Projet

Général

Profil

Paste
Télécharger (16,4 ko) Statistiques
| Branche: | Révision:

root / drupal7 / sites / all / modules / cas / cas.admin.inc @ 6ae446a4

1
<?php
2

    
3
/**
4
 * @file
5
 * CAS module settings UI.
6
 */
7

    
8
/**
9
 * Provides settings pages.
10
 */
11
function cas_admin_settings() {
12

    
13
  $form['library'] = array(
14
    '#type' => 'fieldset',
15
    '#title' => t('Library (phpCAS)'),
16
    '#collapsible' => TRUE,
17
  );
18
  if (module_exists('libraries')) {
19
    // If Libraries API is enabled, print an information item.
20
    $form['library']['cas_library_dir'] = array(
21
      '#type' => 'item',
22
      '#title' => t('Library directory'),
23
      '#value' => t('Using <a href="@url">Libraries API</a>.', array('@url' => 'http://drupal.org/project/libraries')),
24
      '#description' => t('Please ensure phpCAS is installed in a location compatible with Libraries API. For example, install phpCAS so that <em>sites/all/libraries/CAS/CAS.php</em> exists. See README.txt for more information.'),
25
      '#after_build' => array('cas_library_version_check'),
26
    );
27
  }
28
  else {
29
    // If Libraries API is not installed, display path settings.
30
    $form['library']['cas_library_dir'] = array(
31
      '#type' => 'textfield',
32
      '#title' => t('Library directory'),
33
      '#default_value' => variable_get('cas_library_dir', 'CAS'),
34
      '#description' => t('Specify the path to the directory the CAS.php file resides in. Leave blank to load cas from your phpinclude path.'),
35
      '#after_build' => array('cas_library_version_check'),
36
    );
37
  }
38

    
39

    
40
  $form['server'] = array(
41
    '#type' => 'fieldset',
42
    '#title' => t('CAS Server'),
43
    '#collapsible' => TRUE,
44
    '#collapsed' => FALSE,
45
  );
46

    
47
  $form['server']['cas_version'] = array(
48
    '#type' => 'radios',
49
    '#title' => t('Version'),
50
    '#default_value' => variable_get('cas_version', '3.0'),
51
    '#options' => array(
52
      '1.0' => '1.0',
53
      '2.0' => t('2.0'),
54
      '3.0' => t('3.0 or higher (requires phpCAS >= 1.3.3)'),
55
      'S1' => t('SAML Version 1.1'),
56
    ),
57
  );
58

    
59
  $form['server']['cas_server'] = array(
60
    '#type' => 'textfield',
61
    '#title' => t('Hostname'),
62
    '#default_value' => variable_get('cas_server', ''),
63
    '#size' => 30,
64
    // Hostnames can be 255 characters long.
65
    '#maxlength' => 255,
66
    '#description' => t('Hostname or IP Address of the CAS server.'),
67
  );
68

    
69
  $form['server']['cas_port'] = array(
70
    '#type' => 'textfield',
71
    '#title' => t('Port'),
72
    '#default_value' => variable_get('cas_port', '443'),
73
    '#size' => 5,
74
    // The maximum port number is 65536, 5 digits.
75
    '#maxlength' => 5,
76
    '#description' => t('443 is the standard SSL port. 8443 is the standard non-root port for Tomcat.'),
77
  );
78

    
79
  $form['server']['cas_uri'] = array(
80
    '#type' => 'textfield',
81
    '#title' => t('URI'),
82
    '#default_value' => variable_get('cas_uri', ''),
83
    '#size' => 30,
84
    '#description' => t('If CAS is not at the root of the host, include a URI (e.g., /cas).'),
85
  );
86

    
87
  $form['server']['cas_cert'] = array(
88
    '#type' => 'textfield',
89
    '#title' => t('Certificate Authority PEM Certificate'),
90
    '#default_value' => variable_get('cas_cert', ''),
91
    '#maxlength' => 255,
92
    '#description' => t('The PEM certificate of the Certificate Authority that issued the certificate of the CAS server. If omitted, the certificate authority will not be verified.'),
93
  );
94

