Added new proccess filter to redirect some users to selected page.

Author: vyskocilpavel

dictionaries/perun.definition.json

@@ -94,5 +94,17 @@
   "unauthorized-access_redirect_to_registration": {
     "en": "Now you will be redirected to registration to Perun system.",
     "cs": "Nyní budete přesměrování na registraci do systému Perun."
+  },
+  "redirect_some_users-header": {
+    "en": "Your activity is necessary to access the service",
+    "cs": "Pro přístup ke službě je vyžadována vaše aktivita"
+  },
+  "redirect_some_users-text": {
+    "en": "Text",
+    "cs": "Text"
+  },
+  "continue_to_service": {
+    "en": "You can continue to the service",
+    "cs": "Na službu můžete pokračovat"
   }
 }

lib/Auth/Process/RedirectSomeUsers.php

@@ -0,0 +1,104 @@
+<?php
+
+
+namespace SimpleSAML\Module\perun\Auth\Process;
+
+
+use SimpleSAML\Auth\ProcessingFilter;
+use SimpleSAML\Auth\State;
+use SimpleSAML\Error\Exception;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Utils\HTTP;
+
+class RedirectSomeUsers extends ProcessingFilter
+{
+
+    const ATTRIBUTE_IDENTIFIER = 'attributeIdentifier';
+    const URL_WITH_LOGINS = 'urlWithLogins';
+    const ALLOWED_CONTINUE = 'allowedContinue';
+    const REDIRECT_URL = 'redirectURL';
+    const PAGE_TEXT = 'pageText';
+
+    private $attributeIdentifier;
+    private $URLWtithLogins;
+    private $allowedContinue = true;
+    private $redirectURL;
+    private $pageText;
+
+    public function __construct($config, $reserved)
+    {
+        parent::__construct($config, $reserved);
+
+        if (!isset($config[self::ATTRIBUTE_IDENTIFIER])) {
+            throw new Exception(
+                'perun:RedirectSomeUsers - missing mandatory configuration option \'' .
+                self::ATTRIBUTE_IDENTIFIER . '\'.'
+            );
+        }
+        if (!isset($config[self::URL_WITH_LOGINS])) {
+            throw new Exception(
+                'perun:RedirectSomeUsers - missing mandatory configuration option \'' . self::URL_WITH_LOGINS . '\'.'
+            );
+        }
+        if (!isset($config[self::REDIRECT_URL])) {
+            throw new Exception(
+                'perun:RedirectSomeUsers - missing mandatory configuration option \'' . self::REDIRECT_URL . '\'.'
+            );
+        }
+        if (!isset($config[self::PAGE_TEXT]['en'])) {
+            throw new Exception(
+                'perun:RedirectSomeUsers - missing mandatory configuration option \'' . self::REDIRECT_URL . '\'.'
+            );
+        }
+
+        $this->attributeIdentifier = (string)$config[self::ATTRIBUTE_IDENTIFIER];
+        $this->URLWtithLogins = (string)$config[self::URL_WITH_LOGINS];
+        if (isset($config[self::ALLOWED_CONTINUE])) {
+            $this->allowedContinue = (boolean)$config[self::ALLOWED_CONTINUE];
+        }
+        $this->redirectURL = (string)$config[self::REDIRECT_URL];
+        $this->pageText = $config[self::PAGE_TEXT];
+    }
+
+    public function process(&$request)
+    {
+        $listOfLoginsToRedirect = file_get_contents($this->URLWtithLogins);
+        if (empty($listOfLoginsToRedirect)) {
+            Logger::debug('perun:RedirectSomeUsers - List of logins is empty!');
+        }
+
+        $listOfLoginsToRedirect = explode("\n", $listOfLoginsToRedirect);
+
+        if (!isset($request['Attributes'][$this->attributeIdentifier])) {
+            Logger::debug('perun:RedirectSomeUsers - User has not an attribute with identifier \''.
+                          $this->attributeIdentifier . ' \'!');
+        }
+        $userLogins = $request['Attributes'][$this->attributeIdentifier];
+
+        $redirectUser = false;
+
+        foreach ($userLogins as $userLogin) {
+            if (in_array($userLogin, $listOfLoginsToRedirect)) {
+                $redirectUser = true;
+                continue;
+            }
+        }
+
+        if (!$redirectUser) {
+            Logger::debug('perun:RedirectSomeUsers - Redirect is not required. Skipping to another process filter.');
+            return;
+        }
+
+
+        $id = State::saveState($request, 'perun:redirectSomeUsers');
+        $url = Module::getModuleURL('perun/redirect_some_users.php');
+        $attributes = [
+            'StateId' => $id,
+            'allowedContinue' => $this->allowedContinue,
+            'redirectURL' => $this->redirectURL,
+            'pageText' => $this->pageText
+        ];
+        HTTP::redirectTrustedURL($url, $attributes);
+    }
+}

templates/redirect_some_users-tpl.php

@@ -0,0 +1,54 @@
+<?php
+
+use SimpleSAML\Module;
+use SimpleSAML\XHTML\Template;
+
+/**
+ * Template for warn user that he/she is accessing test SP
+ *
+ * Allow type hinting in IDE
+ * @var Template $this
+ */
+
+$this->data['header'] = '';
+$allowedContinue = $this->data['allowedContinue'];
+$redirectURL = $this->data['redirectURL'];
+$pageText = $this->data['pageText'];
+$this->includeAtTemplateBase('includes/header.php');
+
+?>
+
+    <form method="post" action="<?php echo Module::getModuleURL('perun/redirect_some_users_continue.php'); ?>">
+
+        <input type="hidden" name="StateId" value="<?php echo $_REQUEST['StateId'] ?>">
+        <h3> <?php echo $this->t('{perun:perun:redirect_some_users-header}') ?> </h3>
+        </hr>
+        </br>
+
+        <div> <?php echo $pageText ?> </div>
+
+        </hr>
+        </br>
+
+        <?php
+        if ($allowedContinue) {
+            echo '<a class="btn btn-lg btn-block btn-primary" style="color:#FFF" target="_blank" href="' .
+                 $redirectURL . '">' . $this->t('{perun:perun:continue}')  . '</a>';
+
+
+            echo "</br>";
+            echo '<div class="form-group">'. $this->t('{perun:perun:continue_to_service}') . '
+            <input type="submit" value="' . $this->t('{perun:perun:here}') . '"
+                   class="btn btn-sm btn-link">
+            </div>';
+        } else {
+            echo '<a class="btn btn-lg btn-block btn-primary "style="color:#FFF"  href="' . $redirectURL . '">' .
+                 $this->t('{perun:perun:continue}')  . '</a>';
+        }
+        ?>
+
+    </form>
+
+<?php
+
+$this->includeAtTemplateBase('includes/footer.php');

www/redirect_some_users.php

@@ -0,0 +1,28 @@
+<?php
+
+use SimpleSAML\Auth\State;
+use SimpleSAML\Configuration;
+use SimpleSAML\XHTML\Template;
+use SimpleSAML\Locale\Language;
+
+$id = $_REQUEST['StateId'];
+$state = State::loadState($id, 'perun:redirectSomeUsers');
+
+$config = Configuration::getInstance();
+
+$language = (new Language($config))->getLanguage();
+
+$t = new Template($config, 'perun:redirect_some_users-tpl.php');
+$t->data['allowedContinue'] = $_REQUEST['allowedContinue'];
+$t->data['redirectURL'] = $_REQUEST['redirectURL'];
+$t->data['language'] = $language;
+
+if (isset($_REQUEST['pageText'][$language])) {
+    $t->data['pageText'] = $_REQUEST['pageText'][$language];
+} else {
+    $t->data['pageText'] = $_REQUEST['pageText']['en'];
+}
+
+
+
+$t->show();

www/redirect_some_users_continue.php

@@ -0,0 +1,9 @@
+<?php
+
+use SimpleSAML\Auth\State;
+use SimpleSAML\Auth\ProcessingChain;
+
+$id = $_REQUEST['StateId'];
+$state = State::loadState($id, 'perun:redirectSomeUsers');
+
+ProcessingChain::resumeProcessing($state);