chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

enable cas→replace_login_form

Browse Source
pull/3075/head
Sébastien Ducoulombier 6 years ago
parent 57337a6169
commit 37bef440be
12 changed files with 92 additions and 122 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      app/config/auth.conf.dist.php
  2. 39
      main/auth/cas/authcas.php
  3. 46
      main/auth/cas/logincas.php
  4. 9
      main/auth/cas/logout.php
  5. 4
      main/auth/gotocourse.php
  6. 7
      main/inc/lib/api.lib.php
  7. 55
      main/inc/lib/template.lib.php
  8. 43
      main/inc/local.inc.php
  9. 5
      plugin/add_cas_login_button/index.php
  10. 2
      plugin/add_cas_login_button/template.tpl
  11. 1
      plugin/add_cas_logout_button/index.php
  12. 2
      plugin/add_cas_logout_button/template.tpl

1
app/config/auth.conf.dist.php
Unescape View File

@ -117,6 +117,7 @@ $langMainInfoDetail .= '<p>More information on OpenID is available at <a href="h
*/ */
$cas = [ $cas = [
'force_redirect' => false, 'force_redirect' => false,
'replace_login_form' => false,
// 'verbose' => false, // 'verbose' => false,
// 'debug' => '/var/log/cas_debug.log', // 'debug' => '/var/log/cas_debug.log',
'noCasServerValidation' => true, // set to false in production 'noCasServerValidation' => true, // set to false in production

39
main/auth/cas/authcas.php
Unescape View File

@ -1,39 +0,0 @@
<?php
/* Written by Noel Dieschburg <noel@cblue.be> for the paris5 university
* Checks if the user is already logged in via the cas system
* Gets all the info via the ldap module (ldap has to work)
*/
require_once api_get_path(SYS_PATH).'main/auth/cas/cas_var.inc.php';
/**
* @return bool whether cas is configured
*/
function cas_configured()
{
foreach(['cas_server', 'cas_protocol', 'cas_port'] as $v) {
if (is_null(api_get_setting($v))) {
return false;
}
}
return phpCAS::isInitialized();
}
/*
* Return the direct URL to a course code with CAS login
*/
function get_cas_direct_URL($in_course_code)
{
return api_get_path(WEB_PATH).'main/auth/cas/logincas.php?firstpage='.$in_course_code;
}
function getCASLogoHTML()
{
$out_res = "";
if (api_get_setting("casLogoURL") != "") {
$out_res = "<img src='".api_get_setting("casLogoURL")."' alt='CAS Logo' />";
}
return $out_res;
}

46
main/auth/cas/logincas.php
Unescape View File

@ -1,46 +0,0 @@
<?php
//----------------------------------------------------------------------
// CAS PLUGIN
//----------------------------------------------------------------------
// Copyright (c) 2006-2007 University Marc Bloch (UMB)
//----------------------------------------------------------------------
// This program is under the terms of the GENERAL PUBLIC LICENSE (GPL)
// as published by the FREE SOFTWARE FOUNDATION. The GPL is available
// through the world-wide-web at http://www.gnu.org/copyleft/gpl.html
//----------------------------------------------------------------------
// Authors: Pierre Cahard
//----------------------------------------------------------------------
// Load required
require '../../inc/global.inc.php';
require_once 'authcas.php';
use ChamiloSession as Session;
// phpCAS
/*
If we are not logged and in our browser enter an URL with a name of a course
e.g. http://www.chamilo.fr/chamilo/courses/COURSTESTOSETE/?id_session=0
We go to page api_not_allowed :
> You are not allowed to see this page.
> Sorry, you are not allowed to access this page, or maybe your connection has expired.
> Please click your browser's \"Back\" button or follow the link below to return to the previous page
If we click on the link to go to homepage, some datas are entered in $_SESSION and if we enter our CAS login,
we go to api_not_allowad_page again and again
As a result, if we are not logged on, we have to destroy the session variables, before calling CAS page
*/
if (api_is_anonymous()) {
Session::destroy();
}
if (cas_configured()) {
$firstpage = "";
if (isset($_GET['firstpage'])) {
$firstpage = $_GET['firstpage'];
setcookie("GotoCourse", $firstpage);
}
phpCAS::forceAuthentication();
header('Location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login'));
} else {
header('Location: '.api_get_path(WEB_PATH));
}

9
main/auth/cas/logout.php
Unescape View File

@ -1,9 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/*
Call this file to disconnect from CAS session.
logoutWithUrl() not used because with CAS v3 you cannot redirect your logout to a specific URL
because of security reason.
*/
require '../..//inc/global.inc.php';
online_logout($_SESSION['_user']['user_id']);

4
main/auth/gotocourse.php
Unescape View File

@ -9,7 +9,6 @@
* Author : hubert.borderiou@grenet.fr * Author : hubert.borderiou@grenet.fr
*/ */
require_once __DIR__.'/../inc/global.inc.php'; require_once __DIR__.'/../inc/global.inc.php';
require_once api_get_path(SYS_PATH).'main/auth/cas/authcas.php';
$msg = null; $msg = null;
if (isset($_GET['firstpage'])) { if (isset($_GET['firstpage'])) {
$firstpage = $_GET['firstpage']; $firstpage = $_GET['firstpage'];
@ -53,9 +52,8 @@ if (isset($_GET['firstpage'])) {
$form->addButtonNext(get_lang('LoginEnter'), 'submitAuth'); $form->addButtonNext(get_lang('LoginEnter'), 'submitAuth');
// see same text in main_api.lib.php function api_not_allowed // see same text in main_api.lib.php function api_not_allowed
if (api_is_cas_activated()) { if (api_is_cas_activated()) {
require_once api_get_path(SYS_PATH).'main/auth/cas/authcas.php';
$msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false); $msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
$msg .= Display::div("<br/><a href='".get_cas_direct_URL(api_get_course_id())."'>".getCASLogoHTML()." ".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", ['align' => 'center']); $msg .= Display::div(Template::displayCASLoginButton(), ['align' => 'center']);
$msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount')); $msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
$msg .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>"; $msg .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>";
$msg .= "<div style='display:none;'>"; $msg .= "<div style='display:none;'>";

7
main/inc/lib/api.lib.php
Unescape View File

@ -3815,7 +3815,7 @@ function api_not_allowed(
if (api_is_cas_activated()) { if (api_is_cas_activated()) {
$content .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false); $content .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
$content .= Display::div( $content .= Display::div(
"<br/><a href='".get_cas_direct_URL(api_get_course_id())."'>".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", Template::displayCASLoginButton(),
['align' => 'center'] ['align' => 'center']
); );
$content .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount')); $content .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
@ -3866,7 +3866,10 @@ function api_not_allowed(
'', '',
false false
); );
$msg .= Display::div("<br/><a href='".get_cas_direct_URL(api_get_course_int_id())."'>".getCASLogoHTML()." ".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", ['align' => 'center']); $msg .= Display::div(
Template::displayCASLoginButton(),
['align' => 'center']
);
$msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount')); $msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
$msg .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>"; $msg .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>";
$msg .= "<div style='display:none;'>"; $msg .= "<div style='display:none;'>";

55
main/inc/lib/template.lib.php
Unescape View File

@ -1075,11 +1075,64 @@ class Template
return Display::return_message($message, 'error', false); return Display::return_message($message, 'error', false);
} }
public static function displayCASLoginButton($label = null)
{
$form = new FormValidator(
'form-cas-login',
'POST',
api_get_path(WEB_PATH).api_get_setting('page_after_login'),
null,
null,
FormValidator::LAYOUT_BOX_NO_LABEL
);
$form->addHidden('forceCASAuthentication', 1);
$form->addButton(
'casLoginButton',
is_null($label) ? sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution")) : $label,
api_get_setting("casLogoURL"),
'primary',
null,
'btn-block'
);
return $form->returnForm();
}
public static function displayCASLogoutButton($label = null)
{
$form = new FormValidator(
'form-cas-logout',
'GET',
api_get_path(WEB_PATH),
null,
null,
FormValidator::LAYOUT_BOX_NO_LABEL
);
$form->addHidden('logout', 1);
$form->addButton(
'casLogoutButton',
is_null($label) ? sprintf(get_lang('LogoutWithYourAccount'), api_get_setting("Institution")) : $label,
api_get_setting("casLogoURL"),
'primary',
null,
'btn-block'
);
return $form->returnForm();
}
/** /**
* @return string * @return string
* @throws Exception
*/ */
public function displayLoginForm() public static function displayLoginForm()
{ {
global $cas;
if (is_array($cas) && array_key_exists('replace_login_form', $cas) && $cas['replace_login_form'] = true) {
return self::displayCASLoginButton();
}
$form = new FormValidator( $form = new FormValidator(
'form-login', 'form-login',
'POST', 'POST',

43
main/inc/local.inc.php
Unescape View File

@ -196,6 +196,14 @@ $login = isset($_POST["login"]) ? $_POST["login"] : '';
$logging_in = false; $logging_in = false;
/* MAIN CODE */ /* MAIN CODE */
if (array_key_exists('forceCASAuthentication', $_POST)) {
unset($_SESSION['_user']);
unset($_user);
if (api_is_anonymous()) {
Session::destroy();
}
}
if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
// uid is in session => login already done, continue with this value // uid is in session => login already done, continue with this value
$_user['user_id'] = $_SESSION['_user']['user_id']; $_user['user_id'] = $_SESSION['_user']['user_id'];
@ -261,7 +269,6 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
} }
// IF cas is activated and user isn't logged in // IF cas is activated and user isn't logged in
$casUser = false;
if ('true' === api_get_setting('cas_activate') if ('true' === api_get_setting('cas_activate')
&& !isset($_user['user_id']) && !isset($_user['user_id'])
&& !isset($_POST['login']) && !isset($_POST['login'])
@ -269,10 +276,16 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
) { ) {
// load the CAS system to authenticate the user // load the CAS system to authenticate the user
require_once api_get_path(SYS_PATH).'main/auth/cas/cas_var.inc.php'; require_once __DIR__.'/../auth/cas/cas_var.inc.php';
// redirect to CAS server if not authenticated yet and so configured // redirect to CAS server if not authenticated yet and so configured
if (is_array($cas) && array_key_exists('force_redirect', $cas) && $cas['force_redirect']) { if (
is_array($cas) && array_key_exists('force_redirect', $cas) && $cas['force_redirect']
||
array_key_exists('forceCASAuthentication', $_POST)
||
array_key_exists('ticket', $_GET)
) {
phpCAS::forceAuthentication(); phpCAS::forceAuthentication();
} }
@ -312,12 +325,14 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
if ('true' === api_get_setting("update_user_info_cas_with_ldap")) { if ('true' === api_get_setting("update_user_info_cas_with_ldap")) {
UserManager::updateUserFromLDAP($login); UserManager::updateUserFromLDAP($login);
} }
$_user = api_get_user_info_from_username($login);
Session::write('_user', $_user);
} else { } else {
// not CAS authenticated // not CAS authenticated
} }
} } elseif (isset($_POST['login']) && isset($_POST['password'])) {
if ((isset($_POST['login']) && isset($_POST['password'])) || ($casUser)) {
// $login && $password are given to log in // $login && $password are given to log in
if (empty($login) || !empty($_POST['login'])) { if (empty($login) || !empty($_POST['login'])) {
$login = $_POST['login']; $login = $_POST['login'];
@ -388,8 +403,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
} }
} }
if ($casUser || if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE ||
$uData['auth_source'] == PLATFORM_AUTH_SOURCE ||
$uData['auth_source'] == CAS_AUTH_SOURCE $uData['auth_source'] == CAS_AUTH_SOURCE
) { ) {
$validPassword = isset($password) && UserManager::isPasswordValid( $validPassword = isset($password) && UserManager::isPasswordValid(
@ -422,7 +436,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
} }
// Check the user's password // Check the user's password
if (($validPassword || $casUser || $checkUserFromExternalWebservice) && if (($validPassword || $checkUserFromExternalWebservice) &&
(trim($login) == $uData['username']) (trim($login) == $uData['username'])
) { ) {
// Means that the login was loaded in a different page than index.php // Means that the login was loaded in a different page than index.php
@ -485,12 +499,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
// https://support.chamilo.org/issues/6124 // https://support.chamilo.org/issues/6124
$location = api_get_path(WEB_PATH) $location = api_get_path(WEB_PATH)
.'index.php?loginFailed=1&error=access_url_inactive'; .'index.php?loginFailed=1&error=access_url_inactive';
if ($casUser) { header('Location: '.$location);
phpCAS::logoutWithRedirectService($location);
Event::courseLogout($logoutInfo);
} else {
header('Location: '.$location);
}
exit; exit;
} }
} else { } else {
@ -1624,9 +1633,7 @@ if (isset($_cid)) {
} }
// direct login to course // direct login to course
if ((isset($casUser) && $casUser && exist_firstpage_parameter()) || if ($logging_in && exist_firstpage_parameter()) {
($logging_in && exist_firstpage_parameter())
) {
$redirectCourseDir = api_get_firstpage_parameter(); $redirectCourseDir = api_get_firstpage_parameter();
api_delete_firstpage_parameter(); // delete the cookie api_delete_firstpage_parameter(); // delete the cookie

5
plugin/add_cas_login_button/index.php
Unescape View File

@ -1,12 +1,12 @@
<?php <?php
// Show the CAS button to login using CAS // Show the CAS button to login using CAS
require_once api_get_path(SYS_PATH).'main/auth/cas/authcas.php'; require_once api_get_path(SYS_PATH).'main/auth/cas/cas_var.inc.php';
$_template['show_message'] = false; $_template['show_message'] = false;
if (api_is_anonymous()) { if (api_is_anonymous()) {
$_template['cas_activated'] = api_is_cas_activated(); $_template['cas_activated'] = api_is_cas_activated();
$_template['cas_configured'] = cas_configured(); $_template['cas_configured'] = api_is_cas_activated() && phpCAS::isInitialized();
$_template['show_message'] = true; $_template['show_message'] = true;
// the default title // the default title
$button_label = "Connexion via CAS"; $button_label = "Connexion via CAS";
@ -25,4 +25,5 @@ if (api_is_anonymous()) {
$_template['button_label'] = $button_label; $_template['button_label'] = $button_label;
$_template['comm_label'] = $comm_label; $_template['comm_label'] = $comm_label;
$_template['url_label'] = $url_label; $_template['url_label'] = $url_label;
$_template['form'] = Template::displayCASLoginButton(get_lang('LoginEnter'));
} }

2
plugin/add_cas_login_button/template.tpl
Unescape View File

@ -11,7 +11,7 @@
<div class='cas_plugin_comm'>{{ add_cas_login_button.comm_label }}</div> <div class='cas_plugin_comm'>{{ add_cas_login_button.comm_label }}</div>
{% if add_cas_login_button.cas_activated %} {% if add_cas_login_button.cas_activated %}
{% if add_cas_login_button.cas_configured %} {% if add_cas_login_button.cas_configured %}
<button class="btn btn-default" onclick="javascript:self.location.href='main/auth/cas/logincas.php'">{{"LoginEnter"|get_lang}}</button> {{ add_cas_login_button.form }}
{% else %} {% else %}
CAS isn't configured. Go to Admin > Configuration > CAS.<br/> CAS isn't configured. Go to Admin > Configuration > CAS.<br/>
{% endif %} {% endif %}

1
plugin/add_cas_logout_button/index.php
Unescape View File

@ -20,6 +20,7 @@ if (!api_is_anonymous() &&
$logout_image_url = $plugin_info['settings']['add_cas_logout_button_cas_logout_image_url']; $logout_image_url = $plugin_info['settings']['add_cas_logout_button_cas_logout_image_url'];
$_template['logout_label'] = $logout_label; $_template['logout_label'] = $logout_label;
$_template['form'] = Template::displayCASLogoutButton(get_lang('Logout'));
$_template['logout_comment'] = $logout_comment; $_template['logout_comment'] = $logout_comment;
$_template['logout_image_url'] = $logout_image_url; $_template['logout_image_url'] = $logout_image_url;
} }

2
plugin/add_cas_logout_button/template.tpl
Unescape View File

@ -9,7 +9,7 @@
<div class='cas_plugin_clear'>&nbsp;</div> <div class='cas_plugin_clear'>&nbsp;</div>
{% endif %} {% endif %}
<div class='cas_plugin_comm'>{{add_cas_logout_button.logout_comment}}</div> <div class='cas_plugin_comm'>{{add_cas_logout_button.logout_comment}}</div>
<button class="btn btn-default" onclick="javascript:self.location.href='main/auth/cas/logout.php'">{{"Logout"|get_lang}}</button> {{ add_cas_logout_button.form }}
</div> </div>
{% endif %} {% endif %}

Write Preview
Loading…
Cancel
Save