Attribute mapping initialization error
'; } } - /** - * override + /** + * override */ - protected function initialize_fields_to_update_at_login() - { - /* - * Nothing is implemented here, as the initialization is already done when - * 'initialize_user_attributes_mapping()' is called; + protected function initialize_fields_to_update_at_login() { + /* + * Nothing is implemented here, as the initialization is already done when + * 'initialize_user_attributes_mapping()' is called; */ } - /** - * override + /** + * override */ - protected function initialize_role_attributes_mapping() - { - if (isset($this->config_xml_document)) - { + protected function initialize_role_attributes_mapping() { + if (isset($this->config_xml_document)) { $separator = $this->config_xml_document->xpath('/authentication/role_mapping/@name_separator'); $this->set_config_parameter(self :: RIGHTS_SEPARATOR, $separator[0]); $display_form = $this->config_xml_document->xpath('/authentication/role_mapping/@display_request_form_when_unclear'); - if (isset($display_form[0]) && $display_form[0] == 'true') - { + if (isset($display_form[0]) && $display_form[0] == 'true') { $this->set_display_rights_form_when_unclear_status(true); - } - else - { + } else { $this->set_display_rights_form_when_unclear_status(false); } @@ -257,141 +221,108 @@ $value_nodes = $this->config_xml_document->xpath('/authentication/role_mapping/value'); - foreach ($value_nodes as $value_node) - { + foreach ($value_nodes as $value_node) { $name = (string) $value_node->attributes()->name; $precedence = (string) $value_node->attributes()->precedence; $group_id = (string) $value_node->attributes()->group_id; $role_id = (string) $value_node->attributes()->role_id; - if (! array_key_exists($precedence, $role_mapping)) - { + if (!array_key_exists($precedence, $role_mapping)) { $role_mapping[$precedence] = array(); } - if (! array_key_exists($name, $role_mapping[$precedence])) - { + if (!array_key_exists($name, $role_mapping[$precedence])) { $role_mapping[$precedence][$name] = array(); $role_mapping[$precedence][$name]['group_id'] = array(); $role_mapping[$precedence][$name]['role_id'] = array(); } - if (isset($group_id) && strlen($group_id) > 0) - { + if (isset($group_id) && strlen($group_id) > 0) { $role_mapping[$precedence][$name]['group_id'][] = $group_id; } - if (isset($role_id) && strlen($role_id) > 0) - { + if (isset($role_id) && strlen($role_id) > 0) { $role_mapping[$precedence][$name]['role_id'][] = $role_id; } } $this->set_user_role_attribute_mapping($role_mapping); - } - else - { + } else { echo 'Role mapping initialization error
'; } } - /** - * Returns the current user logged through Shibboleth if he already - * exists in the datasource. Otherwise return null. - * - * @return User The current user if he already exists in the datasource + /** + * Returns the current user logged through Shibboleth if he already + * exists in the datasource. Otherwise return null. + * + * @return User The current user if he already exists in the datasource */ - protected function get_existing_user() - { + protected function get_existing_user() { $user_mapping = $this->get_user_attribute_mapping(); $shibboleth_id = $this->get_shibboleth_value($user_mapping[self :: PARAM_MAPPING_EXTERNAL_UID]['name']); $user = $this->retrieve_user_by_external_uid($shibboleth_id); - if (isset($user)) - { + if (isset($user)) { return $user; - } - else - { + } else { return null; } } - /** - * Creates and returns a new User based on the Shibboleth attributes - * - * @return User A new user + /** + * Creates and returns a new User based on the Shibboleth attributes + * + * @return User A new user */ - protected function get_new_user() - { + protected function get_new_user() { $user = new User(); $user = $this->set_user_attributes($user); return $user; } - /** - * override - * - * @param User $user - * @param array $fields_to_set - * @return User + /** + * override + * + * @param User $user + * @param array $fields_to_set + * @return User */ - protected function set_user_attributes($user, $fields_to_set = null) - { - foreach ($this->get_user_attribute_mapping() as $field_name => $field_source) - { + protected function set_user_attributes($user, $fields_to_set = null) { + foreach ($this->get_user_attribute_mapping() as $field_name => $field_source) { $must_set = true; - if (isset($fields_to_set) && is_array($fields_to_set) && count($fields_to_set) > 0 && ! in_array($field_name, $fields_to_set)) - { + if (isset($fields_to_set) && is_array($fields_to_set) && count($fields_to_set) > 0 && !in_array($field_name, $fields_to_set)) { $must_set = false; } - if ($must_set) - { + if ($must_set) { $value = $this->get_shibboleth_value($field_source['name']); - /* - * Default value if no value is found - */ - if (! isset($value)) - { - if (isset($field_source['default']) && strlen($field_source['default']) > 0) - { + /* + * Default value if no value is found + */ + if (!isset($value)) { + if (isset($field_source['default']) && strlen($field_source['default']) > 0) { $value = $field_source['default']; } } - if ($field_name == self :: PARAM_MAPPING_LANG) - { + if ($field_name == self :: PARAM_MAPPING_LANG) { $lang = $this->get_language_code($value); $user->set_language($lang); - } - elseif (method_exists($user, 'set_' . $field_name)) - { + } elseif (method_exists($user, 'set_' . $field_name)) { call_user_func_array(array($user, 'set_' . $field_name), array($value)); } } } - /* - * Default mandatory values if no mapping is defined - */ - // $user_lang = $user->get_language(); - // if (! isset($user_lang)) - // { - // $lang = $this->get_language_code(null); - // $user->set_language($lang); - // } - - - /* - * case of new user -> init some more default values + /* + * case of new user -> init some more default values */ $user_id = $user->get_id(); - if (! isset($user_id)) - { + if (!isset($user_id)) { $user->set_username($this->generate_username($user->get_firstname(), $user->get_lastname())); - $user->set_password(md5($this->generate_random_password())); //generate random password to prevent security hole if the user's auth_source is modified + $user->set_password(md5($this->generate_random_password())); //generate random password to prevent security hole if the user's auth_source is modified $user->set_auth_source($this->get_authentication_source_name()); $user->set_platformadmin(0); } @@ -399,60 +330,39 @@ return $user; } - /** - * Add the given user in groups and / or grant the user roles. - * The user must already have an id (as it is used to create groups and /or role links) - * - * @param User $user - * @return Boolean role(s) / group(s) affiliation result + /** + * Add the given user in groups and / or grant the user roles. + * The user must already have an id (as it is used to create groups and /or role links) + * + * @param User $user + * @return Boolean role(s) / group(s) affiliation result */ - protected function set_user_rights($user) - { - if ($this->has_user_role_attribute_mapping() && array_key_exists(self :: PARAM_MAPPING_AFFILIATION, $this->get_user_attribute_mapping())) - { + protected function set_user_rights($user) { + if ($this->has_user_role_attribute_mapping() && array_key_exists(self :: PARAM_MAPPING_AFFILIATION, $this->get_user_attribute_mapping())) { $user_id = $user->get_id(); - if (isset($user) && is_a($user, self :: USER_OBJECT_CLASSNAME) && isset($user_id)) - { - /* - * Deletes all user_role and user_group relations for the user - * before recreating them with his affiliation attribute + if (isset($user) && isset($user_id)) { + /* + * Deletes all user_role and user_group relations for the user + * before recreating them with his affiliation attribute */ - //$user_roles = $user->get_roles(); $user_groups = $user->get_user_groups(); - if (isset($user_groups)) - { - while ($user_group = $user_groups->next_result()) - { - if (! $user_group->delete()) - { + if (isset($user_groups)) { + while ($user_group = $user_groups->next_result()) { + if (!$user_group->delete()) { echo 'Unable to clear user groups'; } } } - // if (isset($user_roles)) - // { - // while ($user_role = $user_roles->next_result()) - // { - // if (! $user_role->delete()) - // { - // echo 'Unable to clear user roles'; - // } - // } - // } - - $user_mapping = $this->get_user_attribute_mapping(); $affiliation = $this->get_shibboleth_value($user_mapping[self :: PARAM_MAPPING_AFFILIATION]['name']); - /* - * Default value if no value is found + /* + * Default value if no value is found */ - if (! isset($affiliation)) - { - if (isset($user_mapping[self :: PARAM_MAPPING_AFFILIATION]['default']) && strlen($user_mapping[self :: PARAM_MAPPING_AFFILIATION]['default']) > 0) - { + if (!isset($affiliation)) { + if (isset($user_mapping[self :: PARAM_MAPPING_AFFILIATION]['default']) && strlen($user_mapping[self :: PARAM_MAPPING_AFFILIATION]['default']) > 0) { $affiliation = $user_mapping[self :: PARAM_MAPPING_AFFILIATION]['default']; } } @@ -461,157 +371,108 @@ $role_mapping = $this->get_user_role_attribute_mapping(); - /* - * If the user has an affiliation value that the config file doesn't know, - * his status is considered as unclear + /* + * If the user has an affiliation value that the config file doesn't know, + * his status is considered as unclear */ $configured_affiliation_values = array(); - foreach ($role_mapping as $mapping_for_precedence) - { - foreach ($mapping_for_precedence as $attribute_value => $rights) - { + foreach ($role_mapping as $mapping_for_precedence) { + foreach ($mapping_for_precedence as $attribute_value => $rights) { $configured_affiliation_values[] = $attribute_value; } } - foreach ($affiliation_values as $affiliation_value) - { - if (! in_array($affiliation_value, $configured_affiliation_values)) - { + foreach ($affiliation_values as $affiliation_value) { + if (!in_array($affiliation_value, $configured_affiliation_values)) { $this->user_status_is_unclear = true; } } - /* - * Loops on each level of precedence and checks if a corresponding - * user affiliation value is found. - * - * If a value is found in the user attributes, the link between - * the user and group(s) and / or role(s) are created. The process then stops, - * meaning we don't look for other precedence levels - * + /* + * Loops on each level of precedence and checks if a corresponding + * user affiliation value is found. + * + * If a value is found in the user attributes, the link between + * the user and group(s) and / or role(s) are created. The process then stops, + * meaning we don't look for other precedence levels + * */ $mapping_found = false; - foreach ($role_mapping as $mapping_for_precedence) - { - if ($mapping_found) - { + foreach ($role_mapping as $mapping_for_precedence) { + if ($mapping_found) { break; } $groups = array(); - // $roles = array(); - - foreach ($mapping_for_precedence as $attribute_value => $rights) - { - if (in_array($attribute_value, $affiliation_values)) - { - /* - * Find group mappings - */ - foreach ($rights['group_id'] as $group_id) - { - if (! in_array($group_id, $groups)) - { + foreach ($mapping_for_precedence as $attribute_value => $rights) { + if (in_array($attribute_value, $affiliation_values)) { + /* + * Find group mappings + */ + foreach ($rights['group_id'] as $group_id) { + if (!in_array($group_id, $groups)) { $groups[] = $group_id; } } - // /* - // * Find role mappings - // */ - // foreach ($rights['role_id'] as $role_id) - // { - // if (! in_array($role_id, $roles)) - // { - // $roles[] = $role_id; - // } - // } - $mapping_found = true; } } } - if (count($groups) > 0) - { - /* - * Create group_user records + if (count($groups) > 0) { + /* + * Create group_user records */ - foreach ($groups as $group_id) - { + foreach ($groups as $group_id) { $group_user = new GroupRelUser(); $group_user->set_user_id($user_id); $group_user->set_group_id($group_id); - if (! $group_user->create()) - { + if (!$group_user->create()) { echo 'Unable to add user in group ' . $group_id; } } } - - // if (count($roles) > 0) - // { - // /* - // * Create user_role records - // */ - // foreach ($roles as $role_id) - // { - // if (! $user->add_role_link($role_id)) - // { - // echo 'Unable to grant role ' . $role_id . ' to the user'; - // } - // } - // } - - return true; - } - else - { + } else { return false; } - } - else - { + } else { return false; } } - /** - * Return the shibboleth attribute value for the given attribute name - * - * So far Shibboleth gives values to PHP through HTTP headers (Shibboleth 1.x) or - * environment variables (Shibboleth 2) that can be read through the $_SERVER variable - * - * @param String $shibboleth_param_name the shibboleth attribute name - * @return String the shibboleth attribute value + /** + * Return the shibboleth attribute value for the given attribute name + * + * So far Shibboleth gives values to PHP through HTTP headers (Shibboleth 1.x) or + * environment variables (Shibboleth 2) that can be read through the $_SERVER variable + * + * @param String $shibboleth_param_name the shibboleth attribute name + * @return String the shibboleth attribute value */ - protected function get_shibboleth_value($shibboleth_param_name) - { + protected function get_shibboleth_value($shibboleth_param_name) { $request = new Request(); return $request->server($shibboleth_param_name); } - /** - * Print a table in the page with the current Shibboleth attributes. - * Mainly useful for debugging the Shibboleth system. - * - * Note: see file 'show_my_infos.php' to see how this method can be called - * + /** + * Print a table in the page with the current Shibboleth attributes. + * Mainly useful for debugging the Shibboleth system. + * + * Note: see file 'show_my_infos.php' to see how this method can be called + * */ - function print_shibboleth_attributes() - { + function print_shibboleth_attributes() { echo '| User property | Shibboleth parameter name | User value | Default value | '; echo '|||
|---|---|---|---|---|---|---|
| ' . $field_name . ' | '; @@ -626,6 +487,7 @@ echo '