/ - Diff - Club Drupal - Forge Centrale Marseille

Révision 286092dc

Ajouté par Assos Assos il y a environ 6 ans

ID 286092dcd34937b705c5d6a0bfe58694ca3b54ef
Parent 3115e37e
Enfant ed912c77

Added OAuth2 modules

                         GNU GENERAL PUBLIC LICENSE
                            Version 2, June 1991
      Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      Everyone is permitted to copy and distribute verbatim copies
      of this license document, but changing it is not allowed.
                                 Preamble
       The licenses for most software are designed to take away your
     freedom to share and change it.  By contrast, the GNU General Public
     License is intended to guarantee your freedom to share and change free
     software--to make sure the software is free for all its users.  This
     General Public License applies to most of the Free Software
     Foundation's software and to any other program whose authors commit to
     using it.  (Some other Free Software Foundation software is covered by
     the GNU Lesser General Public License instead.)  You can apply it to
     your programs, too.
       When we speak of free software, we are referring to freedom, not
     price.  Our General Public Licenses are designed to make sure that you
     have the freedom to distribute copies of free software (and charge for
     this service if you wish), that you receive source code or can get it
     if you want it, that you can change the software or use pieces of it
     in new free programs; and that you know you can do these things.
       To protect your rights, we need to make restrictions that forbid
     anyone to deny you these rights or to ask you to surrender the rights.
     These restrictions translate to certain responsibilities for you if you
     distribute copies of the software, or if you modify it.
       For example, if you distribute copies of such a program, whether
     gratis or for a fee, you must give the recipients all the rights that
     you have.  You must make sure that they, too, receive or can get the
     source code.  And you must show them these terms so they know their
     rights.
       We protect your rights with two steps: (1) copyright the software, and
     (2) offer you this license which gives you legal permission to copy,
     distribute and/or modify the software.
       Also, for each author's protection and ours, we want to make certain
     that everyone understands that there is no warranty for this free
     software.  If the software is modified by someone else and passed on, we
     want its recipients to know that what they have is not the original, so
     that any problems introduced by others will not reflect on the original
     authors' reputations.
       Finally, any free program is threatened constantly by software
     patents.  We wish to avoid the danger that redistributors of a free
     program will individually obtain patent licenses, in effect making the
     program proprietary.  To prevent this, we have made it clear that any
     patent must be licensed for everyone's free use or not licensed at all.
       The precise terms and conditions for copying, distribution and
     modification follow.
                         GNU GENERAL PUBLIC LICENSE
        TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 . This License applies to any program or other work which contains
     a notice placed by the copyright holder saying it may be distributed
     under the terms of this General Public License.  The "Program", below,
     refers to any such program or work, and a "work based on the Program"
     means either the Program or any derivative work under copyright law:
     that is to say, a work containing the Program or a portion of it,
     either verbatim or with modifications and/or translated into another
     language.  (Hereinafter, translation is included without limitation in
     the term "modification".)  Each licensee is addressed as "you".
     Activities other than copying, distribution and modification are not
     covered by this License; they are outside its scope.  The act of
     running the Program is not restricted, and the output from the Program
     is covered only if its contents constitute a work based on the
     Program (independent of having been made by running the Program).
     Whether that is true depends on what the Program does.
 . You may copy and distribute verbatim copies of the Program's
     source code as you receive it, in any medium, provided that you
     conspicuously and appropriately publish on each copy an appropriate
     copyright notice and disclaimer of warranty; keep intact all the
     notices that refer to this License and to the absence of any warranty;
     and give any other recipients of the Program a copy of this License
     along with the Program.
     You may charge a fee for the physical act of transferring a copy, and
     you may at your option offer warranty protection in exchange for a fee.
 . You may modify your copy or copies of the Program or any portion
     of it, thus forming a work based on the Program, and copy and
     distribute such modifications or work under the terms of Section 1
     above, provided that you also meet all of these conditions:
         a) You must cause the modified files to carry prominent notices
         stating that you changed the files and the date of any change.
         b) You must cause any work that you distribute or publish, that in
         whole or in part contains or is derived from the Program or any
         part thereof, to be licensed as a whole at no charge to all third
         parties under the terms of this License.
         c) If the modified program normally reads commands interactively
         when run, you must cause it, when started running for such
         interactive use in the most ordinary way, to print or display an
         announcement including an appropriate copyright notice and a
         notice that there is no warranty (or else, saying that you provide
         a warranty) and that users may redistribute the program under
         these conditions, and telling the user how to view a copy of this
         License.  (Exception: if the Program itself is interactive but
         does not normally print such an announcement, your work based on
         the Program is not required to print an announcement.)
     These requirements apply to the modified work as a whole.  If
     identifiable sections of that work are not derived from the Program,
     and can be reasonably considered independent and separate works in
     themselves, then this License, and its terms, do not apply to those
     sections when you distribute them as separate works.  But when you
     distribute the same sections as part of a whole which is a work based
     on the Program, the distribution of the whole must be on the terms of
     this License, whose permissions for other licensees extend to the
     entire whole, and thus to each and every part regardless of who wrote it.
     Thus, it is not the intent of this section to claim rights or contest
     your rights to work written entirely by you; rather, the intent is to
     exercise the right to control the distribution of derivative or
     collective works based on the Program.
     In addition, mere aggregation of another work not based on the Program
     with the Program (or with a work based on the Program) on a volume of
     a storage or distribution medium does not bring the other work under
     the scope of this License.
 . You may copy and distribute the Program (or a work based on it,
     under Section 2) in object code or executable form under the terms of
     Sections 1 and 2 above provided that you also do one of the following:
         a) Accompany it with the complete corresponding machine-readable
         source code, which must be distributed under the terms of Sections
 and 2 above on a medium customarily used for software interchange; or,
         b) Accompany it with a written offer, valid for at least three
         years, to give any third party, for a charge no more than your
         cost of physically performing source distribution, a complete
         machine-readable copy of the corresponding source code, to be
         distributed under the terms of Sections 1 and 2 above on a medium
         customarily used for software interchange; or,
         c) Accompany it with the information you received as to the offer
         to distribute corresponding source code.  (This alternative is
         allowed only for noncommercial distribution and only if you
         received the program in object code or executable form with such
         an offer, in accord with Subsection b above.)
     The source code for a work means the preferred form of the work for
     making modifications to it.  For an executable work, complete source
     code means all the source code for all modules it contains, plus any
     associated interface definition files, plus the scripts used to
     control compilation and installation of the executable.  However, as a
     special exception, the source code distributed need not include
     anything that is normally distributed (in either source or binary
     form) with the major components (compiler, kernel, and so on) of the
     operating system on which the executable runs, unless that component
     itself accompanies the executable.
