Skip to content
Snippets Groups Projects
Commit 468264b6 authored by Valentin Pocotilenco's avatar Valentin Pocotilenco
Browse files

code refactoring

parent a809e63a
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/Constants/EarcUtils.php 0 → 100644
+ 28
0
View file @ 468264b6
<?php
namespace App\Constants;
abstract class EarcUtils
{
const COCO_GEANT_NET_URL = "http://www.geant.net/uri/dataprotection-code-of-conduct/v1";
const RS_REFEDS_ORG_URL = "http://refeds.org/category/research-and-scholarship";
const RS_SUPPORT_CATEGORY = "http://macedir.org/entity-category-support";
const RS_CATEGORY = "http://macedir.org/entity-category";
const RELEASE_CHECK_EDUGAIN = "https://release-check.edugain.org/results/";
const EARC_SP = [
'https://rns-ng.example.org/shibboleth',
'https://coco.example.org/shibboleth',
'https://noec.example.org/shibboleth',
// test
'https://rns-ng-earc.aai-dev.grnet.gr/shibboleth',
'https://coco-earc.aai-dev.grnet.gr/shibboleth',
'https://noec-earc.aai-dev.grnet.gr/shibboleth',
];
const EARC_REGIONAL_SP = [
'http://aai.grnet.gr/' => 'https://aai.grnet.gr',
'http://rr.aai.switch.ch/' => 'https://attribute-viewer.aai.switch.ch/interfederation-test/',
'http://taat.edu.ee' => 'https://eitja.taat.edu.ee/',
'http://eduid.hu' => 'https://attributes.eduid.hu',
];
}
\ No newline at end of file
app/Http/Controllers/AttrReleaseTestController.php
+ 6
2
View file @ 468264b6
...@@ -15,14 +15,18 @@ class AttrReleaseTestController extends Controller ...@@ -15,14 +15,18 @@ class AttrReleaseTestController extends Controller
{ {
$request->session()->put('test_allowed', true); $request->session()->put('test_allowed', true);
if ($request->has('sps')){ if ($request->has('sps'))
{
$sps = $request->input('sps'); $sps = $request->input('sps');
$redirect_url = "https://".parse_url($sps[0], PHP_URL_HOST)."/sp"; $redirect_url = "https://".parse_url($sps[0], PHP_URL_HOST)."/sp";
// Store the other SPs to checked in the session so that they can be retrieved later on // Store the other SPs to checked in the session so that they can be retrieved later on
if (count(array_slice($sps,1)) > 0){ if (count(array_slice($sps,1)) > 0)
{
$request->session()->put('remaining_sps', array_slice($sps,1)); $request->session()->put('remaining_sps', array_slice($sps,1));
} }
return redirect($redirect_url); return redirect($redirect_url);
} }
} }
......
app/Http/Controllers/HomeController.php
+ 6
3
View file @ 468264b6
...@@ -5,7 +5,6 @@ namespace App\Http\Controllers; ...@@ -5,7 +5,6 @@ namespace App\Http\Controllers;
use App\IdpResult; use App\IdpResult;
use App\Libraries\EarcUtils; use App\Libraries\EarcUtils;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use \SimpleSAML_Configuration;
class HomeController extends Controller class HomeController extends Controller
{ {
...@@ -17,12 +16,16 @@ class HomeController extends Controller ...@@ -17,12 +16,16 @@ class HomeController extends Controller
public function __invoke() public function __invoke()
{ {
session(['test_allowed' => 'true']); session(['test_allowed' => 'true']);
$sp_entities = EarcUtils::getSpMetadata(null); $sp_entities = EarcUtils::getSpMetadata(null);
$attributemap = EarcUtils::getAttributeMap(); $attributemap = EarcUtils::getAttributeMap();
//Get only the latest result for each IdP //Get only the latest result for each IdP
$idps = IdpResult::all()->unique('idp_entity_id'); $idps = IdpResult::all()->unique('idp_entity_id');
$historical_results = array(); $historical_results = [];
foreach ($idps as $idp){
foreach ($idps as $idp)
{
$historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id']) $historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id'])
->orderBy('created_at', 'desc') ->orderBy('created_at', 'desc')
->first(); ->first();
......
