Révision a2baadd1
Ajouté par Assos Assos il y a environ 10 ans
drupal7/sites/all/modules/cas/cas.module | ||
---|---|---|
99 | 99 |
if (empty($cas_user['login']) || empty($cas_user['name'])) { |
100 | 100 |
// Only set a warning if we forced login. |
101 | 101 |
if ($force_authentication) { |
102 |
drupal_set_message(t('The user account %name is not available on this site.', array('%name' => $cas_name)), 'error');
|
|
102 |
drupal_set_message(t('The user account %name is not available on this site.', array('%name' => $cas_user['name'])), 'error');
|
|
103 | 103 |
} |
104 | 104 |
return; |
105 | 105 |
} |
... | ... | |
159 | 159 |
$edit['cas_user'] = $cas_user; |
160 | 160 |
$edit['roles'] = $account->roles + cas_roles(); |
161 | 161 |
if (module_exists('persistent_login') && !empty($_SESSION['cas_remember'])) { |
162 |
$edit['persistent_login'] = 1; |
|
162 |
$edit['values']['persistent_login'] = 1;
|
|
163 | 163 |
} |
164 | 164 |
// Allow other modules to make their own custom changes. |
165 | 165 |
cas_user_module_invoke('presave', $edit, $account); |
... | ... | |
179 | 179 |
$user = drupal_anonymous_user(); |
180 | 180 |
// Only display error messages only if the user intended to log in. |
181 | 181 |
if ($force_authentication) { |
182 |
drupal_set_message(t('No account found for %cas_name.', array('%cas_name' => $cas_name))); |
|
182 |
drupal_set_message(t('No account found for %cas_name.', array('%cas_name' => $cas_name)), 'error');
|
|
183 | 183 |
} |
184 | 184 |
} |
185 | 185 |
} |
... | ... | |
243 | 243 |
$server_port = (int)variable_get('cas_port', '443'); |
244 | 244 |
$server_uri = (string)variable_get('cas_uri', ''); |
245 | 245 |
$cas_cert = (string)variable_get('cas_cert', ''); |
246 |
if ( ($debugFile = variable_get("cas_debugfile", "")) != "" ) { |
|
247 |
phpCAS::setDebug($debugFile); |
|
246 |
$debug_file = (string)variable_get('cas_debugfile', ''); |
|
247 |
if ($debug_file != '') { |
|
248 |
phpCAS::setDebug($debug_file); |
|
248 | 249 |
} |
249 | 250 |
$start_session = (boolean)FALSE; |
250 |
if ( variable_get("cas_proxy", 0) ) {
|
|
251 |
if (variable_get('cas_proxy', 0)) {
|
|
251 | 252 |
phpCAS::proxy($server_version, $server_cas_server, $server_port, $server_uri, $start_session); |
252 |
$casPGTStoragePath = variable_get("cas_pgtpath", ""); |
|
253 |
if ( $casPGTStoragePath != "" ) { |
|
254 |
$casPGTFormat = variable_get("cas_pgtformat", "plain"); |
|
255 |
phpCAS::setPGTStorageFile($casPGTFormat, $casPGTStoragePath); |
|
253 |
$cas_pgt_storage_path = variable_get('cas_pgtpath', ''); |
|
254 |
if ($cas_pgt_storage_path != '') { |
|
255 |
if (version_compare(PHPCAS_VERSION, '1.3', '>=')) { |
|
256 |
phpCAS::setPGTStorageFile($cas_pgt_storage_path); |
|
257 |
} |
|
258 |
else { |
|
259 |
$cas_pgt_format = variable_get('cas_pgtformat', 'plain'); |
|
260 |
phpCAS::setPGTStorageFile($cas_pgt_format, $cas_pgt_storage_path); |
|
261 |
} |
|
256 | 262 |
} |
257 | 263 |
} |
258 | 264 |
else { |
259 | 265 |
phpCAS::client($server_version, $server_cas_server, $server_port, $server_uri, $start_session); |
260 | 266 |
} |
267 |
|
|
268 |
//Add CAS proxy lists allowed |
|
269 |
$proxy_list = variable_get('cas_proxy_list', ''); |
|
270 |
if ($proxy_list) { |
|
271 |
$proxy_list = explode("\n", $proxy_list); |
|
272 |
phpCAS::allowProxyChain(new CAS_ProxyChain($proxy_list)); |
|
273 |
} |
|
274 |
|
|
261 | 275 |
// force CAS authentication |
262 | 276 |
if ($cas_cert = variable_get('cas_cert', '')) { |
263 | 277 |
phpCAS::setCasServerCACert($cas_cert); |
... | ... | |
380 | 394 |
* Implements hook_menu_link_alter(). |
381 | 395 |
* |
382 | 396 |
* Flag this link as needing alter at display time. |
383 |
* @see cas_translated_menu_link_alter().
|
|
384 |
**/
|
|
397 |
* @see cas_translated_menu_link_alter() |
|
398 |
*/ |
|
385 | 399 |
function cas_menu_link_alter(&$item) { |
386 | 400 |
if ($item['link_path'] == 'cas' || $item['link_path'] == 'caslogout') { |
387 | 401 |
$item['options']['alter'] = TRUE; |
... | ... | |
392 | 406 |
* Implements hook_translated_menu_item_alter(). |
393 | 407 |
* |
394 | 408 |
* Append dynamic query 'destination' to several menu items. |
395 |
**/
|
|
409 |
*/ |
|
396 | 410 |
function cas_translated_menu_link_alter(&$item) { |
397 | 411 |
if ($item['href'] == 'cas') { |
398 | 412 |
$item['localized_options']['query'] = drupal_get_destination(); |
... | ... | |
437 | 451 |
* An array of user ids. For each account, a CAS username is created with |
438 | 452 |
* the same name as the Drupal username. |
439 | 453 |
* |
440 |
* @see cas_user_operations().
|
|
454 |
* @see cas_user_operations() |
|
441 | 455 |
*/ |
442 | 456 |
function cas_user_operations_create_username($uids) { |
443 | 457 |
$accounts = user_load_multiple($uids); |
... | ... | |
463 | 477 |
* @param $uids |
464 | 478 |
* An array of user ids. For each account, all CAS usernames are removed. |
465 | 479 |
* |
466 |
* @see cas_user_operations().
|
|
480 |
* @see cas_user_operations() |
|
467 | 481 |
*/ |
468 | 482 |
function cas_user_operations_remove_usernames($uids) { |
469 | 483 |
db_delete('cas_user') |
... | ... | |
590 | 604 |
* @param $alter |
591 | 605 |
* If TRUE, run the CAS username through hook_cas_user_alter() before |
592 | 606 |
* loading the account. |
607 |
* @param $reset |
|
608 |
* TRUE to reset the internal cache and load from the database; FALSE |
|
609 |
* (default) to load from the internal cache, if set. |
|
593 | 610 |
* |
594 | 611 |
* @return |
595 | 612 |
* A fully-loaded $user object upon successful user load or FALSE if user |
596 | 613 |
* cannot be loaded. |
597 | 614 |
*/ |
598 |
function cas_user_load_by_name($cas_name, $alter = FALSE) { |
|
615 |
function cas_user_load_by_name($cas_name, $alter = FALSE, $reset = FALSE) {
|
|
599 | 616 |
if ($alter) { |
600 | 617 |
$cas_user = array( |
601 | 618 |
'name' => $cas_name, |
... | ... | |
606 | 623 |
$cas_name = $cas_user['name']; |
607 | 624 |
} |
608 | 625 |
|
609 |
$uid = db_query("SELECT uid FROM {cas_user} WHERE cas_name = :cas_name", array(':cas_name' => $cas_name))->fetchField();
|
|
626 |
$uid = db_select('cas_user')->fields('cas_user', array('uid'))->condition('cas_name', db_like($cas_name), 'LIKE')->range(0, 1)->execute()->fetchField();
|
|
610 | 627 |
if ($uid) { |
611 |
return user_load($uid); |
|
628 |
return user_load($uid, $reset);
|
|
612 | 629 |
} |
613 | 630 |
return FALSE; |
614 | 631 |
} |
... | ... | |
623 | 640 |
function cas_login_page($cas_first_login = FALSE) { |
624 | 641 |
global $user; |
625 | 642 |
$destination = ''; |
643 |
$query = array(); |
|
626 | 644 |
// If it is the user's first CAS login and initial login redirection is enabled, go to the set page |
627 | 645 |
if ($cas_first_login && variable_get('cas_first_login_destination', '')) { |
628 | 646 |
$destination = variable_get('cas_first_login_destination', ''); |
647 |
if (isset($_GET['destination'])) |
|
648 |
$query['destination'] = $_GET['destination']; |
|
629 | 649 |
unset($_GET['destination']); |
630 | 650 |
} |
631 | 651 |
|
632 | 652 |
// Respect the query string, if transmitted. |
633 |
drupal_goto($destination); |
|
653 |
drupal_goto($destination, array('query' => $query));
|
|
634 | 654 |
} |
635 | 655 |
|
636 | 656 |
/** |
... | ... | |
654 | 674 |
|
655 | 675 |
// Build the logout URL. |
656 | 676 |
cas_phpcas_init(); |
657 |
$logout_url = phpCAS::getServerLogoutURL(); |
|
658 |
$options = array(); |
|
659 | 677 |
|
660 | 678 |
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) { |
661 | 679 |
// Add destination override so that a destination can be specified on the |
... | ... | |
671 | 689 |
//Make it an absolute url. This will also convert <front> to the front page. |
672 | 690 |
if ($destination) { |
673 | 691 |
$destination_url = url($destination, array('absolute' => TRUE)); |
674 |
$options['query'] = array( |
|
675 |
'destination' => $destination_url, |
|
692 |
$options = array( |
|
676 | 693 |
'service' => $destination_url, |
677 | 694 |
'url' => $destination_url, |
678 | 695 |
); |
679 | 696 |
} |
697 |
else { |
|
698 |
$options = array(); |
|
699 |
} |
|
680 | 700 |
|
681 | 701 |
// Mimic user_logout(). |
682 | 702 |
if ($invoke_hook) { |
683 | 703 |
watchdog('user', 'Session closed for %name.', array('%name' => $user->name)); |
684 | 704 |
module_invoke_all('user_logout', $user); |
685 | 705 |
} |
686 |
session_destroy(); |
|
687 | 706 |
|
688 |
// Force redirection in drupal_goto(). |
|
689 |
unset($_GET['destination']); |
|
690 |
drupal_goto($logout_url, $options); |
|
707 |
// phpCAS automatically calls session_destroy(). |
|
708 |
phpCAS::logout($options); |
|
691 | 709 |
} |
692 | 710 |
|
693 | 711 |
/** |
... | ... | |
745 | 763 |
* Determine if we should automatically check if the user is authenticated. |
746 | 764 |
* |
747 | 765 |
* This implements part of the CAS gateway feature. |
748 |
* @see phpCAS::checkAuthentication().
|
|
766 |
* @see phpCAS::checkAuthentication() |
|
749 | 767 |
* |
750 | 768 |
* @return |
751 | 769 |
* TRUE if we should query the CAS server to see if the user is already |
... | ... | |
763 | 781 |
} |
764 | 782 |
|
765 | 783 |
// Check to see if we've got a search bot. |
766 |
$crawlers = array( |
|
767 |
'Google', |
|
768 |
'msnbot', |
|
769 |
'Rambler', |
|
770 |
'Yahoo', |
|
771 |
'AbachoBOT', |
|
772 |
'accoona', |
|
773 |
'AcoiRobot', |
|
774 |
'ASPSeek', |
|
775 |
'CrocCrawler', |
|
776 |
'Dumbot', |
|
777 |
'FAST-WebCrawler', |
|
778 |
'GeonaBot', |
|
779 |
'Gigabot', |
|
780 |
'Lycos', |
|
781 |
'MSRBOT', |
|
782 |
'Scooter', |
|
783 |
'AltaVista', |
|
784 |
'IDBot', |
|
785 |
'eStyle', |
|
786 |
'Scrubby', |
|
787 |
'gsa-crawler', |
|
788 |
); |
|
789 |
// Return on the first find. |
|
790 |
foreach ($crawlers as $c) { |
|
791 |
if (stripos($_SERVER['HTTP_USER_AGENT'], $c) !== FALSE) { |
|
792 |
return FALSE; |
|
784 |
if (isset($_SERVER['HTTP_USER_AGENT'])) { |
|
785 |
$crawlers = array( |
|
786 |
'Google', |
|
787 |
'msnbot', |
|
788 |
'Rambler', |
|
789 |
'Yahoo', |
|
790 |
'AbachoBOT', |
|
791 |
'accoona', |
|
792 |
'AcoiRobot', |
|
793 |
'ASPSeek', |
|
794 |
'CrocCrawler', |
|
795 |
'Dumbot', |
|
796 |
'FAST-WebCrawler', |
|
797 |
'GeonaBot', |
|
798 |
'Gigabot', |
|
799 |
'Lycos', |
|
800 |
'MSRBOT', |
|
801 |
'Scooter', |
|
802 |
'AltaVista', |
|
803 |
'IDBot', |
|
804 |
'eStyle', |
|
805 |
'Scrubby', |
|
806 |
'gsa-crawler', |
|
807 |
); |
|
808 |
// Return on the first find. |
|
809 |
foreach ($crawlers as $c) { |
|
810 |
if (stripos($_SERVER['HTTP_USER_AGENT'], $c) !== FALSE) { |
|
811 |
return FALSE; |
|
812 |
} |
|
793 | 813 |
} |
794 | 814 |
} |
795 | 815 |
|
... | ... | |
869 | 889 |
*/ |
870 | 890 |
function cas_form_alter(&$form, &$form_state, $form_id) { |
871 | 891 |
|
872 |
//drupal_set_message($form_id.'<pre>'.print_r($form,1).'</pre>'); |
|
873 | 892 |
switch ($form_id) { |
874 | 893 |
case 'user_login': |
875 | 894 |
case 'user_login_block': |
... | ... | |
953 | 972 |
} |
954 | 973 |
if (variable_get('cas_hide_password', 0)) { |
955 | 974 |
$form['account']['pass']['#access'] = FALSE; |
956 |
|
|
957 |
// Also remove requirement to validate your current password before |
|
958 |
// changing your e-mail address. |
|
959 |
$form['account']['current_pass']['#access'] = FALSE; |
|
960 |
$form['account']['current_pass_required_values']['#access'] = FALSE; |
|
961 |
$form['#validate'] = array_diff($form['#validate'], array('user_validate_current_pass')); |
|
962 | 975 |
} |
963 | 976 |
} |
977 |
if (cas_is_external_user($account) && variable_get('cas_hide_password', 0)) { |
|
978 |
// Also remove requirement to validate your current password before |
|
979 |
// changing your e-mail address. |
|
980 |
$form['account']['current_pass']['#access'] = FALSE; |
|
981 |
$form['account']['current_pass_required_values']['#access'] = FALSE; |
|
982 |
$form['account']['current_pass_required_values']['#value'] = array(); |
|
983 |
$form['#validate'] = array_diff($form['#validate'], array('user_validate_current_pass')); |
|
984 |
} |
|
964 | 985 |
break; |
965 | 986 |
|
966 | 987 |
case 'user_pass': |
... | ... | |
1046 | 1067 |
|
1047 | 1068 |
function _cas_single_sign_out_check() { |
1048 | 1069 |
if (isset($_POST["logoutRequest"])) { |
1049 |
$cas_logout_request_xml_string = utf8_encode($_POST["logoutRequest"]); // it's important!
|
|
1070 |
$cas_logout_request_xml_string = utf8_encode(urldecode($_POST["logoutRequest"]));
|
|
1050 | 1071 |
$cas_logout_request_xml = new SimpleXMLElement($cas_logout_request_xml_string); |
1051 | 1072 |
if (is_object($cas_logout_request_xml)) { |
1052 | 1073 |
$namespaces = $cas_logout_request_xml->getNameSpaces(); |
... | ... | |
1061 | 1082 |
// Log them out now. |
1062 | 1083 |
// first lets find out who we want to log off |
1063 | 1084 |
|
1064 |
$result = db_query_range("SELECT cld.uid FROM {cas_login_data} cld WHERE cld.cas_session_id = :ticket", 0 , 1, array(':ticket' => $cas_session_index)); |
|
1065 |
foreach ($result as $record) { |
|
1066 |
$uid = $record->uid; |
|
1067 |
$acct = user_load($uid); |
|
1068 |
watchdog('user', 'Session closed for %name.', array('%name' => $acct->name)); |
|
1069 |
// remove all entry for user id in cas_login_data |
|
1070 |
db_delete('cas_login_data') |
|
1071 |
->condition('uid', $uid) |
|
1072 |
->execute(); |
|
1073 |
|
|
1074 |
// remove their session |
|
1075 |
db_delete('sessions') |
|
1076 |
->condition('uid', $uid) |
|
1077 |
->execute(); |
|
1085 |
|
|
1086 |
$record = db_query_range("SELECT cld.uid, u.name FROM {users} u JOIN {cas_login_data} cld ON u.uid = cld.uid WHERE cld.cas_session_id = :ticket", 0, 1, array(':ticket' => $cas_session_index))->fetchObject(); |
|
1087 |
if ($record) { |
|
1088 |
watchdog('user', 'Session closed for %name by CAS logout request.', array('%name' => $record->name)); |
|
1089 |
//remove all entry for user id in cas_login_data |
|
1090 |
db_delete('cas_login_data') |
|
1091 |
->condition('uid', $record->uid) |
|
1092 |
->execute(); |
|
1093 |
|
|
1094 |
// remove their session |
|
1095 |
db_delete('sessions') |
|
1096 |
->condition('uid', $record->uid) |
|
1097 |
->execute(); |
|
1078 | 1098 |
} |
1079 | 1099 |
} |
1080 | 1100 |
} |
... | ... | |
1238 | 1258 |
* Get the CAS attributes of the current CAS user. |
1239 | 1259 |
* |
1240 | 1260 |
* Ensures that phpCAS is properly initialized before getting the attributes. |
1241 |
* @see phpCAS::getAttributes().
|
|
1261 |
* @see phpCAS::getAttributes() |
|
1242 | 1262 |
* |
1243 | 1263 |
* @param $cas_name |
1244 | 1264 |
* If provided, ensure that the currently logged in CAS user matches this |
Formats disponibles : Unified diff
Weekly update of contrib modules