Merge pull request #43 from pajavyskocil/fixBugs

Fix bugs

Author: Dominik František Bučík

CHANGELOG.md

@@ -2,8 +2,16 @@
 All notable changes to this project will be documented in this file.
 
  ## [Unreleased]
+ [Added]
+ - Added new atribute in PerunIdentity process filter with list of Services identifier's for which we don't want to show page with information, that the user will be redirected to other page 
+ 
  [Changed]
  - Changed design of ListOfSps
+ - Changed the texts and visual form of pages: perun_identity_choose_vo_and_group.php and unauthorized_access_go_to_registration.php
+
+ [Fixed]
+ - Fixed resend SPMetadata from request to unauthorized-access-go-to-registration page
+ - Fixed url encoding in PerunGroups
 
  ## [v2.0.0]
  [Added]

dictionaries/perun.definition.json

@@ -1,15 +1,15 @@
 {
-  "choose-vo-and-group-tpl_header": {
-    "en": "Access forbidden",
-    "cs": "Přístup odepřen"
+  "choose-vo-and-group-tpl_header-part1": {
+    "en": "Access to the service ",
+    "cs": "Přístup ke službě "
   },
-  "choose-vo-and-group-tpl_text": {
-    "en": "You don't meet the prerequisites for accessing the service: ",
-    "cs": "Nesplňujete prerekvizity pro přístup ke službě: "
+  "choose-vo-and-group-tpl_header-part2": {
+    "en": " has been forbidden",
+    "cs": " byl zamítnut"
   },
   "choose-vo-and-group-tpl_message": {
     "en": "To access the service it is necessary to have a valid membership in one of the following groups. Please proceed with selection of organization and group for registration.",
-    "cs": "Pro získání přístupu k dané službě je nutné se zaregistrovat do jedné z následujících skupin. Pokračujte výběrem příslušné organizace a skupiny."
+    "cs": "Pro získání přístupu k dané službě je nutné být členem jedné z následujících skupin. Pokračujte výběrem příslušné organizace a skupiny."
   },
   "choose-vo-and-group-tpl_select-vo": {
 	"en": "Select virtual organization for registration: ",
@@ -20,8 +20,20 @@
     "cs": "Vyberte skupinu pro registraci: "
   },
   "choose-vo-and-group-tpl_continue": {
-    "en": "Continue",
-    "cs": "Pokračovat"
+    "en": "Continue to the registration page for selected group",
+    "cs": "Pokračovat na registrační stránku do vybrané skupiny"
+  },
+  "go-to-registration_header1" : {
+    "en": "Your activity is necessary to access the ",
+    "cs": "Pro přístup ke službě "
+  },
+  "go-to-registration_header2" : {
+    "en": " service",
+    "cs": " je vyžadována Vaše aktivita"
+  },
+  "go-to-registration_continue" : {
+    "en": "Continue to a page with additional information",
+    "cs": "Pokračovat na stránku s doplňujícími informacemi"
   },
   "disco-tpl_previous-selection": {
 	"en": "your previous selection",

lib/Auth/Process/PerunGroups.php

@@ -72,12 +72,12 @@ public function process(&$request)
 			if (isset($request["SPMetadata"]["groupNameAARC"]) || $this->groupNameAARC) {
 				# https://aarc-project.eu/wp-content/uploads/2017/11/AARC-JRA1.4A-201710.pdf
 				# Group name is URL encoded by RFC 3986 (http://www.ietf.org/rfc/rfc3986.txt)
-				# Example: urn:geant:einfra.cesnet.cz:perun.cesnet.cz:group:einfra%3A<groupName>%3A<subGroupName>#perun.cesnet.cz
+				# Example: urn:geant:einfra.cesnet.cz:perun.cesnet.cz:group:einfra:<groupName>:<subGroupName>#perun.cesnet.cz
 				if (empty($this->groupNameAuthority) || empty($this->groupNamePrefix)) {
 					throw new SimpleSAML_Error_Exception("perun:PerunGroups: missing mandatory configuration options 'groupNameAuthority' or 'groupNamePrefix'.");
 				}
 
