Permalink
Browse files

allow individual user fields to be marked as 'managed'

git-svn-id: http://plugins.svn.wordpress.org/shibboleth/trunk@160056 b8457f37-d9ea-0310-8a92-e5e31aec5664
  • Loading branch information...
1 parent 5cf4599 commit b4f3e43ae67ac70fef6a679b9df8c1ffdb6a2e1d wnorris committed Oct 2, 2009
Showing with 164 additions and 83 deletions.
  1. +31 −21 options-admin.php
  2. +51 −41 options-user.php
  3. +82 −21 shibboleth.php
View
@@ -147,45 +147,55 @@ function shibboleth_options_page() {
<a href="https://spaces.internet2.edu/display/SHIB2/NativeSPAddAttribute" target="_blank">Shibboleth 2</a>
</p>
- <table class="form-table optiontable editform" cellspacing="2" cellpadding="5" width="100%">
+ <table class="form-table optiontable editform" cellspacing="2" cellpadding="5">
<tr valign="top">
<th scope="row"><label for="username"><?php _e('Username') ?></label</th>
- <td><input type="text" id="username" name="headers[username]" value="<?php echo $shib_headers['username'] ?>" /></td>
+ <td><input type="text" id="username" name="headers[username][name]" value="<?php echo
+ $shib_headers['username']['name'] ?>" /></td>
+ <td width="60%"></td>
</tr>
<tr valign="top">
<th scope="row"><label for="first_name"><?php _e('First name') ?></label</th>
- <td><input type="text" id="first_name" name="headers[first_name]" value="<?php echo $shib_headers['first_name'] ?>" /></td>
+ <td><input type="text" id="first_name" name="headers[first_name][name]" value="<?php echo
+ $shib_headers['first_name']['name'] ?>" /></td>
+ <td><input type="checkbox" id="first_name_managed" name="headers[first_name][managed]" <?php
+ checked($shib_headers['first_name']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
</tr>
<tr valign="top">
<th scope="row"><label for="last_name"><?php _e('Last name') ?></label</th>
- <td><input type="text" id="last_name" name="headers[last_name]" value="<?php echo $shib_headers['last_name'] ?>" /></td>
+ <td><input type="text" id="last_name" name="headers[last_name][name]" value="<?php echo
+ $shib_headers['last_name']['name'] ?>" /></td>
+ <td><input type="checkbox" id="last_name_managed" name="headers[last_name][managed]" <?php
+ checked($shib_headers['last_name']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
</tr>
<tr valign="top">
<th scope="row"><label for="nickname"><?php _e('Nickname') ?></label</th>
- <td><input type="text" id="nickname" name="headers[nickname]" value="<?php echo $shib_headers['nickname'] ?>" /></td>
- </tr>
- <tr valign="top">
- <th scope="row"><label for="display_name"><?php _e('Display name') ?></label</th>
- <td><input type="text" id="display_name" name="headers[display_name]" value="<?php echo $shib_headers['display_name'] ?>" /></td>
+ <td><input type="text" id="nickname" name="headers[nickname][name]" value="<?php echo
+ $shib_headers['nickname']['name'] ?>" /></td>
+ <td><input type="checkbox" id="nickname_managed" name="headers[nickname][managed]" <?php
+ checked($shib_headers['nickname']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
</tr>
<tr valign="top">
- <th scope="row"><label for="email"><?php _e('Email Address') ?></label</th>
- <td><input type="text" id="email" name="headers[email]" value="<?php echo $shib_headers['email'] ?>" /></td>
+ <th scope="row"><label for="_display_name"><?php _e('Display name', 'shibboleth') ?></label</th>
+ <td><input type="text" id="_display_name" name="headers[display_name][name]" value="<?php echo
+ $shib_headers['display_name']['name'] ?>" /></td>
+ <td><input type="checkbox" id="display_name_managed" name="headers[display_name][managed]" <?php
