t('Rice 2009 CAS settings'), 'description' => t('Configure central authentication service'), 'page callback' => 'drupal_get_form', 'page arguments' => array('rice2009_cas_admin_settings'), 'access arguments' => array('administer site configuration'), 'type' => MENU_NORMAL_ITEM, ); return $items; } /** * Provides settings page. */ function rice2009_cas_admin_settings() { $form['server'] = array( '#type' => 'fieldset', '#title' => t('CAS server settings'), '#collapsible' => true, '#collapsed' => false, ); $form['server']['rice2009_cas_version'] = array( '#type' => 'radios', '#title' => t('CAS version'), '#default_value' => variable_get('rice2009_cas_version', '2.0'), '#options' => array('1.0' => '1.0', '2.0' => '2.0'), ); $form['server']['rice2009_cas_server'] = array( '#type' => 'textfield', '#title' => t('CAS server'), '#default_value' => variable_get('rice2009_cas_server', ''), '#size' => 30, '#maxlength' => 55, '#description' => t('Location of CAS authentication service.'), ); $form['server']['rice2009_cas_port'] = array( '#type' => 'textfield', '#title' => t('CAS port'), '#default_value' => variable_get('rice2009_cas_port', '443'), '#size' => 30, '#maxlength' => 8, '#description' => t('443 is the standard ssl port. 8443 is the standard non-root port for Tomcat.'), ); $form['server']['rice2009_cas_uri'] = array( '#type' => 'textfield', '#title' => t('CAS URI'), '#default_value' => variable_get('rice2009_cas_uri', ''), '#size' => 30, '#description' => t('If CAS is not at the root of the host, include a URI (e.g., /cas).'), ); $form['account'] = array( '#type' => 'fieldset', '#title' => t('User account settings'), '#collapsible' => true, '#collapsed' => false, ); $form['account']['rice2009_cas_access'] = array( '#type' => 'radios', '#title' => t('Permit registration by CAS for'), '#default_value' => variable_get('rice2009_cas_access', RICE2009_CAS_USERS_DENIED), '#options' => array( RICE2009_CAS_USERS_ALLOWED => t('specific CAS usernames'), RICE2009_CAS_USERS_DENIED => t('all but specific CAS usernames')), ); $form['account']['rice2009_cas_usernames'] = array( '#type' => 'textarea', '#title' => t('Specific usernames'), '#default_value' => variable_get('rice2009_cas_usernames', ''), '#cols' => 40, '#rows' => 5, '#description' => t("Enter one username per line."), ); return system_settings_form($form); } function rice2009_menu_alter(&$callbacks) { // Alter the access callback function for the path user/register $callbacks['user/register']['access callback'] = 'rice2009_register_access'; // Alter the access callback function for the path user/register $callbacks['search/user']['access callback'] = false; } function rice2009_form_alter(&$form, $form_state, $form_id) { switch ($form_id) { case 'user_register': // Admin created account aren't processed by the module. if (user_access('administer users')) { break; } // Fetch CAS username $cas_name = phpCAS::getUser(); // Use CAS username as Drupal username $form['account']['name']['#value'] = $cas_name; $form['account']['name']['#disabled'] = 'true'; $form['account']['name']['#description'] = t("Your username is the same as your Rice netID and can't be changed."); $form['account']['mail']['#description'] = t("Your valid non-Rice email address. You will need to receive an email at this address to complete the registration process. This address will not be made public."); // Add validation $form['#validate'][] = 'rice2009_user_register_validate'; break; case 'user_profile_form': // Add validation $form['#validate'][] = 'rice2009_user_profile_validate'; break; } } /** * Custom validation function for user registration form. */ function rice2009_user_register_validate($form, &$form_state) { // Make sure user doesn't register with a .edu address if (stripos($form_state['values']['mail'], '.edu')!== FALSE) { form_set_error('mail', t('Your e-mail address must not end in ".edu".')); } } /** * Custom validation function for user profile form. */ function rice2009_user_profile_validate($form, &$form_state) { // Make sure user doesn't register with a .edu address if (stripos($form_state['values']['mail'], '.edu')!== FALSE) { form_set_error('mail', t('Your e-mail address must not end in ".edu".')); } } function rice2009_register_access() { global $user, $account, $PHPCAS_CLIENT; $register_path = false; if($_GET['q'] == 'user/register') { $register_path = true; } // If user is logged in, if ($user->uid) { // Tell them they can't register and send them to the front page if($register_path) { drupal_set_message(t("You can't register because you're already logged in!"), "error"); drupal_goto(""); } return false; } if(!variable_get('user_register', 1)) { // Tell them they can't register and send them to the front page if($register_path) { drupal_set_message(t("Registration is disabled."), "error"); } return false; } if($register_path && !is_object($PHPCAS_CLIENT)) { $server_version = (string)variable_get('rice2009_cas_version', '2.0'); $server_cas_server = (string)variable_get('rice2009_cas_server', 'netid.rice.edu'); $server_port = (int)variable_get('rice2009_cas_port', '443'); $server_uri = (string)variable_get('rice2009_cas_uri', 'cas'); $start_session = (boolean)FALSE; // Drupal takes care of its own session phpCAS::client($server_version, $server_cas_server, $server_port, $server_uri, $start_session); // We're not validating any certificates phpCAS::setNoCasServerValidation(); // Force CAS authentication phpCAS::forceAuthentication(); $cas_name = phpCAS::getUser(); $cas_specified_usernames = variable_get('rice2009_cas_usernames', ''); // If there are usernames specified, if ($cas_specified_usernames != '') { // Split each user into an entry in an array $split_users = explode("\n", str_replace("\r", "", $cas_specified_usernames)); // Check whether CAS username is specified $user_match = in_array($cas_name, $split_users); } switch(variable_get('rice2009_cas_access', RICE2009_CAS_USERS_DENIED)) { // List of CAS usernames (rice2009_cas_usernames) are the only ones disallowed case RICE2009_CAS_USERS_DENIED: // Default $username_permitted = TRUE; // If the username is specified, if ($user_match) { // Alter the default $username_permitted = FALSE; } break; // List of CAS usernames (rice2009_cas_usernames) are the only ones allowed case RICE2009_CAS_USERS_ALLOWED: // Default $username_permitted = FALSE; // If the username is specified, if ($user_match) { // Alter the default $username_permitted = TRUE; } break; } // If the username is not permitted, if(!$username_permitted) { // Let them know and redirect them to contact page. drupal_set_message(t('Your username %cas_name is not a permitted username. If you believe this to be in error, contact the site administrator.', array('%cas_name' => $cas_name)), 'error'); return false; } // If we're forcing users to register with their CAS usernames and CAS username is already a Drupal username, if(variable_get('rice2009_force_cas_name', 1) && user_load(array('name' => $cas_name))) { // Let them know and redirect them to request new password page. drupal_set_message(t('You already registered with username %cas_name. Try requesting a new password. Otherwise, contact the site administrator.', array('%cas_name' => $cas_name)), 'error'); drupal_goto('user/password'); } } // end if($register_path) return true; }