Skip to content
Snippets Groups Projects
Commit 64c18312 authored by Tamás Michelberger's avatar Tamás Michelberger
Browse files

Merge pull request #4 from biancini/master

Added management of groups attribute and modification of SSOlogin
parents 97322dbc 971d5e88
No related branches found
No related tags found
No related merge requests found
...@@ -34,6 +34,10 @@ $shib_RN = isset($_SERVER['HTTP_COMMON_NAME']) ? $_SERVER['HTTP_COMMON_NAME'] : ...@@ -34,6 +34,10 @@ $shib_RN = isset($_SERVER['HTTP_COMMON_NAME']) ? $_SERVER['HTTP_COMMON_NAME'] :
// Map e-mail to what Shibboleth variable? // Map e-mail to what Shibboleth variable?
$shib_email = isset($_SERVER['HTTP_EMAIL']) ? $_SERVER['HTTP_EMAIL'] : null; $shib_email = isset($_SERVER['HTTP_EMAIL']) ? $_SERVER['HTTP_EMAIL'] : null;
// Field containing groups for the user and field containing the prefix to be searched (and stripped) from wiki groups
$shib_groups = isset($_SERVER['isMemberOf']) ? $_SERVER['isMemberOf'] : null;
$shib_group_prefix = "wiki";
// The ShibUpdateUser hook is executed on login. // The ShibUpdateUser hook is executed on login.
// It has two arguments: // It has two arguments:
// - $existing: True if this is an existing user, false if it is a new user being added // - $existing: True if this is an existing user, false if it is a new user being added
......
...@@ -300,12 +300,30 @@ function ShibLinkAdd(&$personal_urls, $title) ...@@ -300,12 +300,30 @@ function ShibLinkAdd(&$personal_urls, $title)
if (! isset($shib_LoginHint)) if (! isset($shib_LoginHint))
$shib_LoginHint = "Login via Single Sign-on"; $shib_LoginHint = "Login via Single Sign-on";
$personal_urls['SSOlogin'] = array( if ($shib_WAYFStyle == "Login") {
'text' => $shib_LoginHint, $personal_urls['SSOlogin'] = array(
'href' => ($shib_Https ? 'https' : 'http') .'://' . $_SERVER['HTTP_HOST'] . 'text' => $shib_LoginHint,
getShibAssertionConsumerServiceURL() . "/" . $shib_ConsumerPrefix . $shib_WAYF . 'href' => ($shib_Https ? 'https' : 'http') .'://' . $_SERVER['HTTP_HOST'] .
'?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') . $shib_AssertionConsumerServiceURL . "/" . $shib_ConsumerPrefix . $shib_WAYFStyle .
'://' . $_SERVER['HTTP_HOST'] . $pageurl, ); '?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
'://' . $_SERVER['HTTP_HOST'] . $pageurl, );
}
elseif ($shib_WAYFStyle == "CustomLogin") {
$personal_urls['SSOlogin'] = array(
'text' => $shib_LoginHint,
'href' => ($shib_Https ? 'https' : 'http') .'://' . $_SERVER['HTTP_HOST'] .
$shib_AssertionConsumerServiceURL .
'?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
'://' . $_SERVER['HTTP_HOST'] . $pageurl, );
}
else {
$personal_urls['SSOlogin'] = array(
'text' => $shib_LoginHint,
'href' => ($shib_Https ? 'https' : 'http') .'://' . $_SERVER['HTTP_HOST'] .
$shib_AssertionConsumerServiceURL . "/" . $shib_ConsumerPrefix . $shib_WAYF .
'?target=' . (isset($_SERVER['HTTPS']) ? 'https' : 'http') .
'://' . $_SERVER['HTTP_HOST'] . $pageurl, );
}
return true; return true;
} }
...@@ -354,6 +372,7 @@ function ShibUserLoadFromSession($user, &$result) ...@@ -354,6 +372,7 @@ function ShibUserLoadFromSession($user, &$result)
global $shib_map_info; global $shib_map_info;
global $shib_map_info_existing; global $shib_map_info_existing;
global $shib_pretend; global $shib_pretend;
global $shib_groups;
//MW needs usernames in capital! //MW needs usernames in capital!
$shib_UN = Title::makeTitleSafe( NS_USER, $shib_UN); $shib_UN = Title::makeTitleSafe( NS_USER, $shib_UN);
...@@ -382,6 +401,7 @@ function ShibUserLoadFromSession($user, &$result) ...@@ -382,6 +401,7 @@ function ShibUserLoadFromSession($user, &$result)
$wgAuth->updateUser($user); //Make sure password is nologin $wgAuth->updateUser($user); //Make sure password is nologin
wfSetupSession(); wfSetupSession();
$user->setCookies(); $user->setCookies();
ShibAddGroups($user);
return true; return true;
} }
...@@ -443,8 +463,32 @@ function ShibUserLoadFromSession($user, &$result) ...@@ -443,8 +463,32 @@ function ShibUserLoadFromSession($user, &$result)
$user->saveSettings(); $user->saveSettings();
wfSetupSession(); wfSetupSession();
$user->setCookies(); $user->setCookies();
ShibAddGroups($user);
return true; return true;
} }
function ShibAddGroups($user) {
global $shib_groups;
global $shib_group_prefix;
$oldGroups = $user->getGroups();
foreach ($oldGroups as $group) {
$user->removeGroup($group);
}
if (isset($shib_groups)) {
foreach (explode(';', $shib_groups) as $group) {
if (isset($shib_group_prefix) && !empty($shib_group_prefix)) {
$vals = explode(":", $group);
if ($vals[0] == "wiki") {
$user->addGroup($vals[1]);
}
}
else {
$user->addGroup($group);
}
}
}
}
function ShibKillAA() function ShibKillAA()
{ {
global $wgHooks; global $wgHooks;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment