Initial commit

ce4be120 · Davide Vaghetti · ce4be120 · ce4be120 · ce4be120 · ce4be120
Commit ce4be120 authored 4 years ago by Davide Vaghetti
--- a/.gitattributes
+++ b/.gitattributes
+* text=auto
+*.css linguist-vendored
+*.scss linguist-vendored
--- a/.gitignore
+++ b/.gitignore
+/node_modules
+/public/storage
+/vendor
+/.idea
+Homestead.json
+Homestead.yaml
+.env
--- a/README.md
+++ b/README.md
+# EduGAIN Attribute Release Check
--- a/access-test.txt
+++ b/access-test.txt
+It works
--- a/ansible.yml
+++ b/ansible.yml
+---
+- hosts: all
+  vars:
+    laravel_root_dir: /var/www/earc-deployed
+    laravel_strategy: git
+    laravel_repo: ssh://git@code.geant.net:7999/gn4sa2t2/edugain-attribute-release-check.git
+    laravel_composer_options: '--no-dev --optimize-autoloader --no-interaction'
+    laravel_branch: test
+    ansible_ssh_user: niif.frank
+    laravel_asset_options: ''
+  roles:
+    - ansible-laravel5-deploy
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
+<?php
+namespace App\Console;
+use Illuminate\Console\Scheduling\Schedule;
+use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
+class Kernel extends ConsoleKernel
+{
+    /**
+     * The Artisan commands provided by your application.
+     *
+     * @var array
+     */
+    protected $commands = [
+        //
+    ];
+    /**
+     * Define the application's command schedule.
+     *
+     * @param  \Illuminate\Console\Scheduling\Schedule  $schedule
+     * @return void
+     */
+    protected function schedule(Schedule $schedule)
+    {
+        // $schedule->command('inspire')
+        //          ->hourly();
+    }
+    /**
+     * Register the Closure based commands for the application.
+     *
+     * @return void
+     */
+    protected function commands()
+    {
+        require base_path('routes/console.php');
+    }
+}
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
+<?php
+namespace App\Exceptions;
+use Exception;
+use Illuminate\Auth\AuthenticationException;
+use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+class Handler extends ExceptionHandler
+{
+    /**
+     * A list of the exception types that should not be reported.
+     *
+     * @var array
+     */
+    protected $dontReport = [
+        \Illuminate\Auth\AuthenticationException::class,
+        \Illuminate\Auth\Access\AuthorizationException::class,
+        \Symfony\Component\HttpKernel\Exception\HttpException::class,
+        \Illuminate\Database\Eloquent\ModelNotFoundException::class,
+        \Illuminate\Session\TokenMismatchException::class,
+        \Illuminate\Validation\ValidationException::class,
+    ];
+    /**
+     * Report or log an exception.
+     *
+     * This is a great spot to send exceptions to Sentry, Bugsnag, etc.
+     *
+     * @param  \Exception  $exception
+     * @return void
+     */
+    public function report(Exception $exception)
+    {
+        parent::report($exception);
+    }
+    /**
+     * Render an exception into an HTTP response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Exception  $exception
+     * @return \Illuminate\Http\Response
+     */
+    public function render($request, Exception $exception)
+    {
+        return parent::render($request, $exception);
+    }
+    /**
+     * Convert an authentication exception into an unauthenticated response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Illuminate\Auth\AuthenticationException  $exception
+     * @return \Illuminate\Http\Response
+     */
+    protected function unauthenticated($request, AuthenticationException $exception)
+    {
+        if ($request->expectsJson()) {
+            return response()->json(['error' => 'Unauthenticated.'], 401);
+        }
+        return redirect()->guest('login');
+    }
+}
--- a/app/Http/Controllers/AttrReleaseTestController.php
+++ b/app/Http/Controllers/AttrReleaseTestController.php
+<?php
+namespace App\Http\Controllers;
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+class AttrReleaseTestController extends Controller
+{
+    /**
+     * Initiates the test
+     *
+     */
+    public function __invoke(Request $request)
+    {   
+        if ($request->has('sps')){
+            $sps = $request->input('sps');
+            $redirect_url = "https://".parse_url($sps[0], PHP_URL_HOST)."/sp";
+            // Store the other SPs to checked in the session so that they can be retrieved later on
+            $request->session()->put('test_allowed', true);
+            if (count(array_slice($sps,1)) > 0){
+                $request->session()->put('remaining_sps', array_slice($sps,1));
+            }
+            return redirect($redirect_url);
+        }
+    }
+}
--- a/app/Http/Controllers/Auth/ForgotPasswordController.php
+++ b/app/Http/Controllers/Auth/ForgotPasswordController.php
+<?php
+namespace App\Http\Controllers\Auth;
+use App\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
+class ForgotPasswordController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Password Reset Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password reset emails and
+    | includes a trait which assists in sending these notifications from
+    | your application to your users. Feel free to explore this trait.