     If distribution of executable or object code is made by offering
     access to copy from a designated place, then offering equivalent
     access to copy the source code from the same place counts as
     distribution of the source code, even though third parties are not
     compelled to copy the source along with the object code.
 . You may not copy, modify, sublicense, or distribute the Program
     except as expressly provided under this License.  Any attempt
     otherwise to copy, modify, sublicense or distribute the Program is
     void, and will automatically terminate your rights under this License.
     However, parties who have received copies, or rights, from you under
     this License will not have their licenses terminated so long as such
     parties remain in full compliance.
 . You are not required to accept this License, since you have not
     signed it.  However, nothing else grants you permission to modify or
     distribute the Program or its derivative works.  These actions are
     prohibited by law if you do not accept this License.  Therefore, by
     modifying or distributing the Program (or any work based on the
     Program), you indicate your acceptance of this License to do so, and
     all its terms and conditions for copying, distributing or modifying
     the Program or works based on it.
 . Each time you redistribute the Program (or any work based on the
     Program), the recipient automatically receives a license from the
     original licensor to copy, distribute or modify the Program subject to
     these terms and conditions.  You may not impose any further
     restrictions on the recipients' exercise of the rights granted herein.
     You are not responsible for enforcing compliance by third parties to
     this License.
 . If, as a consequence of a court judgment or allegation of patent
     infringement or for any other reason (not limited to patent issues),
     conditions are imposed on you (whether by court order, agreement or
     otherwise) that contradict the conditions of this License, they do not
     excuse you from the conditions of this License.  If you cannot
     distribute so as to satisfy simultaneously your obligations under this
     License and any other pertinent obligations, then as a consequence you
     may not distribute the Program at all.  For example, if a patent
     license would not permit royalty-free redistribution of the Program by
     all those who receive copies directly or indirectly through you, then
     the only way you could satisfy both it and this License would be to
     refrain entirely from distribution of the Program.
     If any portion of this section is held invalid or unenforceable under
     any particular circumstance, the balance of the section is intended to
     apply and the section as a whole is intended to apply in other
     circumstances.
     It is not the purpose of this section to induce you to infringe any
     patents or other property right claims or to contest validity of any
     such claims; this section has the sole purpose of protecting the
     integrity of the free software distribution system, which is
     implemented by public license practices.  Many people have made
     generous contributions to the wide range of software distributed
     through that system in reliance on consistent application of that
     system; it is up to the author/donor to decide if he or she is willing
     to distribute software through any other system and a licensee cannot
     impose that choice.
     This section is intended to make thoroughly clear what is believed to
     be a consequence of the rest of this License.
 . If the distribution and/or use of the Program is restricted in
     certain countries either by patents or by copyrighted interfaces, the
     original copyright holder who places the Program under this License
     may add an explicit geographical distribution limitation excluding
     those countries, so that distribution is permitted only in or among
     countries not thus excluded.  In such case, this License incorporates
     the limitation as if written in the body of this License.
 . The Free Software Foundation may publish revised and/or new versions
     of the General Public License from time to time.  Such new versions will
     be similar in spirit to the present version, but may differ in detail to
     address new problems or concerns.
     Each version is given a distinguishing version number.  If the Program
     specifies a version number of this License which applies to it and "any
     later version", you have the option of following the terms and conditions
     either of that version or of any later version published by the Free
     Software Foundation.  If the Program does not specify a version number of
     this License, you may choose any version ever published by the Free Software
     Foundation.
 . If you wish to incorporate parts of the Program into other free
     programs whose distribution conditions are different, write to the author
     to ask for permission.  For software which is copyrighted by the Free
     Software Foundation, write to the Free Software Foundation; we sometimes
     make exceptions for this.  Our decision will be guided by the two goals
     of preserving the free status of all derivatives of our free software and
     of promoting the sharing and reuse of software generally.
                                 NO WARRANTY
 . BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
     FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
     OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
     PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
     OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
     TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
     PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
     REPAIR OR CORRECTION.
 . IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
     WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
     REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
     INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
     OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
     TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
     YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
     PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
     POSSIBILITY OF SUCH DAMAGES.
                          END OF TERMS AND CONDITIONS
                 How to Apply These Terms to Your New Programs
       If you develop a new program, and you want it to be of the greatest
     possible use to the public, the best way to achieve this is to make it
     free software which everyone can redistribute and change under these terms.
       To do so, attach the following notices to the program.  It is safest
     to attach them to the start of each source file to most effectively
     convey the exclusion of warranty; and each file should have at least
     the "copyright" line and a pointer to where the full notice is found.
         <one line to give the program's name and a brief idea of what it does.>
         Copyright (C) <year>  <name of author>
         This program is free software; you can redistribute it and/or modify
         it under the terms of the GNU General Public License as published by
         the Free Software Foundation; either version 2 of the License, or
         (at your option) any later version.
         This program is distributed in the hope that it will be useful,
         but WITHOUT ANY WARRANTY; without even the implied warranty of
         MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
         GNU General Public License for more details.
         You should have received a copy of the GNU General Public License along
         with this program; if not, write to the Free Software Foundation, Inc.,
 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
     Also add information on how to contact you by electronic and paper mail.
     If the program is interactive, make it output a short notice like this
     when it starts in an interactive mode:
         Gnomovision version 69, Copyright (C) year name of author
         Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
         This is free software, and you are welcome to redistribute it
         under certain conditions; type `show c' for details.
     The hypothetical commands `show w' and `show c' should show the appropriate
     parts of the General Public License.  Of course, the commands you use may
     be called something other than `show w' and `show c'; they could even be
     mouse-clicks or menu items--whatever suits your program.
     You should also get your employer (if you work as a programmer) or your
     school, if any, to sign a "copyright disclaimer" for the program, if
     necessary.  Here is a sample; alter the names:
       Yoyodyne, Inc., hereby disclaims all copyright interest in the program
       `Gnomovision' (which makes passes at compilers) written by James Hacker.
       <signature of Ty Coon>, 1 April 1989
       Ty Coon, President of Vice
     This General Public License does not permit incorporating your program into
     proprietary programs.  If your program is a subroutine library, you may
     consider it more useful to permit linking proprietary applications with the
     library.  If this is what you want to do, use the GNU Lesser General
     Public License instead of this License.

