Merge pull request #68 from pajavyskocil/ds_metadata_endpoint

Ds metadata endpoint

Author: vyskocilpavel

CHANGELOG.md

@@ -2,6 +2,21 @@
 All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
+#### Added
+- Added endpoint to get filtered list of metadata in format:
+```json
+[
+  {
+    "entityid": "https://entityid1/",
+    "name": {
+      "en": "IdP1",
+      "cs": "IdP1"
+    }
+  },
+  { ... }
+]
+```
+
 #### Changed
 - RpcConnector now stores cookie into file
 - Set CONNECTTIMEOUT and TIMEOUT in RpcConnector
@@ -10,6 +25,7 @@ All notable changes to this project will be documented in this file.
 #### Fixed
 - Fixed bug in redirect to registration in case only one VO and one group is available
 
+
 ## [v3.2.0]
 #### Added
 - Added filter JoinGroupsAndEduPersonEntitlement
@@ -157,7 +173,6 @@ when storing one Perun attribute to more SAML attribute
 ## [v1.0.0]
 
 [Unreleased]: https://github.com/CESNET/perun-simplesamlphp-module/tree/master
-[v3.2.1]: https://github.com/CESNET/perun-simplesamlphp-module/tree/v3.2.1
 [v3.2.0]: https://github.com/CESNET/perun-simplesamlphp-module/tree/v3.2.0
 [v3.1.1]: https://github.com/CESNET/perun-simplesamlphp-module/tree/v3.1.1
 [v3.1.0]: https://github.com/CESNET/perun-simplesamlphp-module/tree/v3.1.0

lib/Disco.php

@@ -2,6 +2,7 @@
 
 namespace SimpleSAML\Module\perun;
 
+use SimpleSAML\Module\discopower\PowerIdPDisco;
 use SimpleSAML\Utils\HTTP;
 use SimpleSAML\Error\Exception;
 use SimpleSAML\Auth\State;
@@ -20,7 +21,7 @@
  * @author Ondrej Velisek <[email protected]>
  * @author Pavel Vyskocil <[email protected]>
  */
-class Disco extends \SimpleSAML\Module\discopower\PowerIdPDisco
+class Disco extends PowerIdPDisco
 {
     const CONFIG_FILE_NAME = 'module_perun.php';
     const PROPNAME_DISABLE_WHITELISTING = 'disco.disableWhitelisting';
@@ -66,9 +67,6 @@ public function __construct(array $metadataSets, $instance)
             $this->originalsp = $state['SPMetadata'];
         }
 
-        $this->service = IdpListsService::getInstance();
-        $this->whitelist = $this->service->getWhitelistEntityIds();
-        $this->greylist = $this->service->getGreylistEntityIds();
     }
 
     /**
@@ -135,11 +133,7 @@ protected function filterList($list)
             || !$this->originalsp['disco.doNotFilterIdps']
         ) {
             $list = parent::filterList($list);
-            $list = $this->scoping($list);
-            if (!$disableWhitelisting) {
-                $list = $this->whitelisting($list);
-            }
-            $list = $this->greylisting($list);
+            self::doFilter($list, $disableWhitelisting, $this->scopedIDPList);
             $list = $this->greylistingPerSP($list, $this->originalsp);
         }
 
@@ -150,6 +144,34 @@ protected function filterList($list)
         return $list;
     }
 
+    /**
+     * Filter out IdP which:
+     *  1. are not in SAML2 Scoping attribute list (SAML2 feature)
+     *  2. are not whitelisted (if whitelisting is allowed)
+     *  3. are greylisted
+     *
+     * @param array $list A map of entities to filter.
+     * @param bool $disableWhitelisting
+     * @param array $scopedIdPList
+     *
+     * @return array The list in $list after filtering entities.
+     * @throws Exception In case
+     */
+    public static function doFilter($list, $disableWhitelisting = false, $scopedIdPList = [])
+    {
+        $service = IdpListsService::getInstance();
+        $whitelist = $service->getWhitelistEntityIds();
+        $greylist = $service->getGreylistEntityIds();
+
+        $list = self::scoping($list, $scopedIdPList);
+        if (!$disableWhitelisting) {
+            $list = self::whitelisting($list, $whitelist);
+        }
+        $list = self::greylisting($list, $greylist);
+
+        return $list;
+    }
+
     /**
      * Filter a list of entities for addInstitution app according to if entityID is whitelisted or not
      *
@@ -159,8 +181,10 @@ protected function filterList($list)
      */
     protected function filterAddInstitutionList($list)
     {
+        $service = IdpListsService::getInstance();
+        $whitelist = $service->getWhitelistEntityIds();
         foreach ($list as $entityId => $idp) {
-            if (in_array($entityId, $this->whitelist)) {
+            if (in_array($entityId, $whitelist)) {
                 unset($list[$entityId]);
             }
         }
@@ -174,30 +198,41 @@ protected function filterAddInstitutionList($list)
 
