Dominique Fournier
7be2692c91
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2702 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
96 lines
3.1 KiB
PHP
96 lines
3.1 KiB
PHP
<?php
|
|
/** DomFramework
|
|
@package domframework
|
|
@author Dominique Fournier <dominique@fournier38.fr> */
|
|
|
|
/** User authentication against Shibboleth */
|
|
class authshibboleth extends auth
|
|
{
|
|
/** The parameters returned by Shibboleth server */
|
|
public $lastnameParam = "sn";
|
|
public $firstnameParam = "givenname";
|
|
public $mailParam = "mail";
|
|
public $otherFields = array ("ou", "o");
|
|
public $urlAuthentificated = "";
|
|
public $urlLogout = "";
|
|
public $urlPasswd = "";
|
|
|
|
/** No connection to shibboleth */
|
|
public function connect ()
|
|
{
|
|
return TRUE;
|
|
}
|
|
|
|
/** Try to authenticate the email/password of the user
|
|
@param string $email Email to authenticate
|
|
@param string $password Password to authenticate */
|
|
public function authentication ($email, $password)
|
|
{
|
|
if (!isset ($_SERVER["mail"]))
|
|
{
|
|
if ($this->urlAuthentificated !== "")
|
|
{
|
|
$route = new route ();
|
|
$route->redirect ($this->urlAuthentificated);
|
|
}
|
|
throw new Exception ("Unable to authenticate user '$email'", 401);
|
|
}
|
|
}
|
|
|
|
/** Return all the parameters recorded for the authenticate user */
|
|
public function getdetails ()
|
|
{
|
|
if (! isset ($_SERVER[$this->mailParam]))
|
|
return array ("lastname"=>"anonymous",
|
|
"firstname"=>"",
|
|
"email"=>"anonymous");
|
|
$res = array ("lastname"=>$_SERVER[$this->lastnameParam],
|
|
"firstname"=>$_SERVER[$this->firstnameParam],
|
|
"email"=>$_SERVER[$this->mailParam]);
|
|
foreach ($this->otherFields as $field)
|
|
{
|
|
if (array_key_exists ($field, $_SERVER))
|
|
$res[$field] = $_SERVER[$field];
|
|
}
|
|
return $res;
|
|
}
|
|
|
|
/** Method to change the password : unavailable in SESSION auth
|
|
@param string $oldpassword The old password (to check if the user have the
|
|
rights to change the password)
|
|
@param string $newpassword The new password to be recorded */
|
|
public function changepassword ($oldpassword, $newpassword)
|
|
{
|
|
// Redirect to Shibboleth IDP
|
|
if ($this->urlPasswdChange == "")
|
|
throw new Exception (dgettext("domframework",
|
|
"The password can't be change for Shibboleth users"),
|
|
405);
|
|
$route = new route ();
|
|
$route->redirect ($this->urlPasswdChange);
|
|
}
|
|
|
|
/** Method to overwrite the password (without oldpassword check)
|
|
Must be reserved to the administrators. For the users, use changepassword
|
|
method
|
|
@param string $email the user identifier to select
|
|
@param string $newpassword The new password to be recorded */
|
|
public function overwritepassword ($email, $newpassword)
|
|
{
|
|
throw new exception (dgettext("domframework",
|
|
"The password can't be overwrite for Shibboleth users"),
|
|
405);
|
|
}
|
|
|
|
/** Remove the information from the session */
|
|
public function logout ()
|
|
{
|
|
// Redirect to Shibboleth IDP
|
|
if ($this->urlLogout === "")
|
|
throw new \Exception (_("Shibboleth is not configured to allow logout"),
|
|
405);
|
|
$route = new route ();
|
|
$route->redirect ($this->urlLogout);
|
|
}
|
|
}
|