Merge pull request #95 from OpenConext/develop

[WIP] EB 4.3.0

Author: Boy Baukema

application/configs/application.ini

@@ -1,20 +1,14 @@
 ;;;
-; Ini configuration for EngineBlock for all known environments.
+; Default ini configuration for OpenConext EngineBlock.
 ;
-; Divided in sections per environment like so:
-; [acceptance : base]
-;
-; Meaning 'these are the settings for the acceptance environment,
-; based on the base env (inherits from base)'
+; You can override this in /etc/openconext/engineblock.ini.
 ;
 ; Editting Rules:
 ; 1. The first rule of INI files is, you do not talk about INI files.
 ; 2. The second rule of INI files is is, you DO NOT talk about INI files.
 ; 3. Names in camelCase (note first character is lowerCase)
-; 4. Every configuration item should be present and documented for [base]
-; 5. All environments extend from base
-; 7. Section inheritance only works one level deep
-; 8. If this is your first time editing an INI file, have fun!
+; 4. Every configuration item should be present and documented for in application/configs/application.ini
+; 5. If this is your first time editing an INI file, have fun!
 ;;;
 [base]
 
@@ -90,7 +84,7 @@ auth.simplesamlphp.idp.certificate= "/etc/openconext/engineblock.crt"
 ; Note "123" means no access
 auth.simplesamlphp.adminPassword  = "123"
 
-auth.simplesamlphp.baseurlpath = "simplesamlphp/"
+auth.simplesamlphp.baseurlpath = "simplesaml/"
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;; LOGGING / ERROR HANDLING ;;;;;;;;;;
@@ -252,10 +246,34 @@ api.vovalidate.baseUrl = "https://api.demo.openconext.org"
 api.vovalidate.key = "oauth_key"
 api.vovalidate.secret = "oauth_secret"
 
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;; CRONJOB SETTINGS ;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; The time after which a user is deprovisioned
+cron.deprovision.idleTime = "6 months"
+
+; Warning time settings
+cron.deprovision.firstWarningTime = "4 weeks" ; Period before the idleTime
+cron.deprovision.secondWarningTime = "2 weeks" ; Period before the idleTime
+
+cron.deprovision.sendGroupMemberWarning = true ; do we send mails to teammembers who are about to loose their only admin
+cron.deprovision.sendDeprovisionWarning = true ; do we send mails as warnings
+
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;; MISCELLANEOUS SETTINGS ;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
+; the value for guest qualifier. Can be overridden for specific non-surfnet environments
+addgueststatus.guestqualifier = "urn:collab:org:surf.nl"
+
+; Language Cookie settings
+cookie.lang.domain = ".surfconext.nl"
+; Cookie expiry time, specify the time in seconds, set empty to let the cookie get expired after the session
+cookie.lang.expiry = 5184000 ; 60 days in seconds
+
 ; Skip the asset compiling and use the source .js files.
 dynamicAssets = false
 
@@ -264,20 +282,18 @@ defaults.header     = "SURFconext"
 defaults.subheader  = ""
 defaults.layout     = "1-column-blue-grey"
 
-; Profile URI settings
-profile.protocol    = "https"
-profile.host        = "profile.surfconext.nl"
-
-; Language Cookie settings
-cookie.lang.domain = ".surfconext.nl"
-; Cookie expiry time, specify the time in seconds, set empty to let the cookie get expired after the session
-cookie.lang.expiry = 5184000 ; 60 days in seconds
-
 ; EngineBlock default Group Provider ID
 ; This identifier is used when fetching the group provider configuration for deprovisioning
 ; In our case this identifier should point to the Grouper group provider
 defaultGroupProvider = "grouper"
 
+; edugain metadata
+edugain.publication.publisher = "https://engine.surfconext.nl/authentication/proxy/edugain-metadata"
+edugain.publication.policy = "http://www.edugain.org/policy/metadata-tou_1_0.txt"
+edugain.registration.authority = "http://www.surfconext.nl/"
+edugain.registration.policy = "https://wiki.surfnetlabs.nl/display/eduGAIN/EduGAIN"
+edugain.termsOfUse = "Use of this metadata is subject to the Terms of Use at http://www.edugain.org/policy/metadata-tou_1_0.txt"
+
 ; Do we send welcome emails
 email.sendWelcomeMail = false
 
@@ -295,31 +311,9 @@ email.idpDebugging.subject    = "IdP debug info van %1$s"
 ; terms of use surfconext
 openconext.termsOfUse = "https://wiki.surfnetlabs.nl/display/conextsupport/Terms+of+Service+%28EN%29"
 