+ checked($shib_headers['display_name']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
</tr>
<tr valign="top">
- <th scope="row"><label for="update_users"><?php _e('Update User Data', 'shibboleth') ?></label</th>
- <td>
- <input type="checkbox" id="update_users" name="update_users" <?php echo shibboleth_get_option('shibboleth_update_users') ? ' checked="checked"' : '' ?> />
- <label for="update_users"><?php _e('Use Shibboleth data to update user profile data each time the user logs in.', 'shibboleth'); ?></label>
-
- <p><?php _e('This will prevent users from being able to manually update these'
- . ' fields. Note that Shibboleth data is always used to populate the user'
- . ' profile during account creation.', 'shibboleth'); ?></p>
-
- </td>
+ <th scope="row"><label for="email"><?php _e('Email Address', 'shibboleth') ?></label</th>
+ <td><input type="text" id="email" name="headers[email][name]" value="<?php echo
+ $shib_headers['email']['name'] ?>" /></td>
+ <td><input type="checkbox" id="email_managed" name="headers[email][managed]" <?php
+ checked($shib_headers['email']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
</tr>
</table>
+ <p><?php _e('<em>Managed</em> profile fields are updated each time the user logs in using the current'
+ . ' data provided by Shibboleth. Additionally, users will be prevented from manually updating these'
+ . ' fields from within WordPress. Note that Shibboleth data is always used to populate the user'
+ . ' profile during initial account creation.', 'shibboleth'); ?></p>
+
<br class="clear" />
<h3><?php _e('User Role Mappings', 'shibboleth') ?></h3>
View
@@ -4,7 +4,7 @@
add_action('profile_personal_options', 'shibboleth_profile_personal_options');
add_action('personal_options_update', 'shibboleth_personal_options_update');
add_action('show_user_profile', 'shibboleth_show_user_profile');
-add_action('edit_user_profile', 'shibboleth_edit_user_profile');
+add_action('admin_footer-user-edit.php', 'shibboleth_admin_footer_edit_user');
/**
@@ -16,19 +16,27 @@ function shibboleth_profile_personal_options() {
if (get_usermeta($user->ID, 'shibboleth_account')) {
add_filter('show_password_fields', create_function('$v', 'return false;'));
- if (shibboleth_get_option('shibboleth_update_users')) {
- echo '
- <script type="text/javascript">
- jQuery(function() {
- jQuery("#first_name,#last_name,#nickname,#display_name,#email").attr("disabled", true);
- jQuery("h3:contains(\'Name\')").after("<div class=\"updated fade\"><p>'
- . __('These fields cannot be changed from WordPress.', 'shibboleth') . '<p></div>");
- jQuery("form#your-profile").submit(function() {
- jQuery("#first_name,#last_name,#nickname,#display_name,#email").attr("disabled", false);
- });
+ add_action('admin_footer-profile.php', 'shibboleth_admin_footer_profile');
+ }
+}
+
+function shibboleth_admin_footer_profile() {
+ $managed_fields = shibboleth_get_managed_user_fields();
+
+ if ( !empty($managed_fields) ) {
+ $selectors = join(',', array_map(create_function('$a', 'return "#$a";'), $managed_fields));
+
+ echo '
+ <script type="text/javascript">
+ jQuery(function() {
+ jQuery("' . $selectors . '").attr("disabled", true);
+ jQuery("#first_name").parents(".form-table").before("<div class=\"updated fade\"><p>'
+ . __('Some profile fields cannot be changed from WordPress.', 'shibboleth') . '</p></div>");
+ jQuery("form#your-profile").submit(function() {
+ jQuery("' . $selectors . '").attr("disabled", false);
});
- </script>';
- }
+ });
+ </script>';
}
}
@@ -37,16 +45,13 @@ function shibboleth_profile_personal_options() {
* For WordPress accounts that were created by Shibboleth, warn the admin of
* Shibboleth managed attributes.
*/
-function shibboleth_edit_user_profile() {
+function shibboleth_admin_footer_edit_user() {
global $user_id;
if (get_usermeta($user_id, 'shibboleth_account')) {
$shibboleth_fields = array();
- if (shibboleth_get_option('shibboleth_update_users')) {
- $shibboleth_fields = array_merge($shibboleth_fields,
- array('user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email'));
- }
+ $shibboleth_fields = array_merge($shibboleth_fields, shibboleth_get_managed_user_fields());
if (shibboleth_get_option('shibboleth_update_roles')) {
$shibboleth_fields = array_merge($shibboleth_fields, array('role'));
@@ -63,9 +68,9 @@ function shibboleth_edit_user_profile() {
<script type="text/javascript">
jQuery(function() {
jQuery("' . implode(',', $selectors) . '").before("<span style=\"color: #F00; font-weight: bold;\">*</span> ");
- jQuery("h3:contains(\'Name\')")
- .after("<div class=\"updated fade\"><p><span style=\"color: #F00; font-weight: bold;\">*</span> '
- . __('Starred fields are managed by Shibboleth and should not be changed from WordPress.', 'shibboleth') . '</p></div>");
+ jQuery("#first_name").parents(".form-table")
+ .before("<div class=\"updated fade\"><p><span style=\"color: #F00; font-weight: bold;\">*</span> '
+ . __('Starred fields are managed by Shibboleth and should not be changed from WordPress.', 'shibboleth') . '</p></div>");
});
</script>';
}
@@ -78,45 +83,50 @@ function shibboleth_edit_user_profile() {
*/
function shibboleth_show_user_profile() {
$user = wp_get_current_user();
- if (get_usermeta($user->ID, 'shibboleth_account')) {
- if (shibboleth_get_option('shibboleth_password_change_url')) {
+ $password_change_url = shibboleth_get_option('shibboleth_password_change_url');
+ if (get_usermeta($user->ID, 'shibboleth_account') && !empty($password_change_url) ) {
?>
<table class="form-table">
<tr>
- <th>Change Password</th>
- <td><a href="<?php echo shibboleth_get_option('shibboleth_password_change_url');
- ?>" target="_blank"><?php _e('Change your password', 'shibboleth'); ?></a></td>
+ <th><?php _e('Change Password') ?></th>
+ <td><a href="<?php echo esc_url($password_change_url); ?>" target="_blank"><?php
+ _e('Change your password', 'shibboleth'); ?></a></td>
</tr>
</table>
<?php
- }
}
}
/**
- * Ensure profile data isn't updated by the user. This only applies to
- * accounts that were provisioned through Shibboleth, and only if the option
- * to manage user attributes exclusively from Shibboleth is enabled.
+ * Ensure profile data isn't updated by the user. This only applies to accounts that were
+ * provisioned through Shibboleth, and only for those user fields marked as 'managed'.