     <!DOCTYPE html>
     <html>
       <head>
         <title>Documentation for Drupal's OAuth2 Authentication Module</title>
         <meta charset="UTF-8">
         <meta name="viewport" content="width=device-width, initial-scale=1.0">
       </head>
       <body>
         <h1>Documentation for Drupal's OAuth2 Authentication Module</h1>
         <h2>Purpose</h2>
         <p>
           <a href="https://www.drupal.org/project/oauth2_authentication">OAuth2 Authentication</a> allows users to log into your Drupal site authenticating against a remote <a href="https://en.wikipedia.org/wiki/Identity_provider">identity provider (IDP)</a> via <a href="https://en.wikipedia.org/wiki/OAuth2#OAuth_2.0">OAuth2</a>.
         </p>
         <p>
           That is, if a user's credentials can be used to retrieve a valid <a href="https://en.wikipedia.org/wiki/Access_token">access token</a>, he/she will be logged into the site with those credentials and the token will be added to his/her session.  If the user doesn't exist yet, it will be created.
         </p>
         <h2>Disclaimer</h2>
         <p>
           In doing this, we're making the assumption that resource requesters are actually resource owners.  Generally, one shouldn't make that assumption as <strong>OAuth2 is an authorization mechanism, not an authentication mechanism</strong>.
         </p>
         <p>
           If you found this module looking for a standard way to have users log in via OAuth2, then you should probably go with <a href="https://www.drupal.org/project/openid_connect"> OpenID Connect</a> instead.  It provides a proper identity layer on top of OAuth2.  Think of it like the evolution of <a href="https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language">SAML</a>.  This module is meant for those that don't have access to an OpenID Connect server, do have access to an IDP that speaks OAuth2, and can trust the environment in which all of it operates.
         </p>
         <p>
           If you haven't considered the security implications of using this module, and you don't control the environment in which it's running, then you shouldn't be using it.  For example, you probably don't want to do this sort of thing on a mobile environment as it can't be trusted to the same extent as a Drupal site behind a corporate firewall.
         </p>
         <p>
           If you made it this far, and are still considering using the module, then make sure you've read and understood the following articles.
         </p>
         <ul>
           <li>
             <a href="http://blog.api-security.org/2013/02/why-oauth-it-self-is-not-authentication.html">Why OAuth it self is not an authentication framework?</a>
           </li>
           <li>
             <a href="http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html">The problem with OAuth for Authentication</a>
           </li>
         </ul>
         <p>
           It also wouldn't hurt to study the official <a href="http://tools.ietf.org/html/rfc6819">OAuth 2.0 Threat Model and Security Considerations</a>.
         </p>
         <h2>Initial Set-Up</h2>
         <ol>
           <li>
             Install and enable the <a href="https://www.drupal.org/project/oauth2_client">OAuth2 Client</a> and <a href="https://www.drupal.org/project/oauth2_authentication"> OAuth2 Authentication</a> modules <a href="https://www.drupal.org/documentation/install/modules-themes/modules-7">as you would any other</a>.
           </li>
           <li>
             If you wish to override any of the methods in the <em>OAuth2AuthenticationClient</em> class to change the module's behaviour, create another class that extends it and implement the desired methods.  This is best done in a custom module for your site, something like <em>Sitename</em> Authentication (<em>sitename</em>_authentication) where <em>S/sitename</em> is the name of your site.
           </li>
           <li>
             Surf to the configuration page over at Home » Administration » Configuration » Web services » OAuth2 Authentication to configure your token endpoint.  This section is mandatory while the others are optional.  They contain sane defaults, but look over all of it to make sure it's what you need for your set-up.
           </li>
           <li>
             If you subclassed <em>OAuth2AuthenticationClient</em>, replace the default class name in Miscellaneous Settings » Client Class with the name of your new class.
           </li>
           <li>Hit the <em>Save configuration</em> button to save your settings.</li>
           <li>Enjoy!</li>
         </ol>
         <h2>Notes</h2>
         <ul>
           <li>
             When an existing local user logs in, the module will attempt to get an access token for him/her.  On success, the token will be added to the user's session.  On failure, the user will still be logged in, but will not get a token.  Whenever a request to get a token is made, the results are reported in the log.
           </li>
           <li>
             Once you've got this set up, you'll have to ensure that <a href="https://www.drupal.org/node/2292623">the Web-services client module you're using</a> supports the OAuth2 protocol (i.e. token access to resources).  If you're already using one that doesn't, you'll have to add that support.  Otherwise, go with one that supports this already.
           </li>
         </ul>
         <h2>Issues</h2>
         <h3>Token Expiration</h3>
         <p>
           If the total expiration time for your tokens, including successive tokens returned by your token server through refresh tokens (RTs), is less than the maximum time a user can be logged in (see <a href="https://www.drupal.org/project/session_expire">Session Expire</a> for details), users will still be logged in when their final tokens expire.
         </p>
         <p>
           As this module doesn't (yet) deal with that situation, you'll need to come up with a solution that meets your requirements.  Some background information on this can be found over at <a href="https://rnd.feide.no/2012/04/19/best-practice-for-dealing-with-oauth-2-0-token-expiration-at-the-consumer/">Best-Practice for dealing with OAuth 2.0 Token expiration at the Consumer</a>.
         </p>
         <h4>Options</h4>
         <ul>
           <li>Automatically log out each user after being logged in for the token expiry time.</li>
           <li>Extend the token expiration time to the maximum amount of time a user can be logged in.</li>
           <li>Add support for refresh tokens (RTs) that can keep working until a user's login session expires.</li>
           <li>Have the token server issue tokens that don't expire.</li>
           <li>Some combination of the above.</li>
         </ul>
         <h4>Real-World Solutions</h4>
         <ul>
           <li><a href="https://developers.facebook.com/docs/facebook-login/access-tokens">Facebook: Access Tokens</a></li>
           <li><a href="https://developer.linkedin.com/documents/handling-errors-invalid-tokens">LinkedIn: Handling Errors &amp; Invalid Tokens</a></li>
           <li><a href="https://developers.blog.box.com/2013/11/13/oauth2-update-longer-lived-refresh-tokens/">Box: OAuth2 update - Longer lived refresh tokens</a></li>
           <li><a href="https://www.salesforce.com/us/developer/docs/api_rest/Content/intro_understanding_refresh_token_oauth.htm">Salesforce: Understanding the OAuth Refresh Token Process</a></li>
         </ul>
         <h4>Helpful Drupal Modules</h4>
         <ul>
           <li><a href="https://www.drupal.org/project/session_expire">Session expire</a> (also explains the default login session length)</li>
           <li><a href="https://www.drupal.org/project/autologout">Automated Logout</a></li>
           <li><a href="https://www.drupal.org/project/ejectorseat">Ejector Seat</a></li>
         </ul>
       </body>
     </html>

     <?php
     /**
      * @file
      * Base class for OAuth2 Authentication clients.
      */
     /**
      * Description of OAuth2AuthenticationClient class.
+     *
      * The OAuth2AuthenticationClient class is used to authenticate users based on
      * valid accesss tokens provided by an OAuth2 server.  Once users are logged in,
      * their sessions will contain the tokens necessary for gaining access to remote
      * resources.  Valid remote users who do not exist locally will be created.
+     *
      * Feel free to subclass in order to override anything done here.  If you do,
      * make sure to add the new class to the configuration.
      */
     class OAuth2AuthenticationClient {
       /**
        * The username of the user whose access is being requested.
        */
       protected $username = NULL;
       /**
        * The password of the user whose access is being requested.
        */
       protected $password = NULL;
       /**
        * Construct an OAuth2\OAuth2AuthenticationClient object.
+       *
        * @param string $username
        *   The username of the user whose authentication is requested.
        * @param string $password
        *   The username of the user whose authentication is requested.
        */
       public function __construct($username, $password) {
         // Set the username and password for later use.
         $this->username = $username;
         $this->password = $password;
+      }
       /**
        * Determines if a user with a provided name and password exists remotely.
+       *
        * @return
        *   TRUE if the user exists remotely; FALSE otherwise.
        */
       public function userExistsRemotely() {
         // If we can get an access token for this user, then we know he/she exists
         // remotely.
         return $this->getAccessToken();
+      }
       /**
        * Attempts to get an access token.
+       *
        * @return
        *   TRUE if an access token was retrieved; FALSE otherwise.
        */
       public function getAccessToken() {
         // Configure the OAuth2 client.
         $oauth2_config = array(
           'auth_flow'      => 'user-password',
           'token_endpoint' => variable_get('oauth2_authentication_token_endpoint', ''),
           'client_id'      => variable_get('oauth2_authentication_client_id', ''),
           'client_secret'  => variable_get('oauth2_authentication_client_secret', ''),
           'scope'          => variable_get('oauth2_authentication_scope', ''),
           'username'       => $this->username,
           'password'       => $this->password,
         );
         try {
           // Create an OAuth2 client and attempt to get an access token.  If we
           // aren't able to, we'll end up in the catch stanza as an exception will
           // be thrown.
           $oauth2_client = new OAuth2\Client($oauth2_config);
           $token = $oauth2_client->getAccessToken();
           $token_retrieved = isset($token);
+        }
         catch (Exception $e) {
           // We couildn't get an access token for this user so it must not be valid.
           $token_retrieved = FALSE;
+        }
         // Report status in the log.
         watchdog('oauth2_authentication', 'Access token requested for user %name: !result', array(
           '%name' => $this->username,
           '!result' => $token_retrieved ? 'SUCCESS' : 'FAILURE',
         ));
         // Return the result.
         return $token_retrieved;
+      }
       /**
        * Create a new user based on the successful validation of a remote user.
+       *
        * This function creates a new local Drupal user if a corresponding remote
        * user exists, but doesn't exist here yet.
+       *
        * @return
        *   A fully-loaded $user object upon successful creation or FALSE on failure.
        */
       public function createUserLocally() {
         // Get the user's e-mail address from some remote service.
         $email = $this->getUserEmailAddress();
         // Create a list of user information.
         $user = array(
           'name'   => $this->username,
           'pass'   => $this->password,
           'mail'   => $email,
           'status' => 1,
           'init'   => $email,
           'roles'  => array(
             DRUPAL_AUTHENTICATED_RID => 'authenticated user',
           ),
         );
         // Save the new user.
         $user = user_save(NULL, $user);
         // Report the new user in the log.
         watchdog('oauth2_authentication', 'New user: %name (%email).', array(
           '%name' => $this->username,
           '%email' => $email ? $email : 'no e-mail address',
         ), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $user->uid . '/edit'));
         // Return it.
         return $user;
+      }
       /*
        * Update a user based on the successful validation of a remote user.
+       *
        * This function updates an existing local Drupal user if a corresponding
        * remote user exists.
+       *
        * A typical use case for this is when a user's password has changed in the
        * OAuth2 provider system but the local Drupal user has an old password entry
        * in the users table.
+       *
        * @param $account
        *   The user object to be updated.
+       *
        * @return
        *   A fully-loaded $user object upon successful update or FALSE on failure.
        */
       public function updateUserLocally($account) {
         // Create a list of user information.
         $user = array(
           'pass'   => $this->password,
           'status' => 1,
           'roles'  => array(
             DRUPAL_AUTHENTICATED_RID => 'authenticated user',
           ),
         );
         // Update the account with the new information.
         $account = user_save($account, $user);
         // Report the updated user in the log.
         watchdog('oauth2_authentication', 'Updated user: %name.', array(
           '%name' => $this->username,
         ), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $account->uid . '/edit'));
         return $account;
+      }
       /**
        * Fetches the e-mail address of the user to be created.
+       *
        * This should be overridden.  Otherwise, your users won't have e-mail
        * addresses.
+       *
        * @return
        *   The user's e-mail address.
        */
       protected function getUserEmailAddress() {
         return '';
+      }
+    }

