-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathSamlAuth.module
106 lines (87 loc) · 4.07 KB
/
SamlAuth.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
namespace ProcessWire;
/**
* SamlAuth (1.3.0)
* Add SAML authentication to any ProcessWire website
*
* @author Adam Blunt
*
* ProcessWire 3.x
* Copyright (C) 2011 by Ryan Cramer
* Licensed under GNU/GPL v2, see LICENSE.TXT
*
* http://www.processwire.com
* http://www.ryancramer.com
*
*/
class SamlAuth extends WireData implements Module {
public static function getModuleInfo() {
return array(
'title' => "SAML Auth",
'version' => "1.3",
'summary' => "Add SAML authentication to any ProcessWire website",
'author' => "Adam Blunt",
'href' => "http://adamblunt.me/",
'autoload' => true,
'singular' => true
);
}
public function init() {
$this->session->addHookBefore('ProcessLogin::renderLoginForm', $this, 'loginsaml');
$this->session->addHookAfter('Session::logout', $this, 'logoutsaml');
// Make acs.php, metadata.php and sls.php public accessible
if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], '/acs.php')) {
$this->addHookBefore("ProcessPageView::pageNotFound",function($event) {
$event->replace = true;
require_once(wire('config')->paths->SAMLauth.'lib'.DIRECTORY_SEPARATOR.'endpoints'.DIRECTORY_SEPARATOR.'acs.php');
});
} elseif (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], '/metadata.php')) {
$this->addHookBefore("ProcessPageView::pageNotFound",function($event) {
$event->replace = true;
require_once(wire('config')->paths->SAMLauth.'lib'.DIRECTORY_SEPARATOR.'endpoints'.DIRECTORY_SEPARATOR.'metadata.php');
});
} elseif (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], '/sls.php')) {
$this->addHookBefore("ProcessPageView::pageNotFound",function($event) {
$event->replace = true;
require_once(wire('config')->paths->SAMLauth.'lib'.DIRECTORY_SEPARATOR.'endpoints'.DIRECTORY_SEPARATOR.'sls.php');
});
}
}
// Login event (hooks into renderLoginForm to process on login page )
public function loginsaml($event) {
require_once(wire('config')->paths->SAMLauth.'lib'.DIRECTORY_SEPARATOR.'_toolkit_loader.php');
$auth = new \OneLogin_Saml2_Auth();
if (!isset($_SESSION['samlUserdata'])) { // User not logged in to SAML
$auth->login(); // Initiate Login through SAML
} else {
// We are in (almost)
$attributes = $_SESSION['samlUserdata'];
$mail = $attributes['mail'][0];
if(!empty($mail)) { // If we got an email from the SSO service then check if that email is in the ProcessWire Database
$user = wire('users')->get("email$=".$mail); // If we find a user in ProcessWire with a matching email then log in
$username = $user->name;
if(!empty($username)) {
// $user->setOutputFormatting(false);
// $temppass=sha1(uniqid() . $username . uniqid()); //Generate a VERY secure password, the user does not need this anymore
// $user->pass = $temppass; // Set that secure password
// wire('users')->save($user); // Save new user details
wire('session')->forceLogin($username); //Log user in with new password
wire('session')->redirect(wire('config')->urls->admin . "page/",false); //Redirect to admin area now that we are loggged in
// Strange bug in WebKit browsers here, if I remove the \page\ addition it will stop at a blank page, FireFox does not exhibit this.
} else { // User not in ProcessWire so disallow
$this->error("Your user is not allowed to admin this site sorry");
}
} else { // No email in SSO response
$this->error("Your user does not have an email on file, can not match to site user without email");
}
}
}
// Log user out from processwire and SSO
public function logoutsaml($event) {
session_start();
$this->error($this->EntityID);
require_once(wire('config')->paths->SAMLauth.'lib'.DIRECTORY_SEPARATOR.'_toolkit_loader.php');
$auth = new \OneLogin_Saml2_Auth();
$auth->logout("https:\\lap.server.adamxp12.com\pw");
}
}