108 lines
3.5 KiB
PHP
108 lines
3.5 KiB
PHP
<?php
|
|
/** DomFramework
|
|
* @package domframework
|
|
* @author Dominique Fournier <dominique@fournier38.fr>
|
|
* @license BSD
|
|
*/
|
|
|
|
namespace Domframework;
|
|
|
|
require_once ("domframework/auth.php");
|
|
|
|
/** User authentication against Shibboleth */
|
|
class authshibboleth extends auth
|
|
{
|
|
/** The Lastname parameter returned by Shibboleth server */
|
|
public $lastnameParam = "sn";
|
|
/** The Firstname parameter returned by Shibboleth server */
|
|
public $firstnameParam = "givenName";
|
|
/** The mail parameter returned by Shibboleth server */
|
|
public $mailParam = "mail";
|
|
/** The others parameters returned by Shibboleth server */
|
|
public $otherFields = array ("ou", "o");
|
|
/** The optional URL use to authenticate the users */
|
|
public $urlAuthentificated = "";
|
|
/** The optional URL to disconnect the users */
|
|
public $urlLogout = "";
|
|
/** The optional URL to change the user password */
|
|
public $urlPasswd = "";
|
|
|
|
/** No connection to shibboleth */
|
|
public function connect ()
|
|
{
|
|
return TRUE;
|
|
}
|
|
|
|
/** Try to authenticate the email/password of the user
|
|
@param string $email Email to authenticate
|
|
@param string $password Password to authenticate */
|
|
public function authentication ($email, $password)
|
|
{
|
|
if (!isset ($_SERVER["mail"]))
|
|
{
|
|
if ($this->urlAuthentificated !== "")
|
|
{
|
|
$route = new route ();
|
|
$route->redirect ($this->urlAuthentificated);
|
|
}
|
|
throw new Exception ("Unable to authenticate user '$email'", 401);
|
|
}
|
|
}
|
|
|
|
/** Return all the parameters recorded for the authenticate user */
|
|
public function getdetails ()
|
|
{
|
|
if (! isset ($_SERVER[$this->mailParam]))
|
|
return array ("lastname"=>"anonymous",
|
|
"firstname"=>"",
|
|
"email"=>"anonymous");
|
|
$res = array ("lastname"=>$_SERVER[$this->lastnameParam],
|
|
"firstname"=>$_SERVER[$this->firstnameParam],
|
|
"email"=>$_SERVER[$this->mailParam]);
|
|
foreach ($this->otherFields as $field)
|
|
{
|
|
if (array_key_exists ($field, $_SERVER))
|
|
$res[$field] = $_SERVER[$field];
|
|
}
|
|
return $res;
|
|
}
|
|
|
|
/** Method to change the password : unavailable in SESSION auth
|
|
@param string $oldpassword The old password (to check if the user have the
|
|
rights to change the password)
|
|
@param string $newpassword The new password to be recorded */
|
|
public function changepassword ($oldpassword, $newpassword)
|
|
{
|
|
// Redirect to Shibboleth IDP
|
|
if ($this->urlPasswdChange == "")
|
|
throw new Exception (dgettext ("domframework",
|
|
"The password can't be change for Shibboleth users"),
|
|
405);
|
|
$route = new route ();
|
|
$route->redirect ($this->urlPasswdChange);
|
|
}
|
|
|
|
/** Method to overwrite the password (without oldpassword check)
|
|
Must be reserved to the administrators. For the users, use changepassword
|
|
method
|
|
@param string $email the user identifier to select
|
|
@param string $newpassword The new password to be recorded */
|
|
public function overwritepassword ($email, $newpassword)
|
|
{
|
|
throw new exception (dgettext ("domframework",
|
|
"The password can't be overwrite for Shibboleth users"),
|
|
405);
|
|
}
|
|
|
|
/** Remove the information from the session */
|
|
public function logout ()
|
|
{
|
|
// Redirect to Shibboleth IDP
|
|
if ($this->urlLogout === "")
|
|
throw new \Exception (dgettext ("domframework",
|
|
"Shibboleth is not configured to allow logout"), 405);
|
|
$route = new route ();
|
|
$route->redirect ($this->urlLogout);
|
|
}
|
|
}
|