| 1 |
efrain |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
// Designed to be redirected from moodle/login/index.php
|
|
|
4 |
|
|
|
5 |
require('../../config.php');
|
|
|
6 |
|
|
|
7 |
$context = context_system::instance();
|
|
|
8 |
$PAGE->set_url('/auth/shibboleth/index.php');
|
|
|
9 |
$PAGE->set_context($context);
|
|
|
10 |
|
|
|
11 |
// Support for WAYFless URLs.
|
|
|
12 |
$target = optional_param('target', '', PARAM_LOCALURL);
|
|
|
13 |
if (!empty($target) && empty($SESSION->wantsurl)) {
|
|
|
14 |
$SESSION->wantsurl = $target;
|
|
|
15 |
}
|
|
|
16 |
|
|
|
17 |
if (isloggedin() && !isguestuser()) { // Nothing to do
|
|
|
18 |
if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
|
|
|
19 |
$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
|
|
|
20 |
unset($SESSION->wantsurl);
|
|
|
21 |
|
|
|
22 |
} else {
|
|
|
23 |
$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
|
|
|
24 |
unset($SESSION->wantsurl); /// Just in case
|
|
|
25 |
}
|
|
|
26 |
|
|
|
27 |
redirect($urltogo);
|
|
|
28 |
|
|
|
29 |
}
|
|
|
30 |
|
|
|
31 |
$pluginconfig = get_config('auth_shibboleth');
|
|
|
32 |
$shibbolethauth = get_auth_plugin('shibboleth');
|
|
|
33 |
|
|
|
34 |
// Check whether Shibboleth is configured properly
|
|
|
35 |
$readmeurl = (new moodle_url('/auth/shibboleth/README.txt'))->out();
|
|
|
36 |
if (empty($pluginconfig->user_attribute)) {
|
|
|
37 |
throw new \moodle_exception('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl);
|
|
|
38 |
}
|
|
|
39 |
|
|
|
40 |
/// If we can find the Shibboleth attribute, save it in session and return to main login page
|
|
|
41 |
if (!empty($_SERVER[$pluginconfig->user_attribute])) { // Shibboleth auto-login
|
|
|
42 |
$frm = new stdClass();
|
|
|
43 |
$frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
|
|
|
44 |
// The password is never actually used, but needs to be passed to the functions 'user_login' and
|
|
|
45 |
// 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is
|
|
|
46 |
// used when setting the password in 'update_internal_user_password'. When 'prevent_local_password'
|
|
|
47 |
// returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However,
|
|
|
48 |
// rather than setting the password to a hard-coded value, we will generate one each time, in case there are
|
|
|
49 |
// changes to the Shibboleth plugin and it is actually used.
|
|
|
50 |
$frm->password = generate_password(8);
|
|
|
51 |
|
|
|
52 |
/// Check if the user has actually submitted login data to us
|
|
|
53 |
$reason = null;
|
|
|
54 |
|
|
|
55 |
if ($shibbolethauth->user_login($frm->username, $frm->password)
|
|
|
56 |
&& $user = authenticate_user_login($frm->username, $frm->password, false, $reason, false)) {
|
|
|
57 |
complete_user_login($user);
|
|
|
58 |
|
|
|
59 |
if (user_not_fully_set_up($USER, true)) {
|
|
|
60 |
$urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&course='.SITEID;
|
|
|
61 |
// We don't delete $SESSION->wantsurl yet, so we get there later
|
|
|
62 |
|
|
|
63 |
} else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
|
|
|
64 |
$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
|
|
|
65 |
unset($SESSION->wantsurl);
|
|
|
66 |
|
|
|
67 |
} else {
|
|
|
68 |
$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
|
|
|
69 |
unset($SESSION->wantsurl); /// Just in case
|
|
|
70 |
}
|
|
|
71 |
|
|
|
72 |
/// Go to my-moodle page instead of homepage if defaulthomepage enabled
|
|
|
73 |
if (!has_capability('moodle/site:config',
|
|
|
74 |
context_system::instance()) and !empty($CFG->defaulthomepage) and !isguestuser()) {
|
|
|
75 |
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
|
|
|
76 |
if ($CFG->defaulthomepage == HOMEPAGE_MY && !empty($CFG->enabledashboard)) {
|
|
|
77 |
$urltogo = $CFG->wwwroot.'/my/';
|
|
|
78 |
} else if ($CFG->defaulthomepage == HOMEPAGE_MYCOURSES) {
|
|
|
79 |
$urltogo = $CFG->wwwroot.'/my/courses.php';
|
|
|
80 |
}
|
|
|
81 |
}
|
|
|
82 |
}
|
|
|
83 |
|
|
|
84 |
redirect($urltogo);
|
|
|
85 |
|
|
|
86 |
exit;
|
|
|
87 |
}
|
|
|
88 |
|
|
|
89 |
else {
|
|
|
90 |
// The Shibboleth user couldn't be mapped to a valid Moodle user
|
|
|
91 |
throw new \moodle_exception('shib_invalid_account_error', 'auth_shibboleth');
|
|
|
92 |
}
|
|
|
93 |
}
|
|
|
94 |
|
|
|
95 |
// If we can find any (user independent) Shibboleth attributes but no user
|
|
|
96 |
// attributes we probably didn't receive any user attributes
|
|
|
97 |
elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
|
|
|
98 |
throw new \moodle_exception('shib_no_attributes_error', 'auth_shibboleth' , '',
|
|
|
99 |
'\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.
|
|
|
100 |
$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
|
|
|
101 |
} else {
|
|
|
102 |
throw new \moodle_exception('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl);
|
|
|
103 |
}
|