Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php | ||
---|---|---|
3 | 3 |
/** |
4 | 4 |
* @file |
5 | 5 |
* This class represents an ldap_authentication module's configuration |
6 |
* It is extended by LdapAuthenticationConfAdmin for configuration and other admin functions |
|
6 |
* It is extended by LdapAuthenticationConfAdmin for configuration and other admin functions.
|
|
7 | 7 |
*/ |
8 | 8 |
|
9 | 9 |
module_load_include('php', 'ldap_user', 'LdapUserConf.class'); |
10 |
|
|
10 |
/** |
|
11 |
* |
|
12 |
*/ |
|
11 | 13 |
class LdapAuthenticationConf { |
12 | 14 |
|
13 | 15 |
/** |
14 |
* server configuration ids being used for authentication
|
|
16 |
* Server configuration ids being used for authentication.
|
|
15 | 17 |
* |
16 | 18 |
* @var array |
17 | 19 |
* |
18 | 20 |
* @see LdapServer->sid() |
19 | 21 |
*/ |
20 |
public $sids = array();
|
|
22 |
public $sids = [];
|
|
21 | 23 |
|
22 | 24 |
/** |
23 |
* server configuration ids being used for authentication
|
|
25 |
* Server configuration ids being used for authentication.
|
|
24 | 26 |
* |
25 |
* @var associative array of LdapServer objects keyed on sids
|
|
27 |
* @var associativearrayofLdapServerobjectskeyedonsids
|
|
26 | 28 |
* |
27 | 29 |
* @see LdapServer->sid() |
28 | 30 |
* @see LdapServer |
29 | 31 |
*/ |
30 |
public $enabledAuthenticationServers = array();
|
|
32 |
public $enabledAuthenticationServers = [];
|
|
31 | 33 |
|
32 | 34 |
|
33 | 35 |
/** |
34 |
* LdapUser configuration object |
|
36 |
* LdapUser configuration object.
|
|
35 | 37 |
* |
36 |
* @var LdapUser object
|
|
38 |
* @var LdapUserobject |
|
37 | 39 |
*/ |
38 |
public $ldapUser = NULL; // ldap_user configuration object |
|
40 |
/** |
|
41 |
* Ldap_user configuration object. |
|
42 |
*/ |
|
43 |
public $ldapUser = NULL; |
|
39 | 44 |
|
40 | 45 |
/** |
41 | 46 |
* Has current object been saved to the database? |
42 | 47 |
* |
43 |
* @var boolean
|
|
48 |
* @var bool |
|
44 | 49 |
*/ |
45 | 50 |
public $inDatabase = FALSE; |
46 | 51 |
|
47 | 52 |
/** |
48 |
* Choice of authentication modes
|
|
49 |
*
|
|
50 |
* @var integer
|
|
51 |
* LDAP_AUTHENTICATION_MODE_DEFAULT (LDAP_AUTHENTICATION_MIXED)
|
|
52 |
* LDAP_AUTHENTICATION_MIXED - signifies both LDAP and Drupal authentication are allowed
|
|
53 |
* Drupal authentication is attempted first.
|
|
54 |
* LDAP_AUTHENTICATION_EXCLUSIVE - signifies only LDAP authenication is allowed
|
|
55 |
*/
|
|
53 |
* Choice of authentication modes.
|
|
54 |
* |
|
55 |
* @var int
|
|
56 |
* LDAP_AUTHENTICATION_MODE_DEFAULT (LDAP_AUTHENTICATION_MIXED) |
|
57 |
* LDAP_AUTHENTICATION_MIXED - signifies both LDAP and Drupal authentication are allowed |
|
58 |
* Drupal authentication is attempted first. |
|
59 |
* LDAP_AUTHENTICATION_EXCLUSIVE - signifies only LDAP authenication is allowed |
|
60 |
*/ |
|
56 | 61 |
public $authenticationMode = LDAP_AUTHENTICATION_MODE_DEFAULT; |
57 | 62 |
|
58 | 63 |
/** |
59 | 64 |
* The following are used to alter the logon interface to direct users |
60 |
* to local LDAP specific authentication help |
|
65 |
* to local LDAP specific authentication help.
|
|
61 | 66 |
*/ |
62 | 67 |
|
63 | 68 |
/** |
64 | 69 |
* Text describing username to use, such as "Hogwarts Username" |
65 | 70 |
* which will be inserted on logon forms to help users figure out which |
66 |
* username to use |
|
71 |
* username to use.
|
|
67 | 72 |
* |
68 | 73 |
* @var string |
69 | 74 |
*/ |
... | ... | |
72 | 77 |
/** |
73 | 78 |
* Text describing password to use, such as "Hogwards LDAP Password" |
74 | 79 |
* which will be inserted on logon forms. Useful in organizations with |
75 |
* multiple account types for authentication |
|
80 |
* multiple account types for authentication.
|
|
76 | 81 |
* |
77 | 82 |
* @var string |
78 | 83 |
*/ |
... | ... | |
81 | 86 |
/** |
82 | 87 |
* Text and Url to provide help link for password such as: |
83 | 88 |
* ldapUserHelpLinkUrl: https://passwords.hogwarts.edu |
84 |
* ldapUserHelpLinkText: Hogwarts IT Password Support Page |
|
89 |
* ldapUserHelpLinkText: Hogwarts IT Password Support Page.
|
|
85 | 90 |
* |
86 | 91 |
* @var string |
87 | 92 |
*/ |
... | ... | |
92 | 97 |
* Email handling option |
93 | 98 |
* LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE -- don't show email on user forms |
94 | 99 |
* LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE (default) -- disable email on user forms |
95 |
* LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW -- allow editing of email on user forms |
|
100 |
* LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW -- allow editing of email on user forms.
|
|
96 | 101 |
* |
97 | 102 |
* @var int |
98 | 103 |
*/ |
99 | 104 |
public $emailOption = LDAP_AUTHENTICATION_EMAIL_FIELD_DEFAULT; |
100 | 105 |
|
101 |
/**
|
|
106 |
/** |
|
102 | 107 |
* Email handling option |
103 | 108 |
* LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY -- (default) Update stored email if LDAP email differs at login and notify user |
104 | 109 |
* LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE -- Update stored email if LDAP email differs at login but don\'t notify user |
105 |
* LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE -- Don\'t update stored email if LDAP email differs at login |
|
110 |
* LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE -- Don\'t update stored email if LDAP email differs at login.
|
|
106 | 111 |
* |
107 | 112 |
* @var int |
108 | 113 |
*/ |
109 | 114 |
public $emailUpdate = LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DEFAULT; |
110 |
|
|
115 |
|
|
111 | 116 |
/** |
112 |
* Email default handling option |
|
113 |
*
|
|
114 |
* This affects how email addresses that are empty are handled by
|
|
117 |
* Email default handling option.
|
|
118 |
* |
|
119 |
* This affects how email addresses that are empty are handled by |
|
115 | 120 |
* the authentication process. |
116 |
*
|
|
121 |
* |
|
117 | 122 |
* LDAP_AUTHENTICATION_EMAIL_TEMPLATE_NONE -- leaves the email empty |
118 | 123 |
* LDAP_AUTHENTICATION_EMAIL_TEMPLATE_IF_EMPTY (default) -- if the email is empty, it will be replaced |
119 | 124 |
* LDAP_AUTHENTICATION_EMAIL_TEMPLATE_ALWAYS -- always use the template |
120 |
*
|
|
125 |
* |
|
121 | 126 |
* @var int |
122 | 127 |
*/ |
123 | 128 |
public $emailTemplateHandling = LDAP_AUTHENTICATION_EMAIL_TEMPLATE_DEFAULT; |
124 |
|
|
129 |
|
|
125 | 130 |
/** |
126 | 131 |
* Email template. |
127 |
*
|
|
132 |
* |
|
128 | 133 |
* @var string |
129 | 134 |
*/ |
130 | 135 |
public $emailTemplate = LDAP_AUTHENTICATION_DEFAULT_TEMPLATE; |
131 |
|
|
136 |
|
|
132 | 137 |
/** |
133 |
* Whether or not to display a notification to the user on login, prompting
|
|
138 |
* Whether or not to display a notification to the user on login, prompting |
|
134 | 139 |
* them to change their email. |
135 |
*
|
|
136 |
* @var boolean
|
|
140 |
* |
|
141 |
* @var bool |
|
137 | 142 |
*/ |
138 | 143 |
public $templateUsagePromptUser = LDAP_AUTHENTICATION_TEMPLATE_USAGE_PROMPT_USER_DEFAULT; |
139 |
|
|
144 |
|
|
140 | 145 |
/** |
141 | 146 |
* Whether or not to avoid updating the email address of the user if the |
142 | 147 |
* template was used to generate it. |
143 |
*
|
|
144 |
* @var boolean
|
|
148 |
* |
|
149 |
* @var bool |
|
145 | 150 |
*/ |
146 | 151 |
public $templateUsageNeverUpdate = LDAP_AUTHENTICATION_TEMPLATE_USAGE_NEVER_UPDATE_DEFAULT; |
147 |
|
|
152 |
|
|
148 | 153 |
/** |
149 | 154 |
* Whether or not to use the email template if there is a user with a different |
150 | 155 |
* login name but same email address in the system. |
151 |
*
|
|
152 |
* @var boolean
|
|
156 |
* |
|
157 |
* @var bool |
|
153 | 158 |
*/ |
154 | 159 |
public $templateUsageResolveConflict = LDAP_AUTHENTICATION_TEMPLATE_USAGE_RESOLVE_CONFLICT_DEFAULT; |
155 |
|
|
160 |
|
|
156 | 161 |
/** |
157 | 162 |
* A PCRE regular expression (minus the delimiter and flags) that will be used |
158 |
* if $templateUsagePromptUser is set to true to determine if the email
|
|
159 |
* address is a fake one or not.
