Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.module | ||
---|---|---|
54 | 54 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS', 5); |
55 | 55 |
define('LDAP_AUTHENTICATION_RESULT_SUCCESS', 6); |
56 | 56 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC', 7); |
57 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_SERVER' , 8);
|
|
57 |
define('LDAP_AUTHENTICATION_RESULT_FAIL_SERVER', 8); |
|
58 | 58 |
|
59 | 59 |
define('LDAP_AUTHENTICATION_ACCT_CREATION_DEFAULT', 4); |
60 | 60 |
define('LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP', 1); |
... | ... | |
62 | 62 |
|
63 | 63 |
define('LDAP_AUTHENTICATION_HELP_LINK_TEXT_DEFAULT', 'Logon Help'); |
64 | 64 |
|
65 |
define('LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG' , 'The site logon is currently not working due to a configuration error. Please see logs for additional details.');
|
|
65 |
define('LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG', 'The site logon is currently not working due to a configuration error. Please see logs for additional details.'); |
|
66 | 66 |
define('LDAP_AUTHENTICATION_COOKIE_EXPIRE', 0); |
67 | 67 |
|
68 | 68 |
define('LDAP_AUTHENTICATION_REDIRECT_ON_LOGIN_DEFAULT', 0); |
... | ... | |
71 | 71 |
* Implements hook_menu(). |
72 | 72 |
*/ |
73 | 73 |
function ldap_authentication_menu() { |
74 |
$items = array();
|
|
74 |
$items = [];
|
|
75 | 75 |
|
76 |
$items['user/ldap-profile-update'] = array(
|
|
76 |
$items['user/ldap-profile-update'] = [
|
|
77 | 77 |
'title' => 'Update Profile', |
78 | 78 |
'page callback' => 'drupal_get_form', |
79 |
'page arguments' => array('ldap_authentication_profile_update_form'),
|
|
79 |
'page arguments' => ['ldap_authentication_profile_update_form'],
|
|
80 | 80 |
'access callback' => TRUE, |
81 | 81 |
'type' => MENU_CALLBACK, |
82 | 82 |
'file' => 'ldap_authentication.pages.inc', |
83 |
);
|
|
83 |
];
|
|
84 | 84 |
|
85 |
$items['admin/config/people/ldap/authentication'] = array(
|
|
85 |
$items['admin/config/people/ldap/authentication'] = [
|
|
86 | 86 |
'title' => 'Authentication', |
87 | 87 |
'description' => 'Configure LDAP Authentication', |
88 | 88 |
'page callback' => 'drupal_get_form', |
89 |
'page arguments' => array('ldap_authentication_admin_form'),
|
|
90 |
'access arguments' => array('administer site configuration'),
|
|
89 |
'page arguments' => ['ldap_authentication_admin_form'],
|
|
90 |
'access arguments' => ['administer site configuration'],
|
|
91 | 91 |
'type' => MENU_LOCAL_TASK, |
92 | 92 |
'weight' => 3, |
93 | 93 |
'file' => 'ldap_authentication.admin.inc', |
94 |
);
|
|
94 |
];
|
|
95 | 95 |
|
96 | 96 |
return $items; |
97 | 97 |
} |
98 | 98 |
|
99 |
/**
|
|
99 |
/** |
|
100 | 100 |
* Implements hook_menu_alter(). |
101 | 101 |
* since menu items are cached, only useful to add or alter callbacks |
102 | 102 |
* for ldap authentication driven menu items. |
103 |
* |
|
104 | 103 |
*/ |
105 | 104 |
