Changeset 33456
- Timestamp:
- 05/03/12 21:44:15 (1 year ago)
- Files:
-
- plugins/dcSamlPlugin/README (modified) (1 diff)
- plugins/dcSamlPlugin/lib/saml/CustomSamlResponse.class.php (modified) (2 diffs)
- plugins/dcSamlPlugin/lib/saml/SamlAgent.class.php (modified) (1 diff)
- plugins/dcSamlPlugin/lib/saml/SamlPermission.class.php (modified) (1 diff)
- plugins/dcSamlPlugin/lib/saml/SamlUser.class.php (modified) (3 diffs)
- plugins/dcSamlPlugin/lib/user/dcSamlSecurityUser.class.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
plugins/dcSamlPlugin/README
r33399 r33456 78 78 security_check_action: securityCheck 79 79 80 # In this case, the permission attributes are like 81 # array("permissions" => array("permission_name" => "prefix.permission")) 82 attribute_name_of_the_credential_name: permission_name 83 credentials_attribute_name: permissions 84 80 85 81 86 plugins/dcSamlPlugin/lib/saml/CustomSamlResponse.class.php
r33400 r33456 44 44 * @return string 45 45 */ 46 p rivatefunction get_attribute($attr)46 public function get_attribute($attr) 47 47 { 48 48 $xpath = $this->get_xpath(); … … 53 53 return $es->item(0)->nodeValue; 54 54 } 55 56 /** 57 * Returns the perissions in the response 58 * 59 * @return array unparsed perissions 60 */ 61 function get_permissions() 55 56 private function get_attributes_names() 62 57 { 63 $permissions = $this->get_attribute('permissions'); 64 $permissions = !empty($permissions)?json_decode($permissions):array(); 65 return $permissions; 58 $xpath = $this->get_xpath(); 59 $signatureQuery = "//saml:Attribute[@Name]"; 60 $list = $xpath->query($signatureQuery); 61 $attributes_names = array(); 62 for($i = 0; $i < $list->length; $i++) 63 { 64 $attributes_names[] = $list->item($i)->getAttribute('Name'); 65 } 66 return $attributes_names; 66 67 } 67 68 /** 69 * Returns the person id in the response 70 * 71 * @return string 72 */ 73 function get_person_id() 68 69 public function get_attributes() 74 70 { 75 return $this->get_attribute('person_id'); 76 } 77 78 /** 79 * Returns the user email in the response 80 * 81 * @return string 82 */ 83 function get_email() 84 { 85 return $this->get_attribute('email'); 86 } 87 88 /** 89 * Returns the user email in the response 90 * 91 * @return string 92 */ 93 function get_username() 94 { 95 return $this->get_attribute('username'); 71 $xpath = $this->get_xpath(); 72 $signatureQuery = "//ds:Reference[@URI]"; 73 $id = substr($xpath->query($signatureQuery)->item(0)->getAttribute('URI'), 1); 74 $attributes = array(); 75 foreach($this->get_attributes_names() as $attr_name) 76 { 77 $q = "//saml:Attribute[@Name='$attr_name']/saml:AttributeValue"; 78 $es = $xpath->query($q); 79 $attributes[$attr_name] = $es->item(0)->nodeValue; 80 } 81 return $attributes; 96 82 } 97 83 } plugins/dcSamlPlugin/lib/saml/SamlAgent.class.php
r33400 r33456 316 316 private function newUser($response) { 317 317 // Build a new samluser 318 $user = new SamlUser($response->get_person_id(), $response->get_username(), $response->get_email(), $response->get_permissions()); 318 $response->get_attributes(); 319 $permissions = $response->get_attribute(sfConfig::get('app_dc_saml_plugin_credentials_attribute_name', 'permissions')); 320 $permissions = $permissions?json_decode($permissions):array(); 321 $user = new SamlUser($response->get_attributes(), $permissions); 319 322 return $user; 320 323 } plugins/dcSamlPlugin/lib/saml/SamlPermission.class.php
r33399 r33456 11 11 class SamlPermission { 12 12 13 // Permission name 14 var $name; 15 16 // Permission academic unit 17 var $academic_unit; 13 // Permission's attributes array 14 var $permission; 18 15 19 16 /** 20 17 * Constructor 21 18 * 22 * @param string role name19 * @param array permission's attributes array 23 20 * 24 21 * @access public 25 22 */ 26 function __construct($name, $academic_unit_id) { 27 $this->name = $name; 28 $this->academic_unit = $academic_unit_id; 23 public function __construct($permission) { 24 $this->permission = $permission; 29 25 } 30 26 31 27 /** 32 * Get the role name28 * Get the permission's attributes array 33 29 * 34 * @return string the role name.30 * @return array permission's attributes array. 35 31 * @access public 36 32 */ 37 function getName() { 38 return $this->name; 39 } 33 public function getPermission() 34 { 35 return $this->permission; 36 } 40 37 41 38 /** 42 * Get the academic unit id39 * Get perission attribute 43 40 * 44 * @return string the academic unit id. 41 * @param string permission's attribute name. 42 * @return mixed the permission attribute. 45 43 * @access public 46 44 */ 47 function getAcademicUnitId()45 public function getAttribute($attribute_name) 48 46 { 49 return $this-> academic_unit;47 return $this->permission[$attribute_name]; 50 48 } 51 49 } plugins/dcSamlPlugin/lib/saml/SamlUser.class.php
