Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

fixed issue with externalusermanagement support

  • Loading branch information...
commit 6df714ab3cc7c4eb3e972e0f3c7f6eae0abef195 1 parent 878fc8f
Byrne authored September 29, 2009
2  Makefile.PL
@@ -2,6 +2,6 @@ use ExtUtils::MakeMaker;
2 2
 
3 3
 WriteMakefile(
4 4
     NAME            => 'OpenSSO',
5  
-    VERSION         => '1.0b2',
  5
+    VERSION         => '1.0b3',
6 6
     DISTNAME        => 'OpenSSO',
7 7
 );
14  addons/OpenSSO.pack/config.yaml
... ...
@@ -1,9 +1,18 @@
1 1
 id: OpenSSO
2 2
 name: "OpenSSO"
3 3
 description: "This adds support for Sun's OpenSSO federated authentication system to Movable Type."
4  
-version: 1.0 Beta 2
  4
+version: 1.0
5 5
 
6 6
 config_settings:
  7
+  ExternalUserManagement:
  8
+    default: 0
  9
+    handler: >
  10
+            sub {
  11
+                my $mgr = shift;
  12
+                return $mgr->set_internal( 'ExternalUserManagement', @_ ) if @_;
  13
+                ( $mgr->AuthenticationModule ne 'MT' )
  14
+                  && $mgr->get_internal('ExternalUserManagement') ? 1 : 0;
  15
+            }
7 16
   OpenSSOMethod: 
8 17
     default: 'SAML'
9 18
   OpenSSOCookieName: 
@@ -22,3 +31,6 @@ applications:
22 31
       opensso_response: 
23 32
         code: $OpenSSO::OpenSSO::Plugin::response
24 33
         requires_login: 0
  34
+
  35
+callbacks:
  36
+  template_param.edit_author: $OpenSSO::OpenSSO::Plugin::edit_author
84  addons/OpenSSO.pack/lib/OpenSSO/Plugin.pm
@@ -33,6 +33,90 @@ use constant SAML2_SC_UNSUPPBIN => 'urn:oasis:names:tc:SAML:2.0:status:Unsupport
33 33
 
34 34
 use constant XML_SIG_METHOD_RSA => 'http://www.w3.org/2000/09/xmldsig#rsa-sha1';
35 35
 
  36
+sub edit_author {
  37
+    my ( $eh, $app, $param, $tmpl) = @_;
  38
+    return unless UNIVERSAL::isa($tmpl, 'MT::Template');
  39
+    my $q    = $app->param;
  40
+    my $type = $q->param('_type');
  41
+    my $class = $app->model($type) or return;
  42
+    my $id = $q->param('id');
  43
+    my $author = $app->user;
  44
+    my $obj_promise = MT::Promise::delay(
  45
+        sub {
  46
+            return $class->load($id) || undef;
  47
+        }
  48
+    );
  49
+    my $obj;
  50
+    if ($id) {
  51
+        $obj = $obj_promise->force()
  52
+          or return $app->error(
  53
+            $app->translate(
  54
+                "Load failed: [_1]",
  55
+                $class->errstr || $app->translate("(no reason given)")
  56
+            )
  57
+          );
  58
+        if ( $type eq 'author' ) {
  59
+            require MT::Auth;
  60
+            if ( $app->user->is_superuser ) {
  61
+                if ( $app->config->ExternalUserManagement ) {
  62
+                    if ( MT::Auth->synchronize_author( User => $obj ) ) {
  63
+                        $obj = $class->load($id);
  64
+                        ## we only sync name and status here
  65
+                        $param->{name}   = $obj->name;
  66
+                        $param->{status} = $obj->status;
  67
+                        if ( ( $id == $author->id ) && ( !$obj->is_active ) ) {
  68
+                            ## superuser has been attempted to disable herself - something bad
  69
+                            $obj->status( MT::Author::ACTIVE() );
  70
+                            $obj->save;
  71
+                            $param->{superuser_attempted_disabled} = 1;
  72
+                        }
  73
+                    }
  74
+                    my $id = $obj->external_id;
  75
+                    $id = '' unless defined $id;
  76
+                    if (length($id) && ($id !~ m/[\x00-\x1f\x80-\xff]/)) {
  77
+                        $param->{show_external_id} = 1;
  78
+                    }
  79
+                }
  80
+                delete $param->{can_edit_username};
  81
+            }
  82
+            else {
  83
+                if ( !$app->config->ExternalUserManagement ) {
  84
+                    $param->{can_edit_username} = 1;
  85
+                }
  86
+            }
  87
+            $param->{group_count} = $obj->group_count;
  88
+        }
  89
+    }
  90
+    else {    # object is new                                                                                      
  91
+        if ( $type eq 'author' ) {
  92
+            if ( !$app->config->ExternalUserManagement ) {
  93
+                if ( $app->config->AuthenticationModule ne 'MT' ) {
  94
+                    $param->{new_user_external_auth} = '1';
  95
+                }
  96
+            }
  97
+        }
  98
+    }
  99
+    if ( $type eq 'author' ) {
  100
+        $param->{'external_user_management'} =
  101
+	    $app->config->ExternalUserManagement;
  102
+    }
  103
+    my $element = $tmpl->getElementById('system_msg');
  104
+    if ( $element ) {
  105
+        my $contents = $element->innerHTML;
  106
+        my $text = <<EOT;
  107
+<mt:if name="superuser_attempted_disabled">
  108
+    <mtapp:statusmsg
  109
+        id="superuser-atempted-disabled"
  110
+        class="alert">
  111
+        <__trans_section component="enterprise"><__trans phrase="Movable Type Enterprise has just attempted to disable your account during synchronization with the external directory. Some of the external user management settings must be wrong. Please correct your configuration before proceeding."></__trans_section>
  112
+    </mtapp:statusmsg>
  113
+</mt:if>
  114
+EOT
  115
+$element->innerHTML($text . $contents);
  116
+    }
  117
+    $tmpl;
  118
+}
  119
+
36 120
 sub response {
37 121
     my $app = shift;
38 122
     my $q = $app->{query};

0 notes on commit 6df714a

Please sign in to comment.
Something went wrong with that request. Please try again.