app/Http/Controllers/ResultsController.php
+ 67
30
View file @ 468264b6
...@@ -8,6 +8,7 @@ use App\TestResult; ...@@ -8,6 +8,7 @@ use App\TestResult;
use App\TestAttribute; use App\TestAttribute;
use App\Libraries\EarcUtils; use App\Libraries\EarcUtils;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use App\Constants\EarcUtils AS EarcConstants;
class ResultsController extends Controller class ResultsController extends Controller
{ {
...@@ -18,52 +19,82 @@ class ResultsController extends Controller ...@@ -18,52 +19,82 @@ class ResultsController extends Controller
{ {
//Get only the latest result for each IdP //Get only the latest result for each IdP
$idps = IdpResult::all()->unique('idp_entity_id'); $idps = IdpResult::all()->unique('idp_entity_id');
foreach ($idps as $idp) {
foreach ($idps as $idp)
{
$historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id'])->orderBy('created_at', 'desc')->first(); $historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id'])->orderBy('created_at', 'desc')->first();
} }
$idp_result = IdpResult::where('test_id', $test_id)->get(); $idp_result = IdpResult::where('test_id', $test_id)->get();
if (count($idp_result) > 0) {
if (count($idp_result) > 0)
{
$released_attributes = array(); $released_attributes = array();
$sp_entities = EarcUtils::getSpMetadata(null); $sp_entities = EarcUtils::getSpMetadata(null);
$test_results = TestResult::where('test_id', $test_id)->get(); $test_results = TestResult::where('test_id', $test_id)->get();
$test_attributes = TestAttribute::where('test_id', $test_id)->get(); $test_attributes = TestAttribute::where('test_id', $test_id)->get();
foreach ($test_results as $result) {
foreach ($test_results as $result)
{
$sp_entities[$result->sp_entityid]['tested'] = true; $sp_entities[$result->sp_entityid]['tested'] = true;
if ($result->sp_entityid == env('APP_URL_NOEC') . "/shibboleth") {
if (strpos($result->test_mark, 'F') !== false) { if ($result->sp_entityid == env('APP_URL_NOEC') . "/shibboleth")
{
if (strpos($result->test_mark, 'F') !== false)
{
$verdict[$result->sp_entityid]['comment'] = 'Good data privacy but bad usability.'; $verdict[$result->sp_entityid]['comment'] = 'Good data privacy but bad usability.';
} elseif (strpos($result->test_mark, 'A') !== false) { }
elseif (strpos($result->test_mark, 'A') !== false)
{
$verdict[$result->sp_entityid]['comment'] = 'Good usability but bad data privacy.'; $verdict[$result->sp_entityid]['comment'] = 'Good usability but bad data privacy.';
} else { }
else
{
$verdict[$result->sp_entityid]['comment'] = $result->test_comment; $verdict[$result->sp_entityid]['comment'] = $result->test_comment;
} }
$verdict[$result->sp_entityid]['mark'] = ''; $verdict[$result->sp_entityid]['mark'] = '';
} else { }
else
{
$verdict[$result->sp_entityid]['mark'] = $result->test_mark; $verdict[$result->sp_entityid]['mark'] = $result->test_mark;
$verdict[$result->sp_entityid]['comment'] = $result->test_comment; $verdict[$result->sp_entityid]['comment'] = $result->test_comment;
} }
$released_attributes[$result->sp_entityid] = array();
$released_attributes[$result->sp_entityid] = [];
} }
foreach ($test_attributes as $attribute) {
foreach ($test_attributes as $attribute)
{
$released_attributes[$attribute->sp_entityid][$attribute->attr_name] = $attribute->attr_value_multiplicity; $released_attributes[$attribute->sp_entityid][$attribute->attr_name] = $attribute->attr_value_multiplicity;
} }
foreach ($sp_entities as $sp) {
if (array_key_exists('tested', $sp)) { foreach ($sp_entities as $sp)
if (array_key_exists('attributeNamesRequired', $sp)) { {
if (EarcUtils::isRnsIndicated($sp)) { if (array_key_exists('tested', $sp))
if (array_key_exists('eduPersonScopedAffiliation', $released_attributes[$sp['entityid']])) { {
if (array_key_exists('attributeNamesRequired', $sp))
{
if (EarcUtils::isRnsIndicated($sp))
{
if (array_key_exists('eduPersonScopedAffiliation', $released_attributes[$sp['entityid']]))
{
$sp['attributeNamesRequired'][] = 'eduPersonScopedAffiliation'; $sp['attributeNamesRequired'][] = 'eduPersonScopedAffiliation';
} }
if (array_key_exists('eduPersonTargetedID', $released_attributes[$sp['entityid']])) {
if (array_key_exists('eduPersonTargetedID', $released_attributes[$sp['entityid']]))
{
$sp['attributeNamesRequired'][] = 'eduPersonTargetedID'; $sp['attributeNamesRequired'][] = 'eduPersonTargetedID';
} }
} }
$sp_entities[$sp['entityid']]['superfluous_attributes'] = array_diff(array_keys($released_attributes[$sp['entityid']]), $sp['attributeNamesRequired']); $sp_entities[$sp['entityid']]['superfluous_attributes'] = array_diff(array_keys($released_attributes[$sp['entityid']]), $sp['attributeNamesRequired']);
} }
} }
} }
$regional_earc = array_key_exists($idp_result[0]['registration_authority'], config('app.regional_earc'))
? config('app.regional_earc')[$idp_result[0]['registration_authority']] $regional_earc = array_key_exists($idp_result[0]['registration_authority'], EarcConstants::EARC_REGIONAL_SP)
? EarcConstants::EARC_REGIONAL_SP[$idp_result[0]['registration_authority']]
: null; : null;
return view('results', ['historical_results' => $historical_results, return view('results', ['historical_results' => $historical_results,
...@@ -72,38 +103,44 @@ class ResultsController extends Controller ...@@ -72,38 +103,44 @@ class ResultsController extends Controller
'verdict' => $verdict, 'verdict' => $verdict,
'sp_entities' => $sp_entities, 'sp_entities' => $sp_entities,
'released_attributes' => $released_attributes, ]); 'released_attributes' => $released_attributes, ]);
