drupalauth4ssp.module in DrupalAuth for SimpleSAMLphp 7
Same filename and directory in other branches
DrupalAuth For simpleSAMLphp module.
This module tightly integrates the SimpleSAMLphp Identity Provider login experience with a Drupal site.
File
drupalauth4ssp.moduleView source
<?php
/**
* @file
* DrupalAuth For simpleSAMLphp module.
*
* This module tightly integrates the SimpleSAMLphp Identity Provider login experience with a Drupal site.
*/
/**
* Implements hook_menu().
*/
function drupalauth4ssp_menu() {
$items = array();
$items['admin/config/people/drupalauth4ssp'] = array(
'title' => 'Drupalauth for SimpleSAMLphp Settings',
'description' => 'Control the various settings of the drupalauth4ssp module',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'drupalauth4ssp_settings',
),
'access arguments' => array(
'administer drupalauth4ssp',
),
'file' => 'drupalauth4ssp.admin.inc',
'type' => MENU_LOCAL_TASK | MENU_NORMAL_ITEM,
);
return $items;
}
/**
* Implements hook_admin_paths().
*/
function drupalauth4ssp_admin_paths() {
return array(
'admin/config/people/drupalauth4ssp' => TRUE,
);
}
/**
* Implements hook_permission().
*/
function drupalauth4ssp_permission() {
return array(
'administer drupalauth4ssp' => array(
'title' => t('Administer drupalauth4ssp'),
'description' => t('Warning: Give to trusted roles only; this permission has security implications.'),
),
);
}
/**
* Implements hook_user_login().
*/
function drupalauth4ssp_user_login(&$edit, $account) {
_drupalauth4ssp_exec($account);
}
/**
* Implements hook_user_logout().
*/
function drupalauth4ssp_user_logout($account) {
// Get the configuration information from SimpleSAMLphp.
$ssp_config = _drupalauth4ssp_get_simplesamlphp_config();
// If we don't have configuration, exit without doing anything.
if (!is_array($ssp_config)) {
// The least we can do is write something to the watchdog so someone will know what's happening.
watchdog('drupalauth4ssp', 'Could not use drupalauth for %name, could not get the SimpleSAMLphp configuration.', array(
'%name' => $account->name,
));
return;
}
// Delete the cookie.
setcookie($ssp_config['cookie_name'], sha1($ssp_config['secretsalt'] . $account->uid) . ':' . $account->uid, time() - 3600, $ssp_config['baseurlpath']);
// Invalidate SimpleSAML session by expiring it.
$session = SimpleSAML_Session::getSessionFromRequest();
// Backward compatibility with SimpleSAMP older than 1.14.
// SimpleSAML_Session::getAuthority() has been removed in 1.14.
// @see https://simplesamlphp.org/docs/development/simplesamlphp-upgrade-notes-1.14
if (method_exists($session, 'getAuthority')) {
$session
->setAuthorityExpire($session
->getAuthority(), 1);
}
else {
foreach ($session
->getAuthorities() as $authority) {
$session
->setAuthorityExpire($authority, 1);
}
}
// If the ReturnTo URL is present, send the user to the URL.
if (isset($_GET['ReturnTo']) && $_GET['ReturnTo']) {
$destination =& drupal_static(__FUNCTION__);
$destination = $_GET['ReturnTo'];
// Check the ReturnTo if it's in the allowed list.
if (!drupalauth4ssp_valid_returnto_parameter()) {
$destination = FALSE;
}
}
}
/**
* Implements hook_drupal_goto_alter().
*/
function drupalauth4ssp_drupal_goto_alter(&$path, &$options, &$http_response_code) {
$destination =& drupal_static('drupalauth4ssp_user_logout');
if (!$path && $destination) {
drupal_goto($destination);
}
}
/**
* Implements hook_user_view().
*/
function drupalauth4ssp_user_view($account, $view_mode, $langcode) {
global $user;
if ($user->uid == $account->uid) {
_drupalauth4ssp_exec($account);
}
}
/**
* Returns the SimpleSAMLphp configuration.
*/
function _drupalauth4ssp_get_simplesamlphp_config() {
$config = NULL;
if (!drupalauth4ssp_include_simplesamlphp_library()) {
return;
}
$ssp_config = SimpleSAML_Configuration::getInstance();
if (!is_object($ssp_config)) {
return;
}
// Get the secretsalt.
$config['secretsalt'] = $ssp_config
->getValue('secretsalt');
// Get the baseurlpath.
$config['baseurlpath'] = '/' . $ssp_config
->getBaseURL();
unset($ssp_config);
$ssp_authsources = SimpleSAML_Configuration::getConfig('authsources.php');
$authsource = $ssp_authsources
->getValue(drupalauth4ssp_get_simplesamlphp_authsource());
// get cookie_name from specified authsource
$config['cookie_name'] = !empty($authsource['cookie_name']) ? $authsource['cookie_name'] : 'drupalauth4ssp';
unset($ssp_authsources);
// Make sure every configuration setting is present.
foreach ($config as $val) {
if (!strlen($val)) {
return;
}
}
return $config;
}
/**
* Sets a special cookie for drupalauth4ssp.
*/
function _drupalauth4ssp_exec($account) {
// Get the configuration information from SimpleSAMLphp.
$ssp_config = _drupalauth4ssp_get_simplesamlphp_config();
// If we don't have configuration, exit without doing anything.
if (!is_array($ssp_config)) {
// The least we can do is write something to the watchdog so someone will know what's happening.
watchdog('drupalauth4ssp', 'Could not use drupalauth for %name, could not get the SimpleSAMLphp configuration.', array(
'%name' => $account->name,
));
return;
}
// Store the authenticated user's uid in the cookie (create a validation hash to ensure nobody tampers with the uid).
setcookie($ssp_config['cookie_name'], sha1($ssp_config['secretsalt'] . $account->uid) . ':' . $account->uid, 0, $ssp_config['baseurlpath']);
// If the ReturnTo URL is present, send the user to the URL.
if (isset($_GET['ReturnTo']) && $_GET['ReturnTo']) {
// Check the ReturnTo if it's in the allowed list.
if (!drupalauth4ssp_valid_returnto_parameter()) {
return;
}
header('Location: ' . $_GET['ReturnTo']);
die;
}
}
/**
* Include simpleSAMLphp library.
*
* @return bool
* Display whether library has been included or not.
*/
function drupalauth4ssp_include_simplesamlphp_library() {
// Get the simplesamlphp session.
$basedir = drupalauth4ssp_get_simplesamlphp_library_dir();
$autoload_file = $basedir . '/lib/_autoload.php';
// If variable is not defined or dir is not exist.
if (!strlen($basedir) || !file_exists($basedir) || !file_exists($autoload_file)) {
return FALSE;
}
require_once $basedir . '/lib/_autoload.php';
return TRUE;
}
/**
* Returns "installdir" variable.
*/
function drupalauth4ssp_get_simplesamlphp_library_dir() {
return variable_get('drupalauth4ssp_installdir', NULL);
}
/**
* Returns "drupalauth4ssp_authsource" variable.
*/
function drupalauth4ssp_get_simplesamlphp_authsource() {
return variable_get('drupalauth4ssp_authsource', NULL);
}
/**
* Check the ReturnTo query parameter if it's in the allowed list.
*
* @return bool
* True if ReturnTo parameter is in the allowed list, False otherwise.
*/
function drupalauth4ssp_valid_returnto_parameter() {
return drupal_match_path($_GET['ReturnTo'], variable_get('drupalauth4ssp_returnto_list', ''));
}
Functions
Name | Description |
---|---|
drupalauth4ssp_admin_paths | Implements hook_admin_paths(). |
drupalauth4ssp_drupal_goto_alter | Implements hook_drupal_goto_alter(). |
drupalauth4ssp_get_simplesamlphp_authsource | Returns "drupalauth4ssp_authsource" variable. |
drupalauth4ssp_get_simplesamlphp_library_dir | Returns "installdir" variable. |
drupalauth4ssp_include_simplesamlphp_library | Include simpleSAMLphp library. |
drupalauth4ssp_menu | Implements hook_menu(). |
drupalauth4ssp_permission | Implements hook_permission(). |
drupalauth4ssp_user_login | Implements hook_user_login(). |
drupalauth4ssp_user_logout | Implements hook_user_logout(). |
drupalauth4ssp_user_view | Implements hook_user_view(). |
drupalauth4ssp_valid_returnto_parameter | Check the ReturnTo query parameter if it's in the allowed list. |
_drupalauth4ssp_exec | Sets a special cookie for drupalauth4ssp. |
_drupalauth4ssp_get_simplesamlphp_config | Returns the SimpleSAMLphp configuration. |