--- cas-HEAD/cas.module 2009-08-11 14:52:24.000000000 +0000 +++ /Data/www/dev.cof.ens.fr/sites/all/modules/cas/cas.module 2009-10-23 17:05:46.000000000 +0000 @@ -11,6 +11,9 @@ require_once ('CAS/CAS.php'); define('CAS_NO_VERIFY', 'none'); define('CAS_VERIFY', 'verify'); define('CAS_CA_VERIFY', 'ca_verify'); +define('CAS_EMAIL_FIELD_NO', 0); +define('CAS_EMAIL_FIELD_REMOVE', 1); +define('CAS_EMAIL_FIELD_DISABLE', 2); /** * Invokes hook_auth_transform() in every module. @@ -248,7 +251,7 @@ function cas_login_check() { $user = user_external_load($cas_name); if (!$user->uid && variable_get('cas_hijack_user', 0)) { $user = user_load(array("name" => $cas_name)); - if ($user->uid) user_set_authmaps($user, array('authname_cas' => $cas_name)); + if ($user->uid) user_set_authmaps($user, array('authname_ldapauth' => $cas_name/*, 'authname_cas' => $cas_name*/)); } } @@ -262,7 +265,10 @@ function cas_login_check() { "status" => 1, "roles" => $cas_roles, ); - if (!$cas_authmap) $user_default['authname_cas'] = $cas_name; + if (!$cas_authmap) { + $user_default['authname_ldapauth'] = $cas_name; + /* $user_default['authname_cas'] = $cas_name;*/ + } if ($cas_domain) $user_default['mail'] = $cas_name .'@'. $cas_domain; // Become user 1 to be able to save profile information @@ -294,9 +300,15 @@ function cas_login_check() { if (variable_get('cas_useldap_groups', '')) { if ($ldap_config_name = _get_ldap_config_name($user->name)) { - _ldapauth_init($ldap_config_name); - include_once('modules/ldap_integration/ldapgroups.module'); - $user->ldap_authentified = TRUE; + $_ldapauth_ldap=_ldapauth_init($ldap_config_name); + include_once(drupal_get_path('module', 'ldapgroups') . '/ldapgroups.module'); + $data['ldap_authentified'] = TRUE; + $data['ldap_config'] = $ldap_config_name; + $ldapUser = _ldapauth_user_lookup($user->name); + $data['memberof'] = $ldapUser['memberof']; + $data['ldap_dn'] = $ldapUser['dn']; + $user = user_save($user, $data); + watchdog('cas', 'Logging of %user_dn', array('%user_dn' => $user->ldap_dn), WATCHDOG_NOTICE); ldapgroups_user_login($user); } } @@ -323,9 +335,10 @@ function cas_login_check() { $roles[$role] = $role; } /* Removing password cause it cases problems with phpcas. */ + /* Removing roles update cause it causes problems with LDAP Groups */ $user_up = array( // "pass" => user_password(), - "roles" => $roles, + // "roles" => $roles, ); $user = user_save($user, $user_up); @@ -546,14 +559,20 @@ function cas_admin_settings() { '#maxlength' => 55, '#description' => t('Append this domain name to each new user in order generate his email address.'), ); - + $options_email_field = array( + CAS_EMAIL_FIELD_NO => t('Do nothing'), + CAS_EMAIL_FIELD_REMOVE => t('Remove email field from form'), + CAS_EMAIL_FIELD_DISABLE => t('Disable email field on form'), + ); $form['account']['cas_hide_email'] = array( - '#type' => 'checkbox', - '#title' => t('Users canot change email address'), - '#default_value' => variable_get('cas_hide_email', 0), - '#description' => t('Hide email address field on the edit user form.'), + '#type' => 'radios', + '#title' => t('Alter email field on user edit form'), + '#description' => t('Remove or disable email field from user edit form for CAS authenticated users.'), + '#default_value' => variable_get('cas_hide_email', CAS_EMAIL_FIELD_DISABLE), + '#options' => $options_email_field, + '#required' => TRUE, ); - + $form['account']['cas_hide_password'] = array( '#type' => 'checkbox', '#title' => t('Users canot change password'), @@ -897,38 +916,45 @@ function cas_form_alter(&$form, $form_st //drupal_set_message($form_id.'
'.print_r($form,1).'
'); switch ($form_id) { case 'user_profile_form': - //make the email field hidden and force the value to the default. - if (variable_get('cas_hide_email', 0)) { - if (variable_get('cas_domain', '')) { - $form['account']['mail']['#type'] = 'hidden'; - $form['account']['mail']['#value'] = $form['account']['mail']['#default_value']; - if (!$form['account']['mail']['#default_value']) { - $form['account']['mail']['#value'] = $form['account']['name']['#default_value'] .'@'. variable_get('cas_domain', ''); - } - - } + // force the value to the default. - /* - ** LDAPAuth interfacing - BEGIN - */ - if (variable_get('cas_useldap', '')) { - global $ldapauth_ldap, $user; - if ($ldap_config_name = _get_ldap_config_name($user->name)) { - _ldapauth_init($ldap_config_name); - _ldapauth_user_lookup($user->name); - $cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute', 'mail'); - $ldap_entries = $ldapauth_ldap->search($ldapauth_ldap->getOption('basedn'), $ldapauth_ldap->getOption('user_attr') .'='. $user->name, array($cas_ldap_email_attribute)); - if ($ldap_entries['count'] == 1 && isset($ldap_entries[0][$cas_ldap_email_attribute][0])) if (trim($ldap_entries[0][$cas_ldap_email_attribute][0]) != '') { - $form['account']['mail']['#type'] = 'hidden'; + if (variable_get('cas_domain', '')) { + $form['account']['mail']['#value'] = $form['account']['mail']['#default_value']; + if (!$form['account']['mail']['#default_value']) { + $form['account']['mail']['#value'] = $form['account']['name']['#default_value'] .'@'. variable_get('cas_domain', ''); + } + } + + /* + ** LDAPAuth interfacing - BEGIN + */ + if (variable_get('cas_useldap', '')) { + global $ldapauth_ldap, $user; + if ($ldap_config_name = _get_ldap_config_name($user->name)) { + $ldapauth_ldap=_ldapauth_init($ldap_config_name); + _ldapauth_user_lookup($user->name); + $cas_ldap_email_attribute = (string)variable_get('cas_ldap_email_attribute', 'mail'); + $ldap_entries = $ldapauth_ldap->search($ldapauth_ldap->getOption('basedn'), $ldapauth_ldap->getOption('user_attr') .'='. $user->name, array($cas_ldap_email_attribute)); + if ($ldap_entries['count'] == 1 && isset($ldap_entries[0][$cas_ldap_email_attribute][0])) if (trim($ldap_entries[0][$cas_ldap_email_attribute][0]) != '') { $form['account']['mail']['#value'] = $ldap_entries[0][$cas_ldap_email_attribute][0]; - } - } - } + } + } + } - /* - ** LDAPAuth interfacing - END - */ + /* + ** LDAPAuth interfacing - END + */ + //make the email field hidden or disabled + switch (variable_get('cas_hide_email', 0)) { + case CAS_EMAIL_FIELD_REMOVE : + $form['account']['mail']['#type'] = 'hidden'; + $form['account']['mail']['#attributes']['READONLY'] = 'READONLY'; + break; + case CAS_EMAIL_FIELD_DISABLE : + $form['account']['mail']['#attributes']['READONLY'] = 'READONLY'; + break; } + $form['account']['mail']['#description'] = t('All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive certain news or notifications by e-mail. You could not change your password, please see your system administrator.') ; //Remove the password fields from the form. if (variable_get('cas_hide_password', 0))unset($form['account']['pass']); @@ -955,20 +981,21 @@ function cas_form_alter(&$form, $form_st * LDAP Auxiliary functions */ function _get_ldap_config_name($user_name) { - include_once('modules/ldap_integration/ldapauth.module'); + include_once(drupal_get_path('module', 'ldapgroups') .'/ldapauth.module'); + ldapauth_init(); $user_found = FALSE; - $result = db_query("SELECT name FROM {ldapauth} WHERE status = '%d' ORDER BY sid", 1); + $result = db_query("SELECT name, sid FROM {ldapauth} WHERE status = '%d' ORDER BY sid", 1); while ($row = db_fetch_object($result)) { // cycle thru the authentication schemes - first successful one wins // instantiate ldap - _ldapauth_init($row->name); + _ldapauth_init($row->sid); $ldap_user_entry = _ldapauth_user_lookup($user_name); if ($ldap_user_entry) { $user_found = TRUE; break; } } - if ($user_found) return $row->name; + if ($user_found) return $row->sid; else return FALSE; }