-				$groupName = $this->groupNamePrefix . rawurlencode($group->getUniqueName()) .  '#' . $this->groupNameAuthority;
+				$groupName = $this->groupNamePrefix . implode(":", array_map("rawurlencode", explode(":", $group->getUniqueName()))) .  '#' . $this->groupNameAuthority;
 			} else {
 				$groupName = $this->mapGroupName($request, $group->getUniqueName());
 			}

lib/Auth/Process/PerunIdentity.php

@@ -39,6 +39,7 @@ class sspmod_perun_Auth_Process_PerunIdentity extends SimpleSAML_Auth_Processing
 	const PERUN_FACILITY_DYNAMIC_REGISTRATION_ATTR= 'facilityDynamicRegistrationAttr';
 	const PERUN_FACILITY_REGISTER_URL_ATTR = 'facilityRegisterUrlAttr';
 	const PERUN_FACILITY_ALLOW_REGISTRATION_TO_GROUPS = 'facilityAllowRegistrationToGroups';
+	const LIST_OF_SPS_WITHOUT_INFO_ABOUT_REDIRECTION = 'listOfSpsWithoutInfoAboutRedirection';
 
 
 	private $uidsAttr;
@@ -47,6 +48,7 @@ class sspmod_perun_Auth_Process_PerunIdentity extends SimpleSAML_Auth_Processing
 	private $defaultRegisterUrl;
 	private $voShortName;
 	private $facilityVoShortNames = array();
+	private $listOfSpsWithoutInfoAboutRedirection = array();
 	private $spEntityId;
 	private $interface;
 	private $checkGroupMembership = false;
@@ -112,7 +114,9 @@ public function __construct($config, $reserved)
 		if (!isset($config[self::FORCE_REGISTRATION_TO_GROUPS])) {
                         $config[self::FORCE_REGISTRATION_TO_GROUPS] = false;
                 }
-
+		if (isset($config[self::LIST_OF_SPS_WITHOUT_INFO_ABOUT_REDIRECTION]) && is_array($config[self::LIST_OF_SPS_WITHOUT_INFO_ABOUT_REDIRECTION])) {
+			$this->listOfSpsWithoutInfoAboutRedirection = $config[self::LIST_OF_SPS_WITHOUT_INFO_ABOUT_REDIRECTION];
+		}
 		$this->uidsAttr = $config[self::UIDS_ATTR];
 		$this->registerUrlBase = (string) $config[self::REGISTER_URL_BASE];
 		$this->defaultRegisterUrl = (string) $config[self::REGISTER_URL];
@@ -264,8 +268,19 @@ protected function registerDirectly($request, $callback, $registerUrL, $vo = nul
 		$params[self::TARGET_EXTENDED] = $callback;
 
 		$id  = SimpleSAML_Auth_State::saveState($request, 'perun:PerunIdentity');
+
+		if (in_array($this->spEntityId, $this->listOfSpsWithoutInfoAboutRedirection)) {
+			\SimpleSAML\Utils\HTTP::redirectTrustedURL($registerUrL, $params);
+		}
+
 		$url = SimpleSAML\Module::getModuleURL('perun/unauthorized_access_go_to_registration.php');
-		\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id, 'SPMetadata' => $_REQUEST['SPMetadata'], 'registerUrL' => $registerUrL, 'params' => $params));
+		\SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array(
+			'StateId' => $id,
+			'SPMetadata' => $request['SPMetadata'],
+			'registerUrL' => $registerUrL,
+			'params' => $params
+			)
+		);
 
 	}
 

templates/choose-vo-and-group-tpl.php

@@ -11,7 +11,6 @@
 
 $this->data['head'] = '<link rel="stylesheet" media="screen" type="text/css" href="' . SimpleSAML\Module::getModuleUrl('perun/res/css/perun_identity_choose_vo_and_group.css')  . '" />';
 
-$this->data['header'] = $this->t('{perun:perun:choose-vo-and-group-tpl_header}');
 $vos = $this->data['vos'];
 $groups = $this->data['groups'];
 $registerUrlBase = $this->data['registerUrlBase'];
@@ -28,6 +27,8 @@
 	$informationURL = $spMetadata['InformationURL']['en'];
 }
 
