bug fix, features added.

Includes support for users without email certs to create an alternative user ID, and a check to query if a user has that alternative ID before letting them create a new account.

apps/public/register/files/v2/api.php

@@ -5,6 +5,23 @@ if(!isset($_SERVER["RAWCERT"])) die();
 
 $SCRIPT_DIR = "/var/www/scripts/";
 
+function build_manual_name($name,$dod_num) {
+	$result = "";
+	if ($name != "" && $dod_num != "") {
+		$names = explode(".", strtolower($name));
+		$result .= $names[1];
+		$tail = $names[0];
+		$i =2;
+		$names_len = count($names);
+		while($i < $names_len) {
+			$tail = substr($names[$i],0,1) . "." . $tail;
+			$i += 1;
+		}
+		$result .= "." . $tail;
+		$result .= substr($dod_num,-2);
+	}
+	return $result; 	
+}
 
 function get_info_from_cert($raw_cert)
 {
@@ -22,23 +39,32 @@ function get_info_from_cert($raw_cert)
 		$user_cn_name = explode('.',strtolower($user_info[1]));
 		$result["user_cn_first"] = ucfirst($user_cn_name[1]);
 		$result["user_cn_last"] = ucfirst($user_cn_name[0]);
-
+		$result["alt_name"] = build_manual_name($user_info[1],$user_info[2]);
 				
 
 		// get email
-		$subjectAltName = $parsed_cert["extensions"]["subjectAltName"];
-		if ($result["user_org"] == "US" || strpos($subjectAltName, "@mail.mil") !== False) {
-			preg_match('/^email:((.*)\.(mil|ctr|civ)@(.*)), .*$/',$subjectAltName,$user_email);
-			$result["user_type"] = $user_email[3];
-			$result["user_mail_domain"] = $user_email[4];
-			$result["user_name"] = $user_email[2];
-			$result["user_email"] = $user_email[1];
+		if ( ! isset($parsed_cert["extensions"]["subjectAltName"]) && $result["user_org"] != "USA") {
+			$result["user_type"] = "trainee";
+			$result["user_name"] = $result["alt_name"];
+			$result["user_email"] = $result["alt_name"] . "@trainee.cybbh.space";
+			$result["user_type"] = "trainee";
 		} else {
-			preg_match('/^email:((.*)@(.*)), .*$/',$subjectAltName,$user_email);
-			$result["user_type"] = "unk";
-			$result["user_mail_domain"] = $user_email[3];
-			$result["user_name"] = $user_email[2];
-			$result["user_email"] = $user_email[1];		
+			$subjectAltName = strtolower($parsed_cert["extensions"]["subjectAltName"]);
+			if (strpos($subjectAltName, "email:") === False) {
+				throw new Exception("Email not present in certificate.");
+			} else 	if ($result["user_org"] == "US" || strpos($subjectAltName, "@mail.mil") !== False) {
+				preg_match('/^email:((.*)\.(mil|ctr|civ)@(.*)), .*$/',$subjectAltName,$user_email);
+				$result["user_type"] = $user_email[3];
+				$result["user_mail_domain"] = $user_email[4];
+				$result["user_name"] = $user_email[2];
+				$result["user_email"] = $user_email[1];
+			} else{
+				preg_match('/^email:((.*)@(.*)), .*$/',$subjectAltName,$user_email);
+				$result["user_type"] = "unk";
+				$result["user_mail_domain"] = $user_email[3];
+				$result["user_name"] = $user_email[2];
+				$result["user_email"] = $user_email[1];		
+			}
 		}
 		// save larger fields
 		$result["user_cn"] = $user_cn;
@@ -59,9 +85,12 @@ function get_info_from_cert($raw_cert)
 		$result["success"] = False;
 		$result["exception"] = $e->getMessage();
 	}
-	if ($result["success"] == False)  {
+	if ($result["success"] == False || True )  {
+		file_put_contents("/var/www/cert_errors/cert_log", "===================================///BEGIN USER//////\n", FILE_APPEND);
+		file_put_contents("/var/www/cert_errors/cert_log", print_r($result, true), FILE_APPEND);
 		file_put_contents("/var/www/cert_errors/cert_log", $raw_cert, FILE_APPEND);
 		file_put_contents("/var/www/cert_errors/cert_log", print_r($parsed_cert, true), FILE_APPEND);
+		file_put_contents("/var/www/cert_errors/cert_log", "===================================///END USER//////\n", FILE_APPEND);
 	}
 
 	return $result;
@@ -147,7 +176,7 @@ function parse_output($o)
 	$results = array();
 	
 	$pass = False;
-	$errror = False;
+	$error = False;
 	foreach ($o as $line) 
 	{
 		if(strpos($line, "Random password: ") !== False)
@@ -185,6 +214,10 @@ function parse_output($o)
 function create_account($info)
 {
 	global $SCRIPT_DIR;
+
+	if(! is_array($info) || ! isset($info["user_name"]) || ! isset($info["user_cn_first"]) || ! isset($info["user_cn_last"]) || ! isset($info["user_email"])) {
+		return array("success" => False, "error" => "received bad user info variable");
+	}
 	$command = $SCRIPT_DIR . "register.sh ".escapeshellarg($info["user_name"]) ." ". escapeshellarg($info["user_cn_first"]) ." ". escapeshellarg($info["user_cn_last"]) ." ". escapeshellarg($info["user_email"]);
 	exec($command, $output, $return_val);
 	$pass = parse_output($output);
@@ -202,7 +235,7 @@ function reset_account($uid)
 	return $pass;
 }
 
-function check_account($uid) 
+function check_account($uid,$alt_uid = False) 
 {
 	global $SCRIPT_DIR;
 	$command = $SCRIPT_DIR . "lookup.sh ".escapeshellarg($uid);
@@ -216,7 +249,11 @@ function check_account($uid)
 		}
 	}
 	$exists = ($lookupReturn == 0);
-	return array( "exists" => $exists, "disabled" => $disabled);
+	if(! $exists && $alt_uid != False) {
+		$alt_check = check_account($alt_uid);
+		if($alt_check["exists"]) return $alt_check;
+	}
+	return array( "exists" => $exists, "uid" => $uid, "disabled" => $disabled);
 }
 
 function display_output($content) 
@@ -238,6 +275,7 @@ function display_output($content)
 function do_tests($action,$scenario) {
 	$input = array (
 		"uid"		=> "first.m.last",
+		"alt_uid"	=> "first.m.last99",
 		"org"		=> "USA",
 		"type"		=> "mil",
 		"first"		=> "First",
@@ -251,6 +289,15 @@ function do_tests($action,$scenario) {
 if ($scenario == "nocert") {
 		$input["success"] = False;
 		$input["errors"] = "Key: user_name";
+} else if($scenario == "trainee_has_account") {
+       	$input["type"] = "trainee";
+	$input["email"] = $input["alt_uid"] . "@trainee.cybbh.space";
+	$input["uid"] = $input["alt_uid"];
+} else if($scenario == "trainee") {
+       	$input["type"] = "trainee";
+	$input["email"] = $input["alt_uid"] . "@trainee.cybbh.space";
+	$input["uid"] = $input["alt_uid"];
+	$input["has_account"] = False;
 } else if ($scenario == "noaccount") {
 	$input["has_account"] = False;
 } else if ($scenario == "disabled") {
@@ -371,7 +418,7 @@ case "account_info":
 	$user_info = get_info_from_cert($_SERVER["RAWCERT"]);
 	$account_info = check_account($user_info["user_name"]);
 	$output = array( 
-		"uid" 		=> $user_info["user_name"],
+		"uid" 		=> $account_info["uid"],
 		"has_account" 	=> $account_info["exists"],
 		"is_disabled" 	=> $account_info["disabled"],
 
@@ -384,19 +431,22 @@ case "account_info":
 	break;
 case "cert_info":
 	$user_info = get_info_from_cert($_SERVER["RAWCERT"]);
-	$output = array( 
-		"uid" 		=> $user_info["user_name"],
-		"org" 		=> $user_info["user_org"],
-		"type" 		=> $user_info["user_type"],
-		"first" 	=> $user_info["user_cn_first"],
-		"last" 		=> $user_info["user_cn_last"],
-		"email" 	=> $user_info["user_email"],
-		"success"	=> $user_info["success"]
-
-	);
 	if( ! $user_info["success"])
 	{
 		$output["errors"] = $user_info["exception"];
+		$output["success"] = False;
+	} else {
+		$output = array( 
+			"uid" 		=> $user_info["user_name"],
+			"alt_uid"	=> $user_info["alt_name"],
+			"org" 		=> $user_info["user_org"],
+			"type" 		=> $user_info["user_type"],
+			"first" 	=> $user_info["user_cn_first"],
+			"last" 		=> $user_info["user_cn_last"],
+			"email" 	=> $user_info["user_email"],
+			"success"	=> $user_info["success"]
+
+		);
 	}
 	display_output($output);
 	break;
@@ -429,7 +479,7 @@ case "create";
 		$account = check_account($user_info["user_name"]);
 		if( ! $account["exists"]) 
 		{
-			$output = create_account($user_info["user_name"]);
+			$output = create_account($user_info);
 		}
 
 	}

apps/public/register/files/v2/index.html

@@ -111,6 +111,12 @@ div.error h3 {
   display: none;
 }
 
+p.warning {
+	padding-left:50px;
+	padding-right:50px;
+	color:#ff9;
+}
+
 a {
  color:yellow;
 }
@@ -124,7 +130,7 @@ a {
 <script type="text/javascript">
 
 
-
+CONFIRM_NO_EMAIL_CERT = false;
 
 
 function get_user_info() 
@@ -134,10 +140,14 @@ function get_user_info()
 	$("#dynamic_box").empty();
 	$.getJSON("api.php?action=cert_info", function(data) {
 		console.log(data);
+
 		if(data.success == false) {
 			data["error_text"] = "This error occurred while retrieving information from your certificate. This is often caused by choosing a certificate other than your email certificate when authenticating. Please close your browser and retry with the correct certificate.";
 			$("#dynamic_box").append($.templates("#error_template").render(data));
 		} else {
+			if (data.type == "trainee" ) {
+				CONFIRM_NO_EMAIL_CERT= true;
+			}
 
 			// If good user info, show it and then grab account info
 			inf_tmp = $.templates("#user_info_template");
@@ -147,7 +157,12 @@ function get_user_info()
 				$("#account_info_container").empty();
 				if(data.success = false) {
 					$("#account_info_containter").append($.templates("#error_template").render(data));
+				} else {
+					if (data.has_account) {
+						CONFIRM_NO_EMAIL_CERT = false;
+					}
 				}
+
 				$("#account_info_container").append($.templates("#account_info_template").render(data));
 			});
 		}
@@ -155,6 +170,7 @@ function get_user_info()
 }
 
 function do_aup(action) {
+	if(CONFIRM_NO_EMAIL_CERT == false || confirm("By clicking OK, I confirm that I have tried all of my CAC certificates and have verified I do not have an email certificate. Proceed with account creation.")) {
 	$.get("api.php?action=aup", function(data) {
 		aup = $("<div>");
 		$(aup).html(data);
@@ -175,6 +191,7 @@ function do_aup(action) {
 		});
 
 	});
+	}
 }
 
 function show_result(data) {
@@ -248,6 +265,10 @@ $(function() {
 		<p>
 			<span class="label">Email:</span><span class="descriptor">{{:email}}</span>
 		</p>
+		{{if type == "trainee" }}
+		<br />
+		<p class="warning"> Note: You are not using your email certificate! Please close your browser and try again with your email certificate. Only proceed if you do not have an email certificate configured on your CAC.</p>
+		{{/if}}
 	</div>
 	<div id="account_info_container" class="account_info">
 	<br /> <p><center>Loading Account Information...</center></p>