r33400 r33456 11 11 class SamlUser { 12 12 13 // Current user username, string 14 var $username; 15 16 // User email 17 var $email; 13 // User attributes 14 var $attributes; 18 15 19 // User per issions, UserPermission16 // User permissions 20 17 var $permissions; 21 22 // User saml person id23 var $person_id;24 18 25 19 /** 26 20 * Constructor 27 21 * 28 * @param string person_id 29 * @param string username of the user 30 * @param string user email 31 * @param array user permissions 22 * @param array attributes 32 23 * 33 24 * @access public 34 25 */ 35 public function __construct($person_id, $username, $email, $permissions) { 36 $this->person_id = $person_id; 37 $this->email = $email; 38 $this->permissions = $this->parsePermissions($permissions); 39 $this->username = $username; 26 public function __construct($attributes, $permissions) { 27 $this->attributes = $attributes; 28 $this->permissions = $this->parsePermissions($permissions); 40 29 } 41 30 42 /**43 * Gets the user name.44 *45 * @return string the username.46 *47 * @access public48 */49 public function getUsername() {50 return $this->username;51 }52 53 /**54 * Gets the user email.55 *56 * @return string the email.57 *58 * @access public59 */60 public function getEmail()61 {62 return $this->email;63 }64 65 31 /** 66 32 * Gets the user permissions. … … 74 40 return $this->permissions; 75 41 } 76 77 /** 78 * Gets the saml person id. 79 * 80 * @return string the person id. 81 * 82 * @access public 83 */ 84 public function getPersonId() 85 { 86 return $this->person_id; 87 } 88 42 89 43 /** 90 44 * Returns the parsed permissions … … 96 50 foreach($permissions as $permission) 97 51 { 98 $perms[] = new SamlPermission( $this->getPermissionName($permission->permission_name), $permission->academic_unit_id);52 $perms[] = new SamlPermission(get_object_vars($permission)); 99 53 } 100 54 return $perms; 101 55 } 102 56 103 /** 104 * Return the parsed permission name 105 * 106 * @param string $name 107 * @return string 108 */ 109 private function getPermissionName($name) 57 public function getAttribute($attribute) 110 58 { 111 $remove = sfConfig::get('app_dc_saml_plugin_remove_permission_prefix', ''); 112 return str_replace(!empty($remove)?$remove.'.':'', '', $name); 59 if (!method_exists($this, $method = sprintf('get%s', self::camelize($attribute)))) 60 { 61 return null; 62 } 63 return $this->$method(); 64 } 65 66 public function __call($method_name, $arguments) 67 { 68 // guess if method type is "set" or "get" 69 $method_type = substr($method_name, 0, 3); 70 // guess the attribute name, CamelCased (and ucfirst) 71 $attribute_name = substr($method_name, 3); 72 $attribute_name = sfInflector::underscore($attribute_name); 73 74 if ($method_type == "get") 75 { 76 if (isset($this->attributes[$attribute_name])) 77 { 78 return $this->attributes[$attribute_name]; 79 } 80 } 81 else if ($method_type == "set") 82 { 83 $this->attributes[$attribute_name] = $arguments[0]; 84 } 113 85 } 114 86 } plugins/dcSamlPlugin/lib/user/dcSamlSecurityUser.class.php
r33399 r33456 68 68 foreach($saml_user->getPermissions() as $permission) 69 69 { 70 $this->addCredential($permission->getName()); 70 $remove = sfConfig::get('app_dc_saml_plugin_remove_permission_prefix', ''); 71 $perm_name = $permission->getAttribute(sfConfig::get('app_dc_saml_plugin_attribute_name_of_the_credential_name', 'permission_name')); 72 if($remove == '') 73 { 74 if(strpos($perm_name, $remove) === 0) 75 { 76 $permission_name = str_replace(!empty($remove)?$remove.'.':'', '', $perm_name); 77 $this->addCredential($permission_name); 78 } 79 } 80 else 81 { 82 $this->addCredential($perm_name); 83 } 71 84 } 72 85 }
