TomaHost/Chamilo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upgrade

Browse Source
This commit is contained in:
Xes
2025-08-14 22:37:50 +02:00
parent fb6d5d5926
commit 3641e93527
9156 changed files with 1813532 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
main/auth/shibboleth/_readme.txt Normal file
View File

@@ -0,0 +1,10 @@
Shibboleth authentication module.
@license see /license.txt
@author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
To use install Shibboleth on your web server and secure the application url
with a web server security directive.
Modify configuration to your federation's needs.

158
main/auth/shibboleth/app/controller/shibboleth_controller.class.php Normal file
View File

@@ -0,0 +1,158 @@
<?php
namespace Shibboleth;
use \Redirect;
use \Display;
use IndexManager;
/**
* Controller for the Shibboleth authentication system.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethController
{
/**
*
* @return ShibbolethController
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
/**
* Log user in with Shibboleth authentication
*/
function login()
{
if (Shibboleth::session()->is_logged_in())
{
Redirect::home();
}
$user = Shibboleth::store()->get_user();
if ($user->is_empty())
{
$message = get_lang('SystemCouldNotLogYouIn');
Shibboleth::display()->error_page($message);
}
$is_new_user = !User::store()->shibboleth_id_exists($user->unique_id);
if ($is_new_user && empty($user->email) && Shibboleth::config()->is_email_mandatory)
{
$form = ShibbolethEmailForm::instance();
if ($email = $form->get_email())
{
$user->email = $email;
}
else
{
$content = $form->display();
Shibboleth::display()->page($content);
}
}
Shibboleth::save($user);
$chamilo_user = User::store()->get_by_shibboleth_id($user->unique_id);
Shibboleth::session()->login($chamilo_user->user_id);
if ($is_new_user && $user->status_request)
{
Shibboleth::redirect('/main/auth/shibboleth/app/view/request.php');
}
else
{
Shibboleth::redirect();
}
}
/**
* Log user in using the standard Chamilo way of logging in.
* Useful when the normal login screen is removed from the user interface
* - replaced by Shibboleth login - and user want to login using a standard
* account
*/
public function admin_login()
{
$title = get_lang('InternalLogin');
if (Shibboleth::session()->is_logged_in())
{
$message = get_lang('AlreadyLoggedIn');
Shibboleth::display()->message_page($message, $title);
}
$index_manager = new IndexManager('');
$html = $index_manager->display_login_form();
Shibboleth::display()->page($html, $title);
}
/**
* Display the request new status page to administrator for new users.
*/
public function request_status()
{
/*
* That may happen if a user visit that url again.
*/
if (!Shibboleth::session()->is_logged_in())
{
Shibboleth::redirect();
}
$user = Shibboleth::session()->user();
if ($user['status'] == Shibboleth::TEACHER_STATUS)
{
//Maximum user right is reached.
Shibboleth::redirect();
}
$form = ShibbolethStatusRequestForm::instance();
if ($form->cancelled())
{
Shibboleth::redirect();
}
if ($reason = $form->get_reason())
{
$subject = get_lang('RequestStatus');
$status = $form->get_status();
$status = Shibboleth::format_status($status);
$message = <<<EOT
New status: $status
Reason:
$reason
EOT;
$success = Shibboleth::email_admin($subject, $message);
if ($success)
{
$request_submitted = get_lang('RequestSubmitted');
Shibboleth::display()->message_page($request_submitted);
}
else
{
$request_failed = get_lang('RequestFailed');
Shibboleth::display()->error_page($request_failed);
}
}
$title = get_lang('RequestStatus');
Display :: display_header($title);
echo $form->display();
Display :: display_footer();
}
}

44
main/auth/shibboleth/app/model/admin.class.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
namespace Shibboleth;
require_once __DIR__.'/scaffold/admin.class.php';
/**
* A Chamilo admin. Model for the Admin table.
*
* Should be moved to the core. It only exists because it is not available through
* the API.
*
* The _Admin objet is generated by the scaffolder. Admin inherits from it to allow
* modifications without touching the generated file. Don't modify _Admin as
* it may change in the future. Instead add modifications to this class.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Admin extends _Admin
{
}
/**
* Store for Admin objects. Interact with the database. Allows to save and retrieve
* admin objects.
*
* Should be moved to the core. It only exists because it is not available through
* the API.
*
* The _AdminStore objet is generated by the scaffolder. This class inherits from it to allow
* modifications without touching the generated file. Don't modify the _ object as
* it may change in the future. Instead add modifications to this class.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class AdminStore extends _AdminStore
{
}

134
main/auth/shibboleth/app/model/scaffold/admin.class.php Normal file
View File

@@ -0,0 +1,134 @@
<?php
namespace Shibboleth;
/**
* This file is autogenerated. Do not modifiy it.
*/
/**
*
* Model for table admin
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class _Admin
{
/**
* Store for Admin objects. Interact with the database.
*
* @return AdminStore
*/
public static function store()
{
static $result = false;
if (empty($result))
{
$result = new AdminStore();
}
return $result;
}
/**
*
* @return Admin
*/
public static function create($data = null)
{
return self::store()->create_object($data);
}
public $user_id = null;
/**
*
* @return bool
*/
public function save()
{
return self::store()->save($this);
}
}
/**
* Store for Admin objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class _AdminStore extends Store
{
/**
*
* @return AdminStore
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function __construct()
{
parent::__construct('admin', '\Shibboleth\Admin', 'user_id');
}
/**
*
* @return Admin
*/
public function get($w)
{
$args = func_get_args();
$f = array('parent', 'get');
return call_user_func_array($f, $args);
}
/**
*
* @return Admin
*/
public function create_object($data)
{
return parent::create_object($data);
}
/**
*
* @return Admin
*/
public function get_by_user_id($value)
{
return $this->get(array('user_id' => $value));
}
/**
*
* @return bool
*/
public function user_id_exists($value)
{
return $this->exist(array('user_id' => $value));
}
/**
*
* @return bool
*/
public function delete_by_user_id($value)
{
return $this->delete(array('user_id' => $value));
}
}

