search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Automatic installer.php lang files by installer_builder (20070726)
[moodle-linuxchix.git] / auth / shibboleth / auth.php
blob02cf0a4d9136f9b782d05e63170b81c27ae8421e
1 <?php
2 /**
3 * @author Martin Dougiamas
4 * @author Lukas Haemmerle
5 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
6 * @package moodle multiauth
7 *
8 * Authentication Plugin: Shibboleth Authentication
9 *
10 * Authentication using Shibboleth.
11 *
12 * Distributed under GPL (c)Markus Hagman 2004-2006
13 *
14 * 10.2004 SHIBBOLETH Authentication functions v.0.1
15 * 05.2005 Various extensions and fixes by Lukas Haemmerle
16 * 10.2005 Added better error messags
17 * 05.2006 Added better handling of mutli-valued attributes
18 * 2006-08-28 File created, code imported from lib.php
19 * 2006-10-27 Upstream 1.7 changes merged in, added above credits from lib.php :-)
20 * 2007-03-09 Fixed authentication but may need some other changes
21 */
22
23 if (!defined('MOODLE_INTERNAL')) {
24 die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
25 }
26
27 require_once($CFG->libdir.'/authlib.php');
28
29 /**
30 * Shibboleth authentication plugin.
31 */
32 class auth_plugin_shibboleth extends auth_plugin_base {
33
34 /**
35 * Constructor.
36 */
37 function auth_plugin_shibboleth() {
38 $this->authtype = 'shibboleth';
39 $this->config = get_config('auth/shibboleth');
40 }
41
42 /**
43 * Returns true if the username and password work and false if they are
44 * wrong or don't exist.
45 *
46 * @param string $username The username (with system magic quotes)
47 * @param string $password The password (with system magic quotes)
48 * @return bool Authentication success or failure.
49 */
50 function user_login($username, $password) {
51
52 // If we are in the shibboleth directory then we trust the server var
53 if (!empty($_SERVER[$this->config->user_attribute])) {
54 return (strtolower($_SERVER[$this->config->user_attribute]) == strtolower($username));
55 } else {
56 // If we are not, the user has used the manual login and the login name is
57 // unknown, so we return false.
58 return false;
59 }
60 }
61
62
63
64 /**
65 * Returns the user information for 'external' users. In this case the
66 * attributes provided by Shibboleth
67 *
68 * @return array $result Associative array of user data
69 */
70 function get_userinfo($username) {
71 // reads user information from shibboleth attributes and return it in array()
72 global $CFG;
73
74 // Check whether we have got all the essential attributes
75 if (
76 empty($_SERVER[$this->config->user_attribute])
77 || empty($_SERVER[$this->config->field_map_firstname])
78 || empty($_SERVER[$this->config->field_map_lastname])
79 || empty($_SERVER[$this->config->field_map_email])
80 ) {
81 error(get_string( 'shib_not_all_attributes_error', 'auth' , "'".$this->config->user_attribute."' ('".$_SERVER[$this->config->user_attribute]."'), '".$this->config->field_map_firstname."' ('".$_SERVER[$this->config->field_map_firstname]."'), '".$this->config->field_map_lastname."' ('".$_SERVER[$this->config->field_map_lastname]."') and '".$this->config->field_map_email."' ('".$_SERVER[$this->config->field_map_email]."')"));
82 }
83
84 $attrmap = $this->get_attributes();
85
86 $result = array();
87 $search_attribs = array();
88
89 foreach ($attrmap as $key=>$value) {
90 // Check if attribute is present
91 if (!isset($_SERVER[$value])){
92 $result[$key] = '';
93 continue;
94 }
95
96 // Make usename lowercase
97 if ($key == 'username'){
98 $result[$key] = strtolower($this->get_first_string($_SERVER[$value]));
99 } else {
100 $result[$key] = $this->get_first_string($_SERVER[$value]);
101 }
102 }
103
104 // Provide an API to modify the information to fit the Moodle internal
105 // data representation
106 if (
107 $this->config->convert_data
108 && $this->config->convert_data != ''
109 && is_readable($this->config->convert_data)
110 ) {
111
112 // Include a custom file outside the Moodle dir to
113 // modify the variable $moodleattributes
114 include($this->config->convert_data);
115 }
116
117 return $result;
118 }
119
120 /*
121 * Returns array containg attribute mappings between Moodle and Shibboleth.
122 */
123 function get_attributes() {
124 $configarray = (array) $this->config;
125
126 $fields = array("firstname", "lastname", "email", "phone1", "phone2",
127 "department", "address", "city", "country", "description",
128 "idnumber", "lang", "guid");
129
130 $moodleattributes = array();
131 foreach ($fields as $field) {
132 if (isset($configarray["field_map_$field"])) {
133 $moodleattributes[$field] = $configarray["field_map_$field"];
134 }
135 }
136 $moodleattributes['username'] = $configarray["user_attribute"];
137
138 return $moodleattributes;
139 }
140
141 /**
142 * Returns true if this authentication plugin is 'internal'.
143 *
144 * @return bool
145 */
146 function is_internal() {
147 return false;
148 }
149
150 /**
151 * Returns true if this authentication plugin can change the user's
152 * password.
153 *
154 * @return bool
155 */
156 function can_change_password() {
157 return false;
158 }
159
160 function loginpage_hook() {
161 global $SESSION, $CFG;
162
163 // Prevent username from being shown on login page after logout
164 $CFG->nolastloggedin = true;
165
166 return;
167 }
168
169 /**
170 * Prints a form for configuring this authentication plugin.
171 *
172 * This function is called from admin/auth.php, and outputs a full page with
173 * a form for configuring this plugin.
174 *
175 * @param array $page An object containing all the data for this page.
176 */
177 function config_form($config, $err, $user_fields) {
178 include "config.html";
179 }
180
181 /**
182 * Processes and stores configuration data for this authentication plugin.
183 *
184 *
185 * @param object $config Configuration object
186 */
187 function process_config($config) {
188 global $CFG;
189
190 // set to defaults if undefined
191 if (!isset($config->auth_instructions) or empty($config->user_attribute)) {
192 $config->auth_instructions = get_string('shibboleth_instructions', 'auth', $CFG->wwwroot.'/auth/shibboleth/index.php');
193 }
194 if (!isset ($config->user_attribute)) {
195 $config->user_attribute = '';
196 }
197 if (!isset ($config->convert_data)) {
198 $config->convert_data = '';
199 }
200 if (!isset($config->changepasswordurl)) {
201 $config->changepasswordurl = '';
202 }
203
204 // save settings
205 set_config('user_attribute', $config->user_attribute, 'auth/shibboleth');
206 set_config('convert_data', $config->convert_data, 'auth/shibboleth');
207 set_config('auth_instructions', $config->auth_instructions, 'auth/shibboleth');
208 set_config('changepasswordurl', $config->changepasswordurl, 'auth/shibboleth');
209
210 // Check values and return false if something is wrong
211 // Patch Anyware Technologies (14/05/07)
212 if (($config->convert_data != '')&&(!file_exists($config->convert_data) || !is_readable($config->convert_data))){
213 return false;
214 }
215
216 return true;
217 }
218
219 /**
220 * Cleans and returns first of potential many values (multi-valued attributes)
221 *
222 * @param string $string Possibly multi-valued attribute from Shibboleth
223 */
224 function get_first_string($string) {
225 $list = split( ';', $string);
226 $clean_string = rtrim($list[0]);
227
228 return $clean_string;
229 }
230 }
231
232 ?>
Moodle Repo, with LinuxChix modifications