|
|
160 |
*
|
|
163 |
* if $templateUsagePromptUser is set to true to determine if the email |
|
164 |
* address is a fake one or not. |
|
165 |
* |
|
161 | 166 |
* By allowing this to be customized, we let the administrators handle older |
162 | 167 |
* patterns should they decide to change the existing one, as well as avoiding |
163 | 168 |
* the complexity of determining a proper regex from the template. |
164 |
*
|
|
169 |
* |
|
165 | 170 |
* @var string |
166 | 171 |
*/ |
167 | 172 |
public $templateUsagePromptRegex = LDAP_AUTHENTICATION_DEFAULT_TEMPLATE_REGEX; |
168 |
|
|
173 |
|
|
169 | 174 |
/** |
170 | 175 |
* Controls whether or not we should check on login if the email template was |
171 | 176 |
* used and redirect the user if needed. |
172 |
*
|
|
173 |
* @var boolean
|
|
177 |
* |
|
178 |
* @var bool |
|
174 | 179 |
*/ |
175 | 180 |
public $templateUsageRedirectOnLogin = LDAP_AUTHENTICATION_REDIRECT_ON_LOGIN_DEFAULT; |
176 |
|
|
177 | 181 |
|
178 | 182 |
|
179 |
/** |
|
183 |
|
|
184 |
/** |
|
180 | 185 |
* Password handling option |
181 | 186 |
* LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW -- show field disabled on user forms |
182 | 187 |
* LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE (default) -- disable password on user forms |
183 |
* LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW -- allow editing of password on user forms |
|
188 |
* LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW -- allow editing of password on user forms.
|
|
184 | 189 |
* |
185 | 190 |
* @var int |
186 | 191 |
*/ |
... | ... | |
194 | 199 |
public $ssoNotifyAuthentication = FALSE; |
195 | 200 |
public $ldapImplementation = FALSE; |
196 | 201 |
public $cookieExpire = LDAP_AUTHENTICATION_COOKIE_EXPIRE; |
197 |
public $apiPrefs = array();
|
|
202 |
public $apiPrefs = [];
|
|
198 | 203 |
|
199 | 204 |
/** |
200 |
* Advanced options. whitelist / blacklist options |
|
201 |
* |
|
202 |
* these are on the fuzzy line between authentication and authorization |
|
203 |
* and determine if a user is allowed to authenticate with ldap |
|
205 |
* Advanced options. whitelist / blacklist options. |
|
204 | 206 |
* |
207 |
* These are on the fuzzy line between authentication and authorization |
|
208 |
* and determine if a user is allowed to authenticate with ldap. |
|
205 | 209 |
*/ |
206 | 210 |
|
207 | 211 |
/** |
208 |
* text which must be present in user's LDAP entry's DN for user to authenticate with LDAP
|
|
209 |
* e.g. "ou=people" |
|
212 |
* Text which must be present in user's LDAP entry's DN for user to authenticate with LDAP
|
|
213 |
* e.g. "ou=people".
|
|
210 | 214 |
* |
211 | 215 |
* @var string |
212 | 216 |
*/ |
213 |
public $allowOnlyIfTextInDn = array(); // eg ou=education that must be met to allow ldap authentication |
|
217 |
/** |
|
218 |
* Eg ou=education that must be met to allow ldap authentication. |
|
219 |
*/ |
|
220 |
public $allowOnlyIfTextInDn = []; |
|
214 | 221 |
|
215 | 222 |
/** |
216 |
* text which prohibits logon if found in user's LDAP entry's DN for user to authenticate with LDAP
|
|
217 |
* e.g. "ou=guest accounts" |
|
223 |
* Text which prohibits logon if found in user's LDAP entry's DN for user to authenticate with LDAP
|
|
224 |
* e.g. "ou=guest accounts".
|
|
218 | 225 |
* |
219 | 226 |
* @var string |
220 | 227 |
*/ |
221 |
public $excludeIfTextInDn = array();
|
|
228 |
public $excludeIfTextInDn = [];
|
|
222 | 229 |
|
223 | 230 |
/** |
224 |
* code that prints 1 or 0 signifying if user is allowed
|
|
225 |
* should not start with <?php |
|
231 |
* Code that prints 1 or 0 signifying if user is allowed
|
|
232 |
* should not start with <?php.
|
|
226 | 233 |
* |
227 |
* @var string of php
|
|
234 |
* @var stringofphp
|
|
228 | 235 |
*/ |
229 | 236 |
public $allowTestPhp = NULL; |
230 | 237 |
|
231 | 238 |
/** |
232 |
* if at least 1 ldap authorization must exist for user to be allowed
|
|
239 |
* If at least 1 ldap authorization must exist for user to be allowed
|
|
233 | 240 |
* True signfies disallow if no authorizations. |
234 | 241 |
* False signifies don't consider authorizations. |
235 | 242 |
* |
236 |
* @var boolean.
|
|
243 |
* @var bool |
|
237 | 244 |
*/ |
238 | 245 |
public $excludeIfNoAuthorizations = LDAP_AUTHENTICATION_EXCL_IF_NO_AUTHZ_DEFAULT; |
239 | 246 |
|
240 |
public $saveable = array(
|
|
247 |
public $saveable = [
|
|
241 | 248 |
'sids', |
242 | 249 |
'authenticationMode', |
243 | 250 |
'loginUIUsernameTxt', |
... | ... | |
265 | 272 |
'templateUsageResolveConflict', |
266 | 273 |
'templateUsagePromptRegex', |
267 | 274 |
'templateUsageRedirectOnLogin', |
268 |
);
|
|
275 |
];
|
|
269 | 276 |
|
277 |
/** |
|
278 |
* |
|
279 |
*/ |
|
270 | 280 |
public function hasEnabledAuthenticationServers() { |
271 | 281 |
return !(count($this->enabledAuthenticationServers) == 0); |
272 | 282 |
} |
273 | 283 |
|
284 |
/** |
|
285 |
* |
|
286 |
*/ |
|
274 | 287 |
public function enabled_servers() { |
275 | 288 |
return $this->hasEnabledAuthenticationServers(); |
276 | 289 |
} |
277 | 290 |
|
278 |
function __construct() { |
|
291 |
/** |
|
292 |
* |
|
293 |
*/ |
|
294 |
public function __construct() { |
|
279 | 295 |
$this->load(); |
280 | 296 |
} |
281 | 297 |
|
282 |
function load() { |
|
298 |
/** |
|
299 |
* |
|
300 |
*/ |
|
301 |
public function load() { |
|
283 | 302 |
|
284 | 303 |
if ($saved = variable_get("ldap_authentication_conf", FALSE)) { |
285 | 304 |
$this->inDatabase = TRUE; |
... | ... | |
288 | 307 |
$this->{$property} = $saved[$property]; |
289 | 308 |
} |
290 | 309 |
} |
291 |
$this->enabledAuthenticationServers = array(); // reset in case reloading instantiated object |
|
310 |
// Reset in case reloading instantiated object. |
|
311 |
$this->enabledAuthenticationServers = []; |
|
292 | 312 |
$enabled_ldap_servers = ldap_servers_get_servers(NULL, 'enabled'); |
293 | 313 |
foreach ($this->sids as $sid => $enabled) { |
294 | 314 |
if ($enabled && isset($enabled_ldap_servers[$sid])) { |
... | ... | |
309 | 329 |
} |
310 | 330 |
|
311 | 331 |
/** |
312 |
* Destructor Method |
|
332 |
* Destructor Method.
|
|
313 | 333 |
*/ |
314 |
function __destruct() { } |
|
315 |
|
|
334 |
public function __destruct() {} |
|
316 | 335 |
|
317 |
/** |
|
318 |
* decide if a username is excluded or not |
|
336 |
/** |
|
337 |
* Decide if a username is excluded or not. |
|
338 |
* |
|
339 |
* @param string $name |
|
340 |
* as proposed drupal username. |
|
341 |
* @param array $ldap_user |
|
342 |
* where top level keys are 'dn','attr','mail'. |
|
319 | 343 |
* |
320 |
* @param string $name as proposed drupal username |
|
321 |
* @param array $ldap_user where top level keys are 'dn','attr','mail' |
|
322 | 344 |
* @return boolean FALSE means NOT allow; TRUE means allow |
323 | 345 |
* |
324 |
* @todo. this function should simply invoke hook_ldap_authentication_allowuser_results_alter
|
|
346 |
* @todo. this function should simply invoke hook_ldap_authentication_allowuser_results_alter |
|
325 | 347 |
* and most of this function should go in ldap_authentication_allowuser_results_alter |
326 | 348 |
*/ |
327 | 349 |
public function allowUser($name, $ldap_user) { |
... | ... | |
330 | 352 |
* do one of the exclude attribute pairs match |
331 | 353 |
*/ |
332 | 354 |
$ldap_user_conf = ldap_user_conf(); |
333 |
// if user does not already exists and deferring to user settings AND user settings only allow
|
|
355 |
// If user does not already exists and deferring to user settings AND user settings only allow.
