Révision a2baadd1
Ajouté par Assos Assos il y a environ 10 ans
| drupal7/sites/all/modules/cas/cas.module | ||
|---|---|---|
| 99 | 99 |
if (empty($cas_user['login']) || empty($cas_user['name'])) {
|
| 100 | 100 |
// Only set a warning if we forced login. |
| 101 | 101 |
if ($force_authentication) {
|
| 102 |
drupal_set_message(t('The user account %name is not available on this site.', array('%name' => $cas_name)), 'error');
|
|
| 102 |
drupal_set_message(t('The user account %name is not available on this site.', array('%name' => $cas_user['name'])), 'error');
|
|
| 103 | 103 |
} |
| 104 | 104 |
return; |
| 105 | 105 |
} |
| ... | ... | |
| 159 | 159 |
$edit['cas_user'] = $cas_user; |
| 160 | 160 |
$edit['roles'] = $account->roles + cas_roles(); |
| 161 | 161 |
if (module_exists('persistent_login') && !empty($_SESSION['cas_remember'])) {
|
| 162 |
$edit['persistent_login'] = 1; |
|
| 162 |
$edit['values']['persistent_login'] = 1;
|
|
| 163 | 163 |
} |
| 164 | 164 |
// Allow other modules to make their own custom changes. |
| 165 | 165 |
cas_user_module_invoke('presave', $edit, $account);
|
| ... | ... | |
| 179 | 179 |
$user = drupal_anonymous_user(); |
| 180 | 180 |
// Only display error messages only if the user intended to log in. |
| 181 | 181 |
if ($force_authentication) {
|
| 182 |
drupal_set_message(t('No account found for %cas_name.', array('%cas_name' => $cas_name)));
|
|
| 182 |
drupal_set_message(t('No account found for %cas_name.', array('%cas_name' => $cas_name)), 'error');
|
|
| 183 | 183 |
} |
| 184 | 184 |
} |
| 185 | 185 |
} |
| ... | ... | |
| 243 | 243 |
$server_port = (int)variable_get('cas_port', '443');
|
| 244 | 244 |
$server_uri = (string)variable_get('cas_uri', '');
|
| 245 | 245 |
$cas_cert = (string)variable_get('cas_cert', '');
|
| 246 |
if ( ($debugFile = variable_get("cas_debugfile", "")) != "" ) {
|
|
| 247 |
phpCAS::setDebug($debugFile); |
|
| 246 |
$debug_file = (string)variable_get('cas_debugfile', '');
|
|
| 247 |
if ($debug_file != '') {
|
|
| 248 |
phpCAS::setDebug($debug_file); |
|
| 248 | 249 |
} |
| 249 | 250 |
$start_session = (boolean)FALSE; |
| 250 |
if ( variable_get("cas_proxy", 0) ) {
|
|
| 251 |
if (variable_get('cas_proxy', 0)) {
|
|
| 251 | 252 |
phpCAS::proxy($server_version, $server_cas_server, $server_port, $server_uri, $start_session); |
| 252 |
$casPGTStoragePath = variable_get("cas_pgtpath", "");
|
|
| 253 |
if ( $casPGTStoragePath != "" ) {
|
|
| 254 |
$casPGTFormat = variable_get("cas_pgtformat", "plain");
|
|
| 255 |
phpCAS::setPGTStorageFile($casPGTFormat, $casPGTStoragePath); |
|
| 253 |
$cas_pgt_storage_path = variable_get('cas_pgtpath', '');
|
|
| 254 |
if ($cas_pgt_storage_path != '') {
|
|
| 255 |
if (version_compare(PHPCAS_VERSION, '1.3', '>=')) {
|
|
| 256 |
phpCAS::setPGTStorageFile($cas_pgt_storage_path); |
|
| 257 |
} |
|
| 258 |
else {
|
|
| 259 |
$cas_pgt_format = variable_get('cas_pgtformat', 'plain');
|
|
| 260 |
phpCAS::setPGTStorageFile($cas_pgt_format, $cas_pgt_storage_path); |
|
| 261 |
} |
|
| 256 | 262 |
} |
| 257 | 263 |
} |
| 258 | 264 |
else {
|
| 259 | 265 |
phpCAS::client($server_version, $server_cas_server, $server_port, $server_uri, $start_session); |
| 260 | 266 |
} |
| 267 |
|
|
| 268 |
//Add CAS proxy lists allowed |
|
| 269 |
$proxy_list = variable_get('cas_proxy_list', '');
|
|
| 270 |
if ($proxy_list) {
|
|
| 271 |
$proxy_list = explode("\n", $proxy_list);
|
|
| 272 |
phpCAS::allowProxyChain(new CAS_ProxyChain($proxy_list)); |
|
| 273 |
} |
|
| 274 |
|
|
| 261 | 275 |
// force CAS authentication |
| 262 | 276 |
if ($cas_cert = variable_get('cas_cert', '')) {
|
| 263 | 277 |
phpCAS::setCasServerCACert($cas_cert); |
| ... | ... | |
| 380 | 394 |
* Implements hook_menu_link_alter(). |
| 381 | 395 |
* |
| 382 | 396 |
* Flag this link as needing alter at display time. |
| 383 |
* @see cas_translated_menu_link_alter().
