Projet

Général

Profil

Paste
Télécharger (16,4 ko) Statistiques
| Branche: | Révision:

root / drupal7 / sites / all / modules / cas / cas.admin.inc @ 6ae446a4

1 85ad3d82 Assos Assos
<?php
2
3
/**
4
 * @file
5
 * CAS module settings UI.
6
 */
7
8
/**
9
 * Provides settings pages.
10
 */
11
function cas_admin_settings() {
12
13
  $form['library'] = array(
14
    '#type' => 'fieldset',
15
    '#title' => t('Library (phpCAS)'),
16
    '#collapsible' => TRUE,
17
  );
18
  if (module_exists('libraries')) {
19
    // If Libraries API is enabled, print an information item.
20
    $form['library']['cas_library_dir'] = array(
21
      '#type' => 'item',
22
      '#title' => t('Library directory'),
23
      '#value' => t('Using <a href="@url">Libraries API</a>.', array('@url' => 'http://drupal.org/project/libraries')),
24
      '#description' => t('Please ensure phpCAS is installed in a location compatible with Libraries API. For example, install phpCAS so that <em>sites/all/libraries/CAS/CAS.php</em> exists. See README.txt for more information.'),
25
      '#after_build' => array('cas_library_version_check'),
26
    );
27
  }
28
  else {
29
    // If Libraries API is not installed, display path settings.
30
    $form['library']['cas_library_dir'] = array(
31
      '#type' => 'textfield',
32
      '#title' => t('Library directory'),
33
      '#default_value' => variable_get('cas_library_dir', 'CAS'),
34
      '#description' => t('Specify the path to the directory the CAS.php file resides in. Leave blank to load cas from your phpinclude path.'),
35
      '#after_build' => array('cas_library_version_check'),
36
    );
37
  }
38
39
40
  $form['server'] = array(
41
    '#type' => 'fieldset',
42
    '#title' => t('CAS Server'),
43
    '#collapsible' => TRUE,
44
    '#collapsed' => FALSE,
45
  );
46
47
  $form['server']['cas_version'] = array(
48
    '#type' => 'radios',
49
    '#title' => t('Version'),
50 4f315dab Assos Assos
    '#default_value' => variable_get('cas_version', '3.0'),
51 85ad3d82 Assos Assos
    '#options' => array(
52
      '1.0' => '1.0',
53 4f315dab Assos Assos
      '2.0' => t('2.0'),
54
      '3.0' => t('3.0 or higher (requires phpCAS >= 1.3.3)'),
55 85ad3d82 Assos Assos
      'S1' => t('SAML Version 1.1'),
56
    ),
57
  );
58
59
  $form['server']['cas_server'] = array(
60
    '#type' => 'textfield',
61
    '#title' => t('Hostname'),
62
    '#default_value' => variable_get('cas_server', ''),
63
    '#size' => 30,
64
    // Hostnames can be 255 characters long.
65
    '#maxlength' => 255,
66
    '#description' => t('Hostname or IP Address of the CAS server.'),
67
  );
68
69
  $form['server']['cas_port'] = array(
70
    '#type' => 'textfield',
71
    '#title' => t('Port'),
72
    '#default_value' => variable_get('cas_port', '443'),
73
    '#size' => 5,
74
    // The maximum port number is 65536, 5 digits.
75
    '#maxlength' => 5,
76
    '#description' => t('443 is the standard SSL port. 8443 is the standard non-root port for Tomcat.'),
77
  );
78
79
  $form['server']['cas_uri'] = array(
80
    '#type' => 'textfield',
81
    '#title' => t('URI'),
82
    '#default_value' => variable_get('cas_uri', ''),
83
    '#size' => 30,
84
    '#description' => t('If CAS is not at the root of the host, include a URI (e.g., /cas).'),
85
  );
86
87
  $form['server']['cas_cert'] = array(
88
    '#type' => 'textfield',
89
    '#title' => t('Certificate Authority PEM Certificate'),
90
    '#default_value' => variable_get('cas_cert', ''),
91
    '#maxlength' => 255,
92
    '#description' => t('The PEM certificate of the Certificate Authority that issued the certificate of the CAS server. If omitted, the certificate authority will not be verified.'),
93
  );
94
95
  $form['login'] = array(
96
    '#type' => 'fieldset',
97
    '#title' => t('Login form'),
98
    '#collapsible' => TRUE,
99
    '#collapsed' => TRUE,
100
  );
101
102
  $form['login']['cas_login_form'] = array(
103
    '#type' => 'radios',
104
    '#title' => t('Add CAS link to login forms'),
105
    '#default_value' => variable_get('cas_login_form', CAS_NO_LINK),
106
    '#options' => array(
107
      CAS_NO_LINK => t('Do not add link to login forms'),
108
      CAS_ADD_LINK => t('Add link to login forms'),
109 4f315dab Assos Assos
      CAS_MAKE_DEFAULT => t('Make CAS login default on login forms'),
110
      CAS_REDIRECT => t('Redirect the login form to CAS'),
111
    ),
112 85ad3d82 Assos Assos
  );
113
114
  $form['login']['cas_login_invite'] = array(
115
    '#type' => 'textfield',
116
    '#title' => t('CAS Login invitation'),
117
    '#default_value' => variable_get('cas_login_invite', CAS_LOGIN_INVITE_DEFAULT),
118
    '#description' => t('Message users will see to invite them to log in with CAS credentials.'),
119
  );
120
121
  $form['login']['cas_login_drupal_invite'] = array(
122
    '#type' => 'textfield',
123
    '#title' => t('Drupal login invitation'),
124
    '#default_value' => variable_get('cas_login_drupal_invite', CAS_LOGIN_DRUPAL_INVITE_DEFAULT),
125
    '#description' => t('Message users will see to invite them to log in with Drupal credentials.'),
126
  );
127
128
  $form['login']['cas_login_redir_message'] = array(
129
    '#type' => 'textfield',
130
    '#title' => t('Redirection notification message'),
131
    '#default_value' => variable_get('cas_login_redir_message', CAS_LOGIN_REDIR_MESSAGE),
132
    '#description' => t('Message users see at the top of the CAS login form to warn them that they are being redirected to the CAS server.'),
133
  );
134
135 4f315dab Assos Assos
  // Setting for message displayed to user upon successful login
136 85ad3d82 Assos Assos
  $form['login']['cas_login_message'] = array(
137
    '#type' => 'textfield',
138
    '#title' => t('Successful login message'),
139
    '#default_value' => variable_get('cas_login_message', 'Logged in via CAS as %cas_username.'),
140
    '#description' => t('Message displayed when a user logs in successfully. <em>%cas_username</em> will be replaced with the user\'s name.'),
141
  );
142
143
144
  $form['account'] = array(
145
    '#type' => 'fieldset',
146
    '#title' => t('User accounts'),
147
    '#collapsible' => TRUE,
148
    '#collapsed' => TRUE,
149
  );
150
151
  $form['account']['cas_user_register'] = array(
152
    '#type' => 'checkbox',
153
    '#title' => t('Automatically create Drupal accounts'),
154
    '#default_value' => variable_get('cas_user_register', 1),
155
    '#description' => t('Whether a Drupal account is automatically created the first time a CAS user logs into the site. If disabled, you will need to pre-register Drupal accounts for authorized users.'),
156
  );
157
158
  $form['account']['cas_domain'] = array(
159
    '#type' => 'textfield',
160
    '#title' => t('E-mail address'),
161
    '#field_prefix' => t('username@'),
162
    '#default_value' => variable_get('cas_domain', ''),
163
    '#size' => 30,
164
    // Hostnames can be 255 characters long.
165
    '#maxlength' => 255,
166
    '#description' => t("If provided, automatically generate each new user's e-mail address. If omitted, the e-mail field will not be populated. Other modules may be used to populate the e-mail field from CAS attributes or LDAP servers."),
167
  );
168
169
  // Taken from Drupal's User module.