|
|
334 | 356 |
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL); |
335 | 357 |
|
336 | 358 |
foreach ($this->excludeIfTextInDn as $test) { |
337 | 359 |
if (stripos($ldap_user['dn'], $test) !== FALSE) { |
338 |
return FALSE;// if a match, return FALSE; |
|
360 |
// Match. |
|
361 |
return FALSE; |
|
339 | 362 |
} |
340 | 363 |
} |
341 | 364 |
|
... | ... | |
352 | 375 |
$code_result = php_eval($code); |
353 | 376 |
$_name = NULL; |
354 | 377 |
$_ldap_user_entry = NULL; |
355 |
if ((boolean)($code_result) == FALSE) { |
|
378 |
if ((boolean) ($code_result) == FALSE) {
|
|
356 | 379 |
return FALSE; |
357 | 380 |
} |
358 | 381 |
} |
359 | 382 |
else { |
360 | 383 |
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning'); |
361 |
$tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
|
|
384 |
$tokens = ['!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication')];
|
|
362 | 385 |
watchdog('ldap_authentication', 'LDAP Authentication is configured to deny users based on php execution with php_eval function, but php module is not enabled. Please enable php module or remove php code at !ldap_authentication_config .', $tokens); |
363 | 386 |
return FALSE; |
364 | 387 |
} |
... | ... | |
387 | 410 |
|
388 | 411 |
if (!module_exists('ldap_authorization')) { |
389 | 412 |
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning'); |
390 |
$tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
|
|
413 |
$tokens = ['!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication')];
|
|
391 | 414 |
watchdog('ldap_authentication', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but LDAP Authorization module is not enabled. Please enable and configure LDAP Authorization or disable this option at !ldap_authentication_config .', $tokens); |
392 | 415 |
return FALSE; |
393 | 416 |
} |
394 | 417 |
|
395 | 418 |
$user = new stdClass(); |
396 | 419 |
$user->name = $name; |
397 |
$user->ldap_authenticated = TRUE; // fake user property added for query |
|
420 |
// Fake user property added for query. |
|
421 |
$user->ldap_authenticated = TRUE; |
|
398 | 422 |
$consumers = ldap_authorization_get_consumers(); |
399 | 423 |
$has_enabled_consumers = FALSE; |
400 | 424 |
$has_ldap_authorizations = FALSE; |
... | ... | |
415 | 439 |
|
416 | 440 |
if (!$has_enabled_consumers) { |
417 | 441 |
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning'); |
418 |
$tokens = array('!ldap_consumer_config' => l(t('LDAP Authorization Configuration'), 'admin/config/people/ldap/authorization'));
|
|
442 |
$tokens = ['!ldap_consumer_config' => l(t('LDAP Authorization Configuration'), 'admin/config/people/ldap/authorization')];
|
|
419 | 443 |
watchdog('ldap_authentication', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but 0 LDAP Authorization consumers are configured: !ldap_consumer_config .', $tokens); |
420 | 444 |
return FALSE; |
421 | 445 |
} |
... | ... | |
425 | 449 |
|
426 | 450 |
} |
427 | 451 |
|
428 |
// allow other modules to hook in and refuse if they like
|
|
452 |
// Allow other modules to hook in and refuse if they like.
|
|
429 | 453 |
$hook_result = TRUE; |
430 | 454 |
drupal_alter('ldap_authentication_allowuser_results', $ldap_user, $name, $hook_result); |
431 | 455 |
|
432 | 456 |
if ($hook_result === FALSE) { |
433 |
watchdog('ldap_authentication', "Authentication Allow User Result=refused for %name", array('%name' => $name), WATCHDOG_NOTICE);
|
|
457 |
watchdog('ldap_authentication', "Authentication Allow User Result=refused for %name", ['%name' => $name], WATCHDOG_NOTICE);
|
|
434 | 458 |
return FALSE; |
435 | 459 |
} |
436 | 460 |
|
... | ... | |
440 | 464 |
return TRUE; |
441 | 465 |
} |
442 | 466 |
|
443 |
|
|
444 | 467 |
} |
drupal7/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConfAdmin.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* This classextends by LdapAuthenticationConf for configuration and other admin functions |
|
5 |
* This classextends by LdapAuthenticationConf for configuration and other admin functions.
|
|
6 | 6 |
*/ |
7 | 7 |
|
8 | 8 |
ldap_servers_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConf.class'); |
9 |
|
|
9 |
/** |
|
10 |
* |
|
11 |
*/ |
|
10 | 12 |
class LdapAuthenticationConfAdmin extends LdapAuthenticationConf { |
11 | 13 |
|
14 |
/** |
|
15 |
* |
|
16 |
*/ |
|
12 | 17 |
protected function setTranslatableProperties() { |
13 | 18 |
|
14 | 19 |
/** |
15 | 20 |
* 0. Logon Options |
16 | 21 |
*/ |
17 | 22 |
|
18 |
$values['authenticationModeOptions'] = array(
|
|
23 |
$values['authenticationModeOptions'] = [
|
|
19 | 24 |
LDAP_AUTHENTICATION_MIXED => t('Mixed mode. Drupal authentication is tried first. On failure, LDAP authentication is performed.'), |
20 | 25 |
LDAP_AUTHENTICATION_EXCLUSIVE => t('Only LDAP Authentication is allowed except for user 1. |
21 | 26 |
If selected, (1) reset password links will be replaced with links to ldap end user documentation below. |
22 | 27 |
(2) The reset password form will be left available at user/password for user 1; but no links to it |
23 | 28 |
will be provided to anonymous users. |
24 | 29 |
(3) Password fields in user profile form will be removed except for user 1.'), |
25 |
);
|
|
30 |
];
|
|
26 | 31 |
|
27 | 32 |
$values['authenticationServersDescription'] = t('Check all LDAP server configurations to use in authentication. |
28 | 33 |
Each will be tested for authentication until successful or |
... | ... | |
41 | 46 |
passwords etc. Should be of form http://domain.com/. Could be the institutions ldap password support page |
42 | 47 |
or a page within this drupal site that is available to anonymous users.'); |
43 | 48 |
|
44 |
$values['ldapUserHelpLinkTextDescription'] = t('Text for above link e.g. Account Help or Campus Password Help Page'); |
|
45 |
|
|
49 |
$values['ldapUserHelpLinkTextDescription'] = t('Text for above link e.g. Account Help or Campus Password Help Page'); |
|
46 | 50 |
|
47 | 51 |
/** |
48 | 52 |
* LDAP User Restrictions |
... | ... | |
68 | 72 |
|
69 | 73 |
*/ |
70 | 74 |
|
71 |
$values['emailOptionOptions'] = array(
|
|
75 |
$values['emailOptionOptions'] = [
|
|
72 | 76 |
LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE => t('Don\'t show an email field on user forms. LDAP derived email will be used for user and cannot be changed by user.'), |
73 | 77 |
LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE => t('Show disabled email field on user forms with LDAP derived email. LDAP derived email will be used for user and cannot be changed by user.'), |
74 | 78 |
LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW => t('Leave email field on user forms enabled. Generally used when provisioning to LDAP or not using email derived from LDAP.'), |
75 |
);
|
|
79 |
];
|
|
76 | 80 |
|
77 |
$values['emailUpdateOptions'] = array(
|
|
81 |
$values['emailUpdateOptions'] = [
|
|
78 | 82 |
LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY => t('Update stored email if LDAP email differs at login and notify user.'), |
79 | 83 |
LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE => t('Update stored email if LDAP email differs at login but don\'t notify user.'), |
80 | 84 |
LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE => t('Don\'t update stored email if LDAP email differs at login.'), |
81 |
);
|
|
82 |
$values['emailTemplateHandlingOptions'] = array(
|
|
85 |
];
|
|
86 |
$values['emailTemplateHandlingOptions'] = [
|
|
83 | 87 |
LDAP_AUTHENTICATION_EMAIL_TEMPLATE_NONE => t('Never use the template.'), |
84 | 88 |
LDAP_AUTHENTICATION_EMAIL_TEMPLATE_IF_EMPTY => t('Use the template if no email address was provided by the LDAP server.'), |
85 | 89 |
LDAP_AUTHENTICATION_EMAIL_TEMPLATE_ALWAYS => t('Always use the template.'), |
86 |
); |
|
87 |
|
|
90 |
]; |
|
88 | 91 |
|
89 | 92 |
/** |
90 | 93 |
* Password |
91 | 94 |
*/ |
92 | 95 |
|
93 |
$values['passwordUpdateOptions'] = array(
|
|
96 |
$values['passwordUpdateOptions'] = [
|
|
94 | 97 |
LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW => t('Display password field disabled (Prevents password updates).'), |
95 | 98 |
LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE => t('Don\'t show password field on user forms except login form.'), |
96 | 99 |
LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW => t('Display password field and allow updating it. In order to change password in LDAP, LDAP provisioning for this field must be enabled.'), |
97 |
);
|
|
100 |
];
|
|
98 | 101 |
|
99 | 102 |
/** |
100 | 103 |
* Single Sign-On / Seamless Sign-On |
101 | 104 |
*/ |
102 | 105 |
|
103 |
$values['ldapImplementationOptions'] = array(
|
|
104 |
'mod_auth_sspi' => t('mod_auth_sspi'),
|
|
105 |
'mod_auth_kerb' => t('mod_auth_kerb'),
|
|
106 |
);
|
|
106 |
$values['ldapImplementationOptions'] = [
|
|
107 |
'mod_auth_sspi' => t('mod_auth_sspi'), |
|
108 |
'mod_auth_kerb' => t('mod_auth_kerb'), |
|
109 |
];
|
|
107 | 110 |
|
108 |
$values['cookieExpirePeriod'] = array(-1 => t('Session'), 0 => t('Immediately')) +
|
|
109 |
drupal_map_assoc(array(3600, 86400, 604800, 2592000, 31536000, 315360000, 630720000), 'format_interval');
|
|
111 |
$values['cookieExpirePeriod'] = [-1 => t('Session'), 0 => t('Immediately')] +
|
|
112 |
drupal_map_assoc([3600, 86400, 604800, 2592000, 31536000, 315360000, 630720000], 'format_interval');
|
|
110 | 113 |
|
111 |
$values['ssoEnabledDescription'] = '<strong>' . t('Single Sign on is enabled.') .
|
|
114 |
$values['ssoEnabledDescription'] = '<strong>' . t('Single Sign on is enabled.') . |
|
112 | 115 |
'</strong> ' . t('To disable it, disable the LDAP SSO Module on the') . ' ' . l(t('Modules Form'), 'admin/modules') . '.<p>' . |
113 | 116 |
t('Single Sign-On enables ' . |
114 | 117 |
'users of this site to be authenticated by visiting the URL ' . |
115 | 118 |
'"user/login/sso, or automatically if selecting "automated ' . |
116 | 119 |
'single sign-on" below. Set up of LDAP authentication must be ' . |
117 |
'performed on the web server. Please review the readme file of the '. |
|
120 |
'performed on the web server. Please review the readme file of the ' .