+$this->data['header'] = "";
+
 $this->includeAtTemplateBase('includes/header.php');
 
 if (isset($_POST['selectedGroup'])) {
@@ -48,8 +49,20 @@
 	\SimpleSAML\Utils\HTTP::redirectTrustedURL($registerUrlBase, $params);
 }
 
-echo '<p>' . $this->t('{perun:perun:choose-vo-and-group-tpl_text}') . '<a href="' . $informationURL . '">' .$serviceName . '</a> </p>';
-echo '<p>' . $this->t('{perun:perun:choose-vo-and-group-tpl_message}') . '</p>'
+$header = $this->t('{perun:perun:choose-vo-and-group-tpl_header-part1}');
+if (!empty($serviceName) && !empty($informationURL)) {
+	$header .= '<a href="' . $informationURL . '">' . $serviceName . '</a>';
+} elseif (!empty($serviceName)) {
+	$header .=  $serviceName;
+}
+$header .= $this->t('{perun:perun:choose-vo-and-group-tpl_header-part2}');
+
+echo '<div id="head">';
+echo '<h1>' . $header. '</h1>';
+echo '</div>';
+
+echo '<div class="msg">' . $this->t('{perun:perun:choose-vo-and-group-tpl_message}'). '</div>';
+
 ?>
 
     <div class="list-group">

templates/unauthorized-access-go-to-registration-tpl.php

@@ -8,7 +8,9 @@
  */
 
 
-$this->data['header'] = $this->t('{perun:perun:choose-vo-and-group-tpl_header}');
+$this->data['header'] = "";
+$this->data['head'] = '<link rel="stylesheet"  media="screen" type="text/css" href="' . SimpleSAML\Module::getModuleUrl('perun/res/css/perun_identity_go_to_registration.css')  . '" />';
+
 $spMetadata = $this->data['SPMetadata'];
 $serviceName = '';
 $informationURL = '';
@@ -27,20 +29,22 @@
 
 $this->includeAtTemplateBase('includes/header.php');
 
+$header = $this->t('{perun:perun:go-to-registration_header1}');
+if (!empty($serviceName) && !empty($informationURL)) {
+	$header .= '<a href="' . $informationURL . '">' . $serviceName . '</a>';
+} elseif (!empty($serviceName)) {
+    $header .=  $serviceName;
+}
+$header .= $this->t('{perun:perun:go-to-registration_header2}');
 
-echo '<p>' . $this->t('{perun:perun:choose-vo-and-group-tpl_text}') . '<a href="' . $informationURL . '">' .$serviceName . '</a> </p>';
-echo '<p>' . $this->t('{perun:perun:choose-vo-and-group-tpl_message}') . '</p>'
+echo '<div id="head">';
+echo '<h1>' . $header . '</h1>';
+echo '</div>';
 ?>
-
-
-
-
     <form method="post">
         </hr>
         </br>
-        <h4> <?php echo $this->t('{perun:perun:unauthorized-access_redirect_to_registration}')?> </h4>
-
-            <input type="submit" name="continueToRegistration" value="<?php echo $this->t('{perun:perun:continue}')?>"  class="btn btn-lg btn-primary btn-block">
+            <input type="submit" name="continueToRegistration" value="<?php echo $this->t('{perun:perun:go-to-registration_continue}')?>"  class="btn btn-lg btn-primary btn-block">
         <div class="form-group">
 		</div>
 	</form>

www/res/css/perun_identity_choose_vo_and_group.css

@@ -1,3 +1,20 @@
+#head a, #head a:link, #head a:visited{
+    color: #005b99 !important;
+}
+
+#head a:hover {
+    border-bottom: 1px #005b99 solid !important;
+}
+
+#content, #languagebar {
+    max-width: 960px !important;
+}
+
+.msg {
+    padding-top: 30px;
+    padding-bottom: 20px;
+}
+
 select {
     margin-bottom: 20px;
 }

www/res/css/perun_identity_go_to_registration.css

@@ -0,0 +1,15 @@
+#head a, #head a:link, #head a:visited{
+    color: #005b99 !important;
+}
+
+#head a:hover {
+    border-bottom: 1px #005b99 solid !important;
+}
+
+#content, #languagebar {
+    max-width: 960px !important;
+}
+
+.msg {
+    padding-top: 30px;
+}