Skip to content
Snippets Groups Projects
Commit 3d3b9da0 authored by renater.salaun's avatar renater.salaun
Browse files

Account profiles now defined as a TT2 data structure. We can now show the... 

Account profiles now defined as a TT2 data structure. We can now show the detailed user profiles on the account manager


git-svn-id: https://svn.geant.net/GEANT/edugain_testidp_account_manager/trunk@23 047e039d-479c-447e-8a29-aa6bf4a09bab
parent 30b5ad5e
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bin/account-manager-web.pl
+ 2
0
View file @ 3d3b9da0
...@@ -13,6 +13,7 @@ use CGI::Cookie; ...@@ -13,6 +13,7 @@ use CGI::Cookie;
use CGI::Util; use CGI::Util;
use Template; use Template;
use Template::Constants qw( :debug ); use Template::Constants qw( :debug );
use POSIX; use POSIX;
use IdPAccountManager::TestAccount; use IdPAccountManager::TestAccount;
...@@ -194,6 +195,7 @@ sub respond { ...@@ -194,6 +195,7 @@ sub respond {
ENCODING => 'iso-8859-1', ## le défaut apparemment ENCODING => 'iso-8859-1', ## le défaut apparemment
FILTERS => {'encode_utf8', => [\&IdPAccountManager::Tools::encode_utf8, 0], FILTERS => {'encode_utf8', => [\&IdPAccountManager::Tools::encode_utf8, 0],
'escape_quotes' => [\&IdPAccountManager::Tools::escape_quotes, 0]}, 'escape_quotes' => [\&IdPAccountManager::Tools::escape_quotes, 0]},
INCLUDE_PATH => $Conf::global{'root_manager_dir'}.':'.$Conf::global{'root_manager_dir'}.'/templates/accountProfiles',
#DEBUG => 'all', #DEBUG => 'all',
#DEBUG => 'caller', #DEBUG => 'caller',
#DEBUG => 'parser' #DEBUG => 'parser'
......
lib/IdPAccountManager/Tools.pm
+ 24
1
View file @ 3d3b9da0
package IdPAccountManager::Tools; package IdPAccountManager::Tools;
use Template; use Template;
# load Template::Stash to make method tables visible
use Template::Stash;
use Digest::SHA; use Digest::SHA;
use Encode; use Encode;
my %log_levels = ('debug' => 0, 'info' => 1, 'trace' => 1, 'notice' => 2, 'error' => 3); my %log_levels = ('debug' => 0, 'info' => 1, 'trace' => 1, 'notice' => 2, 'error' => 3);
INIT {
## a TT2 virtual method to get a variable type
$Template::Stash::LIST_OPS->{isa} = sub {
my $list = shift;
my $type = shift;
return 1 if ($type eq 'ARRAY');
return 0;
};
$Template::Stash::SCALAR_OPS->{isa} = sub {
my $list = shift;
my $type = shift;
return 1 if ($type eq 'SCALAR');
return 0;
};
}
# get SHA256 hash for a string # get SHA256 hash for a string
sub sha256_hash { sub sha256_hash {
...@@ -23,7 +44,7 @@ sub generate_password{ ...@@ -23,7 +44,7 @@ sub generate_password{
# 1-tirage des caractères obligatoires : les mettre dans un tableau # 1-tirage des caractères obligatoires : les mettre dans un tableau
my @uppers=('A'..'N','P'..'Z'); my @uppers=('A'..'N','P'..'Z');
my @lowers=('a'..'k','m'..'z'); my @lowers=('a'..'k','m'..'z');
my @punctuation=('%',';',':','!','?','&','$','*','(',')','{','}','[',']','<','>','.','=','-','#'); my @punctuation=(':','!','?','&','$','=','-','#');
my @numerics=('0'..'9'); my @numerics=('0'..'9');
my @rndtab; my @rndtab;
push(@rndtab,$uppers[rand @uppers]); push(@rndtab,$uppers[rand @uppers]);
...@@ -222,6 +243,8 @@ sub boolean2integer { ...@@ -222,6 +243,8 @@ sub boolean2integer {
return undef; return undef;
} }
1; # Magic true value required at end of module 1; # Magic true value required at end of module
__END__ __END__
......
templates/accountProfiles/student1.tt2
+ 13
10
View file @ 3d3b9da0
'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array( [% account_sp_entityid = account.get('sp_entityid') %]
'uid' => 'user[% account.get('id') %]', [% account_id = account.get('id') %]
'eduPersonAffiliation' => array('member', 'student'),
'eduPersonScopedAffiliation' => array('member@[% conf.idp_scope %]', 'student@[% conf.idp_scope %]'), [% SET account_profile = {
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'student'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "student@${conf.idp_scope}"],
'displayName' => 'John Kleinman', 'displayName' => 'John Kleinman',
'cn' => 'John Kleinman', 'cn' => 'John Kleinman',
'mail' => 'john.kleinman@[% conf.idp_scope %]', 'mail' => "john.kleinman@${conf.idp_scope}",
'eduPersonPrincipalName' =>'[% account.get('id') %]@[% conf.idp_scope %]', 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
'eduPersonTargetedID' =>'[% conf.idp_entityid %]![% account.get('sp_entityid') %]!X622UR2A7PG1uVhATobBOrMz+Ys=', 'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
'schacHomeOrganization' => '[% conf.idp_scope %]', 'schacHomeOrganization' => "${conf.idp_scope}",
'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university', 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university',
'associatedSP' => '[% account.get('sp_entityid') %]', } %]
),
templates/accountProfiles/teacher1.tt2
+ 14
10
