diff --git a/README.txt b/README.txt
index 29b1725..b69f049 100644
--- a/README.txt
+++ b/README.txt
@@ -14,7 +14,8 @@ identity attribute values.
an SP visit: http://www.simplesamlphp.org.
IMPORTANT: Your SP must be configured to use something other than phpsession
- for session storage (in config/config.php set store.type => 'memcache' or 'sql').
+ for session storage (in config/config.php set store.type => 'memcache'
+ or 'sql').
To use memcache session handling you must have memcached installed on your
server and PHP must have the memcache extension. For more information on
@@ -27,7 +28,8 @@ identity attribute values.
-- INSTALLATION --
-Assuming the prerequisites have been met, installation of this module is just like any other Drupal module.
+Assuming the prerequisites have been met, installation of this module is just
+like any other Drupal module.
1) Download the module
2) Uncompress it
diff --git a/simplesamlphp_auth.admin.inc b/simplesamlphp_auth.admin.inc
index 769d8ae..7e0391c 100644
--- a/simplesamlphp_auth.admin.inc
+++ b/simplesamlphp_auth.admin.inc
@@ -1,14 +1,19 @@
= 1 && $ver[1] >= 5) ) {
+ if (!($ver[0] >= 1 && $ver[1] >= 5)) {
drupal_set_message(t("Please upgrade SimpleSAMLphp. You are using %ssp_version", array('%ssp_version' => $_simplesamlphp_auth_saml_version)), 'warning');
}
}
@@ -52,7 +57,7 @@ function simplesamlphp_auth_settings() {
);
$form['simplesamlphp_auth_grp_user']['simplesamlphp_auth_user_name'] = array(
'#type' => 'textfield',
- '#title' => t('Which attribute from simpleSAMLphp should be used as user\'s name'),
+ '#title' => t("Which attribute from simpleSAMLphp should be used as user's name"),
'#default_value' => variable_get('simplesamlphp_auth_user_name', 'eduPersonPrincipalName'),
'#description' => t('Example: eduPersonPrincipalName or displayName
If the attribute is multivalued, the first value will be used.'),
'#required' => TRUE,
@@ -93,7 +98,7 @@ function simplesamlphp_auth_settings() {
'#type' => 'checkbox',
'#title' => t('Register users (i.e., auto-provisioning)'),
'#default_value' => variable_get('simplesamlphp_auth_registerusers', TRUE),
- '#description' => t('Determines wether or not the module should automatically create/register new Drupal accounts for users that authenticate using SimpleSAMLphp. Unless you\'ve done some custom work to provision Drupal accounts with the necessary authmap entries you will want this checked.
NOTE: If unchecked each user must already have been provisioned a Drupal account with an appropriate entry in the authmap table before logging in. Otherwise they will receive a notice and be denied access. Be aware that simply creating a Drupal account will not create the necessary entry in the authmap table.'),
+ '#description' => t("Determines wether or not the module should automatically create/register new Drupal accounts for users that authenticate using SimpleSAMLphp. Unless you've done some custom work to provision Drupal accounts with the necessary authmap entries you will want this checked. NOTE: If unchecked each user must already have been provisioned a Drupal account with an appropriate entry in the authmap table before logging in. Otherwise they will receive a notice and be denied access. Be aware that simply creating a Drupal account will not create the necessary entry in the authmap table."),
);
$form['simplesamlphp_auth_grp_auth'] = array(
@@ -133,7 +138,7 @@ function simplesamlphp_auth_settings() {
'#type' => 'textfield',
'#title' => t('Optionally, specify a URL for users to go to after logging out'),
'#default_value' => variable_get('simplesamlphp_auth_logoutgotourl', ''),
- '#description' => t('Example: ' . $base_url),
+ '#description' => t('Example: @base_url', array('@base_url' => $base_url)),
);
return system_settings_form($form);
diff --git a/simplesamlphp_auth.info b/simplesamlphp_auth.info
index e7320ae..c648101 100644
--- a/simplesamlphp_auth.info
+++ b/simplesamlphp_auth.info
@@ -1,5 +1,4 @@
name = simpleSAMLphp authentication
description = Allows users to authenticate to a remote SAML identity provider (IdP) via a locally configured SimpleSAMLphp service point (SP).
-php = 5.1
core = 7.x
configure = admin/config/people/simplesamlphp_auth
diff --git a/simplesamlphp_auth.module b/simplesamlphp_auth.module
index 2e8a572..5f34446 100644
--- a/simplesamlphp_auth.module
+++ b/simplesamlphp_auth.module
@@ -19,9 +19,9 @@
* via the Request new password feature.