*/
function shibboleth_personal_options_update() {
$user = wp_get_current_user();
- if (get_usermeta($user->ID, 'shibboleth_account') && shibboleth_get_option('shibboleth_update_users')) {
- add_filter('pre_user_first_name',
- create_function('$n', 'return $GLOBALS["current_user"]->first_name;'));
+ if ( get_usermeta($user->ID, 'shibboleth_account') ) {
+ $managed = shibboleth_get_managed_user_fields();
- add_filter('pre_user_last_name',
- create_function('$n', 'return $GLOBALS["current_user"]->last_name;'));
+ if ( in_array('first_name', $managed) ) {
+ add_filter('pre_user_first_name', create_function('$n', 'return $GLOBALS["current_user"]->first_name;'));
+ }
- add_filter('pre_user_nickname',
- create_function('$n', 'return $GLOBALS["current_user"]->nickname;'));
+ if ( in_array('last_name', $managed) ) {
+ add_filter('pre_user_last_name', create_function('$n', 'return $GLOBALS["current_user"]->last_name;'));
+ }
- add_filter('pre_user_display_name',
- create_function('$n', 'return $GLOBALS["current_user"]->display_name;'));
+ if ( in_array('nickname', $managed) ) {
+ add_filter('pre_user_nickname', create_function('$n', 'return $GLOBALS["current_user"]->nickname;'));
+ }
+
+ if ( in_array('display_name', $managed) ) {
+ add_filter('pre_user_display_name', create_function('$n', 'return $GLOBALS["current_user"]->display_name;'));
+ }
- add_filter('pre_user_email',
- create_function('$e', 'return $GLOBALS["current_user"]->user_email;'));
+ if ( in_array('email', $managed) ) {
+ add_filter('pre_user_email', create_function('$e', 'return $GLOBALS["current_user"]->user_email;'));
+ }
}
}
View
@@ -33,12 +33,12 @@ function shibboleth_activate_plugin() {
shibboleth_add_option('shibboleth_logout_url', get_option('home') . '/Shibboleth.sso/Logout');
$headers = array(
- 'username' => 'eppn',
- 'first_name' => 'givenName',
- 'last_name' => 'sn',
- 'nickname' => 'eppn',
- 'display_name' => 'displayName',
- 'email' => 'mail',
+ 'username' => array( 'name' => 'eppn', 'managed' => false),
+ 'first_name' => array( 'name' => 'givenName', 'managed' => true),
+ 'last_name' => array( 'name' => 'sn', 'managed' => true),
+ 'nickname' => array( 'name' => 'eppn', 'managed' => true),
+ 'display_name' => array( 'name' => 'displayName', 'managed' => true),
+ 'email' => array( 'name' => 'mail', 'managed' => true),
);
shibboleth_add_option('shibboleth_headers', $headers);
@@ -51,15 +51,17 @@ function shibboleth_activate_plugin() {
'header' => 'affiliation',
'value' => 'faculty',
),
+ // TODO: this could likely do strange things if WordPress has an actual role named 'default'
'default' => 'subscriber',
);
shibboleth_add_option('shibboleth_roles', $roles);
- shibboleth_add_option('shibboleth_update_users', true);
shibboleth_add_option('shibboleth_update_roles', true);
shibboleth_insert_htaccess();
+ shibboleth_migrate_old_data();
+
shibboleth_update_option('shibboleth_plugin_revision', SHIBBOLETH_PLUGIN_REVISION);
if ( function_exists('restore_current_blog') ) restore_current_blog();
@@ -77,6 +79,33 @@ function shibboleth_deactivate_plugin() {
/**
+ * Migrate old data to newer formats.
+ */
+function shibboleth_migrate_old_data() {
+
+ // new header format, allowing each header to be marked as 'managed' individually
+ $managed = shibboleth_get_option('shibboleth_update_users');
+ $headers = shibboleth_get_option('shibboleth_headers');
+ $updated = false;
+
+ foreach ($headers as $key => $value) {
+ if ( is_string($value) ) {
+ $headers[$key] = array(
+ 'name' => $value,
+ 'managed' => $managed,
+ );
+ $updated = true;
+ }
+ }
+
+ if ( $updated ) {
+ shibboleth_update_option('shibboleth_headers', $headers);
+ }
+ shibboleth_remove_option('shibboleth_update_users');
+
+}
+
+/**
* Load Shibboleth admin hooks only on admin page loads.
