Project

General

Profile

Paste
Download (12.7 KB) Statistics
| Branch: | Revision:

root / drupal7 / sites / all / modules / cas / cas.install @ 38c269d5

1
<?php
2

    
3
/**
4
 * @file
5
 * Installation hooks for the CAS module.
6
 */
7

    
8
/**
9
 * Implements hook_schema().
10
 */
11
function cas_schema() {
12
  $schema = array();
13

    
14
  $schema['cas_login_data'] = array(
15
    'description' => 'Stores CAS session information.',
16
    'fields' => array(
17
      'cas_session_id' => array(
18
        'description' => 'CAS session ID',
19
        'type' => 'varchar',
20
        'length' => 255,
21
        'not null' => TRUE,
22
        'default' => '',
23
      ),
24
      'uid' => array(
25
        'description' => 'The {users}.uid associated with the CAS session.',
26
        'type' => 'int',
27
        'unsigned' => TRUE,
28
        'not null' => TRUE,
29
      ),
30
      'created' => array(
31
        'type' => 'int',
32
        'not null' => TRUE,
33
        'default' => 0,
34
        'description' => 'Timestamp when this record was created.',
35
      ),
36
    ),
37
    'primary key' => array('cas_session_id'),
38
  );
39

    
40
  $schema['cas_user'] = array(
41
    'description' => 'Stores CAS authentication mapping.',
42
    'fields' => array(
43
      'aid' => array(
44
        'description' => 'Primary Key: Unique authmap ID.',
45
        'type' => 'serial',
46
        'unsigned' => TRUE,
47
        'not null' => TRUE,
48
      ),
49
      'uid' => array(
50
        'type' => 'int',
51
        'not null' => TRUE,
52
        'default' => 0,
53
        'description' => "User's {users}.uid.",
54
      ),
55
      'cas_name' => array(
56
        'type' => 'varchar',
57
        'length' => 128,
58
        'not null' => TRUE,
59
        'default' => '',
60
        'description' => 'Unique authentication name.',
61
      ),
62
    ),
63
    'unique keys' => array(
64
      'cas_name' => array('cas_name'),
65
    ),
66

    
67
    'indexes' => array('cas_user' => array('uid')),
68
    'primary key' => array('aid'),
69
    'foreign keys' => array(
70
      'user' => array(
71
        'table' => 'users',
72
        'columns' => array('uid' => 'uid'),
73
      ),
74
    ),
75
  );
76

    
77
  return $schema;
78
}
79

    
80
/**
81
 * Implements hook_uninstall().
82
 */
83
function cas_uninstall() {
84
  // Delete variables.
85
  variable_del('cas_access');
86
  variable_del('cas_allow_rememberme');
87
  variable_del('cas_authmap');
88
  variable_del('cas_auto_assigned_role');
89
  variable_del('cas_cert');
90
  variable_del('cas_changePasswordURL');
91
  variable_del('cas_check_frequency');
92
  variable_del('cas_debugfile');
93
  variable_del('cas_domain');
94
  variable_del('cas_exclude');
95
  variable_del('cas_first_login_destination');
96
  variable_del('cas_hide_email');
97
  variable_del('cas_hide_password');
98
  variable_del('cas_library_dir');
99
  variable_del('cas_login_drupal_invite');
100
  variable_del('cas_login_form');
101
  variable_del('cas_login_invite');
102
  variable_del('cas_login_message');
103
  variable_del('cas_login_redir_message');
104
  variable_del('cas_logout_destination');
105
  variable_del('cas_pages');
106
  variable_del('cas_pgtformat');
107
  variable_del('cas_pgtpath');
108
  variable_del('cas_port');
109
  variable_del('cas_proxy');
110
  variable_del('cas_proxy_list');
111
  variable_del('cas_registerURL');
112
  variable_del('cas_server');
113
  variable_del('cas_uri');
114
  variable_del('cas_user_register');
115
  variable_del('cas_version');
116
  variable_del('cas_single_logout_session_lifetime');
117

    
118
  // And old (un-used) variables.
119
  variable_del('cas_cert_verify');
120
  variable_del('cas_check_first');
121
  variable_del('cas_first_login');
122
  variable_del('cas_hijack_user');
123
  variable_del('cas_ldap_email_attribute');
124
  variable_del('cas_logout_redirect');
125
  variable_del('cas_signout');
126
  variable_del('cas_useldap');
127
  variable_del('cas_useldap_groups');
128
  variable_del('cas_verify');
129
}
130

    
131
/**
132
 * Implements hook_requirements().
133
 */
134
function cas_requirements($phase) {
135
  $requirements = array();
136
  $t = get_t();
137

    
138
  if ($phase == 'runtime') {
139
    $phpcas_url = 'https://wiki.jasig.org/display/CASC/phpCAS';
140

    
141
    $requirements['phpcas']['title'] = $t('phpCAS');
142
    // Okay to call functions from cas.module since we are in the runtime
143
    // phase. We hide errors here in case phpcas could not be loaded.
144
    if ($version = @cas_phpcas_load()) {
145
      $requirements['phpcas']['value'] = $version;
146
      $requirements['phpcas']['severity'] = REQUIREMENT_INFO;
147
      $requirements['phpcas']['description'] = $t('Please check periodically for <a href="@phpcas_url">security updates</a> to phpCAS.', array('@phpcas_url' => $phpcas_url));
148
    }
149
    else {
150
      $requirements['phpcas']['value'] = $t('Not found');
151
      $requirements['phpcas']['severity'] = REQUIREMENT_ERROR;
152
      $requirements['phpcas']['description'] = $t('phpCAS could not be loaded. Please <a href="@phpcas_url">download phpCAS</a> and <a href="@cas_url">configure its location</a>.', array('@phpcas_url' => $phpcas_url, '@cas_url' => url('admin/config/people/cas')));
153
    }
154

    
155
    $cert = variable_get('cas_cert');
156
    if (empty($cert)) {
157
      $requirements['cas_cert'] = array(
158
        'title' => $t('CAS SSL certificate bundle'),
159
        'severity' => REQUIREMENT_ERROR,
160
        'value' => $t('Not set'),
161
        'description' => $t('The CAS authentication process is not completely secure. Please <a href="@settings_url">visit the CAS settings page</a> and provide the path to the certificate authority bundle.'),
162
      );
163
    }
164
  }
165
  return $requirements;
166
}
167

    
168
/**
169
 * Implements hook_enable().
170
 */
171
function cas_enable() {
172
  drupal_set_message(t('CAS has been enabled. Please <a href="@url">configure</a> it.', array('@url' => url('admin/config/people/cas'))), 'warning');
173
}
174

    
175
/**
176
 * Creates CAS login data table for Single-Sign-Out.
177
 */
178
function cas_update_1() {
179
  $schema = array();
180

    
181
  $schema['cas_login_data'] = array(
182
    'description' => 'Stores CAS session information.',
183
    'fields' => array(
184
      'cas_session_id' => array(
185
        'description' => 'CAS session ID',
186
        'type' => 'varchar',
187
        'length' => 255,
188
        'not null' => TRUE,
189
        'default' => '',
190
      ),
191
      'uid' => array(
192
        'description' => 'The {users}.uid associated with the CAS session.',
193
        'type' => 'int',
194
        'unsigned' => TRUE,
195
        'not null' => TRUE,
196
      ),
197
    ),
198
    'primary key' => array('cas_session_id'),
199
  );
200

    
201
  db_create_table('cas_login_data', $schema['cas_login_data']);
202
}
203

    
204
/**
205
 * Depreciate "Verify the server using PEM cerificate" option.
206
 */
207
function cas_update_6300() {
208
  if (variable_get('cas_cert_verify', 'none') == 'verify') {
209
    variable_set('cas_cert_verify', 'none');
210
  }
211
}
212

    
213
/**
214
 * Migrate authmap entries to new {cas_user} table.
215
 */
216
function cas_update_6301() {
217
  $schema = array();
218