|
|
| 384 |
**/
|
|
| 397 |
* @see cas_translated_menu_link_alter() |
|
| 398 |
*/ |
|
| 385 | 399 |
function cas_menu_link_alter(&$item) {
|
| 386 | 400 |
if ($item['link_path'] == 'cas' || $item['link_path'] == 'caslogout') {
|
| 387 | 401 |
$item['options']['alter'] = TRUE; |
| ... | ... | |
| 392 | 406 |
* Implements hook_translated_menu_item_alter(). |
| 393 | 407 |
* |
| 394 | 408 |
* Append dynamic query 'destination' to several menu items. |
| 395 |
**/
|
|
| 409 |
*/ |
|
| 396 | 410 |
function cas_translated_menu_link_alter(&$item) {
|
| 397 | 411 |
if ($item['href'] == 'cas') {
|
| 398 | 412 |
$item['localized_options']['query'] = drupal_get_destination(); |
| ... | ... | |
| 437 | 451 |
* An array of user ids. For each account, a CAS username is created with |
| 438 | 452 |
* the same name as the Drupal username. |
| 439 | 453 |
* |
| 440 |
* @see cas_user_operations().
|
|
| 454 |
* @see cas_user_operations() |
|
| 441 | 455 |
*/ |
| 442 | 456 |
function cas_user_operations_create_username($uids) {
|
| 443 | 457 |
$accounts = user_load_multiple($uids); |
| ... | ... | |
| 463 | 477 |
* @param $uids |
| 464 | 478 |
* An array of user ids. For each account, all CAS usernames are removed. |
| 465 | 479 |
* |
| 466 |
* @see cas_user_operations().
|
|
| 480 |
* @see cas_user_operations() |
|
| 467 | 481 |
*/ |
| 468 | 482 |
function cas_user_operations_remove_usernames($uids) {
|
| 469 | 483 |
db_delete('cas_user')
|
| ... | ... | |
| 590 | 604 |
* @param $alter |
| 591 | 605 |
* If TRUE, run the CAS username through hook_cas_user_alter() before |
| 592 | 606 |
* loading the account. |
| 607 |
* @param $reset |
|
| 608 |
* TRUE to reset the internal cache and load from the database; FALSE |
|
| 609 |
* (default) to load from the internal cache, if set. |
|
| 593 | 610 |
* |
| 594 | 611 |
* @return |
| 595 | 612 |
* A fully-loaded $user object upon successful user load or FALSE if user |
| 596 | 613 |
* cannot be loaded. |
| 597 | 614 |
*/ |
| 598 |
function cas_user_load_by_name($cas_name, $alter = FALSE) {
|
|
| 615 |
function cas_user_load_by_name($cas_name, $alter = FALSE, $reset = FALSE) {
|
|
| 599 | 616 |
if ($alter) {
|
| 600 | 617 |
$cas_user = array( |
| 601 | 618 |
'name' => $cas_name, |
| ... | ... | |
| 606 | 623 |
$cas_name = $cas_user['name']; |
| 607 | 624 |
} |
| 608 | 625 |
|
| 609 |
$uid = db_query("SELECT uid FROM {cas_user} WHERE cas_name = :cas_name", array(':cas_name' => $cas_name))->fetchField();
|
|
| 626 |
$uid = db_select('cas_user')->fields('cas_user', array('uid'))->condition('cas_name', db_like($cas_name), 'LIKE')->range(0, 1)->execute()->fetchField();
|
|
| 610 | 627 |
if ($uid) {
|
| 611 |
return user_load($uid); |
|
| 628 |
return user_load($uid, $reset);
|
|
| 612 | 629 |
} |
| 613 | 630 |
return FALSE; |
| 614 | 631 |
} |
| ... | ... | |
| 623 | 640 |
function cas_login_page($cas_first_login = FALSE) {
|
| 624 | 641 |
global $user; |
| 625 | 642 |
$destination = ''; |
| 643 |
$query = array(); |
|
| 626 | 644 |
// If it is the user's first CAS login and initial login redirection is enabled, go to the set page |
| 627 | 645 |
if ($cas_first_login && variable_get('cas_first_login_destination', '')) {
|
| 628 | 646 |
$destination = variable_get('cas_first_login_destination', '');
|
| 647 |
if (isset($_GET['destination'])) |
|
| 648 |
$query['destination'] = $_GET['destination']; |
|
| 629 | 649 |
unset($_GET['destination']); |
| 630 | 650 |
} |
| 631 | 651 |
|
| 632 | 652 |
// Respect the query string, if transmitted. |
| 633 |
drupal_goto($destination); |
|
| 653 |
drupal_goto($destination, array('query' => $query));
|
|
| 634 | 654 |
} |
| 635 | 655 |
|
| 636 | 656 |
/** |
| ... | ... | |
| 654 | 674 |
|
| 655 | 675 |
// Build the logout URL. |
| 656 | 676 |
cas_phpcas_init(); |
| 657 |
$logout_url = phpCAS::getServerLogoutURL(); |
|
| 658 |
$options = array(); |
|
| 659 | 677 |
|
| 660 | 678 |
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
|
| 661 | 679 |
// Add destination override so that a destination can be specified on the |
| ... | ... | |
| 671 | 689 |
//Make it an absolute url. This will also convert <front> to the front page. |
| 672 | 690 |
if ($destination) {
|
| 673 | 691 |
$destination_url = url($destination, array('absolute' => TRUE));
|
| 674 |
$options['query'] = array( |
|
| 675 |
'destination' => $destination_url, |
|
| 692 |
$options = array( |
|
| 676 | 693 |
'service' => $destination_url, |
| 677 | 694 |
'url' => $destination_url, |
| 678 | 695 |
); |
| 679 | 696 |
} |
| 697 |
else {
|
|
| 698 |
$options = array(); |
|
| 699 |
} |
|
| 680 | 700 |
|
| 681 | 701 |
// Mimic user_logout(). |
| 682 | 702 |
if ($invoke_hook) {
|
| 683 | 703 |
watchdog('user', 'Session closed for %name.', array('%name' => $user->name));
|
| 684 | 704 |
module_invoke_all('user_logout', $user);
|
| 685 | 705 |
} |
| 686 |
session_destroy(); |
|
| 687 | 706 |
|
| 688 |
// Force redirection in drupal_goto(). |
|
| 689 |
unset($_GET['destination']); |
|
| 690 |
drupal_goto($logout_url, $options); |
|
| 707 |
// phpCAS automatically calls session_destroy(). |
|
| 708 |
phpCAS::logout($options); |
|
| 691 | 709 |
} |
| 692 | 710 |
|
| 693 | 711 |
/** |
| ... | ... | |
| 745 | 763 |
* Determine if we should automatically check if the user is authenticated. |
| 746 | 764 |
* |
| 747 | 765 |
* This implements part of the CAS gateway feature. |
| 748 |
* @see phpCAS::checkAuthentication().
