prepare user interface to register and delete client certificates on the profile page
This commit is contained in:
parent
967ba79ece
commit
c13689813e
4 changed files with 142 additions and 7 deletions
|
@ -3,6 +3,7 @@
|
|||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Options</th>
|
||||
<th><?php echo T_('Serial'); ?></th>
|
||||
<th><?php echo T_('Name'); ?></th>
|
||||
<th><?php echo T_('Email'); ?></th>
|
||||
|
@ -12,6 +13,7 @@
|
|||
<tbody>
|
||||
<?php foreach($sslClientCerts as $cert) { ?>
|
||||
<tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>>
|
||||
<td><a href="#FIXME">delete</a></td>
|
||||
<td><?php echo htmlspecialchars($cert->sslSerial); ?></td>
|
||||
<td><?php echo htmlspecialchars($cert->sslName); ?></td>
|
||||
<td><?php echo htmlspecialchars($cert->sslEmail); ?></td>
|
||||
|
@ -23,3 +25,17 @@
|
|||
<?php } else { ?>
|
||||
<p><?php echo T_('No certificates registered'); ?></p>
|
||||
<?php } ?>
|
||||
|
||||
<?php if ($currentCert) { ?>
|
||||
<?php if ($currentCert->isRegistered($sslClientCerts)) { ?>
|
||||
<p><?php echo T_('Your current certificate is already registered with your account.'); ?></p>
|
||||
<?php } else { ?>
|
||||
<p>
|
||||
<a href="#FIXME">
|
||||
<?php echo T_('Register current certificate to automatically login.'); ?>
|
||||
</a>
|
||||
</p>
|
||||
<?php } ?>
|
||||
<?php } else { ?>
|
||||
<p><?php echo T_('Your browser does not provide a certificate.'); ?></p>
|
||||
<?php } ?>
|
||||
|
|
|
@ -29,9 +29,11 @@ class SemanticScuttle_Model_User_SslClientCert
|
|||
public $sslName;
|
||||
public $sslEmail;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Creates and returns a new object and fills it with
|
||||
* tha passed values from the database.
|
||||
* the passed values from the database.
|
||||
*
|
||||
* @param array $arCertRow Database row array
|
||||
*
|
||||
|
@ -50,6 +52,29 @@ class SemanticScuttle_Model_User_SslClientCert
|
|||
|
||||
|
||||
|
||||
/**
|
||||
* Loads the user's/browser's client certificate information into
|
||||
* an object and returns it.
|
||||
* Expects that all information is available.
|
||||
* Better check with
|
||||
* SemanticScuttle_Service_User_SslClientCert::hasValidCert() before.
|
||||
*
|
||||
* @return SemanticScuttle_Model_User_SslClientCert
|
||||
*
|
||||
* @see SemanticScuttle_Service_User_SslClientCert::hasValidCert()
|
||||
*/
|
||||
public static function fromCurrentCert()
|
||||
{
|
||||
$cert = new self();
|
||||
$cert->sslSerial = $_SERVER['SSL_CLIENT_M_SERIAL'];
|
||||
$cert->sslClientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
|
||||
$cert->sslName = $_SERVER['SSL_CLIENT_S_DN_CN'];
|
||||
$cert->sslEmail = $_SERVER['SSL_CLIENT_S_DN_Email'];
|
||||
return $cert;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Tells you if this certificate is the one the user is currently browsing
|
||||
* with.
|
||||
|
@ -68,5 +93,56 @@ class SemanticScuttle_Model_User_SslClientCert
|
|||
&& $this->sslClientIssuerDn == $_SERVER['SSL_CLIENT_I_DN'];
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Checks if this certificate is registered (exists) in the certificate
|
||||
* array
|
||||
*
|
||||
* @param array $arCertificates Array of certificate objects
|
||||
*
|
||||
* @return boolean True or false
|
||||
*/
|
||||
public function isRegistered($arCertificates)
|
||||
{
|
||||
foreach ($arCertificates as $cert) {
|
||||
if ($cert->equals($this)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Deletes this certificate from database
|
||||
*
|
||||
* @return boolean True if all went well, false if not
|
||||
*/
|
||||
public function delete()
|
||||
{
|
||||
$ok = SemanticScuttle_Service_Factory::get('User_SslClientCert')
|
||||
->delete($this);
|
||||
if ($ok) {
|
||||
$this->id = null;
|
||||
}
|
||||
return $ok;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Compares this certificate with the given one.
|
||||
*
|
||||
* @param SemanticScuttle_Service_Factory $cert Another user certificate
|
||||
*
|
||||
* @return boolean True if both match.
|
||||
*/
|
||||
public function equals(SemanticScuttle_Model_User_SslClientCert $cert)
|
||||
{
|
||||
return $this->sslSerial == $cert->sslSerial
|
||||
&& $this->sslClientIssuerDn == $cert->sslClientIssuerDn;
|
||||
}
|
||||
}
|
||||
?>
|
|
@ -208,5 +208,43 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi
|
|||
$this->db->sql_freeresult($dbresult);
|
||||
return $certs;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Deletes a SSL client certificate.
|
||||
* No security checks are made here.
|
||||
*
|
||||
* @param mixed $cert Certificate object or certificate database id.
|
||||
* Objects are of type
|
||||
* SemanticScuttle_Model_User_SslClientCert
|
||||
*
|
||||
* @return boolean True if all went well, false if it could not be deleted
|
||||
*/
|
||||
public function delete($cert)
|
||||
{
|
||||
if ($cert instanceof SemanticScuttle_Model_User_SslClientCert) {
|
||||
$id = (int)$cert->id;
|
||||
} else {
|
||||
$id = (int)$cert;
|
||||
}
|
||||
|
||||
if ($id === 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$query = 'DELETE FROM ' . $this->getTableName()
|
||||
.' WHERE uId = ' . $id;
|
||||
|
||||
if (!($dbresult = $this->db->sql_query($query))) {
|
||||
message_die(
|
||||
GENERAL_ERROR, 'Could not delete user certificate',
|
||||
'', __LINE__, __FILE__, $query, $this->db
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
?>
|
|
@ -119,11 +119,16 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) {
|
|||
$_SESSION['token_stamp'] = time();
|
||||
|
||||
$templatename = 'editprofile.tpl.php';
|
||||
|
||||
$tplVars['formaction'] = createURL('profile', $user);
|
||||
$tplVars['token'] = $_SESSION['token'];
|
||||
$tplVars['sslClientCerts'] = SemanticScuttle_Service_Factory::get(
|
||||
'User_SslClientCert'
|
||||
)->getUserCerts($currentUser->getId());
|
||||
|
||||
$scert = SemanticScuttle_Service_Factory::get('User_SslClientCert');
|
||||
$tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId());
|
||||
$tplVars['currentCert'] = null;
|
||||
if ($scert->hasValidCert()) {
|
||||
$tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert();
|
||||
}
|
||||
}
|
||||
|
||||
$tplVars['objectUser'] = $userinfo;
|
||||
|
|
Loading…
Reference in a new issue