     <?php
     /**
      * @file
      * Administrative UI and functions for the OAuth2 Authentication module.
      */
     /**
      * Form builder: Main administrative form.
      */
     function oauth2_authentication_admin_form($form, &$form_state) {
       // Define the set of fields for the server settings.
       $form['server'] = array(
         '#type' => 'fieldset',
         '#title' => t('Server settings'),
         '#tree' => TRUE,
         '#weight' => 0,
         '#collapsible' => TRUE,
         '#collapsed' => FALSE,
       );
       // Add a text field for the token endpoint.
       $form['server']['token_endpoint'] = array(
         '#title' => t('Token endpoint URL'),
         '#type' => 'textfield',
         '#required' => TRUE,
         '#default_value' => variable_get('oauth2_authentication_token_endpoint', 'https://idp.example.com/token'),
         '#description' => t('A valid URL from where access tokens can be retrieved.'),
       );
       // Add a text field for the client ID.
       $form['server']['client_id'] = array(
         '#title' => t('Client ID'),
         '#type' => 'textfield',
         '#required' => TRUE,
         '#default_value' => variable_get('oauth2_authentication_client_id', ''),
         '#description' => t('This sites\'s ID for authenticating to the token server.'),
       );
       // Add a text field for the client secret.
       $form['server']['client_secret'] = array(
         '#title' => t('Client secret'),
         '#type' => 'textfield',
         '#required' => TRUE,
         '#default_value' => variable_get('oauth2_authentication_client_secret', ''),
         '#description' => t('This site\'s secret used for authenticating to the token server.'),
       );
       // Add a text field for the scope.
       $form['server']['scope'] = array(
         '#title' => t('Scope'),
         '#type' => 'textfield',
         '#default_value' => variable_get('oauth2_authentication_scope', ''),
         '#description' => t('The scope of the access request.'),
       );
       // Define the set of fields for the server settings.
       $form['user'] = array(
         '#type' => 'fieldset',
         '#title' => t('User settings'),
         '#tree' => TRUE,
         '#description' => t('By default, users will not be allowed to edit their passwords or e-mail addresses as these will normally be handled by a separate CRM-type system.  If you\'d like to make these fields user-editable, you may do so, but be warned that changes within Drupal will not be automatically sent to the other system.'),
         '#weight' => 10,
         '#collapsible' => TRUE,
         '#collapsed' => FALSE,
       );
       $form['user']['edit_email'] = array(
         '#type' => 'checkbox',
         '#title' => t('Allow users to edit their e-mail addresses'),
         '#default_value' => variable_get('oauth2_authentication_user_edit_email', FALSE),
       );
       $form['user']['edit_password'] = array(
         '#type' => 'checkbox',
         '#title' => t('Allow users to change their passwords'),
         '#default_value' => variable_get('oauth2_authentication_user_edit_password', FALSE),
       );
       // Define the set of fields for miscellaneous settings.
       $form['misc'] = array(
         '#type' => 'fieldset',
         '#title' => t('Miscellaneous settings'),
         '#tree' => TRUE,
         '#description' => t('These settings don\'t fit into any of the other major categories.'),
         '#weight' => 20,
         '#collapsible' => TRUE,
         '#collapsed' => FALSE,
       );
       // Add a text field for the name of the class to handle the authentication.
       $form['misc']['class'] = array(
         '#title' => t('Client class'),
         '#type' => 'textfield',
         '#required' => TRUE,
         '#default_value' => variable_get('oauth2_authentication_class', 'OAuth2AuthenticationClient'),
         '#description' => t('The name of the class that handles the authentication.  If you have extended the default one to make modifications, enter it here.'),
       );
       // Configure the form submission button.
       $form['actions']['#type'] = 'actions';
       $form['actions']['submit'] = array(
         '#type' => 'submit',
         '#value' => t('Save configuration'),
         '#weight' => 30,
       );
       return $form;
+    }
     /**
      * Validation handler for oauth2_authentication_admin_form.
      */
     function oauth2_authentication_admin_form_validate($form, &$form_state) {
       // Fetch the form values.
       $token_endpoint = $form_state['values']['server']['token_endpoint'];
       $client_id      = $form_state['values']['server']['client_id'];
       $client_secret  = $form_state['values']['server']['client_secret'];
       $scope          = $form_state['values']['server']['scope'];
       $class          = $form_state['values']['misc']['class'];
       // Ensure that the token endpoint is a valid URL.
       if (!valid_url($token_endpoint, TRUE)) {
         form_set_error('server][token_endpoint', 'The token endpoint is not a valid URL.');
+      }
       // Ensure that the class has been defined.
       if (!class_exists($class)) {
         form_set_error('misc][class', 'The authentication-handling class has not been defined.  It must exist before it can be used.');
+      }
+    }
     /**
      * Submit handler for oauth2_authentication_admin_form.
      */
     function oauth2_authentication_admin_form_submit($form, &$form_state) {
       // Fetch the form values.
       $token_endpoint = $form_state['values']['server']['token_endpoint'];
       $client_id      = $form_state['values']['server']['client_id'];
       $client_secret  = $form_state['values']['server']['client_secret'];
       $scope          = $form_state['values']['server']['scope'];
       $class          = $form_state['values']['misc']['class'];
       $edit_email     = $form_state['values']['user']['edit_email'];
       $edit_password  = $form_state['values']['user']['edit_password'];
       // Save the token endpoint.
       if (!empty($token_endpoint)) {
         variable_set('oauth2_authentication_token_endpoint', $token_endpoint);
+      }
       // Save the client ID.
       if (!empty($client_id)) {
         variable_set('oauth2_authentication_client_id', $client_id);
+      }
       // Save the client secret.
       if (!empty($client_secret)) {
         variable_set('oauth2_authentication_client_secret', $client_secret);
+      }
       // Save the scope.
       if (!empty($scope)) {
         variable_set('oauth2_authentication_scope', $scope);
+      }
       // Save the class.
       if (!empty($class)) {
         variable_set('oauth2_authentication_class', $class);
+      }
       // Save the user checkboxes.
       variable_set('oauth2_authentication_user_edit_email', $edit_email);
       variable_set('oauth2_authentication_user_edit_password', $edit_password);
       // Report status.
       drupal_set_message(t('The configuration options have been saved.'));
+    }