185
main/auth/shibboleth/app/model/scaffold/user.class.php Normal file
View File

@@ -0,0 +1,185 @@
<?php
namespace Shibboleth;
/**
* This file is autogenerated. Do not modifiy it.
*/
/**
*
* Model for table user
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class _User
{
/**
* Store for User objects. Interact with the database.
*
* @return UserStore
*/
public static function store()
{
static $result = false;
if (empty($result))
{
$result = new UserStore();
}
return $result;
}
/**
*
* @return User
*/
public static function create($data = null)
{
return self::store()->create_object($data);
}
public $user_id = null;
public $lastname = null;
public $firstname = null;
public $username = null;
public $password = null;
public $auth_source = null;
public $shibb_unique_id = null;
public $email = null;
public $status = null;
public $official_code = null;
public $phone = null;
public $picture_uri = null;
public $creator_id = null;
public $competences = null;
public $diplomas = null;
public $openarea = null;
public $teach = null;
public $productions = null;
public $language = null;
public $registration_date = null;
public $expiration_date = null;
public $active = null;
public $openid = null;
public $theme = null;
public $hr_dept_id = null;
public $shibb_persistent_id = null;
/**
*
* @return bool
*/
public function save()
{
return self::store()->save($this);
}
}
/**
* Store for User objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class _UserStore extends Store
{
/**
*
* @return UserStore
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function __construct()
{
parent::__construct('user', '\Shibboleth\User', 'user_id');
}
/**
*
* @return User
*/
public function get($w)
{
$args = func_get_args();
$f = array('parent', 'get');
return call_user_func_array($f, $args);
}
/**
*
* @return User
*/
public function create_object($data)
{
return parent::create_object($data);
}
/**
*
* @return User
*/
public function get_by_user_id($value)
{
return $this->get(array('user_id' => $value));
}
/**
*
* @return bool
*/
public function user_id_exists($value)
{
return $this->exist(array('user_id' => $value));
}
/**
*
* @return bool
*/
public function delete_by_user_id($value)
{
return $this->delete(array('user_id' => $value));
}
/**
*
* @return User
*/
public function get_by_username($value)
{
return $this->get(array('username' => $value));
}
/**
*
* @return bool
*/
public function username_exists($value)
{
return $this->exist(array('username' => $value));
}
/**
*
* @return bool
*/
public function delete_by_username($value)
{
return $this->delete(array('username' => $value));
}
}

197
main/auth/shibboleth/app/model/shibboleth_store.class.php Normal file
View File

@@ -0,0 +1,197 @@
<?php
namespace Shibboleth;
/**
* Returns Shibboleth user's values based on Shibboleth's configuration.
* Shibboleth returns not only whether a user is authenticated but returns as
* well several paralemeter fields.
*
* If a user is not authenticated nothing is returned.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethStore
{
/**
*
* @return ShibbolethStore
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
/**
*
* @return ShibbolethConfig
*/
public static function config()
{
return Shibboleth::config();
}
public function get_unique_id()
{
return $this->get(__FUNCTION__);
}
/**
* If the user has more than one surname, it is possible depending of the user
* home organization that they are all given to the resource.
* In the case of the University of Geneva, with two surnames, three different values
* for the surname are sent. They are:
* 1) "givenname1"
* 2) "givenname2"
* 3) "givenname1 givenname2"
* meaning the string is as follow: "givenname1;givenname2;givenname1 givenname2"
*
* In such a case, the correct surname is the one which is followed by a space.
* This function tests if such a situation is encountered, and returns the first given name.
*
* @author Nicolas Rod
*/
public function get_firstname()
{
$result = $this->get(__FUNCTION__);
if (!is_array($result))
{
$result = ucfirst($result);
return $result;
}
foreach ($result as $name)
{
$parts = explode(' ', $name);
if (count($parts) > 1)
{
$result = reset($parts);
$result = ucfirst($result);
return $result;
}
}
$result = reset($result);
$result = ucfirst($result);
return $result;
}
public function get_lastname()
{
$result = $this->get(__FUNCTION__);
$result = ucfirst($result);
return $result;
}
public function get_email()
{
return $this->get(__FUNCTION__);
}
public function get_language()
{
return $this->get(__FUNCTION__);
}
public function get_gender()
{
return $this->get(__FUNCTION__);
}
public function get_address()
{
return $this->get(__FUNCTION__);
}
public function get_staff_category()
{
return $this->get(__FUNCTION__);
}
public function get_home_organization_type()
{
return $this->get(__FUNCTION__);
}
public function get_home_organization()
{
return $this->get(__FUNCTION__);
}
public function get_affiliation()
{
return $this->get(__FUNCTION__);
}
/**
* @return ShibbolethUser
*/
public function get_user()
{
$result = new ShibbolethUser();
foreach ($result as $key => $val)
{
$f = array($this, "get_$key");
if (is_callable($f))
{
$result->{$key} = call_user_func($f);
}
}
return $result;
}
/**
* Returns the shibboleth value stored in $_SERVER if it exists or $default if it is not the case.
*
* @param string $name the generic name. I.e. one of the class const.
* @param string $default default value if it is not provided by Shibboleth
* @return string
*/
public function get($name = '', $default = '')
{
$config = (array) Shibboleth::config();
if ($name)
{
$name = str_replace('get_', '', $name);
$shib_name = isset($config[$name]) ? $config[$name] : '';
if ($shib_name)
{
$result = isset($_SERVER[$shib_name]) ? $_SERVER[$shib_name] : $default;
$result = explode(';', $result);
if (empty($result))
{
$result = $default;
}
else if (count($result) == 1)
{
$result = reset($result);
}
else
{
$result = $result;
}
return $result;
}
}
$result = array();
foreach ($config as $key => $val)
{
$f = array($this, "get_$key");
if (is_callable($f))
{
$result[$key] = call_user_func($f);
}
}
return $result;
}
}

33
main/auth/shibboleth/app/model/shibboleth_user.class.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
namespace Shibboleth;
/**
* Represent a Shibboleth user. Not to be missunderstand with a Chamilo user
* since they don't have the same attributes.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethUser
{
public $unique_id = '';
public $firstname = '';
public $lastname = '';
public $email = '';
public $language = '';
public $gender = '';
public $address = '';
public $staff_category = '';
public $home_organization_type = '';
public $home_organization = '';
public $affiliation = '';
public $persistent_id = '';
public function is_empty()
{
return empty($this->unique_id);
}
}

95
main/auth/shibboleth/app/model/user.class.php Normal file
View File

@@ -0,0 +1,95 @@
<?php
namespace Shibboleth;
require_once __DIR__.'/scaffold/user.class.php';
/**
* A Chamilo user. Model for the User table.
*
* Should be moved to the core. It only exists because it is not available through
* the API.
*
* The _User objet is generated by the scaffolder. User inherits from it to allow
* modifications without touching the generated file. Don't modify _User as
* it may change in the future. Instead add modifications to this class.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class User extends _User
{
}
/**
* Store for User objects. Interact with the database. Allows to save and retrieve
* user objects.
*
* Should be moved to the core. It only exists because it is not available through
* the API.
*
* The _UserStore objet is generated by the scaffolder. This class inherits from it to allow
* modifications without touching the generated file. Don't modify the _ object as
* it may change in the future. Instead add modifications to this class.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class UserStore extends _UserStore
{
function __construct()
{
parent::__construct();
ShibbolethUpgrade::update();
}
/**
*
* @param string $id
* @return User
*/
public function get_by_shibboleth_id($id)
{
return $this->get(array('shibb_unique_id' => $id));
}
/**
* @param string $id
*/
public function shibboleth_id_exists($id)
{
return $this->exist(array('shibb_unique_id' => $id));
}
/**
*
* @param User $object
*/
protected function before_save($object)
{
$object->username = $object->username ? $object->username : $this->generate_username();
$object->password = $object->password ? $object->password : api_generate_password();
$object->language = $object->language ? $object->language : $this->default_language();
}
function default_language()
{
return api_get_setting('platformLanguage');
}
function generate_username()
{
$result = uniqid('s', true);
$result = str_replace('.', '', $result);
while ($this->username_exists($result))
{
$result = uniqid('s', true);
$result = str_replace('.', '', $result);
}
return $result;
}
}

266
main/auth/shibboleth/app/shibboleth.class.php Normal file
View File

@@ -0,0 +1,266 @@
<?php
namespace Shibboleth;
use \Redirect;
/**
* Shibboleth main class. Provides access to various Shibboleth sub components and
* provides the high level functionalities.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Shibboleth
{
const NAME = 'shibboleth';
const UNKNOWN_STATUS = -1;
const TEACHER_STATUS = 1;
const STUDENT_STATUS = 5;
static $config = null;
public static function format_status($status)
{
if ($status == Shibboleth::TEACHER_STATUS) {
return 'Teacher';
} else if ($status == Shibboleth::STUDENT_STATUS) {
return 'Student';
} else if ($status == Shibboleth::UNKNOWN_STATUS) {
return 'Unknown';
} else {
return '???';
}
}
/**
*
* @return ShibbolethConfig
*/
public static function config()
{
self::$config = self::$config ? self::$config : new ShibbolethConfig();
return self::$config;
}
public static function set_config($config)
{
self::$config = $config;
}
/**
*
* @return ShibbolethSession
*/
public static function session()
{
return ShibbolethSession::instance();
}
/**
*
* @return ShibbolethStore
*/
public static function store()
{
return ShibbolethStore::instance();
}
/**
*
* @return ShibbolethDisplay
*/
public static function display()
{
return ShibbolethDisplay::instance();
}
public static function sys_path()
{
$path = __DIR__.'/../';
return $path;
}
public static function url($path = '')
{
$result = api_get_path('WEB_PATH');
$result .= '/main/auth/shibboleth/' . $path;
return $result;
}
public static function redirect($url = '')
{
if (empty($url)) {
$url = isset($_SESSION['shibb_direct_url']) ? $_SESSION['shibb_direct_url'] : '';
unset($_SESSION['shibb_direct_url']);
/*
* Tests if the user tried to login directly in a protected course before to come here
* (this variable could be set in the modified code of /chamilo/inc/lib/main_api.lib.php)
*
* Note:
* this part was added to give the possibility to access Chamilo directly on a course URL from a link diplayed in a portal.
* This is not a direct Shibboleth related functionnality, but this could be used in a shibbolethized
* Dokeos installation, mainly if you have a SSO system in your network.
* Please note that the file /claroline/inc/lib/main_api.lib.php must be adapted to your Shibboleth settings
* If any interest or question, please contact Nicolas.Rod_at_adm.unige.ch
*
*/
}
if ($url) {
//needed to log the user in his courses. Normally it is done by visiting /chamilo/index.php
// $include_path = api_get_path(INCLUDE_PATH);
// require("$include_path/local.inc.php");
//
// if (strpos($url, '?') === false) {
// $url = "$url?";
// }
//
// $rootWeb = api_get_path('WEB_PATH');
// $first_slash_pos = strpos($rootWeb, '/', 8);
// $rootWeb_wo_uri = substr($rootWeb, 0, $first_slash_pos);
// $url = $rootWeb_wo_uri . $course_url . '_stop';
Redirect::go($url);
}
Redirect::home();
}
/**
*
* @param ShibbolethUser $shibb_user
*/
public static function save($shibb_user)
{
$shibb_user->status = self::infer_user_status($shibb_user);
$shibb_user->status_request = self::infer_status_request($shibb_user);
$shibb_user->shibb_unique_id = $shibb_user->unique_id;
$shibb_user->shibb_persistent_id = $shibb_user->persistent_id;
$user = User::store()->get_by_shibboleth_id($shibb_user->unique_id);
if (empty($user)) {
$shibb_user->auth_source == self::NAME;
return User::create($shibb_user)->save();
}
$shibb_user->status_request = false;
$fields = self::config()->update_fields;
foreach ($fields as $key => $updatable) {
if ($updatable) {
$user->{$key} = $shibb_user->{$key};
}
}
$user->auth_source == self::NAME;
$user->shibb_unique_id = $shibb_user->shibb_unique_id;
$user->shibb_persistent_id = $shibb_user->shibb_persistent_id;
$user->save();
return $result;
}
/**
* Infer the rights/status the user can have in Chamilo based on his affiliation attribute
*
* @param ShibbolethUser $user
* @return The Chamilo user status, one of TEACHER, STUDENT or UNKNOWN
*/
public static function infer_user_status($user)
{
$affiliations = $user->affiliation;
$affiliations = is_array($affiliations) ? $affiliations : array($affiliations);
$map = self::config()->affiliation_status;
$rights = array();
foreach ($affiliations as $affiliation) {
$affiliation = strtolower($affiliation);
if (isset($map[$affiliation])) {
$right = $map[$affiliation];
$rights[$right] = $right;
}
}
$teacher_status = isset($rights[self::TEACHER_STATUS]);
$student_status = isset($rights[self::STUDENT_STATUS]);
//if the user has got teacher rights, we doesn't check anything else
if ($teacher_status) {
return self::TEACHER_STATUS;
}
if ($student_status) {
return self::STUDENT_STATUS;
}
$result = self::config()->default_status;
$result = (int) $result;
$result = ($result == Shibboleth::TEACHER_STATUS || $result == Shibboleth::STUDENT_STATUS) ? $result : Shibboleth::UNKNOWN_STATUS;
return $result;
}
/**
* Return true if the user can ask for a greater status than student.
* This happens for staff members.
*
* @param ShibbolethUser $user
* @return boolean
*/
public static function infer_status_request($user)
{
if ($user->status == self::TEACHER_STATUS) {
return false;
}
if ($user->status == self::UNKNOWN_STATUS) {
return true;
}
$config = Shibboleth::config();
$affiliations = $user->affiliation;
$affiliations = is_array($affiliations) ? $affiliations : array($affiliations);
foreach ($affiliations as $affiliation) {
$result = isset($config->affiliation_status_request[$affiliation]) ? $config->affiliation_status_request[$affiliation] : false;
if ($result) {
return true;
}
}
return false;
}
/**
* Sends an email to the Chamilo and Shibboleth administrators in the name
* of the logged-in user.
*
* @param string $subject
*/
public static function email_admin($subject, $message)
{
$user = Shibboleth::session()->user();
$firstname = $user['firstname'];
$lastname = $user['lastname'];
$email = $user['email'];
$status = $user['status'];
$status = self::format_status($status);
$signagure = <<<EOT
_________________________
$firstname $lastname
$email
$status
EOT;
$message .= $signagure;
$header = "From: $email \n";
$shibb_admin_email = Shibboleth::config()->admnistrator_email;
if ($shibb_admin_email) {
$header .= "Cc: $shibb_admin_email";
}
$administrator_email = api_get_setting('emailAdministrator');
$result = mail($administrator_email, $subject, $message);
return (bool) $result;
}
}

18
main/auth/shibboleth/app/view/admin_login.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
namespace Shibboleth;
/**
* Administratrive login. Useful when the standard login is not available anymore
* which is usually the case.
*
* This page allow administrators to log into the application using the standard
* Chamilo method when Shibboleth is not available.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
$dir = __DIR__;
include_once "$dir/../../init.php";
ShibbolethController::instance()->admin_login();

20
main/auth/shibboleth/app/view/request.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
namespace Shibboleth;
/**
* Display the Request another status/additional rights. The request is emailed
* to the shibboleth and platform administrators for processing.
*
* Users such as staff that can be either student or teachers are presented with
* this page upon first login.
*
* Other users - teachers, students - are directly logged-in.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
$dir = __DIR__;
include_once "$dir/../../init.php";
ShibbolethController::instance()->request_status();

66
main/auth/shibboleth/app/view/shibboleth_display.class.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
namespace Shibboleth;
use \Display;
/**
* Utility display functions tailored for the Shibboleth pluging.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethDisplay
{
/**
*
* @return ShibbolethDisplay
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
/**
* @param string $message
*/
public function error_page($message)
{
$page_title = get_lang('ShibbolethLogin');
Display :: display_header($page_title);
echo Display::return_message($message, 'error');
Display :: display_footer();
die;
}
/**
* @param string $message
*/
public function message_page($message, $title = '')
{
$title = $title ? $title : get_lang('ShibbolethLogin');
Display::display_header($title);
echo Display::return_message($message, 'confirm');
Display::display_footer();
die;
}
public function page($content, $title = '')
{
$title = $title ? $title : get_lang('ShibbolethLogin');
Display :: display_header($title);
echo $content;
Display :: display_footer();
die;
}
}

51
main/auth/shibboleth/app/view/shibboleth_email_form.class.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
namespace Shibboleth;
/**
* Enter email form. When the email is mandatory and the Shibboleth email user field
* is empty the system display this form and ask the user to provide an email.
*
* @todo: add email validation
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethEmailForm
{
/**
*
* @return ShibbolethEmailForm
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
function display()
{
$email = get_lang('Email');
$submit = get_lang('Submit');
return <<<EOT
<form id="email_form" action="" method="post">
<label for="">$email</label>
<input type="text" value="" tabindex="1" name="email" id="email_email" class=""><br/>
<input type="submit" value="$submit" tabindex="2" name="submit" id="email_submit" class="submit">
</form>
EOT;
}
function get_email()
{
return isset($_POST['email']) ? $_POST['email'] : '';
}
}

97
main/auth/shibboleth/app/view/shibboleth_status_request_form.class.php Normal file
View File

@@ -0,0 +1,97 @@
<?php
namespace Shibboleth;
use Display;
/**
* Status request form. Display a form allowing the user to request additional
* rights/ another status.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethStatusRequestForm
{
/**
*
* @return ShibbolethStatusRequestForm
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
function display()
{
if ($this->is_submitted() && $this->get_reason() == '')
{
$reason_is_mandatory = get_lang('ReasonIsMandatory');
echo Display::return_message($reason_is_mandatory, 'error');
}
$status_request_message = get_lang('StatusRequestMessage');
$label_new_status = get_lang('NewStatus');
$label_reason = get_lang('Reason');
$label_ok = get_lang('Ok');
$label_cancel = get_lang('Cancel');
$user = Shibboleth::session()->user();
$items = array();
if ($user['status'] == Shibboleth::UNKNOWN_STATUS)
{
$items[Shibboleth::STUDENT_STATUS] = get_lang('Student');
}
$items[Shibboleth::TEACHER_STATUS] = get_lang('Teacher');
$status_options = '';
foreach ($items as $key => $value)
{
$status_options.= "<option value=\"$key\">$value</option>";
}
return <<<EOT
<div id="askAccountText">
<p>$status_request_message</p>
</div>
<form method="post" action="request.php" id="status_request_form">
<input type="hidden" name="formPosted" value="true"/>
<label for="status">$label_new_status:</label>
<select name="status">
$status_options
</select>
<label for="reason">$label_reason:</label>
<textarea name="reason" style="min-width:400px; min-height:100px;"></textarea>
<p><input name="submit" type="submit" value="$label_ok" style="margin-right:10px;"/><input name="cancel" type="submit" value="$label_cancel" /></p>
</form>
EOT;
}
public function is_submitted()
{
return isset($_POST['submit']) ? $_POST['submit'] : false;
}
public function cancelled()
{
return isset($_POST['cancel']) ? $_POST['cancel'] : false;
}
function get_reason()
{
return isset($_POST['reason']) ? $_POST['reason'] : '';
}
function get_status()
{
return isset($_POST['status']) ? $_POST['status'] : '';
}
}

16
main/auth/shibboleth/config-dist.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
namespace Shibboleth;
/**
* Example of a config.php file. Not used. Configuration must appear in
* config.php.
*
* By default set up the aai configuration.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
require_once __DIR__.'/config/aai.class.php';
Shibboleth::set_config(aai::config());

69
main/auth/shibboleth/config/aai.class.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
namespace Shibboleth;
/**
* Shibboleth configuration for the AAI federation.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class aai
{
/**
*
* @return ShibbolethConfig
*/
public static function config()
{
$result = new ShibbolethConfig();
$result->unique_id = 'Shib-SwissEP-UniqueID';
$result->firstname = 'Shib-InetOrgPerson-givenName';
$result->lastname = 'Shib-Person-surname';
$result->email = 'Shib-InetOrgPerson-mail';
$result->language = 'Shib-InetOrgPerson-preferredLanguage';
$result->gender = 'Shib-SwissEP-Gender';
$result->address = 'Shib-OrgPerson-postalAddress';
$result->staff_category = 'Shib-SwissEP-StaffCategory';
$result->home_organization_type = 'Shib-SwissEP-HomeOrganizationType';
$result->home_organization = 'Shib-SwissEP-HomeOrganization';
$result->affiliation = 'Shib-EP-Affiliation';
$result->persistent_id = 'persistent-id';
$result->default_status = Shibboleth::STUDENT_STATUS;
$result->affiliation_status = array(
'faculty' => Shibboleth::TEACHER_STATUS,
'member' => Shibboleth::STUDENT_STATUS,
'staff' => Shibboleth::STUDENT_STATUS,
'student' => Shibboleth::STUDENT_STATUS,
);
$result->update_fields = array(
'firstname' => true,
'lastname' => true,
'email' => true,
'status' => false,
'persistent_id' => true,
);
/*
* Persistent id should never change but it was introduced after unique id.
* So we update persistent id on login for those users who are still missing it.
*/
$result->is_email_mandatory = true;
$result->affiliation_status_request = array(
'faculty' => false,
'member' => false,
'staff' => true,
'student' => false,
);
$result->admnistrator_email = '';
return $result;
}
}

85
main/auth/shibboleth/db/shibboleth_upgrade.class.php Normal file
View File

@@ -0,0 +1,85 @@
<?php
namespace Shibboleth;
use \Database;
/**
* Migrate the datatabase. Adds needed fields by Shibboleth to the User table.
* Upgrade is checked at each user login so there is no need to manually run
* an upgrade.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethUpgrade
{
/**
* Create additional fields required by the shibboleth plugin if those
* are missing.
*/
public static function update()
{
static $done = false;
if ($done)
{
return false;
}
$done = true;
self::create_shibb_unique_id_field_if_missing();
self::create_shibb_persistent_id_field_if_missing();
}
/**
* Creates the 'shibb_unique_id' field in the table 'user' of the main Chamilo database if it doesn't exist yet
*
* @author Nicolas Rod
* @return false|null
*/
public static function create_shibb_unique_id_field_if_missing()
{
$db_name = Database :: get_main_database();
$sql = "SELECT * FROM `$db_name`.`user` LIMIT 1";
$result = Database::query($sql);
$row = mysql_fetch_assoc($result);
$exists = array_key_exists('shibb_unique_id', $row);
if ($exists)
{
return false;
}
//create the 'shibb_unique_id' field
$sql = "ALTER TABLE `$db_name`.`user` ADD `shibb_unique_id` VARCHAR( 60 ) AFTER `auth_source`";
$result_alter = Database::query($sql);
/*
* Index cannot be a UNIQUE index as it may exist users which don't log in through Shibboleth
* and therefore don't have any value for 'shibb_unique_id'
*/
$sql = "ALTER TABLE `$db_name`.`user` ADD INDEX ( `shibb_unique_id` )";
$result_alter = Database::query($sql);
}
public static function create_shibb_persistent_id_field_if_missing()
{
$db_name = Database :: get_main_database();
$sql = "SELECT * FROM $db_name.user LIMIT 1";
$result = Database::query($sql);
$row = mysql_fetch_assoc($result);
$exists = array_key_exists('shibb_persistent_id', $row);
if ($exists)
{
return false;
}
$sql = "ALTER table $db_name.user ADD COLUMN shibb_persistent_id varchar(255) NULL DEFAULT NULL;";
$result = Database::query($sql);
return (bool) $result;
}
}

8
main/auth/shibboleth/index.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
/**
* Display nothing. This ensure Apache doesn't display the list of files and folders
* when it is not propertly configured.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/

23
main/auth/shibboleth/init.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
namespace Shibboleth;
/**
* Initialize the Shibboleth authentication system. All scripts that can be directly
* called must include this file
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
$__dir = __DIR__.'/';
$no_redirection = true; //no redirection in global.
include_once($__dir . '/../../inc/global.inc.php');
require_once $__dir . 'config.php';
if (api_get_setting('server_type') == 'test')
{
include_once $__dir . '/test/shibboleth_test_helper.class.php';
include_once $__dir . '/test/shibboleth_test.class.php';
}

14
main/auth/shibboleth/lib/model.class.php Normal file
View File

@@ -0,0 +1,14 @@
<?php
namespace Shibboleth;
/**
* Description of model
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Model
{
}

64
main/auth/shibboleth/lib/scaffolder/scaffolder.class.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
namespace Shibboleth;
/**
* Scaffolder. Genereate code templates from the database layout.
* See /template/ for the code being generated
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Scaffolder
{
/**
*
* @staticvar boolean $result
* @return Scaffolder
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function scaffold($table_name, $class_name = '', $prefix = '_')
{
$db_name = Database :: get_main_database();
$sql = "SELECT * FROM `$db_name`.`$table_name` LIMIT 1";
$fields = array();
$unique_fields = array();
$rs = Database::query($sql, null, __FILE__);
while ($field = mysql_fetch_field($rs))
{
$fields[] = $field;
if ($field->primary_key)
{
/**
* Could move that to an array to support multiple keys
*/
$id_name = $field->name;
}
if ($field->unique_key | $field->primary_key)
{
$keys[] = $field->name;
}
}
$name = $table_name;
$class_name = ucfirst($table_name);
ob_start();
include __DIR__.'/template/model.php';
$result = ob_get_clean();
return $result;
}
}

146
main/auth/shibboleth/lib/scaffolder/template/default.php Normal file
View File

@@ -0,0 +1,146 @@
<?php
/**
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
echo '<?php';
?>
namespace Shibboleth;
/**
* This file is autogenerated. Do not modifiy it.
*/
/**
*
* Model for table <?php echo $table_name ?>
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $prefix . $class_name ?>
{
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @return <?php echo $class_name ?>Store
*/
public static function store()
{
static $result = false;
if (empty($result))
{
$result = new <?php echo $class_name ?>Store();
}
return $result;
}
/**
*
* @return <?php echo $class_name ?>
*/
public static function create($data = null)
{
return self::store()->create_object($data);
}
<?php foreach($fields as $field){?>
public $<?php echo $field->name; ?> = <?php echo $field->def ? $field->def : 'null'; ?>;
<?php }?>
/**
*
* @return bool
*/
public function save()
{
return self::store()->save($this);
}
}
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $prefix . $class_name ?>Store extends Store
{
/**
*
* @return <?php echo $class_name ?>Store
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function __construct()
{
parent::__construct('<?php echo $table_name;?>', '<?php echo $class_name;?>', '<?php echo $id_name;?>');
}
/**
*
* @return <?php echo $class_name ?>
*/
public function get($w)
{
$args = func_get_args();
$f = array('parent', 'get');
return call_user_func_array($f, $args);
}
/**
*
* @return <?php echo $class_name ?>
*/
public function create_object($data)
{
return parent::create_object($data);
}
<?php foreach($keys as $key){?>
/**
*
* @return <?php echo $class_name ?>
*/
public function get_by_<?php echo $key ?>($value)
{
return $this->get(array('<?php echo $key; ?>' => $value));
}
/**
*
* @return bool
*/
public function <?php echo $key ?>_exists($value)
{
return $this->exist(array('<?php echo $key; ?>' => $value));
}
/**
*
* @return bool
*/
public function delete_by_<?php echo $key ?>($value)
{
return $this->delete(array('<?php echo $key; ?>' => $value));
}
<?php }?>
}

146
main/auth/shibboleth/lib/scaffolder/template/model.php Normal file
View File

@@ -0,0 +1,146 @@
<?php
/**
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
echo '<?php';
?>
namespace Shibboleth;
/**
* This file is autogenerated. Do not modifiy it.
*/
/**
*
* Model for table <?php echo $table_name ?>
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $prefix . $class_name ?>
{
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @return <?php echo $class_name ?>Store
*/
public static function store()
{
static $result = false;
if (empty($result))
{
$result = new <?php echo $class_name ?>Store();
}
return $result;
}
/**
*
* @return <?php echo $class_name ?>
*/
public static function create($data = null)
{
return self::store()->create_object($data);
}
<?php foreach($fields as $field){?>
public $<?php echo $field->name; ?> = <?php echo $field->def ? $field->def : 'null'; ?>;
<?php }?>
/**
*
* @return bool
*/
public function save()
{
return self::store()->save($this);
}
}
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $prefix . $class_name ?>Store extends Store
{
/**
*
* @return <?php echo $class_name ?>Store
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function __construct()
{
parent::__construct('<?php echo $table_name;?>', '<?php echo $class_name;?>', '<?php echo $id_name;?>');
}
/**
*
* @return <?php echo $class_name ?>
*/
public function get($w)
{
$args = func_get_args();
$f = array('parent', 'get');
return call_user_func_array($f, $args);
}
/**
*
* @return <?php echo $class_name ?>
*/
public function create_object($data)
{
return parent::create_object($data);
}
<?php foreach($keys as $key){?>
/**
*
* @return <?php echo $class_name ?>
*/
public function get_by_<?php echo $key ?>($value)
{
return $this->get(array('<?php echo $key; ?>' => $value));
}
/**
*
* @return bool
*/
public function <?php echo $key ?>_exists($value)
{
return $this->exist(array('<?php echo $key; ?>' => $value));
}
/**
*
* @return bool
*/
public function delete_by_<?php echo $key ?>($value)
{
return $this->delete(array('<?php echo $key; ?>' => $value));
}
<?php }?>
}

39
main/auth/shibboleth/lib/scaffolder/template/public.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
/**
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
echo '<?php';
?>
namespace Shibboleth;
/**
*
* Model for table <?php echo $table_name ?>
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $class_name ?>
{
}
/**
* Store for <?php echo $class_name ?> objects. Interact with the database.
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
*/
class <?php echo $class_name ?>Store extends Store
{
}

61
main/auth/shibboleth/lib/shibboleth_config.class.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
namespace Shibboleth;
/**
* Shibboleth configuration. All configuration for the Shibboleth authentication
* plugin: field names mapping, etc.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethConfig
{
public $unique_id = '';
public $firstname = '';
public $lastname = '';
public $email = '';
public $language = '';
public $gender = '';
public $address = '';
public $staff_category = '';
public $home_organization_type = '';
public $home_organization = '';
public $affiliation = '';
public $persistent_id = '';
public $default_status = Shibboleth::UNKNOWN_STATUS;
/**
* Mapping of affiliation => right
* @var array
*/
public $affiliation_status = array();
/**
* Mapping of affiliation => bool. Display the request status form.
* @var array
*/
public $affiliation_status_request = array();
/**
* List of fields to update when the user already exists field_name => boolean.
* @var array
*/
public $update_fields = array();
/*
* True if email is mandatory. False otherwise.
*/
public $is_email_mandatory = true;
/**
* The email of the shibboleth administrator.
*
* @var string
*/
public $admnistrator_email = '';
}

100
main/auth/shibboleth/lib/shibboleth_session.class.php Normal file
View File

@@ -0,0 +1,100 @@
<?php
namespace Shibboleth;
use ChamiloSession as Session;
use Database;
use Event;
/**
* A Chamilo user session. Used as there is no session object so far provided by the core API.
* Should be moved to the core library.Prefixed by Shibboleth to avoid name clashes.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethSession
{
/**
* @return ShibbolethSession
*/
public static function instance()
{
static $result = false;
if (empty($result)) {
$result = new self();
}
return $result;
}
function is_logged_in()
{
return isset($_SESSION['_user']['user_id']);
}
function user()
{
return $_SESSION['_user'];
}
function logout()
{
$_SESSION['_user'] = array();
online_logout(null, false);
global $logoutInfo;
Event::courseLogout($logoutInfo);
}
/**
* Create a Shibboleth session for the user ID
*
* @param string $uid The user ID
* @return array $_user The user infos array created when the user logs in
*/
function login($uid)
{
/* This must be set for local.inc.php to register correctly the global variables in session
* This is BAD. Logic should be migrated into a function and stop relying on global variables.
*/
global $_uid, $is_allowedCreateCourse, $is_platformAdmin, $_real_cid, $is_courseAdmin;
global $is_courseMember, $is_courseTutor, $is_session_general_coach, $is_allowed_in_course, $is_sessionAdmin, $_gid;
$_uid = $uid;
//is_allowedCreateCourse
$user = User::store()->get_by_user_id($uid);
if (empty($user)) {
return;
}
$this->logout();
Session::instance();
Session::write('_uid', $_uid);
global $_user;
$_user = (array) $user;
$_SESSION['_user'] = $_user;
$_SESSION['_user']['user_id'] = $_uid;
$_SESSION['noredirection'] = true;
//must be called before 'init_local.inc.php'
Event::eventLogin($_uid);
//used in 'init_local.inc.php' this is BAD but and should be changed
$loginFailed = false;
$uidReset = true;
$gidReset = true;
$cidReset = false; //FALSE !!
$mainDbName = Database :: get_main_database();
$includePath = api_get_path(SYS_INC_PATH);
$no_redirection = true;
require("$includePath/local.inc.php");
return $_user;
}
}

357
main/auth/shibboleth/lib/store.class.php Normal file
View File

@@ -0,0 +1,357 @@
<?php
namespace Shibboleth;
use \Database;
/**
* A database store. Used interact with the database - save objects, run queries.
*
* One store = one table.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class Store
{
/**
*
* @return Store
*/
public static function create($table_name, $class_name = '', $id_name = 'id', $db_name = '')
{
return new self($table_name, $class_name, $id_name, $db_name);
}
protected $db_name = '';
protected $table_name = '';
protected $id_name = '';
protected $class_name = '';
function __construct($table_name, $class_name = '', $id_name = 'id', $db_name = '')
{
$this->db_name = $db_name ? $db_name : Database::get_main_database();
$this->table_name = $table_name;
$this->class_name = $class_name;
$this->id_name = $id_name;
}
function get_db_name($object = '')
{
if ($this->db_name)
{
return $this->db_name;
}
if ($object)
{
$result = isset($object->{db_name}) ? $object->{db_name} : '';
$result = $result ? $result : Database :: get_main_database();
return $result;
}
return Database::get_main_database();
}
function get($w)
{
$args = func_get_args();
$f = array($this, 'get_where');
$db_name = $this->get_db_name();
$where = call_user_func_array($f, $args);
$sql = "SELECT *
FROM `{$db_name}`.`{$this->table_name}`
WHERE $where";
$items = $this->query($sql);
return (count($items) == 1) ? reset($items) : null;
}
function select($w)
{
$args = func_get_args();
$f = array($this, 'get_where');
$db_name = $this->get_db_name();
$where = call_user_func_array($f, $args);
$sql = "SELECT *
FROM `{$db_name}`.`{$this->table_name}`
WHERE $where";
$result = $this->query($sql);
return $result;
}
function exist($w)
{
$args = func_get_args();
$f = array($this, 'get');
$object = call_user_func_array($f, $args);
return !empty($object);
}
function is_new($object)
{
$id_name = $this->id_name;
$id = isset($object->{$id_name}) ? $object->{$id_name} : false;
return empty($id);
}
function save($object)
{
if (empty($object))
{
return false;
}
$object = is_array($object) ? $this->create_object($object) : $object;
$this->before_save($object);
if ($this->is_new($object))
{
$result = $this->insert($object);
}
else
{
$result = $this->update($object);
}
return $result;
}
function delete($object)
{
$args = func_get_args();
$f = array($this, 'get_where');
$db_name = $this->get_db_name();
$where = call_user_func_array($f, $args);
$sql = "DELETE
FROM `{$db_name
}
`.`{$this->table_name
}
`
WHERE $where";
$result = $this->query($sql);
return $result;
}
/**
*
* @param array|object $data
* @return object
*/
public function create_object($data = array())
{
$data = $data ? $data : array();
$data = (object) $data;
$class = $this->class_name;
if (empty($class))
{
return clone $data;
}
$result = new $class();
foreach ($result as $key => $value)
{
$result->{$key} = property_exists($data, $key) ? $data->{$key} : null;
}
return $result;
}
public function fields($object)
{
static $result = array();
if (!empty($result))
{
return $result;
}
$db_name = $this->get_db_name($object);
$sql = "SELECT *
FROM `{$db_name}`.`{$this->table_name}`
LIMIT 1";
$rs = Database::query($sql, null, __FILE__);
while ($field = mysql_fetch_field($rs))
{
$result[] = $field;
}
return $result;
}
protected function before_save($object)
{
//hook
}
protected function update($object)
{
$id = isset($object->{$this->id_name}) ? $object->{$this->id_name} : false;
if (empty($id))
{
return false;
}
$items = array();
$fields = $this->fields($object);
foreach ($fields as $field)
{
$name = $field->name;
if ($name != $this->id_name)
{
if (property_exists($object, $name))
{
$value = $object->{$name};
$value = $this->format_value($value);
$items[] = "$name=$value";
}
}
}
$db_name = $this->get_db_name($object);
$sql = "UPDATE `{$db_name}`.`{$this->table_name}` SET ";
$sql .= join(', ', $items);
$sql .= " WHERE {$this->id_name}=$id";
$result = $this->execute($sql);
if ($result)
{
$object->{db_name} = $db_name;
}
return (bool) $result;
}
protected function insert($object)
{
$id = isset($object->{$this->id_name}) ? $object->{$this->id_name} : false;
if (empty($object))
{
return false;
}
$values = array();
$keys = array();
$fields = $this->fields($object);
foreach ($fields as $field)
{
$name = $field->name;
if ($name != $this->id_name)
{
if (property_exists($object, $name))
{
$value = $object->{$name};
$value = is_null($value) ? 'DEFAULT' : $this->format_value($value);
$values[] = $value;
$keys[] = $name;
}
}
}
$db_name = $this->get_db_name($object);
$sql = "INSERT INTO `{$db_name}`.`{$this->table_name}` ";
$sql .= ' (' . join(', ', $keys) . ') ';
$sql .= 'VALUES';
$sql .= ' (' . join(', ', $values) . ') ';
$result = $this->execute($sql);
if ($result)
{
$id = mysql_insert_id();
$object->{$this->id_name} = $id;
$object->{db_name} = $db_name;
return $id;
}
else
{
return false;
}
}
protected function get_where($_)
{
$args = func_get_args();
if (count($args) == 1)
{
$arg = reset($args);
if (is_numeric($arg))
{
$id = (int) $arg;
if (empty($id))
{
return '';
}
$args = array($this->pk_name, $arg);
}
else if (is_string($arg))
{
return $arg;
}
else if (is_array($arg))
{
$args = $arg;
}
else
{
return $arg;
}
}
$items = array();
foreach ($args as $key => $val)
{
$items[] = $key . ' = ' . $this->format_value($val);
}
return implode(' AND ', $items);
}
protected function format_value($value)
{
if (is_null($value))
{
return 'NULL';
}
if (is_bool($var))
{
return $value ? '1' : '0';
}
else if (is_numeric($value))
{
return empty($value) ? '0' : $value;
}
else if (is_string($value))
{
$value = mysql_escape_string($value);
return "'$value'";
}
else
{
return $value;
}
}
/**
*
* @param string $sql
* @return array
*/
protected function query($sql)
{
$resource = Database::query($sql, null, __FILE__);
if ($resource == false)
{
return array();
}
$result = array();
while ($data = mysql_fetch_assoc($resource))
{
$result[] = $this->create_object($data);
}
return $result;
}
/**
* @param string $sql
*/
protected function execute($sql)
{
return Database::query($sql, null, __FILE__);
}
}

35
main/auth/shibboleth/login.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
namespace Shibboleth;
/**
* Shibboleth login page.
*
* Actual authentication is provided by the Shibboleth Apache security module.
* Shibboleth must be properly installed and configured. Then this page must
* be secured through an Apache security directive.
*
* When Shibboleth is properly set up this page will only be available for
* authenticated users. The plugin ensure those people are created and logged in.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
include_once __DIR__.'/init.php';
/*
==============================================================================
TEST SECTION
==============================================================================
*
* @todo: Only for testing. Comment that out for production
*
*/
//Shibboleth::session()->logout();
//ShibbolethTest::helper()->setup_new_student_no_email();
//ShibbolethTest::helper()->setup_staff();
//ShibbolethTest::helper()->setup_new_teacher();
//ShibbolethTest::helper()->setup_new_student();
//ShibbolethTest::helper()->setup_new_minimal_data();
ShibbolethController::instance()->login();

36
main/auth/shibboleth/script/scaffold.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
namespace Shibboleth;
/**
* Scaffold script. Generates the required database models for the Shibboleth
* plugin.
*
* Will only run when the server is a test server.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
$dir = __DIR__;
include_once $dir.'/../init.php';
include_once $dir.'/../app/lib/scaffolder/scaffolder.class.php';
if (!ShibbolethTest::is_enabled())
{
echo 'This is not a test server';
die;
}
if (!Shibboleth::session()->is_logged_in())
{
echo 'Not authorized';
die;
}
$name = 'user';
$result = Scaffolder::instance()->scaffold($name);
file_put_contents("$dir/output/$name.class.php", $result);
header('content-type: text/plain');
echo $result;

218
main/auth/shibboleth/test/shibboleth_test.class.php Normal file
View File

@@ -0,0 +1,218 @@
<?php
namespace Shibboleth;
/**
* Various Unit Tests. Note that those tests create users in the database but
* don't delete them.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethTest
{
static function is_enabled()
{
return api_get_setting('server_type') == 'test';
}
/**
* @return ShibbolethTestHelper
*/
static function helper()
{
return ShibbolethTestHelper::instance();
}
static function init()
{
if (!self::is_enabled())
{
die;
}
}
static function test_new_teacher()
{
self::init();
self::helper()->setup_new_teacher();
$shib_user = Shibboleth::store()->get_user();
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == $shib_user->firstname);
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::TEACHER_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_student()
{
self::init();
self::helper()->setup_new_student();
$shib_user = Shibboleth::store()->get_user();
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == $shib_user->firstname);
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::STUDENT_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_staff()
{
self::init();
self::helper()->setup_new_staff();
$shib_user = Shibboleth::store()->get_user();
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == $shib_user->firstname);
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::STUDENT_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_infer_status_request()
{
self::init();
self::helper()->setup_new_staff();
$shib_user = Shibboleth::store()->get_user();
Shibboleth::save($shib_user);
self::assert($shib_user->status_request);
self::helper()->setup_new_teacher();
$shib_user = Shibboleth::store()->get_user();
Shibboleth::save($shib_user);
self::assert(!$shib_user->status_request);
self::helper()->setup_new_student();
$shib_user = Shibboleth::store()->get_user();
Shibboleth::save($shib_user);
self::assert(!$shib_user->status_request);
}
static function test_update_teacher()
{
self::init();
$fields = Shibboleth::config()->update_fields;
self::assert($fields['email']);
self::assert($fields['persistent_id']);
self::assert($fields['firstname']);
self::assert($fields['lastname']);
self::assert(!$fields['status']);
self::helper()->setup_teacher();
$shib_user = Shibboleth::store()->get_user();
Shibboleth::save($shib_user);
$new_shib_user = clone($shib_user);
$new_shib_user->firstname = 'frs';
$new_shib_user->lastname = 'ls';
$new_shib_user->email = 'em';
$new_shib_user->status = 10;
$new_shib_user->persistent_id = 'per';
Shibboleth::save($new_shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $new_shib_user->email);
self::assert($value = ($user->shibb_persistent_id == $new_shib_user->persistent_id));
self::assert($user->firstname == $new_shib_user->firstname);
self::assert($user->lastname == $new_shib_user->lastname);
self::assert($user->status == $shib_user->status);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_student_multiple_givenname()
{
self::init();
self::helper()->setup_new_student_multiple_givenname();
$shib_user = Shibboleth::store()->get_user();
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == 'John');
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::STUDENT_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function test_new_no_affiliation_default()
{
self::init();
self::helper()->setup_new_no_affiliation();
$shib_user = Shibboleth::store()->get_user();
self::assert($config = Shibboleth::config()->default_status == Shibboleth::STUDENT_STATUS);
self::assert(!User::store()->shibboleth_id_exists($shib_user->unique_id));
self::assert($shib_user->affiliation == '');
Shibboleth::save($shib_user);
$user = User::store()->get_by_shibboleth_id($shib_user->unique_id);
self::assert($user->email == $shib_user->email);
self::assert($user->firstname == 'John');
self::assert($user->lastname == $shib_user->lastname);
self::assert($user->persistent_id == $shib_user->persistent_id);
self::assert($user->status == Shibboleth::STUDENT_STATUS);
self::assert(!empty($user->password));
self::assert(!empty($user->username));
}
static function assert($assertion, $message = '')
{
if (!$assertion)
{
$message = "Assert failed $message <br/>";
echo $message;
// Dump variable for debug
error_log(print_r(debug_backtrace(), 1));
die;
}
else
{
$message = "Assert successful $message <br/>";
echo $message;
}
}
}

133
main/auth/shibboleth/test/shibboleth_test_helper.class.php Normal file
View File

@@ -0,0 +1,133 @@
<?php
namespace Shibboleth;
/**
* Helper functions for the tests. Set up various dummy user types: teacher, student, etc.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
class ShibbolethTestHelper
{
/**
*
* @return ShibbolethTestHelper
*/
public static function instance()
{
static $result = false;
if (empty($result))
{
$result = new self();
}
return $result;
}
public function setup_teacher()
{
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_1';
$_SERVER['Shib-EP-Affiliation'] = 'member;staff;faculty';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe';
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!drea34çcv3d';
}
public function setup_student()
{
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_1';
$_SERVER['Shib-EP-Affiliation'] = 'member';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe';
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!drea34çcv3d';
}
public function setup_staff()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_123456';
$_SERVER['Shib-EP-Affiliation'] = 'member;staff';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John Staff';
$_SERVER['Shib-Person-surname'] = 'Doe';
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.staff.doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!usr_123456';
}
public function setup_new_student()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_student_no_email()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = '';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_student_multiple_givenname()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John;Alex;John Alex';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_teacher()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member;staff;faculty';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_staff()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = 'member;staff';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_no_affiliation()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-EP-Affiliation'] = '';
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
$_SERVER['Shib-InetOrgPerson-mail'] = 'john.' . $id . 'Doe@localhost.org';
$_SERVER['persistent-id'] = 'idp!viewer!' . md5($id);
}
public function setup_new_minimal_data()
{
$id = uniqid();
$_SERVER['Shib-SwissEP-UniqueID'] = 'usr_' . $id;
$_SERVER['Shib-InetOrgPerson-givenName'] = 'John';
$_SERVER['Shib-Person-surname'] = 'Doe' . $id;
}
}

32
main/auth/shibboleth/test/test.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
namespace Shibboleth;
/**
* Run unit tests. Server needs to be a test server to run those.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
include_once __DIR__.'/../init.php';
if (!ShibbolethTest::is_enabled())
{
echo 'This is not a test server';
die;
}
echo 'Test started<br/>-------------------<br/>';
ShibbolethTest::test_new_teacher();
ShibbolethTest::test_new_student();
ShibbolethTest::test_update_teacher();
ShibbolethTest::test_new_student_multiple_givenname();
ShibbolethTest::test_new_no_affiliation_default();
ShibbolethTest::test_new_staff();
ShibbolethTest::test_new_infer_status_request();
echo '-------------------<br/>Done!';

20
main/auth/shibboleth/test/test_no_email.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
namespace Shibboleth;
/**
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info>, Nicolas Rod for the University of Geneva
*/
include_once __DIR__.'/../init.php';
if (!ShibbolethTest::is_enabled())
{
echo 'This is not a test server';
die;
}
Shibboleth::session()->logout();
ShibbolethTest::helper()->setup_new_student_no_email();
require_once __DIR__.'/../login.php';