|
|
118 | 121 |
'ldap_sso module for more information.') |
119 | 122 |
. '</p>'; |
120 | 123 |
|
121 |
$values['ssoExcludedPathsDescription'] = '<p>' .
|
|
124 |
$values['ssoExcludedPathsDescription'] = '<p>' . |
|
122 | 125 |
t("Which paths will not check for SSO? cron.php is common example. Specify pages by using their paths. Enter one path per line. The '*' character is a wildcard. |
123 | 126 |
Example paths are %blog for the blog page and %blog-wildcard for every personal blog. %front is the front page.", |
124 |
array('%blog' => 'blog', '%blog-wildcard' => 'blog/*', '%front' => '<front>'));
|
|
125 |
'</p>';
|
|
127 |
['%blog' => 'blog', '%blog-wildcard' => 'blog/*', '%front' => '<front>']);
|
|
128 |
'</p>'; |
|
126 | 129 |
|
127 |
$values['ssoExcludedHostsDescription'] = '<p>' .
|
|
130 |
$values['ssoExcludedHostsDescription'] = '<p>' . |
|
128 | 131 |
t('If your site is accessible via multiple hostnames, you may only want |
129 | 132 |
the LDAP SSO module to authenticate against some of them. To exclude |
130 | 133 |
any hostnames from SSO, enter them here. Enter one host per line.'); |
131 |
'</p>';
|
|
134 |
'</p>'; |
|
132 | 135 |
|
133 |
$values['ssoRemoteUserStripDomainNameDescription'] = t('Useful when the ' .
|
|
136 |
$values['ssoRemoteUserStripDomainNameDescription'] = t('Useful when the ' . |
|
134 | 137 |
'WWW server provides authentication in the form of user@realm and you ' . |
135 | 138 |
'want to have both SSO and regular forms based authentication ' . |
136 | 139 |
'available. Otherwise duplicate accounts with conflicting e-mail ' . |
137 | 140 |
'addresses may be created.'); |
138 |
$values['ssoNotifyAuthenticationDescription'] = t('This displays a message to the ' .
|
|
141 |
$values['ssoNotifyAuthenticationDescription'] = t('This displays a message to the ' . |
|
139 | 142 |
'user after they have succesfully authenticated using single sign on'); |
140 |
$values['seamlessLogInDescription'] = t('This requires that you ' .
|
|
143 |
$values['seamlessLogInDescription'] = t('This requires that you ' . |
|
141 | 144 |
'have operational NTLM or Kerberos authentication turned on for at least ' . |
142 | 145 |
'the path user/login/sso, or for the whole domain.'); |
143 |
$values['cookieExpireDescription'] = t('If using the automated/seamless login, a ' .
|
|
146 |
$values['cookieExpireDescription'] = t('If using the automated/seamless login, a ' . |
|
144 | 147 |
'cookie is necessary to prevent automatic login after a user ' . |
145 | 148 |
'manually logs out. Select the lifetime of the cookie.'); |
146 |
$values['ldapImplementationDescription'] = t('Select the type of ' .
|
|
149 |
$values['ldapImplementationDescription'] = t('Select the type of ' . |
|
147 | 150 |
'authentication mechanism you are using.'); |
148 | 151 |
|
149 |
foreach ($values as $property => $default_value) { |
|
150 |
$this->$property = $default_value; |
|
151 |
} |
|
152 |
foreach ($values as $property => $default_value) { |
|
153 |
$this->$property = $default_value; |
|
152 | 154 |
} |
155 |
} |
|
153 | 156 |
|
154 | 157 |
/** |
155 |
* 0. Logon Options |
|
158 |
* 0. Logon Options.
|
|
156 | 159 |
*/ |
157 | 160 |
public $authenticationModeDefault = LDAP_AUTHENTICATION_MIXED; |
158 | 161 |
public $authenticationModeOptions; |
159 | 162 |
|
160 | 163 |
protected $authenticationServersDescription; |
161 |
protected $authenticationServersOptions = array();
|
|
164 |
protected $authenticationServersOptions = [];
|
|
162 | 165 |
|
163 | 166 |
/** |
164 |
* 1. User Login Interface |
|
167 |
* 1. User Login Interface.
|
|
165 | 168 |
*/ |
166 | 169 |
protected $loginUIUsernameTxtDescription; |
167 | 170 |
protected $loginUIPasswordTxtDescription; |
... | ... | |
170 | 173 |
|
171 | 174 |
|
172 | 175 |
/** |
173 |
* 2. LDAP User Restrictions |
|
176 |
* 2. LDAP User Restrictions.
|
|
174 | 177 |
*/ |
175 | 178 |
|
176 | 179 |
protected $allowOnlyIfTextInDnDescription; |
177 | 180 |
protected $excludeIfTextInDnDescription; |
178 | 181 |
protected $allowTestPhpDescription; |
179 | 182 |
|
180 |
/**
|
|
181 |
* 4. Email |
|
183 |
/** |
|
184 |
* 4. Email.
|
|
182 | 185 |
*/ |
183 | 186 |
|
184 | 187 |
public $emailOptionDefault = LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE; |
... | ... | |
186 | 189 |
|
187 | 190 |
public $emailUpdateDefault = LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY; |
188 | 191 |
public $emailUpdateOptions; |
189 |
|
|
192 |
|
|
190 | 193 |
public $emailTemplateHandlingDefault = LDAP_AUTHENTICATION_EMAIL_TEMPLATE_DEFAULT; |
191 | 194 |
public $emailTemplateHandlingOptions; |
192 |
|
|
195 |
|
|
193 | 196 |
public $emailTemplateDefault = LDAP_AUTHENTICATION_DEFAULT_TEMPLATE; |
194 |
|
|
197 |
|
|
195 | 198 |
public $templateUsagePromptUserDefault = LDAP_AUTHENTICATION_TEMPLATE_USAGE_PROMPT_USER_DEFAULT; |
196 |
|
|
199 |
|
|
197 | 200 |
public $templateUsagePromptRegexDefault = LDAP_AUTHENTICATION_DEFAULT_TEMPLATE_REGEX; |
198 |
|
|
201 |
|
|
199 | 202 |
public $templateUsageNeverUpdateDefault = LDAP_AUTHENTICATION_TEMPLATE_USAGE_NEVER_UPDATE_DEFAULT; |
200 | 203 |
|
201 |
/**
|
|
202 |
* 5. Single Sign-On / Seamless Sign-On |
|
204 |
/** |
|
205 |
* 5. Single Sign-On / Seamless Sign-On.
|
|
203 | 206 |
*/ |
204 | 207 |
|
205 | 208 |
public $ssoEnabledDescription; |
... | ... | |
215 | 218 |
public $hasError = FALSE; |
216 | 219 |
public $errorName = NULL; |
217 | 220 |
|
221 |
/** |
|
222 |
* |
|
223 |
*/ |
|
218 | 224 |
public function clearError() { |
219 | 225 |
$this->hasError = FALSE; |
220 | 226 |
$this->errorMsg = NULL; |
221 | 227 |
$this->errorName = NULL; |
222 | 228 |
} |
223 | 229 |
|
230 |
/** |
|
231 |
* |
|
232 |
*/ |
|
224 | 233 |
public function save() { |
225 | 234 |
foreach ($this->saveable as $property) { |
226 | 235 |
$save[$property] = $this->{$property}; |
... | ... | |
229 | 238 |
$this->load(); |
230 | 239 |
} |
231 | 240 |
|
232 |
static public function getSaveableProperty($property) { |
|
233 |
$ldap_authentication_conf = variable_get('ldap_authentication_conf', array()); |
|
241 |
/** |
|
242 |
* |
|
243 |
*/ |
|
244 |
public static function getSaveableProperty($property) { |
|
245 |
$ldap_authentication_conf = variable_get('ldap_authentication_conf', []); |
|
234 | 246 |
return isset($ldap_authentication_conf[$property]) ? $ldap_authentication_conf[$property] : FALSE; |
235 | 247 |
|
236 | 248 |
} |
237 | 249 |
|
238 |
static public function uninstall() { |
|
250 |
/** |
|
251 |
* |
|
252 |
*/ |
|
253 |
public static function uninstall() { |
|
239 | 254 |
variable_del('ldap_authentication_conf'); |
240 | 255 |
} |
241 | 256 |
|
257 |
/** |
|
258 |
* |
|
259 |
*/ |
|
242 | 260 |
public function __construct() { |
243 | 261 |
parent::__construct(); |
244 | 262 |
$this->setTranslatableProperties(); |
... | ... | |
250 | 268 |
} |
251 | 269 |
} |
252 | 270 |
|
253 |
|
|
271 |
/** |
|
272 |
* |
|
273 |
*/ |
|
254 | 274 |
public function drupalForm() { |
255 | 275 |
|
256 | 276 |
if (count($this->authenticationServersOptions) == 0) { |
257 | 277 |
$message = ldap_servers_no_enabled_servers_msg('configure LDAP Authentication'); |
258 |
$form['intro'] = array(
|
|
278 |
$form['intro'] = [
|
|
259 | 279 |
'#type' => 'item', |
260 | 280 |
'#markup' => t('<h1>LDAP Authentication Settings</h1>') . $message, |
261 |
);
|
|
281 |
];
|
|
262 | 282 |
return $form; |
263 | 283 |
} |
264 | 284 |
|
265 |
$tokens = array(); // not sure what the tokens would be for this form? |
|
285 |
// Not sure what the tokens would be for this form? |
|
286 |
$tokens = []; |
|
266 | 287 |
|
267 |
$form['intro'] = array(
|
|
268 |
'#type' => 'item',
|
|
269 |
'#markup' => t('<h1>LDAP Authentication Settings</h1>'),
|
|
270 |
);
|
|
288 |
$form['intro'] = [
|
|
289 |
'#type' => 'item', |
|
290 |
'#markup' => t('<h1>LDAP Authentication Settings</h1>'), |
|
291 |
];
|
|
271 | 292 |
|
272 |
$form['logon'] = array(
|
|
293 |
$form['logon'] = [
|
|
273 | 294 |
'#type' => 'fieldset', |
274 | 295 |
'#title' => t('Logon Options'), |
275 | 296 |
'#collapsible' => TRUE, |
276 | 297 |
'#collapsed' => FALSE, |
277 |
