From f3a3fa1661fbe5d231c9698875983aabc9586be8 Mon Sep 17 00:00:00 2001
From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Tue, 22 Mar 2022 18:24:02 +0100
Subject: [PATCH] wait #5074 @3

---
 VacheronSSO/.htaccess                 |  6 +-
 VacheronSSO/_checksso.php             |  5 ++
 VacheronSSO/{_secure.php => _sso.php} | 79 +++++++++------------------
 VacheronSSO/composer.json             |  2 +-
 VacheronSSO/index.php                 |  7 +++
 5 files changed, 40 insertions(+), 59 deletions(-)
 create mode 100644 VacheronSSO/_checksso.php
 rename VacheronSSO/{_secure.php => _sso.php} (82%)
 create mode 100644 VacheronSSO/index.php

diff --git a/VacheronSSO/.htaccess b/VacheronSSO/.htaccess
index e021dea..2731613 100644
--- a/VacheronSSO/.htaccess
+++ b/VacheronSSO/.htaccess
@@ -1,6 +1,4 @@
 RewriteEngine on
 RewriteBase /
-RewriteCond %{HTTP_HOST} hosting.fluidbook.com
-RewriteRule ^(.*)$ https://cabinotiers.vacheron-constantin.com/$1 [R=301,L]
-RewriteRule ^_secure.php$ - [L]
-RewriteRule ^.*$ _secure.php [L,QSA]
\ No newline at end of file
+RewriteCond %{HTTP_HOST} "^hosting.fluidbook.com"
+RewriteRule ^(.*)$ https://cabinotiers.vacheron-constantin.com/$1 [R=301,L]
\ No newline at end of file
diff --git a/VacheronSSO/_checksso.php b/VacheronSSO/_checksso.php
new file mode 100644
index 0000000..9768254
--- /dev/null
+++ b/VacheronSSO/_checksso.php
@@ -0,0 +1,5 @@
+<?php
+session_start();
+$needsAuth = !(isset($_SESSION['samlOK']) && $_SESSION['samlOK']);
+header('Content-Type: application/json');
+die(json_encode(['data' => [['logged-in' => !$needsAuth,'session'=>print_r($_SESSION,true)]]]));
diff --git a/VacheronSSO/_secure.php b/VacheronSSO/_sso.php
similarity index 82%
rename from VacheronSSO/_secure.php
rename to VacheronSSO/_sso.php
index 0f1816a..ca2123f 100644
--- a/VacheronSSO/_secure.php
+++ b/VacheronSSO/_sso.php
@@ -1,6 +1,10 @@
 <?php
+ini_set('display_errors', true);
+error_reporting(E_ALL);
+require_once "vendor/autoload.php";
 
 use GuzzleHttp\Client;
+use OneLogin\Saml2\Auth;
 
 $logdir = __DIR__ . '/log/';
 
@@ -13,29 +17,22 @@ if (isset($_POST) && count($_POST)) {
     file_put_contents($logdir . 'log.' . $t . '.log', print_r($_POST, true));
 }
 
-$basedir = '/';
-$base = 'https://cabinotiers.vacheron-constantin.com' . $basedir;
-//$metadata = 'https://login.microsoftonline.com/10c68b76-5682-4564-a75d-9ef796a2f318/federationmetadata/2007-06/federationmetadata.xml?appid=48b8e0f9-effd-41e9-b35e-6511459dee30';
-$metadata = 'https://login.microsoftonline.com/94b3f1b2-8b3a-49e3-ba33-8b8fb6d18361/federationmetadata/2007-06/federationmetadata.xml?appid=fd419245-db40-4031-856e-de24fbe41d13';
-
-$forbiddenext = ['php', 'htaccess', '_metadata'];
-foreach ($forbiddenext as $ext) {
 
-    if (stripos($_SERVER['SCRIPT_URL'], "." . $ext) !== false) {
-        http_response_code(403);
-        exit;
-    }
+$basedir = '/';
+$base = 'https://' . $_SERVER['HTTP_HOST'] . $basedir;
+if ($_SERVER['HTTP_HOST'] === 'cabinotiers.vacheron-constantin.com') {
+    $metadata = 'https://login.microsoftonline.com/94b3f1b2-8b3a-49e3-ba33-8b8fb6d18361/federationmetadata/2007-06/federationmetadata.xml?appid=fd419245-db40-4031-856e-de24fbe41d13';
+} else if ($_SERVER['HTTP_HOST'] === 'vacheron.hosting.fluidbook.com') {
+    $metadata = 'https://login.microsoftonline.com/10c68b76-5682-4564-a75d-9ef796a2f318/federationmetadata/2007-06/federationmetadata.xml?appid=48b8e0f9-effd-41e9-b35e-6511459dee30';
 }
-require_once "vendor/autoload.php";
 
 session_start();
 $needsAuth = !(isset($_SESSION['samlOK']) && $_SESSION['samlOK']);
 
-$file = $_SERVER['CONTEXT_DOCUMENT_ROOT'] . $_SERVER['SCRIPT_URL'];
-if (is_dir($file)) {
-    $file .= '/index.html';
+if (isset($_GET['return'])) {
+    $_SESSION['return'] = $_GET['return'];
 }
-$index = strpos($file, 'index.html') !== false;
+
 
 if ($needsAuth) {
     $metadata = getMetadata();
@@ -111,7 +108,7 @@ if ($needsAuth) {
         ]];
 
     try {
-        $auth = new \OneLogin\Saml2\Auth($samlsettings);
+        $auth = new Auth($samlsettings);
     } catch (Exception $e) {
         http_response_code(500);
         print_r($e);
@@ -127,48 +124,19 @@ if ($needsAuth) {
             $needsAuth = false;
             $_SESSION['samlUserdata'] = $auth->getAttributes();
             $_SESSION['samlOK'] = true;
+            header('Location: ' . $_SESSION['return']);
+            unset($_SESSION['return']);
             session_write_close();
-            file_put_contents($logdir.'ok.' . $t . '.log', print_r($_SESSION, true));
-            file_put_contents($logdir. 'xml.' . $t . '.log', $auth->getLastResponseXML());
-
-            if ($_POST['RelayState'] !== $base) {
-                header('Location: ' . $_POST['RelayState'], true);
-                exit;
-            }
-
+            file_put_contents($logdir . 'ok.' . $t . '.log', print_r($_SESSION, true));
+            file_put_contents($logdir . 'xml.' . $t . '.log', $auth->getLastResponseXML());
         } else {
-            file_put_contents($logdir.'err.' . $t . '.log', print_r($errors, true) . "\n\n--\n\n" . print_r($auth->getLastErrorReason(), true) . "\n\n--\n\n" . print_r($auth->getLastErrorException(), true));
+            file_put_contents($logdir . 'err.' . $t . '.log', print_r($errors, true) . "\n\n--\n\n" . print_r($auth->getLastErrorReason(), true) . "\n\n--\n\n" . print_r($auth->getLastErrorException(), true));
         }
+    } else {
+        $auth->login();
     }
-
-    if ($needsAuth) {
-        if ($index) {
-            $auth->login();
-        } else {
-            http_response_code(403);
-        }
-        exit;
-    }
-}
-
-
-if (!file_exists($file)) {
-    http_response_code(404);
-    exit;
 }
 
-$e = explode('.', $file);
-$ext = mb_strtolower(array_pop($e));
-require_once "_mime.php";
-if (isset($mimes['mimes'][$ext])) {
-    $mime = $mimes['mimes'][$ext][0];
-} else {
-    $mime = mime_content_type($file);
-}
-
-header('Content-Type: ' . $mime);
-header('Content-Length: ' . filesize($file));
-header("X-Sendfile: $file");
 
 function xmlToArray($xml, $options = array())
 {
@@ -206,7 +174,10 @@ function xmlToArray($xml, $options = array())
         foreach ($xml->children($namespace) as $childXml) {
             //recurse into child nodes
             $childArray = xmlToArray($childXml, $options);
-            list($childTagName, $childProperties) = each($childArray);
+            foreach ($childArray as $childTagName => $childProperties) {
+                break;
+            }
+            //list($childTagName, $childProperties) = each($childArray);
 
             //replace characters in tag name
             if ($options['keySearch']) $childTagName =
diff --git a/VacheronSSO/composer.json b/VacheronSSO/composer.json
index 277fb90..0878860 100644
--- a/VacheronSSO/composer.json
+++ b/VacheronSSO/composer.json
@@ -1,6 +1,6 @@
 {
   "require": {
-    "php": ">=7.0",
+    "php": ">=8.0",
     "ext-json": "*",
     "ext-xml": "*",
     "guzzlehttp/guzzle": "^7.0",
diff --git a/VacheronSSO/index.php b/VacheronSSO/index.php
new file mode 100644
index 0000000..88d4134
--- /dev/null
+++ b/VacheronSSO/index.php
@@ -0,0 +1,7 @@
+<?php
+session_start();
+if(isset($_SESSION['return'])){
+    require_once "_sso.php";
+    exit;
+}
+header('Location: /EN/');
\ No newline at end of file
-- 
2.39.5