+    |
+    */
+    use SendsPasswordResetEmails;
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('guest');
+    }
+}
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
+<?php
+namespace App\Http\Controllers\Auth;
+use App\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\AuthenticatesUsers;
+class LoginController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Login Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller handles authenticating users for the application and
+    | redirecting them to your home screen. The controller uses a trait
+    | to conveniently provide its functionality to your applications.
+    |
+    */
+    use AuthenticatesUsers;
+    /**
+     * Where to redirect users after login.
+     *
+     * @var string
+     */
+    protected $redirectTo = '/home';
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('guest', ['except' => 'logout']);
+    }
+}
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
+<?php
+namespace App\Http\Controllers\Auth;
+use App\User;
+use Validator;
+use App\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\RegistersUsers;
+class RegisterController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Register Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller handles the registration of new users as well as their
+    | validation and creation. By default this controller uses a trait to
+    | provide this functionality without requiring any additional code.
+    |
+    */
+    use RegistersUsers;
+    /**
+     * Where to redirect users after login / registration.
+     *
+     * @var string
+     */
+    protected $redirectTo = '/home';
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('guest');
+    }
+    /**
+     * Get a validator for an incoming registration request.
+     *
+     * @param  array  $data
+     * @return \Illuminate\Contracts\Validation\Validator
+     */
+    protected function validator(array $data)
+    {
+        return Validator::make($data, [
+            'name' => 'required|max:255',
+            'email' => 'required|email|max:255|unique:users',
+            'password' => 'required|min:6|confirmed',
+        ]);
+    }
+    /**
+     * Create a new user instance after a valid registration.
+     *
+     * @param  array  $data
+     * @return User
+     */
+    protected function create(array $data)
+    {
+        return User::create([
+            'name' => $data['name'],
+            'email' => $data['email'],
+            'password' => bcrypt($data['password']),
+        ]);
+    }
+}
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
+<?php
+namespace App\Http\Controllers\Auth;
+use App\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\ResetsPasswords;
+class ResetPasswordController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Password Reset Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password reset requests
+    | and uses a simple trait to include this behavior. You're free to
+    | explore this trait and override any methods you wish to tweak.
+    |
+    */
+    use ResetsPasswords;
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('guest');
+    }
+}
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
+<?php
+namespace App\Http\Controllers;
+use Illuminate\Foundation\Bus\DispatchesJobs;
+use Illuminate\Routing\Controller as BaseController;
+use Illuminate\Foundation\Validation\ValidatesRequests;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
+class Controller extends BaseController
+{
+    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
+}
--- a/app/Http/Controllers/HomeController.php
+++ b/app/Http/Controllers/HomeController.php
+<?php
+namespace App\Http\Controllers;
+use App\IdpResult;
+use App\Libraries\EarcUtils;
+use App\Http\Controllers\Controller;
+use \SimpleSAML_Configuration;
+class HomeController extends Controller
+{
+    /**
+     * Retrieve the historical results and allow user to start the test
+     *
+     * @return Response
+     */
+    public function __invoke()
+    {
+        $sp_entities = EarcUtils::getSpMetadata(null);
+        $attributemap = EarcUtils::getAttributeMap();
+        //Get only the latest result for each IdP
+        $idps = IdpResult::all()->unique('idp_entity_id');
+        $historical_results = array();
+        foreach ($idps as $idp){
+            $historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id'])
+                ->orderBy('created_at', 'desc')
+                ->first();
+        }
+        return view('home', ['historical_results' => $historical_results,
+                             'sp_entities' => $sp_entities,
+                             'attributemap' => $attributemap]);
+    }
+}
--- a/app/Http/Controllers/ResultsController.php
+++ b/app/Http/Controllers/ResultsController.php
+<?php
+namespace app\Http\Controllers;
+use App\Http\Controllers\Controller;
+use App\IdpResult;
+use App\TestResult;
+use App\TestAttribute;
+use App\Libraries\EarcUtils;
+use Illuminate\Http\Request;
+class ResultsController extends Controller
+{
+    /**
+     * Show Results.