    
95
  $form['login'] = array(
96
    '#type' => 'fieldset',
97
    '#title' => t('Login form'),
98
    '#collapsible' => TRUE,
99
    '#collapsed' => TRUE,
100
  );
101

    
102
  $form['login']['cas_login_form'] = array(
103
    '#type' => 'radios',
104
    '#title' => t('Add CAS link to login forms'),
105
    '#default_value' => variable_get('cas_login_form', CAS_NO_LINK),
106
    '#options' => array(
107
      CAS_NO_LINK => t('Do not add link to login forms'),
108
      CAS_ADD_LINK => t('Add link to login forms'),
109
      CAS_MAKE_DEFAULT => t('Make CAS login default on login forms'),
110
      CAS_REDIRECT => t('Redirect the login form to CAS'),
111
    ),
112
  );
113

    
114
  $form['login']['cas_login_invite'] = array(
115
    '#type' => 'textfield',
116
    '#title' => t('CAS Login invitation'),
117
    '#default_value' => variable_get('cas_login_invite', CAS_LOGIN_INVITE_DEFAULT),
118
    '#description' => t('Message users will see to invite them to log in with CAS credentials.'),
119
  );
120

    
121
  $form['login']['cas_login_drupal_invite'] = array(
122
    '#type' => 'textfield',
123
    '#title' => t('Drupal login invitation'),
124
    '#default_value' => variable_get('cas_login_drupal_invite', CAS_LOGIN_DRUPAL_INVITE_DEFAULT),
125
    '#description' => t('Message users will see to invite them to log in with Drupal credentials.'),
126
  );
127

    
128
  $form['login']['cas_login_redir_message'] = array(
129
    '#type' => 'textfield',
130
    '#title' => t('Redirection notification message'),
131
    '#default_value' => variable_get('cas_login_redir_message', CAS_LOGIN_REDIR_MESSAGE),
132
    '#description' => t('Message users see at the top of the CAS login form to warn them that they are being redirected to the CAS server.'),
133
  );
134

    
135
  // Setting for message displayed to user upon successful login
136
  $form['login']['cas_login_message'] = array(
137
    '#type' => 'textfield',
138
    '#title' => t('Successful login message'),
139
    '#default_value' => variable_get('cas_login_message', 'Logged in via CAS as %cas_username.'),
140
    '#description' => t('Message displayed when a user logs in successfully. <em>%cas_username</em> will be replaced with the user\'s name.'),
141
  );
142

    
143

    
144
  $form['account'] = array(
145
    '#type' => 'fieldset',
146
    '#title' => t('User accounts'),
147
    '#collapsible' => TRUE,
148
    '#collapsed' => TRUE,
149
  );
150

    
151
  $form['account']['cas_user_register'] = array(
152
    '#type' => 'checkbox',
153
    '#title' => t('Automatically create Drupal accounts'),
154
    '#default_value' => variable_get('cas_user_register', 1),
155
    '#description' => t('Whether a Drupal account is automatically created the first time a CAS user logs into the site. If disabled, you will need to pre-register Drupal accounts for authorized users.'),
156
  );
157

    
158
  $form['account']['cas_domain'] = array(
159
    '#type' => 'textfield',
160
    '#title' => t('E-mail address'),
161
    '#field_prefix' => t('username@'),
162
    '#default_value' => variable_get('cas_domain', ''),
163
    '#size' => 30,
164
    // Hostnames can be 255 characters long.
165
    '#maxlength' => 255,
166
    '#description' => t("If provided, automatically generate each new user's e-mail address. If omitted, the e-mail field will not be populated. Other modules may be used to populate the e-mail field from CAS attributes or LDAP servers."),
167
  );
168

