-
Notifications
You must be signed in to change notification settings - Fork 0
/
onelogin.module
167 lines (149 loc) · 4.49 KB
/
onelogin.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
<?php
/**
* @file
* Hooks and functions for the OneLogin module.
*/
/**
* Implements hook_help().
*/
function onelogin_help($path, $arg) {
switch ($path) {
case "admin/help#onelogin_saml":
return '<p>'. t('Allow Drupal user authentication via OneLogin SAML.') .'</p>';
break;
}
}
/**
* Implements hook_menu()
*/
function onelogin_menu() {
// Admin configruation form.
$items['admin/config/people/onelogin'] = array(
'title' => 'OneLogin',
'description' => 'Configure OneLogin SAML certs and settings.',
'page callback' => 'drupal_get_form',
'page arguments' => array('onelogin_settings_form'),
'file' => 'includes/onelogin.admin.inc',
'access arguments' => array('administer onelogin'),
'type' => MENU_NORMAL_ITEM,
);
// SAML consumer callback.
$items['onelogin_saml/consumer'] = array(
'title' => 'SAML Consumer',
'page callback' => 'onelogin_consume',
'file' => 'includes/onelogin.consume.inc',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
);
// OneLogin may use this callback, rather than the one above.
$items['onelogin_saml/acs'] = $items['onelogin_saml/consumer'];
return $items;
}
/**
* Implements hook_permission().
*/
function onelogin_permission() {
return array(
'administer onelogin' => array(
'title' => t('Administer OneLogin'),
'description' => t('Make configuration changes to the OneLogin module.'),
'restrict access' => TRUE,
),
);
}
/**
* Implements hook_init().
*/
function onelogin_init() {
$isMaintenanceMode = variable_get('maintenance_mode', FALSE);
$isCLI = drupal_is_cli();
$authRequiredGlobally = variable_get('onelogin_required_globally', FALSE);
$isSamlConsumer = strpos(request_path(), 'onelogin_saml/consumer') === 0;
$contextEnabled = module_exists('context');
// If OneLogin authentication is required globally, attempt it.
if ($authRequiredGlobally && !$isSamlConsumer && !$isMaintenanceMode && !$isCLI) {
onelogin_require_authentication();
}
// If context is enabled, check to see if our require auth reaction is needed.
if ($contextEnabled) {
if ($plugin = context_get_plugin('reaction', 'context_reaction_require_onelogin_auth')) {
$plugin->execute();
}
}
}
/**
* Implements hook_context_registry().
*/
function onelogin_context_registry() {
return array(
'reactions' => array(
'context_reaction_require_onelogin_auth' => array(
'title' => t('Require authentication via OneLogin'),
'plugin' => 'context_reaction_require_onelogin_auth',
),
),
);
}
/**
* Implements hook_context_plugins().
*/
function onelogin_context_plugins() {
$plugins['context_reaction_require_onelogin_auth'] = array(
'handler' => array(
'path' => drupal_get_path('module', 'onelogin') .'/plugins',
'file' => 'context_reaction_require_onelogin_auth.inc',
'class' => 'context_reaction_require_onelogin_auth',
'parent' => 'context_reaction',
),
);
return $plugins;
}
/**
* Implements hook_libraries_info().
*/
function onelogin_libraries_info() {
$libraries['onelogin'] = array(
'name' => 'OneLogin SAML PHP',
'vendor url' => 'https://www.onelogin.com',
'download url' => 'https://github.com/onelogin/php-saml/releases',
'version' => '1.0.0',
'version callback' => 'onelogin_libraries_version',
'files' => array(
'php' => array(
'src/OneLogin/Saml/AuthRequest.php',
'src/OneLogin/Saml/Metadata.php',
'src/OneLogin/Saml/Response.php',
'src/OneLogin/Saml/Settings.php',
'src/OneLogin/Saml/XmlSec.php',
'ext/xmlseclibs/xmlseclibs.php',
),
),
);
return $libraries;
}
/**
* Helper function to return OneLogin PHP SAML library version. Necessary
* because there's no way to determine it from the library itself.
*
* @see onelogin_libraries_info()
*/
function onelogin_libraries_get_version($library, $options) {
return $library['version'];
}
/**
* Helper function to require OneLogin authentication. If the user is not
* authenticated and OneLogin is configured as expected, this will redirect the
* user to the app's login URL.
*/
function onelogin_require_authentication() {
$loginUrl = variable_get('onelogin_login_url', '');
if (user_is_anonymous() && $loginUrl) {
drupal_goto($loginUrl, array(
'query' => array(
// @see onelogin_get_settings()
// Note: request_uri() vs. request_path() to persist query params.
'originalRefererPath' => request_uri(),
),
));
}
}