+     */
+    public function __invoke(Request $request, $test_id)
+    {
+        //Get only the latest result for each IdP
+        $idps = IdpResult::all()->unique('idp_entity_id');
+        foreach ($idps as $idp) {
+            $historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id'])->orderBy('created_at', 'desc')->first();
+        }
+        $idp_result = IdpResult::where('test_id', $test_id)->get();
+        if (count($idp_result) > 0) {
+            $released_attributes = array();
+            $sp_entities = EarcUtils::getSpMetadata(null);
+            $test_results = TestResult::where('test_id', $test_id)->get();
+            $test_attributes = TestAttribute::where('test_id', $test_id)->get();
+            foreach ($test_results as $result) {
+                $sp_entities[$result->sp_entityid]['tested'] = true;
+                if ($result->sp_entityid == 'https://noec.release-check.edugain.org/shibboleth') {
+                    if (strpos($result->test_mark, 'F') !== false) {
+                        $verdict[$result->sp_entityid]['comment'] = 'Good data privacy but bad usability.';
+                    } elseif (strpos($result->test_mark, 'A') !== false) {
+                        $verdict[$result->sp_entityid]['comment'] = 'Good usability but bad data privacy.';
+                    } else {
+                        $verdict[$result->sp_entityid]['comment'] = $result->test_comment;
+                    }
+                    $verdict[$result->sp_entityid]['mark'] = '';
+                } else {
+                    $verdict[$result->sp_entityid]['mark'] = $result->test_mark;
+                    $verdict[$result->sp_entityid]['comment'] = $result->test_comment;
+                }
+                $released_attributes[$result->sp_entityid] = array();
+            }
+            foreach ($test_attributes as $attribute) {
+                $released_attributes[$attribute->sp_entityid][$attribute->attr_name] = $attribute->attr_value_multiplicity;
+            }
+            foreach ($sp_entities as $sp) {
+                if (array_key_exists('tested', $sp)) {
+                    if (array_key_exists('attributeNamesRequired', $sp)) {
+                        if (EarcUtils::isRnsIndicated($sp)) {
+                            if (array_key_exists('eduPersonScopedAffiliation', $released_attributes[$sp['entityid']])) {
+                                $sp['attributeNamesRequired'][] = 'eduPersonScopedAffiliation';
+                            }
+                            if (array_key_exists('eduPersonTargetedID', $released_attributes[$sp['entityid']])) {
+                                $sp['attributeNamesRequired'][] = 'eduPersonTargetedID';
+                            }
+                        }
+                        $sp_entities[$sp['entityid']]['superfluous_attributes'] = array_diff(array_keys($released_attributes[$sp['entityid']]), $sp['attributeNamesRequired']);
+                    }
+                }
+            }
+            $regional_earc = array_key_exists($idp_result[0]['registration_authority'], config('app.regional_earc'))
+                ? config('app.regional_earc')[$idp_result[0]['registration_authority']]
+                : null;
+            return view('results', ['historical_results' => $historical_results,
+                'idp' => $idp_result[0],
+                'regional_earc' => $regional_earc,
+                'verdict' => $verdict,
+                'sp_entities' => $sp_entities,
+                'released_attributes' => $released_attributes, ]);
+        } else {
+            abort(404);
+        }
+    }
+    public function getHistoricalResults()
+    {
+        $idps = IdpResult::all()->unique('idp_entity_id');
+        foreach ($idps as $idp) {
+            $historical_results[] = IdpResult::where('idp_entity_id', $idp['idp_entity_id'])->orderBy('created_at', 'desc')->first();
+        }
+        foreach ($historical_results as $key => $result) {
