forked from elabftw/elabftw
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
102 lines (82 loc) · 3.11 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
/**
* index.php
*
* @author Nicolas CARPi <[email protected]>
* @copyright 2012 Nicolas CARPi
* @see https://www.elabftw.net Official website
* @license AGPL-3.0
* @package elabftw
*/
namespace Elabftw\Elabftw;
use Exception;
use OneLogin_Saml2_Auth;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Response;
try {
require_once 'app/init.inc.php';
if ($Request->query->has('acs')) {
$Saml = new Saml(new Config, new Idps);
// TODO this is the id of the idp to use to get the settings
$settings = $Saml->getSettings(1);
$SamlAuth = new OneLogin_Saml2_Auth($settings);
$requestID = null;
if ($Session->has('AuthNRequestID')) {
$requestID = $Session->get('AuthNRequestID');
}
$SamlAuth->processResponse($requestID);
$errors = $SamlAuth->getErrors();
if (!empty($errors) && $Saml->Config->configArr['debug']) {
echo "Something went wrong:<br>";
echo Tools::printArr(implode(', ', $errors));
}
if (!$SamlAuth->isAuthenticated()) {
throw new Exception("Not authenticated!");
}
$Session->set('samlUserdata', $SamlAuth->getAttributes());
// GET EMAIL
$emailAttribute = $Saml->Config->configArr['saml_email'];
$email = $Session->get('samlUserdata')[$emailAttribute];
if (is_array($email)) {
$email = $email[0];
}
if (!$App->Users->Auth->loginFromSaml($email)) {
// the user doesn't exist yet in the db
// check if the team exists
$Teams = new Teams($App->Users);
// GET TEAM
$teamAttribute = $Saml->Config->configArr['saml_team'];
$team = $Session->get('samlUserdata')[$teamAttribute];
if (is_array($team)) {
$team = $team[0];
}
$teamId = $Teams->initializeIfNeeded($team);
// GET FIRSTNAME AND LASTNAME
$firstnameAttribute = $Saml->Config->configArr['saml_firstname'];
$firstname = $Session->get('samlUserdata')[$firstnameAttribute];
if (is_array($firstname)) {
$firstname = $firstname[0];
}
$lastnameAttribute = $Saml->Config->configArr['saml_lastname'];
$lastname = $Session->get('samlUserdata')[$lastnameAttribute];
if (is_array($lastname)) {
$lastname = $lastname[0];
}
// CREATE USER
$App->Users->create($email, $teamId, $firstname, $lastname);
// ok now the user is created, try logging in again
if (!$App->Users->Auth->loginFromSaml($email)) {
throw new Exception("Not authenticated!");
}
}
}
$Response = new RedirectResponse("experiments.php");
} catch (Exception $e) {
$template = 'error.html';
$renderArr = array('error' => $e->getMessage());
$Response = new Response();
$Response->prepare($Request);
$Response->setContent($App->render($template, $renderArr));
} finally {
$Response->send();
}