170
  $roles = array_map('check_plain', user_roles(TRUE));
171
  $checkbox_authenticated = array(
172
    '#type' => 'checkbox',
173
    '#title' => $roles[DRUPAL_AUTHENTICATED_RID],
174
    '#default_value' => TRUE,
175
    '#disabled' => TRUE,
176
  );
177
  unset($roles[DRUPAL_AUTHENTICATED_RID]);
178
  $form['account']['cas_auto_assigned_role'] = array(
179
    '#type' => 'checkboxes',
180
    '#title' => t('Roles'),
181
    '#description' => t('The selected roles will be automatically assigned to each CAS user on login. Use this to automatically give CAS users additional privileges or to identify CAS users to other modules.'),
182
    '#default_value' => variable_get('cas_auto_assigned_role', array()),
183
    '#options' => $roles,
184
    '#access' => user_access('administer permissions'),
185
    DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
186
  );
187
188
  $form['account']['cas_hide_email'] = array(
189
    '#type' => 'checkbox',
190
    '#title' => t('Users cannot change email address'),
191
    '#default_value' => variable_get('cas_hide_email', 0),
192
    '#description' => t('Hide email address field on the edit user form.'),
193
  );
194
195
  $form['account']['cas_hide_password'] = array(
196
    '#type' => 'checkbox',
197
    '#title' => t('Users cannot change password'),
198
    '#default_value' => variable_get('cas_hide_password', 0),
199
    '#description' => t('Hide password field on the edit user form. This also removes the requirement to enter your current password before changing your e-mail address.'),
200
  );
201
202
  if (module_exists('persistent_login')) {
203
    $form['account']['cas_allow_rememberme'] = array(
204
      '#type' => 'checkbox',
205
      '#title' => t('Users can stay logged in between sessions'),
206
      '#default_value' => variable_get('cas_allow_rememberme', 0),
207
      '#description' => t('If Persistent Login is enabled, users can choose to stay logged in between browser sessions'),
208
      );
209
  }
210
211
  $form['pages'] = array(
212
    '#type' => 'fieldset',
213
    '#title' => t('Redirection'),
214
    '#collapsible' => TRUE,
215
    '#collapsed' => TRUE,
216
  );
217
218 e9f59589 Assos Assos
  $form['pages']['cas_check_frequency'] = array(
219
    '#type' => 'radios',
220 85ad3d82 Assos Assos
    '#title' => t('Check with the CAS server to see if the user is already logged in?'),
221 e9f59589 Assos Assos
    '#default_value' => variable_get('cas_check_frequency', CAS_CHECK_NEVER),
222
    '#options' => array(
223
      CAS_CHECK_NEVER => 'Never',
224
      CAS_CHECK_ONCE => 'Once per browser session',
225
      CAS_CHECK_ALWAYS => 'Always (every page load)',
226
    ),
227
    '#description' => t('This implements the') . ' <a href="https://wiki.jasig.org/display/CAS/gateway">Gateway feature</a> ' . t('of the CAS Protocol.') . ' <strong>WARNING:</strong> ' . t('Enabling it at all will') . ' <em>' . t('completely disable page caching') . '</em>' . t(', and will prevent users from logging out locally unless also logged out of CAS. Setting it to "Always" will perform redirects on EVERY page load unless the user is already logged in, and is not recommended in most circumstances.'),
228 85ad3d82 Assos Assos
  );
229
230
  $form['pages']['cas_access'] = array(
231
    '#type' => 'radios',
232
    '#title' => t('Require CAS login for'),
233
    '#default_value' => variable_get('cas_access', 0),
234
    '#options' => array(t('specific pages'), t('all pages except specific pages')),
235
  );
236
237
  $form['pages']['cas_pages'] = array(
238
    '#type' => 'textarea',
239
    '#title' => t('Specific pages'),
240
    '#default_value' => variable_get('cas_pages', ''),
241
    '#cols' => 40,
242
    '#rows' => 5,
243
    '#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em>&lt;front&gt;</em>' is the front page."),
244
  );
245
246
  $form['pages']['cas_exclude'] = array(
247
    '#type' => 'textarea',
248
    '#title' => t('Excluded Pages'),
249
    '#default_value' => variable_get('cas_exclude', CAS_EXCLUDE),
250
    '#cols' => 40,
251
    '#rows' => 5,
252
    '#description' => t("Indicates which pages will be ignored (no login checks). Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em>&lt;front&gt;</em>' is the front page."),
253
  );
254
255
256
  $form['misc'] = array(
257
    '#type' => 'fieldset',
258
    '#title' => t('Login/Logout Destinations'),
259
    '#collapsible' => TRUE,
260
    '#collapsed' => TRUE,
261
  );
262
263
  // Settings for redirection upon first login
264
  $form['misc']['cas_first_login_destination'] = array(
265
    '#type' => 'textfield',
266
    '#title' => t('Initial login destination'),
267
    '#default_value' => variable_get('cas_first_login_destination', ''),
268
    '#size' => 40,
269
    '#maxlength' => 255,
270
    '#description' => t("Drupal path or URL. Enter a destination if you want the user to be redirected to this page on their first CAS login. An example path is <em>blog</em> for the blog page, <em>&lt;front&gt;</em> for the front page, or <em>user</em> for the user's page."),
271
  );
272
273
  // Setting for page to return to after a CAS logout
274
  $form['misc']['cas_logout_destination'] = array(
275
    '#type' => 'textfield',
276
    '#title' => t('Logout destination'),
277
    '#default_value' => variable_get('cas_logout_destination', ''),
278
    '#size' => 40,
279
    '#maxlength' => 255,
280
    '#description' => t("Drupal path or URL. Enter a destination if you want a user to be directed to this page after logging out of CAS, or leave blank to direct users back to the previous page. An example path is <em>blog</em> for the blog page or <em>&lt;front&gt;</em> for the front page."),
281
  );
282
283
  $form['misc']['cas_changePasswordURL'] = array(
284
    '#type' => 'textfield',
285
    '#title' => t('Change password URL'),
286
    '#default_value' => variable_get('cas_changePasswordURL', ''),
287
    '#maxlength' => 255,
288
    '#description' => t('The URL users should use for changing their password.  Leave blank to use the standard Drupal page.'),
289
  );
290
291
  $form['misc']['cas_registerURL'] = array(
292
    '#type' => 'textfield',
293
    '#title' => t('Registration URL'),
294
    '#default_value' => variable_get('cas_registerURL', ''),
295
    '#maxlength' => 255,
296
    '#description' => t('The URL users should use for changing registering.  Leave blank to use the standard Drupal page.'),
297
  );
298
299
300
  $form['advanced'] = array(
301
    '#type' => 'fieldset',
302
    '#title' => t('Miscellaneous & Experimental Settings'),
303
    '#collapsible' => TRUE,
304
    '#collapsed' => TRUE,
305
  );
306
  $form['advanced']['cas_proxy'] = array(
307
    '#type' => 'checkbox',
308
    '#title' => t('Initialize CAS as proxy'),
309
    '#default_value' => variable_get('cas_proxy', 0),
310
    '#description' => t('Initialize phpCAS as a proxy rather than a client. The proxy ticket returned by the CAS server allows access to external services as the CAS user.')
