This repository has been archived by the owner on Mar 14, 2019. It is now read-only.
forked from nesi/user_shibboleth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
103 lines (93 loc) · 4.31 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
/**
* ownCloud - user_shibboleth
*
* Copyright (C) 2013 Andreas Ergenzinger andreas.ergenzinger@uni-konstanz.de
*
* This library is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this library. If not, see <http://www.gnu.org/licenses/>.
*/
require_once '../../lib/base.php';
$location = \OC::$WEBROOT . "/index.php/apps/files/";
function kill($data){
echo "<pre>";
die(var_dump($data));
echo "</pre>";
}
$enabled = \OCP\App::isEnabled('user_shibboleth');
$sessionsHandlerUrl = \OCP\Config::getAppValue('user_shibboleth', 'sessions_handler_url', '');
syslog("user shibboleth enabled? $enabled");
//syslog("sessionsHandlerUrl is $sessionsHandlerUrl");
$sessionInitiatorLocation = \OCP\Config::getAppValue('user_shibboleth', 'session_initiator_location', '');
if ($enabled && $sessionsHandlerUrl !== '' && $sessionInitiatorLocation !== '') {//enabled and hopefully configured
//see if user is authenticated via shibboleth
$idp = \OCA\user_shibboleth\Auth::getShibIdentityProvider();
if ($idp) {
$persistentId = \OCA\user_shibboleth\Auth::getPersistentId();
$mail = \OCA\user_shibboleth\Auth::getMail();
$dn = \OCA\user_shibboleth\Auth::getDisplayName();
//exit if attributes weren't retrieved
if ($persistentId === false || $mail === false) {
$msg = 'unavailable attributes: ';
if ($persistentId === false)
$msg .= 'persistentID ';
if ($mail === false)
$msg .= 'mail';
\OCP\Util::writeLog('user_shibboleth', $msg, \OCP\Util::ERROR);
\OCA\user_shibboleth\LoginLib::printPage('Attributes unavailable',
'Some attributes could not be retrieved from the identity provider.<p/><a href="' . \OC::$WEBROOT . '">Return to the login page</a>');
exit();
}
//check for potential email address spoofing
if ((\OCP\Config::getAppValue('user_shibboleth', 'enforce_domain_similarity', '0') === '1') && !\OCA\user_shibboleth\LoginLib::checkMailOrigin($idp, $mail)) {
//log and print error page
\OCP\Util::writeLog('user_shibboleth', 'domain mismatch: ' . $idp . ' ' . $mail, \OCP\Util::ERROR);
\OCA\user_shibboleth\LoginLib::printPage('Domain Mismatch', 'The domain of your identity provider does not match the domain part of your email address. This event has been logged.');
exit();
}
//distinguish between internal (those in the LDAP) and external Shibboleth users
$adapter = new \OCA\user_shibboleth\LdapBackendAdapter();
$loginName = $adapter->getUuid($mail);
if ($loginName) {//user is internal, backends are enabled, and user mapping is active
$adapter->initializeUser($loginName);
} else {//user is external
//crop $mail to fit into display_name column of oc_shibboleth_user
if (strlen($mail) > 64) {
$mail = substr($mail, 0, 64);
}
//make sure that user entry exists in oc_shibboleth_user
$loginName = \OCA\user_shibboleth\LoginLib::persistentId2LoginName($persistentId);
$displayName = $mail;
if (\OCA\user_shibboleth\DB::loginNameExists($loginName)) {
//update display name if it has changed since last login
if ($displayName !== \OCA\user_shibboleth\DB::getDisplayName($loginName)) {
\OCA\user_shibboleth\DB::updateDisplayName($loginName, $displayName);
}
} else {
//create a new user account
$homeDir = \OCA\user_shibboleth\LoginLib::getHomeDirPath($loginName);
\OCA\user_shibboleth\DB::addUser($loginName, $displayName, $homeDir);
}
}
//perform OC login
\OC_User::login($loginName, 'irrelevant');
\OCP\Util::writeLog('user_shibboleth', 'Login '.$loginName, \OCP\Util::DEBUG);
} else {//not authenticated, yet
//follow shibboleth authentication procedure
$location = $sessionsHandlerUrl . $sessionInitiatorLocation . '?target=' . \OCA\user_shibboleth\LoginLib::getForwardingPageUrl();
}
} else {
\OCP\Util::writeLog('user_shibboleth', 'backend not enabled or not configured', \OCP\Util::INFO);
}
header('Location: ' . $location);
?>