View file @ 3d3b9da0
'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array( [% account_sp_entityid = account.get('sp_entityid') %]
'uid' => 'user[% account.get('id') %]', [% account_id = account.get('id') %]
'eduPersonAffiliation' => array('member', 'faculty'),
'eduPersonScopedAffiliation' => array('member@[% conf.idp_scope %]', 'faculty@[% conf.idp_scope %]'), [% SET account_profile = {
'uid' => "${account_id}",
'eduPersonAffiliation' => ['member', 'faculty'],
'eduPersonScopedAffiliation' => ["member@${conf.idp_scope}", "student@${conf.idp_scope}"],
'displayName' => 'Peter Smith', 'displayName' => 'Peter Smith',
'cn' => 'Peter Smith', 'cn' => 'Peter Smith',
'mail' => 'peter.smith@[% conf.idp_scope %]', 'mail' => "peter.smith@${conf.idp_scope}",
'eduPersonPrincipalName' =>'[% account.get('id') %]@[% conf.idp_scope %]', 'eduPersonPrincipalName' =>"${account_id}@${conf.idp_scope}",
'eduPersonTargetedID' =>'[% conf.idp_entityid %]![% account.get('sp_entityid') %]!X622UR2A7PG1uVhATobBOrMz+Ys=', 'eduPersonTargetedID' =>"${conf.idp_entityid}!${account_sp_entityid}!X622UR2A7PG1uVhATobBOrMz+Ys=",
'schacHomeOrganization' => '[% conf.idp_scope %]', 'schacHomeOrganization' => "${conf.idp_scope}",
'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university', 'schacHomeOrganizationType' => 'urn:schac:homeOrganizationType:int:university',
'associatedSP' => '[% account.get('sp_entityid') %]', } %]
),
templates/accountProfiles/valid-accounts.php.tt2
+ 13
1
View file @ 3d3b9da0
...@@ -4,6 +4,18 @@ $validTestAccounts = array ( ...@@ -4,6 +4,18 @@ $validTestAccounts = array (
'authcrypt:Hash', 'authcrypt:Hash',
[% FOREACH account IN accounts %] [% FOREACH account IN accounts %]
[% INCLUDE "${account.get('account_profile')}.tt2" %] [% PROCESS "${account.get('account_profile')}.tt2" %]
'user[% account.get('id') %]:{SHA256}[% account.get('user_password_hash') %]=' => array(
[% FOREACH attribute IN account_profile.pairs -%]
[% IF attribute.value.isa('SCALAR') -%]
'[% attribute.key %]' => '[% attribute.value %]',
[% ELSE -%]
'[% attribute.key %]' => array('[% attribute.value.join("','") %]'),
[% END %]
[% END %]
'associatedSP' => "${account_sp_entityid}",
),
[% END %] [% END %]
); );
templates/web/validate_token.tt2.html
+ 44
4
View file @ 3d3b9da0
<h3>Get test accounts</h3> <h3>Get test accounts</h3>
<script type="text/javascript">
jQuery(document).ready(function($){
$( ".account_details" ).dialog({
title: "Account details",
autoOpen: false,
buttons: {
Ok: function() {
$( this ).dialog( "close" );
}
}
});
[% FOREACH account IN test_accounts %]
$( "#show_account_details_[% account.get('id') %]" ).click(function() {
$("#account_details_[% account.get('id') %]").dialog( "open" );
});
[% END %]
});
</script>
<div> <div>
Your identity has been checked successfully. Your identity has been checked successfully.
...@@ -7,11 +30,28 @@ Test accounts with different profiles have been created for you, see details bel ...@@ -7,11 +30,28 @@ Test accounts with different profiles have been created for you, see details bel
expire in [% conf.accounts_validity_period %] days. Note also that these test accounts can only be used to login on your SP [% sp_entityid %]. expire in [% conf.accounts_validity_period %] days. Note also that these test accounts can only be used to login on your SP [% sp_entityid %].
<ol> <ol>
[% FOREACH test_account IN test_accounts %] [% FOREACH account IN test_accounts %]
<li>account profile: [% test_account.get('account_profile') %] <li>account profile: [% account.get('account_profile') %]
<dl> <dl>
<dd>user name: user[% test_account.get('id') %]</dd> <dd>user name: user[% account.get('id') %]</dd>
<dd>user password: [% test_account.get('user_password') %]</dd> <dd>user password: [% account.get('user_password') %]</dd>
<dd><button class="show_account_details" id="show_account_details_[% account.get('id') %]">show account details</button></dd>
<div class="account_details" id="account_details_[% account.get('id') %]">
[% PROCESS "${account.get('account_profile')}.tt2" %]
Below is the list of user attributes associated to this test account. After a successfull authentication process these attributes are transmited
via the SAML protocol from the Test Identity Provider to your Service Provider.
<ul>
[% FOREACH attribute IN account_profile.pairs -%]
[% IF attribute.value.isa('SCALAR') -%]
<li>[% attribute.key %]: [% attribute.value %]</li>
[% ELSE -%]
<li>[% attribute.key %]: [% attribute.value.join(",") %]</li>
[% END %]
[% END %]
</ul>
If you a customized test account with additionnal user attributes, you should contact <a href="mailto:[% conf.support_email %]">[% conf.support_email %]</a>.
</div>
</dl> </dl>
</li> </li>
[% END %] [% END %]
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment