You are here

Home » API reference » CAS 6.3 » cas.module

function cas_login_check in CAS 6.3

Same name and namespace in other branches
  1. 5.4 cas.module \cas_login_check()
  2. 5 cas.module \cas_login_check()
  3. 5.3 cas.module \cas_login_check()
  4. 6 cas.module \cas_login_check()
  5. 6.2 cas.module \cas_login_check()
  6. 7 cas.module \cas_login_check()

Checks to see if the user needs to be logged in.

Parameters

$force_authentication: If TRUE, require that the user be authenticated with the CAS server before proceeding. Otherwise, check with the CAS server to see if the user is already logged in.

1 call to cas_login_check()
cas_init in ./cas.module
Implementation of hook_init().

File

./cas.module, line 58
Enables users to authenticate via a Central Authentication Service (CAS) Cas will currently work if the auto registration is turned on and will create user accounts automatically.

Code

function cas_login_check($force_authentication = TRUE) {
  global $user;
  if ($user->uid) {

    //Don't Login  because we already are
    return;
  }
  if (!cas_phpcas_load()) {

    // No need to print a message, as the user will already see the failed
    // include_once calls.
    return;
  }

  // Start a Drupal session, if necessary.
  if (function_exists('drupal_session_start')) {

    // PressFlow (and D7) require manually starting the session. Failure to
    // do so will result in an infinite redirection loop as phpCAS requires
    // a valid session to complete the authentication process.
    drupal_session_start();
  }
  _cas_single_sign_out_save_ticket();

  // We use this later for CAS 3 logoutRequests
  // Initialize phpCAS.
  cas_phpcas_init();

  // We're going to try phpCAS auth test
  if ($force_authentication) {
    phpCAS::forceAuthentication();
  }
  else {
    $logged_in = phpCAS::checkAuthentication();

    // Set the login tested cookie
    setcookie('cas_login_checked', 'true');

    // We're done cause we're not logged in.
    if (!$logged_in) {
      return;
    }
  }

  // Build the cas_user object and allow modules to alter it.
  $cas_user = array(
    'name' => phpCAS::getUser(),
    'login' => TRUE,
    'register' => variable_get('cas_user_register', TRUE),
    'attributes' => cas_phpcas_attributes(),
  );
  drupal_alter('cas_user', $cas_user);

  // Bail out if a module denied login access for this user or unset the user
  // name.
  if (empty($cas_user['login']) || empty($cas_user['name'])) {

    // Only set a warning if we forced login.
    if ($force_authentication) {
      drupal_set_message(t('The user account %name is not available on this site.', array(
        '%name' => $cas_user['name'],
      )), 'error');
    }
    return;
  }

  // Proceed with the login process, using the altered CAS username.
  $cas_name = $cas_user['name'];

  // blocked user check
  $blocked = FALSE;
  if (_cas_external_user_is_blocked($cas_name)) {
    $blocked = 'The username %cas_name has been blocked.';
  }
  elseif (drupal_is_denied('user', $cas_name)) {

    // denied by access controls
    $blocked = 'The name %cas_name is a reserved username.';
  }
  if ($blocked) {

    // Only display error messages only if the user intended to log in.
    if ($force_authentication) {
      watchdog('cas', $blocked, array(
        '%cas_name' => $cas_name,
      ), WATCHDOG_WARNING);
      drupal_set_message(t($blocked, array(
        '%cas_name' => $cas_name,
      )), 'error');
    }
    return;
  }
  $account = cas_user_load_by_name($cas_name);

  // Automatic user registration.
  if (!$account && $cas_user['register']) {

    // No account could be found and auto registration is enabled, so attempt
    // to register a new user.
    $account = cas_user_register($cas_name);
    if (!$account) {

      // The account could not be created, set a message.
      if ($force_authentication) {
        drupal_set_message(t('A new account could not be created for %cas_name. The username is already in use on this site.', array(
          '%cas_name' => $cas_name,
        )), 'error');
      }
      return;
    }
  }

  // final check to make sure we have a good user
  if ($account && $account->uid > 0) {

    // Save the altered CAS name for future use.
    $_SESSION['cas_name'] = $cas_name;
    $cas_first_login = !$account->login;

    // Save single sign out information
    if (!empty($_SESSION['cas_ticket'])) {
      _cas_single_sign_out_save_token($account);
    }

    // Populate $edit with some basic properties.
    $edit['cas_user'] = $cas_user;
    $edit['roles'] = $account->roles + cas_roles();
    if (module_exists('persistent_login') && $_SESSION['cas_remember']) {
      $edit['persistent_login'] = 1;
    }

    // Allow other modules to make their own custom changes.
    cas_user_module_invoke('presave', $edit, $account);

    // Clean up extra variables before saving.
    unset($edit['cas_user']);

    // Save the user account and log the user in.
    $user = user_save($account, $edit);
    user_authenticate_finalize($edit);
    drupal_set_message(t(variable_get('cas_login_message', 'Logged in via CAS as %cas_username.'), array(
      '%cas_username' => $user->name,
    )));
    if (!empty($edit['persistent_login'])) {
      drupal_set_message(t('You will remain logged in on this computer even after you close your browser.'));
    }
    cas_login_page($cas_first_login);
  }
  else {
    $user = drupal_anonymous_user();

    // Only display error messages only if the user intended to log in.
    if ($force_authentication) {
      drupal_set_message(t('No account found for %cas_name.', array(
        '%cas_name' => $cas_name,
      )), 'error');
    }
  }
}