* KLUDGE: Drupal does not kill the session on logout, even with
* drupal_session_destroy_uid(), so I had to use session_destroy().
- * @todo Rework the default login limitation logic to use a drupal permission
+ * @todo Rework the default login limitation logic to use a drupal permission
* rather than a list of UIDs.
- * @todo When denying access because the administrator has chosen not to allow
+ * @todo When denying access because the administrator has chosen not to allow
* the module to register/create accounts, the user is told to contact
* the administrator; the message should provide the contact information.
* ISSUE: Until Drupal issue #754560 is resolved users will not see logout
@@ -35,21 +35,21 @@ function simplesamlphp_auth_menu() {
$items = array();
$items['admin/config/people/simplesamlphp_auth'] = array(
- 'title' => 'SimpleSAMLphp Auth Settings',
- 'description' => 'Control the various settings of the simpleSAMLphp authentication module',
- 'page callback' => 'drupal_get_form',
- 'page arguments' => array('simplesamlphp_auth_settings'),
+ 'title' => 'SimpleSAMLphp Auth Settings',
+ 'description' => 'Control the various settings of the simpleSAMLphp authentication module',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('simplesamlphp_auth_settings'),
'access arguments' => array('administer simpleSAMLphp authentication'),
- 'type' => MENU_LOCAL_TASK | MENU_NORMAL_ITEM,
- 'file' => 'simplesamlphp_auth.admin.inc',
+ 'type' => MENU_LOCAL_TASK | MENU_NORMAL_ITEM,
+ 'file' => 'simplesamlphp_auth.admin.inc',
);
$items['saml_login'] = array(
- 'title' => 'Logon to the site',
- 'description' => 'Provides a site login page',
- 'page callback' => 'simplesamlphp_auth_loginpage',
+ 'title' => 'Logon to the site',
+ 'description' => 'Provides a site login page',
+ 'page callback' => 'simplesamlphp_auth_loginpage',
'access callback' => TRUE,
- 'type' => MENU_CALLBACK,
+ 'type' => MENU_CALLBACK,
);
return $items;
@@ -73,14 +73,14 @@ function simplesamlphp_auth_help($path, $arg) {
function simplesamlphp_auth_permission() {
return array(
'administer simpleSAMLphp authentication' => array(
- 'title' => t('Administer simpleSAMLphp authentication'),
+ 'title' => t('Administer simpleSAMLphp authentication'),
'description' => t('Warning: Give to trusted roles only; this permission has security implications.'),
),
);
}
/**
- * Represents the Drupal page (saml_login), which triggers user authentication against the SimpleSAMLphp service provider.
+ * The /saml_login which triggers user authentication to SimpleSAMLphp SP.
*/
function simplesamlphp_auth_loginpage() {
global $user;
@@ -88,21 +88,21 @@ function simplesamlphp_auth_loginpage() {
global $_simplesamlphp_auth_as;
global $_simplesamlphp_auth_saml_attributes;
- $fail = NULL;
+ $fail = NULL;
$output = NULL;
if (!_simplesamlphp_auth_isEnabled()) {
// Exit without initializing.
- drupal_set_message(t('We\'re sorry this feature is not yet enabled.'));
+ drupal_set_message(t("We're sorry this feature is not yet enabled."));
return '';
}
// Do some sanity checking before attempting anything.
- $config = SimpleSAML_Configuration::getInstance();
- $configStoreType = $config->getValue('store.type');
+ $config = SimpleSAML_Configuration::getInstance();
+ $config_store_type = $config->getValue('store.type');
// Make sure phpsession is NOT being used.
- if ($configStoreType == 'phpsession') {
+ if ($config_store_type == 'phpsession') {
watchdog('simplesamlphp_auth', 'A user attempted to login using simplesamlphp but the store.type is phpsession, use memcache or sql for simplesamlphp session storage. See: simplesamlphp/config/config.php.', NULL, WATCHDOG_WARNING);
$fail = TRUE;
}
@@ -113,43 +113,43 @@ function simplesamlphp_auth_loginpage() {
$fail = TRUE;
}
- // There was a problem, we can't go on, but we don't want to tell the user any specifics either.
+ // There was a problem, we can't go on, but we don't want to tell the user
+ // any specifics either.
if ($fail) {
- drupal_set_message(t('We\'re sorry. There was a problem. The issue has been logged for the administrator.'));
+ drupal_set_message(t("We're sorry. There was a problem. The issue has been logged for the administrator."));
drupal_goto(base_path());
}
- $returnto = NULL;
+ $returnto = NULL;
// Support for deep linking.
-
- // See if a URL has been explicitly provided in ReturnTo. If so, use it (as long as it points to this site).
+ // See if a URL has been explicitly provided in ReturnTo.
if ((isset($_REQUEST['ReturnTo']) && $_REQUEST['ReturnTo']) &&
- (valid_url($_REQUEST['ReturnTo']) && stristr($_REQUEST['ReturnTo'], $base_url))) {
+ (valid_url($_REQUEST['ReturnTo']) && stristr($_REQUEST['ReturnTo'], $base_url))
+ ) {
- $returnto = $_REQUEST['ReturnTo'];
+ $returnto = $_REQUEST['ReturnTo'];
- // If not, see if a REFERER URL is available. If so, use it (as long as it points to this site).
+ // Check if REFERER URL is available and use it if it points to the site.
}
elseif ((isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']) &&
- (valid_url($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'], $base_url))) {
+ (valid_url($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'], $base_url))
+ ) {
- $returnto = $_SERVER['HTTP_REFERER'];
+ $returnto = $_SERVER['HTTP_REFERER'];
}
- // If the user is anonymous, set the cookie (if we can) and require authentication.
+ // If the user is anonymous, set the cookie and require authentication.
if ($user->uid == 0) {
if ($returnto) {
- // Set the cookie so we can deliver the user to the place they started
- setrawcookie('simplesamlphp_auth_returnto', $returnto, time()+60*60);
+ // Set the cookie so we can deliver the user to the place they started.
+ setrawcookie('simplesamlphp_auth_returnto', $returnto, time() + 60 * 60);
}
// Require the user to be authenticated.
$_simplesamlphp_auth_as->requireAuth();
-
-
- // If the user is authenticated, send them along.
+ // If the user is authenticated, send them along.
}
else {
@@ -157,18 +157,16 @@ function simplesamlphp_auth_loginpage() {
// Check to see if we've set a cookie. If there is one, give it priority.
if (isset($_COOKIE['simplesamlphp_auth_returnto']) && $_COOKIE['simplesamlphp_auth_returnto']) {
- // use the cookie for the ReturnTo
+ // Use the cookie for the ReturnTo.
$gotourl = $_COOKIE['simplesamlphp_auth_returnto'];
- // unset the cookie
+ // Unset the cookie.
setrawcookie('simplesamlphp_auth_returnto', '');
}
elseif ($returnto) {
$gotourl = $returnto;
}
-
-
// If a ReturnTo has been set.
if ($gotourl) {
drupal_goto(str_replace($base_url . '/', '', $gotourl));
@@ -176,9 +174,7 @@ function simplesamlphp_auth_loginpage() {
else {
drupal_goto('user/' . $user->uid);
}
-
}
-
return $output;
}
@@ -200,13 +196,13 @@ function simplesamlphp_auth_init() {
// Get the simplesamlphp session.
$basedir = variable_get('simplesamlphp_auth_installdir', '/var/simplesamlphp');
- require_once($basedir . '/lib/_autoload.php');
+ require_once $basedir . '/lib/_autoload.php';
- $_simplesamlphp_auth_saml_config = SimpleSAML_Configuration::getInstance();
+ $_simplesamlphp_auth_saml_config = SimpleSAML_Configuration::getInstance();
$_simplesamlphp_auth_saml_version = $_simplesamlphp_auth_saml_config->getVersion();
// Load simpleSAMLphp, configuration and metadata.
- $_simplesamlphp_auth_as = new SimpleSAML_Auth_Simple(variable_get('simplesamlphp_auth_authsource', 'default-sp'));
+ $_simplesamlphp_auth_as = new SimpleSAML_Auth_Simple(variable_get('simplesamlphp_auth_authsource', 'default-sp'));
$_simplesamlphp_auth_saml_attributes = $_simplesamlphp_auth_as->getAttributes();
if ($user->uid == 0) {
@@ -216,19 +212,23 @@ function simplesamlphp_auth_init() {
// Get unique identifier from saml attributes.
$authname = _simplesamlphp_auth_get_authname();
- _simplesaml_auth_debug(t('Authname is [%authname] userid is [%uid]', array('%authname' => $authname, '%uid' => $user->uid)));
+ _simplesaml_auth_debug(t('Authname is [%authname] userid is [%uid]', array(
+ '%authname' => $authname,
+ '%uid' => $user->uid,
+ )));
if (!empty($authname)) {
- // User is logged in with SAML authentication and we got the unique identifier.
- // Try to log into Drupal.
+ // User is logged in with SAML authentication and we got the unique
+ // identifier and try to log into Drupal.
_simplesaml_auth_debug(t('Load user [%authname]', array('%authname' => $authname)));
// Retrieve user mapping and attempt to log the user in.
