CasAuthenticationPlugin.php 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144
  1. <?php
  2. // This file is part of GNU social - https://www.gnu.org/software/social
  3. //
  4. // GNU social is free software: you can redistribute it and/or modify
  5. // it under the terms of the GNU Affero General Public License as published by
  6. // the Free Software Foundation, either version 3 of the License, or
  7. // (at your option) any later version.
  8. //
  9. // GNU social is distributed in the hope that it will be useful,
  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. // GNU Affero General Public License for more details.
  13. //
  14. // You should have received a copy of the GNU Affero General Public License
  15. // along with GNU social. If not, see <http://www.gnu.org/licenses/>.
  16. /**
  17. * Plugin to enable Single Sign On via CAS (Central Authentication Service)
  18. *
  19. * @category Plugin
  20. * @package GNUsocial
  21. * @author Craig Andrews <candrews@integralblue.com>
  22. * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
  23. * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  24. */
  25. defined('GNUSOCIAL') || die();
  26. class CasAuthenticationPlugin extends AuthenticationPlugin
  27. {
  28. const PLUGIN_VERSION = '2.0.0';
  29. public $server;
  30. public $port = 443;
  31. public $path = '';
  32. public $takeOverLogin = false;
  33. public $user_whitelist = null;
  34. public function checkPassword($username, $password)
  35. {
  36. global $casTempPassword;
  37. return ($casTempPassword == $password);
  38. }
  39. public function onArgsInitialize(&$args)
  40. {
  41. if ($this->takeOverLogin && $args['action'] === 'login') {
  42. $args['action'] = 'caslogin';
  43. }
  44. }
  45. public function onStartInitializeRouter($m)
  46. {
  47. $m->connect('main/cas', array('action' => 'caslogin'));
  48. return true;
  49. }
  50. public function onEndLoginGroupNav($action)
  51. {
  52. $action_name = $action->trimmed('action');
  53. $action->menuItem(
  54. common_local_url('caslogin'),
  55. // TRANS: Menu item. CAS is Central Authentication Service.
  56. _m('CAS'),
  57. // TRANS: Tooltip for menu item. CAS is Central Authentication Service.
  58. _m('Login or register with CAS.'),
  59. ($action_name === 'caslogin')
  60. );
  61. return true;
  62. }
  63. public function onEndShowPageNotice($action)
  64. {
  65. $name = $action->trimmed('action');
  66. switch ($name) {
  67. case 'login':
  68. // TRANS: Invitation to users with a CAS account to log in using the service.
  69. // TRANS: "[CAS login]" is a link description. (%%action.caslogin%%) is the URL.
  70. // TRANS: These two elements may not be separated.
  71. $instr = _m('(Have an account with CAS? ' .
  72. 'Try our [CAS login](%%action.caslogin%%)!)');
  73. break;
  74. default:
  75. return true;
  76. }
  77. $output = common_markup_to_html($instr);
  78. $action->raw($output);
  79. return true;
  80. }
  81. public function onLoginAction($action, &$login)
  82. {
  83. switch ($action) {
  84. case 'caslogin':
  85. $login = true;
  86. return false;
  87. default:
  88. return true;
  89. }
  90. }
  91. public function onInitializePlugin()
  92. {
  93. parent::onInitializePlugin();
  94. if (!isset($this->server)) {
  95. // TRANS: Exception thrown when the CAS Authentication plugin has been configured incorrectly.
  96. throw new Exception(_m("Specifying a server is required."));
  97. }
  98. if (!isset($this->port)) {
  99. // TRANS: Exception thrown when the CAS Authentication plugin has been configured incorrectly.
  100. throw new Exception(_m("Specifying a port is required."));
  101. }
  102. if (!isset($this->path)) {
  103. // TRANS: Exception thrown when the CAS Authentication plugin has been configured incorrectly.
  104. throw new Exception(_m("Specifying a path is required."));
  105. }
  106. //These values need to be accessible to a action object
  107. //I can't think of any other way than global variables
  108. //to allow the action instance to be able to see values :-(
  109. global $casSettings;
  110. $casSettings = array();
  111. $casSettings['server']=$this->server;
  112. $casSettings['port']=$this->port;
  113. $casSettings['path']=$this->path;
  114. $casSettings['takeOverLogin']=$this->takeOverLogin;
  115. $casSettings['user_whitelist']=$this->user_whitelist;
  116. }
  117. public function onPluginVersion(array &$versions): bool
  118. {
  119. $versions[] = array('name' => 'CAS Authentication',
  120. 'version' => self::PLUGIN_VERSION,
  121. 'author' => 'Craig Andrews',
  122. 'homepage' => GNUSOCIAL_ENGINE_REPO_URL . 'tree/master/plugins/CasAuthentication',
  123. // TRANS: Plugin description. CAS is Central Authentication Service.
  124. 'rawdescription' => _m('The CAS Authentication plugin allows for StatusNet to handle authentication through CAS (Central Authentication Service).'));
  125. return true;
  126. }
  127. }