You are here

drupalauth4ssp.module in DrupalAuth for SimpleSAMLphp 7

Same filename and directory in other branches
  1. 8 drupalauth4ssp.module

DrupalAuth For simpleSAMLphp module.

This module tightly integrates the SimpleSAMLphp Identity Provider login experience with a Drupal site.

File

drupalauth4ssp.module
View source
<?php

/**
 * @file
 * DrupalAuth For simpleSAMLphp module.
 *
 * This module tightly integrates the SimpleSAMLphp Identity Provider login experience with a Drupal site.
 */

/**
 * Implements hook_menu().
 */
function drupalauth4ssp_menu() {
  $items = array();
  $items['admin/config/people/drupalauth4ssp'] = array(
    'title' => 'Drupalauth for SimpleSAMLphp Settings',
    'description' => 'Control the various settings of the drupalauth4ssp module',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'drupalauth4ssp_settings',
    ),
    'access arguments' => array(
      'administer drupalauth4ssp',
    ),
    'file' => 'drupalauth4ssp.admin.inc',
    'type' => MENU_LOCAL_TASK | MENU_NORMAL_ITEM,
  );
  return $items;
}

/**
 * Implements hook_admin_paths().
 */
function drupalauth4ssp_admin_paths() {
  return array(
    'admin/config/people/drupalauth4ssp' => TRUE,
  );
}

/**
 * Implements hook_permission().
 */
function drupalauth4ssp_permission() {
  return array(
    'administer drupalauth4ssp' => array(
      'title' => t('Administer drupalauth4ssp'),
      'description' => t('Warning: Give to trusted roles only; this permission has security implications.'),
    ),
  );
}

/**
 * Implements hook_user_login().
 */
function drupalauth4ssp_user_login(&$edit, $account) {
  _drupalauth4ssp_exec($account);
}

/**
 * Implements hook_user_logout().
 */
function drupalauth4ssp_user_logout($account) {

  // Get the configuration information from SimpleSAMLphp.
  $ssp_config = _drupalauth4ssp_get_simplesamlphp_config();

  // If we don't have configuration, exit without doing anything.
  if (!is_array($ssp_config)) {

    // The least we can do is write something to the watchdog so someone will know what's happening.
    watchdog('drupalauth4ssp', 'Could not use drupalauth for %name, could not get the SimpleSAMLphp configuration.', array(
      '%name' => $account->name,
    ));
    return;
  }

  // Delete the cookie.
  setcookie($ssp_config['cookie_name'], sha1($ssp_config['secretsalt'] . $account->uid) . ':' . $account->uid, time() - 3600, $ssp_config['baseurlpath']);

  // Invalidate SimpleSAML session by expiring it.
  $session = SimpleSAML_Session::getSessionFromRequest();

  // Backward compatibility with SimpleSAMP older than 1.14.
  // SimpleSAML_Session::getAuthority() has been removed in 1.14.
  // @see https://simplesamlphp.org/docs/development/simplesamlphp-upgrade-notes-1.14
  if (method_exists($session, 'getAuthority')) {
    $session
      ->setAuthorityExpire($session
      ->getAuthority(), 1);
  }
  else {
    foreach ($session
      ->getAuthorities() as $authority) {
      $session
        ->setAuthorityExpire($authority, 1);
    }
  }

  // If the ReturnTo URL is present, send the user to the URL.
  if (isset($_GET['ReturnTo']) && $_GET['ReturnTo']) {
    $destination =& drupal_static(__FUNCTION__);
    $destination = $_GET['ReturnTo'];

    // Check the ReturnTo if it's in the allowed list.
    if (!drupalauth4ssp_valid_returnto_parameter()) {
      $destination = FALSE;
    }
  }
}

/**
 * Implements hook_drupal_goto_alter().
 */
function drupalauth4ssp_drupal_goto_alter(&$path, &$options, &$http_response_code) {
  $destination =& drupal_static('drupalauth4ssp_user_logout');
  if (!$path && $destination) {
    drupal_goto($destination);
  }
}

/**
 * Implements hook_user_view().
 */
function drupalauth4ssp_user_view($account, $view_mode, $langcode) {
  global $user;
  if ($user->uid == $account->uid) {
    _drupalauth4ssp_exec($account);
  }
}

/**
 * Returns the SimpleSAMLphp configuration.
 */
function _drupalauth4ssp_get_simplesamlphp_config() {
  $config = NULL;
  if (!drupalauth4ssp_include_simplesamlphp_library()) {
    return;
  }
  $ssp_config = SimpleSAML_Configuration::getInstance();
  if (!is_object($ssp_config)) {
    return;
  }

  // Get the secretsalt.
  $config['secretsalt'] = $ssp_config
    ->getValue('secretsalt');

  // Get the baseurlpath.
  $config['baseurlpath'] = '/' . $ssp_config
    ->getBaseURL();
  unset($ssp_config);
  $ssp_authsources = SimpleSAML_Configuration::getConfig('authsources.php');
  $authsource = $ssp_authsources
    ->getValue(drupalauth4ssp_get_simplesamlphp_authsource());

  // get cookie_name from specified authsource
  $config['cookie_name'] = !empty($authsource['cookie_name']) ? $authsource['cookie_name'] : 'drupalauth4ssp';
  unset($ssp_authsources);

  // Make sure every configuration setting is present.
  foreach ($config as $val) {
    if (!strlen($val)) {
      return;
    }
  }
  return $config;
}

/**
 * Sets a special cookie for drupalauth4ssp.
 */
function _drupalauth4ssp_exec($account) {

  // Get the configuration information from SimpleSAMLphp.
  $ssp_config = _drupalauth4ssp_get_simplesamlphp_config();

  // If we don't have configuration, exit without doing anything.
  if (!is_array($ssp_config)) {

    // The least we can do is write something to the watchdog so someone will know what's happening.
    watchdog('drupalauth4ssp', 'Could not use drupalauth for %name, could not get the SimpleSAMLphp configuration.', array(
      '%name' => $account->name,
    ));
    return;
  }

  // Store the authenticated user's uid in the cookie (create a validation hash to ensure nobody tampers with the uid).
  setcookie($ssp_config['cookie_name'], sha1($ssp_config['secretsalt'] . $account->uid) . ':' . $account->uid, 0, $ssp_config['baseurlpath']);

  // If the ReturnTo URL is present, send the user to the URL.
  if (isset($_GET['ReturnTo']) && $_GET['ReturnTo']) {

    // Check the ReturnTo if it's in the allowed list.
    if (!drupalauth4ssp_valid_returnto_parameter()) {
      return;
    }
    header('Location: ' . $_GET['ReturnTo']);
    die;
  }
}

/**
 * Include simpleSAMLphp library.
 *
 * @return bool
 *   Display whether library has been included or not.
 */
function drupalauth4ssp_include_simplesamlphp_library() {

  // Get the simplesamlphp session.
  $basedir = drupalauth4ssp_get_simplesamlphp_library_dir();
  $autoload_file = $basedir . '/lib/_autoload.php';

  // If variable is not defined or dir is not exist.
  if (!strlen($basedir) || !file_exists($basedir) || !file_exists($autoload_file)) {
    return FALSE;
  }
  require_once $basedir . '/lib/_autoload.php';
  return TRUE;
}

/**
 * Returns "installdir" variable.
 */
function drupalauth4ssp_get_simplesamlphp_library_dir() {
  return variable_get('drupalauth4ssp_installdir', NULL);
}

/**
 * Returns "drupalauth4ssp_authsource" variable.
 */
function drupalauth4ssp_get_simplesamlphp_authsource() {
  return variable_get('drupalauth4ssp_authsource', NULL);
}

/**
 * Check the ReturnTo query parameter if it's in the allowed list.
 *
 * @return bool
 *   True if ReturnTo parameter is in the allowed list, False otherwise.
 */
function drupalauth4ssp_valid_returnto_parameter() {
  return drupal_match_path($_GET['ReturnTo'], variable_get('drupalauth4ssp_returnto_list', ''));
}

Functions

Namesort descending Description
drupalauth4ssp_admin_paths Implements hook_admin_paths().
drupalauth4ssp_drupal_goto_alter Implements hook_drupal_goto_alter().
drupalauth4ssp_get_simplesamlphp_authsource Returns "drupalauth4ssp_authsource" variable.
drupalauth4ssp_get_simplesamlphp_library_dir Returns "installdir" variable.
drupalauth4ssp_include_simplesamlphp_library Include simpleSAMLphp library.
drupalauth4ssp_menu Implements hook_menu().
drupalauth4ssp_permission Implements hook_permission().
drupalauth4ssp_user_login Implements hook_user_login().
drupalauth4ssp_user_logout Implements hook_user_logout().
drupalauth4ssp_user_view Implements hook_user_view().
drupalauth4ssp_valid_returnto_parameter Check the ReturnTo query parameter if it's in the allowed list.
_drupalauth4ssp_exec Sets a special cookie for drupalauth4ssp.
_drupalauth4ssp_get_simplesamlphp_config Returns the SimpleSAMLphp configuration.