/** * Take some actions during the login event of a user * * @param string $event the name of the event * @param string $type type of the event * @param ElggUser $object the current user trying to login * * @return void */ public static function loginEvent($event, $type, $object) { if (!$object instanceof \ElggUser) { return; } $saml_attributes = simplesaml_get_from_session('saml_attributes'); $source = simplesaml_get_from_session('saml_source'); // simplesaml login? if (!isset($saml_attributes) || !isset($source)) { return; } // source enabled if (!simplesaml_is_enabled_source($source)) { return; } // validate additional authentication rules if (!simplesaml_validate_authentication_attributes($source, $saml_attributes)) { return; } // link the user to this source $saml_uid = elgg_extract('elgg:external_id', $saml_attributes); if (!empty($saml_uid)) { if (is_array($saml_uid)) { $saml_uid = $saml_uid[0]; } // save the external id so the next login will go faster simplesaml_link_user($object, $source, $saml_uid); } // save the attributes to the user simplesaml_save_authentication_attributes($object, $source, $saml_attributes); // save source name for single logout simplesaml_store_in_session('saml_login_source', $source); // cleanup simplesaml_remove_from_session('saml_attributes'); simplesaml_remove_from_session('saml_source'); }
} simplesaml_link_user($user, $source, $saml_uid); } // save attributes simplesaml_save_authentication_attributes($user, $source, $saml_attributes); // restore hidden setting access_show_hidden_entities($hidden); // notify user about registration system_message(elgg_echo('registerok', [elgg_get_site_entity()->name])); // cleanup session simplesaml_remove_from_session('saml_source'); simplesaml_remove_from_session('saml_attributes'); // try to login the user try { // check for the persistent login plugin setting $persistent = false; if (elgg_get_plugin_setting($source . '_remember_me', 'simplesaml')) { $persistent = true; } // login the user login($user); // get forward url $forward_url = simplesaml_get_from_session('last_forward_from', ''); simplesaml_remove_from_session('last_forward_from'); } catch (Exception $e) { // make sure we don't force login simplesaml_store_in_session('simplesaml_disable_sso', true); $forward_url = ''; } } forward($forward_url);
login($user, $persistent); // forward to correct place $forward_url = simplesaml_get_from_session('last_forward_from', ''); simplesaml_remove_from_session('last_forward_from'); system_message(elgg_echo('loginok')); } catch (Exception $e) { // report the error register_error($e->getMessage()); // make sure we don't force login simplesaml_store_in_session('simplesaml_disable_sso', true); // forward to front page $forward_url = ''; } // unset session vars simplesaml_remove_from_session('saml_attributes'); simplesaml_remove_from_session('saml_source'); } else { // check if we can automaticly create an account for this user if (simplesaml_check_auto_create_account($source, $saml_attributes)) { // we have enough information to create the account so let's do that $forward_url = "action/simplesaml/register?saml_source={$source}"; $forward_url = elgg_add_action_tokens_to_url($forward_url); } else { // no user found, so forward to a different page $forward_url = "saml/no_linked_account/{$source}"; system_message(elgg_echo('simplesaml:login:no_linked_account', [$label])); } } // restore hidden settings access_show_hidden_entities($hidden); }