use a Controller class for expirychecker

silinternational · Jun 21, 2024 · f81625f · f81625f
1 parent cefa2ae
commit f81625f
Show file tree

Hide file tree

Showing 5 changed files with 160 additions and 125 deletions.
diff --git a/modules/expirychecker/public/about2expire.php b/modules/expirychecker/public/about2expire.php
diff --git a/modules/expirychecker/public/expired.php b/modules/expirychecker/public/expired.php
diff --git a/modules/expirychecker/routing/routes/routes.yml b/modules/expirychecker/routing/routes/routes.yml
@@ -0,0 +1,13 @@
+expirychecker-about2expire:
+  path: /about2expire
+  defaults: {
+    _controller: 'SimpleSAML\Module\expirychecker\Controller\ExpiryChecker::about2expire'
+  }
+  methods: [ GET ]
+
+expirychecker-expired:
+  path: /expired
+  defaults: {
+    _controller: 'SimpleSAML\Module\expirychecker\Controller\ExpiryChecker::expired'
+  }
+  methods: [ GET ]
diff --git a/modules/expirychecker/src/Auth/Process/ExpiryDate.php b/modules/expirychecker/src/Auth/Process/ExpiryDate.php
@@ -366,7 +366,7 @@ public function redirectToExpiredPage(array &$state, string $accountName, int $e
         $state['originalUrlParam'] = $this->originalUrlParam;
 
         $id = State::saveState($state, 'expirychecker:expired');
-        $url = Module::getModuleURL('expirychecker/expired.php');
+        $url = Module::getModuleURL('expirychecker/expired');
 
         $httpUtils = new HTTP();
         $httpUtils->redirectTrustedURL($url, array('StateId' => $id));
@@ -403,7 +403,7 @@ protected function redirectToWarningPage(array &$state, string $accountName, int
         $state['originalUrlParam'] = $this->originalUrlParam;
 
         $id = State::saveState($state, 'expirychecker:about2expire');
-        $url = Module::getModuleURL('expirychecker/about2expire.php');
+        $url = Module::getModuleURL('expirychecker/about2expire');
 
         $httpUtils = new HTTP();
         $httpUtils->redirectTrustedURL($url, array('StateId' => $id));

diff --git a/modules/expirychecker/src/Controller/ExpiryChecker.php b/modules/expirychecker/src/Controller/ExpiryChecker.php
@@ -0,0 +1,145 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\expirychecker\Controller;
+
+use SimpleSAML\Auth\ProcessingChain;
+use SimpleSAML\Auth\State;
+use SimpleSAML\Configuration;
+use SimpleSAML\Error\BadRequest;
+use SimpleSAML\Logger;
+use SimpleSAML\Module;
+use SimpleSAML\Module\expirychecker\Auth\Process\ExpiryDate;
+use SimpleSAML\Module\expirychecker\Utilities;
+use SimpleSAML\Utils\HTTP;
+use SimpleSAML\XHTML\Template;
+
+/**
+ * Controller class for the about2expire module.
+ *
+ * This class serves the different views available in the module.
+ *
+ * @package silinternational/ssp-base
+ */
+class ExpiryChecker
+{
+    /** @var \SimpleSAML\Configuration */
+    protected Configuration $config;
+
+    /**
+     * Controller constructor.
+     *
+     * It initializes the global configuration for the controllers implemented here.
+     *
+     * @param \SimpleSAML\Configuration $config The configuration to use by the controllers.
+     *
+     * @throws \Exception
+     */
+    public function __construct(Configuration $config)
+    {
+        $this->config = $config;
+    }
+
+    public function about2expire(): Template
+    {
+        $stateId = filter_input(INPUT_GET, 'StateId') ?? null;
+        if (empty($stateId)) {
+            throw new BadRequest('Missing required StateId query parameter.');
+        }
+
+        $state = State::loadState($stateId, 'expirychecker:about2expire');
+
+        /* Skip the splash pages for awhile, both to let the user get to the
+         * change-password website and to avoid annoying them with constant warnings. */
+        ExpiryDate::skipSplashPagesFor(14400); // 14400 seconds = 4 hours
+
+        if (array_key_exists('continue', $_REQUEST)) {
+
+            // The user has pressed the continue button.
+            ProcessingChain::resumeProcessing($state);
+        }
+
+        if (array_key_exists('changepwd', $_REQUEST)) {
+
+            // The user has pressed the change-password button.
+            $passwordChangeUrl = $state['passwordChangeUrl'];
+
+            // Add the original url as a parameter
+            if (array_key_exists('saml:RelayState', $state)) {
+                $stateId = State::saveState(
+                    $state,
+                    'expirychecker:about2expire'
+                );
+
+                $returnTo = Utilities::getUrlFromRelayState(
+                    $state['saml:RelayState']
+                );
+                if (!empty($returnTo)) {
+                    $passwordChangeUrl .= '?returnTo=' . $returnTo;
+                }
+            }
+
+            $httpUtils = new HTTP();
+            $httpUtils->redirectTrustedURL($passwordChangeUrl, array());
+        }
+
+        $t = new Template($this->config, 'expirychecker:about2expire');
+        $t->data['formTarget'] = Module::getModuleURL('expirychecker/about2expire');
+        $t->data['formData'] = ['StateId' => $stateId];
+        $t->data['daysLeft'] = $state['daysLeft'];
+        $t->data['dayOrDays'] = (intval($state['daysLeft']) === 1 ? 'day' : 'days');
+        $t->data['expiresAtTimestamp'] = $state['expiresAtTimestamp'];
+        $t->data['accountName'] = $state['accountName'];
+
+        Logger::info('expirychecker - User has been warned that their password will expire soon.');
+        return $t;
+    }
+
+    public function expired(): Template
+    {
+        $stateId = filter_input(INPUT_GET, 'StateId') ?? null;
+        if (empty($stateId)) {
+            throw new BadRequest('Missing required StateId query parameter.');
+        }
+
+        $state = State::loadState($stateId, 'expirychecker:expired');
+
+        if (array_key_exists('changepwd', $_REQUEST)) {
+
+            /* Now that they've clicked change-password, skip the splash pages very
+             * briefly, to let the user get to the change-password website.  */
+            ExpiryDate::skipSplashPagesFor(60); // 60 seconds = 1 minute
+
+            // The user has pressed the change-password button.
+            $passwordChangeUrl = $state['passwordChangeUrl'];
+
+            // Add the original url as a parameter
+            if (array_key_exists('saml:RelayState', $state)) {
+                $stateId = State::saveState(
+                    $state,
+                    'expirychecker:about2expire'
+                );
+
+                $returnTo = Utilities::getUrlFromRelayState(
+                    $state['saml:RelayState']
+                );
+                if (!empty($returnTo)) {
+                    $passwordChangeUrl .= '?returnTo=' . $returnTo;
+                }
+            }
+
+            $httpUtils = new HTTP();
+            $httpUtils->redirectTrustedURL($passwordChangeUrl, array());
+        }
+
+        $t = new Template($this->config, 'expirychecker:expired');
+        $t->data['formTarget'] = Module::getModuleURL('expirychecker/expired');
+        $t->data['formData'] = ['StateId' => $stateId];
+        $t->data['expiresAtTimestamp'] = $state['expiresAtTimestamp'];
+        $t->data['accountName'] = $state['accountName'];
+
+        Logger::info('expirychecker - User has been told that their password has expired.');
+        return $t;
+    }
+}