Révision 4f315dab
Ajouté par Assos Assos il y a environ 8 ans
| drupal7/sites/all/modules/cas/cas_server.module | ||
|---|---|---|
| 44 | 44 |
'access callback' => TRUE, |
| 45 | 45 |
'type' => MENU_CALLBACK, |
| 46 | 46 |
); |
| 47 |
|
|
| 48 |
$items['admin/config/people/cas_server'] = array( |
|
| 49 |
'title' => 'CAS Server', |
|
| 50 |
'description' => 'Configure central authentication services server', |
|
| 51 |
'page callback' => 'drupal_get_form', |
|
| 52 |
'page arguments' => array('cas_server_admin_settings'),
|
|
| 53 |
'access arguments' => array('administer cas server'),
|
|
| 54 |
'type' => MENU_NORMAL_ITEM, |
|
| 55 |
'file' => 'cas_server.admin.inc', |
|
| 56 |
); |
|
| 57 |
|
|
| 58 |
$items['admin/config/people/cas_server/settings'] = array( |
|
| 59 |
'title' => 'Settings', |
|
| 60 |
'type' => MENU_DEFAULT_LOCAL_TASK, |
|
| 61 |
'weight' => -10, |
|
| 62 |
); |
|
| 63 |
|
|
| 47 | 64 |
return $items; |
| 48 | 65 |
} |
| 49 | 66 |
|
| 67 |
/** |
|
| 68 |
* Implements hook_permission(). |
|
| 69 |
*/ |
|
| 70 |
function cas_server_permission() {
|
|
| 71 |
return array( |
|
| 72 |
'administer cas server' => array( |
|
| 73 |
'title' => t('Administer CAS Server'),
|
|
| 74 |
'description' => t('Configure CAS server settings.'),
|
|
| 75 |
'restrict access' => TRUE, |
|
| 76 |
) |
|
| 77 |
); |
|
| 78 |
} |
|
| 79 |
|
|
| 50 | 80 |
/** |
| 51 | 81 |
* Implements hook_theme(). |
| 52 | 82 |
*/ |
| ... | ... | |
| 68 | 98 |
'variables' => array('ticket' => NULL, 'date' => NULL, 'id' => NULL),
|
| 69 | 99 |
'file' => 'cas_server.response.inc', |
| 70 | 100 |
), |
| 101 |
'cas_service_validate_whitelist_failure' => array( |
|
| 102 |
'variables' => array('service' => NULL, 'error_code' => NULL),
|
|
| 103 |
'file' => 'cas_server.response.inc', |
|
| 104 |
), |
|
| 71 | 105 |
); |
| 72 | 106 |
} |
| 73 | 107 |
|
| ... | ... | |
| 105 | 139 |
// Set login cookie so that we know we're in the process of logging in |
| 106 | 140 |
global $user; |
| 107 | 141 |
$output=''; |
| 142 |
$whitelist_error_msg = variable_get('cas_server_whitelist_failure', t('You do not have permission to login to CAS from this service.'));
|
|
| 108 | 143 |
$service = isset($_REQUEST['service']) ? $_REQUEST['service'] : ''; |
| 109 | 144 |
$gateway = isset($_REQUEST['gateway']); |
| 110 | 145 |
if ($user->uid) {
|
| 111 | 146 |
if ($service) {
|
| 112 |
$_COOKIE[CAS_LOGIN_COOKIE] = $service; |
|
| 147 |
// Check service against whitelist |
|
| 148 |
if (!_cas_server_check_service_whitelist($service)) {
|
|
| 149 |
return $whitelist_error_msg; |
|
| 150 |
} |
|
| 151 |
else {
|
|
| 152 |
$_COOKIE[CAS_LOGIN_COOKIE] = $service; |
|
| 153 |
} |
|
| 113 | 154 |
} |
| 114 | 155 |
$output=t('You have successfully logged into CAS');
|
| 115 | 156 |
cas_server_service_return(); |
| ... | ... | |
| 121 | 162 |
else {
|
| 122 | 163 |
// Redirect to user login |
| 123 | 164 |
if ($service) {
|
| 124 |
setcookie(CAS_LOGIN_COOKIE, $service); |
|
| 165 |
// Check service against whitelist |
|
| 166 |
if (!_cas_server_check_service_whitelist($service)) {
|
|
| 167 |
return $whitelist_error_msg; |
|
| 168 |
} |
|
| 169 |
else {
|
|
| 170 |
setcookie(CAS_LOGIN_COOKIE, $service); |
|
| 171 |
} |
|
| 125 | 172 |
} |
| 126 | 173 |
$output .= l(t('Login'), 'user', array('query' => array('destination' => 'cas/login')));
|
| 127 |
drupal_goto('user', array('query' => array('destination' => 'cas/login')));
|
|
| 174 |
drupal_goto('user/login', array('query' => array('destination' => 'cas/login')));
|
|
| 128 | 175 |
} |
| 129 | 176 |
} |
| 130 | 177 |
return $output; |
| ... | ... | |
| 144 | 191 |
//Obtain the ticket from the url and validate it. |
| 145 | 192 |
$ticket = isset($_REQUEST['ticket']) ? $_REQUEST['ticket'] : ''; |
| 146 | 193 |
$service = isset($_REQUEST['service']) ? $_REQUEST['service'] : ''; |
| 194 |
|
|
| 195 |
// Check service against whitelist |
|
| 196 |
if (!_cas_server_check_service_whitelist($service)) {
|
|
| 197 |
print "no\n"; |
|
| 198 |
print "\n"; |
|
| 199 |
return; |
|
| 200 |
} |
|
| 201 |
|
|
| 147 | 202 |
$user_name = _cas_server_validate($service, $ticket); |
| 148 | 203 |
if ($user_name) {
|
| 149 | 204 |
print "yes\n"; |
| ... | ... | |
| 167 | 222 |
|
| 168 | 223 |
$ticket = isset($_REQUEST['ticket']) ? $_REQUEST['ticket'] : ''; |
| 169 | 224 |
$service = isset($_REQUEST['service']) ? $_REQUEST['service'] : ''; |
| 225 |
|
|
| 226 |
// Check service against whitelist |
|
| 227 |
if (!_cas_server_check_service_whitelist($service)) {
|
|
| 228 |
$cas_error='INVALID_REQUEST'; |
|
| 229 |
print theme('cas_server_validate_whitelist_failure', array('service' => $service, 'error_code' => $cas_error));
|
|
| 230 |
watchdog('cas', 'Service %service validation failed!', array('%service' => $service));
|
|
| 231 |
return; |
|
| 232 |
} |
|
| 233 |
|
|
| 170 | 234 |
$user_name = _cas_server_validate($service, $ticket); |
| 171 | 235 |
if (!$user_name) $cas_error='INVALID_TICKET'; |
| 172 | 236 |
if (!$ticket || !$service) $cas_error='INVALID_REQUEST'; |
| ... | ... | |
| 186 | 250 |
drupal_alter('cas_server_user_attributes', $attributes, $account, $context);
|
| 187 | 251 |
|
| 188 | 252 |
print theme('cas_service_validate_success', array('name' => $user_name, 'attributes' => $attributes));
|
| 189 |
watchdog('cas', 'User %name CAS sucessully authenticated.', array('%name' => $user_name));
|
|
| 253 |
watchdog('cas', 'User %name CAS successfully authenticated.', array('%name' => $user_name));
|
|
| 190 | 254 |
} |
| 191 | 255 |
else {
|
| 192 | 256 |
print theme('cas_service_validate_failure', array('ticket' => $ticket, 'error_code' => $cas_error));
|
| ... | ... | |
| 194 | 258 |
} |
| 195 | 259 |
} |
| 196 | 260 |
|
| 261 |
function _cas_server_check_service_whitelist($service) {
|
|
| 262 |
$mapping_raw = variable_get('cas_server_service_whitelist', '');
|
|
| 263 |
if (trim($mapping_raw) != '') {
|
|
| 264 |
if (!drupal_match_path($service, $mapping_raw)) {
|
|
| 265 |
return FALSE; |
|
| 266 |
} |
|
| 267 |
} |
|
| 268 |
return TRUE; |
|
| 269 |
} |
|
| 270 |
|
|
| 197 | 271 |
/** |
| 198 | 272 |
* Test to see if a one time use ticket is valid |
| 199 | 273 |
* |
| ... | ... | |
| 239 | 313 |
* Menu callback; triggers a CAS logout. |
| 240 | 314 |
*/ |
| 241 | 315 |
function cas_server_logout() {
|
| 242 |
global $user; |
|
| 316 |
// Check service against whitelist |
|
| 317 |
if (!_cas_server_check_service_whitelist($_GET['service'])) {
|
|
| 318 |
return variable_get('cas_server_whitelist_failure', t('You do not have permission to login to CAS from this service.'));
|
|
| 319 |
} |
|
| 243 | 320 |
|
| 244 |
watchdog('user', 'Session closed for %name.', array('%name' => $user->name));
|
|
| 321 |
global $user;
|
|
| 245 | 322 |
|
| 246 |
module_invoke_all('user_logout', $user);
|
|
| 323 |
// Due to the order of sessions being destroyed on a client site vs CAS server, |
|
| 324 |
// there is a workflow that would allow the user's session to not exist at this point. |
|
| 325 |
// Skip triggering user logout related processes if there is not a valid user in session. |
|
| 326 |
if(user_is_logged_in()) {
|
|
| 327 |
// Log the successful logout process. |
|
| 328 |
watchdog('user', 'Session closed for %name.', array('%name' => $user->name));
|
|
| 329 |
// Tell modules about the logout. |
|
| 330 |
module_invoke_all('user_logout', $user);
|
|
| 331 |
} |
|
| 247 | 332 |
|
| 248 | 333 |
// Destroy the current session, and reset $user to the anonymous user. |
| 249 | 334 |
session_destroy(); |
Formats disponibles : Unified diff
Weekly update of contrib modules