- $ext_user = user_external_load($authname);
+ $ext_user = user_external_load($authname);
$skip_user_finalization = FALSE;
if (!$ext_user) {
- // First we check the admin settings for simpleSAMLphp and find out if we are allowed to register users.
+ // First we check the admin settings for simpleSAMLphp and find out
+ // if we are allowed to register users.
if (variable_get('simplesamlphp_auth_registerusers', TRUE)) {
// We are allowed to register new users.
@@ -239,15 +239,17 @@ function simplesamlphp_auth_init() {
if ($user) {
// Populate roles based on configuration setting.
- $roles = _simplesamlphp_auth_rolepopulation(variable_get('simplesamlphp_auth_rolepopulation', ''));
+ $roles = _simplesamlphp_auth_rolepopulation(variable_get('simplesamlphp_auth_rolepopulation', ''));
$userinfo = array('roles' => $roles);
- $user = user_save($user, $userinfo); // @todo - Fjernet rolle-delen her da den gav en bra feilmelding når roller ikke finnes ;)
+ // @todo Removed role here as it errors when roles are not set.
+ $user = user_save($user, $userinfo);
}
}
else {
- // We are not allowed to register new users on the site through simpleSAML.
- // We let the user know about this and redirect to the user/login page.
+ // We are not allowed to register new users on the site through
+ // simpleSAML. We let the user know about this and redirect to the
+ // user/login page.
$msg = t("We are sorry. While you have successfully authenticated, you are not yet entitled to access this site. Please ask the site administrator to provision access for you.");
drupal_set_message(check_plain($msg));
$_simplesamlphp_auth_as->logout(base_path());
@@ -256,13 +258,12 @@ function simplesamlphp_auth_init() {
else {
// If successfully logged into Drupal.
// See if we're supposed to re-evaluate role assignments.
-
if (variable_get('simplesamlphp_auth_roleevaleverytime', 0)) {
// If the user is already registered...
// Update the roles.
// Populate roles based on configuration setting.
_simplesaml_auth_debug(t('User already registered [%authname] updating roles.', array('%authname' => $authname)));
- $roles = _simplesamlphp_auth_rolepopulation(variable_get('simplesamlphp_auth_rolepopulation', ''));
+ $roles = _simplesamlphp_auth_rolepopulation(variable_get('simplesamlphp_auth_rolepopulation', ''));
$userinfo = array('roles' => $roles);
// Save the updated roles and populate the user object.
@@ -285,9 +286,8 @@ function simplesamlphp_auth_init() {
$edit = array();
user_login_finalize($edit);
}
-
- } // End if !empty authname.
- } // End if isset saml_session.
+ }
+ }
}
else {
// The user is already logged into Drupal.
@@ -295,7 +295,8 @@ function simplesamlphp_auth_init() {
if (FALSE == variable_get('simplesamlphp_auth_allowdefaultlogin', TRUE)) {
// If the user has NOT been authenticated via simpleSAML...
if (!$_simplesamlphp_auth_as->isAuthenticated()) {
- // :FYI: Until Drupal issue #754560 is corrected this message will never be seen by the user.
+ // :FYI: Until Drupal issue #754560 is corrected this message will
+ // never be seen by the user.
drupal_set_message(t("We are sorry, users are not permitted to log in using local accounts."));
// Destroy the user's session (log them out).
_simplesamlphp_auth_destroy_drupal_session();
@@ -306,44 +307,45 @@ function simplesamlphp_auth_init() {
// If the user has NOT been authenticated via simpleSAML.
if (!$_simplesamlphp_auth_as->isAuthenticated()) {
- // See if we limit this privilege to specified users
- $strAllwDefLogUsers = variable_get('simplesamlphp_auth_allowdefaultloginusers', '');
- $arrAllwDefLogUsers = array();
+ // See if we limit this privilege to specified users.
+ $string_allow_def_log_users = variable_get('simplesamlphp_auth_allowdefaultloginusers', '');
+ $array_allow_def_log_users = array();
// See if we limit this privilege to specified roles.
- $arrAllwDefLogRoles = variable_get('simplesamlphp_auth_allowdefaultloginroles', array());
+ $array_allow_def_log_roles = variable_get('simplesamlphp_auth_allowdefaultloginroles', array());
- // If user IDs or roles are specified, we let them in, but everyone else gets logged out.
- if (drupal_strlen($strAllwDefLogUsers) || $arrAllwDefLogRoles) {
+ // If user IDs or roles are specified, we let them in. Everyone else
+ // gets logged out.
+ if (drupal_strlen($string_allow_def_log_users) || $array_allow_def_log_roles) {
// Convert the string into an array.
- // @todo Perform a test to make sure that only numbers, spaces, or commas are in the string.
