commiting uncommited changes on live site

[weblabels.fsf.org.git] / crm.fsf.org / 20131203 / files / sites / all / modules-new / cas_fields / cas_fields_server / cas_fields_server.module

<?php

/**
 * @file
 * Documentation for CAS Fields Server API.
 */

/**
 * Return additional CAS attributes when acting as a CAS server.
 *
 * This hook allows modules to add additional CAS attributes to the basic
 * response by the CAS Server module.
 *
 * @param $account
 *   The user being logged in.
 * @param $service
 *   The service URL of the site the user is logging in to.
 * @param $ticket
 *   The login ticket the user provided.
 *
 * @return
 *   An associative array of CAS attributes for the user.
 */

/**
 * Does whitelist checking.
 * Sets the data that will be transfered to cas_fields_client.
 */
function cas_fields_server_cas_server_user_attributes($account, $service, $ticket) {
  $whitelist  = variable_get('cas_server_whitelist');

  // Get the host name.
  preg_match('@^(?:http://)?([^/]+)@i', $service, $matches);
  $host = $matches[1];

  // Get last two segments of host name.
  preg_match('/[^.]+\.[^.]+$/', $host, $matches);
  $domain = $matches[0];

  // Check the whitelist if it's empty or if it includes the domain name.
  if ((count($whitelist) == 1) || (in_array($domain, $whitelist))) {
    $pass = TRUE;
  }
  else {
    $pass = FALSE;
  }

  // Set user attributes if the domain has passed the clearence.
  if ($pass == TRUE) {
    $attributes = array();

    $user_fields = user_load($account->uid);
    $attributes['user_fields'] = json_encode($user_fields);

    // Attributes can be single valued or multi-valued.
    $attributes['service'] = $service;
    $attributes['domain'] = $host;
    $attributes['whitelist'] = 'passed whitelist check';
    $attributes['ticket'] = $ticket;
    $attributes['account'] = $account->uid;
    $attributes['picture'] = file_create_url($account->picture->uri);

    return $attributes;
  }
  // Domain has not passed security check, logout the user.
  else {
    user_logout();
  }
}

/**
 * Implements hook_menu().
 */
function cas_fields_server_menu() {
  $items = array();

  $items['admin/config/people/cas/cas_server'] = array(
    'title' => 'CAS Server Config',
    'description' => 'Configuration for CAS Server module',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('cas_fields_server_config_form'),
    'access arguments' => array('access administration pages'),
    'type' => MENU_NORMAL_ITEM,
  );

  return $items;
}

/**
 * Building the cas server configuration form.
 */
function cas_fields_server_config_form($form, &$form_state) {

  $list = '';
  foreach (array_filter(variable_get('cas_server_whitelist')) as $key => $value) {
    $list .= $value . ", \n";
  }

  $form['cas_fields_server_config_form'] = array(
    '#title' => t('CAS Clients top level domains that can access the server: '),
    '#description' => t('Format : domain.com<br/> Separator: use commas<br/><br/>Note: do not add wildcard (*.domain.com) as all subdomains of the listed domains are cleared by the security check.<br/><br/> Note: All incoming requests pass if there is no domain set in the textfield above'),
    '#type' => 'textarea',
    '#default_value' => $list ,
  );

  $form['#submit'][] = 'cas_fields_server_config_form_submit';

  return system_settings_form($form);
}

/**
 * Set the whitelist variable value.
 */
function cas_fields_server_config_form_submit($form, &$form_state) {
  $whitelist = array_map('trim', explode(",", $form['cas_fields_server_config_form']['#value']));
  variable_set('cas_server_whitelist', $whitelist);
}