function ldap_authentication_menu_alter(&$items) { |
106 | 105 |
ldap_servers_module_load_include('inc', 'ldap_authentication', 'ldap_authentication'); |
107 | 106 |
$items['user/password']['access callback'] = 'ldap_authentication_show_reset_pwd'; |
108 | 107 |
$auth_conf = ldap_authentication_get_valid_conf(); |
109 | 108 |
if (@$auth_conf->ldapUserHelpLinkUrl) { |
110 |
$items['user/ldaphelp'] = array(
|
|
109 |
$items['user/ldaphelp'] = [
|
|
111 | 110 |
'title' => $auth_conf->ldapUserHelpLinkText, |
112 | 111 |
'page callback' => 'drupal_goto', |
113 |
'page arguments' => array($auth_conf->ldapUserHelpLinkUrl),
|
|
112 |
'page arguments' => [$auth_conf->ldapUserHelpLinkUrl],
|
|
114 | 113 |
'access callback' => 'ldap_authentication_show_ldap_help_link', |
115 | 114 |
'type' => MENU_LOCAL_TASK, |
116 |
);
|
|
115 |
];
|
|
117 | 116 |
} |
118 | 117 |
} |
119 | 118 |
|
... | ... | |
121 | 120 |
* Implements hook_theme(). |
122 | 121 |
*/ |
123 | 122 |
function ldap_authentication_theme() { |
124 |
return array(
|
|
125 |
'ldap_authentication_user_login_block_links' => array(
|
|
126 |
'variables' => array('ldap_user_help_link' => NULL, 'user_register' => TRUE),
|
|
123 |
return [
|
|
124 |
'ldap_authentication_user_login_block_links' => [
|
|
125 |
'variables' => ['ldap_user_help_link' => NULL, 'user_register' => TRUE],
|
|
127 | 126 |
'render element' => 'element', |
128 |
'file' => 'ldap_authentication.theme.inc' |
|
129 |
),
|
|
130 |
'ldap_authentication_user_pass_message' => array(
|
|
131 |
'variables' => array('show_reset_pwd' => NULL, 'auth_conf' => TRUE),
|
|
127 |
'file' => 'ldap_authentication.theme.inc',
|
|
128 |
],
|
|
129 |
'ldap_authentication_user_pass_message' => [
|
|
130 |
'variables' => ['show_reset_pwd' => NULL, 'auth_conf' => TRUE],
|
|
132 | 131 |
'render element' => 'element', |
133 |
'file' => 'ldap_authentication.theme.inc' |
|
134 |
),
|
|
135 |
'ldap_authentication_user_pass_validate_ldap_authenticated' => array(
|
|
136 |
'variables' => array('account' => NULL, 'auth_conf' => TRUE),
|
|
132 |
'file' => 'ldap_authentication.theme.inc',
|
|
133 |
],
|
|
134 |
'ldap_authentication_user_pass_validate_ldap_authenticated' => [
|
|
135 |
'variables' => ['account' => NULL, 'auth_conf' => TRUE],
|
|
137 | 136 |
'render element' => 'element', |
138 |
'file' => 'ldap_authentication.theme.inc' |
|
139 |
),
|
|
140 |
'ldap_authentication_login_message' => array(
|
|
137 |
'file' => 'ldap_authentication.theme.inc',
|
|
138 |
],
|
|
139 |
'ldap_authentication_login_message' => [
|
|
141 | 140 |
'render element' => 'element', |
142 |
'variables' => array('message' => NULL),
|
|
143 |
'file' => 'ldap_authentication.theme.inc' |
|
144 |
),
|
|
145 |
'ldap_authentication_message_not_found' => array(
|
|
141 |
'variables' => ['message' => NULL],
|
|
142 |
'file' => 'ldap_authentication.theme.inc',
|
|
143 |
],
|
|
144 |
'ldap_authentication_message_not_found' => [
|
|
146 | 145 |
'render element' => 'element', |