- $arrAllwDefLogUsers = explode(',', $strAllwDefLogUsers);
+ // @todo Perform a test to make sure that only numbers, spaces, or
+ // commas are in the string.
+ $array_allow_def_log_users = explode(',', $string_allow_def_log_users);
// If we still have something to work with.
- if (0 < count($arrAllwDefLogUsers) || 0 < count($arrAllwDefLogRoles)) {
- /* Log the user out of Drupal if:
- 1) the current user's uid is NOT in the list of allowed uids...
- 2) or their role does not match and allowed mixed mode role. */
- $matchRoles = array_intersect(array_keys($user->roles), $arrAllwDefLogRoles);
- if (!in_array($user->uid, $arrAllwDefLogUsers) && count($matchRoles) == 0) {
- // User is logged into Drupal, but may not be logged into simpleSAML.
- // If this is the case we're supposed to log the user out of Drupal.
-
- // :FYI: Until Drupal issue #754560 is corrected this message will never be seen by the user.
- drupal_set_message(t("We are sorry, you are not permitted to log in using a local account."));
-
- // The least we can do is write something to the watchdog so someone will know what's happening.
+ if (0 < count($array_allow_def_log_users) || 0 < count($array_allow_def_log_roles)) {
+ // Log the user out of Drupal if:
+ // 1) the current user's uid is NOT in the list of allowed uids
+ // 2) or their role does not match and allowed mixed mode role.
+ $match_roles = array_intersect(array_keys($user->roles), $array_allow_def_log_roles);
+ if (!in_array($user->uid, $array_allow_def_log_users) && count($match_roles) == 0) {
+ // User is logged into Drupal, but may not be logged into
+ // simpleSAML. If this is the case we're supposed to log the
+ // user out of Drupal.
+ // :FYI: Until Drupal issue #754560 is corrected this message
+ // will never be seen by the user.
+ drupal_set_message(t('We are sorry, you are not permitted to log in using a local account.'));
+
+ // Write to the watchdog so someone will know what is happening.
watchdog('simplesamlphp_auth', 'User %name not authorized to log in using local account.', array('%name' => $user->name));
_simplesamlphp_auth_destroy_drupal_session();
}
}
-
- } // Test for specified users.
-
- } // End if $_simplesamlphp_auth_as->isAuthenticated().
- } // End test to see if we allow default logins.
- } // End if user->uid.
+ }
+ }
+ }
+ }
}
/**
@@ -382,7 +384,7 @@ function simplesamlphp_auth_user_insert(&$edit, $account, $category = NULL) {
try {
$mail_address = _simplesamlphp_auth_get_mail();
}
- catch (Exception $e) {
+ catch (Exception $e) {
drupal_set_message(t('Your e-mail address was not provided by your identity provider (IDP).'), "error");
watchdog('simplesamlphp_auth', $e->getMessage(), NULL, WATCHDOG_CRITICAL);
}
@@ -416,7 +418,8 @@ function simplesamlphp_auth_user_logout($account) {
$config = SimpleSAML_Configuration::getInstance();
- // :KLUDGE: for some reason Drupal is not killing the session, even if I were to call drupal_session_destroy_uid() here.
+ // :KLUDGE: for some reason Drupal is not killing the session, even if
+ // drupal_session_destroy_uid() is called here.
session_destroy();
$gotourl = base_path();
@@ -450,28 +453,30 @@ function simplesamlphp_auth_form_alter(&$form, $form_state, $form_id) {
}
if ($form_id == 'user_login_block') {
- $link = l('Federated Log In', 'saml_login');
- $links = $form['links']['#markup'];
- $links = str_replace('', '' . $link . '', $links);
+ $link = l(t('Federated Log In'), 'saml_login');
+ $links = $form['links']['#markup'];
+ $links = str_replace('', '' . $link . '', $links);
$form['links']['#markup'] = $links;
}
if ($form_id == 'user_account_form') {
- $link = l('Federated Log In', 'saml_login');
- $links = $form['links']['#markup'];
- $links = str_replace('', '' . $link . '', $links);
+ $link = l(t('Federated Log In'), 'saml_login');
+ $links = $form['links']['#markup'];
+ $links = str_replace('', '' . $link . '', $links);
$form['links']['#markup'] = $links;
}
- // If the user has a simplesamlphp_auth authmap record, then don't require them to know their Drupal password.
- // This will allow them to change their e-mail address, and set a Drupal password if they want to (and are allowed).
+ // If the user has a simplesamlphp_auth authmap record, then don't require
+ // them to know their Drupal password. This will allow them to change their
+ // e-mail address, and set a Drupal password if they want to and are allowed.
if ((isset($form['#user']->init) && $form['#user']->init) && (_simplesaml_auth_user_has_authmap($form['#user']->init) && $form_id == 'user_profile_form')) {
unset($form['account']['current_pass']);
unset($form['account']['current_pass_required_values']);
$form['#validate'] = array_diff($form['#validate'], array('user_validate_current_pass'));
- // If the user is a simplesamlphp_auth user and is NOT allowed to set their Drupal password, remove the fields from the form.
+ // If the user is a simplesamlphp_auth user and is NOT allowed to set their
+ // Drupal password, remove the fields from the form.
if (!variable_get('simplesamlphp_auth_allowsetdrupalpwd')) {
unset($form['account']['pass']);
}
@@ -491,8 +496,10 @@ function simplesamlphp_auth_block_view($delta = '') {
switch ($delta) {
case 0:
- $block = array('subject' => t('simpleSAMLphp login'),
- 'content' => _simplesamlphp_auth_generate_block_text());
+ $block = array(
+ 'subject' => t('simpleSAMLphp login'),
+ 'content' => _simplesamlphp_auth_generate_block_text(),
+ );
break;
}
return $block;
@@ -504,9 +511,9 @@ function simplesamlphp_auth_block_view($delta = '') {
function simplesamlphp_auth_block_info() {
$block = array(
array(
- 'info' => t('simpleSAMLphp authentication'),
+ 'info' => t('simpleSAMLphp authentication'),
'cache' => DRUPAL_NO_CACHE,
- )
+ ),
);
return $block;
}
@@ -516,60 +523,53 @@ function simplesamlphp_auth_block_info() {
****************************************************************************/
/**
- * Checks to see if authentication via SimpleSAMLphp should be activated
+ * Checks to see if authentication via SimpleSAMLphp should be activated.
*
- * @param bShowInactiveMsg
+ * @param bool $show_inactive_msg
* Whether to display the "module not activated" message
*
- * @return
+ * @return bool
* TRUE/FALSE
*/
-function _simplesamlphp_auth_isEnabled($bShowInactiveMsg=FALSE) {
- GLOBAL $user;
+function _simplesamlphp_auth_isEnabled($show_inactive_msg = FALSE) {
+ global $user;
- $failure = NULL;
- $isActivated = variable_get('simplesamlphp_auth_activate');
+ $failure = NULL;
+ $is_activated = variable_get('simplesamlphp_auth_activate');
$basedir = variable_get('simplesamlphp_auth_installdir', '/var/simplesamlphp');
- if (!$isActivated) {
- $adminPath = array_keys(simplesamlphp_auth_admin_paths());
- $failure = t('SimpleSAMLphp authentication is NOT yet activated. It can be activated on the ' . l('configuration page', $adminPath[0]) . '.');
-
+ if (!$is_activated) {
+ $admin_path = array_keys(simplesamlphp_auth_admin_paths());
+ $failure = t('SimpleSAMLphp authentication is NOT yet activated. It can be activated on the @admin_page.', array('@admin_page' => l(t('configuration page'), $admin_path[0])));
watchdog('simplesamlphp_auth', $failure, NULL, WATCHDOG_WARNING);
}
else {
-
// Make sure we know where SimpleSAMLphp is.
if (!file_exists($basedir)) {
$failure = t('SimpleSAMLphp could not be found at %basedir . The simplesamlphp_auth module cannot function until the path to the local SimpleSAMLphp instance is configured.', array('%basedir' => $basedir));
-
watchdog('simplesamlphp_auth', $failure, NULL, WATCHDOG_WARNING);
-
}
-
}
- // If there were no failures, then it should be activated
+ // If there were no failures, then it should be activated.
if (!$failure) {
return TRUE;
}
else {
- // communicate but don't be too annoying
- if ( $bShowInactiveMsg && (1 == $user->uid || user_access('access administration pages')) && ( preg_match('/admin\/people/', request_uri()) || preg_match('/admin\/modules/', request_uri()) || preg_match('/admin\/config/', request_uri()) ) ) {
- drupal_set_message($failure);
+ // Communicate but don't be too annoying.
+ if ($show_inactive_msg && (1 == $user->uid || user_access('access administration pages')) && (preg_match('/admin\/people/', request_uri()) || preg_match('/admin\/modules/', request_uri()) || preg_match('/admin\/config/', request_uri()))) {
+ drupal_set_message($failure);
}
}
-
return FALSE;
-
}
/**
* Gets the authname attribute from the SAML assertion.
*
- * @return
+ * @return string
* The authname attribute.
*/
function _simplesamlphp_auth_get_authname() {
@@ -593,7 +593,7 @@ function _simplesamlphp_auth_get_authname() {
/**
* Gets the default name attribute from the SAML assertion.
*
- * @return
+ * @return string
* The name attribute.
*/
function _simplesamlphp_auth_get_default_name($account) {
@@ -603,15 +603,16 @@ function _simplesamlphp_auth_get_default_name($account) {
$default_name = '';
// Check if valid local session exists..
- if ($_simplesamlphp_auth_as->isAuthenticated() ) {
+ if ($_simplesamlphp_auth_as->isAuthenticated()) {
$auth_user_name_attr = variable_get('simplesamlphp_auth_user_name', 'eduPersonPrincipalName');
if ((!isset($_simplesamlphp_auth_saml_attributes[$auth_user_name_attr])) ||
- (!isset($_simplesamlphp_auth_saml_attributes[$auth_user_name_attr][0])) ||
- ($_simplesamlphp_auth_saml_attributes[$auth_user_name_attr][0] == '')) {
+ (!isset($_simplesamlphp_auth_saml_attributes[$auth_user_name_attr][0])) ||
+ ($_simplesamlphp_auth_saml_attributes[$auth_user_name_attr][0] == '')
+ ) {
throw new Exception(t('There was no set attribute named "%auth_user_name_attr" returned for user %uid.',
array(
'%auth_user_name_attr' => $auth_user_name_attr,
- '%uid' => $account,
+ '%uid' => $account,
)));
}
$default_name = $_simplesamlphp_auth_saml_attributes[$auth_user_name_attr][0];
@@ -622,7 +623,7 @@ function _simplesamlphp_auth_get_default_name($account) {
/**
* Gets the mail attribute.
*
- * @return
+ * @return string
* The mail attribute.
*/
function _simplesamlphp_auth_get_mail() {
@@ -669,10 +670,10 @@ function _simplesamlphp_auth_generate_block_text() {
// Check if valid local session exists..
if ($_simplesamlphp_auth_as->isAuthenticated()) {
- $block_content .= 'Logged in as: ' . $user->name . '
' . l('Log Out', 'user/logout') . '
';
+ $block_content .= 'Logged in as: ' . $user->name . '
' . l(t('Log Out'), 'user/logout') . '
';
}
else {
- $block_content .= '' . l('Federated Log In', 'saml_login') . '
';
+ $block_content .= '' . l(t('Federated Log In'), 'saml_login') . '
';
}
return $block_content;
@@ -681,16 +682,20 @@ function _simplesamlphp_auth_generate_block_text() {
/**
* Evaluates a role rule.
*
- * @param $roleruleevaluation
+ * @param array $roleruleevaluation
* An array containing the role rule to evaluate.
- * @param $attributes
+ * @param array $attributes
* An array containing the identity attributes.
*
- * @return
+ * @return array
* An array containing role value and the attribute, or FALSE.
*/
function _simplesamlphp_auth_evaulaterolerule($roleruleevaluation, $attributes) {
- _simplesaml_auth_debug(t('Evaluate rule (key=%key,operator=%op,value=%val)', array('%key' => $roleruleevaluation[0], '%op' => $roleruleevaluation[1], '%val' => $roleruleevaluation[2])));
+ _simplesaml_auth_debug(t('Evaluate rule (key=%key,operator=%op,value=%val)', array(
+ '%key' => $roleruleevaluation[0],
+ '%op' => $roleruleevaluation[1],
+ '%val' => $roleruleevaluation[2],
+ )));
if (!array_key_exists($roleruleevaluation[0], $attributes)) {
return FALSE;
@@ -698,10 +703,10 @@ function _simplesamlphp_auth_evaulaterolerule($roleruleevaluation, $attributes)
$attribute = $attributes[$roleruleevaluation[0]];
switch ($roleruleevaluation[1]) {
- case '=' :
+ case '=':
return in_array($roleruleevaluation[2], $attribute);
- case '@=' :
+ case '@=':
$dc = explode('@', $attribute[0]);
if (count($dc) != 2) {
return FALSE;
@@ -715,10 +720,10 @@ function _simplesamlphp_auth_evaulaterolerule($roleruleevaluation, $attributes)
/**
* Performs role population.
*
- * @param $rolemap
+ * @param array $rolemap
* A string containing the role map.
*
- * @return
+ * @return array
* An array containing user's roles.
