diff options
author | Christian Weiske <cweiske@cweiske.de> | 2011-05-10 15:23:58 +0200 |
---|---|---|
committer | Christian Weiske <cweiske@cweiske.de> | 2011-05-10 15:23:58 +0200 |
commit | c13689813e71413f3c98664568c47c167c00580a (patch) | |
tree | 1dc202379157c1c5926d251b13a148238db249fc | |
parent | 967ba79ece58dd0164accbf46078964c58fec230 (diff) | |
download | semanticscuttle-c13689813e71413f3c98664568c47c167c00580a.tar.gz semanticscuttle-c13689813e71413f3c98664568c47c167c00580a.tar.bz2 |
prepare user interface to register and delete client certificates on the profile page
-rw-r--r-- | data/templates/editprofile-sslclientcerts.tpl.php | 18 | ||||
-rw-r--r-- | src/SemanticScuttle/Model/User/SslClientCert.php | 78 | ||||
-rw-r--r-- | src/SemanticScuttle/Service/User/SslClientCert.php | 38 | ||||
-rw-r--r-- | www/profile.php | 15 |
4 files changed, 142 insertions, 7 deletions
diff --git a/data/templates/editprofile-sslclientcerts.tpl.php b/data/templates/editprofile-sslclientcerts.tpl.php index e6fc5c3..c43def4 100644 --- a/data/templates/editprofile-sslclientcerts.tpl.php +++ b/data/templates/editprofile-sslclientcerts.tpl.php @@ -3,6 +3,7 @@ <table> <thead> <tr> + <th>Options</th> <th><?php echo T_('Serial'); ?></th> <th><?php echo T_('Name'); ?></th> <th><?php echo T_('Email'); ?></th> @@ -11,7 +12,8 @@ </thead> <tbody> <?php foreach($sslClientCerts as $cert) { ?> - <tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>> + <tr <?php if ($cert->isCurrent()) { echo 'class="ssl-current"'; } ?>> + <td><a href="#FIXME">delete</a></td> <td><?php echo htmlspecialchars($cert->sslSerial); ?></td> <td><?php echo htmlspecialchars($cert->sslName); ?></td> <td><?php echo htmlspecialchars($cert->sslEmail); ?></td> @@ -23,3 +25,17 @@ <?php } else { ?> <p><?php echo T_('No certificates registered'); ?></p> <?php } ?> + +<?php if ($currentCert) { ?> + <?php if ($currentCert->isRegistered($sslClientCerts)) { ?> + <p><?php echo T_('Your current certificate is already registered with your account.'); ?></p> + <?php } else { ?> + <p> + <a href="#FIXME"> + <?php echo T_('Register current certificate to automatically login.'); ?> + </a> + </p> + <?php } ?> +<?php } else { ?> + <p><?php echo T_('Your browser does not provide a certificate.'); ?></p> +<?php } ?> diff --git a/src/SemanticScuttle/Model/User/SslClientCert.php b/src/SemanticScuttle/Model/User/SslClientCert.php index ab7b288..383b601 100644 --- a/src/SemanticScuttle/Model/User/SslClientCert.php +++ b/src/SemanticScuttle/Model/User/SslClientCert.php @@ -29,9 +29,11 @@ class SemanticScuttle_Model_User_SslClientCert public $sslName; public $sslEmail; + + /** * Creates and returns a new object and fills it with - * tha passed values from the database. + * the passed values from the database. * * @param array $arCertRow Database row array * @@ -51,6 +53,29 @@ class SemanticScuttle_Model_User_SslClientCert /** + * Loads the user's/browser's client certificate information into + * an object and returns it. + * Expects that all information is available. + * Better check with + * SemanticScuttle_Service_User_SslClientCert::hasValidCert() before. + * + * @return SemanticScuttle_Model_User_SslClientCert + * + * @see SemanticScuttle_Service_User_SslClientCert::hasValidCert() + */ + public static function fromCurrentCert() + { + $cert = new self(); + $cert->sslSerial = $_SERVER['SSL_CLIENT_M_SERIAL']; + $cert->sslClientIssuerDn = $_SERVER['SSL_CLIENT_I_DN']; + $cert->sslName = $_SERVER['SSL_CLIENT_S_DN_CN']; + $cert->sslEmail = $_SERVER['SSL_CLIENT_S_DN_Email']; + return $cert; + } + + + + /** * Tells you if this certificate is the one the user is currently browsing * with. * @@ -68,5 +93,56 @@ class SemanticScuttle_Model_User_SslClientCert && $this->sslClientIssuerDn == $_SERVER['SSL_CLIENT_I_DN']; } + + + /** + * Checks if this certificate is registered (exists) in the certificate + * array + * + * @param array $arCertificates Array of certificate objects + * + * @return boolean True or false + */ + public function isRegistered($arCertificates) + { + foreach ($arCertificates as $cert) { + if ($cert->equals($this)) { + return true; + } + } + return false; + } + + + + /** + * Deletes this certificate from database + * + * @return boolean True if all went well, false if not + */ + public function delete() + { + $ok = SemanticScuttle_Service_Factory::get('User_SslClientCert') + ->delete($this); + if ($ok) { + $this->id = null; + } + return $ok; + } + + + + /** + * Compares this certificate with the given one. + * + * @param SemanticScuttle_Service_Factory $cert Another user certificate + * + * @return boolean True if both match. + */ + public function equals(SemanticScuttle_Model_User_SslClientCert $cert) + { + return $this->sslSerial == $cert->sslSerial + && $this->sslClientIssuerDn == $cert->sslClientIssuerDn; + } } ?>
\ No newline at end of file diff --git a/src/SemanticScuttle/Service/User/SslClientCert.php b/src/SemanticScuttle/Service/User/SslClientCert.php index 3c69788..b6545df 100644 --- a/src/SemanticScuttle/Service/User/SslClientCert.php +++ b/src/SemanticScuttle/Service/User/SslClientCert.php @@ -208,5 +208,43 @@ class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbServi $this->db->sql_freeresult($dbresult); return $certs; } + + + + /** + * Deletes a SSL client certificate. + * No security checks are made here. + * + * @param mixed $cert Certificate object or certificate database id. + * Objects are of type + * SemanticScuttle_Model_User_SslClientCert + * + * @return boolean True if all went well, false if it could not be deleted + */ + public function delete($cert) + { + if ($cert instanceof SemanticScuttle_Model_User_SslClientCert) { + $id = (int)$cert->id; + } else { + $id = (int)$cert; + } + + if ($id === 0) { + return false; + } + + $query = 'DELETE FROM ' . $this->getTableName() + .' WHERE uId = ' . $id; + + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not delete user certificate', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + return true; + } } ?>
\ No newline at end of file diff --git a/www/profile.php b/www/profile.php index 446c089..5ffc959 100644 --- a/www/profile.php +++ b/www/profile.php @@ -119,11 +119,16 @@ if (!$userservice->isLoggedOn() || $currentUser->getId() != $userid) { $_SESSION['token_stamp'] = time(); $templatename = 'editprofile.tpl.php'; - $tplVars['formaction'] = createURL('profile', $user); - $tplVars['token'] = $_SESSION['token']; - $tplVars['sslClientCerts'] = SemanticScuttle_Service_Factory::get( - 'User_SslClientCert' - )->getUserCerts($currentUser->getId()); + + $tplVars['formaction'] = createURL('profile', $user); + $tplVars['token'] = $_SESSION['token']; + + $scert = SemanticScuttle_Service_Factory::get('User_SslClientCert'); + $tplVars['sslClientCerts'] = $scert->getUserCerts($currentUser->getId()); + $tplVars['currentCert'] = null; + if ($scert->hasValidCert()) { + $tplVars['currentCert'] = SemanticScuttle_Model_User_SslClientCert::fromCurrentCert(); + } } $tplVars['objectUser'] = $userinfo; |