Page MenuHomec4science
Files F92979755

PhabricatorAuthProviderShibboleth.php
No OneTemporary
Actions

File Metadata

Created
Mon, Nov 25, 08:02

PhabricatorAuthProviderShibboleth.php
View Options

<?php
final class PhabricatorAuthProviderShibboleth
extends PhabricatorAuthProvider {
private $adapter;
public function getProviderName() {
return pht('Shibboleth');
}
public function getDescriptionForCreate() {
return pht(
'Configure a trust relationship for Shibboleth (Single Sign On) '.
'authenticated users to automatically log in to Phabricator.');
}
public function getDefaultProviderConfig() {
return parent::getDefaultProviderConfig();
}
public function getAdapter() {
if (!$this->adapter) {
$conf = $this->getProviderConfig();
$adapter = id(new PhutilAuthAdapterShibboleth())
->setShibSessionIdField(
$conf->getProperty(self::KEY_SHIB_SESSION_ID_FIELD))
->setShibApplicationIdField(
$conf->getProperty(self::KEY_SHIB_APPLICATION_ID_FIELD))
->setUseridField(
$conf->getProperty(self::KEY_USERID_FIELD))
->setUsernameField(
$conf->getProperty(self::KEY_USERNAME_FIELD))
->setRealnameField(
$conf->getProperty(self::KEY_REALNAME_FIELD))
->setFirstnameField(
$conf->getProperty(self::KEY_FIRSTNAME_FIELD))
->setLastnameField(
$conf->getProperty(self::KEY_LASTNAME_FIELD))
->setEmailField(
$conf->getProperty(self::KEY_EMAIL_FIELD))
->setPageURIPattern(
$conf->getProperty(self::KEY_PAGE_URI_PATTERN))
->setImageURIPattern(
$conf->getProperty(self::KEY_IMAGE_URI_PATTERN))
->setIsGeneratedUsername(
$conf->getProperty(self::KEY_USERNAME_FROM_REALNAME));
$this->adapter = $adapter;
}
return $this->adapter;
}
protected function renderLoginForm(AphrontRequest $request, $mode) {
$attributes = array(
'method' => 'GET',
'uri' => $this->getLoginURI(),
);
return $this->renderStandardLoginButton($request, $mode, $attributes);
}
public function isLoginFormAButton() {
return true;
}
public function processLoginRequest(
PhabricatorAuthLoginController $controller) {
$request = $controller->getRequest();
$response = null;
$account = null;
$adapter = $this->getAdapter();
$env = array();
$env_names = $adapter->getEnvNames();
foreach ($env_names as $h) {
$env[$h] = $_SERVER[$h];
}
if (! $adapter->setUserDataFromRequest($env)) {
$response = $controller->buildProviderPageResponse(
$this,
id(new PHUIInfoView())
->setErrors(array(pht('Invalid Shibboleth session.')))
->addButton(id(new PHUIButtonView())
->setTag('a')
->setText(pht('Return to home'))
->setHref('/')
)
);
return array($account, $response);
}
$account_id = $adapter->getAccountID();
return array($this->loadOrCreateAccount($account_id), $response);
}
const KEY_SHIB_SESSION_ID_FIELD = 'shibboleth:session_id_field';
const KEY_SHIB_APPLICATION_ID_FIELD = 'shibboleth:application_id_field';
const KEY_USERID_FIELD = 'shibboleth:userid_field';
const KEY_USERNAME_FIELD = 'shibboleth:username_field';
const KEY_REALNAME_FIELD = 'shibboleth:realname_field';
const KEY_FIRSTNAME_FIELD = 'shibboleth:firstname_field';
const KEY_LASTNAME_FIELD = 'shibboleth:lastname_field';
const KEY_EMAIL_FIELD = 'shibboleth:email_field';
const KEY_PAGE_URI_PATTERN = 'shibboleth:page_uri_pattern';
const KEY_IMAGE_URI_PATTERN = 'shibboleth:image_uri_pattern';
const KEY_USERNAME_FROM_REALNAME = 'shibboleth:username_from_realname';
private function getPropertyKeys() {
return array_keys($this->getPropertyLabels());
}
private function getPropertyLabels() {
return array(
self::KEY_SHIB_SESSION_ID_FIELD => pht('Session ID'),
self::KEY_SHIB_APPLICATION_ID_FIELD => pht('Application ID'),
self::KEY_USERID_FIELD => pht('User ID'),
self::KEY_USERNAME_FIELD => pht('Username'),
self::KEY_REALNAME_FIELD => pht('Real name'),
self::KEY_FIRSTNAME_FIELD => pht('Firstname'),