|
|
| 766 |
* @see phpCAS::checkAuthentication() |
|
| 749 | 767 |
* |
| 750 | 768 |
* @return |
| 751 | 769 |
* TRUE if we should query the CAS server to see if the user is already |
| ... | ... | |
| 763 | 781 |
} |
| 764 | 782 |
|
| 765 | 783 |
// Check to see if we've got a search bot. |
| 766 |
$crawlers = array( |
|
| 767 |
'Google', |
|
| 768 |
'msnbot', |
|
| 769 |
'Rambler', |
|
| 770 |
'Yahoo', |
|
| 771 |
'AbachoBOT', |
|
| 772 |
'accoona', |
|
| 773 |
'AcoiRobot', |
|
| 774 |
'ASPSeek', |
|
| 775 |
'CrocCrawler', |
|
| 776 |
'Dumbot', |
|
| 777 |
'FAST-WebCrawler', |
|
| 778 |
'GeonaBot', |
|
| 779 |
'Gigabot', |
|
| 780 |
'Lycos', |
|
| 781 |
'MSRBOT', |
|
| 782 |
'Scooter', |
|
| 783 |
'AltaVista', |
|
| 784 |
'IDBot', |
|
| 785 |
'eStyle', |
|
| 786 |
'Scrubby', |
|
| 787 |
'gsa-crawler', |
|
| 788 |
); |
|
| 789 |
// Return on the first find. |
|
| 790 |
foreach ($crawlers as $c) {
|
|
| 791 |
if (stripos($_SERVER['HTTP_USER_AGENT'], $c) !== FALSE) {
|
|
| 792 |
return FALSE; |
|
| 784 |
if (isset($_SERVER['HTTP_USER_AGENT'])) {
|
|
| 785 |
$crawlers = array( |
|
| 786 |
'Google', |
|
| 787 |
'msnbot', |
|
| 788 |
'Rambler', |
|
| 789 |
'Yahoo', |
|
| 790 |
'AbachoBOT', |
|
| 791 |
'accoona', |
|
| 792 |
'AcoiRobot', |
|
| 793 |
'ASPSeek', |
|
| 794 |
'CrocCrawler', |
|
| 795 |
'Dumbot', |
|
| 796 |
'FAST-WebCrawler', |
|
| 797 |
'GeonaBot', |
|
| 798 |
'Gigabot', |
|
| 799 |
'Lycos', |
|
| 800 |
'MSRBOT', |
|
| 801 |
'Scooter', |
|
| 802 |
'AltaVista', |
|
| 803 |
'IDBot', |
|
| 804 |
'eStyle', |
|
| 805 |
'Scrubby', |
|
| 806 |
'gsa-crawler', |
|
| 807 |
); |
|
| 808 |
// Return on the first find. |
|
| 809 |
foreach ($crawlers as $c) {
|
|
| 810 |
if (stripos($_SERVER['HTTP_USER_AGENT'], $c) !== FALSE) {
|
|
| 811 |
return FALSE; |
|
| 812 |
} |
|
| 793 | 813 |
} |
| 794 | 814 |
} |
| 795 | 815 |
|
| ... | ... | |
| 869 | 889 |
*/ |
| 870 | 890 |
function cas_form_alter(&$form, &$form_state, $form_id) {
|
| 871 | 891 |
|
| 872 |
//drupal_set_message($form_id.'<pre>'.print_r($form,1).'</pre>'); |
|
| 873 | 892 |
switch ($form_id) {
|
| 874 | 893 |
case 'user_login': |
| 875 | 894 |
case 'user_login_block': |
| ... | ... | |
| 953 | 972 |
} |
| 954 | 973 |
if (variable_get('cas_hide_password', 0)) {
|
| 955 | 974 |
$form['account']['pass']['#access'] = FALSE; |
| 956 |
|
|
| 957 |
// Also remove requirement to validate your current password before |
|
| 958 |
// changing your e-mail address. |
|
| 959 |
$form['account']['current_pass']['#access'] = FALSE; |
|
| 960 |
$form['account']['current_pass_required_values']['#access'] = FALSE; |
|
| 961 |
$form['#validate'] = array_diff($form['#validate'], array('user_validate_current_pass'));
|
|
| 962 | 975 |
} |
| 963 | 976 |
} |
| 977 |
if (cas_is_external_user($account) && variable_get('cas_hide_password', 0)) {
|
|
| 978 |
// Also remove requirement to validate your current password before |
|
| 979 |
// changing your e-mail address. |
|
| 980 |
$form['account']['current_pass']['#access'] = FALSE; |
|
| 981 |
$form['account']['current_pass_required_values']['#access'] = FALSE; |
|
| 982 |
$form['account']['current_pass_required_values']['#value'] = array(); |
|
| 983 |
$form['#validate'] = array_diff($form['#validate'], array('user_validate_current_pass'));
|
|
| 984 |
} |
|
| 964 | 985 |
break; |
| 965 | 986 |
|
| 966 | 987 |
case 'user_pass': |
| ... | ... | |
| 1046 | 1067 |
|
| 1047 | 1068 |
function _cas_single_sign_out_check() {
|
| 1048 | 1069 |
if (isset($_POST["logoutRequest"])) {
|
| 1049 |
$cas_logout_request_xml_string = utf8_encode($_POST["logoutRequest"]); // it's important!
|
|
| 1070 |
$cas_logout_request_xml_string = utf8_encode(urldecode($_POST["logoutRequest"]));
|
|
| 1050 | 1071 |
$cas_logout_request_xml = new SimpleXMLElement($cas_logout_request_xml_string); |
| 1051 | 1072 |
if (is_object($cas_logout_request_xml)) {
|
| 1052 | 1073 |
$namespaces = $cas_logout_request_xml->getNameSpaces(); |
| ... | ... | |
| 1061 | 1082 |
// Log them out now. |
| 1062 | 1083 |
// first lets find out who we want to log off |
| 1063 | 1084 |
|
| 1064 |
$result = db_query_range("SELECT cld.uid FROM {cas_login_data} cld WHERE cld.cas_session_id = :ticket", 0 , 1, array(':ticket' => $cas_session_index));
|
|
| 1065 |
foreach ($result as $record) {
|
|
| 1066 |
$uid = $record->uid; |
|
| 1067 |
$acct = user_load($uid); |
|
| 1068 |
watchdog('user', 'Session closed for %name.', array('%name' => $acct->name));
|
|
| 1069 |
// remove all entry for user id in cas_login_data |
|
| 1070 |
db_delete('cas_login_data')
|
|
| 1071 |
->condition('uid', $uid)
|
|
| 1072 |
->execute(); |
|
| 1073 |
|
|
| 1074 |
// remove their session |
|
| 1075 |
db_delete('sessions')
|
|
| 1076 |
->condition('uid', $uid)
|
|
| 1077 |
->execute(); |
|
| 1085 |
|
|
| 1086 |
$record = db_query_range("SELECT cld.uid, u.name FROM {users} u JOIN {cas_login_data} cld ON u.uid = cld.uid WHERE cld.cas_session_id = :ticket", 0, 1, array(':ticket' => $cas_session_index))->fetchObject();
|
|
| 1087 |
if ($record) {
|
|
| 1088 |
watchdog('user', 'Session closed for %name by CAS logout request.', array('%name' => $record->name));
|
|
| 1089 |
//remove all entry for user id in cas_login_data |
|
| 1090 |
db_delete('cas_login_data')
|
|
| 1091 |
->condition('uid', $record->uid)
|
|
| 1092 |
->execute(); |
|
| 1093 |
|
|
| 1094 |
// remove their session |
|
| 1095 |
db_delete('sessions')
|
|
| 1096 |
->condition('uid', $record->uid)
|
|
| 1097 |
->execute(); |
|
| 1078 | 1098 |
} |
| 1079 | 1099 |
} |
| 1080 | 1100 |
} |
| ... | ... | |
| 1238 | 1258 |
* Get the CAS attributes of the current CAS user. |
| 1239 | 1259 |
* |
| 1240 | 1260 |
* Ensures that phpCAS is properly initialized before getting the attributes. |
| 1241 |
* @see phpCAS::getAttributes().
|
|
| 1261 |
* @see phpCAS::getAttributes() |
|
| 1242 | 1262 |
* |
| 1243 | 1263 |
* @param $cas_name |
| 1244 | 1264 |
* If provided, ensure that the currently logged in CAS user matches this |
Formats disponibles : Unified diff
Weekly update of contrib modules