);
|
|
298 |
];
|
|
278 | 299 |
|
279 |
$form['logon']['authenticationMode'] = array(
|
|
300 |
$form['logon']['authenticationMode'] = [
|
|
280 | 301 |
'#type' => 'radios', |
281 | 302 |
'#title' => t('Allowable Authentications'), |
282 | 303 |
'#required' => 1, |
283 | 304 |
'#default_value' => $this->authenticationMode, |
284 | 305 |
'#options' => $this->authenticationModeOptions, |
285 |
);
|
|
306 |
];
|
|
286 | 307 |
|
287 |
$form['logon']['authenticationServers'] = array(
|
|
308 |
$form['logon']['authenticationServers'] = [
|
|
288 | 309 |
'#type' => 'checkboxes', |
289 | 310 |
'#title' => t('Authentication LDAP Server Configurations'), |
290 | 311 |
'#required' => FALSE, |
291 | 312 |
'#default_value' => $this->sids, |
292 | 313 |
'#options' => $this->authenticationServersOptions, |
293 |
'#description' => $this->authenticationServersDescription |
|
294 |
);
|
|
314 |
'#description' => $this->authenticationServersDescription,
|
|
315 |
];
|
|
295 | 316 |
|
296 |
$form['login_UI'] = array(
|
|
317 |
$form['login_UI'] = [
|
|
297 | 318 |
'#type' => 'fieldset', |
298 | 319 |
'#title' => t('User Login Interface'), |
299 | 320 |
'#collapsible' => TRUE, |
300 | 321 |
'#collapsed' => FALSE, |
301 |
);
|
|
322 |
];
|
|
302 | 323 |
|
303 |
$form['login_UI']['loginUIUsernameTxt'] = array(
|
|
324 |
$form['login_UI']['loginUIUsernameTxt'] = [
|
|
304 | 325 |
'#type' => 'textfield', |
305 | 326 |
'#title' => t('Username Description Text'), |
306 | 327 |
'#required' => 0, |
307 | 328 |
'#default_value' => $this->loginUIUsernameTxt, |
308 | 329 |
'#description' => $this->loginUIUsernameTxtDescription, |
309 |
);
|
|
330 |
];
|
|
310 | 331 |
|
311 |
$form['login_UI']['loginUIPasswordTxt'] = array(
|
|
332 |
$form['login_UI']['loginUIPasswordTxt'] = [
|
|
312 | 333 |
'#type' => 'textfield', |
313 | 334 |
'#title' => t('Password Description Text'), |
314 | 335 |
'#required' => 0, |
315 | 336 |
'#default_value' => $this->loginUIPasswordTxt, |
316 | 337 |
'#description' => $this->loginUIPasswordTxtDescription, |
317 |
);
|
|
338 |
];
|
|
318 | 339 |
|
319 |
$form['login_UI']['ldapUserHelpLinkUrl'] = array(
|
|
340 |
$form['login_UI']['ldapUserHelpLinkUrl'] = [
|
|
320 | 341 |
'#type' => 'textfield', |
321 | 342 |
'#title' => t('LDAP Account User Help URL'), |
322 | 343 |
'#required' => 0, |
323 | 344 |
'#default_value' => $this->ldapUserHelpLinkUrl, |
324 | 345 |
'#description' => $this->ldapUserHelpLinkUrlDescription, |
325 |
); |
|
326 |
|
|
346 |
]; |
|
327 | 347 |
|
328 |
$form['login_UI']['ldapUserHelpLinkText'] = array(
|
|
348 |
$form['login_UI']['ldapUserHelpLinkText'] = [
|
|
329 | 349 |
'#type' => 'textfield', |
330 | 350 |
'#title' => t('LDAP Account User Help Link Text'), |
331 | 351 |
'#required' => 0, |
332 | 352 |
'#default_value' => $this->ldapUserHelpLinkText, |
333 | 353 |
'#description' => $this->ldapUserHelpLinkTextDescription, |
334 |
);
|
|
354 |
];
|
|
335 | 355 |
|
336 |
$form['restrictions'] = array(
|
|
356 |
$form['restrictions'] = [
|
|
337 | 357 |
'#type' => 'fieldset', |
338 | 358 |
'#title' => t('LDAP User "Whitelists" and Restrictions'), |
339 | 359 |
'#collapsible' => TRUE, |
340 | 360 |
'#collapsed' => FALSE, |
341 |
);
|
|
361 |
];
|
|
342 | 362 |
|
343 |
|
|
344 |
$form['restrictions']['allowOnlyIfTextInDn'] = array( |
|
363 |
$form['restrictions']['allowOnlyIfTextInDn'] = [ |
|
345 | 364 |
'#type' => 'textarea', |
346 | 365 |
'#title' => t('Allow Only Text Test'), |
347 | 366 |
'#default_value' => $this->arrayToLines($this->allowOnlyIfTextInDn), |
348 | 367 |
'#cols' => 50, |
349 | 368 |
'#rows' => 3, |
350 | 369 |
'#description' => t($this->allowOnlyIfTextInDnDescription, $tokens), |
351 |
);
|
|
370 |
];
|
|
352 | 371 |
|
353 |
$form['restrictions']['excludeIfTextInDn'] = array(
|
|
372 |
$form['restrictions']['excludeIfTextInDn'] = [
|
|
354 | 373 |
'#type' => 'textarea', |
355 | 374 |
'#title' => t('Excluded Text Test'), |
356 | 375 |
'#default_value' => $this->arrayToLines($this->excludeIfTextInDn), |
357 | 376 |
'#cols' => 50, |
358 | 377 |
'#rows' => 3, |
359 | 378 |
'#description' => t($this->excludeIfTextInDnDescription, $tokens), |
360 |
);
|
|
379 |
];
|
|
361 | 380 |
|
362 |
$form['restrictions']['allowTestPhp'] = array(
|
|
381 |
$form['restrictions']['allowTestPhp'] = [
|
|
363 | 382 |
'#type' => 'textarea', |
364 | 383 |
'#title' => t('PHP to Test for Allowed LDAP Users'), |
365 | 384 |
'#default_value' => $this->allowTestPhp, |
366 | 385 |
'#cols' => 50, |
367 | 386 |
'#rows' => 3, |
368 | 387 |
'#description' => t($this->allowTestPhpDescription, $tokens), |
369 |
'#disabled' => (boolean)(!module_exists('php')), |
|
370 |
);
|
|
388 |
'#disabled' => (boolean) (!module_exists('php')),
|
|
389 |
];
|
|
371 | 390 |
|
372 | 391 |
if (!module_exists('php')) { |
373 | 392 |
$form['restrictions']['allowTestPhp']['#title'] .= ' <em>' . t('php module currently disabled') . '</em>'; |
374 | 393 |
} |
375 | 394 |
|
376 |
$form['restrictions']['excludeIfNoAuthorizations'] = array(
|
|
395 |
$form['restrictions']['excludeIfNoAuthorizations'] = [
|
|
377 | 396 |
'#type' => 'checkbox', |
378 | 397 |
'#title' => t('Deny access to users without Ldap Authorization Module |
379 | 398 |
authorization mappings such as Drupal roles. |
380 | 399 |
Requires LDAP Authorization to be enabled and configured!'), |
381 | 400 |
'#default_value' => $this->excludeIfNoAuthorizations, |
382 | 401 |
'#description' => t($this->excludeIfNoAuthorizationsDescription, $tokens), |
383 |
'#disabled' => (boolean)(!module_exists('ldap_authorization')), |
|
384 |
);
|
|
402 |
'#disabled' => (boolean) (!module_exists('ldap_authorization')),
|
|
403 |
];
|
|
385 | 404 |
|
386 |
$form['email'] = array(
|
|
405 |
$form['email'] = [
|
|
387 | 406 |
'#type' => 'fieldset', |
388 | 407 |
'#title' => t('Email'), |
389 | 408 |
'#collapsible' => TRUE, |
390 | 409 |
'#collapsed' => FALSE, |
391 |
);
|
|
410 |
];
|
|
392 | 411 |
|
393 |
$form['email']['emailOption'] = array(
|
|
412 |
$form['email']['emailOption'] = [
|
|
394 | 413 |
'#type' => 'radios', |
395 | 414 |
'#title' => t('Email Behavior'), |
396 | 415 |
'#required' => 1, |
397 | 416 |
'#default_value' => $this->emailOption, |
398 | 417 |
'#options' => $this->emailOptionOptions, |
399 |
);
|
|
418 |
];
|
|
400 | 419 |
|
401 |
$form['email']['emailUpdate'] = array(
|
|
420 |
$form['email']['emailUpdate'] = [
|
|
402 | 421 |
'#type' => 'radios', |
403 | 422 |
'#title' => t('Email Update'), |
404 | 423 |
'#required' => 1, |
405 | 424 |
'#default_value' => $this->emailUpdate, |
406 | 425 |
'#options' => $this->emailUpdateOptions, |
407 |
);
|
|
408 |
|
|
409 |
$form['email']['template'] = array(
|
|
426 |
];
|
|
427 |
|
|
428 |
$form['email']['template'] = [
|
|
410 | 429 |
'#type' => 'fieldset', |
411 | 430 |
'#collapsible' => TRUE, |
412 | 431 |
'#title' => t('Email Templates'), |
413 |
);
|
|
414 |
|
|
415 |
$form['email']['template']['emailTemplateHandling'] = array(
|
|
432 |
];
|
|
433 |
|
|
434 |
$form['email']['template']['emailTemplateHandling'] = [
|
|
416 | 435 |
'#type' => 'radios', |
417 | 436 |
'#title' => t('Email Template Handling'), |
418 | 437 |
'#required' => 1, |
419 | 438 |
'#default_value' => $this->emailTemplateHandling, |
420 |
'#options' => $this->emailTemplateHandlingOptions |
|
421 |
);
|
|
422 |
|
|
423 |
$form['email']['template']['emailTemplate'] = array(
|
|
439 |
'#options' => $this->emailTemplateHandlingOptions,
|
|
440 |
];
|
|
441 |
|
|
442 |
$form['email']['template']['emailTemplate'] = [
|
|
424 | 443 |
'#type' => 'textfield', |
425 | 444 |
'#title' => t('Email Template'), |
426 | 445 |
'#required' => 0, |
427 | 446 |
'#default_value' => $this->emailTemplate, |
428 |
);
|
|
429 |
|
|
430 |
$form['email']['template']['templateUsageResolveConflict'] = array(
|
|
447 |
];
|
|
448 |
|
|
449 |
$form['email']['template']['templateUsageResolveConflict'] = [
|
|
431 | 450 |
'#type' => 'checkbox', |
432 | 451 |
'#title' => t('If a Drupal account already exists with the same email, but different account name, use the email template instead of the LDAP email.'), |
