Browse Source

Cosign bugfixes, temporary disabling LDAP

kudlav 3 months ago
parent
commit
bde4f1645b

+ 21 - 16
app/FrontModule/presenters/SignPresenter.php

@@ -5,6 +5,8 @@ namespace App\FrontModule\Presenters;
 
 use App\Model\UserManager;
 use Nette\Security\AuthenticationException;
+use Tracy\Debugger;
+use Tracy\ILogger;
 
 
 class SignPresenter extends BasePresenter
@@ -19,7 +21,7 @@ class SignPresenter extends BasePresenter
 		$this->userManager = $userManager;
 	}
 
-	public function actionIn(int $cas=0): void
+	public function actionIn(): void
 	{
 
 		$this->setLayout(NULL);
@@ -35,16 +37,31 @@ class SignPresenter extends BasePresenter
 			"CosignValidationErrorRedirect"=>"https://cas.fit.vutbr.cz/validation_error.html",
 			"CosignValidReference"=>"#^https?:\/\/prednasky\.com(\/.*)?#",
 		))) {
-			error_log("cosign valid service failed");
+			Debugger::log("cosign valid service failed", ILogger::ERROR);
 			ob_end_flush();
 			header("503 Service Temporarily Unavailable");
 			echo "Cosign validation service failed";
 			exit();
 		}
+
+		// Verified FIT person
+		$this->user->setExpiration(0);
+		try {
+			$this->user->login($_SERVER['REMOTE_USER']);
+		}
+		catch (AuthenticationException $e) {
+			$this->flashMessage("alert.login_cas_err", 'danger');
+			$this->redirect('Homepage:default');
+		}
+		$this->flashMessage("alert.login_cas_ok", 'success');
+		$this->redirect('Homepage:default');
 	}
 
 	public function actionCosignValid()
 	{
+		$this->setLayout(NULL);
+
+		ob_start();
 		require_once("../cosign/cosign.php");
 
 		if (!cosign_auth(array(
@@ -53,21 +70,10 @@ class SignPresenter extends BasePresenter
 			"CosignValidationErrorRedirect"=>"https://cas.fit.vutbr.cz/validation_error.html",
 			"CosignValidReference"=>"#^https?:\/\/prednasky\.com(\/.*)?#",
 		))) {
-			error_log("cosign valid service failed");
+			ob_end_flush();
+			Debugger::log("cosign valid service failed", ILogger::ERROR);
 			$this->error("Cosign validation service failed", 503);
 		}
-
-		// Verified FIT person
-		$this->user->setExpiration(0);
-		try {
-			$this->user->login($_SERVER['REMOTE_USER']);
-		}
-		catch (AuthenticationException $e) {
-			$this->flashMessage("alert.login_cas_err", 'danger');
-			$this->redirect('Homepage:default');
-		}
-		$this->flashMessage("alert.login_cas_ok", 'success');
-		$this->redirect('Homepage:default');
 	}
 
 	public function actionOut(): void
@@ -79,7 +85,6 @@ class SignPresenter extends BasePresenter
 			$this->redirectUrl($referer->absoluteUrl);
 		}
 		else {
-			$this->flashMessage("alert.logout_ok", 'success');
 			$this->redirect('Homepage:default');
 		}
 	}

+ 7 - 9
app/model/UserManager.php

@@ -25,8 +25,6 @@ class UserManager implements Security\IAuthenticator
 		USER_FULLNAME = 'fullname',
 		USER_EMAIL = 'email',
 		USER_RIGHT_GROUP = 'right_group',
-		USER_INSTITUTION = 'institution',
-		USER_WEB = 'personal_web',
 		USER_ACTIVE = 'active'
 	;
 
@@ -60,7 +58,11 @@ class UserManager implements Security\IAuthenticator
 		// Get user according to CAS id
 		$user = $this->getCasUser($casId);
 		if ($user === null) {
-			$userInfo = $this->getLdapUser($casId);
+			//$userInfo = $this->getLdapUser($casId);
+			$userInfo = [
+				'cn' => $casId,
+				'mail' => $casId . '@XXX.YY',
+			];
 			if ($userInfo !== null) {
 				$user = $this->newUser($userInfo['cn'], $userInfo['mail'], 3, 1, $casId);
 			}
@@ -96,20 +98,16 @@ class UserManager implements Security\IAuthenticator
 	 * @param string $email Email address
 	 * @param int $rightGroup
 	 * @param int $active 0 = inactive, 1 = active, default 1
-	 * @param int $casId optional
-	 * @param string $institution optional
-	 * @param string $web optional
+	 * @param string $casId optional
 	 * @return ActiveRow|null
 	 */
-	private function newUser(string $name, string $email, int $rightGroup, int $active=1, int $casId=null, string $institution=null, string $web=null): ?ActiveRow
+	private function newUser(string $name, string $email, int $rightGroup, int $active=1, int $casId=null): ?ActiveRow
 	{
 		$result = $this->database->table(self::TABLE_USER)->insert([
 			self::USER_CAS => $casId,
 			self::USER_FULLNAME => $name,
 			self::USER_EMAIL => $email,
 			self::USER_RIGHT_GROUP => $rightGroup,
-			self::USER_INSTITUTION => $institution,
-			self::USER_WEB => $web,
 			self::USER_ACTIVE => $active
 		]);
 		return $result!==false ? $result : null;

+ 1 - 1
cosign/cosign_config.php

@@ -48,7 +48,7 @@ $cosign_cfg['CosignFactorSuffix'] = '-junk';
 $cosign_cfg['CosignFactorSuffixIgnore'] = false;
 
 // URL to which the user is redirected after login
-$cosign_cfg['CosignSiteEntry'] = 'http://prednasky.com';
+$cosign_cfg['CosignSiteEntry'] = 'https://prednasky.com/sign/in';
 
 // Use only http protocol to redirect back after login
 $cosign_cfg['CosignHTTPOnly'] = false;

+ 2 - 0
cosign/logs/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

+ 0 - 0
cosign/logs/cosign-filter.log


BIN
database-src.mwb


+ 18 - 0
database-updates.sql

@@ -210,6 +210,24 @@ USE `prednasky`$$
 CREATE FUNCTION `database_version` () RETURNS varchar(5) CHARACTER SET 'utf8'
 RETURN "1.8";$$
 
+-- 1.8 => 1.9 --
+ALTER TABLE `prednasky`.`user`
+  DROP COLUMN `personal_web`,
+  DROP COLUMN `institution`,
+  CHANGE COLUMN `CAS_id` `CAS_id` VARCHAR(45) NULL DEFAULT NULL;
+ALTER TABLE `prednasky`.`video`
+  CHANGE COLUMN `complete` `complete` TINYINT(1) NOT NULL ,
+  ADD FULLTEXT INDEX `fulltext_name` (`name`),
+  ADD FULLTEXT INDEX `fulltext_abstract` (`abstract`),
+  ADD FULLTEXT INDEX `fulltext_name_abstract` (`name`, `abstract`);
+;
+DROP function IF EXISTS `prednasky`.`database_version`;
+DELIMITER $$
+USE `prednasky`$$
+CREATE FUNCTION `database_version` () RETURNS varchar(5) CHARACTER SET 'utf8'
+RETURN "1.9";$$
+DELIMITER ;
+
 -- END HERE --
 SET SQL_MODE=@OLD_SQL_MODE;
 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS;