Révision e9f59589
Ajouté par Assos Assos il y a presque 10 ans
drupal7/sites/all/modules/cas/cas.module | ||
---|---|---|
15 | 15 |
define('CAS_LOGIN_REDIR_MESSAGE', 'You will be redirected to the secure CAS login page.'); |
16 | 16 |
define('CAS_EXCLUDE', 'services/*'); |
17 | 17 |
|
18 |
// Frequency of CAS Gateway checking. |
|
19 |
define('CAS_CHECK_NEVER', -2); |
|
20 |
define('CAS_CHECK_ONCE', -1); |
|
21 |
define('CAS_CHECK_ALWAYS', 0); |
|
22 |
|
|
18 | 23 |
/** |
19 | 24 |
* Implements hook_init(). |
20 | 25 |
* |
... | ... | |
36 | 41 |
if (!$user->uid) { |
37 | 42 |
$force_authentication = _cas_force_login(); |
38 | 43 |
$check_authentication = _cas_allow_check_for_login(); |
39 |
if ($force_authentication || $check_authentication) { |
|
44 |
$request_type = $_SERVER['REQUEST_METHOD']; |
|
45 |
$perform_login_check = $force_authentication || ($check_authentication && ($request_type == 'GET')); |
|
46 |
if ($perform_login_check) { |
|
40 | 47 |
cas_login_check($force_authentication); |
41 | 48 |
} |
42 | 49 |
} |
... | ... | |
76 | 83 |
} |
77 | 84 |
else { |
78 | 85 |
$logged_in = phpCAS::checkAuthentication(); |
79 |
// Set the login tested cookie |
|
80 |
setcookie('cas_login_checked', 'true'); |
|
81 | 86 |
|
82 | 87 |
// We're done cause we're not logged in. |
83 | 88 |
if (!$logged_in) { |
... | ... | |
173 | 178 |
drupal_set_message(t('You will remain logged in on this computer even after you close your browser.')); |
174 | 179 |
} |
175 | 180 |
|
176 |
cas_login_page($cas_first_login); |
|
181 |
_cas_redirect_after_login($cas_first_login); |
|
182 |
|
|
177 | 183 |
} |
178 | 184 |
else { |
179 | 185 |
$user = drupal_anonymous_user(); |
186 |
unset($_SESSION['phpCAS']); |
|
187 |
|
|
180 | 188 |
// Only display error messages only if the user intended to log in. |
181 | 189 |
if ($force_authentication) { |
182 | 190 |
drupal_set_message(t('No account found for %cas_name.', array('%cas_name' => $cas_name)), 'error'); |
... | ... | |
280 | 288 |
phpCAS::setNoCasServerValidation(); |
281 | 289 |
} |
282 | 290 |
|
283 |
$service = isset($_GET['q']) ? $_GET['q'] : 'cas';
|
|
284 |
phpCAS::setFixedServiceURL(url($service, array('query' => cas_login_destination(), 'absolute' => TRUE)));
|
|
291 |
phpCAS::setFixedServiceURL(url(current_path(), array('query' => drupal_get_query_parameters(), 'absolute' => TRUE)));
|
|
292 |
phpCAS::setCacheTimesForAuthRecheck((int) variable_get('cas_check_frequency', CAS_CHECK_NEVER));
|
|
285 | 293 |
|
286 | 294 |
// Allow other modules to call phpCAS routines. We do not call |
287 | 295 |
// drupal_alter() since there are no parameters to pass. |
... | ... | |
334 | 342 |
'weight' => -10, |
335 | 343 |
); |
336 | 344 |
$items['admin/people/cas/create'] = array( |
337 |
'title' => 'Add CAS user', |
|
345 |
'title' => 'Add CAS user(s)',
|
|
338 | 346 |
'page callback' => 'drupal_get_form', |
339 | 347 |
'page arguments' => array('cas_add_user_form'), |
340 | 348 |
'access arguments' => array('administer users'), |
... | ... | |
416 | 424 |
} |
417 | 425 |
} |
418 | 426 |
|
419 |
/** |
|
420 |
* Helper function to rewrite the destination to avoid redirecting to login page after login. |
|
421 |
* |
|
422 |
* Instead of the login page, we redirect to the front page. |
|
423 |
*/ |
|
424 |
function cas_login_destination() { |
|
425 |
$destination = user_login_destination(); |
|
426 |
if ($destination['destination'] == 'cas') { |
|
427 |
$destination['destination'] = ''; |
|
428 |
} |
|
429 |
return $destination; |
|
430 |
} |
|
431 |
|
|
432 | 427 |
/** |
433 | 428 |
* Implements hook_user_operations(). |
434 | 429 |
*/ |
... | ... | |
631 | 626 |
} |
632 | 627 |
|
633 | 628 |
/** |
634 |
* Redirects to appropriate page based on user settings. |
|
629 |
* This is the page callback for the /cas page, which is used only to |
|
630 |
* trigger a forced CAS authentication. |
|
635 | 631 |
* |
636 |
* @param $cas_first_login
|
|
637 |
* TRUE if the user was just registered and they should be redirected to the
|
|
638 |
* configured 'Initial login landing page'.
|
|
632 |
* In almost all cases, the user will have been redirected before even
|
|
633 |
* hitting this page (see hook_init implementation). But as a stop gap
|
|
634 |
* just redirect to the homepage.
|
|
639 | 635 |
*/ |
640 |
function cas_login_page($cas_first_login = FALSE) { |
|
641 |
global $user; |
|
642 |
$destination = ''; |
|
643 |
$query = array(); |
|
644 |
// If it is the user's first CAS login and initial login redirection is enabled, go to the set page |
|
645 |
if ($cas_first_login && variable_get('cas_first_login_destination', '')) { |
|
646 |
$destination = variable_get('cas_first_login_destination', ''); |
|
647 |
if (isset($_GET['destination'])) |
|
648 |
$query['destination'] = $_GET['destination']; |
|
649 |
unset($_GET['destination']); |
|
650 |
} |
|
651 |
|
|
652 |
// Respect the query string, if transmitted. |
|
653 |
drupal_goto($destination, array('query' => $query)); |
|
636 |
function cas_login_page() { |
|
637 |
drupal_goto(''); |
|
654 | 638 |
} |
655 | 639 |
|
656 | 640 |
/** |
... | ... | |
770 | 754 |
* authenticated, FALSE otherwise. |
771 | 755 |
*/ |
772 | 756 |
function _cas_allow_check_for_login() { |
773 |
if (!variable_get('cas_check_first', 0)) {
|
|
774 |
// The user has disabled the feature.
|
|
757 |
// Do not process in maintenance mode.
|
|
758 |
if (variable_get('maintenance_mode', 0)) {
|
|
775 | 759 |
return FALSE; |
776 | 760 |
} |
777 | 761 |
|
778 |
// Check to see if we already have.
|
|
779 |
if (!empty($_COOKIE['cas_login_checked'])) {
|
|
762 |
if (variable_get('cas_check_frequency', CAS_CHECK_NEVER) == CAS_CHECK_NEVER) {
|
|
763 |
// The user has disabled the feature.
|
|
780 | 764 |
return FALSE; |
781 | 765 |
} |
782 | 766 |
|
... | ... | |
850 | 834 |
return TRUE; |
851 | 835 |
} |
852 | 836 |
|
837 |
// Do not process in maintenance mode. |
|
838 |
if (variable_get('maintenance_mode', 0)) { |
|
839 |
return FALSE; |
|
840 |
} |
|
841 |
|
|
853 | 842 |
// Do not force login for XMLRPC, Cron, or Drush. |
854 | 843 |
if (stristr($_SERVER['SCRIPT_FILENAME'], 'xmlrpc.php')) { |
855 | 844 |
return FALSE; |
... | ... | |
1073 | 1062 |
$namespaces = $cas_logout_request_xml->getNameSpaces(); |
1074 | 1063 |
$xsearch = 'SessionIndex'; |
1075 | 1064 |
if (isset($namespaces['samlp'])) { |
1076 |
$cas_logout_request_xml->registerXPathNamespace('samlp', $namespaces['samlp']); |
|
1077 |
$xsearch = 'samlp:SessionIndex'; |
|
1065 |
$cas_session_indexes = $cas_logout_request_xml->children($namespaces['samlp'])->SessionIndex; |
|
1066 |
} |
|
1067 |
else { |
|
1068 |
$cas_session_indexes = $cas_logout_request_xml->xpath($xsearch); |
|
1078 | 1069 |
} |
1079 |
$cas_session_indexes = $cas_logout_request_xml->xpath($xsearch); |
|
1080 | 1070 |
if ($cas_session_indexes) { |
1081 | 1071 |
$cas_session_index = (string)$cas_session_indexes[0]; |
1082 | 1072 |
// Log them out now. |
... | ... | |
1305 | 1295 |
'path' => drupal_get_path('module', 'cas') . '/includes/views', |
1306 | 1296 |
); |
1307 | 1297 |
} |
1298 |
|
|
1299 |
/** |
|
1300 |
* Redirect a user after they have logged into the website through CAS |
|
1301 |
* |
|
1302 |
* @param $cas_first_login - TRUE if this is the first time the CAS user |
|
1303 |
* logged into the site |
|
1304 |
*/ |
|
1305 |
function _cas_redirect_after_login($cas_first_login) { |
|
1306 |
// When users first log in, we may want to redirect them to a special page if specified |
|
1307 |
if ($cas_first_login && variable_get('cas_first_login_destination', '')) { |
|
1308 |
$destination = variable_get('cas_first_login_destination', ''); |
|
1309 |
drupal_goto($destination); |
|
1310 |
} |
|
1311 |
else { |
|
1312 |
// If logged in through forced authentication ('/cas'), then redirect user to the |
|
1313 |
// homepage, or to wherever the current "destination" parameter points. |
|
1314 |
if (current_path() == 'cas') { |
|
1315 |
drupal_goto(''); |
|
1316 |
} |
|
1317 |
// If logged in through gateway feature, then just reload the current path |
|
1318 |
// and preserve any query string args that were set |
|
1319 |
else { |
|
1320 |
drupal_goto(current_path(), array('query' => drupal_get_query_parameters())); |
|
1321 |
} |
|
1322 |
} |
|
1323 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules