chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove sso code should be replaced with HWIOAuthBundle #2645

Browse Source
pull/2715/head
Julio Montoya 7 years ago
parent 710bd053a3
commit fe43d86986
9 changed files with 2 additions and 865 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      app/Migrations/Schema/V200/Version20.php
  2. 60
      main/auth/sso/SsoServer.php
  3. 298
      main/auth/sso/sso.Drupal.class.php
  4. 301
      main/auth/sso/sso.class.php
  5. 105
      main/auth/sso/sso_server_test.php
  6. 67
      main/inc/lib/api.lib.php
  7. 23
      main/inc/lib/display.lib.php
  8. 3
      main/inc/lib/template.lib.php
  9. 6
      src/SettingsBundle/Manager/SettingsManager.php

4
app/Migrations/Schema/V200/Version20.php
Unescape View File

@ -450,12 +450,12 @@ class Version20 extends AbstractMigrationChamilo
'openid_authentication',
//'platform_charset',
'shibboleth_description',
/*'sso_authentication',
'sso_authentication',
'sso_authentication_domain',
'sso_authentication_auth_uri',
'sso_authentication_unauth_uri',
'sso_authentication_protocol',
'sso_force_redirect',*/
'sso_force_redirect',
];
foreach ($settings as $setting) {

60
main/auth/sso/SsoServer.php
Unescape View File

@ -1,60 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
/**
* This file contains the necessary elements to implement a Single Sign On
* using chamilo as a SSO server.
*
* @package chamilo.auth.sso
*/
class SsoServer
{
/**
* This is used to get the url with the SSO params.
*
* @param string $refererSso
* @param array $additionalParams
*
* @return string
*/
public function getUrl($refererSso, $additionalParams = [])
{
if (empty($refererSso)) {
return null;
}
$getParams = parse_url($refererSso, PHP_URL_QUERY);
$userInfo = api_get_user_info(api_get_user_id(), false, true);
$chamiloUrl = api_get_path(WEB_PATH);
$sso = [
'username' => $userInfo['username'],
'secret' => sha1($userInfo['password']),
'master_domain' => $chamiloUrl,
'master_auth_uri' => $chamiloUrl.'?submitAuth=true',
'lifetime' => time() + 3600,
'target' => $refererSso,
];
if (!empty($additionalParams)) {
foreach ($additionalParams as $key => $value) {
if (!empty($key)) {
$sso[$key] = $value;
continue;
}
$sso[] = $value;
}
}
$cookie = base64_encode(serialize($sso));
return $refererSso
.($getParams ? '&' : '?')
.http_build_query([
'loginFailed' => 0,
'sso_referer' => $refererSso,
'sso_cookie' => $cookie,
]);
}
}

298
main/auth/sso/sso.Drupal.class.php
Unescape View File

@ -1,298 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
use ChamiloSession as Session;
/**
* This file contains the necessary elements to implement a Single Sign On
* mechanism with an external Drupal application (on which the Chamilo module
* 7.x-1.0-alpha3 or above must be implemented).
*
* To use this class, set variable "sso_authentication_subclass" to "Drupal"
* in Chamilo settings. If not yet available in the "Security" tab, execute the
* following on the Chamilo database:
* INSERT INTO `settings_current` (`variable`, `type`, `category`, `selected_value`, `title`, `comment`, `access_url`)
* VALUES ('sso_authentication_subclass', 'textfield', 'Security', 'Drupal', 'SSOSubclass', 'SSOSubclassComment', 1);
*
* @package chamilo.auth.sso
*/
/**
* The SSO class allows for management of remote Single Sign On resources.
*/
class ssoDrupal
{
public $protocol; // 'http://',
public $domain; // 'localhost/project/drupal',
public $auth_uri; // '/?q=user',
public $deauth_uri; // '/?q=logout',
public $referer; // http://my.chamilo.com/main/auth/profile.php
/**
* Instanciates the object, initializing all relevant URL strings.
*/
public function __construct()
{
$this->protocol = api_get_setting('sso_authentication_protocol');
// There can be multiple domains, so make sure to take only the first
// This might be later extended with a decision process
$domains = preg_split('/,/', api_get_setting('sso_authentication_domain'));
$this->domain = trim($domains[0]);
$this->auth_uri = api_get_setting('sso_authentication_auth_uri');
$this->deauth_uri = api_get_setting('sso_authentication_unauth_uri');
//cut the string to avoid recursive URL construction in case of failure
$this->referer = $this->protocol.$_SERVER['HTTP_HOST'].substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'sso'));
$this->deauth_url = $this->protocol.$this->domain.$this->deauth_uri;
$this->master_url = $this->protocol.$this->domain.$this->auth_uri;
$this->referrer_uri = base64_encode($_SERVER['REQUEST_URI']);
$this->target = api_get_path(WEB_PATH);
}
/**
* Unlogs the user from the remote server.
*/
public function logout()
{
// no_redirect means Drupal sent the signal to logout. When redirecting to Drupal, the $_GET['stop'] param is
// set to 1, to allow Drupal to know that this is it, the logout is already done in Chamilo and there's no
// need to do it again
if (empty($_GET['no_redirect'])) {
header('Location: '.$this->deauth_url.'&stop=1');
} else {
header('Location: '.$this->protocol.$this->domain);
}
exit;
}
/**
* Sends the user to the master URL for a check of active connection.
*/
public function ask_master()
{
// Generate a single usage token that must be encoded by the master
$_SESSION['sso_challenge'] = api_generate_password(48);
// Redirect browser to the master URL
$params = '';
if (empty($_GET['no_redirect'])) {
$params = 'sso_referer='.urlencode($this->referer).
'&sso_target='.urlencode($this->target).
'&sso_challenge='.urlencode($_SESSION['sso_challenge']).
'&sso_ruri='.urlencode($this->referrer_uri);
if (strpos($this->master_url, "?") === false) {
$params = "?{$params}";
} else {
$params = "&{$params}";
}
}
header('Location: '.$this->master_url.$params);
exit;
}
/**
* Validates the received active connection data with the database.
*
* @return null|false Return the loginFailed variable value to local.inc.php
*/
public function check_user()
{
global $_user;
$loginFailed = false;
//change the way we recover the cookie depending on how it is formed
$sso = $this->decode_cookie($_GET['sso_cookie']);
//get token that should have been used and delete it
//from session since it can only be used once
$sso_challenge = '';
if (isset($_SESSION['sso_challenge'])) {
$sso_challenge = $_SESSION['sso_challenge'];
unset($_SESSION['sso_challenge']);
}
//lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT id, username, password, auth_source, active, expiration_date, status
FROM $user_table
WHERE username = '".trim(Database::escape_string($sso['username']))."'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result);
//Check the user's password
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
if ($sso['secret'] === sha1($uData['username'].$sso_challenge.api_get_security_key())
&& ($sso['username'] == $uData['username'])) {
//Check if the account is active (not locked)
if ($uData['active'] == '1') {
// check if the expiration date has not been reached
if (empty($uData['expiration_date']) or $uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
//If Multiple URL is enabled
if (api_get_multiple_access_url()) {
//Check the access_url configuration setting if the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id();
// my user is subscribed in these
//sites: $my_url_list
$my_url_list = api_get_access_url_from_user($uData['id']);
} else {
$current_access_url_id = 1;
$my_url_list = [1];
}
$my_user_is_admin = UserManager::is_admin($uData['id']);
if ($my_user_is_admin === false) {
if (is_array($my_url_list) && count($my_url_list) > 0) {
if (in_array($current_access_url_id, $my_url_list)) {
// the user has permission to enter at this site
$_user['user_id'] = $uData['id'];
$_user = api_get_user_info($_user['user_id']);
$_user['uidReset'] = true;
Session::write('_user', $_user);
Event::eventLogin($_user['user_id']);
// Redirect to homepage
$sso_target = '';
if (!empty($sso['ruri'])) {
//The referrer URI is *only* used if
// the user credentials are OK, which
// should be protection enough
// against evil URL spoofing...
$sso_target = api_get_path(WEB_PATH).base64_decode($sso['ruri']);
} else {
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH).'index.php';
}
header('Location: '.$sso_target);
exit;
} else {
// user does not have permission for this site
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
// there is no URL in the multiple
// urls list for this user
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
//Only admins of the "main" (first) Chamilo
// portal can login wherever they want
if (in_array(1, $my_url_list)) {
//Check if this admin is admin on the
// principal portal
$_user['user_id'] = $uData['id'];
$_user = api_get_user_info($_user['user_id']);
$is_platformAdmin = $uData['status'] == COURSEMANAGER;
Session::write('is_platformAdmin', $is_platformAdmin);
Session::write('_user', $_user);
Event::eventLogin($_user['user_id']);
} else {
//Secondary URL admin wants to login
// so we check as a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
Event::eventLogin($_user['user_id']);
} else {
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
}
}
} else {
// user account expired
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
//User not active
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
//SHA1 of password is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_password');
exit;
}
} else {
//Auth_source is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_authentication_source');
exit;
}
} else {
//No user by that login
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_not_found');
exit;
}
return $loginFailed;
}
/**
* Generate the URL for profile editing for a any user or the current user.
*
* @param int $userId Optional. The user id
* @param bool $asAdmin Optional. Whether get the URL for the platform admin
*
* @return string If the URL is obtained return the drupal_user_id. Otherwise return false
*/
public function generateProfileEditingURL($userId = 0, $asAdmin = false)
{
$userId = intval($userId);
if (empty($userId)) {
$userId = api_get_user_id();
}
$userExtraFieldValue = new ExtraFieldValue('user');
$drupalUserIdData = $userExtraFieldValue->get_values_by_handler_and_field_variable(
$userId,
'drupal_user_id'
);
// If this is an administrator, allow him to make some changes in
// the Chamilo profile
if ($asAdmin && api_is_platform_admin(true)) {
return api_get_path(WEB_CODE_PATH)."admin/user_edit.php?user_id=$userId";
}
// If the user doesn't match a Drupal user, give the normal profile
// link
if ($drupalUserIdData === false) {
return api_get_path(WEB_CODE_PATH).'auth/profile.php';
}
// In all other cases, generate a link to the Drupal profile edition
$drupalUserId = $drupalUserIdData['value'];
$url = "{$this->protocol}{$this->domain}/user/{$drupalUserId}/edit";
return $url;
}
/**
* Decode the cookie (this function may vary depending on the
* Single Sign On implementation.
*
* @param string Encoded cookie
*
* @return array Parsed and unencoded cookie
*/
private function decode_cookie($cookie)
{
return unserialize(base64_decode($cookie));
}
}

301
main/auth/sso/sso.class.php
Unescape View File

@ -1,301 +0,0 @@
<?php
/* For licensing terms, see /license.txt */
use ChamiloSession as Session;
/**
* This file contains the necessary elements to implement a Single Sign On
* mechanism with an arbitrary external web application (given some light
* development there) and is based on the Drupal-Chamilo module implementation.
* To develop a new authentication mechanism, please extend this class and
* overwrite its method, then modify the corresponding calling code in
* main/inc/local.inc.php.
*
* @package chamilo.auth.sso
*/
/**
* The SSO class allows for management or remote Single Sign On resources.
*/
class sso
{
public $protocol; // 'http://',
public $domain; // 'localhost/project/drupal5',
public $auth_uri; // '/?q=user',
public $deauth_uri; // '/?q=logout',
public $referer; // http://my.chamilo.com/main/auth/profile.php
/*
* referrer_uri: [some/path/inside/Chamilo], might be used by module to
* redirect the user to where he wanted to go initially in Chamilo
*/
public $referrer_uri;
/**
* Instanciates the object, initializing all relevant URL strings.
*/
public function __construct()
{
$this->protocol = api_get_setting('sso_authentication_protocol');
// There can be multiple domains, so make sure to take only the first
// This might be later extended with a decision process
$domains = explode(',', api_get_setting('sso_authentication_domain'));
$this->domain = trim($domains[0]);
$this->auth_uri = api_get_setting('sso_authentication_auth_uri');
$this->deauth_uri = api_get_setting('sso_authentication_unauth_uri');
//cut the string to avoid recursive URL construction in case of failure
$this->referer = $this->protocol.$_SERVER['HTTP_HOST'].substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'sso'));
$this->deauth_url = $this->protocol.$this->domain.$this->deauth_uri;
$this->master_url = $this->protocol.$this->domain.$this->auth_uri;
$this->referrer_uri = base64_encode($_SERVER['REQUEST_URI']);
$this->target = api_get_path(WEB_PATH);
}
/**
* Unlogs the user from the remote server.
*/
public function logout()
{
header('Location: '.$this->deauth_url);
exit;
}
/**
* Sends the user to the master URL for a check of active connection.
*/
public function ask_master()
{
$tempKey = api_generate_password(32);
$params = 'sso_referer='.urlencode($this->referer).
'&sso_target='.urlencode($this->target).
'&sso_challenge='.$tempKey.
'&sso_ruri='.urlencode($this->referrer_uri);
Session::write('tempkey', $tempKey);
if (strpos($this->master_url, "?") === false) {
$params = "?$params";
} else {
$params = "&$params";
}
header('Location: '.$this->master_url.$params);
exit;
}
/**
* Validates the received active connection data with the database.
*
* @return bool Return the loginFailed variable value to local.inc.php
*/
public function check_user()
{
global $_user;
$loginFailed = false;
//change the way we recover the cookie depending on how it is formed
$sso = $this->decode_cookie($_GET['sso_cookie']);
//error_log('check_user');
//error_log('sso decode cookie: '.print_r($sso,1));
//lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status
FROM $user_table
WHERE username = '".trim(Database::escape_string($sso['username']))."'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
//error_log('user exists');
$uData = Database::fetch_array($result);
//Check the user's password
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
//This user's authentification is managed by Chamilo itself
// check the user's password
// password hash comes already parsed in sha1, md5 or none
/*
error_log($sso['secret']);
error_log($uData['password']);
error_log($sso['username']);
error_log($uData['username']);
*/
global $_configuration;
// Two possible authentication methods here: legacy using password
// and new using a temporary, session-fixed, tempkey
if ((
$sso['username'] == $uData['username']
&& $sso['secret'] === sha1(
$uData['username'].
Session::read('tempkey').
$_configuration['security_key']
)
)
or (
($sso['secret'] === sha1($uData['password']))
&& ($sso['username'] == $uData['username'])
)
) {
//error_log('user n password are ok');
//Check if the account is active (not locked)
if ($uData['active'] == '1') {
// check if the expiration date has not been reached
if (empty($uData['expiration_date'])
or $uData['expiration_date'] > date('Y-m-d H:i:s')
or $uData['expiration_date'] == '0000-00-00 00:00:00') {
//If Multiple URL is enabled
if (api_get_multiple_access_url()) {
//Check the access_url configuration setting if
// the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id();
// my user is subscribed in these
//sites: $my_url_list
$my_url_list = api_get_access_url_from_user($uData['user_id']);
} else {
$current_access_url_id = 1;
$my_url_list = [1];
}
$my_user_is_admin = UserManager::is_admin($uData['user_id']);
if ($my_user_is_admin === false) {
if (is_array($my_url_list) && count($my_url_list) > 0) {
if (in_array($current_access_url_id, $my_url_list)) {
// the user has permission to enter at this site
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
$_user['uidReset'] = true;
Session::write('_user', $_user);
Event::eventLogin($_user['user_id']);
// Redirect to homepage
$sso_target = '';
if (!empty($sso['ruri'])) {
//The referrer URI is *only* used if
// the user credentials are OK, which
// should be protection enough
// against evil URL spoofing...
$sso_target = api_get_path(WEB_PATH).base64_decode($sso['ruri']);
} else {
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH).'index.php';
}
header('Location: '.$sso_target);
exit;
} else {
// user does not have permission for this site
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
// there is no URL in the multiple
// urls list for this user
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
//Only admins of the "main" (first) Chamilo
// portal can login wherever they want
if (in_array(1, $my_url_list)) {
//Check if this admin is admin on the
// principal portal
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
$is_platformAdmin = $uData['status'] == COURSEMANAGER;
Session::write('is_platformAdmin', $is_platformAdmin);
Session::write('_user', $_user);
Event::eventLogin($_user['user_id']);
} else {
//Secondary URL admin wants to login
// so we check as a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
Event::eventLogin($_user['user_id']);
} else {
$loginFailed = true;
Session::erase('_uid');
header(
'Location: '.api_get_path(WEB_PATH)
.'index.php?loginFailed=1&error=access_url_inactive'
);
exit;
}
}
}
} else {
// user account expired
$loginFailed = true;
Session::erase('_uid');
header(
'Location: '.api_get_path(WEB_PATH)
.'index.php?loginFailed=1&error=account_expired'
);
exit;
}
} else {
//User not active
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
//SHA1 of password is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_password');
exit;
}
} else {
//Auth_source is wrong
$loginFailed = true;
Session::erase('_uid');
header(
'Location: '.api_get_path(WEB_PATH)
.'index.php?loginFailed=1&error=wrong_authentication_source'
);
exit;
}
} else {
//No user by that login
$loginFailed = true;
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_not_found');
exit;
}
return $loginFailed;
}
/**
* Generate the URL for profile editing for a any user or the current user.
*
* @param int $userId Optional. The user id
* @param bool $asAdmin Optional. Whether get the URL for the platform admin
*
* @return string The SSO URL
*/
public function generateProfileEditingURL($userId = 0, $asAdmin = false)
{
$userId = intval($userId);
if ($asAdmin && api_is_platform_admin(true)) {
return api_get_path(WEB_CODE_PATH)."admin/user_edit.php?user_id=$userId";
}
return api_get_path(WEB_CODE_PATH).'auth/profile.php';
}
/**
* Decode the cookie (this function may vary depending on the
* Single Sign On implementation.
*
* @param string Encoded cookie
*
* @return array Parsed and unencoded cookie
*/
private function decode_cookie($cookie)
{
return unserialize(base64_decode($cookie));
}
}

105
main/auth/sso/sso_server_test.php
Unescape View File

@ -1,105 +0,0 @@
<?php
/*
SSO sample
This is the "server" of my institution/university authentification "code"
1. Active all the SSO option in your Chamilo installation: main/admin/settings.php?category=Security
2. Copy the main/auth/sso/sso.class.php file to something else representing your remote system, like
sso.Remote.class.php and modify the class name in soo.Remote.class.php to "ssoRemote"
3. Insert the following setting manually in your database (change the selected_value from 'Remote'
to the name of your system (used in the filename and classname above).
INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext)
VALUES ('sso_authentication_subclass',NULL,'textfield','Security','Remote','SSOAuthSubClassTitle','SSOAuthSubClassComment',NULL,NULL);
4. Make sure this script is located in the index page of the server you fill in the "Domain of the Single Sign On server" Chamilo setting
For example this script must be located in example.com/index.php if you set the "Domain of the Single Sign On server" = example.com
5. Create a user in chamilo and in your external system with login = "joe" and password = "doe"
6. Remember this is just a sample! Check the chamilo drupal extension for more information:
http://drupal.org/node/817682
7. When activating the settings in step 1, the principal Chamilo file main/inc/local.inc.php will load the class main/auth/sso.[class.php library
* that will redirect to this field with some parameters.
*
*/
exit; //Uncomment this to execute the page
//After you located this file in you new domain and you set the settings in step 2,
//this page will be loaded when entering to the Chamilo site if the SSO option was set in step 1.
//Getting the chamilo server
$my_chamilo_server = filter_xss($_SERVER['HTTP_HOST']);
$account = [];
if (isset($_SESSION['my_server_user_session'])) {
//validate if the user is already logged in my external system in order to redirect to chamilo
}
//Login process
if (isset($_POST['user']) && isset($_POST['password'])) {
//1. Your Server validations
$validate = validate_user($_POST['user'], $_POST['password']);
if ($validate) {
/* 2.Get the chamilo username and password from your system or from webservices */
$account['username'] = 'jbrion525'; //username in Chamilo
$account['password'] = sha1(sha1('jbrion525')); //encrypted password with assuming that the first encrypted method is sha1 in chamilo
$master_auth_uri = $my_chamilo_server.'/?q=user';
// Creating an array cookie that will be sent to Chamilo
$sso = [
'username' => $account['username'],
'secret' => $account['password'],
'master_domain' => $my_chamilo_server,
'master_auth_uri' => $master_auth_uri,
'lifetime' => time() + 3600,
'target' => filter_xss($_GET['sso_target']),
];
$cookie = base64_encode(serialize($sso));
$url = chamilo_sso_protocol().$master_auth_uri;
$params = 'sso_referer='.urlencode($url).'&sso_cookie='.urlencode($cookie);
$final_url = filter_xss($_GET['sso_referer']).'?'.$params;
//If your user exists redirect to chamilo and set the account in a session to check it later
$_SESSION['my_server_user_session'] = $account;
//3. After validating the user in the server and getting and setting the user data of chamilo in the sso_cookie variable:
// Redirect to this URL
header('Location: '.$final_url);
exit;
} else {
echo '<h2>Wrong parameters</h2>';
}
}
if (isset($_POST['logout'])) {
//echo do something to logout
}
function validate_user($user, $pass)
{
return true;
}
function filter_xss($val)
{
//do some cleaning
return $val;
}
function chamilo_sso_protocol()
{
//get the sso_protocol from chamilo using webservices
return 'http://';
}
?>
<html>
<form method="post">
User <input name="user"/>
Pass <input name="password" />
<input type="submit" value="Login">
</form>
</html>

67
main/inc/lib/api.lib.php
Unescape View File

@ -2414,30 +2414,6 @@ function api_check_password($password)
return $isPasswordOk;
}
/**
* Clears the user ID from the session if it was the anonymous user. Generally
* used on out-of-tools pages to remove a user ID that could otherwise be used
* in the wrong context.
* This function is to be used in conjunction with the api_set_anonymous()
* function to simulate the user existence in case of an anonymous visit.
*
* @param bool database check switch - passed to api_is_anonymous()
*
* @return bool true if succesfully unregistered, false if not anonymous
*/
function api_clear_anonymous($db_check = false)
{
global $_user;
if (api_is_anonymous($_user['user_id'], $db_check)) {
unset($_user['user_id']);
Session::erase('_uid');
return true;
}
return false;
}
/**
* Returns the status string corresponding to the status code.
*
@ -2461,41 +2437,6 @@ function get_status_from_code($status_code)
}
}
/**
* Sets the current user as anonymous if it hasn't been identified yet. This
* function should be used inside a tool only. The function api_clear_anonymous()
* acts in the opposite direction by clearing the anonymous user's data every
* time we get on a course homepage or on a neutral page (index, admin, my space).
*
* @return bool true if set user as anonymous, false if user was already logged in or anonymous id could not be found
*/
function api_set_anonymous()
{
return false;
global $_user;
if (!empty($_user['user_id'])) {
return false;
}
$user_id = api_get_anonymous_id();
if ($user_id == 0) {
return false;
}
if (isset($_user['is_anonymous'])) {
return false;
}
Session::erase('_user');
$_user['user_id'] = $user_id;
$_user['is_anonymous'] = true;
$GLOBALS['_user'] = $_user;
Session::write('_user', $_user);
return true;
}
/**
* Gets the current Chamilo (not PHP/cookie) session ID.
@ -2789,7 +2730,6 @@ function api_get_setting($variable)
// deprecated settings
// no break
case 'openid_authentication':
case 'sso_authentication':
case 'service_ppt2lp':
case 'add_cas_login_button_cas_button_label':
case 'add_cas_login_button_cas_button_comment':
@ -3791,13 +3731,6 @@ function api_not_allowed(
$response->send();
exit;
if (api_get_setting('sso_authentication') === 'true') {
global $osso;
if ($osso) {
$osso->logout();
}
}
$home_url = api_get_path(WEB_PATH);
$user_id = api_get_user_id();
$course = api_get_course_id();

23
main/inc/lib/display.lib.php
Unescape View File

@ -2394,29 +2394,6 @@ class Display
$editProfileUrl = api_get_path(WEB_CODE_PATH)."admin/user_edit.php?user_id=".intval($userId);
}
if (api_get_setting('sso_authentication') === 'true') {
$subSSOClass = api_get_setting('sso_authentication_subclass');
$objSSO = null;
if (!empty($subSSOClass)) {
$file = api_get_path(SYS_CODE_PATH)."auth/sso/sso.$subSSOClass.class.php";
if (file_exists($file)) {
require_once $file;
$subSSOClass = 'sso'.$subSSOClass;
$objSSO = new $subSSOClass();
} else {
throw new Exception("$subSSOClass file not set");
}
} else {
$objSSO = new sso();
}
$editProfileUrl = $objSSO->generateProfileEditingURL(
$userId,
$asAdmin
);
}
return $editProfileUrl;
}

3
main/inc/lib/template.lib.php
Unescape View File

@ -988,9 +988,6 @@ class Template
case 'multiple_connection_not_allowed':
$message = get_lang('MultipleConnectionsAreNotAllow');
break;
case 'unrecognize_sso_origin':
//$message = get_lang('SSOError');
break;
}
}

6
src/SettingsBundle/Manager/SettingsManager.php
Unescape View File

@ -261,11 +261,6 @@ class SettingsManager implements SettingsManagerInterface
'show_link_ticket_notification' => 'Platform',
'course_validation' => 'course', //'course_validation' => 'Platform',
'course_validation_terms_and_conditions_url' => 'Platform',
'sso_authentication' => 'Security',
'sso_authentication_domain' => 'Security',
'sso_authentication_auth_uri' => 'Security',
'sso_authentication_unauth_uri' => 'Security',
'sso_authentication_protocol' => 'Security',
'enabled_wiris' => 'Editor',
'allow_spellcheck' => 'Editor',
'force_wiki_paste_as_plain_text' => 'Editor',
@ -409,7 +404,6 @@ class SettingsManager implements SettingsManagerInterface
'hide_certificate_export_link' => 'Gradebook',
'dropbox_hide_course_coach' => 'Tools',
'dropbox_hide_general_coach' => 'Tools',
'sso_force_redirect' => 'Security',
'session_course_ordering' => 'Session',
'gamification_mode' => 'Platform',
'prevent_multiple_simultaneous_login' => 'Security',

Write Preview
Loading…
Cancel
Save