*/
function _simplesamlphp_auth_rolepopulation($rolemap) {
@@ -732,22 +737,24 @@ function _simplesamlphp_auth_rolepopulation($rolemap) {
if ($_simplesamlphp_auth_as->isAuthenticated()) {
$attributes = $_simplesamlphp_auth_saml_attributes;
- if (empty($rolemap)) return $roles;
+ if (empty($rolemap)) {
+ return $roles;
+ }
_simplesaml_auth_debug(t('Evaluate rolemap: %rolemap', array('%rolemap' => $rolemap)));
$rolerules = explode('|', $rolemap);
- foreach ($rolerules AS $rolerule) {
+ foreach ($rolerules as $rolerule) {
_simplesaml_auth_debug(t('Evaluate role rule: %rolerule', array('%rolerule' => $rolerule)));
$roleruledecompose = explode(':', $rolerule);
- $roleid = $roleruledecompose[0];
+ $roleid = $roleruledecompose[0];
$roleruleevaluations = explode(';', $roleruledecompose[1]);
$addnew = TRUE;
- foreach ($roleruleevaluations AS $roleruleevaluation) {
+ foreach ($roleruleevaluations as $roleruleevaluation) {
_simplesaml_auth_debug(t('Evaluate role evaulation: %roleruleeval', array('%roleruleeval' => $roleruleevaluation)));
@@ -767,7 +774,7 @@ function _simplesamlphp_auth_rolepopulation($rolemap) {
}
/**
- * See if the user has an authmap record for simplesamlphp_auth
+ * See if the user has an authmap record for simplesamlphp_auth.
*/
function _simplesaml_auth_user_has_authmap($authname) {
$authmaps = user_get_authmaps($authname);
@@ -783,14 +790,14 @@ function _simplesaml_auth_user_has_authmap($authname) {
}
/**
- * This helper function is used by developers to debug the form API workflow in this module.
+ * Debug the form API workflow.
*/
function _simplesaml_auth_debug($message) {
watchdog('simplesamlphp', $message, NULL, WATCHDOG_DEBUG);
}
/**
- * Helper function for logging out a user that is has a active session in Drupal but not with simpleSAML.
+ * Logged out user that has an active session in Drupal but not with simpleSAML.
*/
function _simplesamlphp_auth_destroy_drupal_session() {
global $user;
@@ -800,8 +807,8 @@ function _simplesamlphp_auth_destroy_drupal_session() {
// Destroy the current session:
session_destroy();
// Only variables can be passed by reference workaround.
- $NULL = NULL;
- user_module_invoke('logout', $NULL, $user);
+ $null = NULL;
+ user_module_invoke('logout', $null, $user);
// Load the anonymous user.
$user = drupal_anonymous_user();
@@ -816,7 +823,7 @@ function _simplesamlphp_auth_destroy_drupal_session() {
/**
* Determine if the current user is authenticated through SAML.
*
- * @return
+ * @return bool
* TRUE if the current user is authenticated through SAML. FALSE otherwise.
*/
function simplesamlphp_auth_is_authenticated() {
@@ -825,8 +832,8 @@ function simplesamlphp_auth_is_authenticated() {
// Assume that the user isn't authenticated until proven otherwise.
$authenticated = FALSE;
- // If the associated global variable exists, and the auth flag is set, note it.
- if (isset($_simplesamlphp_auth_as) && $_simplesamlphp_auth_as->isAuthenticated()) {
+ // If the global variable exists, and the auth flag is set, note it.
+ if (isset($_simplesamlphp_auth_as) &&$_simplesamlphp_auth_as->isAuthenticated()) {
$authenticated = TRUE;
}
@@ -837,11 +844,11 @@ function simplesamlphp_auth_is_authenticated() {
/**
* Return any attributes provided by the SAML IDP.
*
- * @param $attribute
+ * @param string $attribute
* The attribute whose value to return. Can be skipped if all attribute
* values are requested.
*
- * @return
+ * @return array
* If an attribute was provided, the value of the attribute is returned.
* Otherwise, an array of all attribute values is returned, keyed by
* attribute.
@@ -874,7 +881,6 @@ function simplesamlphp_auth_get_attributes($attribute = NULL) {
}
}
- // Return whatever we've got.`
+ // Return whatever we've got.
return $result;
}
-
diff --git a/simplesamlphp_auth.rules.inc b/simplesamlphp_auth.rules.inc
index 9d25d69..066978f 100644
--- a/simplesamlphp_auth.rules.inc
+++ b/simplesamlphp_auth.rules.inc
@@ -6,7 +6,7 @@
*/
/**
- * Implementation of hook_rules_event_info().
+ * Implements hook_rules_event_info().
* @ingroup rules
*/
function simplesamlphp_auth_rules_event_info() {
@@ -14,7 +14,7 @@ function simplesamlphp_auth_rules_event_info() {
'group' => t('User'),
'module' => 'simplesamlphp_auth',
);
-
+
return array(
'simplesamlphp_auth_rules_event_register' => $defaults + array(
'label' => t('After registering a new user account via simpleSAMLphp'),