Skip to content

Commit

Permalink
MDL-62973 auth_shibboleth: Make login form look nicer
Browse files Browse the repository at this point in the history 
* Convert login form to a mustache template
* Bring logic in auth/shibboleth/login.php
* Replace usage of $_POST variable with optional_param()
* Remove unused index_form.html
  • Loading branch information
@junpataleta
junpataleta committed Jan 21, 2019
1 parent c092f75 commit 6e4985b
Show file tree
Hide file tree
Showing 5 changed files with 205 additions and 130 deletions.
7 changes: 3 additions & 4 deletions auth/shibboleth/auth.php
View file
Expand Up @@ -308,9 +308,9 @@ public function loginpage_idp_list($wantsurl) {

/**
* Sets the standard SAML domain cookie that is also used to preselect
* the right entry on the local wayf
* the right entry on the local way
*
* @param IdP identifiere
* @param string $selectedIDP IDP identifier
*/
function set_saml_cookie($selectedIDP) {
if (isset($_COOKIE['_saml_idp']))
Expand All @@ -325,9 +325,8 @@ function set_saml_cookie($selectedIDP) {
setcookie ('_saml_idp', generate_cookie_value($IDPArray), time() + (100*24*3600));
}

/**
/**
* Prints the option elements for the select element of the drop down list
*
*/
function print_idp_list(){
$config = get_config('auth_shibboleth');
Expand Down
98 changes: 0 additions & 98 deletions auth/shibboleth/index_form.html
View file

This file was deleted.

2 changes: 1 addition & 1 deletion auth/shibboleth/lang/en/auth_shibboleth.php
View file
Expand Up @@ -41,7 +41,7 @@
$string['auth_shib_changepasswordurl'] = 'Password-change URL';
$string['auth_shib_idp_list'] = 'Identity providers';
$string['auth_shib_idp_list_description'] = 'Provide a list of Identity Provider entityIDs to let the user choose from on the login page.<br />On each line there must be a comma-separated tuple for entityID of the IdP (see the Shibboleth metadata file) and Name of IdP as it shall be displayed in the drop-down list.<br />As an optional third parameter you can add the location of a Shibboleth session initiator that shall be used in case your Moodle installation is part of a multi federation setup.';
$string['auth_shib_instructions'] = 'Use the <a href="{$a}">Shibboleth login</a> to get access via Shibboleth, if your institution supports it.<br />Otherwise, use the normal login form shown here.';
$string['auth_shib_instructions'] = 'Use the <a href="{$a}">Shibboleth login</a> to get access via Shibboleth, if your institution supports it. Otherwise, use the normal login form shown here.';
$string['auth_shib_instructions_help'] = 'Here you should provide custom instructions for your users to explain Shibboleth. It will be shown on the login page in the instructions section. The instructions must include a link to "<b>{$a}</b>" that users click when they want to log in.';
$string['auth_shib_instructions_key'] = 'Login instructions';
$string['auth_shib_integrated_wayf'] = 'Moodle WAYF service';
Expand Down
99 changes: 72 additions & 27 deletions auth/shibboleth/login.php
View file
Expand Up @@ -3,19 +3,18 @@
require_once("../../config.php");
require_once($CFG->dirroot."/auth/shibboleth/auth.php");

//initialize variables
$errormsg = '';
$idp = optional_param('idp', null, PARAM_RAW);

/// Check for timed out sessions
// Check for timed out sessions.
if (!empty($SESSION->has_timed_out)) {
$session_has_timed_out = true;
$SESSION->has_timed_out = false;
} else {
$session_has_timed_out = false;
}


/// Define variables used in page
// Define variables used in page.
$isvalid = true;
$site = get_site();

$loginsite = get_string("loginsite");
Expand All @@ -24,33 +23,31 @@

$config = get_config('auth_shibboleth');
if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($config->auth_instructions)) {
$show_instructions = true;
$showinstructions = true;
} else {
$show_instructions = false;
$showinstructions = false;
}

$IdPs = get_idp_list($config->organization_selection);
if (isset($_POST['idp']) && isset($IdPs[$_POST['idp']])){
$selectedIdP = $_POST['idp'];
set_saml_cookie($selectedIdP);
$idplist = get_idp_list($config->organization_selection);
if (isset($idp)) {
if (isset($idplist[$idp])) {
set_saml_cookie($idp);

