Fixed the bug with filling attribute isCesnetEligibleLastSeen

* Fixed the bug, that attribute isCesnetEligibleLastSeen wasn't filled for Hostel Idp

Author: vyskocilpavel

CHANGELOG.md

@@ -4,6 +4,7 @@ All notable changes to this project will be documented in this file.
 ## [Unreleased]
 [Changed]
 - Fixed the filter for isCesnetEligibleLastSeen that checks the eduPersonScopedAffiliations
+- Fixed the bug, that attribute isCesnetEligibleLastSeen wasn't filled for Hostel Idp
 
 ## [v1.1.1]
 [Changed]

lib/Auth/Process/IsCesnetEligible.php

@@ -16,6 +16,8 @@ class sspmod_cesnet_Auth_Process_IsCesnetEligible extends SimpleSAML_Auth_Proces
 	const OTHER = "other";
 	const EDUID_IDP_GROUP = "http://eduid.cz/uri/idp-group/";
 
+	const HOSTEL_ENTITY_ID = "https://idp.hostel.eduid.cz/idp/shibboleth";
+
 	const INTERFACE_PROPNAME = "interface";
 	const CESNET_ELIGIBLE_LAST_SEEN_ATTR = "cesnetEligibleLastSeenAttr";
 	const DEFAULT_ATTR_NAME = 'isCesnetEligibleLastSeen';
@@ -74,13 +76,21 @@ public function process(&$request)
 			}
 		}
 
+		$isHostelVerified = false;
+		if ($request['saml:sp:IdP'] === self::HOSTEL_ENTITY_ID && isset($request['Attributes']['loa'])
+			&& $request['Attributes']['loa'][0] == 2) {
+			$isHostelVerified = true;
+			SimpleSAML\Logger::debug("cesnet:IsCesnetEligible - The user was verified by Hostel.");
+		}
+
 		try {
 			$this->cesnetEligibleLastSeen = sspmod_perun_RpcConnector::get('attributesManager', 'getAttribute', array(
 				'user' => $user->getId(),
 				'attributeName' => $this->cesnetEligibleLastSeenAttr,
 			));
 
-			if (!empty($this->eduPersonScopedAffiliation) && !is_null($this->entityCategory) && $this->isCesnetEligible()) {
+			if ((!empty($this->eduPersonScopedAffiliation) && !is_null($this->entityCategory) && $this->isCesnetEligible())
+				|| $isHostelVerified) {
 				$this->cesnetEligibleLastSeen['value'] = date("Y-m-d H:i:s");
 				sspmod_perun_RpcConnector::post('attributesManager', 'setAttribute', array(
 					'user' => $user->getId(),