-# fsf-drupal-auth
+# About fsfdrupalauth / README
-this code is based off of the sqlauth code in upstream simplesamlphp.
+This code is based off of the [sqlauth][1] module in upstream SimpleSAMLphp. It
+queries whether people are FSF CAS users, and/or whether they are FSF members
+or staff.
+
+SQL queries in `config/authsources.php` should be something like the following:
+
+ 'my-drupalauth' => [
+
+ // custom fsf authentication source wrapped by ratelimit auth source
+ 'fsfdrupalauth:FSFDrupalAuth',
+ 'dsn' => 'mysql:host=example.com;port=3306;dbname=drupal',
+ 'username' => '$DB_USERNAME',
+ 'password' => '$DB_PASSWORD',
+ 'query_main' => 'SELECT pass, mail FROM users WHERE name = :username AND status = "1" limit 1;',
+ // don't filter with 'and c.is_test = 0' because these may be useful for FSF staff
+ 'query_membership' => "select c.status_id from drupal.users a inner join civicrm.civicrm_uf_match b on a.uid=b.uf_id inner join civicrm.civicrm_membership c on b.contact_id=c.contact_id inner join civicrm.civicrm_contact d on c.contact_id=d.id where a.status = 1 and d.is_deleted = 0 and c.status_id is not NULL and a.name = :username and (c.status_id = 1 or c.status_id = 2 or c.status_id = 3 or c.status_id = 4) order by c.status_id limit 10;",
+ 'query_staff' => "select a.name as is_fsf_staff from drupal.users a inner join civicrm.civicrm_uf_match b on a.uid=b.uf_id inner join civicrm.civicrm_contact c on b.contact_id=c.id inner join civicrm.civicrm_relationship d on c.id=d.contact_id_a where a.name=:username and a.status=1 and c.is_deleted=0 and d.relationship_type_id=4 and d.contact_id_b=FOOBAR and d.is_active=1 and (d.end_date>NOW() or d.end_date is NULL) limit 1;",
+
+ ],
+
+---
+
+[1]: https://github.com/simplesamlphp/simplesamlphp-module-sqlauth