*
* 'admin_init' is actually called *after* 'admin_menu', so we have to hook in
@@ -240,7 +269,7 @@ function shibboleth_authenticate_user() {
return new WP_Error('no_access', __('You do not have sufficient access.'));
}
- $username = $_SERVER[$shib_headers['username']];
+ $username = $_SERVER[$shib_headers['username']['name']];
$user = new WP_User($username);
if ( $user->ID ) {
@@ -265,7 +294,7 @@ function shibboleth_authenticate_user() {
// update user data
update_usermeta($user->ID, 'shibboleth_account', true);
- if ( shibboleth_get_option('shibboleth_update_users') ) shibboleth_update_user_data($user->ID);
+ shibboleth_update_user_data($user->ID);
if ( shibboleth_get_option('shibboleth_update_roles') ) $user->set_role($user_role);
return $user;
@@ -288,7 +317,7 @@ function shibboleth_create_new_user($user_login) {
update_usermeta($user->ID, 'shibboleth_account', true);
// always update user data and role on account creation
- shibboleth_update_user_data($user->ID);
+ shibboleth_update_user_data($user->ID, true);
$user_role = shibboleth_get_user_role();
$user->set_role($user_role);
@@ -332,28 +361,60 @@ function shibboleth_get_user_role() {
/**
- * Update the user data for the specified user based on the current Shibboleth headers.
+ * Get the user fields that are managed by Shibboleth.
+ *
+ * @return Array user fields managed by Shibboleth
+ */
+function shibboleth_get_managed_user_fields() {
+ $headers = shibboleth_get_option('shibboleth_headers');
+ $managed = array();
+
+ foreach ($headers as $name => $value) {
+ if ( $value['managed'] ) {
+ $managed[] = $name;
+ }
+ }
+
+ return $managed;
+}
+
+
+/**
+ * Update the user data for the specified user based on the current Shibboleth headers. Unless
+ * the 'force_update' parameter is true, only the user fields marked as 'managed' fields will be
+ * updated.
*
* @param int $user_id ID of the user to update
+ * @param boolean $force_update force update of user data, regardless of 'managed' flag on fields
* @uses apply_filters() Calls 'shibboleth_user_*' before setting user attributes,
- * where '*' is one of: login, nicename, first_name, last_name, nickname,
- * display_name, email
+ * where '*' is one of: login, nicename, first_name, last_name,
+ * nickname, display_name, email
*/
-function shibboleth_update_user_data($user_id) {
+function shibboleth_update_user_data($user_id, $force_update = false) {
require_once( ABSPATH . WPINC . '/registration.php' );
$shib_headers = shibboleth_get_option('shibboleth_headers');
+ $user_fields = array(
+ 'user_login' => 'username',
+ 'user_nicename' => 'username',
+ 'first_name' => 'first_name',
+ 'last_name' => 'last_name',
+ 'nickname' => 'nickname',
+ 'display_name' => 'display_name',
+ 'user_email' => 'email'
+ );
+
$user_data = array(
'ID' => $user_id,
- 'user_login' => apply_filters('shibboleth_user_login', $_SERVER[$shib_headers['username']]),
- 'user_nicename' => apply_filters('shibboleth_user_nicename', $_SERVER[$shib_headers['username']]),
- 'first_name' => apply_filters('shibboleth_user_first_name', $_SERVER[$shib_headers['first_name']]),
- 'last_name' => apply_filters('shibboleth_user_last_name', $_SERVER[$shib_headers['last_name']]),
- 'nickname' => apply_filters('shibboleth_user_nickname', $_SERVER[$shib_headers['nickname']]),
- 'display_name' => apply_filters('shibboleth_user_display_name', $_SERVER[$shib_headers['display_name']]),
- 'user_email' => apply_filters('shibboleth_user_email', $_SERVER[$shib_headers['email']]),
);
+
+ foreach ($user_fields as $field => $header) {
+ if ( $force_update || $shib_headers[$header]['managed'] ) {
+ $filter = 'shibboleth_' . ( strpos($field, 'user_') === 0 ? '' : 'user_' ) . $field;
+ $user_data[$field] = apply_filters($filter, $_SERVER[$shib_headers[$header]['name']]);
+ }
+ }
wp_update_user($user_data);
}

0 comments on commit b4f3e43

Please sign in to comment.