self::KEY_LASTNAME_FIELD => pht('Lastname'),
self::KEY_EMAIL_FIELD => pht('User emailname'),
self::KEY_PAGE_URI_PATTERN => pht('User page URI pattern'),
self::KEY_IMAGE_URI_PATTERN => pht('User image URI pattern'),
);
}
public function readFormValuesFromProvider() {
$properties = array();
foreach ($this->getPropertyLabels() as $key => $ignored) {
$properties[$key] = $this->getProviderConfig()->getProperty($key);
}
$properties += array(self::KEY_USERNAME_FROM_REALNAME =>
$this->getProviderConfig()->getProperty(self::KEY_USERNAME_FROM_REALNAME));
return $properties;
}
public function readFormValuesFromRequest(AphrontRequest $request) {
$values = array();
foreach ($this->getPropertyKeys() as $key) {
$values[$key] = $request->getStr($key);
}
$values += array(self::KEY_USERNAME_FROM_REALNAME =>
$request->getBool(self::KEY_USERNAME_FROM_REALNAME));
return $values;
}
public function processEditForm(
AphrontRequest $request,
array $values) {
$errors = array();
$issues = array();
return array($errors, $issues, $values);
}
public function extendEditForm(
AphrontRequest $request,
AphrontFormView $form,
array $values,
array $issues) {
$labels = $this->getPropertyLabels();
$captions = array(
self::KEY_SHIB_SESSION_ID_FIELD => pht('Shibboleth Session ID, e.g.: Shib-Session-ID'),
self::KEY_SHIB_APPLICATION_ID_FIELD => pht('Shibboleth application id, e.g.: Shib-Application-ID'),
self::KEY_USERID_FIELD => pht('Unique user id for internal Phabricator use. e.g.: uniqueID'),
self::KEY_USERNAME_FIELD => pht('Visible username, can be left empty if you choose to autogenerate it. e.g.: username'),
self::KEY_REALNAME_FIELD => pht('Visible in the user profile. e.g.: displayName'),
self::KEY_FIRSTNAME_FIELD => pht('Use this only when you autogenerate username. e.g.: givenName'),
self::KEY_LASTNAME_FIELD => pht('Use this only when you autogenerate username. e.g.: surname'),
self::KEY_EMAIL_FIELD => pht('Unique email address. e.g.: email'),
self::KEY_PAGE_URI_PATTERN => pht('URI pattern to a user pag. Add %%s for replacement with the username'),
self::KEY_IMAGE_URI_PATTERN => pht('URI pattern to an image for the user. Add %%s for replacement with the username'),
);
foreach ($labels as $key => $label) {
$caption = idx($captions, $key);
$value = idx($values, $key);
$control = null;
$control = id(new AphrontFormTextControl())
->setName($key)
->setLabel($label)
->setCaption($caption)
->setValue($value);
$form->appendChild($control);
}
$form->appendChild(
id(new AphrontFormCheckboxControl())
->addCheckbox(
self::KEY_USERNAME_FROM_REALNAME,
1,
hsprintf('<strong>%s:</strong> %s', "Generated username",
"Create a unique username from the surname and firstname which complies with Phabricator policies."),
idx($values, self::KEY_USERNAME_FROM_REALNAME))
);
}
public function renderConfigPropertyTransactionTitle(
PhabricatorAuthProviderConfigTransaction $xaction) {
$author_phid = $xaction->getAuthorPHID();
$old = $xaction->getOldValue();
$new = $xaction->getNewValue();
$key = $xaction->getMetadataValue(
PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
$labels = $this->getPropertyLabels();
if (isset($labels[$key])) {
$label = $labels[$key];
if (!strlen($old)) {
return pht(
'%s set the "%s" value to "%s".',
$xaction->renderHandleLink($author_phid),
$label,
$new);
} else {
return pht(
'%s changed the "%s" value from "%s" to "%s".',
$xaction->renderHandleLink($author_phid),
$label,
$old,
$new);
}
}
return parent::renderConfigPropertyTransactionTitle($xaction);
}
public static function getShibbolethProvider() {
$providers = self::getAllEnabledProviders();
foreach ($providers as $provider) {
if ($provider instanceof PhabricatorAuthProviderShibboleth) {
return $provider;
}
}
return null;
}
}

Event Timeline

c4science · Help