147 |
'variables' => array('message' => NULL),
|
|
148 |
'file' => 'ldap_authentication.theme.inc' |
|
149 |
),
|
|
150 |
'ldap_authentication_message_not_authenticated' => array(
|
|
146 |
'variables' => ['message' => NULL],
|
|
147 |
'file' => 'ldap_authentication.theme.inc',
|
|
148 |
],
|
|
149 |
'ldap_authentication_message_not_authenticated' => [
|
|
151 | 150 |
'render element' => 'element', |
152 |
'variables' => array('message' => NULL),
|
|
153 |
'file' => 'ldap_authentication.theme.inc' |
|
154 |
),
|
|
155 |
);
|
|
151 |
'variables' => ['message' => NULL],
|
|
152 |
'file' => 'ldap_authentication.theme.inc',
|
|
153 |
],
|
|
154 |
];
|
|
156 | 155 |
} |
157 | 156 |
|
158 |
|
|
159 | 157 |
/** |
160 | 158 |
* Implements hook_help(). |
161 | 159 |
*/ |
162 |
|
|
163 | 160 |
function ldap_authentication_help($path, $arg) { |
164 | 161 |
|
165 | 162 |
$authentication_help = t('LDAP authentication allows authentication against an LDAP server. It |
166 | 163 |
may be used alongside other authentication means such as built in Drupal authentication, |
167 | 164 |
open id, etc. More detailed help is available on drupal.org at !helplink.', |
168 |
array(
|
|
165 |
[
|
|
169 | 166 |
'!helplink' => l(LDAP_SERVERS_DRUPAL_HELP_URL, LDAP_SERVERS_DRUPAL_HELP_URL), |
170 |
));
|
|
167 |
]);
|
|
171 | 168 |
|
172 | 169 |
switch ($path) { |
173 | 170 |
case 'admin/config/people/ldap/authentication': |
... | ... | |
187 | 184 |
* Currently this only checks if mail is valid or not according to the |
188 | 185 |
* authentication settings. |
189 | 186 |
* |
190 |
* @return boolean
|
|
187 |
* @return bool |
|
191 | 188 |
* TRUE if the user's profile is valid, otherwise FALSE. |
192 |
* |
|
193 | 189 |
*/ |
194 | 190 |
function _ldap_authentication_verify_user_profile() { |
195 | 191 |
global $user; |
196 | 192 |
$result = TRUE; |
197 | 193 |
// We only want non-anonymous and non-1 users. |
198 | 194 |
if ($user->uid > 1) { |
199 |
// we store the value in the session for speed.
|
|
195 |
// We store the value in the session for speed.
|
|
200 | 196 |
if (isset($_SESSION['ldap_authentication_template']) && |
201 | 197 |
isset($_SESSION['ldap_authentication_template']['verify_user_profile'])) { |
202 | 198 |
return $_SESSION['ldap_authentication_template']['verify_user_profile']; |
... | ... | |
207 | 203 |
if (preg_match($regex, $user->mail)) { |
208 | 204 |
$result = FALSE; |
209 | 205 |
} |
210 |
$_SESSION['ldap_authentication_template'] = array(
|
|
206 |
$_SESSION['ldap_authentication_template'] = [
|
|
211 | 207 |
'verify_user_profile' => $result, |
212 |
);
|
|
208 |
];
|
|
213 | 209 |
} |
214 | 210 |
} |
215 | 211 |
return $result; |
... | ... | |
232 | 228 |
if (!_ldap_authentication_verify_user_profile()) { |
233 | 229 |
$url = 'user/ldap-profile-update'; |
234 | 230 |
$cp = current_path(); |
235 |
// avoid redirects on these two pages.
|
|
231 |
// Avoid redirects on these two pages.