} else { }
abort(404);
} abort(404);
} }
public function getHistoricalResults() public function getHistoricalResults()
{ {
$idps = IdpResult::all()->unique('idp_entity_id'); $idps = IdpResult::all()->unique('idp_entity_id');
foreach ($idps as $idp) { foreach ($idps as $idp)
{
$historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id'])->orderBy('created_at', 'desc')->first(); $historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id'])->orderBy('created_at', 'desc')->first();
} }
foreach ($historical_results as $key => $result) { foreach ($historical_results as $key => $result)
{
$historical_results[$key]['test_result'] = TestResult::where('test_id', $result['test_id'])->get(); $historical_results[$key]['test_result'] = TestResult::where('test_id', $result['test_id'])->get();
$historical_results[$key]['result_page'] = 'https://release-check.edugain.org/results/' . $historical_results[$key]['test_id']; $historical_results[$key]['result_page'] = EarcConstants::RELEASE_CHECK_EDUGAIN . $historical_results[$key]['test_id'];
$historical_results[$key]['date'] = $historical_results[$key]['created_at']; $historical_results[$key]['date'] = $historical_results[$key]['created_at'];
foreach ($historical_results[$key]['test_result'] as $tkey => $tvalue) {
if ($historical_results[$key]['test_result'][$tkey]['sp_entityid'] == env('APP_URL_NOEC') . "/shibboleth") { foreach ($historical_results[$key]['test_result'] as $tkey => $tvalue)
{
if ($historical_results[$key]['test_result'][$tkey]['sp_entityid'] == env('APP_URL_NOEC') . "/shibboleth")
{
unset($historical_results[$key]['test_result'][$tkey]); unset($historical_results[$key]['test_result'][$tkey]);
continue; continue;
} }
unset($historical_results[$key]['test_result'][$tkey]['test_comment']); unset($historical_results[$key]['test_result'][$tkey]['test_comment']);
unset($historical_results[$key]['test_result'][$tkey]['created_at']); unset($historical_results[$key]['test_result'][$tkey]['created_at']);
unset($historical_results[$key]['test_result'][$tkey]['updated_at']); unset($historical_results[$key]['test_result'][$tkey]['updated_at']);
unset($historical_results[$key]['test_result'][$tkey]['id']); unset($historical_results[$key]['test_result'][$tkey]['id']);
unset($historical_results[$key]['test_result'][$tkey]['test_id']); unset($historical_results[$key]['test_result'][$tkey]['test_id']);
} }
unset($historical_results[$key]['created_at']); unset($historical_results[$key]['created_at']);
unset($historical_results[$key]['updated_at']); unset($historical_results[$key]['updated_at']);
unset($historical_results[$key]['id']); unset($historical_results[$key]['id']);
unset($historical_results[$key]['test_id']); unset($historical_results[$key]['test_id']);
} }
return $historical_results; return $historical_results;
...@@ -114,15 +151,15 @@ class ResultsController extends Controller ...@@ -114,15 +151,15 @@ class ResultsController extends Controller
$idp_entity_id = urldecode($idp_entity_id); $idp_entity_id = urldecode($idp_entity_id);
$historical_result = IdpResult::where('idp_entity_id', $idp_entity_id)->orderBy('created_at', 'desc')->first(); $historical_result = IdpResult::where('idp_entity_id', $idp_entity_id)->orderBy('created_at', 'desc')->first();
if (count($historical_result)>0) { if (count($historical_result)>0)
{
$historical_result['datetime'] = $historical_result['created_at']; $historical_result['datetime'] = $historical_result['created_at'];
$historical_result['result_page'] = 'https://release-check.edugain.org/results/' . $historical_result['test_id']; $historical_result['result_page'] = EarcConstants::RELEASE_CHECK_EDUGAIN . $historical_result['test_id'];
unset($historical_result['test_comment']); unset($historical_result['test_comment']);
unset($historical_result['created_at']); unset($historical_result['created_at']);
unset($historical_result['updated_at']); unset($historical_result['updated_at']);
unset($historical_result['id']); unset($historical_result['id']);
unset($historical_result['test_id']); unset($historical_result['test_id']);
} }
return $historical_result; return $historical_result;
......
app/Libraries/EarcUtils.php
+ 193
110
View file @ 468264b6
...@@ -3,32 +3,23 @@ ...@@ -3,32 +3,23 @@
namespace app\Libraries; namespace app\Libraries;
use Illuminate\Support\Facades\Storage; use Illuminate\Support\Facades\Storage;
use app\Libraries\MetadataUtils; use Illuminate\Support\Facades\Log;
use PSpell\Config; use App\Constants\EarcUtils;
class EarcUtils class EarcUtils
{ {
/*private $utils;
public function __construct()
{
$this->utils = new MetadataUtils();
}*/
public function getEncatName($value) public function getEncatName($value)
{ {
switch ($value) { switch ($value) {
case 'http://www.geant.net/uri/dataprotection-code-of-conduct/v1': case EarcUtils::COCO_GEANT_NET_URL:
$ret = 'Code of Conduct'; $ret = 'Code of Conduct';
break; break;
case 'http://refeds.org/category/research-and-scholarship': case EarcUtils::RS_REFEDS_ORG_URL:
$ret = 'Research & Scholarship'; $ret = 'Research & Scholarship';
break; break;
default: default:
$ret = 'None'; $ret = 'None';
} }
return $ret; return $ret;
} }
...@@ -49,7 +40,7 @@ class EarcUtils ...@@ -49,7 +40,7 @@ class EarcUtils
} }
else else
{ {
$sps = config('app.earc_sps'); $sps = EarcUtils::EARC_SP;
} }
foreach ($sps as $key => $sp_entity_id ) foreach ($sps as $key => $sp_entity_id )
...@@ -68,18 +59,29 @@ class EarcUtils ...@@ -68,18 +59,29 @@ class EarcUtils
if (array_key_exists('attributes', $metadata[$sp_entity_id])) if (array_key_exists('attributes', $metadata[$sp_entity_id]))
{ {
$sp_metadata[$sp_entity_id]['attributes'] = $metadata[$sp_entity_id]['attributes']; try
$sp_metadata[$sp_entity_id]['attributesRequired'] = array_unique($metadata[$sp_entity_id]['attributes.required']);
foreach ($metadata[$sp_entity_id]['attributes'] as $oid)
{ {
$sp_metadata[$sp_entity_id]['attributeNames'][] = $attributemap[$oid]; $sp_metadata[$sp_entity_id]['attributes'] = $metadata[$sp_entity_id]['attributes'];
$sp_metadata[$sp_entity_id]['attributesRequired'] = $metadata[$sp_entity_id]['attributes.required'] ? array_unique($metadata[$sp_entity_id]['attributes.required']) : [];
foreach ($metadata[$sp_entity_id]['attributes'] as $oid)
{
$sp_metadata[$sp_entity_id]['attributeNames'][] = $attributemap[$oid];
}
foreach ($sp_metadata[$sp_entity_id]['attributesRequired'] as $oid)
{
$sp_metadata[$sp_entity_id]['attributeNamesRequired'][] = $attributemap[$oid];
}
} }
catch(\Exception $e)
foreach ($sp_metadata[$sp_entity_id]['attributesRequired'] as $oid)
{ {
$sp_metadata[$sp_entity_id]['attributeNamesRequired'][] = $attributemap[$oid]; Log::error("Failed to parse entity metadata:" . $e->getMessage());
$sp_metadata[$sp_entity_id]['attributeNames'] = [];
$sp_metadata[$sp_entity_id]['attributeNamesRequired'] = [];
} }
} }
elseif (self::isRnsIndicated($sp_metadata[$sp_entity_id])) elseif (self::isRnsIndicated($sp_metadata[$sp_entity_id]))
{ {
...@@ -94,9 +96,12 @@ class EarcUtils ...@@ -94,9 +96,12 @@ class EarcUtils
} }
} }
if (null != $sp_entity_id_input) { if (null != $sp_entity_id_input)
{
return $sp_metadata[$sp_entity_id_input]; return $sp_metadata[$sp_entity_id_input];
} else { }
else
{
return $sp_metadata; return $sp_metadata;
} }
} }
...@@ -128,20 +133,26 @@ class EarcUtils ...@@ -128,20 +133,26 @@ class EarcUtils
public static function getRegistrationAuthority($idp_metadata) public static function getRegistrationAuthority($idp_metadata)
{ {
$decoded = base64_decode($idp_metadata['entityDescriptor']); $decoded = base64_decode($idp_metadata['entityDescriptor']);
if (preg_match('/registrationAuthority=\"(.*)\"/U', $decoded, $match)) {
return $match[1]; if (preg_match('/registrationAuthority=\"(.*)\"/U', $decoded, $match))
} else { {
return; return $match[1] ?? 'Not found';
} }
return 'Not found';
} }
public static function isRnsSupportIndicated($idp_metadata) public static function isRnsSupportIndicated($idp_metadata)
{ {
$ret = false; $ret = false;
if (array_key_exists('EntityAttributes', $idp_metadata) && array_key_exists('http://macedir.org/entity-category-support', $idp_metadata['EntityAttributes']) && is_array($idp_metadata['EntityAttributes']['http://macedir.org/entity-category-support'])) {
foreach ($idp_metadata['EntityAttributes']['http://macedir.org/entity-category-support'] as $encat) { if (array_key_exists('EntityAttributes', $idp_metadata) && array_key_exists(EarcUtils::RS_SUPPORT_CATEGORY, $idp_metadata['EntityAttributes']) && is_array($idp_metadata['EntityAttributes'][EarcUtils::RS_SUPPORT_CATEGORY]))
if ($encat === 'http://refeds.org/category/research-and-scholarship') { {
$ret = true; foreach ($idp_metadata['EntityAttributes'][EarcUtils::RS_SUPPORT_CATEGORY] as $encat)
{
if ($encat === EarcUtils::RS_REFEDS_ORG_URL)
{
$ret = true;
} }
} }
} }
...@@ -152,9 +163,12 @@ class EarcUtils ...@@ -152,9 +163,12 @@ class EarcUtils
public static function isRnsIndicated($sp_metadata) public static function isRnsIndicated($sp_metadata)
{ {
$ret = false; $ret = false;
if (array_key_exists('EntityAttributes', $sp_metadata) && array_key_exists('http://macedir.org/entity-category', $sp_metadata['EntityAttributes']) && is_array($sp_metadata['EntityAttributes']['http://macedir.org/entity-category'])) { if (array_key_exists('EntityAttributes', $sp_metadata) && array_key_exists(EarcUtils::RS_CATEGORY, $sp_metadata['EntityAttributes']) && is_array($sp_metadata['EntityAttributes'][EarcUtils::RS_CATEGORY]))
foreach ($sp_metadata['EntityAttributes']['http://macedir.org/entity-category'] as $encat) { {
if ($encat === 'http://refeds.org/category/research-and-scholarship') { foreach ($sp_metadata['EntityAttributes'][EarcUtils::RS_CATEGORY] as $encat)
{
if ($encat === EarcUtils::RS_REFEDS_ORG_URL)
{
$ret = true; $ret = true;
} }
} }
...@@ -166,27 +180,37 @@ class EarcUtils ...@@ -166,27 +180,37 @@ class EarcUtils
public static function checkAttributeSyntax($attributeName, $attributeValue) public static function checkAttributeSyntax($attributeName, $attributeValue)
{ {
$failed = array(); $failed = array();
if (in_array($attributeName, array('eduPersonPrincipalName', 'mail', 'eduPersonScopedAffiliation'))) {
if (!filter_var($attributeValue, FILTER_VALIDATE_EMAIL)) { if (in_array($attributeName, array('eduPersonPrincipalName', 'mail', 'eduPersonScopedAffiliation')))
{
if (!filter_var($attributeValue, FILTER_VALIDATE_EMAIL))
{
$failed[] = $attributeName; $failed[] = $attributeName;
} }
} elseif ($attributeName == 'schacHomeOrganizationType') { }
if (!preg_match('/urn:schac:homeOrganizationType:/', $attributeValue)) { elseif ($attributeName == 'schacHomeOrganizationType')
{
if (!preg_match('/urn:schac:homeOrganizationType:/', $attributeValue))
{
$failed[] = $attributeName; $failed[] = $attributeName;
} }
} }
if (!empty($failed)) {
if (!empty($failed))
{
return implode(',', $failed); return implode(',', $failed);
} else { }
return true;
} return true;
} }
public static function isMinimalSubsetSent($released_attributes) public static function isMinimalSubsetSent($released_attributes)
{ {
$minimalSubset = array('eduPersonPrincipalName', 'mail', 'displayName'); $minimalSubset = array('eduPersonPrincipalName', 'mail', 'displayName');
foreach ($minimalSubset as $attributeName) { foreach ($minimalSubset as $attributeName)
if (!array_key_exists($attributeName, $released_attributes) && !self::canBeRedundant($attributeName, $released_attributes)) { {
if (!array_key_exists($attributeName, $released_attributes) && !self::canBeRedundant($attributeName, $released_attributes))
{
return false; return false;
} }
} }
...@@ -197,8 +221,11 @@ class EarcUtils ...@@ -197,8 +221,11 @@ class EarcUtils
public static function isBasicSubsetSent($released_attributes) public static function isBasicSubsetSent($released_attributes)
{ {
$minimalSubset = array('eduPersonPrincipalName', 'eduPersonTargetedID', 'eduPersonUniqueId'); $minimalSubset = array('eduPersonPrincipalName', 'eduPersonTargetedID', 'eduPersonUniqueId');
foreach ($minimalSubset as $attributeName) {
if (array_key_exists($attributeName, $released_attributes)) { foreach ($minimalSubset as $attributeName)
{
if (array_key_exists($attributeName, $released_attributes))
{
return true; return true;
} }
} }
...@@ -209,47 +236,53 @@ class EarcUtils ...@@ -209,47 +236,53 @@ class EarcUtils
public static function canBeRedundant($attributeName, $released_attributes) public static function canBeRedundant($attributeName, $released_attributes)
{ {
if (($attributeName == 'schacHomeOrganization' && (array_key_exists('eduPersonPrincipalName', $released_attributes) || array_key_exists('eduPersonScopedAffiliation', $released_attributes))) || if (($attributeName == 'schacHomeOrganization' && (array_key_exists('eduPersonPrincipalName', $released_attributes) || array_key_exists('eduPersonScopedAffiliation', $released_attributes))) ||
($attributeName == 'cn' && (array_key_exists('sn', $released_attributes) && array_key_exists('givenName', $released_attributes))) ||
($attributeName == 'eduPersonAffiliation' && (array_key_exists('eduPersonScopedAffiliation', $released_attributes))) || ($attributeName == 'eduPersonAffiliation' && (array_key_exists('eduPersonScopedAffiliation', $released_attributes))) ||
($attributeName == 'cn' && array_key_exists('displayName', $released_attributes)) || ($attributeName == 'cn' && ((array_key_exists('sn', $released_attributes) && array_key_exists('givenName', $released_attributes)) || array_key_exists('displayName', $released_attributes))) ||
($attributeName == 'sn' && array_key_exists('displayName', $released_attributes)) || ($attributeName == 'sn' && (array_key_exists('displayName', $released_attributes) || array_key_exists('cn', $released_attributes))) ||
($attributeName == 'sn' && array_key_exists('cn', $released_attributes)) || ($attributeName == 'givenName' && (array_key_exists('displayName', $released_attributes) || array_key_exists('cn', $released_attributes))) ||
($attributeName == 'givenName' && array_key_exists('displayName', $released_attributes)) || ($attributeName == 'displayName' && ((array_key_exists('sn', $released_attributes) && array_key_exists('givenName', $released_attributes)) || array_key_exists('cn', $released_attributes)))
($attributeName == 'givenName' && array_key_exists('cn', $released_attributes)) || )
($attributeName == 'displayName' && (array_key_exists('sn', $released_attributes) && array_key_exists('givenName', $released_attributes))) || {
($attributeName == 'displayName' && array_key_exists('cn', $released_attributes))
) {
return true; return true;
} else { }
return false;
} return false;
} }
public static function getExtraPoints($mark, $sp, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes) public static function getExtraPoints($mark, $sp, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes)
{ {
$ret = ''; $ret = '';
switch ($mark) { switch ($mark)
{
case 'A': case 'A':
if (self::isRnsSupportIndicated($idp_metadata)) { if (self::isRnsSupportIndicated($idp_metadata))
{
$ret = '+'; $ret = '+';
} else { }
else
{
$ret = '-'; $ret = '-';
} }
break; break;
default: default:
// IdP sends superfluous non-personal information // IdP sends superfluous non-personal information
if (count($superfluous_attributes) > 0) { if (count($superfluous_attributes) > 0)
foreach ($superfluous_attributes as $attributeName) { {
if (in_array($attributeName, $non_personal_attributes)) { foreach ($superfluous_attributes as $attributeName)
{
if (in_array($attributeName, $non_personal_attributes))
{
$ret = '-'; $ret = '-';
break; break;
} }
} }
} }
// Redundant attributes are missing, but information is available // Redundant attributes are missing, but information is available
foreach ($sp['attributeNames'] as $attributeName) { foreach ($sp['attributeNames'] as $attributeName)
if (!array_key_exists($attributeName, $released_attributes) && self::canBeRedundant($attributeName, $released_attributes)) { {
if (!array_key_exists($attributeName, $released_attributes) && self::canBeRedundant($attributeName, $released_attributes))
{
$ret = '-'; $ret = '-';
} }
} }
...@@ -271,84 +304,123 @@ class EarcUtils ...@@ -271,84 +304,123 @@ class EarcUtils
{ {
// The attribute is decoded as eduPersonTargetedID // The attribute is decoded as eduPersonTargetedID
// The NameID value is decoded as persistent-id // The NameID value is decoded as persistent-id