-; edugain metadata
-edugain.registration.authority = "http://www.surfconext.nl/"
-edugain.registration.policy = "https://wiki.surfnetlabs.nl/display/eduGAIN/EduGAIN"
-
-edugain.publication.publisher = "https://engine.surfconext.nl/authentication/proxy/edugain-metadata"
-edugain.publication.policy = "http://www.edugain.org/policy/metadata-tou_1_0.txt"
-
-edugain.termsOfUse = "Use of this metadata is subject to the Terms of Use at http://www.edugain.org/policy/metadata-tou_1_0.txt"
-
-; the value for guest qualifier. Can be overridden for specific non-surfnet environments
-addgueststatus.guestqualifier = "urn:collab:org:surf.nl"
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;; CRONJOB SETTINGS ;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-; The time after which a user is deprovisioned
-cron.deprovision.idleTime = "6 months"
-
-; Warning time settings
-cron.deprovision.firstWarningTime = "4 weeks" ; Period before the idleTime
-cron.deprovision.secondWarningTime = "2 weeks" ; Period before the idleTime
-
-cron.deprovision.sendGroupMemberWarning = true ; do we send mails to teammembers who are about to loose their only admin
-cron.deprovision.sendDeprovisionWarning = true ; do we send mails as warnings
+; Profile URI settings
+profile.protocol    = "https"
+profile.host        = "profile.surfconext.nl"
 
 ; Configure trusted proxies to use their X-Forwarded-For header.
 ; trustedProxyIps[] = 192.168.1.1

application/layouts/scripts/1-column-blue-grey-narrow.phtml

@@ -10,7 +10,7 @@ require PARTIAL_DIR . 'header-start.php';
     </head>
     <body class="index">
         <div id="wrapper">
-            <div id="header"><b><font size="4"><?php echo htmlentities($this->layout()->header, 0, "UTF-8"); ?></font></b></div>
+            <div id="header"><h4><?php echo htmlentities($this->layout()->header, 0, "UTF-8"); ?></h4></div>
             <div id="main">
 
                 <?php require PARTIAL_DIR . 'nav.php'; ?>
@@ -20,8 +20,8 @@ require PARTIAL_DIR . 'header-start.php';
                 <?php echo $this->layout()->content; ?>
 
                 <div class="bottom">
+                    <hr />
                     <p>
-                        <hr />
                         <?php echo $this->layout()->footerText; ?>
                     </p>
                 </div>

application/layouts/scripts/1-column-blue-grey.phtml

@@ -1,4 +1,5 @@
 <?php
+/** @var Zend_View $this */
 define('PARTIAL_DIR', __DIR__ . '/partials/');
 require PARTIAL_DIR . 'header-start.php';
 ?>
@@ -26,10 +27,10 @@ require PARTIAL_DIR . 'header-start.php';
                 <!-- Language selection -->
                 <ul class="nav">
                     <li class="<?php if ($lang==='en'): ?>active<?php endif; ?>">
-                        <a href="<?php echo EngineBlock_View::setLanguage('en'); ?>">EN</a>
+                        <a href="<?php echo EngineBlock_View::htmlSpecialCharsText(EngineBlock_View::setLanguage('en')); ?>">EN</a>
                     </li>
                     <li class="<?php if ($lang==='nl'): ?>active<?php endif; ?>">
-                        <a href="<?php echo EngineBlock_View::setLanguage('nl'); ?>">NL</a>
+                        <a href="<?php echo EngineBlock_View::htmlSpecialCharsText(EngineBlock_View::setLanguage('nl')); ?>">NL</a>
                     </li>
                 </ul>
 

application/layouts/scripts/partials/header-start.php

@@ -1,6 +1,6 @@
 <?php require __DIR__ . '/lang.php'; ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
+<!DOCTYPE html>
+<html>
 <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
     <meta name="robots" content="noindex, nofollow"/>

application/layouts/scripts/partials/nav.php

@@ -1,10 +1,10 @@
 <!-- Language selection -->
 <ul class="nav">
     <li class="<?php if ($lang==='en'): ?>active<?php endif; ?>">
-        <a href="<?php echo EngineBlock_View::setLanguage('en'); ?>">EN</a>
+        <a href="<?php echo EngineBlock_View::htmlSpecialCharsText(EngineBlock_View::setLanguage('en')); ?>">EN</a>
     </li>
     <li class="<?php if ($lang==='nl'): ?>active<?php endif; ?>">
-        <a href="<?php echo EngineBlock_View::setLanguage('nl'); ?>">NL</a>
+        <a href="<?php echo EngineBlock_View::htmlSpecialCharsText(EngineBlock_View::setLanguage('nl')); ?>">NL</a>
     </li>
     <?php if (EngineBlock_View::moduleName() == 'profile'): ?>
         <li data-external-link="true">

application/modules/Authentication/Controller/Feedback.php

@@ -66,6 +66,11 @@ public function receivedInvalidResponseAction()
         // @todo Send 4xx or 5xx header?
     }
 
+    public function receivedInvalidSignedResponseAction()
+    {
+        // @todo Send 4xx or 5xx header?
+    }
+
     public function noIdpsAction()
     {
         // @todo Send 4xx or 5xx header?