|
|
236 | 232 |
if ($cp != $url && $cp != 'user/logout') { |
237 | 233 |
if (isset($_GET['destination'])) { |
238 | 234 |
unset($_GET['destination']); |
239 | 235 |
} |
240 |
drupal_goto($url, array(
|
|
241 |
'query' => array(
|
|
236 |
drupal_goto($url, [
|
|
237 |
'query' => [
|
|
242 | 238 |
'next' => current_path(), |
243 |
),
|
|
244 |
));
|
|
239 |
],
|
|
240 |
]);
|
|
245 | 241 |
} |
246 | 242 |
} |
247 | 243 |
} |
... | ... | |
260 | 256 |
return $info; |
261 | 257 |
} |
262 | 258 |
|
263 |
|
|
264 | 259 |
/** |
265 | 260 |
* Determines if the passed user has a valid authmap record. |
266 | 261 |
* |
267 | 262 |
* @param object $user |
268 | 263 |
* A drupal user account. |
269 | 264 |
* |
270 |
* @return boolean
|
|
271 |
* true if user is recorded as ldap authenticated and identified (ldap_authentified)
|
|
265 |
* @return bool |
|
266 |
* true if user is recorded as ldap authenticated and identified (ldap_authentified) |
|
272 | 267 |
*/ |
273 | 268 |
function ldap_authentication_ldap_authenticated($user) { |
274 | 269 |
if (!is_object($user) || $user->uid == 0) { |
... | ... | |
284 | 279 |
* A user access callback for using the single sign-on URL, denying access to |
285 | 280 |
* authenticated users, and granting access to anonymous users and menu |
286 | 281 |
* administrators viewing the menu item. |
287 |
* |
|
288 | 282 |
*/ |
289 | 283 |
function _ldap_authentication_user_access() { |
290 |
return (boolean)(!$GLOBALS['user']->uid || !empty($GLOBALS['menu_admin'])); |
|
284 |
return (boolean) (!$GLOBALS['user']->uid || !empty($GLOBALS['menu_admin']));
|
|
291 | 285 |
} |
292 | 286 |
|
293 |
|
|
294 |
|
|
295 | 287 |
/** |
296 |
* get LdapAuthenticationConf object
|
|
288 |
* Get LdapAuthenticationConf object.
|
|
297 | 289 |
* |
298 | 290 |
* @return object LdapAuthenticationConf object if configured, otherwise FALSE |
299 |
* |
|
300 | 291 |
*/ |
301 |
|
|
302 | 292 |
function ldap_authentication_get_valid_conf($reset = FALSE) { |
303 | 293 |
|
304 | 294 |
static $auth_conf; |
... | ... | |
317 | 307 |
*/ |
318 | 308 |
function ldap_authentication_ldap_server_in_use($sid, $server_name) { |
319 | 309 |
|
320 |
$use_warnings = array();
|
|
310 |
$use_warnings = [];
|
|
321 | 311 |
$auth_conf = ldap_authentication_get_valid_conf(); |
322 | 312 |
if ($auth_conf && in_array($sid, array_keys($auth_conf->sids)) && !empty($auth_conf->sids[$sid])) { |
323 | 313 |
$use_warnings[] = t('This server (%server_name) may not be deleted or |
324 | 314 |
disabled because it is being used for ldap authentication.', |
325 |
array('%server_name' => $server_name));
|
|
315 |
['%server_name' => $server_name]);
|
|
326 | 316 |
} |
327 | 317 |
return $use_warnings; |
328 | 318 |
} |
329 | 319 |
|
320 |
/** |
|
321 |
* |
|
322 |
*/ |
|
330 | 323 |
function ldap_authentication_show_reset_pwd($user = NULL) { |
331 | 324 |
|
332 | 325 |
if (!$user) { |
... | ... | |
334 | 327 |
} |
335 | 328 |
$auth_conf = ldap_authentication_get_valid_conf(); |
336 | 329 |
// Hide user/password form if ldap authentication is required and deny access |
337 |
// to users without ldap authorizations is enabled |
|
330 |
// to users without ldap authorizations is enabled.
|
|
338 | 331 |
if ($user->uid == 1 || !$auth_conf || (current_path() == 'user/password' && $auth_conf->authenticationMode != LDAP_AUTHENTICATION_EXCLUSIVE)) { |
339 | 332 |
return TRUE; |
340 |
// always show at user/passwordurl. otherwise user 1 will not be able to reset password.
|
|
333 |
// Always show at user/passwordurl. otherwise user 1 will not be able to reset password.
