  "choose-vo-and-group-tpl_header": {
+    "en": "Access forbidden",
+    "cs": "Přístup odepřen"
   },
-  "choose-group-tpl_text": {
-	"en": "It will give you access to the requested service.",
-	"cs": "Získáte tak přístup k požadované službě."
+  "choose-vo-and-group-tpl_text": {
+    "en": "You don't meet the prerequisites for accessing the service: ",
+    "cs": "Nesplňujete prerekvizity pro přístup ke službě: "
+  },
+  "choose-vo-and-group-tpl_message": {
+    "en": "To access the service it is necessary to have a valid membership in one of the following groups. Please proceed with selection of organization and group for registration.",
+    "cs": "Pro získání přístupu k dané službě je nutné se zaregistrovat do jedné z následujících skupin. Pokračujte výběrem příslušné organizace a skupiny."
+  },
+  "choose-vo-and-group-tpl_select-vo": {
+	"en": "Select virtual organization for registration: ",
+	"cs": "Vyberte virtuální organizaci: "
+  },
+  "choose-vo-and-group-tpl_select-group": {
+    "en": "Select group for registration: ",
+    "cs": "Vyberte skupinu pro registraci: "
+  },
+  "choose-vo-and-group-tpl_continue": {
+    "en": "Continue",
+    "cs": "Pokračovat"
   },
   "disco-tpl_previous-selection": {
 	"en": "your previous selection",
@@ -63,6 +79,10 @@
     "en": "Go back to ",
     "cs": "Vraťte se zpět na "
   },
+  "unauthorized-access_redirect_to_registration": {
+    "en": "Now you will be redirected to registration to Perun system.",
+    "cs": "Nyní budete přesměrování na registraci do systému Perun."
+  },
   "listOfSps_header": {
     "en": "List of Service providers",
     "cs": "Seznam služeb"

lib/Adapter.php

@@ -55,6 +55,13 @@ public abstract function getGroupByName($vo, $name);
 	 */
 	public abstract function getVoByShortName($voShortName);
 
+	/**
+	 * @param integer $id
+	 * @return sspmod_perun_model_Vo
+	 * @throws SimpleSAML_Error_Exception if does not exists
+	 */
+	public abstract function getVoById($id);
+
 	/**
 	 * @param sspmod_perun_model_User $user perun user
 	 * @param sspmod_perun_model_Vo $vo vo we are working with.
@@ -64,11 +71,10 @@ public abstract function getMemberGroups($user, $vo);
 
 	/**
 	 * @param string $spEntityId entity id of the sp
-	 * @param sspmod_perun_model_Vo $vo
 	 * @return sspmod_perun_model_Group[] from vo which are assigned to all facilities with spEntityId.
 	 * registering to those groups should should allow access to the service
 	 */
-	public abstract function getSpGroups($spEntityId, $vo);
+	public abstract function getSpGroups($spEntityId);
 
 	/**
 	 * @param sspmod_perun_model_User $user

lib/AdapterLdap.php

@@ -100,7 +100,7 @@ public function getMemberGroups($user, $vo)
 	}
 
 
-	public function getSpGroups($spEntityId, $vo)
+	public function getSpGroups($spEntityId)
 	{
 		$resources = $this->connector->searchForEntities($this->ldapBase,
 			"(&(objectClass=perunResource)(entityID=$spEntityId))",
@@ -109,15 +109,17 @@ public function getSpGroups($spEntityId, $vo)
 
 		$groups = array();
 		foreach ($resources as $resource) {
-			foreach ($resource['assignedGroupId'] as $groupId) {
-				$group = $this->connector->searchForEntity("perunGroupId=$groupId,perunVoId=" . $resource['perunVoId'][0] . "," . $this->ldapBase,
-					"(objectClass=perunGroup)",
-					array("perunGroupId", "cn", "perunUniqueGroupName", "perunVoId", "description")
-				);
-				array_push($groups, new sspmod_perun_model_Group($group['perunGroupId'][0], $group['perunVoId'][0], $group['cn'], $group['perunUniqueGroupName'][0], $group['description'][0]));
+			if (isset($resource['assignedGroupId'])) {
+				foreach ($resource['assignedGroupId'] as $groupId) {
+					$group = $this->connector->searchForEntity("perunGroupId=$groupId,perunVoId=" . $resource['perunVoId'][0] . "," . $this->ldapBase,
+						"(objectClass=perunGroup)",
+						array("perunGroupId", "cn", "perunUniqueGroupName", "perunVoId", "description")
+					);
+					array_push($groups, new sspmod_perun_model_Group($group['perunGroupId'][0], $group['perunVoId'][0], $group['cn'], $group['perunUniqueGroupName'][0], $group['description'][0]));
+				}
 			}
-		}
 
+		}
 		$groups = $this->removeDuplicateEntities($groups);
 
 		return $groups;
@@ -151,6 +153,19 @@ public function getVoByShortName($voShortName)
 		return new sspmod_perun_model_Vo($vo['perunVoId'][0], $vo['description'][0], $vo['o'][0]);
 	}
 
+	public function getVoById($id)
+	{
+		$vo = sspmod_perun_LdapConnector::searchForEntity($this->ldapBase,
+			"(&(objectClass=perunVo)(perunVoId=$id))",
+			array("o", "description")
+		);
+		if (is_null($vo)) {
+			throw new SimpleSAML_Error_Exception("Vo with id: $id does not exists in Perun LDAP.");
+		}
+
+		return new sspmod_perun_model_Vo($id, $vo['description'][0], $vo['o'][0]);
+	}
+
 
 	public function getUserAttributes($user, $attrNames)
 	{

lib/AdapterRpc.php

@@ -104,46 +104,37 @@ public function getMemberGroups($user, $vo)
 	}
 
 
-	public function getSpGroups($spEntityId, $vo)
+	public function getSpGroups($spEntityId)
 	{
-		$resources = $this->connector->get('resourcesManager', 'getResources', array(
-			'vo' => $vo->getId(),
+		$perunAttr = $this->connector->get('facilitiesManager', 'getFacilitiesByAttribute', array(
+			'attributeName' => 'urn:perun:facility:attribute-def:def:entityID',
+			'attributeValue' => $spEntityId,
+		))[0];
+		$facility = new sspmod_perun_model_Facility($perunAttr['id'], $perunAttr['name'], $perunAttr['description'], $spEntityId);
+
+		$perunAttrs = $this->connector->get('facilitiesManager', 'getAssignedResources', array(
+			'facility' => $facility->getId(),
 		));
 
-		$spFacilityIds = array();
-		$spResources = array();
-		foreach ($resources as $resource) {
-			if (!array_key_exists($resource['facilityId'], $spFacilityIds)) {
-				$attribute = $this->connector->get('attributesManager', 'getAttribute', array(
-					'facility' => $resource['facilityId'],
-					'attributeName' => 'urn:perun:facility:attribute-def:def:entityID',
-				));
-				if ($attribute['value'] === $spEntityId) {
-					$spFacilityIds[$resource['facilityId']] = true;
-				} else {
-					$spFacilityIds[$resource['facilityId']] = false;
-				}
-			}
-			if ($spFacilityIds[$resource['facilityId']]) {
-				array_push($spResources, $resource);
-			}
+		$resources = array();
+		foreach ($perunAttrs as $perunAttr) {
+			array_push($resources, new sspmod_perun_model_Resource($perunAttr['id'], $perunAttr['voId'], $perunAttr['facilityId'], $perunAttr['name']));
 		}
 
 		$spGroups = array();
-		foreach ($spResources as $spResource) {
+		foreach ($resources as $resource) {
 			$groups = $this->connector->get('resourcesManager', 'getAssignedGroups', array(
-				'resource' => $spResource['id'],
+				'resource' => $resource->getId(),
 			));
-			$convertedGroups = array();
+
 			foreach ($groups as $group) {
 				$attr = $this->connector->get('attributesManager', 'getAttribute', array(
 					'group' => $group['id'],
 					'attributeName' => 'urn:perun:group:attribute-def:virt:voShortName'
 				));
 				$uniqueName = $attr['value'] . ":" . $group['name'];
-				array_push($convertedGroups, new sspmod_perun_model_Group($group['id'], $group['voId'], $group['name'], $uniqueName, $group['description']));
+				array_push($spGroups, new sspmod_perun_model_Group($group['id'],$group['voId'], $group['name'], $uniqueName, $group['description']));
 			}
-			$spGroups = array_merge($spGroups, $convertedGroups);
 		}
 
 		$spGroups = $this->removeDuplicateEntities($spGroups);
@@ -176,6 +167,14 @@ public function getVoByShortName($voShortName)
 		return new sspmod_perun_model_Vo($vo['id'], $vo['name'], $vo['shortName']);
 	}
 
+	public function getVoById($id)
+	{
+		$vo = $this->connector->get('vosManager', 'getVoById', array(
+			'id' => $id,
+		));
+
+		return new sspmod_perun_model_Vo($vo['id'], $vo['name'], $vo['shortName']);
+	}
 
 	public function getUserAttributes($user, $attrNames)
 	{
@@ -300,6 +299,40 @@ public function getFacilitiesByEntityId($spEntityId)
 		return $facilities;
 	}
 
+	/**
+	 * Returns member by User and Vo
+	 * @param sspmod_perun_model_User $user
+	 * @param sspmod_perun_model_Vo $vo
+	 * @return sspmod_perun_model_Member
+	 */
+	public function getMemberByUser($user, $vo) {
+		$member = $this->connector->get('membersManager', 'getMemberByUser', array(
+			'user' => $user->getId(),
+			'vo' => $vo->getId(),
+		));
+		if (is_null($member)) {
+			throw new SimpleSAML_Error_Exception("Member for User with name " . $user->getName() . " and Vo with shortName " .
+			$vo->getShortName() . "does not exist in Perun!");
+		}
+		return new sspmod_perun_model_Member($member['id'], $member['voId'], $member['status']);
+	}
+
+	/**
+	 * Returns true if group has registration form, false otherwise
+	 * @param sspmod_perun_model_Group $group
+	 * @return bool
+	 */
+	public function hasRegistrationForm($group) {
+		try {
+			$this->connector->get( 'registrarManager', 'getApplicationForm', array(
+				'group' => $group->getId(),
+			));
+			return true;
+		} catch (Exception $exception) {
+			return false;
+		}
+	}
+
 	public function searchFacilitiesByAttributeValue($attribute)
 	{
 		$perunAttrs = $this->connector->post('searcher', 'getFacilities', array(