    
169
  // Taken from Drupal's User module.
170
  $roles = array_map('check_plain', user_roles(TRUE));
171
  $checkbox_authenticated = array(
172
    '#type' => 'checkbox',
173
    '#title' => $roles[DRUPAL_AUTHENTICATED_RID],
174
    '#default_value' => TRUE,
175
    '#disabled' => TRUE,
176
  );
177
  unset($roles[DRUPAL_AUTHENTICATED_RID]);
178
  $form['account']['cas_auto_assigned_role'] = array(
179
    '#type' => 'checkboxes',
180
    '#title' => t('Roles'),
181
    '#description' => t('The selected roles will be automatically assigned to each CAS user on login. Use this to automatically give CAS users additional privileges or to identify CAS users to other modules.'),
182
    '#default_value' => variable_get('cas_auto_assigned_role', array()),
183
    '#options' => $roles,
184
    '#access' => user_access('administer permissions'),
185
    DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
186
  );
187

    
188
  $form['account']['cas_hide_email'] = array(
189
    '#type' => 'checkbox',
190
    '#title' => t('Users cannot change email address'),
191
    '#default_value' => variable_get('cas_hide_email', 0),
192
    '#description' => t('Hide email address field on the edit user form.'),
193
  );
194

    
195
  $form['account']['cas_hide_password'] = array(
196
    '#type' => 'checkbox',
197
    '#title' => t('Users cannot change password'),
198
    '#default_value' => variable_get('cas_hide_password', 0),
199
    '#description' => t('Hide password field on the edit user form. This also removes the requirement to enter your current password before changing your e-mail address.'),
200
  );
201

    
202
  if (module_exists('persistent_login')) {
203
    $form['account']['cas_allow_rememberme'] = array(
204
      '#type' => 'checkbox',
205
      '#title' => t('Users can stay logged in between sessions'),
206
      '#default_value' => variable_get('cas_allow_rememberme', 0),
207
      '#description' => t('If Persistent Login is enabled, users can choose to stay logged in between browser sessions'),
208
      );
209
  }
210

    
211
  $form['pages'] = array(
212
    '#type' => 'fieldset',
213
    '#title' => t('Redirection'),
214
    '#collapsible' => TRUE,
215
    '#collapsed' => TRUE,
216
  );
217

    
218
  $form['pages']['cas_check_frequency'] = array(
219
    '#type' => 'radios',
220
    '#title' => t('Check with the CAS server to see if the user is already logged in?'),
221
    '#default_value' => variable_get('cas_check_frequency', CAS_CHECK_NEVER),
222
    '#options' => array(
223
      CAS_CHECK_NEVER => 'Never',
224
      CAS_CHECK_ONCE => 'Once per browser session',
225
      CAS_CHECK_ALWAYS => 'Always (every page load)',
226
    ),
227
    '#description' => t('This implements the') . ' <a href="https://wiki.jasig.org/display/CAS/gateway">Gateway feature</a> ' . t('of the CAS Protocol.') . ' <strong>WARNING:</strong> ' . t('Enabling it at all will') . ' <em>' . t('completely disable page caching') . '</em>' . t(', and will prevent users from logging out locally unless also logged out of CAS. Setting it to "Always" will perform redirects on EVERY page load unless the user is already logged in, and is not recommended in most circumstances.'),
228
  );
229

    
230
  $form['pages']['cas_access'] = array(
231
    '#type' => 'radios',
232
    '#title' => t('Require CAS login for'),
233
    '#default_value' => variable_get('cas_access', 0),
234
    '#options' => array(t('specific pages'), t('all pages except specific pages')),
235
  );
236

    
237
  $form['pages']['cas_pages'] = array(
238
    '#type' => 'textarea',
239
    '#title' => t('Specific pages'),
240
    '#default_value' => variable_get('cas_pages', ''),
241
    '#cols' => 40,
242
    '#rows' => 5,
243
    '#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em>&lt;front&gt;</em>' is the front page."),
244
  );
245

    
246
  $form['pages']['cas_exclude'] = array(
247
    '#type' => 'textarea',
248
    '#title' => t('Excluded Pages'),
249
    '#default_value' => variable_get('cas_exclude', CAS_EXCLUDE),
250
    '#cols' => 40,
251
    '#rows' => 5,
252
    '#description' => t("Indicates which pages will be ignored (no login checks). Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em>&lt;front&gt;</em>' is the front page."),
253
  );
254

    
255

    
256
  $form['misc'] = array(
257
    '#type' => 'fieldset',
258
    '#title' => t('Login/Logout Destinations'),
259
    '#collapsible' => TRUE,
260
    '#collapsed' => TRUE,
261
  );
262

    
263
  // Settings for redirection upon first login
264
  $form['misc']['cas_first_login_destination'] = array(
265
    '#type' => 'textfield',
266
    '#title' => t('Initial login destination'),
267
    '#default_value' => variable_get('cas_first_login_destination', ''),
268
    '#size' => 40,
269
    '#maxlength' => 255,
270
    '#description' => t("Drupal path or URL. Enter a destination if you want the user to be redirected to this page on their first CAS login. An example path is <em>blog</em> for the blog page, <em>&lt;front&gt;</em> for the front page, or <em>user</em> for the user's page."),
271
  );
272

    
273
  // Setting for page to return to after a CAS logout
274
  $form['misc']['cas_logout_destination'] = array(
275
    '#type' => 'textfield',
276
    '#title' => t('Logout destination'),
277
    '#default_value' => variable_get('cas_logout_destination', ''),
278
    '#size' => 40,
279
    '#maxlength' => 255,
280
    '#description' => t("Drupal path or URL. Enter a destination if you want a user to be directed to this page after logging out of CAS, or leave blank to direct users back to the previous page. An example path is <em>blog</em> for the blog page or <em>&lt;front&gt;</em> for the front page."),
281
  );
282

    
283
  $form['misc']['cas_changePasswordURL'] = array(
284
    '#type' => 'textfield',
285
    '#title' => t('Change password URL'),
286
    '#default_value' => variable_get('cas_changePasswordURL', ''),
287
    '#maxlength' => 255,
288
    '#description' => t('The URL users should use for changing their password.  Leave blank to use the standard Drupal page.'),
289
  );
290

    
291
  $form['misc']['cas_registerURL'] = array(
292
    '#type' => 'textfield',
293
    '#title' => t('Registration URL'),
294
    '#default_value' => variable_get('cas_registerURL', ''),
295
    '#maxlength' => 255,
296
    '#description' => t('The URL users should use for changing registering.  Leave blank to use the standard Drupal page.'),
297
  );
298

    
299

    
300
  $form['advanced'] = array(
301
    '#type' => 'fieldset',
302
    '#title' => t('Miscellaneous & Experimental Settings'),
303
    '#collapsible' => TRUE,
304
    '#collapsed' => TRUE,
305
  );
306
  $form['advanced']['cas_proxy'] = array(
307
    '#type' => 'checkbox',
308
    '#title' => t('Initialize CAS as proxy'),
309
    '#default_value' => variable_get('cas_proxy', 0),
310
    '#description' => t('Initialize phpCAS as a proxy rather than a client. The proxy ticket returned by the CAS server allows access to external services as the CAS user.')
311
  );
312

    
313
  $form['advanced']['cas_proxy_settings'] = array(
314
    '#type' => 'container',
315
    '#states' => array(
316
      'invisible' => array(
317
        'input[name="cas_proxy"]' => array('checked' => FALSE),
318
      ),
319
    ),
320
  );
321

    
322
  $form['advanced']['cas_proxy_settings']['cas_pgtformat'] = array(
323
    '#type' => 'radios',
324
    '#title' => t('CAS PGT storage file format'),
325
    '#default_value' => variable_get('cas_pgtformat', 'plain'),
326
    '#options' => array('plain' => t('Plain Text'), 'xml' => t('XML')),
327
    '#after_build' => array('cas_pgtformat_version_check'),
328
  );
329

    
330
  $form['advanced']['cas_proxy_settings']['cas_pgtpath'] = array(
331
    '#type' => 'textfield',
332
    '#title' => t('CAS PGT storage path'),
333
    '#default_value' => variable_get('cas_pgtpath', ''),
334
    '#maxlength' => 255,
335
    '#description' => t("Only needed if 'Use CAS proxy initializer' is configured. Leave empty for default."),
336
  );
337

    
338
  $form['advanced']['cas_proxy_list'] = array(
339
    '#type' => 'textarea',
340
    '#title' => t('CAS proxy list'),
341
    '#description' => t("If CAS client could be proxied, indicate each proxy server absolute url per line. If not provided, phpCAS will exclude by default all tickets provided by proxy. Each proxy server url could be a plain url or a regular expression. IMPORTANT : regular expression delimiter must be a slash. For example : https://proxy.example.com/ AND/OR regular expression : /^https:\/\/app[0-9]\.example\.com\/rest\//."),
342
    '#default_value' => variable_get('cas_proxy_list', ''),
343
    '#after_build' => array('cas_proxy_list_version_check'),
344
  );
345

    
346
  $form['advanced']['cas_debugfile'] = array(
347
    '#type' => 'textfield',
348
    '#title' => t('CAS debugging output file'),
349
    '#default_value' => variable_get('cas_debugfile', ''),
350
    '#maxlength' => 255,
351
    '#description' => "<p>" . t("A file system path and filename where the CAS debug log will be written. May be either a full path or a path relative to the Drupal installation root. The directory and file must be writable by Drupal.") . "</p> <p>" . t("Leave blank to disable logging.") . "</p> <p><strong>" . t("Debugging should not be enabled on production systems.") . "</strong></p>",
352
  );
353

    
354
  return system_settings_form($form);
355
}
356

    
357
/**
358
 * Checks that the library is installed in the location specified by loading the
359
 * class and extracting the version.
360
 *
361
 * @param $element
362
 *   The form element containing the "library" fieldset.
363
 * @param $form_state
364
 *   An array containing the form's state information.
365
 *
366
 * @return
367
 *   The modified form element containing the "library" fieldset.
368
 */
369
function cas_library_version_check($element, &$form_state) {
370
  $path = module_exists('libraries') ? NULL : $element['#value'];
371
  // Suppress errors if phpCAS cannot be loaded.
372
  if ($version = @cas_phpcas_load($path)) {
373
    $element['#suffix'] = '<div class="ok messages">' . t('phpCAS version %version successfully loaded.', array('%version' => $version)) . '</div>';
374
  }
375
  else {
376
    $element['#suffix'] = '<div class="error messages">' . t('The phpCAS library was not found or could not be loaded.') . '</div>';
377
  }
378
  return $element;
379
}
380

    
381
/**
382
 * Proxy chain object only exists with phpCAS version >= 1.3. As phpCAS CAS.php
383
 * is include only after building element 'cas_library_dir', we must check it after it.
384
 */
385
function cas_proxy_list_version_check($element, &$form_state) {
386
  if (!defined('PHPCAS_VERSION') || version_compare(PHPCAS_VERSION, '1.3', '<')) {
387
    $element['#access'] = FALSE;
388
  }
389
  return $element;
390
}
391

    
392
/**
393
 * Since 1.3, pgt format isn't supported and default to plain.
394
 */
395
function cas_pgtformat_version_check($element, &$form_state) {
396
  if (!defined('PHPCAS_VERSION') || version_compare(PHPCAS_VERSION, '1.3', '>')) {
397
    $element['#access'] = FALSE;
398
  }
399
  return $element;
400
}