'Iain Hallam', 'email' => 'iain@iainhallam.com', 'date' => '2009-09-22', 'name' => 'SSO CAS Plugin', 'desc' => 'Authenticate DokuWiki users via CAS', 'url' => 'http://www.dokuwiki.org/plugin:ssocas', ); } function register (Doku_Event_Handler $controller) { if ($this->getConf('server') != '') { $controller->register_hook ('HTML_LOGINFORM_OUTPUT', 'BEFORE', $this, 'handle_login_form'); $controller->register_hook ('ACTION_ACT_PREPROCESS', 'BEFORE', $this, 'handle_action'); $controller->register_hook ('TPL_ACT_UNKNOWN', 'BEFORE', $this, 'handle_template'); } } function _self () { global $ID; return wl($ID, '', true, ''); } function _selfdo ($do) { global $ID; return wl($ID, 'do=' . $do, true, '&'); } function _redirect ($url) { header ('Location: ' . $url); exit; } function handle_login_form (&$event, $param) { global $auth; global $conf; global $lang; global $ID; // Remove the register and resendpwd links, if they exist. for ($formPosition = 0; $formPosition < count($event->data->_content); $formPosition++) { $formElement = $event->data->getElementAt($formPosition); if ((! is_array($formElement)) and (substr($formElement, 0, 2) == 'data->replaceElement ($formPosition, NULL); } } $insertElement = 5; if($auth && $auth->canDo('addUser') && actionOK('register')){ $event->data->insertElement($insertElement,'

'.$lang['reghere'].': '.$lang['register'].'

'); $insertElement = 6; } if ($auth && $auth->canDo('modPass') && actionOK('resendpwd')) { $event->data->insertElement($insertElement,'

'.$lang['pwdforget'].': '.$lang['btn_resendpwd'].'

'); } if ($this->getConf('logourl') != '') { $caslogo = '

'; } else { $caslogo = ''; } $event->data->insertElement(0,'

'.$this->getConf('name').''); $event->data->insertElement(1,'

'.$caslogo.'Login

'); $event->data->insertElement(2,'

'); if ($this->getConf('jshidelocal')) { $event->data->insertElement(3,'

Only use this if you cannot use the '.$this->getConf('name').' above.

'); $event->data->replaceElement(4,'

'.$this->getConf('localname').''); } else { $event->data->replaceElement(3,'

'.$this->getConf('localname').''); } } function handle_caslogin () { global $ACT, $auth, $conf, $INFO, $USERINFO; //phpCAS::setFixedServiceURL(DOKU_URL . 'doku.php?id=' . $QUERY); phpCAS::forceAuthentication(); if (phpCAS::checkAuthentication()) { // Successful $casuser = phpCAS::getUser(); $USERINFO = $auth->getUserData($casuser); $wlstring = $this->getConf('wluserstring'); $wlstring = preg_replace('/(\s|\n|\r|\t)/', '', $wlstring); $wlusers = explode(",", $wlstring); if ((in_array($casuser, $wlusers)) || $this->getConf('allowall')) { if (empty($USERINFO)) { //No account yet if ($this->getConf('makenew')) { // Try making an account $tmpuserdomain = ($casuser."@".trim($this->getConf('useredomain'))); if (false == $auth->triggerUserMod('create', array($casuser, date(DATE_ATOM) ,$casuser, $tmpuserdomain))) { $ACT = 'denied'; msg ('CAS to Doku user creation error', -1); } //update userinfo with the new user $USERINFO = $auth->getUserData($cassuser); } else { $ACT = 'denied'; msg ('Your user has not been created, and CAS to Doku creation is disabled', -1); return; } } // Populate the session variables $_SERVER['REMOTE_USER'] = $casuser; if ($this->getConf('stickysession')) { $stickysession = true; } else { $stickysession = false; } auth_setCookie($casuser,'CAS',$stickysession); // Authentication info has changed: reset the page info $INFO = pageinfo(); $ACT = 'show'; } else { $ACT = 'denied'; msg ('Sorry; you are not on the allowed user list', -1); } } else { // Failed $ACT = 'denied'; msg ('Sorry; your login to '.$this->getConf('name').' failed.',-1); } } function handle_caslogout () { // Check CAS authentication and whether to log out of CAS completely, and do a phpCAS::logout if so. if ((isset($_SERVER['REMOTE_USER'])) && ($_SESSION[DOKU_COOKIE]['auth']['pass'] == 'CAS')) { if ($this->getConf('caslogout')) { phpCAS::logoutWithRedirectServiceAndUrl($this->_self(), $this->_self()); } } auth_logoff(); } function handle_action (&$event, $param) { global $ACT; require_once ('CAS.php'); phpCAS::client($this->getConf('version').'.0',$this->getConf('server'),(integer) $this->getConf('port'),$this->getConf('uri')); phpCAS::setNoCasServerValidation(); // Handle the case where the CAS session is finished but the user is still logged in to DokuWiki if (! $this->getConf('stickysession')) { if ((isset($_SERVER['REMOTE_USER'])) && ($_SESSION[DOKU_COOKIE]['auth']['pass'] == 'CAS')) { if (! phpCAS::checkAuthentication()) { // Authentication failed $event->preventDefault(); $this->handle_caslogout(); $this->_redirect($this->_self()); } } } if ($event->data == 'caslogin') { $event->preventDefault(); $this->handle_caslogin(); } if ($event->data == 'logout') { $this->handle_caslogout(); } } function handle_template (&$event, $param) { if ($event->data == 'caslogin') { $event->preventDefault(); } } }