|
1
|
<?php
|
|
2
|
|
|
3
|
/**
|
|
4
|
* @file
|
|
5
|
* CAS module settings UI.
|
|
6
|
*/
|
|
7
|
|
|
8
|
/**
|
|
9
|
* Provides settings pages.
|
|
10
|
*/
|
|
11
|
function cas_admin_settings() {
|
|
12
|
|
|
13
|
$form['library'] = array(
|
|
14
|
'#type' => 'fieldset',
|
|
15
|
'#title' => t('Library (phpCAS)'),
|
|
16
|
'#collapsible' => TRUE,
|
|
17
|
);
|
|
18
|
if (module_exists('libraries')) {
|
|
19
|
// If Libraries API is enabled, print an information item.
|
|
20
|
$form['library']['cas_library_dir'] = array(
|
|
21
|
'#type' => 'item',
|
|
22
|
'#title' => t('Library directory'),
|
|
23
|
'#value' => t('Using <a href="@url">Libraries API</a>.', array('@url' => 'http://drupal.org/project/libraries')),
|
|
24
|
'#description' => t('Please ensure phpCAS is installed in a location compatible with Libraries API. For example, install phpCAS so that <em>sites/all/libraries/CAS/CAS.php</em> exists. See README.txt for more information.'),
|
|
25
|
'#after_build' => array('cas_library_version_check'),
|
|
26
|
);
|
|
27
|
}
|
|
28
|
else {
|
|
29
|
// If Libraries API is not installed, display path settings.
|
|
30
|
$form['library']['cas_library_dir'] = array(
|
|
31
|
'#type' => 'textfield',
|
|
32
|
'#title' => t('Library directory'),
|
|
33
|
'#default_value' => variable_get('cas_library_dir', 'CAS'),
|
|
34
|
'#description' => t('Specify the path to the directory the CAS.php file resides in. Leave blank to load cas from your phpinclude path.'),
|
|
35
|
'#after_build' => array('cas_library_version_check'),
|
|
36
|
);
|
|
37
|
}
|
|
38
|
|
|
39
|
|
|
40
|
$form['server'] = array(
|
|
41
|
'#type' => 'fieldset',
|
|
42
|
'#title' => t('CAS Server'),
|
|
43
|
'#collapsible' => TRUE,
|
|
44
|
'#collapsed' => FALSE,
|
|
45
|
);
|
|
46
|
|
|
47
|
$form['server']['cas_version'] = array(
|
|
48
|
'#type' => 'radios',
|
|
49
|
'#title' => t('Version'),
|
|
50
|
'#default_value' => variable_get('cas_version', '2.0'),
|
|
51
|
'#options' => array(
|
|
52
|
'1.0' => '1.0',
|
|
53
|
'2.0' => t('2.0 or higher'),
|
|
54
|
'S1' => t('SAML Version 1.1'),
|
|
55
|
),
|
|
56
|
);
|
|
57
|
|
|
58
|
$form['server']['cas_server'] = array(
|
|
59
|
'#type' => 'textfield',
|
|
60
|
'#title' => t('Hostname'),
|
|
61
|
'#default_value' => variable_get('cas_server', ''),
|
|
62
|
'#size' => 30,
|
|
63
|
// Hostnames can be 255 characters long.
|
|
64
|
'#maxlength' => 255,
|
|
65
|
'#description' => t('Hostname or IP Address of the CAS server.'),
|
|
66
|
);
|
|
67
|
|
|
68
|
$form['server']['cas_port'] = array(
|
|
69
|
'#type' => 'textfield',
|
|
70
|
'#title' => t('Port'),
|
|
71
|
'#default_value' => variable_get('cas_port', '443'),
|
|
72
|
'#size' => 5,
|
|
73
|
// The maximum port number is 65536, 5 digits.
|
|
74
|
'#maxlength' => 5,
|
|
75
|
'#description' => t('443 is the standard SSL port. 8443 is the standard non-root port for Tomcat.'),
|
|
76
|
);
|
|
77
|
|
|
78
|
$form['server']['cas_uri'] = array(
|
|
79
|
'#type' => 'textfield',
|
|
80
|
'#title' => t('URI'),
|
|
81
|
'#default_value' => variable_get('cas_uri', ''),
|
|
82
|
'#size' => 30,
|
|
83
|
'#description' => t('If CAS is not at the root of the host, include a URI (e.g., /cas).'),
|
|
84
|
);
|
|
85
|
|
|
86
|
$form['server']['cas_cert'] = array(
|
|
87
|
'#type' => 'textfield',
|
|
88
|
'#title' => t('Certificate Authority PEM Certificate'),
|
|
89
|
'#default_value' => variable_get('cas_cert', ''),
|
|
90
|
'#maxlength' => 255,
|
|
91
|
'#description' => t('The PEM certificate of the Certificate Authority that issued the certificate of the CAS server. If omitted, the certificate authority will not be verified.'),
|
|
92
|
);
|
|
93
|
|
|
94
|
$form['login'] = array(
|
|
95
|
'#type' => 'fieldset',
|
|
96
|
'#title' => t('Login form'),
|
|
97
|
'#collapsible' => TRUE,
|
|
98
|
'#collapsed' => TRUE,
|
|
99
|
);
|
|
100
|
|
|
101
|
$form['login']['cas_login_form'] = array(
|
|
102
|
'#type' => 'radios',
|
|
103
|
'#title' => t('Add CAS link to login forms'),
|
|
104
|
'#default_value' => variable_get('cas_login_form', CAS_NO_LINK),
|
|
105
|
'#options' => array(
|
|
106
|
CAS_NO_LINK => t('Do not add link to login forms'),
|
|
107
|
CAS_ADD_LINK => t('Add link to login forms'),
|
|
108
|
CAS_MAKE_DEFAULT => t('Make CAS login default on login forms')),
|
|
109
|
);
|
|
110
|
|
|
111
|
$form['login']['cas_login_invite'] = array(
|
|
112
|
'#type' => 'textfield',
|
|
113
|
'#title' => t('CAS Login invitation'),
|
|
114
|
'#default_value' => variable_get('cas_login_invite', CAS_LOGIN_INVITE_DEFAULT),
|
|
115
|
'#description' => t('Message users will see to invite them to log in with CAS credentials.'),
|
|
116
|
);
|
|
117
|
|
|
118
|
$form['login']['cas_login_drupal_invite'] = array(
|
|
119
|
'#type' => 'textfield',
|
|
120
|
'#title' => t('Drupal login invitation'),
|
|
121
|
'#default_value' => variable_get('cas_login_drupal_invite', CAS_LOGIN_DRUPAL_INVITE_DEFAULT),
|
|
122
|
'#description' => t('Message users will see to invite them to log in with Drupal credentials.'),
|
|
123
|
);
|
|
124
|
|
|
125
|
$form['login']['cas_login_redir_message'] = array(
|
|
126
|
'#type' => 'textfield',
|
|
127
|
'#title' => t('Redirection notification message'),
|
|
128
|
'#default_value' => variable_get('cas_login_redir_message', CAS_LOGIN_REDIR_MESSAGE),
|
|
129
|
'#description' => t('Message users see at the top of the CAS login form to warn them that they are being redirected to the CAS server.'),
|
|
130
|
);
|
|
131
|
|
|
132
|
// Setting for message displayed to user upon successfull login
|
|
133
|
$form['login']['cas_login_message'] = array(
|
|
134
|
'#type' => 'textfield',
|
|
135
|
'#title' => t('Successful login message'),
|
|
136
|
'#default_value' => variable_get('cas_login_message', 'Logged in via CAS as %cas_username.'),
|
|
137
|
'#description' => t('Message displayed when a user logs in successfully. <em>%cas_username</em> will be replaced with the user\'s name.'),
|
|
138
|
);
|
|
139
|
|
|
140
|
|
|
141
|
$form['account'] = array(
|
|
142
|
'#type' => 'fieldset',
|
|
143
|
'#title' => t('User accounts'),
|
|
144
|
'#collapsible' => TRUE,
|
|
145
|
'#collapsed' => TRUE,
|
|
146
|
);
|
|
147
|
|
|
148
|
$form['account']['cas_user_register'] = array(
|
|
149
|
'#type' => 'checkbox',
|
|
150
|
'#title' => t('Automatically create Drupal accounts'),
|
|
151
|
'#default_value' => variable_get('cas_user_register', 1),
|
|
152
|
'#description' => t('Whether a Drupal account is automatically created the first time a CAS user logs into the site. If disabled, you will need to pre-register Drupal accounts for authorized users.'),
|
|
153
|
);
|
|
154
|
|
|
155
|
$form['account']['cas_domain'] = array(
|
|
156
|
'#type' => 'textfield',
|
|
157
|
'#title' => t('E-mail address'),
|
|
158
|
'#field_prefix' => t('username@'),
|
|
159
|
'#default_value' => variable_get('cas_domain', ''),
|
|
160
|
'#size' => 30,
|
|
161
|
// Hostnames can be 255 characters long.
|
|
162
|
'#maxlength' => 255,
|
|
163
|
'#description' => t("If provided, automatically generate each new user's e-mail address. If omitted, the e-mail field will not be populated. Other modules may be used to populate the e-mail field from CAS attributes or LDAP servers."),
|
|
164
|
);
|
|
165
|
|
|
166
|
// Taken from Drupal's User module.
|
|
167
|
$roles = array_map('check_plain', user_roles(TRUE));
|
|
168
|
$checkbox_authenticated = array(
|
|
169
|
'#type' => 'checkbox',
|
|
170
|
'#title' => $roles[DRUPAL_AUTHENTICATED_RID],
|
|
171
|
'#default_value' => TRUE,
|
|
172
|
'#disabled' => TRUE,
|
|
173
|
);
|
|
174
|
unset($roles[DRUPAL_AUTHENTICATED_RID]);
|
|
175
|
$form['account']['cas_auto_assigned_role'] = array(
|
|
176
|
'#type' => 'checkboxes',
|
|
177
|
'#title' => t('Roles'),
|
|
178
|
'#description' => t('The selected roles will be automatically assigned to each CAS user on login. Use this to automatically give CAS users additional privileges or to identify CAS users to other modules.'),
|
|
179
|
'#default_value' => variable_get('cas_auto_assigned_role', array()),
|
|
180
|
'#options' => $roles,
|
|
181
|
'#access' => user_access('administer permissions'),
|
|
182
|
DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
|
|
183
|
);
|
|
184
|
|
|
185
|
$form['account']['cas_hide_email'] = array(
|
|
186
|
'#type' => 'checkbox',
|
|
187
|
'#title' => t('Users cannot change email address'),
|
|
188
|
'#default_value' => variable_get('cas_hide_email', 0),
|
|
189
|
'#description' => t('Hide email address field on the edit user form.'),
|
|
190
|
);
|
|
191
|
|
|
192
|
$form['account']['cas_hide_password'] = array(
|
|
193
|
'#type' => 'checkbox',
|
|
194
|
'#title' => t('Users cannot change password'),
|
|
195
|
'#default_value' => variable_get('cas_hide_password', 0),
|
|
196
|
'#description' => t('Hide password field on the edit user form. This also removes the requirement to enter your current password before changing your e-mail address.'),
|
|
197
|
);
|
|
198
|
|
|
199
|
if (module_exists('persistent_login')) {
|
|
200
|
$form['account']['cas_allow_rememberme'] = array(
|
|
201
|
'#type' => 'checkbox',
|
|
202
|
'#title' => t('Users can stay logged in between sessions'),
|
|
203
|
'#default_value' => variable_get('cas_allow_rememberme', 0),
|
|
204
|
'#description' => t('If Persistent Login is enabled, users can choose to stay logged in between browser sessions'),
|
|
205
|
);
|
|
206
|
}
|
|
207
|
|
|
208
|
$form['pages'] = array(
|
|
209
|
'#type' => 'fieldset',
|
|
210
|
'#title' => t('Redirection'),
|
|
211
|
'#collapsible' => TRUE,
|
|
212
|
'#collapsed' => TRUE,
|
|
213
|
);
|
|
214
|
|
|
215
|
$form['pages']['cas_check_first'] = array(
|
|
216
|
'#type' => 'checkbox',
|
|
217
|
'#title' => t('Check with the CAS server to see if the user is already logged in?'),
|
|
218
|
'#default_value' => variable_get('cas_check_first', 0),
|
|
219
|
'#description' => t('This implements the <a href="@cas-gateway">Gateway feature</a> of the CAS Protocol. The check is only performed the first time a user visits your site, so that the local drupal logout is still useful for site admins.', array('@cas-gateway' => 'https://wiki.jasig.org/display/CAS/gateway')),
|
|
220
|
);
|
|
221
|
|
|
222
|
$form['pages']['cas_access'] = array(
|
|
223
|
'#type' => 'radios',
|
|
224
|
'#title' => t('Require CAS login for'),
|
|
225
|
'#default_value' => variable_get('cas_access', 0),
|
|
226
|
'#options' => array(t('specific pages'), t('all pages except specific pages')),
|
|
227
|
);
|
|
228
|
|
|
229
|
$form['pages']['cas_pages'] = array(
|
|
230
|
'#type' => 'textarea',
|
|
231
|
'#title' => t('Specific pages'),
|
|
232
|
'#default_value' => variable_get('cas_pages', ''),
|
|
233
|
'#cols' => 40,
|
|
234
|
'#rows' => 5,
|
|
235
|
'#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em><front></em>' is the front page."),
|
|
236
|
);
|
|
237
|
|
|
238
|
$form['pages']['cas_exclude'] = array(
|
|
239
|
'#type' => 'textarea',
|
|
240
|
'#title' => t('Excluded Pages'),
|
|
241
|
'#default_value' => variable_get('cas_exclude', CAS_EXCLUDE),
|
|
242
|
'#cols' => 40,
|
|
243
|
'#rows' => 5,
|
|
244
|
'#description' => t("Indicates which pages will be ignored (no login checks). Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em><front></em>' is the front page."),
|
|
245
|
);
|
|
246
|
|
|
247
|
|
|
248
|
$form['misc'] = array(
|
|
249
|
'#type' => 'fieldset',
|
|
250
|
'#title' => t('Login/Logout Destinations'),
|
|
251
|
'#collapsible' => TRUE,
|
|
252
|
'#collapsed' => TRUE,
|
|
253
|
);
|
|
254
|
|
|
255
|
// Settings for redirection upon first login
|
|
256
|
$form['misc']['cas_first_login_destination'] = array(
|
|
257
|
'#type' => 'textfield',
|
|
258
|
'#title' => t('Initial login destination'),
|
|
259
|
'#default_value' => variable_get('cas_first_login_destination', ''),
|
|
260
|
'#size' => 40,
|
|
261
|
'#maxlength' => 255,
|
|
262
|
'#description' => t("Drupal path or URL. Enter a destination if you want the user to be redirected to this page on their first CAS login. An example path is <em>blog</em> for the blog page, <em><front></em> for the front page, or <em>user</em> for the user's page."),
|
|
263
|
);
|
|
264
|
|
|
265
|
// Setting for page to return to after a CAS logout
|
|
266
|
$form['misc']['cas_logout_destination'] = array(
|
|
267
|
'#type' => 'textfield',
|
|
268
|
'#title' => t('Logout destination'),
|
|
269
|
'#default_value' => variable_get('cas_logout_destination', ''),
|
|
270
|
'#size' => 40,
|
|
271
|
'#maxlength' => 255,
|
|
272
|
'#description' => t("Drupal path or URL. Enter a destination if you want a user to be directed to this page after logging out of CAS, or leave blank to direct users back to the previous page. An example path is <em>blog</em> for the blog page or <em><front></em> for the front page."),
|
|
273
|
);
|
|
274
|
|
|
275
|
$form['misc']['cas_changePasswordURL'] = array(
|
|
276
|
'#type' => 'textfield',
|
|
277
|
'#title' => t('Change password URL'),
|
|
278
|
'#default_value' => variable_get('cas_changePasswordURL', ''),
|
|
279
|
'#maxlength' => 255,
|
|
280
|
'#description' => t('The URL users should use for changing their password. Leave blank to use the standard Drupal page.'),
|
|
281
|
);
|
|
282
|
|
|
283
|
$form['misc']['cas_registerURL'] = array(
|
|
284
|
'#type' => 'textfield',
|
|
285
|
'#title' => t('Registration URL'),
|
|
286
|
'#default_value' => variable_get('cas_registerURL', ''),
|
|
287
|
'#maxlength' => 255,
|
|
288
|
'#description' => t('The URL users should use for changing registering. Leave blank to use the standard Drupal page.'),
|
|
289
|
);
|
|
290
|
|
|
291
|
|
|
292
|
$form['advanced'] = array(
|
|
293
|
'#type' => 'fieldset',
|
|
294
|
'#title' => t('Miscellaneous & Experimental Settings'),
|
|
295
|
'#collapsible' => TRUE,
|
|
296
|
'#collapsed' => TRUE,
|
|
297
|
);
|
|
298
|
$form['advanced']['cas_proxy'] = array(
|
|
299
|
'#type' => 'checkbox',
|
|
300
|
'#title' => t('Initialize CAS as proxy'),
|
|
301
|
'#default_value' => variable_get('cas_proxy', 0),
|
|
302
|
'#description' => t('Initialize phpCAS as a proxy rather than a client. The proxy ticket returned by the CAS server allows access to external services as the CAS user.')
|
|
303
|
);
|
|
304
|
|
|
305
|
$form['advanced']['cas_proxy_settings'] = array(
|
|
306
|
'#type' => 'container',
|
|
307
|
'#states' => array(
|
|
308
|
'invisible' => array(
|
|
309
|
'input[name="cas_proxy"]' => array('checked' => FALSE),
|
|
310
|
),
|
|
311
|
),
|
|
312
|
);
|
|
313
|
$form['advanced']['cas_proxy_settings']['cas_pgtformat'] = array(
|
|
314
|
'#type' => 'radios',
|
|
315
|
'#title' => t('CAS PGT storage file format'),
|
|
316
|
'#default_value' => variable_get('cas_pgtformat', 'plain'),
|
|
317
|
'#options' => array('plain' => t('Plain Text'), 'xml' => t('XML')),
|
|
318
|
);
|
|
319
|
|
|
320
|
$form['advanced']['cas_proxy_settings']['cas_pgtpath'] = array(
|
|
321
|
'#type' => 'textfield',
|
|
322
|
'#title' => t('CAS PGT storage path'),
|
|
323
|
'#default_value' => variable_get('cas_pgtpath', ''),
|
|
324
|
'#maxlength' => 255,
|
|
325
|
'#description' => t("Only needed if 'Use CAS proxy initializer' is configured. Leave empty for default."),
|
|
326
|
);
|
|
327
|
|
|
328
|
$form['advanced']['cas_debugfile'] = array(
|
|
329
|
'#type' => 'textfield',
|
|
330
|
'#title' => t('CAS debugging output filename'),
|
|
331
|
'#default_value' => variable_get('cas_debugfile', ''),
|
|
332
|
'#maxlength' => 255,
|
|
333
|
'#description' => t("Leave empty if you don't want debugging output."),
|
|
334
|
);
|
|
335
|
|
|
336
|
return system_settings_form($form);
|
|
337
|
}
|
|
338
|
|
|
339
|
/**
|
|
340
|
* Checks that the library is installed in the location specified by loading the
|
|
341
|
* class and extracting the version.
|
|
342
|
*
|
|
343
|
* @param $element
|
|
344
|
* The form element containing the "library" fieldset.
|
|
345
|
* @param $form_state
|
|
346
|
* An array containing the form's state information.
|
|
347
|
*
|
|
348
|
* @return
|
|
349
|
* The modified form element containing the "library" fieldset.
|
|
350
|
*/
|
|
351
|
function cas_library_version_check($element, &$form_state) {
|
|
352
|
$path = module_exists('libraries') ? NULL : $element['#value'];
|
|
353
|
// Suppress errors if phpCAS cannot be loaded.
|
|
354
|
if ($version = @cas_phpcas_load($path)) {
|
|
355
|
$element['#suffix'] = '<div class="ok messages">' . t('phpCAS version %version successfully loaded.', array('%version' => $version)) . '</div>';
|
|
356
|
}
|
|
357
|
else {
|
|
358
|
$element['#suffix'] = '<div class="error messages">' . t('The phpCAS library was not found or could not be loaded.') . '</div>';
|
|
359
|
}
|
|
360
|
return $element;
|
|
361
|
}
|
