/**
* {@inheritdoc}
*/
public function buildForm(array $form, FormStateInterface $form_state)
{
$config = $this->config('cas.settings');
$form['server'] = array('#type' => 'details', '#title' => $this->t('CAS Server'), '#open' => TRUE, '#tree' => TRUE);
$form['server']['version'] = array('#type' => 'radios', '#title' => $this->t('Version'), '#options' => array('1.0' => $this->t('1.0'), '2.0' => $this->t('2.0 or higher'), 'S1' => $this->t('SAML Version 1.1')), '#default_value' => $config->get('server.version'));
$form['server']['hostname'] = array('#type' => 'textfield', '#title' => $this->t('Hostname'), '#description' => $this->t('Hostname or IP Address of the CAS server.'), '#size' => 30, '#default_value' => $config->get('server.hostname'));
$form['server']['port'] = array('#type' => 'textfield', '#title' => $this->t('Port'), '#size' => 5, '#description' => $this->t('443 is the standard SSL port. 8443 is the standard non-root port for Tomcat.'), '#default_value' => $config->get('server.port'));
$form['server']['path'] = array('#type' => 'textfield', '#title' => $this->t('URI'), '#description' => $this->t('If CAS is not at the root of the host, include a URI (e.g., /cas).'), '#size' => 30, '#default_value' => $config->get('server.path'));
$form['server']['cert'] = array('#type' => 'textfield', '#title' => $this->t('Certificate Authority PEM Certificate'), '#description' => $this->t('The PEM certificate of the Certificate Authority that issued the certificate of the CAS server. If omitted, the certificate authority will not be verified.'), '#default_value' => $config->get('server.cert'));
$form['gateway'] = array('#type' => 'details', '#title' => $this->t('Gateway Feature (Auto Login)'), '#open' => FALSE, '#tree' => TRUE, '#description' => $this->t('This implements the <a href="@cas-gateway">Gateway feature</a> of the CAS Protocol. ' . 'When enabled, Drupal will check if a visitor is already logged into your CAS server before ' . 'serving a page request. If they have an active CAS session, they will be automatically ' . 'logged into the Drupal site. This is done by quickly redirecting them to the CAS server to perform the ' . 'active session check, and then redirecting them back to page they initially requested.', array('@cas-gateway' => 'https://wiki.jasig.org/display/CAS/gateway')));
$form['gateway']['check_frequency'] = array('#type' => 'radios', '#title' => $this->t('Check Frequency'), '#default_value' => $config->get('gateway.check_frequency'), '#options' => array(CasHelper::CHECK_NEVER => 'Disable gateway feature', CasHelper::CHECK_ONCE => 'Once per browser session', CasHelper::CHECK_ALWAYS => 'Every page load (not recommended)'));
$this->gatewayPaths->setConfiguration($config->get('gateway.paths'));
$form['gateway']['paths'] = $this->gatewayPaths->buildConfigurationForm(array(), $form_state);
$form['forced_login'] = array('#type' => 'details', '#title' => $this->t('Forced Login'), '#open' => FALSE, '#tree' => TRUE, '#description' => $this->t('Anonymous users will be forced to login through CAS when enabled. ' . 'This differs from the "gateway feature" in that it will REQUIRE that a user be logged in to their CAS ' . 'account, instead of just checking if they already are.'));
$form['forced_login']['enabled'] = array('#type' => 'checkbox', '#title' => $this->t('Enable'), '#description' => $this->t('When enabled, every path will force a CAS login, unless specific pages are listed.'), '#default_value' => $config->get('forced_login.enabled'));
$this->forcedLoginPaths->setConfiguration($config->get('forced_login.paths'));
$form['forced_login']['paths'] = $this->forcedLoginPaths->buildConfigurationForm(array(), $form_state);
$form['user_accounts'] = array('#type' => 'details', '#title' => $this->t('User Account Handling'), '#open' => FALSE, '#tree' => TRUE);
$form['user_accounts']['auto_register'] = array('#type' => 'checkbox', '#title' => $this->t('Auto Register Users'), '#description' => $this->t('Enable to automatically create local Drupal accounts for first-time CAS logins. ' . 'If disabled, users must be pre-registered before being allowed to log in.'), '#default_value' => $config->get('user_accounts.auto_register'));
$form['redirection'] = array('#type' => 'details', '#title' => $this->t('Redirection'), '#open' => FALSE, '#tree' => TRUE);
$form['redirection']['logout_destination'] = array('#type' => 'textfield', '#title' => $this->t('Logout destination'), '#description' => $this->t('Drupal path or URL. Enter a destination if you want the CAS Server to ' . 'redirect the user after logging out of CAS.'), '#default_value' => $config->get('redirection.logout_destination'));
$form['proxy'] = array('#type' => 'details', '#title' => $this->t('Proxy'), '#open' => FALSE, '#tree' => TRUE, '#description' => $this->t('These options relate to the proxy feature of the CAS protocol, ' . 'including configuring this client as a proxy and configuring ' . 'this client to accept proxied connections from other clients.'));
$form['proxy']['initialize'] = array('#type' => 'checkbox', '#title' => $this->t('Initialize this client as a proxy?'), '#description' => $this->t('Initializing this client as a proxy allows it to access ' . 'CAS-protected resources from other clients that have been ' . 'configured to accept it as a proxy.'), '#default_value' => $config->get('proxy.initialize'));
$form['proxy']['can_be_proxied'] = array('#type' => 'checkbox', '#title' => $this->t('Allow this client to be proxied?'), '#description' => $this->t('Allow other CAS clients to access this site\'s resources via the ' . 'CAS proxy protocol. You will need to configure a list of allowed ' . 'proxies below.'), '#default_value' => $config->get('proxy.can_be_proxied'));
$form['proxy']['proxy_chains'] = array('#type' => 'textarea', '#title' => $this->t('Allowed proxy chains'), '#description' => $this->t('A list of proxy chains to allow proxy connections from. Each line ' . 'is a chain, and each chain is a whitespace delimited list of ' . 'URLs for an allowed proxy in the chain, listed from most recent ' . '(left) to first (right). Each URL in the chain can be either a ' . 'plain URL or a URL-matching regular expression (delimited only by ' . 'slashes). Only if the proxy list returned by the CAS Server exactly ' . 'matches a chain in this list will a proxy connection be allowed.'), '#default_value' => $config->get('proxy.proxy_chains'));
$form['debugging'] = array('#type' => 'details', '#title' => $this->t('Debugging'), '#open' => FALSE, '#tree' => TRUE, '#description' => $this->t('These options are for debugging only, and are not meant to be used ' . 'in normal production usage.'));
$form['debugging']['log'] = array('#type' => 'checkbox', '#title' => $this->t('Log debug information?'), '#description' => $this->t('This is not meant for production sites! Enable this to log debug ' . 'information about the interactions with the CAS Server to the ' . 'Drupal log.'), '#default_value' => $config->get('debugging.log'));
return parent::buildForm($form, $form_state);
}
/**
* {@inheritdoc}
*/
public function buildForm(array $form, FormStateInterface $form_state)
{
$config = $this->config('cas.settings');
$form['server'] = array('#type' => 'details', '#title' => $this->t('CAS Server'), '#open' => TRUE, '#tree' => TRUE);
$form['server']['version'] = array('#type' => 'radios', '#title' => $this->t('Version'), '#options' => array('1.0' => $this->t('1.0'), '2.0' => $this->t('2.0 or higher')), '#default_value' => $config->get('server.version'));
$form['server']['hostname'] = array('#type' => 'textfield', '#title' => $this->t('Hostname'), '#description' => $this->t('Hostname or IP Address of the CAS server.'), '#size' => 30, '#default_value' => $config->get('server.hostname'));
$form['server']['port'] = array('#type' => 'textfield', '#title' => $this->t('Port'), '#size' => 5, '#description' => $this->t('443 is the standard SSL port. 8443 is the standard non-root port for Tomcat.'), '#default_value' => $config->get('server.port'));
$form['server']['path'] = array('#type' => 'textfield', '#title' => $this->t('URI'), '#description' => $this->t('If CAS is not at the root of the host, include a URI (e.g., /cas).'), '#size' => 30, '#default_value' => $config->get('server.path'));
$form['server']['verify'] = array('#type' => 'radios', '#title' => 'SSL Verification', '#description' => $this->t('Choose an appropriate option for verifying the certificate of your CAS server.'), '#options' => array(CasHelper::CA_DEFAULT => $this->t('Verify using web server\'s default certificates.'), CasHelper::CA_NONE => $this->t('Do not verify CAS server. (Note: this should NEVER be used in production.)'), CasHelper::CA_CUSTOM => $this->t('Verify using a custom certificate in the local filesystem. Use the field below to provide path.')), '#default_value' => $config->get('server.verify'));
$form['server']['cert'] = array('#type' => 'textfield', '#title' => $this->t('Custom Certificate Authority PEM Certificate'), '#description' => $this->t('The PEM certificate of the Certificate Authority that issued the certificate on the CAS server, used only with the custom certificate option above.'), '#default_value' => $config->get('server.cert'), '#states' => array('visible' => array(':input[name="server[verify]"]' => array('value' => CasHelper::CA_CUSTOM))));
$form['gateway'] = array('#type' => 'details', '#title' => $this->t('Gateway Feature (Auto Login)'), '#open' => FALSE, '#tree' => TRUE, '#description' => $this->t('This implements the <a href="@cas-gateway">Gateway feature</a> of the CAS Protocol. ' . 'When enabled, Drupal will check if a visitor is already logged into your CAS server before ' . 'serving a page request. If they have an active CAS session, they will be automatically ' . 'logged into the Drupal site. This is done by quickly redirecting them to the CAS server to perform the ' . 'active session check, and then redirecting them back to page they initially requested.<br/><br/>' . 'If enabled, all pages on your site will trigger this feature. You can instead enable ' . 'this feature for only specific pages by listing them below.<br/><br/>' . '<strong>WARNING:</strong> This feature is NOT compatible with the Internal Page Cache module or external ' . 'page caching software like Varnish.', array('@cas-gateway' => 'https://wiki.jasig.org/display/CAS/gateway')));
$form['gateway']['check_frequency'] = array('#type' => 'radios', '#title' => $this->t('Check Frequency'), '#default_value' => $config->get('gateway.check_frequency'), '#options' => array(CasHelper::CHECK_NEVER => 'Disable gateway feature', CasHelper::CHECK_ONCE => 'Once per browser session', CasHelper::CHECK_ALWAYS => 'Every page load (not recommended)'));
$this->gatewayPaths->setConfiguration($config->get('gateway.paths'));
$form['gateway']['paths'] = $this->gatewayPaths->buildConfigurationForm(array(), $form_state);
$form['forced_login'] = array('#type' => 'details', '#title' => $this->t('Forced Login'), '#open' => FALSE, '#tree' => TRUE, '#description' => $this->t('Anonymous users will be forced to login through CAS when enabled. ' . 'This differs from the "gateway feature" in that it will REQUIRE that a user be logged in to their CAS ' . 'account, instead of just checking if they already are.<br/><br/>' . '<strong>WARNING:</strong> This feature is NOT compatible with the Internal Page Cache module or external ' . 'page caching software like Varnish.'));
$form['forced_login']['enabled'] = array('#type' => 'checkbox', '#title' => $this->t('Enable'), '#description' => $this->t('When enabled, every path will force a CAS login, unless specific pages are listed below.'), '#default_value' => $config->get('forced_login.enabled'));
$this->forcedLoginPaths->setConfiguration($config->get('forced_login.paths'));
$form['forced_login']['paths'] = $this->forcedLoginPaths->buildConfigurationForm(array(), $form_state);
$form['user_accounts'] = array('#type' => 'details', '#title' => $this->t('User Account Handling'), '#open' => FALSE, '#tree' => TRUE);
$form['user_accounts']['auto_register'] = array('#type' => 'checkbox', '#title' => $this->t('Auto Register Users'), '#description' => $this->t('Enable to automatically create local Drupal accounts for first-time CAS logins. ' . 'If disabled, users must be pre-registered before being allowed to log in.'), '#default_value' => $config->get('user_accounts.auto_register'));
$auto_assigned_roles = $config->get('user_accounts.auto_assigned_roles');
$form['user_accounts']['auto_assigned_roles_enable'] = array('#type' => 'checkbox', '#title' => t('Automatically assign roles on user registration'), '#default_value' => count($auto_assigned_roles) > 0, '#states' => array('invisible' => array('input[name="user_accounts[auto_register]"]' => array('checked' => FALSE))));
$roles = user_role_names(TRUE);
unset($roles[RoleInterface::AUTHENTICATED_ID]);
$form['user_accounts']['auto_assigned_roles'] = array('#type' => 'select', '#multiple' => TRUE, '#title' => t('Roles'), '#description' => t('The selected roles will be automatically assigned to each CAS user on login. Use this to automatically give CAS users additional privileges or to identify CAS users to other modules.'), '#default_value' => $auto_assigned_roles, '#options' => $roles, '#states' => array('invisible' => array('input[name="user_accounts[auto_assigned_roles_enable]"]' => array('checked' => FALSE))));
$form['logout'] = array('#type' => 'details', '#title' => $this->t('Logout Behavior'), '#open' => FALSE, '#tree' => TRUE);
$form['logout']['cas_logout'] = array('#type' => 'checkbox', '#title' => $this->t('Drupal Logout Triggers CAS Logout'), '#description' => $this->t('When enabled, users that log out of your Drupal site will then be logged out of your CAS server as well. This is done by redirecting the user to the CAS logout page.'), '#default_value' => $config->get('logout.cas_logout'));
$form['logout']['logout_destination'] = array('#type' => 'textfield', '#title' => $this->t('Logout destination'), '#description' => $this->t('Drupal path or URL. Enter a destination if you want the CAS Server to ' . 'redirect the user after logging out of CAS.'), '#default_value' => $config->get('logout.logout_destination'));
$form['logout']['enable_single_logout'] = array('#type' => 'checkbox', '#title' => $this->t('Enable single log out?'), '#default_value' => $config->get('logout.enable_single_logout'), '#description' => $this->t('If enabled (and your CAS server supports it), ' . 'users will be logged out of your Drupal site when they log out of your ' . 'CAS server. NOTE: THIS WILL REMOVE A SECURITY HARDENING FEATURE ADDED ' . 'IN DRUPAL 8! Session IDs to be stored unhashed in the database.'));
$form['proxy'] = array('#type' => 'details', '#title' => $this->t('Proxy'), '#open' => FALSE, '#tree' => TRUE, '#description' => $this->t('These options relate to the proxy feature of the CAS protocol, ' . 'including configuring this client as a proxy and configuring ' . 'this client to accept proxied connections from other clients.'));
$form['proxy']['initialize'] = array('#type' => 'checkbox', '#title' => $this->t('Initialize this client as a proxy?'), '#description' => $this->t('Initializing this client as a proxy allows it to access ' . 'CAS-protected resources from other clients that have been ' . 'configured to accept it as a proxy.'), '#default_value' => $config->get('proxy.initialize'));
$form['proxy']['can_be_proxied'] = array('#type' => 'checkbox', '#title' => $this->t('Allow this client to be proxied?'), '#description' => $this->t('Allow other CAS clients to access this site\'s resources via the ' . 'CAS proxy protocol. You will need to configure a list of allowed ' . 'proxies below.'), '#default_value' => $config->get('proxy.can_be_proxied'));
$form['proxy']['proxy_chains'] = array('#type' => 'textarea', '#title' => $this->t('Allowed proxy chains'), '#description' => $this->t('A list of proxy chains to allow proxy connections from. Each line ' . 'is a chain, and each chain is a whitespace delimited list of ' . 'URLs for an allowed proxy in the chain, listed from most recent ' . '(left) to first (right). Each URL in the chain can be either a ' . 'plain URL or a URL-matching regular expression (delimited only by ' . 'slashes). Only if the proxy list returned by the CAS Server exactly ' . 'matches a chain in this list will a proxy connection be allowed.'), '#default_value' => $config->get('proxy.proxy_chains'));
$form['debugging'] = array('#type' => 'details', '#title' => $this->t('Debugging'), '#open' => FALSE, '#tree' => TRUE, '#description' => $this->t('These options are for debugging only, and are not meant to be used ' . 'in normal production usage.'));
$form['debugging']['log'] = array('#type' => 'checkbox', '#title' => $this->t('Log debug information?'), '#description' => $this->t('This is not meant for production sites! Enable this to log debug ' . 'information about the interactions with the CAS Server to the ' . 'Drupal log.'), '#default_value' => $config->get('debugging.log'));
return parent::buildForm($form, $form_state);
}