|
|
341 | 334 |
} |
342 | 335 |
|
343 | 336 |
if ($user->uid == 0) { |
344 |
// hide reset password for anonymous users if ldap only authentication and password updates are disabled, otherwise show
|
|
337 |
// Hide reset password for anonymous users if ldap only authentication and password updates are disabled, otherwise show.
|
|
345 | 338 |
if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) { |
346 | 339 |
if ($auth_conf->passwordOption == LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW) { |
347 | 340 |
return TRUE; |
... | ... | |
351 | 344 |
return TRUE; |
352 | 345 |
} |
353 | 346 |
else { |
354 |
// authenticated user. hide if ldap authenticated and updating password is
|
|
347 |
// Authenticated user. hide if ldap authenticated and updating password is
|
|
355 | 348 |
// not allowed, otherwise show. |
356 | 349 |
if (ldap_authentication_ldap_authenticated($user)) { |
357 | 350 |
if ($auth_conf->passwordOption == LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW) { |
... | ... | |
364 | 357 |
|
365 | 358 |
} |
366 | 359 |
|
367 |
|
|
368 | 360 |
/** |
369 | 361 |
* Implements hook_form_FORM_ID_alter(). |
370 | 362 |
*/ |
371 |
|
|
372 | 363 |
function ldap_authentication_form_user_pass_alter(&$form, $form_state) { |
373 |
// the following could be in a theme preproces function
|
|
364 |
// The following could be in a theme preproces function.
|
|
374 | 365 |
$auth_conf = ldap_authentication_get_valid_conf(); |
375 |
$form['ldap_warning'] = array(
|
|
376 |
'#type' => 'item',
|
|
377 |
'#markup' => theme('ldap_authentication_user_pass_message', array('auth_conf' => $auth_conf)),
|
|
378 |
'#weight' => 10,
|
|
379 |
);
|
|
366 |
$form['ldap_warning'] = [
|
|
367 |
'#type' => 'item', |
|
368 |
'#markup' => theme('ldap_authentication_user_pass_message', ['auth_conf' => $auth_conf]),
|
|
369 |
'#weight' => 10, |
|
370 |
];
|
|
380 | 371 |
|
381 |
// need to insert before user_pass_validate
|
|
372 |
// Need to insert before user_pass_validate.
|
|
382 | 373 |
array_unshift($form['#validate'], 'ldap_authentication_user_pass_validate'); |
383 | 374 |
} |
384 | 375 |
|
385 |
|
|
386 | 376 |
/** |
387 | 377 |
* A validate handler on the login form. Check supplied username/password |
388 | 378 |
* against local users table. If successful, $form_state['uid'] |
... | ... | |
397 | 387 |
user_login_authenticate_validate($form, $form_state); |
398 | 388 |
} |
399 | 389 |
|
400 |
|
|
390 |
/** |
|
391 |
* |
|
392 |
*/ |
|
401 | 393 |
function ldap_authentication_user_pass_validate(&$form_state) { |
402 | 394 |
$name_or_mail = trim($form_state['name']['#value']); |
403 | 395 |
if ($account = user_load_by_mail($name_or_mail)) { |
... | ... | |
408 | 400 |
} |
409 | 401 |
|
410 | 402 |
if (ldap_authentication_ldap_authenticated($account)) { |
411 |
$vars = array(
|
|
403 |
$vars = [
|
|
412 | 404 |
'account' => $account, |
413 | 405 |
'auth_conf' => ldap_authentication_get_valid_conf(), |
414 |
);
|
|
406 |
];
|
|
415 | 407 |
$error = TRUE; |
416 | 408 |
if (is_object($vars['auth_conf'])) { |
417 | 409 |
if ($vars['auth_conf']->passwordOption == LDAP_AUTHENTICATION_PASSWORD_FIELD_ALLOW) { |
... | ... | |
424 | 416 |
} |
425 | 417 |
} |
426 | 418 |
|
427 |
|
|
428 | 419 |
/** |
429 |
* Implements hook_form_FORM_ID_alter(). for user_profile_form |
|
420 |
* Implements hook_form_FORM_ID_alter(). for user_profile_form.