// Redirect to SessionInitiator with entityID as argument
if (isset($IdPs[$selectedIdP][1]) && !empty($IdPs[$selectedIdP][1])) {
// For Shibbolet 1.x Service Providers
header('Location: '.$IdPs[$selectedIdP][1].'?providerId='. urlencode($selectedIdP) .'&target='. urlencode($CFG->wwwroot.'/auth/shibboleth/index.php'));
$targeturl = new moodle_url('/auth/shibboleth/index.php');
$idpinfo = $idplist[$idp];

// For Shibbolet 2.x Service Providers
// header('Location: '.$IdPs[$selectedIdP][1].'?entityID='. urlencode($selectedIdP) .'&target='. urlencode($CFG->wwwroot.'/auth/shibboleth/index.php'));
// Redirect to SessionInitiator with entityID as argument.
if (isset($idpinfo[1]) && !empty($idpinfo[1])) {
$sso = $idpinfo[1];
} else {
$sso = '/Shibboleth.sso';
}
// For Shibboleth 1.x Service Providers.
header('Location: ' . $sso . '?providerId=' . urlencode($idp) . '&target=' . urlencode($targeturl->out()));

} else {
// For Shibbolet 1.x Service Providers
header('Location: /Shibboleth.sso?providerId='. urlencode($selectedIdP) .'&target='. urlencode($CFG->wwwroot.'/auth/shibboleth/index.php'));

// For Shibboleth 2.x Service Providers
// header('Location: /Shibboleth.sso/DS?entityID='. urlencode($selectedIdP) .'&target='. urlencode($CFG->wwwroot.'/auth/shibboleth/index.php'));
$isvalid = false;
}
} elseif (isset($_POST['idp']) && !isset($IdPs[$_POST['idp']])) {
$errormsg = get_string('auth_shibboleth_errormsg', 'auth_shibboleth');
}

$loginsite = get_string("loginsite");
Expand All @@ -60,6 +57,7 @@
$PAGE->navbar->add($loginsite);
$PAGE->set_title("$site->fullname: $loginsite");
$PAGE->set_heading($site->fullname);
$PAGE->set_pagelayout('login');

echo $OUTPUT->header();

Expand All @@ -72,9 +70,56 @@
echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue);
echo $OUTPUT->box_end();
} else {
include("index_form.html");
}
// Print login page.
$selectedidp = '-';
if (isset($_COOKIE['_saml_idp'])) {
$idpcookie = generate_cookie_array($_COOKIE['_saml_idp']);
do {
$selectedidp = array_pop($idpcookie);
} while (!isset($idplist[$selectedidp]) && count($idpcookie) > 0);
}

echo $OUTPUT->footer();
$idps = [];
foreach ($idplist as $value => $data) {
$name = reset($data);
$selected = $value === $selectedidp;
$idps[] = (object)[
'name' => $name,
'value' => $value,
'selected' => $selected
];
}

// Whether the user can sign up.
$cansignup = !empty($CFG->registerauth);
// Default instructions.
$instructions = format_text($config->auth_instructions);
if (is_enabled_auth('none')) {
$instructions = get_string('loginstepsnone');
} else if ($cansignup) {
if ($CFG->registerauth === 'email' && empty($instructions)) {
$instructions = get_string('loginsteps');
}
}

// Build the template context data.
$templatedata = (object)[
'adminemail' => get_admin()->email,
'cansignup' => $cansignup,
'guestlogin' => $CFG->guestloginbutton,
'guestloginurl' => new moodle_url('/login/index.php'),
'idps' => $idps,
'instructions' => $instructions,
'loginname' => $config->login_name ?? null,
'logintoken' => \core\session\manager::get_login_token(),
'loginurl' => new moodle_url('/auth/shibboleth/login.php'),
'showinstructions' => $showinstructions,
'signupurl' => new moodle_url('/login/signup.php'),
'isvalid' => $isvalid
];

// Render the login form.
echo $OUTPUT->render_from_template('auth_shibboleth/login_form', $templatedata);
}

echo $OUTPUT->footer();

0 comments on commit 6e4985b

Please sign in to comment.