From 21df9facc865e568df5508a34914216ead1b0ab9 Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Fri, 24 Nov 2017 16:25:37 +0100
Subject: [PATCH] allow per-service configuration override

---
 bin/account-manager.pl.in           |  9 ++++---
 conf/manager.conf.in                |  7 +++++
 lib/IdPAccountManager/WebRequest.pm | 40 +++++++++++++++++------------
 3 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/bin/account-manager.pl.in b/bin/account-manager.pl.in
index 92a6e29..802827e 100755
--- a/bin/account-manager.pl.in
+++ b/bin/account-manager.pl.in
@@ -96,10 +96,13 @@ sub add_account {
     die "Failed to create test account\n"
         unless $test_account;
 
+    my $entity = $options{sp_entityid};
+    my $validity_period =
+        $configuration->{$entity}->{account_validity_period} ||
+        $configuration->{service}->{account_validity_period};
+
     die "Failed to save test account\n"
-        unless $test_account->save(
-            accounts_validity_period => $configuration->{service}->{account_validity_period}
-        );
+        unless $test_account->save(accounts_validity_period => $validity_period);
 
     printf "Account created:\n\tuserid: user%d\n\tpassword: %s\n",
       $test_account->id(), $test_account->password();
diff --git a/conf/manager.conf.in b/conf/manager.conf.in
index d81efe0..363f473 100644
--- a/conf/manager.conf.in
+++ b/conf/manager.conf.in
@@ -37,6 +37,7 @@ entityid = https://my.fqdn/simplesaml/saml2/idp/metadata.php
 displayname = eduGAIN Access Check
 accounts_file = @sysconfdir@/accounts.php
 
+# default parameters for all services
 [service]
 # validity period of test accounts, in days
 account_validity_period = 7
@@ -44,3 +45,9 @@ account_validity_period = 7
 account_profiles = fullset1, limitedset1, generic1, student1, student2, teacher1, teacher2, alumni1, librarywalkin1, employee1, researcher1
 # override contacts defined in metadata if defined
 contacts = john@my.fqdn, sarah@my.fqdn
+
+# service-specific parameters
+[https://my.service.fqdn]
+account_validity_period = 90
+account_profiles = student1, teacher1
+contacts = john@my.fqdn
diff --git a/lib/IdPAccountManager/WebRequest.pm b/lib/IdPAccountManager/WebRequest.pm
index e10acc6..0de49e5 100644
--- a/lib/IdPAccountManager/WebRequest.pm
+++ b/lib/IdPAccountManager/WebRequest.pm
@@ -258,12 +258,12 @@ sub req_select_sp {
         }
     }
 
-    if ($self->{configuration}->{service}->{contacts}) {
-        # replace SP contacts
-        $provider->contacts(
-            split(/, */, $self->{configuration}->{service}->{contacts})
-        );
-    }
+    # replace metadata contacts from configuration contacts if defined
+    my $entity = $self->{in}->{sp_entityid};
+    my $contacts =
+        $self->{configuration}->{$entity}->{contacts} ||
+        $self->{configuration}->{service}->{contacts};
+    $provider->contacts(split(/, */, $contacts)) if $contacts;
 
     $self->{out}->{provider} = $provider;
     $self->{out}->{subtitle} = 'Select your Service Provider';
@@ -299,12 +299,12 @@ sub req_generate_token {
         return;
     }
 
-    if ($self->{configuration}->{service}->{contacts}) {
-        # replace SP contacts
-        $provider->contacts(
-            split(/, */, $self->{configuration}->{service}->{contacts})
-        );
-    }
+    # replace metadata contacts from configuration contacts if defined
+    my $entity = $self->{in}->{sp_entityid};
+    my $contacts =
+        $self->{configuration}->{$entity}->{contacts} ||
+        $self->{configuration}->{service}->{contacts};
+    $provider->contacts(split(/, */, $contacts)) if $contacts;
 
     ## Check that email_address is a known contact for this SP
     unless ($provider->is_contact($self->{in}->{email_address}))
@@ -464,17 +464,23 @@ sub req_validate_token {
     ## create test accounts
     my @accounts;
 
-    foreach my $profile (split(/, */, $self->{configuration}->{service}->{account_profiles})) {
+    my $entity = $self->{in}->{sp_entityid};
+    my $profiles =
+        $self->{configuration}->{$entity}->{account_profiles} ||
+        $self->{configuration}->{service}->{account_profiles};
+    my $validity_period =
+        $self->{configuration}->{$entity}->{account_validity_period} ||
+        $self->{configuration}->{service}->{account_validity_period};
+
+    foreach my $profile (split(/, */, $profiles)) {
         my $account = IdPAccountManager::TestAccount->new(
             db          => $self->{db},
             profile     => $profile,
-            sp_entityid => $self->{in}->{sp_entityid},
+            sp_entityid => $entity,
             scope       => $self->{configuration}->{idp}->{scope},
         );
         next unless $account;
-        next unless $account->save(
-            accounts_validity_period => $self->{configuration}->{service}->{account_validity_period}
-        );
+        next unless $account->save(accounts_validity_period => $validity_period);
         push @accounts, $account;
     }
 
-- 
GitLab