Révision 4f315dab
Ajouté par Assos Assos il y a environ 8 ans
drupal7/sites/all/modules/cas/cas_server.module | ||
---|---|---|
44 | 44 |
'access callback' => TRUE, |
45 | 45 |
'type' => MENU_CALLBACK, |
46 | 46 |
); |
47 |
|
|
48 |
$items['admin/config/people/cas_server'] = array( |
|
49 |
'title' => 'CAS Server', |
|
50 |
'description' => 'Configure central authentication services server', |
|
51 |
'page callback' => 'drupal_get_form', |
|
52 |
'page arguments' => array('cas_server_admin_settings'), |
|
53 |
'access arguments' => array('administer cas server'), |
|
54 |
'type' => MENU_NORMAL_ITEM, |
|
55 |
'file' => 'cas_server.admin.inc', |
|
56 |
); |
|
57 |
|
|
58 |
$items['admin/config/people/cas_server/settings'] = array( |
|
59 |
'title' => 'Settings', |
|
60 |
'type' => MENU_DEFAULT_LOCAL_TASK, |
|
61 |
'weight' => -10, |
|
62 |
); |
|
63 |
|
|
47 | 64 |
return $items; |
48 | 65 |
} |
49 | 66 |
|
67 |
/** |
|
68 |
* Implements hook_permission(). |
|
69 |
*/ |
|
70 |
function cas_server_permission() { |
|
71 |
return array( |
|
72 |
'administer cas server' => array( |
|
73 |
'title' => t('Administer CAS Server'), |
|
74 |
'description' => t('Configure CAS server settings.'), |
|
75 |
'restrict access' => TRUE, |
|
76 |
) |
|
77 |
); |
|
78 |
} |
|
79 |
|
|
50 | 80 |
/** |
51 | 81 |
* Implements hook_theme(). |
52 | 82 |
*/ |
... | ... | |
68 | 98 |
'variables' => array('ticket' => NULL, 'date' => NULL, 'id' => NULL), |
69 | 99 |
'file' => 'cas_server.response.inc', |
70 | 100 |
), |
101 |
'cas_service_validate_whitelist_failure' => array( |
|
102 |
'variables' => array('service' => NULL, 'error_code' => NULL), |
|
103 |
'file' => 'cas_server.response.inc', |
|
104 |
), |
|
71 | 105 |
); |
72 | 106 |
} |
73 | 107 |
|
... | ... | |
105 | 139 |
// Set login cookie so that we know we're in the process of logging in |
106 | 140 |
global $user; |
107 | 141 |
$output=''; |
142 |
$whitelist_error_msg = variable_get('cas_server_whitelist_failure', t('You do not have permission to login to CAS from this service.')); |
|
108 | 143 |
$service = isset($_REQUEST['service']) ? $_REQUEST['service'] : ''; |
109 | 144 |
$gateway = isset($_REQUEST['gateway']); |
110 | 145 |
if ($user->uid) { |
111 | 146 |
if ($service) { |
112 |
$_COOKIE[CAS_LOGIN_COOKIE] = $service; |
|
147 |
// Check service against whitelist |
|
148 |
if (!_cas_server_check_service_whitelist($service)) { |
|
149 |
return $whitelist_error_msg; |
|
150 |
} |
|
151 |
else { |
|
152 |
$_COOKIE[CAS_LOGIN_COOKIE] = $service; |
|
153 |
} |
|
113 | 154 |
} |
114 | 155 |
$output=t('You have successfully logged into CAS'); |
115 | 156 |
cas_server_service_return(); |
... | ... | |
121 | 162 |
else { |
122 | 163 |
// Redirect to user login |
123 | 164 |
if ($service) { |
124 |
setcookie(CAS_LOGIN_COOKIE, $service); |
|
165 |
// Check service against whitelist |
|
166 |
if (!_cas_server_check_service_whitelist($service)) { |
|
167 |
return $whitelist_error_msg; |
|
168 |
} |
|
169 |
else { |
|
170 |
setcookie(CAS_LOGIN_COOKIE, $service); |
|
171 |
} |
|
125 | 172 |
} |
126 | 173 |
$output .= l(t('Login'), 'user', array('query' => array('destination' => 'cas/login'))); |
127 |
drupal_goto('user', array('query' => array('destination' => 'cas/login'))); |
|
174 |
drupal_goto('user/login', array('query' => array('destination' => 'cas/login')));
|
|
128 | 175 |
} |
129 | 176 |
} |
130 | 177 |
return $output; |
... | ... | |
144 | 191 |
//Obtain the ticket from the url and validate it. |
145 | 192 |
$ticket = isset($_REQUEST['ticket']) ? $_REQUEST['ticket'] : ''; |
146 | 193 |
$service = isset($_REQUEST['service']) ? $_REQUEST['service'] : ''; |