     name = OAuth2 Authentication
     description = Authenticates Drupal users via OAuth2
     core = 7.x
     package = OAuth2
     ; Configuration page
     configure = admin/config/services/oauth2-authentication
     ; Dependencies
     dependencies[] = oauth2_client
     ; Classes
     files[] = classes/OAuth2AuthenticationClient.class.php
     ; Information added by Drupal.org packaging script on 2015-01-22
     version = "7.x-1.1"
     core = "7.x"
     project = "oauth2_authentication"
     datestamp = "1421965681"

     <?php
     /**
      * @file
      * Installation file for the OAuth2 Authentication module.
      */
     /**
      * Implements hook_uninstall().
      */
     function oauth2_authentication_uninstall() {
       // Delete the configuration.
       variable_del('oauth2_authentication_token_endpoint');
       variable_del('oauth2_authentication_client_id');
       variable_del('oauth2_authentication_client_secret');
       variable_del('oauth2_authentication_scope');
       variable_del('oauth2_authentication_class');
       variable_del('oauth2_authentication_user_edit_email');
       variable_del('oauth2_authentication_user_edit_password');
+    }

     <?php
     /**
      * @file
      * Provides functionality for the OAuth2 Authentication module.
      */
     /****************************************************************************
      * Drupal Core Hooks
      ****************************************************************************/
     /**
      * Implements hook_menu().
      */
     function oauth2_authentication_menu() {
       $items = array();
       $items['admin/config/services/oauth2-authentication'] = array(
         'title' => 'OAuth2 Authentication',
         'description' => 'Configure OAuth2 Authentication parameters.',
         'page callback' => 'drupal_get_form',
         'page arguments' => array('oauth2_authentication_admin_form'),
         'access arguments' => array('administer oauth2 authentication'),
         'file' => 'includes/oauth2_authentication.admin.inc',
       );
       return $items;
+    }
     /**
      * Implements hook_permission().
      */
     function oauth2_authentication_permission() {
       return array(
         'administer oauth2 authentication' => array(
           'title' => t('Administer authentication parameters'),
           'description' => t('Allows users to set authentication parameters such as the token endpoint and client credentials.'),
         ),
       );
+    }
     /**
      * Implements hook_menu_alter().
+     *
      * Alter some core menu functionality to potentially disable some items.
      */
     function oauth2_authentication_menu_alter(&$items) {
       global $user, $language;
       // Set the path for password resets.
       $path = 'user/password';
       // Restrict the password reset page to user administrators if password editing
       // is disabled.
       if ((!variable_get('oauth2_authentication_user_edit_password', FALSE)) &&
           ($user->uid != 1)) {
         $items[$path]['access callback'] = 'user_access';
         $items[$path]['access arguments'] = array('administer users');
         // Add support for language-prefixed paths.  There doesn't appear to be an
         // easy way to get them so let's use global variables to do so.
         if (($language->language != LANGUAGE_NONE) && (!empty($language->prefix))) {
           $prefix = $language->prefix;
           $items[$prefix . '/' . $path]['access callback'] = 'user_access';
           $items[$prefix . '/' . $path]['access arguments'] = array('administer users');
+        }
+      }
+    }
     /**
      * Implements hook_form_FORM_ID_alter() for the user_login form.
+     *
      * As per user_login_default_validators(), there are three (3) standard
      * validation functions that determine if a user can be logged in.
+     *
      *   1. user_login_name_validate()
      *   2. user_login_authenticate_validate()
      *   3. user_login_final_validate()
+     *
      * We need to override the second one because it determines the user validity
      * based exclusively on its existence in the database.  In our case, if the user
      * exists as per the remote authorization service, but not locally, we want to
      * create it.
      */
     function oauth2_authentication_form_user_login_alter(&$form, &$form_state, $form_id) {
       // Replace the user_login_authenticate_validate() call with our own
       // oauth2_authentication_login_authenticate_validate() function.
       if (in_array('user_login_authenticate_validate', $form['#validate'])) {
         $key = array_search('user_login_authenticate_validate', $form['#validate']);
         $form['#validate'][$key] = 'oauth2_authentication_login_authenticate_validate';
+      }
+    }
     /**
      * Implements hook_form_FORM_ID_alter() for the user_login_block form.
      */
     function oauth2_authentication_form_user_login_block_alter(&$form, &$form_state, $form_id) {
       global $user;
       // Make the same changes as we're making to the standard login form.  See
       // oauth2_authentication_form_user_login_alter() for details.
       oauth2_authentication_form_user_login_alter($form, $form_state, $form_id);
       // Disable password-reset links if applicable.
       if ((!variable_get('oauth2_authentication_user_edit_password', FALSE)) &&
           ($user->uid != 1)) {
         $form['links'] = '';
+      }
+    }
     /**
      * Implements hook_form_FORM_ID_alter() for the user_profile_form form.
+     *
      * Disable editing of externally-controlled user profile fields.  These user
      * attributes would normally be controlled by another CRM-type system.  To set
      * which fields are to enabled or disabled, go to the module configuration page.
      * By default, they are all disabled.
      */
     function oauth2_authentication_form_user_profile_form_alter(&$form, &$form_state, $form_id) {
       global $user;
       // We want to keep user fields editable for user administrators so exit if the
       // current user is one of them.
       if (($user->uid == 1) || user_access('administer users')) {
         return;
+      }
       // Get configuration info on which user attributes are not to be edited.
       $disable_email = !variable_get('oauth2_authentication_user_edit_email', FALSE);
       $disable_password_change = !variable_get('oauth2_authentication_user_edit_password', FALSE);
       // Disable the current password field if neither the e-mail nor the password
       // fields are editable.  It's only needed if one wishes to edit either of
       // those fields.
       $disable_password_current = ($disable_email && $disable_password_change);
       // Disable editing of the E-mail Address field if was configured as such.
       if ($disable_email) {
         $form['account']['mail']['#disabled'] = TRUE;
+      }
