1
|
<?php
|
2
|
// $Id: shib_auth_admin.inc,v 1.1.2.5 2008/09/26 11:58:24 niif Exp $
|
3
|
|
4
|
/**
|
5
|
* @file
|
6
|
* Generate the administration form of the Shibboleth authentication module
|
7
|
*
|
8
|
* @returns HTML text of the administration form
|
9
|
*/
|
10
|
function shib_auth_admin() {
|
11
|
$form = array();
|
12
|
|
13
|
$form['shib_handler_settings'] = array(
|
14
|
'#type' => 'fieldset',
|
15
|
'#title' => t('Shibboleth handler settings'),
|
16
|
'#weight' => 0,
|
17
|
'#collapsible' => FALSE,
|
18
|
);
|
19
|
|
20
|
$form['shib_attribute_settings'] = array(
|
21
|
'#type' => 'fieldset',
|
22
|
'#title' => t('Attribute settings'),
|
23
|
'#weight' => 0,
|
24
|
'#collapsible' => FALSE,
|
25
|
);
|
26
|
|
27
|
$form['shib_handler_settings']['shib_auth_handler_url'] = array(
|
28
|
'#type' => 'textfield',
|
29
|
'#title' => t('Shibboleth handler URL'),
|
30
|
'#default_value' => variable_get('shib_auth_handler_url', '/Shibboleth.sso'),
|
31
|
'#description' => t('The URL can be absolute or relative to the server base url: http://www.example.com/Shibboleth.sso; /Shibboleth.sso'),
|
32
|
);
|
33
|
|
34
|
$form['shib_handler_settings']['shib_auth_handler_protocol'] = array(
|
35
|
'#type' => 'select',
|
36
|
'#title' => t('Shibboleth handler protocol'),
|
37
|
'#default_value' => variable_get('shib_auth_handler_protocol', 'https'),
|
38
|
'#options' => array(
|
39
|
'http' => t('HTTP'),
|
40
|
'https' => t('HTTPS'),
|
41
|
),
|
42
|
'#description' => t('This option will be effective only if the handler URL is a relative path.'),
|
43
|
);
|
44
|
|
45
|
$form['shib_handler_settings']['shib_auth_wayf_uri'] = array(
|
46
|
'#type' => 'textfield',
|
47
|
'#title' => t('WAYF location'),
|
48
|
'#default_value' => variable_get('shib_auth_wayf_uri', '/WAYF/HREF'),
|
49
|
);
|
50
|
|
51
|
$form['shib_handler_settings']['login_target_protocol'] = array(
|
52
|
'#type' => 'select',
|
53
|
'#title' => t('Shibboleth login target protocol'),
|
54
|
'#default_value' => variable_get('login_target_protocol', 'https'),
|
55
|
'#options' => array(
|
56
|
'http' => t('HTTP'),
|
57
|
'https' => t('HTTPS'),
|
58
|
),
|
59
|
'#description' => t('The protocol to use as target protocol after successful login.'),
|
60
|
);
|
61
|
|
62
|
global $base_url;
|
63
|
$form['shib_handler_settings']['logout_return_url'] = array(
|
64
|
'#type' => 'textfield',
|
65
|
'#title' => t('Shibboleth logout return URL'),
|
66
|
'#default_value' => variable_get('logout_return_url', $base_url),
|
67
|
'#description' => t('The URL to return to after logout. Must be an absolute URL.'),
|
68
|
);
|
69
|
|
70
|
$form['shib_attribute_settings']['shib_auth_username_variable'] = array(
|
71
|
'#type' => 'textfield',
|
72
|
'#title' => t('Server variable for username'),
|
73
|
'#default_value' => variable_get('shib_auth_username_variable', 'REMOTE_USER'),
|
74
|
);
|
75
|
|
76
|
$form['shib_attribute_settings']['shib_auth_username_email'] = array(
|
77
|
'#type' => 'textfield',
|
78
|
'#title' => t('Server variable for e-mail address'),
|
79
|
'#default_value' => variable_get('shib_auth_username_email', 'HTTP_SHIB_MAIL'),
|
80
|
);
|
81
|
|
82
|
$form['shib_attribute_debug']['shib_auth_debug_state'] = array(
|
83
|
'#type' => 'checkbox',
|
84
|
'#title' => t('Enable DEBUG mode.'),
|
85
|
'#default_value' => variable_get('shib_auth_debug_state', FALSE),
|
86
|
);
|
87
|
|
88
|
return system_settings_form($form);
|
89
|
} // function shib_auth_admin()
|
90
|
|
91
|
/**
|
92
|
* Clone an exists rule form based on new rule add form
|
93
|
*/
|
94
|
function shib_auth_clone_rule() {
|
95
|
return shib_auth_edit_rule();
|
96
|
}//function shib_auth_clone_rule()
|
97
|
|
98
|
/**
|
99
|
* Submit the cloned rule based on new rule add submit
|
100
|
*/
|
101
|
function shib_auth_clone_rule_submit($form_id, $form_values) {
|
102
|
shib_auth_new_rule_form_submit($form_id, $form_values);
|
103
|
}
|
104
|
|
105
|
/**
|
106
|
* Delete a rule from the list.
|
107
|
*
|
108
|
* @param $rule_id Id of the rule what will be delete.
|
109
|
*/
|
110
|
function shib_auth_delete_rule($rule_id) {
|
111
|
$result = db_query("DELETE FROM {shib_auth} WHERE id = %d", $rule_id);
|
112
|
|
113
|
if ($result) {
|
114
|
drupal_set_message('Rule <span style="font-weight: bold;">#'. $rule_id .'</span> has been deleted.', 'warning');
|
115
|
}
|
116
|
else {
|
117
|
$message = 'Rule has not been deleted!';
|
118
|
drupal_set_message(t($message), 'error');
|
119
|
watchdog('shub_auth', $message, WATCHDOG_ERROR);
|
120
|
}
|
121
|
|
122
|
drupal_goto('admin/user/shib_auth/rules');
|
123
|
}//function shib_auth_delete_rule()
|
124
|
|
125
|
/**
|
126
|
* List the added rule(s)
|
127
|
*
|
128
|
* @return Rule list in a HTML table
|
129
|
*/
|
130
|
function shib_auth_list_rules() {
|
131
|
$header = array(
|
132
|
array('data' => t('Attribute'), 'field' => 'field'),
|
133
|
array('data' => t('RegExp'), 'field' => 'regexpression'),
|
134
|
array('data' => t('Role(s)'), 'field' => 'role'),
|
135
|
array('data' => t('Actions')),
|
136
|
);
|
137
|
$tablesort_sql = 'SELECT * FROM {shib_auth}'. tablesort_sql($header);
|
138
|
$rules = db_query($tablesort_sql);
|
139
|
|
140
|
if (!$rules) {
|
141
|
return t('There is no rule in the database');
|
142
|
}
|
143
|
|
144
|
$row = array();
|
145
|
while ($rule = db_fetch_array($rules)) {
|
146
|
$user_roles = user_roles(TRUE);
|
147
|
$roles = unserialize($rule['role']);
|
148
|
$roles_list = '';
|
149
|
if (!empty($roles)) $roles_list = implode(', ', $roles);
|
150
|
|
151
|
$links = l(t('Clone') .' ', 'admin/user/shib_auth/rules/Clone/'. $rule['id']);
|
152
|
$links .= l(t('Edit') .' ', 'admin/user/shib_auth/rules/Edit/'. $rule['id']);
|
153
|
$links .= l(t('Delete') .' ', 'admin/user/shib_auth/rules/Delete/'. $rule['id']);
|
154
|
|
155
|
$row[] = array($rule['field'], $rule['regexpression'], $roles_list, $links);
|
156
|
}
|
157
|
|
158
|
return theme_table($header, $row);
|
159
|
} // function shib_auth_list_rules()
|
160
|
|
161
|
/**
|
162
|
* Rule edit form basedon new rule form
|
163
|
*
|
164
|
* @return array rule edit form array
|
165
|
*/
|
166
|
function shib_auth_edit_rule() {
|
167
|
$rule_id = arg(5);
|
168
|
|
169
|
$rule = db_query("SELECT * FROM {shib_auth} WHERE id = %d", array($rule_id));
|
170
|
$exists_rule = db_fetch_array($rule);
|
171
|
|
172
|
return shib_auth_new_rule_form($exists_rule);
|
173
|
}//function shib_auth_edit_rule()
|
174
|
|
175
|
/**
|
176
|
* Submit the edited rule.
|
177
|
*
|
178
|
* @param $form_id
|
179
|
* Id of the form.
|
180
|
* @param $form_values
|
181
|
* Values of the POSTed form.
|
182
|
*/
|
183
|
function shib_auth_edit_rule_submit($form_id, $form_values) {
|
184
|
$roles = _role_normalize($form_values['roles']);
|
185
|
|
186
|
$result = db_query("UPDATE {shib_auth} SET field = '%s', regexpression = '%s', role = '%s' WHERE id = %d", $form_values['field'], $form_values['regexpression'], serialize($roles), arg(5));
|
187
|
|
188
|
if ($result) {
|
189
|
drupal_set_message(t('Rule was save.'));
|
190
|
drupal_goto('admin/user/shib_auth/rules');
|
191
|
}
|
192
|
else {
|
193
|
$message = 'Rule was not save into database!';
|
194
|
drupal_set_message(t($message));
|
195
|
watchdog('shib_auth_error', $message, WATCHDOG_ERROR);
|
196
|
}
|
197
|
|
198
|
}
|
199
|
|
200
|
/**
|
201
|
* Add a new rule form.
|
202
|
*
|
203
|
* @param $editing_rule
|
204
|
* If edit or clone a rule it has value otherwise it is an empty array.
|
205
|
* @return
|
206
|
* form API compatible array
|
207
|
*/
|
208
|
function shib_auth_new_rule_form($editing_rule = array()) {
|
209
|
$form = array();
|
210
|
|
211
|
$form['field'] = array(
|
212
|
'#title' => t('Shibboleth attribute name'),
|
213
|
'#type' => 'textfield',
|
214
|
'#default_value' => !empty($editing_rule['field'])?$editing_rule['field']:'',
|
215
|
'#require' => TRUE,
|
216
|
'#description' => t('More properly: <b>$_SERVER</b> field name; enable DEBUG mode to list available fields. <br/>Note that it might differ from your users\' fields.'),
|
217
|
);
|
218
|
|
219
|
$form['regexpression'] = array(
|
220
|
'#title' => t('Value (regexp)'),
|
221
|
'#type' => 'textfield',
|
222
|
'#default_value' => !empty($editing_rule['regexpression'])?$editing_rule['regexpression']:'',
|
223
|
'#require' => TRUE,
|
224
|
);
|
225
|
|
226
|
$roles = user_roles(TRUE);
|
227
|
|
228
|
$edit_role = unserialize($editing_rule['role']);
|
229
|
$form['roles'] = array(
|
230
|
'#type' => 'checkboxes',
|
231
|
'#title' => t('Roles'),
|
232
|
'#default_value' => is_array($edit_role)?array_keys($edit_role):'',
|
233
|
'#options' => $roles,
|
234
|
);
|
235
|
|
236
|
$form['submit'] = array(
|
237
|
'#type' => 'submit',
|
238
|
'#value' => t('@Action rule', array('@Action' => arg(4))),
|
239
|
);
|
240
|
|
241
|
//$form['#submit'][] = 'shib_auth_new_rule';
|
242
|
|
243
|
return $form;
|
244
|
}//function shib_auth_new_rule_form()
|
245
|
|
246
|
/**
|
247
|
* New rule add submit implementation
|
248
|
*
|
249
|
* @param $form_id
|
250
|
* Id of the form what you process.
|
251
|
* @param $form_values
|
252
|
* Form values.
|
253
|
*/
|
254
|
function shib_auth_new_rule_form_submit($form_id, $form_values) {
|
255
|
$roles = _role_normalize($form_values['roles']);
|
256
|
|
257
|
$result = db_query("INSERT INTO {shib_auth} ".
|
258
|
"VALUES (%d, '%s', '%s', '%s' )",
|
259
|
db_next_id('{shib_auth}_id'),
|
260
|
$form_values['field'],
|
261
|
$form_values['regexpression'],
|
262
|
serialize($roles));
|
263
|
if ($result) {
|
264
|
drupal_set_message(t('Rule was save.'));
|
265
|
drupal_goto('admin/user/shib_auth/rules');
|
266
|
}
|
267
|
else {
|
268
|
$message = 'Rule was not save into database!';
|
269
|
drupal_set_message(t($message));
|
270
|
watchdog('shib_auth_error', $message, WATCHDOG_ERROR);
|
271
|
}
|
272
|
}// function shib_auth_new_rule_form_submit
|
273
|
|
274
|
|
275
|
function _role_normalize($role_id) {
|
276
|
$user_role = user_roles(TRUE);
|
277
|
$roles = array();
|
278
|
|
279
|
foreach ($role_id AS $key => $role_key) {
|
280
|
if ($role_key !== 0) {
|
281
|
$roles[$role_key] = $user_role[$role_key];
|
282
|
}
|
283
|
}
|
284
|
|
285
|
return $roles;
|
286
|
}
|