+            $historical_results[$key]['test_result'] = TestResult::where('test_id', $result['test_id'])->get();
+            $historical_results[$key]['result_page'] = 'https://release-check.edugain.org/results/' . $historical_results[$key]['test_id'];
+            $historical_results[$key]['date'] = $historical_results[$key]['created_at'];
+            foreach ($historical_results[$key]['test_result'] as $tkey => $tvalue) {
+                if ($historical_results[$key]['test_result'][$tkey]['sp_entityid'] == 'https://noec.release-check.edugain.org/shibboleth') {
+                    unset($historical_results[$key]['test_result'][$tkey]);
+                    continue;
+                }
+                unset($historical_results[$key]['test_result'][$tkey]['test_comment']);
+                unset($historical_results[$key]['test_result'][$tkey]['created_at']);
+                unset($historical_results[$key]['test_result'][$tkey]['updated_at']);
+                unset($historical_results[$key]['test_result'][$tkey]['id']);
+                unset($historical_results[$key]['test_result'][$tkey]['test_id']);
+            }
+            unset($historical_results[$key]['created_at']);
+            unset($historical_results[$key]['updated_at']);
+            unset($historical_results[$key]['id']);
+            unset($historical_results[$key]['test_id']);
+        }
+        return $historical_results;
+    }
+    public function getSingleHistoricalResult(Request $request, $idp_entity_id)
+    {
+        $idp_entity_id = urldecode($idp_entity_id);
+        $historical_result = IdpResult::where('idp_entity_id', $idp_entity_id)->orderBy('created_at', 'desc')->first();
+        if (count($historical_result)>0) {
+            $historical_result['datetime'] = $historical_result['created_at'];
+            $historical_result['result_page'] = 'https://release-check.edugain.org/results/' . $historical_result['test_id'];
+            unset($historical_result['test_comment']);
+            unset($historical_result['created_at']);
+            unset($historical_result['updated_at']);
+            unset($historical_result['id']);
+            unset($historical_result['test_id']);
+        }
+        return $historical_result;
+    }
+}
--- a/app/Http/Controllers/ServiceProviderController.php
+++ b/app/Http/Controllers/ServiceProviderController.php
+<?php
+namespace App\Http\Controllers;
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+use App\TestAttribute;
+use App\TestResult;
+use App\IdpResult;
+use App\Libraries\EarcUtils;
+use Carbon\Carbon; 
+class ServiceProviderController extends Controller
+{
+    /**
+     * Handles the SP part
+     *
+     */
+    public function __invoke(Request $request)
+    {
+        if ($request->server->has('SHIB_Shib-Identity-Provider')){
+                $idp_entityid_param = "&entityID=" . $request->server->get('SHIB_Shib-Identity-Provider');
+        }else{
+                $idp_entityid_param="";
+        }
+        $attribute = array();
+        foreach ($request->server as $key => $value ){
+            if ((starts_with($key, "SHIB_") && !(starts_with($key,"SHIB_Shib")))){
+                $values = explode(';', $value);
+                foreach ($values as $v){
+                    $attribute[str_replace("SHIB_", "", $key)][] = $v;
+                }
+            }
+        }
+        $current_sp = str_replace(".", "_", $request->server->get('SHIB_Shib-Application-ID'));
+        $request->session()->put("released_attributes." . $current_sp , $attribute);
+        if (count($request->session()->get('remaining_sps')) > 0){
+            $remaining_sps = $request->session()->get('remaining_sps');
+            $redirect_url = "https://" . parse_url($remaining_sps[0], PHP_URL_HOST) . 
+                            "/Shibboleth.sso/Login?target=" . 
+                            urlencode("https://" . parse_url($remaining_sps[0], PHP_URL_HOST)."/sp") . 