application/modules/Authentication/Controller/Proxy.php

@@ -2,12 +2,6 @@
 
 class Authentication_Controller_Proxy extends EngineBlock_Controller_Abstract
 {
-    /**
-     *
-     *
-     * @param string $encodedIdPEntityId
-     * @return void
-     */
     public function idPsMetaDataAction()
     {
         $this->setNoRender();
@@ -22,27 +16,29 @@ public function idPsMetaDataAction()
                 } else if (substr($argument, 0, 4) === 'key:') {
                     $proxyServer->setKeyId(substr($argument, 4));
                 } else {
-                    EngineBlock_ApplicationSingleton::getInstance()->getLogInstance()->notice(
+                    $application->getLogInstance()->notice(
                         "Ignoring unknown argument '$argument'."
                     );
                 }
             }
             $proxyServer->idPsMetadata();
-        } catch(EngineBlock_Corto_ProxyServer_UnknownRemoteEntityException $e) {
+        }
+        catch(EngineBlock_Corto_ProxyServer_UnknownRemoteEntityException $e) {
             $application->getLogInstance()->log(
                 "Unknown remote entity: " . $e->getEntityId(),
                 EngineBlock_Log::NOTICE,
                 EngineBlock_Log_Message_AdditionalInfo::createFromException($e)
             );
             $application->handleExceptionWithFeedback($e,
                 '/authentication/feedback/unknown-service-provider?entity-id=' . urlencode($e->getEntityId()));
-        } catch(Janus_Client_CacheProxy_Exception $e) {
+        }
+        catch(Janus_Client_CacheProxy_Exception $e) {
             $application->getLogInstance()->log(
                 "Unknown Service Provider?",
                 EngineBlock_Log::NOTICE,
                 EngineBlock_Log_Message_AdditionalInfo::createFromException($e)
             );
-            $spEntityId = EngineBlock_ApplicationSingleton::getInstance()->getHttpRequest()->getQueryParameter('sp-entity-id');
+            $spEntityId = $application->getHttpRequest()->getQueryParameter('sp-entity-id');
             $application->handleExceptionWithFeedback($e,
                 '/authentication/feedback/unknown-service-provider?entity-id=' . urlencode($spEntityId));
         }
@@ -54,38 +50,42 @@ public function edugainMetaDataAction()
 
         $application = EngineBlock_ApplicationSingleton::getInstance();
 
-        $queryString = EngineBlock_ApplicationSingleton::getInstance()->getHttpRequest()->getQueryString();
+        $queryString = $application->getHttpRequest()->getQueryString();
         $proxyServer = new EngineBlock_Corto_Adapter();
 
         foreach (func_get_args() as $argument) {
             if (substr($argument, 0, 4) === 'key:') {
                 $proxyServer->setKeyId(substr($argument, 4));
             } else {
-                EngineBlock_ApplicationSingleton::getInstance()->getLogInstance()->notice(
+                $application->getLogInstance()->notice(
                     "Ignoring unknown argument '$argument'."
                 );
             }
         }
 
         try {
             $proxyServer->edugainMetadata($queryString);
-        } catch(EngineBlock_Corto_ProxyServer_UnknownRemoteEntityException $e) {
+        }
+        catch(EngineBlock_Corto_ProxyServer_UnknownRemoteEntityException $e) {
             $application->getLogInstance()->log(
                 "Unknown Service Provider?",
                 EngineBlock_Log::NOTICE,
                 EngineBlock_Log_Message_AdditionalInfo::createFromException($e)
             );
-            $application->handleExceptionWithFeedback($e,
+            $application->handleExceptionWithFeedback(
+                $e,
                 '/authentication/feedback/unknown-service-provider?entity-id=' . urlencode($e->getEntityId())
             );
-        } catch(Janus_Client_CacheProxy_Exception $e) {
-            $spEntityId = EngineBlock_ApplicationSingleton::getInstance()->getHttpRequest()->getQueryParameter('sp-entity-id');
+        }
+        catch(Janus_Client_CacheProxy_Exception $e) {
+            $spEntityId = $application->getHttpRequest()->getQueryParameter('sp-entity-id');
             $application->getLogInstance()->log(
                 "Unknown Service Provider '$spEntityId'?",
                 EngineBlock_Log::NOTICE,
                 EngineBlock_Log_Message_AdditionalInfo::createFromException($e)
             );
-            $application->handleExceptionWithFeedback($e,
+            $application->handleExceptionWithFeedback(
+                $e,
                 '/authentication/feedback/unknown-service-provider?entity-id=' . urlencode($spEntityId)
             );
         }
@@ -105,8 +105,10 @@ public function processedAssertionAction()
                 EngineBlock_Log::NOTICE,
                 EngineBlock_Log_Message_AdditionalInfo::createFromException($e)
             );
-            $application->handleExceptionWithFeedback($e,
-                '/authentication/feedback/vomembershiprequired');
+            $application->handleExceptionWithFeedback(
+                $e,
+                '/authentication/feedback/vomembershiprequired'
+            );
         }
         catch (EngineBlock_Attributes_Manipulator_CustomException $e) {
             $application->getLogInstance()->log(
@@ -115,8 +117,10 @@ public function processedAssertionAction()
                 EngineBlock_Log_Message_AdditionalInfo::createFromException($e)
             );
             $_SESSION['feedback_custom'] = $e->getFeedback();
-            $application->handleExceptionWithFeedback($e,
-                '/authentication/feedback/custom');
+            $application->handleExceptionWithFeedback(
+                $e,
+                '/authentication/feedback/custom'
+            );
         }
     }
 }