433 | 452 |
'#default_value' => $this->templateUsageResolveConflict, |
434 |
);
|
|
435 |
|
|
436 |
$form['email']['template']['templateUsageNeverUpdate'] = array(
|
|
453 |
];
|
|
454 |
|
|
455 |
$form['email']['template']['templateUsageNeverUpdate'] = [
|
|
437 | 456 |
'#type' => 'checkbox', |
438 | 457 |
'#title' => t('Ignore the Email Update settings and never update the stored email if the template is used.'), |
439 | 458 |
'#default_value' => $this->templateUsageNeverUpdate, |
440 |
);
|
|
441 |
|
|
442 |
$form['email']['prompts'] = array(
|
|
459 |
];
|
|
460 |
|
|
461 |
$form['email']['prompts'] = [
|
|
443 | 462 |
'#type' => 'fieldset', |
444 | 463 |
'#collapsible' => TRUE, |
445 | 464 |
'#title' => t('User Email Prompt'), |
446 |
'#description' => t('These settings allow the user to fill in their email address after logging in if the template was used to generate their email address.'),
|
|
447 |
);
|
|
448 |
|
|
449 |
$form['email']['prompts']['templateUsagePromptUser'] = array(
|
|
465 |
'#description' => t('These settings allow the user to fill in their email address after logging in if the template was used to generate their email address.'), |
|
466 |
];
|
|
467 |
|
|
468 |
$form['email']['prompts']['templateUsagePromptUser'] = [
|
|
450 | 469 |
'#type' => 'checkbox', |
451 | 470 |
'#title' => t('Prompt user for email on every page load.'), |
452 | 471 |
'#default_value' => $this->templateUsagePromptUser, |
453 |
);
|
|
454 |
|
|
455 |
$form['email']['prompts']['templateUsageRedirectOnLogin'] = array(
|
|
472 |
];
|
|
473 |
|
|
474 |
$form['email']['prompts']['templateUsageRedirectOnLogin'] = [
|
|
456 | 475 |
'#type' => 'checkbox', |
457 | 476 |
'#title' => t('Redirect the user to the form after logging in.'), |
458 | 477 |
'#default_value' => $this->templateUsageRedirectOnLogin, |
459 |
);
|
|
460 |
|
|
461 |
$form['email']['prompts']['templateUsagePromptRegex'] = array(
|
|
478 |
];
|
|
479 |
|
|
480 |
$form['email']['prompts']['templateUsagePromptRegex'] = [
|
|
462 | 481 |
'#type' => 'textfield', |
463 | 482 |
'#default_value' => $this->templateUsagePromptRegex, |
464 | 483 |
'#title' => t('Template Regex'), |
465 | 484 |
'#description' => t('This regex will be used to determine if the template was used to create an account.'), |
466 |
); |
|
467 |
|
|
485 |
]; |
|
468 | 486 |
|
469 |
$form['password'] = array(
|
|
487 |
$form['password'] = [
|
|
470 | 488 |
'#type' => 'fieldset', |
471 | 489 |
'#title' => t('Password'), |
472 | 490 |
'#collapsible' => TRUE, |
473 | 491 |
'#collapsed' => FALSE, |
474 |
);
|
|
475 |
$form['password']['passwordOption'] = array(
|
|
492 |
];
|
|
493 |
$form['password']['passwordOption'] = [
|
|
476 | 494 |
'#type' => 'radios', |
477 | 495 |
'#title' => t('Password Behavior'), |
478 | 496 |
'#required' => 1, |
479 | 497 |
'#default_value' => $this->passwordOption, |
480 | 498 |
'#options' => $this->passwordUpdateOptions, |
481 |
);
|
|
499 |
];
|
|
482 | 500 |
|
483 | 501 |
/** |
484 | 502 |
* Begin single sign-on settings |
485 | 503 |
*/ |
486 |
$form['sso'] = array(
|
|
504 |
$form['sso'] = [
|
|
487 | 505 |
'#type' => 'fieldset', |
488 | 506 |
'#title' => t('Single Sign-On'), |
489 | 507 |
'#collapsible' => TRUE, |
490 |
'#collapsed' => (boolean)(!$this->ssoEnabled), |
|
491 |
);
|
|
508 |
'#collapsed' => (boolean) (!$this->ssoEnabled),
|
|
509 |
];
|
|
492 | 510 |
|
493 | 511 |
if ($this->ssoEnabled) { |
494 |
$form['sso']['enabled'] = array(
|
|
512 |
$form['sso']['enabled'] = [
|
|
495 | 513 |
'#type' => 'markup', |
496 | 514 |
'#markup' => $this->ssoEnabledDescription, |
497 |
);
|
|
515 |
];
|
|
498 | 516 |
} |
499 | 517 |
else { |
500 |
$form['sso']['disabled'] = array(
|
|
518 |
$form['sso']['disabled'] = [
|
|
501 | 519 |
'#type' => 'markup', |
502 | 520 |
'#markup' => '<p><em>' . t('LDAP Single Sign-On module must be enabled for options below to work.') |
503 | 521 |
. ' ' . t('It is currently disabled.') |
504 | 522 |
. ' ' . l(t('See modules form'), 'admin/modules') . '</p></em>', |
505 |
);
|
|
523 |
];
|
|
506 | 524 |
} |
507 | 525 |
|
508 |
$form['sso']['ssoRemoteUserStripDomainName'] = array(
|
|
526 |
$form['sso']['ssoRemoteUserStripDomainName'] = [
|
|
509 | 527 |
'#type' => 'checkbox', |
510 | 528 |
'#title' => t('Strip REMOTE_USER domain name'), |
511 | 529 |
'#description' => t($this->ssoRemoteUserStripDomainNameDescription), |
512 | 530 |
'#default_value' => $this->ssoRemoteUserStripDomainName, |
513 |
'#disabled' => (boolean)(!$this->ssoEnabled), |
|
514 |
);
|
|
531 |
'#disabled' => (boolean) (!$this->ssoEnabled),
|
|
532 |
];
|
|
515 | 533 |
|
516 |
$form['sso']['seamlessLogin'] = array(
|
|
534 |
$form['sso']['seamlessLogin'] = [
|
|
517 | 535 |
'#type' => 'checkbox', |
518 | 536 |
'#title' => t('Turn on automated/seamless single sign-on'), |
519 | 537 |
'#description' => t($this->seamlessLogInDescription), |
520 | 538 |
'#default_value' => $this->seamlessLogin, |
521 |
'#disabled' => (boolean)(!$this->ssoEnabled), |
|
522 |
);
|
|
539 |
'#disabled' => (boolean) (!$this->ssoEnabled),
|
|
540 |
];
|
|
523 | 541 |
|
524 |
$form['sso']['ssoNotifyAuthentication'] = array(
|
|
542 |
$form['sso']['ssoNotifyAuthentication'] = [
|
|
525 | 543 |
'#type' => 'checkbox', |
526 | 544 |
'#title' => t('Notify user of successful authentication'), |
527 | 545 |
'#description' => t($this->ssoNotifyAuthenticationDescription), |
528 | 546 |
'#default_value' => $this->ssoNotifyAuthentication, |
529 |
'#disabled' => (boolean)(!$this->ssoEnabled), |
|
530 |
);
|
|
547 |
'#disabled' => (boolean) (!$this->ssoEnabled),
|
|
548 |
];
|
|
531 | 549 |
|
532 |
$form['sso']['cookieExpire'] = array(
|
|
550 |
$form['sso']['cookieExpire'] = [
|
|
533 | 551 |
'#type' => 'select', |
534 | 552 |
'#title' => t('Cookie Lifetime'), |
535 | 553 |
'#description' => t($this->cookieExpireDescription), |
536 | 554 |
'#default_value' => $this->cookieExpire, |
537 | 555 |
'#options' => $this->cookieExpirePeriod, |
538 |
'#disabled' => (boolean)(!$this->ssoEnabled), |
|
539 |
);
|
|
556 |
'#disabled' => (boolean) (!$this->ssoEnabled),
|
|
557 |
];
|
|
540 | 558 |
|
541 |
$form['sso']['ldapImplementation'] = array(
|
|
559 |
$form['sso']['ldapImplementation'] = [
|
|
542 | 560 |
'#type' => 'select', |
543 | 561 |
'#title' => t('Authentication Mechanism'), |
544 | 562 |
'#description' => t($this->ldapImplementationDescription), |
545 | 563 |
'#default_value' => $this->ldapImplementation, |
546 | 564 |
'#options' => $this->ldapImplementationOptions, |
547 |
'#disabled' => (boolean)(!$this->ssoEnabled), |
|
548 |
);
|
|
565 |
'#disabled' => (boolean) (!$this->ssoEnabled),
|
|
566 |
];
|
|
549 | 567 |
|
550 |
$form['sso']['ssoExcludedPaths'] = array(
|
|
568 |
$form['sso']['ssoExcludedPaths'] = [
|
|
551 | 569 |
'#type' => 'textarea', |
552 | 570 |
'#title' => t('SSO Excluded Paths'), |
553 | 571 |
'#description' => t($this->ssoExcludedPathsDescription), |
554 | 572 |
'#default_value' => $this->arrayToLines($this->ssoExcludedPaths), |
555 |
'#disabled' => (boolean)(!$this->ssoEnabled), |
|
556 |
);
|
|
573 |
'#disabled' => (boolean) (!$this->ssoEnabled),
|
|
574 |
];
|
|
557 | 575 |
|
558 |
$form['sso']['ssoExcludedHosts'] = array(
|
|
576 |
$form['sso']['ssoExcludedHosts'] = [
|
|
559 | 577 |
'#type' => 'textarea', |
560 | 578 |
'#title' => t('SSO Excluded Hosts'), |
561 | 579 |
'#description' => t($this->ssoExcludedHostsDescription), |
562 | 580 |
'#default_value' => $this->arrayToLines($this->ssoExcludedHosts), |
563 |
'#disabled' => (boolean)(!$this->ssoEnabled), |
|
564 |
);
|
|
581 |
'#disabled' => (boolean) (!$this->ssoEnabled),
|
|
582 |
];
|
|
565 | 583 |
|
566 |
$form['submit'] = array(
|
|
584 |
$form['submit'] = [
|
|
567 | 585 |
'#type' => 'submit', |
568 | 586 |
'#value' => 'Save', |
569 |
);
|
|
587 |
];
|
|
570 | 588 |
|
571 |
return $form; |
|
572 |
} |
|
589 |
return $form;
|
|
590 |
}
|
|
573 | 591 |
|
574 |
/** |
|
575 |
* validate form, not object
|
|
576 |
*/ |
|
577 |
public function drupalFormValidate($values) {
|
|
592 |
/**
|
|
593 |
* Validate form, not object.