+                            $idp_entityid_param;
+            $request->session()->put('remaining_sps',array_slice($remaining_sps,1));
+            return redirect($redirect_url);
+        }else{
+            $test_id = $this->store_results($request);
+            $request->session()->forget('remaining_sps');
+            $request->session()->forget('test_allowed');
+            $request->session()->forget('released_attributes');
+            return redirect(config('app.url')."/results/".$test_id);
+        }
+    }
+    private function store_results($request){
+        //Store the attributes
+        $idp_entity_id = $request->server->get('SHIB_Shib-Identity-Provider');
+        $now = Carbon::now();
+        $idp_result = new IdpResult;
+        $idp_metadata = EARCUtils::getIdpMetadata($request->server->get('SHIB_Shib-Identity-Provider'));
+        $idp_result->idp_entity_id = $idp_entity_id;
+        $idp_result->idp_name = $idp_metadata['name']['en'];
+        $idp_result->registration_authority = EARCUtils::getRegistrationAuthority($idp_metadata); 
+        $test_id = str_random(48);
+        $idp_result->test_id = $test_id;
+        $idp_result->save();
+        $released_attributes = $request->session()->get('released_attributes');
+        foreach ($released_attributes as $current_sp => $attributes){
+            $current_sp = "https://".str_replace('_',".", $current_sp) . "/shibboleth";
+            $attributes = EarcUtils::handleEptid($attributes);
+            foreach ($attributes as $attr_name => $attr_values){
+                $test_attr = new TestAttribute;
+                $test_attr->attr_name = $attr_name;
+                $test_attr->attr_value_multiplicity = count($attr_values);
+                $test_attr->sp_entityid = $current_sp;
+                $test_attr->test_id = $test_id;
+                $test_attr->save();
+            }
+            $test_result = new TestResult;
+            $test_result->test_id = $test_id;
+            $test_result->sp_entityid = $current_sp;
+            $verdict = EarcUtils::calculateVerdictForAnSP($current_sp, $attributes, $idp_entity_id);
+            $test_result->test_mark = $verdict['mark'];
+            $test_result->test_comment = $verdict['text'];
+            $test_result->save();
+        }
+        return $test_id;
+    }
+}
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
+<?php
+namespace App\Http;
+use Illuminate\Foundation\Http\Kernel as HttpKernel;
+class Kernel extends HttpKernel
+{
+    /**
+     * The application's global HTTP middleware stack.
+     *
+     * These middleware are run during every request to your application.
+     *
+     * @var array
+     */
+    protected $middleware = [
+        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
+    ];
+    /**
+     * The application's route middleware groups.
+     *
+     * @var array
+     */
+    protected $middlewareGroups = [
+        'web' => [
+            \App\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+            \App\Http\Middleware\VerifyCsrfToken::class,
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        ],
+        'api' => [
+            'throttle:60,1',
+            'bindings',
+        ],
+    ];
+    /**
+     * The application's route middleware.
+     *
+     * These middleware may be assigned to groups or used individually.
+     *
+     * @var array
+     */
+    protected $routeMiddleware = [
+        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
+        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
+        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        'can' => \Illuminate\Auth\Middleware\Authorize::class,
+        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
+        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'testallowed' => \App\Http\Middleware\TestAllowed::class,
+    ];
+}
--- a/app/Http/Middleware/EncryptCookies.php
+++ b/app/Http/Middleware/EncryptCookies.php
+<?php
+namespace App\Http\Middleware;
+use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter;
+class EncryptCookies extends BaseEncrypter
+{
+    /**
+     * The names of the cookies that should not be encrypted.
+     *
+     * @var array
+     */
+    protected $except = [
+        //
+    ];
+}
--- a/app/Http/Middleware/RedirectIfAuthenticated.php
+++ b/app/Http/Middleware/RedirectIfAuthenticated.php
+<?php
+namespace App\Http\Middleware;
+use Closure;
+use Illuminate\Support\Facades\Auth;
+class RedirectIfAuthenticated
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @param  string|null  $guard
+     * @return mixed
+     */
+    public function handle($request, Closure $next, $guard = null)
+    {
+        if (Auth::guard($guard)->check()) {
+            return redirect('/home');
+        }
+        return $next($request);
+    }
+}
--- a/app/Http/Middleware/TestAllowed.php
+++ b/app/Http/Middleware/TestAllowed.php
+<?php
+namespace App\Http\Middleware;
+use Closure;
+class TestAllowed
+{
+    /**
+     * Allow access to the test SPs only for users that have started the 
+     * test via the landing page.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        if ($request->session()->get('test_allowed',false) == true){
+            return $next($request);
+        }else{
+            return redirect(config('app.url'));
+        }
+    }
+}