       // Disable editing of the Password & Confirm Password fields if they were
       // configured as such.
       if ($disable_password_change) {
         $form['account']['pass']['#disabled'] = TRUE;
+      }
       // Disable editing of the Current Password field if was configured as such.
       if ($disable_password_current) {
         $form['account']['current_pass']['#disabled'] = TRUE;
+      }
+    }
     /**
      * Implements hook_user_logout().
+     *
      * Purge any access tokens stored in the user's session.  We definitely don't
      * want these to be used by a different user that logs in sometime between now
      * and the existing token's expiration time.
      */
     function oauth2_authentication_user_logout($account) {
       // As using unset() on a global variable may not always unset it outside of
       // the current scope, simply drop any OAuth2 tokens by assigning an empty
       // list.
       $_SESSION['oauth2_client'] = array();
+    }
     /****************************************************************************
      * Drupal Core Function Replacements
      ****************************************************************************/
     /**
      * Replacement for user_login_authenticate_validate().
+     *
      * All code here except for the last stanza should be identical to what's in
      * user_login_authenticate_validate().  The last stanza is the only thing we'd
      * like to change as that's the function call we actually care about.
      */
     function oauth2_authentication_login_authenticate_validate($form, &$form_state) {
       $password = trim($form_state['values']['pass']);
       if (!empty($form_state['values']['name']) && !empty($password)) {
         // Do not allow any login from the current user's IP if the limit has been
         // reached. Default is 50 failed attempts allowed in one hour. This is
         // independent of the per-user limit to catch attempts from one IP to log
         // in to many different user accounts.  We have a reasonably high limit
         // since there may be only one apparent IP for all users at an institution.
         if (!flood_is_allowed('failed_login_attempt_ip', variable_get('user_failed_login_ip_limit', 50), variable_get('user_failed_login_ip_window', 3600))) {
           $form_state['flood_control_triggered'] = 'ip';
           return;
+        }
         $account = db_query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $form_state['values']['name']))->fetchObject();
         if ($account) {
           if (variable_get('user_failed_login_identifier_uid_only', FALSE)) {
             // Register flood events based on the uid only, so they apply for any
             // IP address. This is the most secure option.
             $identifier = $account->uid;
+          }
           else {
             // The default identifier is a combination of uid and IP address. This
             // is less secure but more resistant to denial-of-service attacks that
             // could lock out all users with public user names.
             $identifier = $account->uid . '-' . ip_address();
+          }
           $form_state['flood_control_user_identifier'] = $identifier;
           // Don't allow login if the limit for this user has been reached.
           // Default is to allow 5 failed attempts every 6 hours.
           if (!flood_is_allowed('failed_login_attempt_user', variable_get('user_failed_login_user_limit', 5), variable_get('user_failed_login_user_window', 21600), $identifier)) {
             $form_state['flood_control_triggered'] = 'user';
             return;
+          }
+        }
         // We are not limited by flood control, so try to authenticate.
         // Set $form_state['uid'] as a flag for user_login_final_validate().
         $form_state['uid'] = oauth2_authentication_authenticate($form_state['values']['name'], $password);
+      }
+    }
     /**
      * Replacement for user_authenticate().
+     *
      * user_authenticate() determines if a user is valid by looking it up in the
      * local database.  If that's not the case, the user may exist in the remote
      * system.  So we want to add him/her locally if he/she exists there.  If the
      * user does exist locally, we'd like to add a token to his/her session.
+     *
      * @param $name
      *   User name to authenticate.
      * @param $password
      *   A plain-text password, such as trimmed text from form values.
      * @return
      *   The user's uid on success, or FALSE on failure to authenticate.
      */
     function oauth2_authentication_authenticate($name, $password) {
       // Assume the user is invalid until we determine otherwise.
       $uid = FALSE;
       // Only check for a valid user if the username & password were set.
       if (!empty($name) && !empty($password)) {
         // Attempt to load a local user with that name.
         $account = user_load_by_name($name);
         // Instantiate an OAuth2 Authentication class with the credentials.
         $class = variable_get('oauth2_authentication_class', 'OAuth2AuthenticationClient');
         $client = new $class($name, $password);
         // If the load was successful, we can see if the entered password is valid.
         if ($account) {
           // Allow alternate password hashing schemes in checking the password.
           require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
           if (user_check_password($password, $account)) {
             // Successful authentication.
             $uid = $account->uid;
             // Update user to new password scheme if needed.
             if (user_needs_new_hash($account)) {
               user_save($account, array('pass' => $password));
+            }
             // Get a remote access token if possible.  If it's not possible, the
             // user can still log in, but he/she won't be able to access remote
             // resources.
             $client->getAccessToken();
           } else {
             // Maybe the remote password has changed and the user is trying new password.
             // Check if the user exists remotely.  If so update their account/password.
             if ($client->userExistsRemotely()) {
               $uid = $client->updateUserLocally($account)->uid;
+            }
+          }
+        }
         else /* there is no local user account */ {
           // Instantiate an OAuth2 Authentication class with the credentials.
           $class = variable_get('oauth2_authentication_class', 'OAuth2AuthenticationClient');
           $client = new $class($name, $password);
           // Check if the user exists remotely.
           if ($client->userExistsRemotely()) {
             // We're dealing with a valid remote user so create it locally.
             $uid = $client->createUserLocally()->uid;
+          }
+        }
+      }
       // Return the user's local ID if there is one.
       return $uid;
+    }

                         GNU GENERAL PUBLIC LICENSE
                            Version 2, June 1991
      Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      Everyone is permitted to copy and distribute verbatim copies
      of this license document, but changing it is not allowed.
                                 Preamble
       The licenses for most software are designed to take away your
     freedom to share and change it.  By contrast, the GNU General Public
     License is intended to guarantee your freedom to share and change free
     software--to make sure the software is free for all its users.  This
     General Public License applies to most of the Free Software
     Foundation's software and to any other program whose authors commit to
     using it.  (Some other Free Software Foundation software is covered by
     the GNU Lesser General Public License instead.)  You can apply it to
     your programs, too.
       When we speak of free software, we are referring to freedom, not
     price.  Our General Public Licenses are designed to make sure that you
     have the freedom to distribute copies of free software (and charge for
     this service if you wish), that you receive source code or can get it
     if you want it, that you can change the software or use pieces of it
     in new free programs; and that you know you can do these things.
       To protect your rights, we need to make restrictions that forbid
     anyone to deny you these rights or to ask you to surrender the rights.
     These restrictions translate to certain responsibilities for you if you
     distribute copies of the software, or if you modify it.
       For example, if you distribute copies of such a program, whether
     gratis or for a fee, you must give the recipients all the rights that
     you have.  You must make sure that they, too, receive or can get the
     source code.  And you must show them these terms so they know their
     rights.
       We protect your rights with two steps: (1) copyright the software, and
     (2) offer you this license which gives you legal permission to copy,
     distribute and/or modify the software.
       Also, for each author's protection and ours, we want to make certain
     that everyone understands that there is no warranty for this free
     software.  If the software is modified by someone else and passed on, we
     want its recipients to know that what they have is not the original, so
     that any problems introduced by others will not reflect on the original
     authors' reputations.
       Finally, any free program is threatened constantly by software
     patents.  We wish to avoid the danger that redistributors of a free
     program will individually obtain patent licenses, in effect making the
     program proprietary.  To prevent this, we have made it clear that any
     patent must be licensed for everyone's free use or not licensed at all.
       The precise terms and conditions for copying, distribution and
     modification follow.
                         GNU GENERAL PUBLIC LICENSE
        TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 . This License applies to any program or other work which contains
     a notice placed by the copyright holder saying it may be distributed
     under the terms of this General Public License.  The "Program", below,
     refers to any such program or work, and a "work based on the Program"
     means either the Program or any derivative work under copyright law:
     that is to say, a work containing the Program or a portion of it,
     either verbatim or with modifications and/or translated into another
     language.  (Hereinafter, translation is included without limitation in
     the term "modification".)  Each licensee is addressed as "you".
     Activities other than copying, distribution and modification are not
     covered by this License; they are outside its scope.  The act of
     running the Program is not restricted, and the output from the Program
     is covered only if its contents constitute a work based on the
     Program (independent of having been made by running the Program).
     Whether that is true depends on what the Program does.
 . You may copy and distribute verbatim copies of the Program's
     source code as you receive it, in any medium, provided that you
     conspicuously and appropriately publish on each copy an appropriate
     copyright notice and disclaimer of warranty; keep intact all the
     notices that refer to this License and to the absence of any warranty;
     and give any other recipients of the Program a copy of this License
     along with the Program.
     You may charge a fee for the physical act of transferring a copy, and
     you may at your option offer warranty protection in exchange for a fee.
 . You may modify your copy or copies of the Program or any portion
     of it, thus forming a work based on the Program, and copy and
     distribute such modifications or work under the terms of Section 1
     above, provided that you also meet all of these conditions:
         a) You must cause the modified files to carry prominent notices
         stating that you changed the files and the date of any change.
         b) You must cause any work that you distribute or publish, that in
         whole or in part contains or is derived from the Program or any
         part thereof, to be licensed as a whole at no charge to all third
         parties under the terms of this License.
         c) If the modified program normally reads commands interactively
         when run, you must cause it, when started running for such
         interactive use in the most ordinary way, to print or display an
         announcement including an appropriate copyright notice and a
         notice that there is no warranty (or else, saying that you provide
         a warranty) and that users may redistribute the program under
         these conditions, and telling the user how to view a copy of this
         License.  (Exception: if the Program itself is interactive but
         does not normally print such an announcement, your work based on
         the Program is not required to print an announcement.)
     These requirements apply to the modified work as a whole.  If
     identifiable sections of that work are not derived from the Program,
     and can be reasonably considered independent and separate works in
     themselves, then this License, and its terms, do not apply to those
     sections when you distribute them as separate works.  But when you
     distribute the same sections as part of a whole which is a work based
     on the Program, the distribution of the whole must be on the terms of
     this License, whose permissions for other licensees extend to the
     entire whole, and thus to each and every part regardless of who wrote it.
     Thus, it is not the intent of this section to claim rights or contest
     your rights to work written entirely by you; rather, the intent is to
     exercise the right to control the distribution of derivative or
     collective works based on the Program.
     In addition, mere aggregation of another work not based on the Program
     with the Program (or with a work based on the Program) on a volume of
     a storage or distribution medium does not bring the other work under
     the scope of this License.
 . You may copy and distribute the Program (or a work based on it,
     under Section 2) in object code or executable form under the terms of
     Sections 1 and 2 above provided that you also do one of the following:
         a) Accompany it with the complete corresponding machine-readable
         source code, which must be distributed under the terms of Sections
 and 2 above on a medium customarily used for software interchange; or,
         b) Accompany it with a written offer, valid for at least three
         years, to give any third party, for a charge no more than your
         cost of physically performing source distribution, a complete
         machine-readable copy of the corresponding source code, to be
         distributed under the terms of Sections 1 and 2 above on a medium
         customarily used for software interchange; or,
         c) Accompany it with the information you received as to the offer
         to distribute corresponding source code.  (This alternative is
         allowed only for noncommercial distribution and only if you
         received the program in object code or executable form with such
         an offer, in accord with Subsection b above.)
     The source code for a work means the preferred form of the work for
     making modifications to it.  For an executable work, complete source
     code means all the source code for all modules it contains, plus any
     associated interface definition files, plus the scripts used to
     control compilation and installation of the executable.  However, as a
     special exception, the source code distributed need not include
     anything that is normally distributed (in either source or binary
     form) with the major components (compiler, kernel, and so on) of the
     operating system on which the executable runs, unless that component
     itself accompanies the executable.
     If distribution of executable or object code is made by offering
     access to copy from a designated place, then offering equivalent
     access to copy the source code from the same place counts as
     distribution of the source code, even though third parties are not
     compelled to copy the source along with the object code.
 . You may not copy, modify, sublicense, or distribute the Program
     except as expressly provided under this License.  Any attempt
     otherwise to copy, modify, sublicense or distribute the Program is
     void, and will automatically terminate your rights under this License.
     However, parties who have received copies, or rights, from you under
     this License will not have their licenses terminated so long as such
     parties remain in full compliance.
 . You are not required to accept this License, since you have not
     signed it.  However, nothing else grants you permission to modify or
     distribute the Program or its derivative works.  These actions are
     prohibited by law if you do not accept this License.  Therefore, by
     modifying or distributing the Program (or any work based on the
     Program), you indicate your acceptance of this License to do so, and
     all its terms and conditions for copying, distributing or modifying
     the Program or works based on it.
 . Each time you redistribute the Program (or any work based on the
     Program), the recipient automatically receives a license from the
     original licensor to copy, distribute or modify the Program subject to
     these terms and conditions.  You may not impose any further
     restrictions on the recipients' exercise of the rights granted herein.
     You are not responsible for enforcing compliance by third parties to
     this License.
 . If, as a consequence of a court judgment or allegation of patent
     infringement or for any other reason (not limited to patent issues),
     conditions are imposed on you (whether by court order, agreement or
     otherwise) that contradict the conditions of this License, they do not
     excuse you from the conditions of this License.  If you cannot
     distribute so as to satisfy simultaneously your obligations under this
     License and any other pertinent obligations, then as a consequence you
     may not distribute the Program at all.  For example, if a patent
     license would not permit royalty-free redistribution of the Program by
     all those who receive copies directly or indirectly through you, then
     the only way you could satisfy both it and this License would be to
     refrain entirely from distribution of the Program.
     If any portion of this section is held invalid or unenforceable under
     any particular circumstance, the balance of the section is intended to
     apply and the section as a whole is intended to apply in other
     circumstances.
     It is not the purpose of this section to induce you to infringe any
     patents or other property right claims or to contest validity of any
     such claims; this section has the sole purpose of protecting the
     integrity of the free software distribution system, which is
     implemented by public license practices.  Many people have made
     generous contributions to the wide range of software distributed
     through that system in reliance on consistent application of that
     system; it is up to the author/donor to decide if he or she is willing
     to distribute software through any other system and a licensee cannot
     impose that choice.
     This section is intended to make thoroughly clear what is believed to
     be a consequence of the rest of this License.
 . If the distribution and/or use of the Program is restricted in
     certain countries either by patents or by copyrighted interfaces, the
     original copyright holder who places the Program under this License
     may add an explicit geographical distribution limitation excluding
     those countries, so that distribution is permitted only in or among
     countries not thus excluded.  In such case, this License incorporates
     the limitation as if written in the body of this License.
 . The Free Software Foundation may publish revised and/or new versions
     of the General Public License from time to time.  Such new versions will
     be similar in spirit to the present version, but may differ in detail to
     address new problems or concerns.
     Each version is given a distinguishing version number.  If the Program
     specifies a version number of this License which applies to it and "any
     later version", you have the option of following the terms and conditions
     either of that version or of any later version published by the Free
     Software Foundation.  If the Program does not specify a version number of
     this License, you may choose any version ever published by the Free Software
     Foundation.
 . If you wish to incorporate parts of the Program into other free
     programs whose distribution conditions are different, write to the author
     to ask for permission.  For software which is copyrighted by the Free
     Software Foundation, write to the Free Software Foundation; we sometimes
     make exceptions for this.  Our decision will be guided by the two goals
     of preserving the free status of all derivatives of our free software and
     of promoting the sharing and reuse of software generally.
                                 NO WARRANTY
 . BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
     FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
     OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
     PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
     OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
     TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
     PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
     REPAIR OR CORRECTION.
 . IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
     WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
     REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
     INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
     OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
     TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
     YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
     PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
     POSSIBILITY OF SUCH DAMAGES.
                          END OF TERMS AND CONDITIONS
                 How to Apply These Terms to Your New Programs
       If you develop a new program, and you want it to be of the greatest
     possible use to the public, the best way to achieve this is to make it
     free software which everyone can redistribute and change under these terms.

... Ce différentiel a été tronqué car il excède la taille maximale pouvant être affichée.

Formats disponibles : Unified diff

Projet

Général

Profil

Club Drupal

Révision 286092dc

Ajouté par Assos Assos il y a environ 6 ans