DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
auth:ssp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
auth:ssp [2011-06-06 16:24] – [Code] 83.49.108.130auth:ssp [2013-01-14 01:07] – [Code] 2001:638:904:ffd0:25b2:71e7:e527:f807
Line 22: Line 22:
  * auth/ssp.class.php  * auth/ssp.class.php
  *  *
- * @author  Jorge Hervás <jordihv@gmail.com>+ * @author  Jorge Hervás <jordihv@gmail.com>, Lukas Slansky <lukas.slansky@upce.cz>
  * @license GPL2 http://www.gnu.org/licenses/gpl.html  * @license GPL2 http://www.gnu.org/licenses/gpl.html
- * @version 0.1 + * @version 0.2 
- * @date    June 2011+ * @date    April 2012
  */  */
 + 
 class auth_ssp extends auth_basic { class auth_ssp extends auth_basic {
 +  var $users = null;
   // declaration of the auth_simple object    // declaration of the auth_simple object 
   var $as;   var $as;
 + 
   /**   /**
    * Constructor.    * Constructor.
Line 41: Line 42:
     $this->cando['logoff'  = true;     $this->cando['logoff'  = true;
     $this->success = true;     $this->success = true;
 +  }
 + 
 +  /**
 +   * Return user info (copy from plain.class.php)
 +   *
 +   * Returns info about the given user needs to contain
 +   * at least these fields:
 +   *
 +   * name string  full name of the user
 +   * mail string  email addres of the user
 +   * grps array   list of groups the user is in
 +   *
 +   * @author  Lukas Slansky <lukas.slansky@upce.cz>
 +   */
 +  function getUserData($user){
 +
 +    if($this->users === null) $this->_loadUserData();
 +    return isset($this->users[$user]) ? $this->users[$user] : false;
 +  }
 +
 +  /**
 +   * Load all user data (modified copy from plain.class.php)
 +   *
 +   * loads the user file into a datastructure
 +   *
 +   * @author  Lukas Slansky <lukas.slansky@upce.cz>
 +   */
 +  function _loadUserData(){
 +    global $conf;
 +
 +    $this->users = array();
 +
 +    if(!@file_exists($conf['ssp_usersfile'])) return;
 +
 +    $lines = file($conf['ssp_usersfile']);
 +    foreach($lines as $line){
 +      $line = preg_replace('/#.*$/','',$line); //ignore comments
 +      $line = trim($line);
 +      if(empty($line)) continue;
 +
 +      $row    = explode(":",$line,5);
 +      $groups = array_values(array_filter(explode(",",$row[3])));
 +
 +      $this->users[$row[0]]['name'] = urldecode($row[1]);
 +      $this->users[$row[0]]['mail'] = $row[2];
 +      $this->users[$row[0]]['grps'] = $groups;
 +    }
 +  }
 +  
 +  /**
 +   * Save user data
 +   *
 +   * saves the user file into a datastructure
 +   *
 +   * @author  Lukas Slansky <lukas.slansky@upce.cz>
 +   */
 +  function _saveUserData($username, $userinfo) {
 +    global $conf;
 +
 +    if ($this->users === null) $this->_loadUserData();
 +    $pattern = '/^' . $username . ':/';
 +    
 +    // Delete old line from users file
 +    if (!io_deleteFromFile($conf['ssp_usersfile'], $pattern, true)) {
 +      msg('Error saving user data (1)', -1);
 +      return false;
 +    }
 +    $groups = join(',',$userinfo['grps']);
 +    $userline = join(':',array($username, $userinfo['name'], $userinfo['mail'], $groups))."\n";
 +    // Save new line into users file
 +    if (!io_saveFile($conf['ssp_usersfile'], $userline, true)) {
 +      msg('Error saving user data (2)', -1);
 +      return false;
 +    }
 +    $this->users[$username] = $userinfo;
 +    return true;
   }   }
  
Line 50: Line 127:
     global $USERINFO;     global $USERINFO;
     global $conf;     global $conf;
 + 
     $sticky ? $sticky = true : $sticky = false; //sanity check     $sticky ? $sticky = true : $sticky = false; //sanity check
 + 
     // loading of simplesamlphp library     // loading of simplesamlphp library
     require_once($conf['ssp_path'] . '/lib/_autoload.php');     require_once($conf['ssp_path'] . '/lib/_autoload.php');
 + 
     // create auth object and use api to require authentication and get attributes     // create auth object and use api to require authentication and get attributes
     $this->as = new SimpleSAML_Auth_Simple('default-sp');     $this->as = new SimpleSAML_Auth_Simple('default-sp');
 + 
     // the next line should be discommented to enable guest users (not authenticated) enter DokuWiki, see also documentation     // the next line should be discommented to enable guest users (not authenticated) enter DokuWiki, see also documentation
     # if ($this->as->isAuthenticated()) {     # if ($this->as->isAuthenticated()) {
Line 64: Line 141:
     $this->as->requireAuth();     $this->as->requireAuth();
     $attrs = $this->as->getAttributes();     $attrs = $this->as->getAttributes();
 + 
     // check for valid attributes (not empty) and update USERINFO var from dokuwiki     // check for valid attributes (not empty) and update USERINFO var from dokuwiki
     if (!isset($attrs[$conf['ssp_attr_name']][0])) {     if (!isset($attrs[$conf['ssp_attr_name']][0])) {
Line 70: Line 147:
     }     }
     $USERINFO['name'] = $attrs[$conf['ssp_attr_name']][0];     $USERINFO['name'] = $attrs[$conf['ssp_attr_name']][0];
 + 
     if (!isset($attrs[$conf['ssp_attr_mail']][0])) {     if (!isset($attrs[$conf['ssp_attr_mail']][0])) {
       $this->exitMissingAttribute('Mail');       $this->exitMissingAttribute('Mail');
     }     }
     $USERINFO['mail'] = $attrs[$conf['ssp_attr_mail']][0];     $USERINFO['mail'] = $attrs[$conf['ssp_attr_mail']][0];
 + 
     // groups may be empty (by default any user belongs to the user group) don't perform empty check     // groups may be empty (by default any user belongs to the user group) don't perform empty check
     $USERINFO['grps'] = $attrs[$conf['ssp_attr_grps']];     $USERINFO['grps'] = $attrs[$conf['ssp_attr_grps']];
 + 
     if (!isset($attrs[$conf['ssp_attr_user']][0])) {     if (!isset($attrs[$conf['ssp_attr_user']][0])) {
       $this->exitMissingAttribute('User');       $this->exitMissingAttribute('User');
     }     }
-   +  
 +    // save user info 
 +    if (!$this->_saveUserData($attrs[$conf['ssp_attr_user']][0], $USERINFO)) { 
 +      return false; 
 +    } 
 + 
     // assign user id to the user global information     // assign user id to the user global information
     $_SERVER['REMOTE_USER'] = $attrs[$conf['ssp_attr_user']][0];     $_SERVER['REMOTE_USER'] = $attrs[$conf['ssp_attr_user']][0];
 + 
     // assign user id and the data from USERINFO to the DokuWiki session cookie     // assign user id and the data from USERINFO to the DokuWiki session cookie
     $_SESSION[DOKU_COOKIE]['auth']['user'] = $attrs[$conf['ssp_attr_user']][0];     $_SESSION[DOKU_COOKIE]['auth']['user'] = $attrs[$conf['ssp_attr_user']][0];
     $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;     $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
 + 
     # } // end if_isAuthenticated()     # } // end if_isAuthenticated()
  
     return true;     return true;
   }   }
 + 
   /**   /**
    * exit printing info and logout link    * exit printing info and logout link
Line 105: Line 187:
     die( $attribute . ' attribute missing from IdP. Please ' . $logoutlink . ' to return to login form');     die( $attribute . ' attribute missing from IdP. Please ' . $logoutlink . ' to return to login form');
   }   }
 + 
   /**   /**
    * Log off the current user from DokuWiki and IdP    * Log off the current user from DokuWiki and IdP
Line 112: Line 194:
   function logOff(){   function logOff(){
     // use the simpleSAMLphp authentication object created in trustExternal to logout     // use the simpleSAMLphp authentication object created in trustExternal to logout
-    $this->as->logout('/');+    if ($this->as->isAuthenticated()) 
 +      $this->as->logout('/');
   }   }
 + 
 } }
 + 
 //Setup VIM: ex: et ts=2 enc=utf-8 : //Setup VIM: ex: et ts=2 enc=utf-8 :
 </code> </code>
Line 135: Line 218:
 // path for the simplesamlphp installation root // path for the simplesamlphp installation root
 $conf['ssp_path'] = '/var/simplesamlphp'; $conf['ssp_path'] = '/var/simplesamlphp';
 +
 +// username to save user details
 +$conf['ssp_usersfile'] = $conf['savedir'] . '/users.ssp.php';
  
 // configure attribute names to match the ones used by our authentication backend (IdP) // configure attribute names to match the ones used by our authentication backend (IdP)
Line 168: Line 254:
  
 ** 5. (optional) ** ** 5. (optional) **
-Comment out the lines starting by '#' in the authentication backend to allow guest users visit the site without requiring user and password credentials+Uncomment the lines starting by '#' in the authentication backend to allow guest users visit the site without requiring user and password credentials
  
 In this case you should also modify the inc/template.php file to correct the behaviour of the login button, redirecting it to the IdP login form In this case you should also modify the inc/template.php file to correct the behaviour of the login button, redirecting it to the IdP login form
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links