194 |
|
|
195 |
// Check service against whitelist |
|
196 |
if (!_cas_server_check_service_whitelist($service)) { |
|
197 |
print "no\n"; |
|
198 |
print "\n"; |
|
199 |
return; |
|
200 |
} |
|
201 |
|
|
147 | 202 |
$user_name = _cas_server_validate($service, $ticket); |
148 | 203 |
if ($user_name) { |
149 | 204 |
print "yes\n"; |
... | ... | |
167 | 222 |
|
168 | 223 |
$ticket = isset($_REQUEST['ticket']) ? $_REQUEST['ticket'] : ''; |
169 | 224 |
$service = isset($_REQUEST['service']) ? $_REQUEST['service'] : ''; |
225 |
|
|
226 |
// Check service against whitelist |
|
227 |
if (!_cas_server_check_service_whitelist($service)) { |
|
228 |
$cas_error='INVALID_REQUEST'; |
|
229 |
print theme('cas_server_validate_whitelist_failure', array('service' => $service, 'error_code' => $cas_error)); |
|
230 |
watchdog('cas', 'Service %service validation failed!', array('%service' => $service)); |
|
231 |
return; |
|
232 |
} |
|
233 |
|
|
170 | 234 |
$user_name = _cas_server_validate($service, $ticket); |
171 | 235 |
if (!$user_name) $cas_error='INVALID_TICKET'; |
172 | 236 |
if (!$ticket || !$service) $cas_error='INVALID_REQUEST'; |
... | ... | |
186 | 250 |
drupal_alter('cas_server_user_attributes', $attributes, $account, $context); |
187 | 251 |
|
188 | 252 |
print theme('cas_service_validate_success', array('name' => $user_name, 'attributes' => $attributes)); |
189 |
watchdog('cas', 'User %name CAS sucessully authenticated.', array('%name' => $user_name));
|
|
253 |
watchdog('cas', 'User %name CAS successfully authenticated.', array('%name' => $user_name));
|
|
190 | 254 |
} |
191 | 255 |
else { |
192 | 256 |
print theme('cas_service_validate_failure', array('ticket' => $ticket, 'error_code' => $cas_error)); |
... | ... | |
194 | 258 |
} |
195 | 259 |
} |
196 | 260 |
|
261 |
function _cas_server_check_service_whitelist($service) { |
|
262 |
$mapping_raw = variable_get('cas_server_service_whitelist', ''); |
|
263 |
if (trim($mapping_raw) != '') { |
|
264 |
if (!drupal_match_path($service, $mapping_raw)) { |
|
265 |
return FALSE; |
|
266 |
} |
|
267 |
} |
|
268 |
return TRUE; |
|
269 |
} |
|
270 |
|
|
197 | 271 |
/** |
198 | 272 |
* Test to see if a one time use ticket is valid |
199 | 273 |
* |
... | ... | |
239 | 313 |
* Menu callback; triggers a CAS logout. |
240 | 314 |
*/ |
241 | 315 |
function cas_server_logout() { |
242 |
global $user; |
|
316 |
// Check service against whitelist |
|
317 |
if (!_cas_server_check_service_whitelist($_GET['service'])) { |
|
318 |
return variable_get('cas_server_whitelist_failure', t('You do not have permission to login to CAS from this service.')); |
|
319 |
} |
|
243 | 320 |
|
244 |
watchdog('user', 'Session closed for %name.', array('%name' => $user->name));
|
|
321 |
global $user;
|
|
245 | 322 |
|
246 |
module_invoke_all('user_logout', $user); |
|
323 |
// Due to the order of sessions being destroyed on a client site vs CAS server, |
|
324 |
// there is a workflow that would allow the user's session to not exist at this point. |
|
325 |
// Skip triggering user logout related processes if there is not a valid user in session. |
|
326 |
if(user_is_logged_in()) { |
|
327 |
// Log the successful logout process. |
|
328 |
watchdog('user', 'Session closed for %name.', array('%name' => $user->name)); |
|
329 |
// Tell modules about the logout. |
|
330 |
module_invoke_all('user_logout', $user); |
|
331 |
} |
|
247 | 332 |
|
248 | 333 |
// Destroy the current session, and reset $user to the anonymous user. |
249 | 334 |
session_destroy(); |
Formats disponibles : Unified diff
Weekly update of contrib modules