You are here

Home » API reference » Shibboleth Authentication 7.4

shib_auth_profile.module in Shibboleth Authentication 7.4

Drupal Shibboleth authentication profile module.

File

shib_auth_profile/shib_auth_profile.module
View source 
<?php

/**
 * @file
 * Drupal Shibboleth authentication profile module.
 */

/**
 * Implements hook_field_info_alter().
 */
function shib_auth_profile_field_info_alter(&$info) {
  foreach ($info as $key => $_dc) {

    // Add a setting to all field types.
    $info[$key]['instance_settings'] += array(
      'shib_auth_profile' => array(
        'mode' => '',
        'server_variables' => '',
      ),
    );
  }
}

/**
 * Implements hook_form_FORM_ID_alter().
 */
function shib_auth_profile_form_field_ui_field_edit_form_alter(&$form, &$form_state) {
  $field = $form['#field'];
  $inst = $form['#instance'];
  if ($inst['entity_type'] == 'user' && !empty($field['columns']['value'])) {
    $form['instance']['settings']['shib_auth_profile']['mode'] = array(
      '#type' => 'select',
      '#title' => t('Shibboleth values'),
      '#options' => array(
        '' => t('Disabled'),
        'editable' => t('Initial value from Shibboleth, later editable by User'),
        'auto_update' => t('Always update value on User login, not editable by user'),
      ),
      '#default_value' => @$form['#instance']['settings']['shib_auth_profile']['mode'],
    );
    $form['instance']['settings']['shib_auth_profile']['server_variables'] = array(
      '#type' => 'textfield',
      '#title' => t('Server variable names'),
      '#default_value' => @$form['#instance']['settings']['shib_auth_profile']['server_variables'],
      '#description' => t('Server variable names in brackets, like: <em>[eppn]</em>. Available variables: <a href="@url">PHP Info</a>', array(
        '@url' => url('admin/reports/status/php/'),
      )),
      '#states' => array(
        'invisible' => array(
          ':input[name="instance[settings][shib_auth_profile][mode]"]' => array(
            'value' => '',
          ),
        ),
      ),
    );
  }
}

/**
 * Implements hook_user_login().
 */
function shib_auth_profile_user_login(&$edit, $account) {

  // Update user fields as long as we have a valid session and are not
  // masquerading.
  if (shib_auth_session_valid() && !isset($_SESSION['masquerading']) && !isset($account->masquerading)) {
    $edit_fields = _shib_auth_update_fields('login');
    user_save($account, $edit_fields);
  }
}

/**
 * Implements hook_user_presave().
 */
function shib_auth_profile_user_presave(&$edit, $account, $category) {

  /* Use a custom session variable to avoid a newly created user inheriting the
    Shibboleth fields of the administrator */
  if (!empty($_SESSION['shib_auth_register_in_progress']) && $account->is_new) {
    $edit_fields = _shib_auth_update_fields('insert');
    $edit = array_merge($edit, $edit_fields);
  }
}

/**
 * Helper function, actually update the fields on user_login or user_insert.
 */
function _shib_auth_update_fields($op) {
  $edit = array();
  foreach (field_read_fields(array(
    'entity_type' => 'user',
  )) as $field_name => $field) {
    foreach (field_read_instances(array(
      'field_id' => $field['id'],
    )) as $instance) {
      $mode = (string) @$instance['settings']['shib_auth_profile']['mode'];
      $value = (string) @$instance['settings']['shib_auth_profile']['server_variables'];
      if (empty($mode)) {
        continue;
      }
      if ($op == 'login' && $mode == 'editable') {
        continue;
      }

      /*  Replace all [foo] occurrences if "foo" is a Shibboleth attribute
            (header, CGI environment variable) i.e. $_SERVER[foo] exists, with
            the corresponding attribute value.
            If the attribute doesn't exist, it will remain unmolested ("[foo]").

            Note that an attribute name may only contain [a-zA-Z0-9_-] characters.
             */
      $replace_map = array();
      if (preg_match_all('/\\[([\\w-]+)\\]/', $value, $attributes)) {
        foreach ($attributes[1] as $a) {
          if (shib_auth_getenv($a) != NULL) {
            $replace_map['[' . $a . ']'] = shib_auth_getenv($a);
          }
        }
      }
      if ($replace_map) {
        $value = str_replace(array_keys($replace_map), array_values($replace_map), $value);
      }
      $edit[$field['field_name']][LANGUAGE_NONE][0]['value'] = $value;
    }
  }
  return $edit;
}

/**
 * Implements hook_FORM_ID_alter().
 */
function shib_auth_profile_form_user_profile_form_alter(&$form, &$form_state) {
  foreach (field_read_fields(array(
    'entity_type' => 'user',
  )) as $field_name => $field) {
    foreach (field_read_instances(array(
      'field_id' => $field['id'],
    )) as $instance) {
      $mode = (string) @$instance['settings']['shib_auth_profile']['mode'];
      if ($mode == 'auto_update') {
        $form[$field['field_name']]['#disabled'] = TRUE;
      }
    }
  }
}

Functions

Namesort descending Description
shib_auth_profile_field_info_alter Implements hook_field_info_alter().
shib_auth_profile_form_field_ui_field_edit_form_alter Implements hook_form_FORM_ID_alter().
shib_auth_profile_form_user_profile_form_alter Implements hook_FORM_ID_alter().
shib_auth_profile_user_login Implements hook_user_login().
shib_auth_profile_user_presave Implements hook_user_presave().
_shib_auth_update_fields Helper function, actually update the fields on user_login or user_insert.