311
  );
312
313
  $form['advanced']['cas_proxy_settings'] = array(
314
    '#type' => 'container',
315
    '#states' => array(
316
      'invisible' => array(
317
        'input[name="cas_proxy"]' => array('checked' => FALSE),
318
      ),
319
    ),
320
  );
321 a2baadd1 Assos Assos
322 85ad3d82 Assos Assos
  $form['advanced']['cas_proxy_settings']['cas_pgtformat'] = array(
323
    '#type' => 'radios',
324
    '#title' => t('CAS PGT storage file format'),
325
    '#default_value' => variable_get('cas_pgtformat', 'plain'),
326
    '#options' => array('plain' => t('Plain Text'), 'xml' => t('XML')),
327 a2baadd1 Assos Assos
    '#after_build' => array('cas_pgtformat_version_check'),
328 85ad3d82 Assos Assos
  );
329
330
  $form['advanced']['cas_proxy_settings']['cas_pgtpath'] = array(
331
    '#type' => 'textfield',
332
    '#title' => t('CAS PGT storage path'),
333
    '#default_value' => variable_get('cas_pgtpath', ''),
334
    '#maxlength' => 255,
335
    '#description' => t("Only needed if 'Use CAS proxy initializer' is configured. Leave empty for default."),
336
  );
337
338 a2baadd1 Assos Assos
  $form['advanced']['cas_proxy_list'] = array(
339
    '#type' => 'textarea',
340
    '#title' => t('CAS proxy list'),
341
    '#description' => t("If CAS client could be proxied, indicate each proxy server absolute url per line. If not provided, phpCAS will exclude by default all tickets provided by proxy. Each proxy server url could be a plain url or a regular expression. IMPORTANT : regular expression delimiter must be a slash. For example : https://proxy.example.com/ AND/OR regular expression : /^https:\/\/app[0-9]\.example\.com\/rest\//."),
342
    '#default_value' => variable_get('cas_proxy_list', ''),
343
    '#after_build' => array('cas_proxy_list_version_check'),
344
  );
345
346 85ad3d82 Assos Assos
  $form['advanced']['cas_debugfile'] = array(
347
    '#type' => 'textfield',
348 e9f59589 Assos Assos
    '#title' => t('CAS debugging output file'),
349 85ad3d82 Assos Assos
    '#default_value' => variable_get('cas_debugfile', ''),
350
    '#maxlength' => 255,
351 e9f59589 Assos Assos
    '#description' => "<p>" . t("A file system path and filename where the CAS debug log will be written. May be either a full path or a path relative to the Drupal installation root. The directory and file must be writable by Drupal.") . "</p> <p>" . t("Leave blank to disable logging.") . "</p> <p><strong>" . t("Debugging should not be enabled on production systems.") . "</strong></p>",
352 85ad3d82 Assos Assos
  );
353
354
  return system_settings_form($form);
355
}
356
357
/**
358
 * Checks that the library is installed in the location specified by loading the
359
 * class and extracting the version.
360
 *
361
 * @param $element
362
 *   The form element containing the "library" fieldset.
363
 * @param $form_state
364
 *   An array containing the form's state information.
365
 *
366
 * @return
367
 *   The modified form element containing the "library" fieldset.
368
 */
369
function cas_library_version_check($element, &$form_state) {
370
  $path = module_exists('libraries') ? NULL : $element['#value'];
371
  // Suppress errors if phpCAS cannot be loaded.
372
  if ($version = @cas_phpcas_load($path)) {
373
    $element['#suffix'] = '<div class="ok messages">' . t('phpCAS version %version successfully loaded.', array('%version' => $version)) . '</div>';
374
  }
375
  else {
376
    $element['#suffix'] = '<div class="error messages">' . t('The phpCAS library was not found or could not be loaded.') . '</div>';
377
  }
378
  return $element;
379
}
380 a2baadd1 Assos Assos
381
/**
382
 * Proxy chain object only exists with phpCAS version >= 1.3. As phpCAS CAS.php
383
 * is include only after building element 'cas_library_dir', we must check it after it.
384
 */
385
function cas_proxy_list_version_check($element, &$form_state) {
386
  if (!defined('PHPCAS_VERSION') || version_compare(PHPCAS_VERSION, '1.3', '<')) {
387
    $element['#access'] = FALSE;
388
  }
389
  return $element;
390
}
391
392
/**
393
 * Since 1.3, pgt format isn't supported and default to plain.
394
 */
395
function cas_pgtformat_version_check($element, &$form_state) {
396
  if (!defined('PHPCAS_VERSION') || version_compare(PHPCAS_VERSION, '1.3', '>')) {
397
    $element['#access'] = FALSE;
398
  }
399
  return $element;
400
}