    
219
  $schema['cas_user'] = array(
220
    'description' => 'Stores CAS authentication mapping.',
221
    'fields' => array(
222
      'aid' => array(
223
        'description' => 'Primary Key: Unique CAS authentication mapping ID.',
224
        'type' => 'serial',
225
        'unsigned' => TRUE,
226
        'not null' => TRUE,
227
      ),
228
      'uid' => array(
229
        'type' => 'int',
230
        'not null' => TRUE,
231
        'default' => 0,
232
        'description' => "User's {users}.uid.",
233
      ),
234
      'cas_name' => array(
235
        'type' => 'varchar',
236
        'length' => 128,
237
        'not null' => TRUE,
238
        'default' => '',
239
        'description' => 'Unique CAS username.',
240
      ),
241
    ),
242
    'unique keys' => array(
243
      'cas_name' => array('cas_name'),
244
    ),
245
    'primary key' => array('aid'),
246
    'foreign keys' => array(
247
      'user' => array(
248
        'table' => 'users',
249
        'columns' => array('uid' => 'uid'),
250
      ),
251
    ),
252
  );
253

    
254
  // Create {cas_user} table.
255
  db_create_table('cas_user', $schema['cas_user']);
256

    
257
  // Migrate entries from {authmap} to {cas_user}.
258
  $query = db_select('authmap', 'a')
259
    ->condition('module', 'cas')
260
    ->condition('uid', 0, '<>');
261
  $query->addField('a', 'uid');
262
  $query->addField('a', 'authname', 'cas_name');
263
  db_insert('cas_user')
264
    ->from($query)
265
    ->execute();
266

    
267
  // Remove old entries in {authmap}.
268
  db_delete('authmap')
269
    ->condition('module', 'cas')
270
    ->execute();
271
}
272

    
273
/**
274
 * Remove 'hijack user' and 'Drupal is CAS user repository' options.
275
 */
276
function cas_update_6302() {
277
  $message = NULL;
278
  $t = get_t();
279

    
280
  if (variable_get('cas_authmap', 0) || variable_get('cas_hijack_user', 0)) {
281
    // Create a mapping in {cas_user} for each current Drupal user.
282
    // The code below generates SQL equivalent to:
283
    //   INSERT INTO cas_user (uid, cas_name)
284
    //   SELECT u.uid AS uid, u.name as cas_name
285
    //   FROM users u
286
    //   WHERE uid <> 0 AND NOT EXISTS (SELECT cas_name FROM cas_user c WHERE c.cas_name = u.name);
287

    
288
    $query = db_select('users', 'u');
289
    $query->addField('u', 'uid', 'uid');
290
    $query->addField('u', 'name', 'cas_name');
291
    $query->condition('uid', 0, '<>');
292
    $query->notExists(
293
      db_select('cas_user', 'c')
294
      ->fields('c', array('cas_name'))
295
      ->where('c.cas_name = u.name')
296
    );
297
    db_insert('cas_user')
298
      ->from($query)
299
      ->execute();
300

    
301
    $message = $t('Users have been automatically assigned their CAS username. For more information, see "Associating CAS usernames with Drupal users" in the CAS module README.txt.');
302
  }
303

    
304
  variable_del('cas_authmap');
305
  variable_del('cas_hijack_user');
306
  return $message;
307
}
308

    
309
/**
310
 * Remove unnecessary CAS settings.
311
 */
312
function cas_update_6303() {
313
  // We have removed the cas_first_login option, and instead verify that
314
  // cas_first_login_destination is non-empty. To preserve functionality,
315
  // we need to update the destination to '<front>' if previously the option
316
  // was selected but the destination was empty.
317
  if (variable_get('cas_first_login', FALSE)) {
318
    if (variable_get('cas_first_login_destination', '') == '') {
319
      variable_set('cas_first_login_destination', '<front>');
320
    }
321
  }
322
  else {
323
    variable_set('cas_first_login_destination', '');
324
  }
325
  variable_del('cas_first_login');
326