|
|
430 | 421 |
*/ |
431 | 422 |
function ldap_authentication_form_user_profile_form_alter(&$form, $form_state) { |
432 | 423 |
ldap_servers_module_load_include('inc', 'ldap_authentication', 'ldap_authentication'); |
... | ... | |
434 | 425 |
|
435 | 426 |
} |
436 | 427 |
|
437 |
|
|
438 | 428 |
/** |
439 |
* Implements hook_form_FORM_ID_alter(). for user_login |
|
429 |
* Implements hook_form_FORM_ID_alter(). for user_login.
|
|
440 | 430 |
*/ |
441 | 431 |
function ldap_authentication_form_user_login_alter(&$form, &$form_state) { |
442 | 432 |
ldap_servers_module_load_include('inc', 'ldap_authentication', 'ldap_authentication'); |
... | ... | |
445 | 435 |
} |
446 | 436 |
|
447 | 437 |
/** |
448 |
* Implements hook_form_FORM_ID_alter(). for user_login_block |
|
438 |
* Implements hook_form_FORM_ID_alter(). for user_login_block.
|
|
449 | 439 |
*/ |
450 | 440 |
function ldap_authentication_form_user_login_block_alter(&$form, &$form_state) { |
451 | 441 |
ldap_servers_module_load_include('inc', 'ldap_authentication', 'ldap_authentication'); |
... | ... | |
454 | 444 |
} |
455 | 445 |
|
456 | 446 |
/** |
457 |
* validate function for user logon forms.
|
|
447 |
* Validate function for user logon forms.
|
|
458 | 448 |
*/ |
459 | 449 |
function ldap_authentication_user_login_authenticate_validate($form, &$form_state, $return_user = FALSE) { |
460 | 450 |
ldap_servers_module_load_include('inc', 'ldap_authentication', 'ldap_authentication'); |
461 | 451 |
return _ldap_authentication_user_login_authenticate_validate($form_state, $return_user); |
462 | 452 |
} |
463 | 453 |
|
464 |
|
|
465 | 454 |
/** |
466 | 455 |
* Implements hook_user_presave(). |
467 | 456 |
* A user account is about to be created or updated. |
468 | 457 |
*/ |
469 |
|
|
470 | 458 |
function ldap_authentication_user_presave(&$edit, $account, $category = NULL) { |
471 | 459 |
|
472 | 460 |
} |
473 | 461 |
|
474 |
|
|
475 | 462 |
/** |
476 | 463 |
* Implements hook_user_insert(). |
477 | 464 |
* |
478 | 465 |
* A user account was created. |
479 | 466 |
* The module should save its custom additions to the user object into the database. |
480 | 467 |
*/ |
481 |
|
|
482 | 468 |
function ldap_authentication_user_insert(&$edit, $account, $category) { |
483 | 469 |
|
484 | 470 |
} |
485 | 471 |
|
486 |
|
|
487 | 472 |
/** |
488 | 473 |
* Implements hook_user_update(). |
489 | 474 |
* |
490 | 475 |
* A user account was updated. |
491 | 476 |
* Modules may use this hook to update their user data in a custom storage after a user account has been updated. |
492 | 477 |
*/ |
493 |
|
|
494 |
|
|
495 | 478 |
function ldap_authentication_user_update($edit, $user, $category) { |
496 | 479 |
|
497 | 480 |
} |
498 | 481 |
|
482 |
/** |
|
483 |
* |
|
484 |
*/ |
|
499 | 485 |
function ldap_authentication_show_ldap_help_link($user = NULL) { |
500 | 486 |
global $user; |
501 | 487 |
|
Formats disponibles : Unified diff
Weekly update of contrib modules