if (array_key_exists('eduPersonTargetedID', $released_attributes) && array_key_exists('persistent-id', $released_attributes)) { if (array_key_exists('eduPersonTargetedID', $released_attributes) && array_key_exists('persistent-id', $released_attributes))
if ($released_attributes['eduPersonTargetedID'] == $released_attributes['persistent-id']) { {
if ($released_attributes['eduPersonTargetedID'] == $released_attributes['persistent-id'])
{
unset($released_attributes['persistent-id']); unset($released_attributes['persistent-id']);
} }
return $released_attributes; return $released_attributes;
} elseif (!array_key_exists('eduPersonTargetedID', $released_attributes) && array_key_exists('persistent-id', $released_attributes)) { }
elseif (!array_key_exists('eduPersonTargetedID', $released_attributes) && array_key_exists('persistent-id', $released_attributes))
{
$released_attributes['eduPersonTargetedID'] = $released_attributes['persistent-id']; $released_attributes['eduPersonTargetedID'] = $released_attributes['persistent-id'];
unset($released_attributes['persistent-id']); unset($released_attributes['persistent-id']);
return $released_attributes; return $released_attributes;
} elseif (array_key_exists('eduPersonTargetedID', $released_attributes) && !array_key_exists('persistent-id', $released_attributes)) { }
elseif (array_key_exists('eduPersonTargetedID', $released_attributes) && !array_key_exists('persistent-id', $released_attributes))
{
//This should give an error ? //This should give an error ?
return $released_attributes; return $released_attributes;
} else { }
return $released_attributes;
} return $released_attributes;
} }
public static function calculateVerdictForAnSP($sp_entity_id, $released_attributes, $idp_entityid) public static function calculateVerdictForAnSP($sp_entity_id, $released_attributes, $idp_entityid)
{ {
$additional_information = array(); $additional_information = [];
$single_valued_attributes = array('eduPersonTargetedID', 'eduPersonPrincipalName', 'sn', 'givenName', 'displayName', 'preferredLanguage', 'schacDateOfBirth', 'schacYearOfBirth', 'schacPersonalTitle', 'eduPersonNickName', 'eduPersonPrimaryOrgUnitDN'); $single_valued_attributes = ['eduPersonTargetedID', 'eduPersonPrincipalName', 'sn', 'givenName',
$non_personal_attributes = array('schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonAffiliation', 'eduPersonScopedAffiliation', 'o', 'swissEduPersonHomeOrganization', 'swissEduPersonHomeOrganizationType'); 'displayName', 'preferredLanguage', 'schacDateOfBirth', 'schacYearOfBirth',
$rns_attributes = array('eduPersonPrincipalName', 'mail', 'displayName', 'givenName', 'sn', 'eduPersonScopedAffiliation'); 'schacPersonalTitle', 'eduPersonNickName', 'eduPersonPrimaryOrgUnitDN'];
$non_personal_attributes = ['schacHomeOrganization', 'schacHomeOrganizationType', 'eduPersonAffiliation',
'eduPersonScopedAffiliation', 'o', 'swissEduPersonHomeOrganization',
'swissEduPersonHomeOrganizationType'];
$rns_attributes = ['eduPersonPrincipalName', 'mail', 'displayName', 'givenName',
'sn', 'eduPersonScopedAffiliation'];
$sp_metadata = self::getSpMetadata($sp_entity_id); $sp_metadata = self::getSpMetadata($sp_entity_id);
if (self::isRnsIndicated($sp_metadata)) { if (self::isRnsIndicated($sp_metadata))
{
$superfluous_attributes = array_diff(array_keys($released_attributes), $sp_metadata['attributeNamesRequired']); $superfluous_attributes = array_diff(array_keys($released_attributes), $sp_metadata['attributeNamesRequired']);
$superfluous_attributes = array_diff($superfluous_attributes, $rns_attributes); $superfluous_attributes = array_diff($superfluous_attributes, $rns_attributes);
} else { }
else
{
$superfluous_attributes = array_diff(array_keys($released_attributes), $sp_metadata['attributeNamesRequired']); $superfluous_attributes = array_diff(array_keys($released_attributes), $sp_metadata['attributeNamesRequired']);
} }
$idp_metadata = self::getIdpMetadata($idp_entityid); $idp_metadata = self::getIdpMetadata($idp_entityid);
// F: No attributes received // F: No attributes received
if (count(array_keys($released_attributes)) == 0) { if (count(array_keys($released_attributes)) == 0)
{
return array('mark' => 'F', 'text' => 'No attributes received', 'additional_information' => $additional_information); return array('mark' => 'F', 'text' => 'No attributes received', 'additional_information' => $additional_information);
} }
// F: R&S category support is indicated but its requirements are not satisfied // F: R&S category support is indicated but its requirements are not satisfied
if (self::isRnsSupportIndicated($idp_metadata) && self::isRnsIndicated($sp_metadata) && !self::isMinimalSubsetSent($released_attributes)) { if (self::isRnsSupportIndicated($idp_metadata) && self::isRnsIndicated($sp_metadata) && !self::isMinimalSubsetSent($released_attributes))
{
return array('mark' => 'F', 'text' => 'R&S category support is indicated but its requirements are not satisfied', 'additional_information' => $additional_information); return array('mark' => 'F', 'text' => 'R&S category support is indicated but its requirements are not satisfied', 'additional_information' => $additional_information);
} }
// F: Incorrect value syntax (except for eptid) // F: Incorrect value syntax (except for eptid)
foreach ($released_attributes as $attributeName => $attributeValues) { foreach ($released_attributes as $attributeName => $attributeValues)
if (in_array($attributeName, $single_valued_attributes) && count($attributeValues) > 1) { {
if (in_array($attributeName, $single_valued_attributes) && count($attributeValues) > 1)
{
