HS 2.0: Terms and Conditions server and management

Add minimal Terms and Conditions server for testing purposes. This can be used to test user interaction for Terms and Conditions acceptance. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-30 17:58:34 +03:00 · 2018-04-30 17:58:34 +03:00 · c456e6e3f7
commit c456e6e3f7
parent 42f4169166
4 changed files with 70 additions and 1 deletions
--- a/hs20/server/hs20-osu-server.txt
+++ b/hs20/server/hs20-osu-server.txt
@ -95,6 +95,12 @@ sqlite3 /home/user/hs20-server/AS/DB/eap_user.db < sql-example.txt
 # the examples as-is for initial testing).
 cp -r www /home/user/hs20-server

+# Create /home/user/hs20-server/terms-and-conditions file (HTML segment to be
+# inserted within the BODY section of the page).
+cat > /home/user/hs20-server/terms-and-conditions <<EOF
+<P>Terms and conditions..</P>
+EOF
+
 # Build local keys and certs
 cd ca
 # Display help options.
--- a/hs20/server/www/config.php
+++ b/hs20/server/www/config.php
@ -1,4 +1,6 @@
 <?php
 $osu_root = "/home/user/hs20-server";
 $osu_db = "sqlite:$osu_root/AS/DB/eap_user.db";
+$t_c_file = "$osu_root/terms-and-conditions";
+$t_c_timestamp = 123456789;
 ?>
--- a/hs20/server/www/terms.php
+++ b/hs20/server/www/terms.php
@ -0,0 +1,49 @@
+<?php
+
+require('config.php');
+
+$db = new PDO($osu_db);
+if (!$db) {
+   die($sqliteerror);
+}
+
+if (!isset($_GET["addr"])) {
+   die("Missing addr parameter");
+}
+$addr = $_GET["addr"];
+
+$accept = isset($_GET["accept"]) && $_GET["accept"] == "yes";
+
+$res = $db->prepare("SELECT identity FROM pending_tc WHERE mac_addr=?");
+$res->execute(array($addr));
+$row = $res->fetch();
+if (!$row) {
+   die("No pending session for the specified MAC address");
+}
+$identity = $row[0];
+?>
+<html>
+<head><title>HS 2.0 Terms and Conditions</title></head>
+<body>
+
+<?php
+
+if (!$accept) {
+   echo "<p>Accept the following terms and conditions by clicking here: <a href=\"terms.php?addr=$addr&accept=yes\">Accept</a></p>\n<hr>\n";
+   readfile($t_c_file);
+} else {
+   $res = $db->prepare("UPDATE users SET t_c_timestamp=? WHERE identity=?");
+   if (!$res->execute(array($t_c_timestamp, $identity))) {
+      echo "<p>Failed to update user account.</p>";
+   } else {
+      $res = $db->prepare("DELETE FROM pending_tc WHERE mac_addr=?");
+      $res->execute(array($addr));
+
+      echo "<p>Terms and conditions were accepted.</p>";
+   }
+}
+
+?>
+
+</body>
+</html>
--- a/hs20/server/www/users.php
+++ b/hs20/server/www/users.php
@ -107,6 +107,10 @@ if ($cmd == "set-osu-cred" && $id > 0) {
  $db->exec("UPDATE users SET osu_user='$osu_user', osu_password='$osu_password' WHERE rowid=$id");
 }

+if ($cmd == 'clear-t-c' && $id > 0) {
+	$db->exec("UPDATE users SET t_c_timestamp=NULL WHERE rowid=$id");
+}
+
 $dump = 0;

 if ($id > 0) {
@ -234,6 +238,13 @@ echo "password: <input type=\"password\" name=\"osu_password\">\n";
 echo "<input type=\"submit\" value=\"Set OSU credentials\">\n";
 echo "</form>\n";

+if (strlen($row['t_c_timestamp']) > 0) {
+	echo "<br>\n";
+	echo "<a href=\"users.php?cmd=clear-t-c&id=" .
+		$row['rowid'] .
+		"\">Clear Terms and Conditions acceptance</a><br>\n";
+}
+
 echo "<hr>\n";

 $user = $row['identity'];
@ -303,7 +314,7 @@ echo "[<a href=\"users.php?cmd=eventlog&limit=50\">Eventlog</a>] ";
 echo "<br>\n";

 echo "<table border=1>\n";
-echo "<tr><th>User<th>Realm<th>Remediation<th>Policy<th>Account type<th>Phase 2 method(s)<th>DevId\n";
+echo "<tr><th>User<th>Realm<th>Remediation<th>Policy<th>Account type<th>Phase 2 method(s)<th>DevId<th>T&C\n";

 $res = $db->query('SELECT rowid,* FROM users WHERE phase2=1');
 foreach ($res as $row) {
@ -338,6 +349,7 @@ foreach ($res as $row) {
 	    break;
 	  }
 	}
+	echo "<td>" . $row['t_c_timestamp'];
 	echo "\n";
 }
 echo "</table>\n";