OpenConext
diff --git a/‎application/modules/Api/Controller/Connections.php‎
Lines changed: 63 additions & 40 deletions b/‎application/modules/Api/Controller/Connections.php‎
Lines changed: 63 additions & 40 deletions
diff --git a/‎application/modules/Api/View/Connections/Test.phtml‎
Lines changed: 21 additions & 0 deletions b/‎application/modules/Api/View/Connections/Test.phtml‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎application/modules/Api/View/Index/Index.phtml‎
Lines changed: 5 additions & 3 deletions b/‎application/modules/Api/View/Index/Index.phtml‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎composer.json‎
Lines changed: 2 additions & 2 deletions b/‎composer.json‎
Lines changed: 2 additions & 2 deletions
@@ -1,47 +1,15 @@
 <?php
 
 use OpenConext\Component\EngineBlockMetadata\Entity\Assembler\JanusPushMetadataAssembler;
-use OpenConext\Component\EngineBlockMetadata\Entity\IdentityProvider;
-use OpenConext\Component\EngineBlockMetadata\Entity\ServiceProvider;
 use OpenConext\Component\EngineBlockMetadata\MetadataRepository\DoctrineMetadataRepository;
-use OpenConext\Component\EngineBlockMetadata\Service\JanusPushMetadataSynchronizer;
 
 class Api_Controller_Connections extends EngineBlock_Controller_Abstract
 {
     public function indexAction()
     {
         $this->setNoRender();
 
-        $configuration = EngineBlock_ApplicationSingleton::getInstance()->getConfigurationValue('engineApi');
-
-        if (!$configuration) {
-            throw new EngineBlock_Exception('API access disabled');
-        }
-
-        if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
-            header('WWW-Authenticate: Basic realm="EngineBlock API"');
-            header('HTTP/1.1 401 Unauthorized');
-            echo json_encode('Unauthenticated');
-            exit;
-        }
-
-        if ($_SERVER['PHP_AUTH_USER'] !== $configuration->user) {
-            header('WWW-Authenticate: Basic realm="EngineBlock API"');
-            header('HTTP/1.1 401 Unauthorized');
-            echo json_encode('Invalid credentials');
-            exit;
-        }
-
-        if ($_SERVER['PHP_AUTH_PW'] !== $configuration->password) {
-            header('WWW-Authenticate: Basic realm="EngineBlock API"');
-            header('HTTP/1.1 401 Unauthorized');
-            echo json_encode('Invalid credentials');
-            exit;
-        }
-
-        if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
-            header('HTTP/1.1 400 Bad Request');
-            echo json_encode('Not a POST request');
+        if (!$this->requireApiAuth()) {
             return;
         }
 
@@ -58,15 +26,19 @@ public function indexAction()
         $connections = json_decode($body);
 
         if (!$connections) {
-            header('HTTP/1.1 400 Bad Request');
-            echo json_encode('Unable to decode body as JSON');
-            exit;
+            $this->_getResponse()->setStatus(400, 'Bad Request');
+            $this->_getResponse()->setBody(
+              json_encode('Unable to decode body as JSON')
+            );
+            return;
         }
 
         if (!is_object($connections) || !isset($connections->connections) && !is_object($connections->connections)) {
-            header('HTTP/1.1 400 Bad Request');
-            echo json_encode('Unrecognized structure for JSON');
-            exit;
+            $this->_getResponse()->setStatus(400, 'Bad Request');
+            $this->_getResponse()->setBody(
+              json_encode('Unrecognized structure for JSON')
+            );
+            return;
         }
 
         $assembler = new JanusPushMetadataAssembler();
@@ -78,6 +50,57 @@ public function indexAction()
         );
         $result = $doctrineRepository->synchronize($roles);
 