    
327
  // Similarly for the cas_logout_redirect and cas_logout_destination
328
  // variables.
329
  if (variable_get('cas_logout_redirect', FALSE)) {
330
    if (variable_get('cas_logout_destination', '') == '') {
331
      variable_set('cas_logout_destination', '<front>');
332
    }
333
  }
334
  else {
335
    variable_set('cas_logout_destination', '');
336
  }
337
  variable_del('cas_logout_redirect');
338

    
339
  // If the Certicate Authority is not being verified, ensure that the
340
  // certificate field is empty.
341
  if (variable_get('cas_cert_verify', 'none') == 'none') {
342
    variable_set('cas_cert', '');
343
  }
344
  variable_del('cas_cert_verify');
345

    
346
  // Also remove the variable controlling CAS Single Sign-Out which is now
347
  // always enabled.
348
  variable_del('cas_signout');
349

    
350
  return array();
351
}
352

    
353
/**
354
 * Add destination parameter to CAS Login / CAS Logout menu links.
355
 */
356
function cas_update_6304() {
357
  // Load and save each link to 'cas' or 'caslogout' so that the 'alter' option
358
  // is enabled. This allows us to append the destination parameter to the
359
  // links at runtime. Since the menu items 'cas' and 'caslogout' are not
360
  // functional without the destination parameter, we do this for all menu
361
  // links, even custom defined ones (i.e., those with module = 'menu').
362
  $result = db_query("SELECT mlid FROM {menu_links} WHERE link_path IN (:link_path)", array(':link_path' => array('cas', 'caslogout')));
363
  foreach ($result as $record) {
364
    $link = menu_link_load($record->mlid);
365
    menu_link_save($link);
366
  }
367
}
368

    
369
/**
370
 * Transform numeric block deltas to string block deltas.
371
 */
372
function cas_update_7000(&$sandbox) {
373
  $renamed_deltas = array(
374
    'cas' => array('0' => 'login'),
375
  );
376
  $moved_deltas = array();
377
  update_fix_d7_block_deltas($sandbox, $renamed_deltas, $moved_deltas);
378
}
379

    
380
/**
381
 * Use variable 'cas_check_frequency' instead of 'cas_gateway'.
382
 */
383
function cas_update_7101() {
384
  if (variable_get('cas_check_first', NULL) === NULL) {
385
    // The old variable was not set, nothing to do.
386
    return;
387
  }
388

    
389
  if (variable_get('cas_check_first', FALSE)) {
390
    // Check once, but not again until login.
391
    variable_set('cas_check_frequency', -1);
392
  }
393
  else {
394
    // Check never.
395
    variable_set('cas_check_frequency', -2);
396
  }
397
  variable_del('cas_check_first');
398
}
399

    
400
/**
401
 * Add index on cas_user.uid
402
 */
403
function cas_update_7102() {
404
  if (!db_index_exists('cas_user', 'cas_user')) {
405
    db_add_index('cas_user', 'cas_user', array('uid'));
406
  }
407
}
408

    
409
/**
410
 * Add created column to cas_login_data table.
411
 */
412
function cas_update_7103() {
413
  db_add_field('cas_login_data', 'created', array(
414
    'type' => 'int',
415
    'not null' => TRUE,
416
    'default' => 0,
417
    'description' => 'Timestamp when this record was created.',
418
  ));
419
  $now = time();
420
  // Assume that all data was inserted today. This is obviously not true, but
421
  // it will prevent us from deleting the existing data for some time, since
422
  // the cron task will only delete data older than X days.
423
  db_update('cas_login_data')
424
    ->fields(array('created' => $now))
425
    ->execute();
426
}
427

    
428
/**
429
 * Hash all existing CAS session IDs in cas_login_data.
430
 */
431
function cas_update_7104() {
432
  $result = db_query('SELECT cas_session_id FROM {cas_login_data}');
433
  foreach ($result as $data) {
434
    db_update('cas_login_data')
435
      ->fields(array('cas_session_id' => hash('sha256', $data->cas_session_id)))
436
      ->condition('cas_session_id', $data->cas_session_id)
437
      ->execute();
438
  }
439
}