return array('mark' => 'F', 'text' => 'Incorrect value syntax, got multiple values for a single value attribute', 'additional_information' => $additional_information); return array('mark' => 'F', 'text' => 'Incorrect value syntax, got multiple values for a single value attribute', 'additional_information' => $additional_information);
} }
if ($attributeName != 'eduPersonTargetedID') {
foreach ($attributeValues as $attributeValue) { if ($attributeName != 'eduPersonTargetedID')
{
foreach ($attributeValues as $attributeValue)
{
$checkResult = self::checkAttributeSyntax($attributeName, $attributeValue); $checkResult = self::checkAttributeSyntax($attributeName, $attributeValue);
if (!$checkResult) {
if (!$checkResult)
{
return array('mark' => 'F', 'text' => 'Incorrect value syntax: '.$checkResult, 'additional_information' => $additional_information); return array('mark' => 'F', 'text' => 'Incorrect value syntax: '.$checkResult, 'additional_information' => $additional_information);
} }
} }
} }
} }
// D: IdP does not release minimal and does not indicate RnS support // D: IdP does not release minimal and does not indicate RnS support
if (!self::isMinimalSubsetSent($released_attributes) && self::isRnsSupportIndicated($idp_metadata) && self::isRnsIndicated($sp_metadata)) { if (!self::isMinimalSubsetSent($released_attributes) && self::isRnsSupportIndicated($idp_metadata) && self::isRnsIndicated($sp_metadata))
{
return array('mark' => 'D', 'text' => 'REFEDS R&S Entity Category is not supported. Consider enabling support, more information can be found in <a href="https://wiki.refeds.org/display/ENT/Research+and+Scholarship+FAQ">REFEDS wiki</a>', 'additional_information' => $additional_information); return array('mark' => 'D', 'text' => 'REFEDS R&S Entity Category is not supported. Consider enabling support, more information can be found in <a href="https://wiki.refeds.org/display/ENT/Research+and+Scholarship+FAQ">REFEDS wiki</a>', 'additional_information' => $additional_information);
} }
// D: IdP sends some subset of the requested information, but no persistent identifier as specified in basic information // D: IdP sends some subset of the requested information, but no persistent identifier as specified in basic information
if (!self::isBasicSubsetSent($released_attributes)) { if (!self::isBasicSubsetSent($released_attributes))
{
return array('mark' => 'D', 'text' => 'IdP sends some subset of the requested information, but no persistent identifier as specified in basic information', 'additional_information' => $additional_information); return array('mark' => 'D', 'text' => 'IdP sends some subset of the requested information, but no persistent identifier as specified in basic information', 'additional_information' => $additional_information);
} }
// D: IdP sends superfluous _personal_ information // D: IdP sends superfluous _personal_ information
if (count($superfluous_attributes) > 0) { if (count($superfluous_attributes) > 0)
foreach ($superfluous_attributes as $attributeName) { {
if (!self::canBeRedundant($attributeName, $released_attributes)) { foreach ($superfluous_attributes as $attributeName)
if (!in_array($attributeName, $non_personal_attributes)) { {
if ($attributeName == 'eduPersonEntitlement' && count($released_attributes['eduPersonEntitlement']) == 1 && $released_attributes['eduPersonEntitlement'][0] == 'urn:mace:dir:entitlement:common-lib-terms') { if (!self::canBeRedundant($attributeName, $released_attributes))
{
if (!in_array($attributeName, $non_personal_attributes))
{
if ($attributeName == 'eduPersonEntitlement' && count($released_attributes['eduPersonEntitlement']) == 1 && $released_attributes['eduPersonEntitlement'][0] == 'urn:mace:dir:entitlement:common-lib-terms')
{
unset($superfluous_attributes[array_search('eduPersonEntitlement', $superfluous_attributes)]); unset($superfluous_attributes[array_search('eduPersonEntitlement', $superfluous_attributes)]);
$additional_information[] = 'eduPersonEntitlement attribute with "urn:mace:dir:entitlement:common-lib-terms" value has been sent, but it was not required.'; $additional_information[] = 'eduPersonEntitlement attribute with "urn:mace:dir:entitlement:common-lib-terms" value has been sent, but it was not required.';
continue; continue;
} }
if ($attributeName == 'eduPersonTargetedID') {
if ($attributeName == 'eduPersonTargetedID')
{
unset($superfluous_attributes[array_search('eduPersonTargetedID', $superfluous_attributes)]); unset($superfluous_attributes[array_search('eduPersonTargetedID', $superfluous_attributes)]);
$additional_information[] = 'eduPersonTargetedID has been sent, but it was not required.'; $additional_information[] = 'eduPersonTargetedID has been sent, but it was not required.';
continue; continue;
...@@ -361,19 +433,27 @@ class EarcUtils ...@@ -361,19 +433,27 @@ class EarcUtils
} }
// C: IdP sends eduPersonTargetedId with the wrong (legacy) syntax // C: IdP sends eduPersonTargetedId with the wrong (legacy) syntax
if (array_key_exists('eduPersonTargetedID', $released_attributes)) { if (array_key_exists('eduPersonTargetedID', $released_attributes))
if (filter_var($released_attributes['eduPersonTargetedID'], FILTER_VALIDATE_EMAIL)) { {
if (filter_var($released_attributes['eduPersonTargetedID'], FILTER_VALIDATE_EMAIL))
{
return array('mark' => 'C'.self::getExtraPoints('C', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'IdP sends eduPersonTargetedId with the wrong (legacy) syntax', 'additional_information' => $additional_information); return array('mark' => 'C'.self::getExtraPoints('C', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'IdP sends eduPersonTargetedId with the wrong (legacy) syntax', 'additional_information' => $additional_information);
