auth/shibboleth/auth.php

   1 <?php
   2 /**
   3  * @author Martin Dougiamas
   4  * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
   5  * @package moodle multiauth
   6  *
   7  * Authentication Plugin: Shibboleth Authentication
   8  *
   9  * Authentication using Shibboleth.
  10  *
  11  * 10.2004 SHIBBOLETH Authentication functions v.0.1
  12  * 05.2005 Various extensions and fixes by Lukas Haemmerle
  13  * 10.2005 Added better error messags
  14  * 05.2006 Added better handling of mutli-valued attributes
  15  * Distributed under GPL (c)Markus Hagman 2004-2006
  16  *
  17  * 2006-08-28  File created, code imported from lib.php
  18  * 2006-10-27  Upstream 1.7 changes merged in, added above credits from lib.php :-)
  19  */
  20
  21 if (!defined('MOODLE_INTERNAL')) {
  22     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
  23 }
  24
  25 /**
  26  * Shibboleth authentication plugin.
  27  */
  28 class auth_plugin_shibboleth {
  29
  30     /**
  31      * The configuration details for the plugin.
  32      */
  33     var $config;
  34
  35     /**
  36      * Constructor.
  37      */
  38     function auth_plugin_shibboleth() {
  39         $this->config = get_config('auth/shibboleth');
  40     }
  41
  42     /**
  43      * Returns true if the username and password work and false if they are
  44      * wrong or don't exist.
  45      *
  46      * @param string $username The username (with system magic quotes)
  47      * @param string $password The password (with system magic quotes)
  48      * @return bool Authentication success or failure.
  49      */
  50     function user_login($username, $password) {
  51         // If we are in the shibboleth directory then we trust the server var
  52         if (!empty($_SERVER[$config->user_attribute])) {
  53             return ($_SERVER[$config->user_attribute] == $username);
  54         } else {
  55             // If we are not, the user has used the manual login and the login name is
  56             // unknown, so we return false.
  57             return false;
  58         }
  59     }
  60
  61     function get_userinfo($username) {
  62     // reads user information from shibboleth attributes and return it in array()
  63         global $CFG;
  64
  65         // Check whether we have got all the essential attributes
  66         if (
  67                empty($_SERVER[$config->user_attribute])
  68             || empty($_SERVER[$config->field_map_firstname])
  69             || empty($_SERVER[$config->field_map_lastname])
  70             || empty($_SERVER[$config->field_map_email])
  71             ) {
  72             error(get_string( 'shib_not_all_attributes_error', 'auth' , "'".$config->user_attribute."' ('".$_SERVER[$config->user_attribute]."'), '".$config->field_map_firstname."' ('".$_SERVER[$config->field_map_firstname]."'), '".$config->field_map_lastname."' ('".$_SERVER[$config->field_map_lastname]."') and '".$config->field_map_email."' ('".$_SERVER[$config->field_map_email]."')"));
  73         }
  74
  75         $attrmap = $this->get_attributes();
  76
  77         $result = array();
  78         $search_attribs = array();
  79
  80         foreach ($attrmap as $key=>$value) {
  81             $result[$key] = $this->get_first_string($_SERVER[$value]);
  82         }
  83
  84          // Provide an API to modify the information to fit the Moodle internal
  85         // data representation
  86         if (
  87               $config->convert_data
  88               && $config->convert_data != ''
  89               && is_readable($config->convert_data)
  90             ) {
  91
  92             // Include a custom file outside the Moodle dir to
  93             // modify the variable $moodleattributes
  94             include($config->convert_data);
  95         }
  96
  97         return $result;
  98     }
  99
 100     /*
 101      * Returns array containg attribute mappings between Moodle and Shibboleth.
 102      */
 103     function get_attributes() {
 104         $configarray = (array) $this->config;
 105
 106         $fields = array("firstname", "lastname", "email", "phone1", "phone2",
 107                         "department", "address", "city", "country", "description",
 108                         "idnumber", "lang", "guid");
 109
 110         $moodleattributes = array();
 111         foreach ($fields as $field) {
 112             if ($configarray["field_map_$field"]) {
 113                 $moodleattributes[$field] = $configarray["field_map_$field"];
 114             }
 115         }
 116         $moodleattributes['username'] = $configarray["user_attribute"];
 117
 118         return $moodleattributes;
 119     }
 120
 121     /**
 122      * Returns true if this authentication plugin is 'internal'.
 123      *
 124      * @return bool
 125      */
 126     function is_internal() {
 127         return false;
 128     }
 129
 130     /**
 131      * Returns true if this authentication plugin can change the user's
 132      * password.
 133      *
 134      * @return bool
 135      */
 136     function can_change_password() {
 137         return false;
 138     }
 139
 140     /**
 141      * Prints a form for configuring this authentication plugin.
 142      *
 143      * This function is called from admin/auth.php, and outputs a full page with
 144      * a form for configuring this plugin.
 145      *
 146      * @param array $page An object containing all the data for this page.
 147      */
 148     function config_form($config, $err, $user_fields) {
 149         include "config.html";
 150     }
 151
 152     /**
 153      * Processes and stores configuration data for this authentication plugin.
 154      */
 155     function process_config($config) {
 156         // set to defaults if undefined
 157         if (!isset($config->auth_instructions) or empty($config->user_attribute)) {
 158             $config->auth_instructions = get_string('shibboleth_instructions', 'auth', $CFG->wwwroot.'/auth/shibboleth/index.php');
 159         }
 160         if (!isset ($config->user_attribute)) {
 161             $config->user_attribute = '';
 162         }
 163         if (!isset ($config->convert_data)) {
 164             $config->convert_data = '';
 165         }
 166         if (!isset($config->changepasswordurl)) {
 167             $config->changepasswordurl = '';
 168         }
 169
 170         // save settings
 171         set_config('user_attribute',    $config->user_attribute,    'auth/shibboleth');
 172         set_config('convert_data',      $config->convert_data,      'auth/shibboleth');
 173         set_config('auth_instructions', $config->auth_instructions, 'auth/shibboleth');
 174         set_config('changepasswordurl', $config->changepasswordurl, 'auth/shibboleth');
 175
 176         return true;
 177     }
 178
 179     /**
 180      * Cleans and returns first of potential many values (multi-valued attributes)
 181      */
 182     function get_first_string($string) {
 183         $list = split( ';', $string);
 184         $clean_string = rtrim($list[0]);
 185
 186         return $clean_string;
 187     }
 188 }
 189
 190 ?>