Skip to content
This repository was archived by the owner on Sep 19, 2022. It is now read-only.

Commit b23513a

Browse files
author
Dominik František Bučík
authored
Merge pull request #260 from CESNET/entityID-for-ForceAup
feat(forceaup): new option entityID, fix required checks
2 parents fe086fe + e2ec315 commit b23513a

File tree

2 files changed

+34
-21
lines changed

2 files changed

+34
-21
lines changed

composer.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,9 @@
3333
"config": {
3434
"platform": {
3535
"php": "7.4"
36+
},
37+
"allow-plugins": {
38+
"simplesamlphp/composer-module-installer": true
3639
}
3740
},
3841
"require": {

lib/Auth/Process/ForceAup.php

Lines changed: 31 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,12 @@
77
use DateTime;
88
use SimpleSAML\Auth\ProcessingFilter;
99
use SimpleSAML\Auth\State;
10+
use SimpleSAML\Configuration;
1011
use SimpleSAML\Error\Exception;
1112
use SimpleSAML\Logger;
1213
use SimpleSAML\Module;
1314
use SimpleSAML\Module\perun\Adapter;
15+
use SimpleSAML\Module\perun\EntitlementUtils;
1416
use SimpleSAML\Module\perun\model;
1517
use SimpleSAML\Utils\HTTP;
1618

@@ -43,6 +45,8 @@ class ForceAup extends ProcessingFilter
4345

4446
public const PERUN_FACILITY_VO_SHORT_NAMES_ATTR = 'perunFacilityVoShortNamesAttr';
4547

48+
public const ENTITY_ID = 'entityID';
49+
4650
private const DATETIME_FORMAT = 'Y-m-d';
4751

4852
private $perunAupsAttr;
@@ -55,6 +59,8 @@ class ForceAup extends ProcessingFilter
5559

5660
private $perunFacilityVoShortNames;
5761

62+
private $entityId;
63+
5864
/**
5965
* @var Adapter
6066
*/
@@ -64,36 +70,40 @@ public function __construct($config, $reserved)
6470
{
6571
parent::__construct($config, $reserved);
6672

67-
if (!isset($config[self::PERUN_AUPS_ATTR]) && !isset($config[self::PERUN_VO_AUP_ATTR])) {
73+
$configuration = Configuration::loadFromArray($config);
74+
$this->perunAupsAttr = $configuration->getString(self::PERUN_AUPS_ATTR, null);
75+
$this->perunVoAupAttr = $configuration->getString(self::PERUN_VO_AUP_ATTR, null);
76+
if (null === $this->perunAupsAttr && null === $this->perunVoAupAttr) {
6877
throw new Exception(
6978
'perun:ForceAup: missing at least one of mandatory configuration options \'' . self::PERUN_AUPS_ATTR . '\' or \'' . self::PERUN_VO_AUP_ATTR . '\'.'
7079
);
7180
}
72-
if (!isset($config[self::PERUN_USER_AUP_ATTR])) {
73-
throw new Exception(
74-
'perun:ForceAup: missing mandatory configuration option \'' . self::PERUN_USER_AUP_ATTR . '\'.'
75-
);
76-
}
77-
if (!isset($config[self::INTERFACE_PROPNAME])) {
78-
$config[self::INTERFACE_PROPNAME] = Adapter::RPC;
79-
}
80-
81-
$this->perunAupsAttr = isset($config[self::PERUN_AUPS_ATTR]) ?
82-
(string) $config[self::PERUN_AUPS_ATTR] : null;
83-
$this->perunVoAupAttr = isset($config[self::PERUN_VO_AUP_ATTR]) ?
84-
(string) $config[self::PERUN_VO_AUP_ATTR] : null;
85-
$this->perunUserAupAttr = (string) $config[self::PERUN_USER_AUP_ATTR];
86-
$interface = (string) $config[self::INTERFACE_PROPNAME];
81+
$this->perunUserAupAttr = $configuration->getString(self::PERUN_USER_AUP_ATTR);
82+
$interface = $configuration->getValueValidate(
83+
self::INTERFACE_PROPNAME,
84+
[Adapter::RPC, Adapter::LDAP],
85+
Adapter::RPC
86+
);
8787
$this->adapter = Adapter::getInstance($interface);
88-
89-
$this->perunFacilityRequestedAupsAttr = (string) $config[self::PERUN_FACILITY_REQ_AUPS_ATTR];
90-
$this->perunFacilityVoShortNames = (string) $config[self::PERUN_FACILITY_VO_SHORT_NAMES_ATTR];
88+
$this->perunFacilityRequestedAupsAttr = $configuration->getString(self::PERUN_FACILITY_REQ_AUPS_ATTR);
89+
$this->perunFacilityVoShortNames = $configuration->getString(self::PERUN_FACILITY_VO_SHORT_NAMES_ATTR);
90+
$this->entityId = $configuration->getValue(self::ENTITY_ID, null);
9191
}
9292

9393
public function process(&$request)
9494
{
9595
assert(is_array($request));
9696

97+
if (null === $this->entityId) {
98+
$this->entityId = EntitlementUtils::getSpEntityId($request);
99+
} elseif (is_callable($this->entityId)) {
100+
$this->entityId = call_user_func($this->entityId, $request);
101+
} elseif (!is_string($this->entityId)) {
102+
throw new Exception(
103+
'perun:ForceAup: invalid configuration option entityID. It must be a string or a callable.'
104+
);
105+
}
106+
97107
if (isset($request['perun']['user'])) {
98108
/**
99109
* allow IDE hint whisperer.
@@ -108,7 +118,7 @@ public function process(&$request)
108118
}
109119

110120
try {
111-
$facility = $this->adapter->getFacilityByEntityId($request['SPMetadata']['entityid']);
121+
$facility = $this->adapter->getFacilityByEntityId($this->entityId);
112122

113123
if (null === $facility) {
114124
return;
@@ -139,7 +149,7 @@ public function process(&$request)
139149
if (empty($requestedAups) && empty($voShortNames)) {
140150
Logger::debug(
141151
'Perun.ForceAup - No AUPs to be approved have been requested by facility with EntityId: ' .
142-
$request['SPMetadata']['entityid']
152+
$this->entityId
143153
);
144154

145155
return;

0 commit comments

Comments
 (0)