} }
} }
// C: IdP sends basic information while some required information is missing // C: IdP sends basic information while some required information is missing
if (self::isBasicSubsetSent($released_attributes)) { if (self::isBasicSubsetSent($released_attributes))
foreach ($sp_metadata['attributeNamesRequired'] as $attribute) { {
if (!array_key_exists($attribute, $released_attributes) && !self::canBeRedundant($attribute, $released_attributes)) { foreach ($sp_metadata['attributeNamesRequired'] as $attribute)
if (self::isRnsIndicated($sp_metadata) && $attribute == 'eduPersonTargetedId' && array_key_exists('eduPersonPrincipalName', $released_attributes)) { {
if (!array_key_exists($attribute, $released_attributes) && !self::canBeRedundant($attribute, $released_attributes))
{
if (self::isRnsIndicated($sp_metadata) && $attribute == 'eduPersonTargetedId' && array_key_exists('eduPersonPrincipalName', $released_attributes))
{
$remark = true; $remark = true;
} else { }
else
{
return array('mark' => 'C'.self::getExtraPoints('C', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'IdP sends basic information while some required information is missing', 'additional_information' => $additional_information); return array('mark' => 'C'.self::getExtraPoints('C', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'IdP sends basic information while some required information is missing', 'additional_information' => $additional_information);
} }
} }
...@@ -381,23 +461,26 @@ class EarcUtils ...@@ -381,23 +461,26 @@ class EarcUtils
} }
// B: IdP sends minimal information // B: IdP sends minimal information
if (self::isMinimalSubsetSent(array_keys($released_attributes))) { if (self::isMinimalSubsetSent(array_keys($released_attributes)))
foreach ($sp_metadata['attributeNames'] as $attribute) { {
if (!array_key_exists($attribute, $released_attributes) && !self::canBeRedundant($attribute, $released_attributes)) { foreach ($sp_metadata['attributeNames'] as $attribute)
{
if (!array_key_exists($attribute, $released_attributes) && !self::canBeRedundant($attribute, $released_attributes))
{
return array('mark' => 'B'.self::getExtraPoints('B', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'IdP sends minimal information', 'additional_information' => $additional_information); return array('mark' => 'B'.self::getExtraPoints('B', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'IdP sends minimal information', 'additional_information' => $additional_information);
} }
} }
} }
// A-: IdP sends some non personal superfluous attributes // A-: IdP sends some non personal superfluous attributes
if (count($superfluous_attributes) > 0) { if (count($superfluous_attributes) > 0)
{
return array('mark' => 'A'.self::getExtraPoints('B', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'IdP sends all necessary information but sends some non-personal superfluous attributes ('.implode(',', $superfluous_attributes).') as well.', 'additional_information' => $additional_information); return array('mark' => 'A'.self::getExtraPoints('B', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'IdP sends all necessary information but sends some non-personal superfluous attributes ('.implode(',', $superfluous_attributes).') as well.', 'additional_information' => $additional_information);
} }
// A: IdP sends all necessary information // A: IdP sends all necessary information
if (count($superfluous_attributes) == 0) { if (count($superfluous_attributes) == 0)
{
return array('mark' => 'A'.self::getExtraPoints('A', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'Great! IdP sends all necessary information', 'additional_information' => $additional_information); return array('mark' => 'A'.self::getExtraPoints('A', $sp_metadata, $released_attributes, $superfluous_attributes, $idp_metadata, $non_personal_attributes), 'text' => 'Great! IdP sends all necessary information', 'additional_information' => $additional_information);
} }
} }
......
config/app.php
+ 0
25
View file @ 468264b6
...@@ -124,31 +124,6 @@ return [ ...@@ -124,31 +124,6 @@ return [
'log_level' => env('APP_LOG_LEVEL', 'debug'), 'log_level' => env('APP_LOG_LEVEL', 'debug'),
/*
|---------------------------------------------------------------------------
|EARC specific Configuration
|
|
*/
// XXX Updated using ansible
'earc_sps' => [
'https://rns-ng.example.org/shibboleth',
'https://coco.example.org/shibboleth',
'https://noec.example.org/shibboleth',
],
'regional_earc' => [
'http://aai.grnet.gr/' => 'https://aai.grnet.gr',
'http://rr.aai.switch.ch/' => 'https://attribute-viewer.aai.switch.ch/interfederation-test/',
'http://taat.edu.ee' => 'https://eitja.taat.edu.ee/',
'http://eduid.hu' => 'https://attributes.eduid.hu',
],
'metadata_url' => env('METADATA_URL', ""),
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Autoloaded Service Providers | Autoloaded Service Providers
......
config/metadata.php
+ 2
0
View file @ 468264b6
<?php <?php
return [ return [
'metadata_url' => env('METADATA_URL', ""),
'sp_remote_metadata_filename' => 'saml20-sp-remote.php', 'sp_remote_metadata_filename' => 'saml20-sp-remote.php',
'idp_remote_metadata_filename' => 'saml20-idp-remote.php', 'idp_remote_metadata_filename' => 'saml20-idp-remote.php',
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment