IdP PHP : logout is working

8 files changed, 150 insertions, 22 deletions

diff --git a/php/Attic/examples/sample-idp/setup.php b/php/Attic/examples/sample-idp/setup.php
index a7b148af..75cf9fc6 100644
--- a/php/Attic/examples/sample-idp/setup.php
+++ b/php/Attic/examples/sample-idp/setup.php
@@ -239,8 +239,9 @@
 		$res =& $db->query($query);
 
 		$query = "CREATE TABLE assertions (
-		  assertion       text,
-		  response_dump    text)";
+		  assertion        text,
+		  response_dump    text,
+		  created          timestamp)";
 
 		$res =& $db->query($query);
 		if (DB::isError($res)) 
diff --git a/php/Attic/examples/sample-idp/singleSignOn.php b/php/Attic/examples/sample-idp/singleSignOn.php
index d9d7f10a..2569d2fa 100644
--- a/php/Attic/examples/sample-idp/singleSignOn.php
+++ b/php/Attic/examples/sample-idp/singleSignOn.php
@@ -128,15 +128,21 @@
 	  }
 	  else
 		die("Unknown protocol profile for login:" . $login->protocolProfile);
-	  
+	
 	  if ($login->isIdentityDirty)
 	  {
-		// TODO 
-		// print "isIdentityDirty yes";
+		$identity = $login->identity;
+		$query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump());
+		$query .= " WHERE user_id='$user_id'";
+
+		$res =& $db->query($query);
+		if (DB::isError($res)) 
+		  die($res->getMessage());
 	  } 
 	  
 	  // Get name identifier
-	  $query = "SELECT name_identifier FROM nameidentifiers WHERE user_id='$user_id'";
+	  $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
+	  $query .= $login->nameIdentifier . "'";
 	  $res =& $db->query($query);
 	  if (DB::isError($res)) 
 		die($res->getMessage());
@@ -173,18 +179,26 @@
   	  if (DB::isError($res)) 
 		die($res->getMessage());
 
-	  // Save assertion 
-	  $query = 	"INSERT INTO assertions (assertion, response_dump) VALUES ('" . $login->assertionArtifact;
-	  $query .= "', '" . $login->responseDump . "')";
+	  if (empty($login->assertionArtifact))
+		die("assertion Artifact is empty");
 
+	  $assertion = $login->assertion;
+	  $assertion_dump = $assertion->dump();
+
+	  if (empty($assertion_dump))
+		die("assertion dump is empty");
+
+	  
+	  // Save assertion 
+	  $query = 	"INSERT INTO assertions (assertion, response_dump, created) VALUES ";
+	  $query .= "('".$login->assertionArtifact."',".$db->quoteSmart($assertion_dump).", NOW())";
+	  
 	  $res =& $db->query($query);
   	  if (DB::isError($res)) 
 		die($res->getMessage());
 
 	  if ($login->protocolProfile == lassoLoginProtocolProfileBrwsArt)
 	  {
-		$artifact = $login->assertionArtifact;
-		$response_msg = $login->responseDump;
 		$url = $login->msgUrl;
 
 		header("Request-URI: $url");
diff --git a/php/Attic/examples/sample-idp/soapEndpoint.php b/php/Attic/examples/sample-idp/soapEndpoint.php
index 84b60bf7..633aa483 100644
--- a/php/Attic/examples/sample-idp/soapEndpoint.php
+++ b/php/Attic/examples/sample-idp/soapEndpoint.php
@@ -42,7 +42,7 @@
 
   if (DB::isError($db)) 
   	die($db->getMessage());
-
+  
   switch ($requestype) 
   {
 	// Login
@@ -56,7 +56,10 @@
 
 	  $res =& $db->query($query);
 	  if (DB::isError($res)) 
+	  {
+		header("HTTP/1.0 500 Internal Server Error");
 		die($res->getMessage());
+	  }
 
 	  // Good Artifact, send reponse_dump
 	  if ($res->numRows()) 
@@ -67,9 +70,14 @@
 		
 		$res =& $db->query($query);
 		if (DB::isError($res)) 
+		{
+		  header("HTTP/1.0 500 Internal Server Error");
 		  die($res->getMessage()); 
-		header("Content-Length: " . strlen($row[0]) . "\r\n");
-		echo $row[0];
+		}
+		$login->setAssertionFromDump($row[0]);
+		$login->buildResponseMsg();
+		header("Content-Length: " . strlen($login->msgBody) . "\r\n");
+		echo $login->msgBody;
 	  }
 	  else
 	  {
@@ -80,11 +88,116 @@
 	  }
 	  break;
 	case lassoRequestTypeLogout:
+	  // Logout
+	  $logout = new LassoLogout($server, lassoProviderTypeIdp);
+	  $logout->processRequestMsg($HTTP_RAW_POST_DATA, lassoHttpMethodSoap);
+	  $nameIdentifier = $logout->nameIdentifier; 
+	  
+	  // name identifier is empty, wrong request
+	  if (empty($nameIdentifier))
+	  {
+		header("HTTP/1.0 500 Internal Server Error");
+		exit;
+	  }
+
+	  $query = "SELECT user_id FROM nameidentifiers WHERE name_identifier='";
+	  $query .= $nameIdentifier . "'";
+
+	  $res =& $db->query($query);
+	  if (DB::isError($res)) 
+		die($res->getMessage());
+	  
+	  if (!$res->numRows()) 
+	  {
+		header("HTTP/1.0 500 Internal Server Error");
+		exit;
+	  }
+		
+	  $row = $res->fetchRow();
+	  $user_id = $row[0];
+
+	  $query = "SELECT user_dump,session_dump FROM users WHERE user_id='$user_id'";
+
+	  $res =& $db->query($query);
+	  if (DB::isError($res)) 
+		die($res->getMessage());
+	  
+	  if (!$res->numRows()) 
+	  {
+		header("HTTP/1.0 500 Internal Server Error");
+		exit;
+	  }
+	  
+	  $row = $res->fetchRow();
+	  $user_dump = $row[0];
+	  $session_dump = $row[1];
+
+	  $logout->setSessionFromDump($session_dump);
+	  $logout->setIdentityFromDump($user_dump);
+
+	  // TODO : handle exception
+	  if ($logout->validateRequest())
+	  {
+		// validate request failed
+		header("HTTP/1.0 500 Internal Server Error");
+		exit;
+	  }
+
+	  if ($logout->isIdentityDirty)
+	  {
+		$identity = $logout->identity;
+		$query = "UPDATE users SET user_dump=".$db->quoteSmart($identity->dump());
+		$query .= " WHERE user_id='$user_id'";
+
+		$res =& $db->query($query);
+		if (DB::isError($res)) 
+		  die($res->getMessage());
+	  } 
+	  
+	  // TODO : try multiple sp logout
+	  while(($providerID = $logout->getNextProviderId()))
+	  {
+		$logout->initRequest($providerID, lassoHttpMethodAny); // FIXME
+		$logout->buildRequestMsg();
+		$url = parse_url($logout->msgUrl);
+		
+		$soap = sprintf("POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n",
+		  $url['path'], $url['host'], $url['port'], strlen($logout->msgBody), $logout->msgBody);
+
+		$fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30);
+		if (!$fp)
+		{
+		  header("HTTP/1.0 500 Internal Server Error");
+		  die($errstr ($errno));
+		}
+		fwrite($fp, $soap);
+		$ret = fgets($fp);
+
+		if (!preg_match("/^HTTP\/1\\.. 200/i", $ret)) 
+		{
+		  header("HTTP/1.0 500 Internal Server Error");
+		  die("Logout failed with : " . $providerID);
+		}
+		
+		while (!feof($fp)) {
+		  $reponse .= @fread($fp, 8192);
+		}
+
+		fclose($fp);
+
+		list($header, $body) = preg_split("/(\r\n\r\n|\n\n)/", $reponse, 2);
+
+		$logout->processResponseMsg($body, lassoHttpMethodSoap);
+	  } 
+	  
+	  $logout->buildResponseMsg();
+	  header("Content-Length: " . strlen($logout->msgBody) . "\r\n");
+	  echo $logout->msgBody;
 	  break;
 	case lassoRequestTypeDefederation:
 	  break;
 	default:
-	  die("Unkown request type!");
+	  header("HTTP/1.0 500 Internal Server Error");
   }
   
   lasso_shutdown();
diff --git a/php/Attic/examples/sample-sp/assertionConsumer.php b/php/Attic/examples/sample-sp/assertionConsumer.php
index 4aa45ed8..fc62aec1 100644
--- a/php/Attic/examples/sample-sp/assertionConsumer.php
+++ b/php/Attic/examples/sample-sp/assertionConsumer.php
@@ -47,10 +47,9 @@
   $url = parse_url($login->msgUrl);
 
   $soap = sprintf(
-	"POST %s HTTP/1.1\r\nHost: %s:%d\r\nAccept-Encoding: identity\r\nContent-Length: %d\r\nContent-Type: text/xml\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html\r\nConnection: close\r\n\r\n%s\r\n",
+	"POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n",
   $url['path'], $url['host'], $url['port'], strlen($login->msgBody), $login->msgBody);
 
-  
   # PHP 4.3.0 with OpenSSL support required
   $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno));
   fwrite($fp, $soap);
diff --git a/php/Attic/examples/sample-sp/index.php b/php/Attic/examples/sample-sp/index.php
index 39dddfed..99c39bb9 100644
--- a/php/Attic/examples/sample-sp/index.php
+++ b/php/Attic/examples/sample-sp/index.php
@@ -45,6 +45,7 @@ Please run the setup script :<br>
 You can get more informations about <b>Lasso</b> at <br>
 <a href='http://lasso.entrouvert.org/'>http://lasso.entrouvert.org/</a></p>
 <?php
+  exit();
   }
 
  $config = unserialize(file_get_contents('config.inc'));
diff --git a/php/Attic/examples/sample-sp/login.php b/php/Attic/examples/sample-sp/login.php
index ae851941..199c52da 100644
--- a/php/Attic/examples/sample-sp/login.php
+++ b/php/Attic/examples/sample-sp/login.php
@@ -30,7 +30,7 @@
 
   $server_dump = file_get_contents($config['server_dump_filename']);
 
-  $server = LassoServer::newfromdump($server_dump);
+  $server = LassoServer::newFromdump($server_dump);
 
   $login = new LassoLogin($server);
 
diff --git a/php/Attic/examples/sample-sp/logout.php b/php/Attic/examples/sample-sp/logout.php
index 78ebec0c..b4fd66a6 100644
--- a/php/Attic/examples/sample-sp/logout.php
+++ b/php/Attic/examples/sample-sp/logout.php
@@ -49,7 +49,8 @@
   
   $logout = new LassoLogout($server, lassoProviderTypeSp);
   
-  $query = "SELECT identity_dump FROM users WHERE user_id='" . $_SESSION['user_id'] . "'";
+  $query = "SELECT identity_dump FROM users WHERE user_id='";
+  $query .= $_SESSION['user_id']."'";
 
   $res =& $db->query($query);
   
@@ -67,11 +68,10 @@
   $url = parse_url($logout->msgUrl);
 
   $soap = sprintf(
-	"POST %s HTTP/1.1\r\nHost: %s:%d\r\nAccept-Encoding: identity\r\nContent-Length: %d\r\nContent-Type: text/xml\r\nAccept: text/xml,application/xml,application/xhtml+xml,text/html\r\nConnection: close\r\n\r\n%s\r\n",
+	"POST %s HTTP/1.1\r\nHost: %s:%d\r\nContent-Length: %d\r\nContent-Type: text/xml\r\n\r\n%s\r\n",
   $url['path'], $url['host'], $url['port'], 
   strlen($logout->msgBody), $logout->msgBody);
 
-
   # PHP 4.3.0 with OpenSSL support required
   $fp = fsockopen("ssl://" . $url['host'], $url['port'], $errno, $errstr, 30) or die($errstr ($errno));
  
diff --git a/php/Attic/examples/sample-sp/setup.php b/php/Attic/examples/sample-sp/setup.php
index 621c559a..7688deab 100644
--- a/php/Attic/examples/sample-sp/setup.php
+++ b/php/Attic/examples/sample-sp/setup.php
@@ -57,7 +57,7 @@
 
 	  $config_ser = serialize($config);
 
-	  if (($fd = fopen(getcwd()."/config.inc", "w")))
+	  if (($fd = fopen("config.inc", "w")))
 		{
 		  fwrite($fd, $config_ser);
 		  fclose($fd);