diff --git a/roles/shibboleth/templates/PhabricatorAuthProviderShibboleth.php b/roles/shibboleth/templates/PhabricatorAuthProviderShibboleth.php index 06916db..a728ec3 100644 --- a/roles/shibboleth/templates/PhabricatorAuthProviderShibboleth.php +++ b/roles/shibboleth/templates/PhabricatorAuthProviderShibboleth.php @@ -1,246 +1,229 @@ adapter) { $conf = $this->getProviderConfig(); $adapter = id(new PhutilAuthAdapterShibboleth()) ->setShibSessionIdField( $conf->getProperty(self::KEY_SHIB_SESSION_ID_FIELD)) ->setShibApplicationIdField( $conf->getProperty(self::KEY_SHIB_APPLICATION_ID_FIELD)) ->setUseridField( $conf->getProperty(self::KEY_USERID_FIELD)) ->setUsernameField( $conf->getProperty(self::KEY_USERNAME_FIELD)) ->setRealnameField( $conf->getProperty(self::KEY_REALNAME_FIELD)) ->setEmailField( $conf->getProperty(self::KEY_EMAIL_FIELD)) ->setPageURIPattern( $conf->getProperty(self::KEY_PAGE_URI_PATTERN)) ->setImageURIPattern( - $conf->getProperty(self::KEY_IMAGE_URI_PATTERN)); + $conf->getProperty(self::KEY_IMAGE_URI_PATTERN)) + ->setIsGeneratedUsername( + $conf->getProperty(self::KEY_USERNAME_FROM_REALNAME)); $this->adapter = $adapter; } return $this->adapter; } protected function renderLoginForm(AphrontRequest $request, $mode) { - $viewer = $request->getUser(); - - $dialog = id(new AphrontDialogView()) - ->setSubmitURI($this->getLoginURI()) - ->setUser($viewer); - - if ($mode == 'link') { - $dialog->setTitle(pht('Link Switch AAI Account')); - $dialog->addSubmitButton(pht('Link Accounts')); - $dialog->addCancelButton($this->getSettingsURI()); - } else if ($mode == 'refresh') { - $dialog->setTitle(pht('Refresh Switch AAI Account')); - $dialog->addSubmitButton(pht('Refresh Account')); - $dialog->addCancelButton($this->getSettingsURI()); - } else { - if ($this->shouldAllowRegistration()) { - $dialog->setTitle(pht('Login with Switch AAI')); - $dialog->addSubmitButton(pht('Login')); - } else { - $dialog->setTitle(pht('Login with Switch AAI')); - $dialog->addSubmitButton(pht('Login')); - } - if ($mode == 'login') { - $dialog->addCancelButton($this->getStartURI()); - } - } - - $errors = array(); - if ($request->isHTTPPost()) { - $errors[] = pht('Invalid Switch AAI session.'); - } - - if ($errors) { - $errors = id(new PHUIInfoView())->setErrors($errors); - } - - $dialog->appendChild($errors); + $attributes = array( + 'method' => 'GET', + 'uri' => $this->getLoginURI(), + ); + return $this->renderStandardLoginButton($request, $mode, $attributes); + } - return $dialog; + public function isLoginFormAButton() { + return true; } public function processLoginRequest( PhabricatorAuthLoginController $controller) { $request = $controller->getRequest(); $response = null; $account = null; $adapter = $this->getAdapter(); $env = array(); $env_names = $adapter->getEnvNames(); foreach ($env_names as $h) { $env[$h] = $_SERVER[$h]; } if (! $adapter->setUserDataFromRequest($env)) { $response = $controller->buildProviderPageResponse( $this, $this->renderLoginForm($request, 'login')); return array($account, $response); } $account_id = $adapter->getAccountID(); return array($this->loadOrCreateAccount($account_id), $response); } const KEY_SHIB_SESSION_ID_FIELD = 'shibboleth:session_id_field'; const KEY_SHIB_APPLICATION_ID_FIELD = 'shibboleth:application_id_field'; const KEY_USERID_FIELD = 'shibboleth:userid_field'; const KEY_USERNAME_FIELD = 'shibboleth:username_field'; const KEY_REALNAME_FIELD = 'shibboleth:realname_field'; const KEY_EMAIL_FIELD = 'shibboleth:email_field'; const KEY_PAGE_URI_PATTERN = 'shibboleth:page_uri_pattern'; const KEY_IMAGE_URI_PATTERN = 'shibboleth:image_uri_pattern'; + const KEY_USERNAME_FROM_REALNAME = 'shibboleth:username_from_realname'; private function getPropertyKeys() { return array_keys($this->getPropertyLabels()); } private function getPropertyLabels() { return array( self::KEY_SHIB_SESSION_ID_FIELD => pht('Session ID field name'), self::KEY_SHIB_APPLICATION_ID_FIELD => pht('Application ID field name'), self::KEY_USERID_FIELD => pht('User ID field name'), self::KEY_USERNAME_FIELD => pht('Username field name'), self::KEY_REALNAME_FIELD => pht('Real name field name'), self::KEY_EMAIL_FIELD => pht('User email field name'), self::KEY_PAGE_URI_PATTERN => pht('User page URI pattern'), self::KEY_IMAGE_URI_PATTERN => pht('User image URI pattern'), ); } public function readFormValuesFromProvider() { $properties = array(); foreach ($this->getPropertyLabels() as $key => $ignored) { $properties[$key] = $this->getProviderConfig()->getProperty($key); } return $properties; } public function readFormValuesFromRequest(AphrontRequest $request) { $values = array(); foreach ($this->getPropertyKeys() as $key) { $values[$key] = $request->getStr($key); } return $values; } public function processEditForm( AphrontRequest $request, array $values) { $errors = array(); $issues = array(); return array($errors, $issues, $values); } public function extendEditForm( AphrontRequest $request, AphrontFormView $form, array $values, array $issues) { $labels = $this->getPropertyLabels(); $captions = array( self::KEY_SHIB_SESSION_ID_FIELD => pht('Session ID field name'), self::KEY_SHIB_APPLICATION_ID_FIELD => pht('Application ID field name'), self::KEY_USERID_FIELD => pht('User ID field name'), self::KEY_USERNAME_FIELD => pht('Username field name'), self::KEY_REALNAME_FIELD => pht('Real name field name'), self::KEY_EMAIL_FIELD => pht('User email field name'), self::KEY_PAGE_URI_PATTERN => pht('User page URI pattern'), self::KEY_IMAGE_URI_PATTERN => pht('User image URI pattern'), ); foreach ($labels as $key => $label) { $caption = idx($captions, $key); $value = idx($values, $key); $control = null; $control = id(new AphrontFormTextControl()) ->setName($key) ->setLabel($label) ->setCaption($caption) ->setValue($value); $form->appendChild($control); } + + $form->appendChild( + id(new AphrontFormCheckboxControl()) + ->addCheckbox( + self::KEY_USERNAME_FROM_REALNAME, + 1, + hsprintf('%s: %s', "Generated username", + "Create a unique username from the surname and firstname which complies with Phabricator policies."), + idx($values, self::KEY_USERNAME_FROM_REALNAME)) + ); } public function renderConfigPropertyTransactionTitle( PhabricatorAuthProviderConfigTransaction $xaction) { $author_phid = $xaction->getAuthorPHID(); $old = $xaction->getOldValue(); $new = $xaction->getNewValue(); $key = $xaction->getMetadataValue( PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY); $labels = $this->getPropertyLabels(); if (isset($labels[$key])) { $label = $labels[$key]; if (!strlen($old)) { return pht( '%s set the "%s" value to "%s".', $xaction->renderHandleLink($author_phid), $label, $new); } else { return pht( '%s changed the "%s" value from "%s" to "%s".', $xaction->renderHandleLink($author_phid), $label, $old, $new); } } return parent::renderConfigPropertyTransactionTitle($xaction); } public static function getShibbolethProvider() { $providers = self::getAllEnabledProviders(); foreach ($providers as $provider) { if ($provider instanceof PhabricatorAuthProviderShibboleth) { return $provider; } } return null; } } diff --git a/roles/shibboleth/templates/PhutilAuthAdapterShibboleth.php b/roles/shibboleth/templates/PhutilAuthAdapterShibboleth.php index 94bdcc0..f3a92d6 100644 --- a/roles/shibboleth/templates/PhutilAuthAdapterShibboleth.php +++ b/roles/shibboleth/templates/PhutilAuthAdapterShibboleth.php @@ -1,144 +1,154 @@ shibSessionIdField = $value; return $this; } public function setShibApplicationIdField($value) { $this->shibApplicationIdField = $value; return $this; } public function setUseridField($value) { $this->useridField = $value; return $this; } public function setUsernameField($value) { $this->usernameField = $value; return $this; } public function setRealnameField($value) { $this->realnameField = $value; return $this; } public function setEmailField($value) { $this->emailField = $value; return $this; } public function setPageURIPattern($value) { $this->pageURIPattern = $value; return $this; } public function setImageURIPattern($value) { $this->imageURIPattern = $value; return $this; } + public function setIsGeneratedUsername($value) { + $this->usernameFromRealname = $value; + return $this; + } + // // Implementation of PhutilAuthAdapter interface. // User information getters. // public function getAccountID() { return $this->userid; } public function getAdapterType() { return 'shibboleth'; } public function getAdapterDomain() { return 'self'; } public function getAccountEmail() { return $this->email; } public function getAccountName() { return $this->username; } public function getAccountURI() { if (strlen($this->pageURIPattern)) { return sprintf($this->pageURIPattern, $this->username); } return null; } public function getAccountImageURI() { if (strlen($this->imageURIPattern)) { return sprintf($this->imageURIPattern, $this->username); } return null; } public function getAccountRealName() { return $this->realname; } + public function getIsGeneratedUsername() { + return $this->usernameFromRealname; + } + // // Extraction of user information from environement variables. // public function getEnvNames() { return array( $this->shibSessionIdField, $this->shibApplicationIdField, $this->useridField, $this->usernameField, $this->realnameField, $this->emailField, ); } public function setUserDataFromRequest($env) { $this->shibSessionId = $env[$this->shibSessionIdField]; $this->shibApplicationId = $env[$this->shibApplicationIdField]; $this->userid = $env[$this->useridField]; $this->username = $env[$this->usernameField]; $this->realname = $env[$this->realnameField]; $this->email = $env[$this->emailField]; if (!strlen($this->shibSessionId) || !strlen($this->shibApplicationId) || !strlen($this->userid) || !strlen($this->username) || !strlen($this->realname) || !strlen($this->email) ) { return false; } return $this; } }