     /**
      * Filter out IdP which are not in SAML2 Scoping attribute list (SAML2 feature)
-     * @param $list
-     * @return array of idps
+     *
+     * @param array $list A map of entities to filter.
+     * @param array $scopedIDPList
+     *
+     * @return array The list in $list after filtering entities.
      */
-    protected function scoping($list)
+    protected static function scoping($list, $scopedIDPList)
     {
-        if (!empty($this->scopedIDPList)) {
+        if (!empty($scopedIDPList)) {
             foreach ($list as $entityId => $idp) {
-                if (!in_array($entityId, $this->scopedIDPList)) {
+                if (!in_array($entityId, $scopedIDPList)) {
                     unset($list[$entityId]);
                 }
             }
         }
-        //SimpleSAML\Logger::debug(
-        //'perun.Disco.filterList: Idps after SAML2 Scoping: ' . var_export(array_keys($list), true)
-        //);
         return $list;
     }
 
-    protected function whitelisting($list)
+    /**
+     * Filter out IdP which:
+     *  1. are not whitelisted
+     *  2. are not supported research and scholarship
+     *  3. are not supported code of conduct
+     *
+     * @param array $list A map of entities to filter.
+     * @param array $whitelist The list of whitelisted IdPs
+     *
+     * @return array The list in $list after filtering entities.
+     */
+    protected static function whitelisting($list, $whitelist)
     {
         foreach ($list as $entityId => $idp) {
             $unset = true;
 
-            if (in_array($entityId, $this->whitelist)) {
+            if (in_array($entityId, $whitelist)) {
                 $unset = false;
             }
             if (isset($idp['EntityAttributes']['http://macedir.org/entity-category-support'])) {
@@ -223,23 +258,25 @@ protected function whitelisting($list)
                 unset($list[$entityId]);
             }
         }
-        //SimpleSAML\Logger::debug(
-        //'perun.Disco.filterList: Idps after Whitelisting: ' . var_export(array_keys($list), true)
-        //);
         return $list;
     }
 
-    protected function greylisting($list)
+    /**
+     * Filter out IdP which are greylisted
+     *
+     * @param array $list A map of entities to filter.
+     * @param array $greylist The list of greylisted IdPs
+     *
+     * @return array The list in $list after filtering entities.
+     */
+    protected static function greylisting($list, $greylist)
     {
         foreach ($list as $entityId => $idp) {
-            if (in_array($entityId, $this->greylist)) {
+            if (in_array($entityId, $greylist)) {
                 unset($list[$entityId]);
             }
         }
 
-        //SimpleSAML\Logger::debug(
-        //'perun.Disco.filterList: Idps after Greylisting: ' . var_export(array_keys($list), true)
-        //);
         return $list;
     }
 
@@ -253,9 +290,6 @@ protected function greylistingPerSP($list, $sp)
             }
         }
 
-        //SimpleSAML\Logger::debug(
-        //'perun.Disco.filterList: Idps after Greylisting per SP: ' . var_export(array_keys($list), true)
-        //);
         return $list;
     }
 

www/listOfMetadata.php

@@ -0,0 +1,22 @@
+<?php
+
+use SimpleSAML\Metadata\MetaDataStorageHandler;
+use \SimpleSAML\Module\perun\Disco;
+
+$metadataHandler = MetaDataStorageHandler::getMetadataHandler();
+
+$metadata = $metadataHandler->getList();
+$filteredMetadata = Disco::doFilter($metadata);
+
+$data = [];
+
+foreach ($filteredMetadata as $metadata) {
+    $item = [];
+    $item['entityid'] = $metadata['entityid'];
+    $item['name'] = $metadata['name'];
+    array_push($data, $item);
+}
+
+header('Content-type: application/json');
+echo json_encode($data);
+exit;