|
|
594 |
*/
|
|
595 |
public function drupalFormValidate($values) { |
|
578 | 596 |
|
579 | 597 |
$this->populateFromDrupalForm($values); |
580 | 598 |
|
... | ... | |
583 | 601 |
return $errors; |
584 | 602 |
} |
585 | 603 |
|
586 |
/** |
|
587 |
* validate object, not form
|
|
588 |
*/ |
|
604 |
/**
|
|
605 |
* Validate object, not form.
|
|
606 |
*/
|
|
589 | 607 |
public function validate() { |
590 |
$errors = array();
|
|
608 |
$errors = [];
|
|
591 | 609 |
|
592 | 610 |
$enabled_servers = ldap_servers_get_servers(NULL, 'enabled'); |
593 | 611 |
if ($this->ssoEnabled) { |
594 | 612 |
foreach ($this->sids as $sid => $discard) { |
595 | 613 |
if ($enabled_servers[$sid]->bind_method == LDAP_SERVERS_BIND_METHOD_USER || $enabled_servers[$sid]->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) { |
596 |
$methods = array(
|
|
614 |
$methods = [
|
|
597 | 615 |
LDAP_SERVERS_BIND_METHOD_USER => 'Bind with Users Credentials', |
598 | 616 |
LDAP_SERVERS_BIND_METHOD_ANON_USER => 'Anonymous Bind for search, then Bind with Users Credentials', |
599 |
);
|
|
600 |
$tokens = array(
|
|
617 |
];
|
|
618 |
$tokens = [
|
|
601 | 619 |
'!edit' => l($enabled_servers[$sid]->name, LDAP_SERVERS_INDEX_BASE_PATH . '/edit/' . $sid), |
602 | 620 |
'%sid' => $sid, |
603 | 621 |
'%bind_method' => $methods[$enabled_servers[$sid]->bind_method], |
604 |
);
|
|
622 |
];
|
|
605 | 623 |
|
606 | 624 |
$errors['ssoEnabled'] = t('Single Sign On is not valid with the server !edit (id=%sid) because that server configuration uses %bind_method. Since the user\'s credentials are never available to this module with single sign on enabled, there is no way for the ldap module to bind to the ldap server with credentials.', $tokens); |
607 | 625 |
} |
... | ... | |
610 | 628 |
return $errors; |
611 | 629 |
} |
612 | 630 |
|
631 |
/** |
|
632 |
* |
|
633 |
*/ |
|
613 | 634 |
protected function populateFromDrupalForm($values) { |
614 | 635 |
|
615 |
$this->authenticationMode = ($values['authenticationMode']) ? (int)$values['authenticationMode'] : NULL; |
|
636 |
$this->authenticationMode = ($values['authenticationMode']) ? (int) $values['authenticationMode'] : NULL;
|
|
616 | 637 |
$this->sids = $values['authenticationServers']; |
617 | 638 |
$this->allowOnlyIfTextInDn = $this->linesToArray($values['allowOnlyIfTextInDn']); |
618 | 639 |
$this->excludeIfTextInDn = $this->linesToArray($values['excludeIfTextInDn']); |
619 | 640 |
$this->allowTestPhp = $values['allowTestPhp']; |
620 |
$this->loginUIUsernameTxt = ($values['loginUIUsernameTxt']) ? (string)$values['loginUIUsernameTxt'] : NULL; |
|
621 |
$this->loginUIPasswordTxt = ($values['loginUIPasswordTxt']) ? (string)$values['loginUIPasswordTxt'] : NULL; |
|
622 |
$this->ldapUserHelpLinkUrl = ($values['ldapUserHelpLinkUrl']) ? (string)$values['ldapUserHelpLinkUrl'] : NULL; |
|
623 |
$this->ldapUserHelpLinkText = ($values['ldapUserHelpLinkText']) ? (string)$values['ldapUserHelpLinkText'] : NULL; |
|
624 |
$this->excludeIfNoAuthorizations = ($values['excludeIfNoAuthorizations']) ? (int)$values['excludeIfNoAuthorizations'] : NULL; |
|
625 |
$this->emailOption = ($values['emailOption']) ? (int)$values['emailOption'] : NULL;
|
|
626 |
$this->emailUpdate = ($values['emailUpdate']) ? (int)$values['emailUpdate'] : NULL;
|
|
627 |
$this->passwordOption = ($values['passwordOption']) ? (int)$values['passwordOption'] : NULL;
|
|
641 |
$this->loginUIUsernameTxt = ($values['loginUIUsernameTxt']) ? (string) $values['loginUIUsernameTxt'] : NULL;
|
|
642 |
$this->loginUIPasswordTxt = ($values['loginUIPasswordTxt']) ? (string) $values['loginUIPasswordTxt'] : NULL;
|
|
643 |
$this->ldapUserHelpLinkUrl = ($values['ldapUserHelpLinkUrl']) ? (string) $values['ldapUserHelpLinkUrl'] : NULL;
|
|
644 |
$this->ldapUserHelpLinkText = ($values['ldapUserHelpLinkText']) ? (string) $values['ldapUserHelpLinkText'] : NULL;
|
|
645 |
$this->excludeIfNoAuthorizations = ($values['excludeIfNoAuthorizations']) ? (int) $values['excludeIfNoAuthorizations'] : NULL;
|
|
646 |
$this->emailOption = ($values['emailOption']) ? (int) $values['emailOption'] : NULL;
|
|
647 |
$this->emailUpdate = ($values['emailUpdate']) ? (int) $values['emailUpdate'] : NULL;
|
|
648 |
$this->passwordOption = ($values['passwordOption']) ? (int) $values['passwordOption'] : NULL;
|
|
628 | 649 |
$this->ssoExcludedPaths = $this->linesToArray($values['ssoExcludedPaths']); |
629 | 650 |
$this->ssoExcludedHosts = $this->linesToArray($values['ssoExcludedHosts']); |
630 |
$this->ssoRemoteUserStripDomainName = ($values['ssoRemoteUserStripDomainName']) ? (int)$values['ssoRemoteUserStripDomainName'] : NULL; |
|
631 |
$this->seamlessLogin = ($values['seamlessLogin']) ? (int)$values['seamlessLogin'] : NULL; |
|
632 |
$this->ssoNotifyAuthentication = ($values['ssoNotifyAuthentication']) ? (int)$values['ssoNotifyAuthentication'] : NULL; |
|
633 |
$this->cookieExpire = ($values['cookieExpire']) ? (int)$values['cookieExpire'] : NULL; |
|
634 |
$this->ldapImplementation = ($values['ldapImplementation']) ? (string)$values['ldapImplementation'] : NULL; |
|
651 |
$this->ssoRemoteUserStripDomainName = ($values['ssoRemoteUserStripDomainName']) ? (int) $values['ssoRemoteUserStripDomainName'] : NULL;
|
|
652 |
$this->seamlessLogin = ($values['seamlessLogin']) ? (int) $values['seamlessLogin'] : NULL;
|
|
653 |
$this->ssoNotifyAuthentication = ($values['ssoNotifyAuthentication']) ? (int) $values['ssoNotifyAuthentication'] : NULL;
|
|
654 |
$this->cookieExpire = ($values['cookieExpire']) ? (int) $values['cookieExpire'] : NULL;
|
|
655 |
$this->ldapImplementation = ($values['ldapImplementation']) ? (string) $values['ldapImplementation'] : NULL;
|
|
635 | 656 |
$this->emailTemplateHandling = ($values['emailTemplateHandling']) ? (int) $values['emailTemplateHandling'] : NULL; |
636 | 657 |
$this->emailTemplate = ($values['emailTemplate']) ? $values['emailTemplate'] : ''; |
637 | 658 |
$this->templateUsagePromptUser = ($values['templateUsagePromptUser']) ? 1 : 0; |
... | ... | |
641 | 662 |
$this->templateUsageNeverUpdate = ($values['templateUsageNeverUpdate']) ? 1 : 0; |
642 | 663 |
} |
643 | 664 |
|
665 |
/** |
|
666 |
* |
|
667 |
*/ |
|
644 | 668 |
public function drupalFormSubmit($values) { |
645 | 669 |
|
646 | 670 |
$this->populateFromDrupalForm($values); |
... | ... | |
655 | 679 |
|
656 | 680 |
} |
657 | 681 |
|
682 |
/** |
|
683 |
* |
|
684 |
*/ |
|
658 | 685 |
protected function arrayToLines($array) { |
659 |
$lines = "";
|
|
660 |
if (is_array($array)) {
|
|
661 |
$lines = join("\n", $array);
|
|
662 |
}
|
|
663 |
elseif (is_array(@unserialize($array))) {
|
|
664 |
$lines = join("\n", unserialize($array));
|
|
665 |
}
|
|
666 |
return $lines;
|
|
667 |
}
|
|
686 |
$lines = ""; |
|
687 |
if (is_array($array)) { |
|
688 |
$lines = join("\n", $array); |
|
689 |
} |
|
690 |
elseif (is_array(@unserialize($array))) { |
|
691 |
$lines = join("\n", unserialize($array)); |
|
692 |
} |
|
693 |
return $lines; |
|
694 |
} |
|
668 | 695 |
|
696 |
/** |
|
697 |
* |
|
698 |
*/ |
|
669 | 699 |
protected function linesToArray($lines) { |
670 | 700 |
$lines = trim($lines); |
671 | 701 |
|
... | ... | |
676 | 706 |
} |
677 | 707 |
} |
678 | 708 |
else { |
679 |
$array = array();
|
|
709 |
$array = [];
|