-        echo json_encode($result);
+        $this->_getResponse()->setBody(json_encode($result));
+    }
+
+    public function testAction()
+    {
+        if (!$this->requireApiAuth()) {
+            return;
+        }
+    }
+
+    private function requireApiAuth()
+    {
+        $configuration = EngineBlock_ApplicationSingleton::getInstance()->getConfigurationValue('engineApi');
+
+        if (!$configuration) {
+            throw new EngineBlock_Exception('API access disabled');
+        }
+
+        if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
+            $this->setNoRender();
+            $this->_getResponse()->setHeader(
+              'WWW-Authenticate',
+              'Basic realm="EngineBlock API'
+            );
+            $this->_getResponse()->setStatus(401, 'Unauthorized');
+            $this->_getResponse()->setBody(json_encode('Unauthenticated'));
+            return false;
+        }
+
+        if ($_SERVER['PHP_AUTH_USER'] !== $configuration->user) {
+            $this->setNoRender();
+            $this->_getResponse()->setHeader(
+              'WWW-Authenticate',
+              'Basic realm="EngineBlock API'
+            );
+            $this->_getResponse()->setStatus(401, 'Unauthorized');
+            $this->_getResponse()->setBody(json_encode('Invalid credentials'));
+            return false;
+        }
+
+        if ($_SERVER['PHP_AUTH_PW'] !== $configuration->password) {
+            $this->setNoRender();
+            $this->_getResponse()->setHeader(
+              'WWW-Authenticate',
+              'Basic realm="EngineBlock API'
+            );
+            $this->_getResponse()->setStatus(401, 'Unauthorized');
+            $this->_getResponse()->setBody(json_encode('Invalid credentials'));
+            return false;
+        }
+
+        return true;
     }
 }
@@ -0,0 +1,21 @@
+<div style="text-align: center; margin-bottom: 1rem">
+  <button class="submit c-button" style="padding: 1em">PUSH</button>
+</div>
+
+<label for="connections-json" style="font-size: large; font-weight: bolder; display: block">JSON:</label>
+<textarea id="connections-json" rows="50" cols="120"></textarea>
+
+<div style="text-align: center; margin-top: 1rem">
+  <button class="submit c-button" style="padding: 1em">PUSH</button>
+</div>
+
+<script>
+  window.setTimeout(
+    function() {
+      $('button').on('click', function() {
+        $.post('index', $('textarea').val());
+      });
+    },
+    3000
+  );
+</script>
@@ -15,9 +15,11 @@ $layout->footerText = $this->t('footer');
         <div class="main">
             <h1>Welcome to the EngineBlock API index page!</h1>
             <p>
-                We currently only support 1 action, pushing metadata configuration.
-                To do this POST a valid JSON document with 'connections' to /connections,
-                using the engineApi.user and engineApi.password in HTTP Basic authentication.
+                We currently only support 1 action, pushing metadata configuration. <br>
+                To do this POST a valid JSON document with 'connections' to /connections, <br>
+                using the engineApi.user and engineApi.password in HTTP Basic authentication. <br><br>
+
+                To test this go here: <a href="/api/connections/test">/api/connections/test</a>
             </p>
         </div>
     </div>
 
@@ -17,11 +17,11 @@
         "monolog/monolog": "~1.13",
         "mrclay/minify": "~2.2",
         "openconext/engineblock-fixtures": "~0.4",
-        "openconext/engineblock-metadata": "~1.0",
+        "openconext/engineblock-metadata": "~1.2.8",
         "openconext/stoker-metadata": "~0.1",
         "openid/php-openid": "dev-master#a287b2d85e753c84b3b883ed8ee3ffe8692c8477 as 2.2.2",
         "pimple/pimple": "~2.1",
-        "simplesamlphp/saml2": "~0.6",
+        "simplesamlphp/saml2": "1.7.1 as 0.8.1",
         "simplesamlphp/simplesamlphp": "~1.13",
         "sybio/image-workshop": "~2.0.7",
         "zendframework/zendframework1":"~1.12"