|
680 | 710 |
} |
681 | 711 |
return $array; |
682 | 712 |
} |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.admin.inc | ||
---|---|---|
6 | 6 |
*/ |
7 | 7 |
|
8 | 8 |
/** |
9 |
* form for adding, updating, and deleting a single ldap authorization mapping |
|
9 |
* Form for adding, updating, and deleting a single ldap authorization mapping. |
|
10 |
* |
|
11 |
* @param mixed $form |
|
12 |
* @param mixed $form_state |
|
10 | 13 |
* |
11 |
* @param <type> $form |
|
12 |
* @param <type> $form_state |
|
13 | 14 |
* @return array drupal form array |
14 | 15 |
*/ |
15 | 16 |
function ldap_authentication_admin_form($form, &$form_state) { |
16 |
ldap_servers_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConfAdmin.class');
|
|
17 |
$auth_conf = new LdapAuthenticationConfAdmin();
|
|
18 |
return $auth_conf->drupalForm();
|
|
17 |
ldap_servers_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConfAdmin.class'); |
|
18 |
$auth_conf = new LdapAuthenticationConfAdmin(); |
|
19 |
return $auth_conf->drupalForm(); |
|
19 | 20 |
} |
20 | 21 |
|
21 |
|
|
22 | 22 |
/** |
23 |
* validate handler for the ldap_authentication_admin_form
|
|
23 |
* Validate handler for the ldap_authentication_admin_form.
|
|
24 | 24 |
*/ |
25 | 25 |
function ldap_authentication_admin_form_validate($form, &$form_state) { |
26 | 26 |
|
... | ... | |
33 | 33 |
|
34 | 34 |
} |
35 | 35 |
|
36 |
|
|
37 | 36 |
/** |
38 |
* submit handler function for ldap_authentication_admin_form
|
|
37 |
* Submit handler function for ldap_authentication_admin_form.
|
|
39 | 38 |
*/ |
40 |
|
|
41 | 39 |
function ldap_authentication_admin_form_submit($form, &$form_state) { |
42 | 40 |
|
43 | 41 |
ldap_servers_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConfAdmin.class'); |
44 | 42 |
$auth_conf = new LdapAuthenticationConfAdmin(); |
45 |
$auth_conf->drupalFormSubmit($form_state['values']); // add form data to object and save or create |
|
43 |
// Add form data to object and save or create. |
|
44 |
$auth_conf->drupalFormSubmit($form_state['values']); |
|
46 | 45 |
if (!$auth_conf->hasEnabledAuthenticationServers()) { |
47 | 46 |
drupal_set_message(t('No LDAP servers are enabled for authentication, |
48 | 47 |
so no LDAP Authentication can take place. This essentially disables |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* ldap_authentication helper functions
|
|
5 |
* Ldap_authentication helper functions.
|
|
6 | 6 |
*/ |
7 | 7 |
|
8 | 8 |
/** |
9 |
* helper function for ldap_authn_form_user_login_block_alter and ldap_authn_form_user_login_alter
|
|
10 |
*
|
|
11 |
* @todo if form is being generated on non https and is set in preferences, set warning and end form development
|
|
12 |
*/
|
|
9 |
* Helper function for ldap_authn_form_user_login_block_alter and ldap_authn_form_user_login_alter.
|
|
10 |
* |
|
11 |
* @todo if form is being generated on non https and is set in preferences, set warning and end form development |
|
12 |
*/ |
|
13 | 13 |
function _ldap_authentication_login_form_alter(&$form, &$form_state, $form_id) { |
14 | 14 |
|
15 | 15 |
if (!$auth_conf = ldap_authentication_get_valid_conf()) { |
... | ... | |
42 | 42 |
|
43 | 43 |
if ($form_id == 'user_login_block') { |
44 | 44 |
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL); |
45 |
$vars = array(
|
|
45 |
$vars = [
|
|
46 | 46 |
'show_reset_pwd' => ldap_authentication_show_reset_pwd(), |
47 | 47 |
'auth_conf' => $auth_conf, |
48 |
);
|
|
48 |
];
|
|
49 | 49 |
|
50 | 50 |
$form['links']['#markup'] = theme('ldap_authentication_user_login_block_links', $vars); |
51 | 51 |
} |
52 | 52 |
|
53 |
// Add help information for entering in username/password |
|
53 |
// Add help information for entering in username/password.
|
|
54 | 54 |
$auth_conf = ldap_authentication_get_valid_conf(); |
55 | 55 |
if ($auth_conf) { |
56 | 56 |
if (isset($auth_conf->loginUIUsernameTxt)) { |
... | ... | |
65 | 65 |
} |
66 | 66 |
} |
67 | 67 |
|
68 |
|
|
69 |
|
|
70 | 68 |
/** |
71 |
* alter user editing form (profile form) based on ldap authentication configuration |
|
72 |
* |
|
73 |
* @param array $form array from user profile |
|
74 |
* @param array $form_state from user profile |
|
75 |
* |
|
76 |
* @return NULL (alters $form by reference) |
|
77 |
*/ |
|
69 |
* Alter user editing form (profile form) based on ldap authentication configuration. |
|
70 |
* |
|
71 |
* @param array $form |
|
72 |
* array from user profile. |
|
73 |
* @param array $form_state |
|
74 |
* from user profile. |
|
75 |
* |
|
76 |
* @return NULL (alters $form by reference) |
|
77 |
*/ |
|
78 | 78 |
function _ldap_authentication_form_user_profile_form_alter(&$form, $form_state) { |
79 |
// keep in mind admin may be editing another users profile form. don't assume current global $user
|
|
79 |
// Keep in mind admin may be editing another users profile form. don't assume current global $user.
|
|
80 | 80 |
$auth_conf = ldap_authentication_get_valid_conf(); |
81 | 81 |
if ($auth_conf && ldap_authentication_ldap_authenticated($form['#user'])) { |
82 | 82 |
if ($auth_conf->emailOption == LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE) { |
... | ... | |
87 | 87 |
$form['account']['mail']['#description'] = t('This email address is automatically set and may not be changed.'); |
88 | 88 |
} |
89 | 89 |
elseif ($auth_conf->emailOption == LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW) { |
90 |
// email field is functional
|
|
90 |
// Email field is functional.
|
|
91 | 91 |
} |
92 | 92 |
|
93 | 93 |
if (!ldap_authentication_show_reset_pwd($form['#user'])) { |
94 | 94 |
/** If passwordOption = LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE then don't show the password fields, |
95 |
otherwise show the fields but in a disabled state. |
|
95 |
* otherwise show the fields but in a disabled state.
|
|
96 | 96 |
*/ |
97 |
switch ($auth_conf->passwordOption) { |
|
98 |
|
|
99 |
case LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE: |
|
100 |
$form['account']['current_pass']['#access'] = FALSE; |
|
101 |
$form['account']['pass']['#access'] = FALSE; |
|
102 |
break; |
|
103 |
|
|
104 |
case LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW: |
|
105 |
// Show in a disabled state since ldap_authentication_show_reset_pwd() has returned FALSE |
|
106 |
$form['account']['current_pass']['#disabled'] = TRUE; |
|
107 |
if ($auth_conf->ldapUserHelpLinkUrl) { |
|
108 |
$form['account']['current_pass']['#description'] = l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl); |
|
109 |
} |
|
110 |
else { |
|
111 |
$form['account']['current_pass']['#description'] = t('The password cannot be changed using this website'); |
|
112 |
} |
|
113 |
$form['account']['pass']['#disabled'] = TRUE; |
|
114 |
break; |
|
97 |
switch ($auth_conf->passwordOption) { |
|
98 |
|
|
99 |
case LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE: |
|
100 |
$form['account']['current_pass']['#access'] = FALSE; |
|
101 |
$form['account']['pass']['#access'] = FALSE; |
|
102 |
break; |
|
103 |
|
|
104 |
case LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW: |
|
105 |
// Show in a disabled state since ldap_authentication_show_reset_pwd() has returned FALSE. |
Formats disponibles : Unified diff
Weekly update of contrib modules