diff --git a/assets/css/shibboleth_login_form.css b/assets/css/shibboleth_login_form.css index 704df27..031e764 100644 --- a/assets/css/shibboleth_login_form.css +++ b/assets/css/shibboleth_login_form.css @@ -54,7 +54,7 @@ width: 100%; text-align: center; text-decoration: none; - margin-top: 16px; + float: none; } .shibboleth-form-display #loginform > p, @@ -71,6 +71,7 @@ } .shibboleth-or { + margin-bottom: 16px; position: relative; text-align: center; } diff --git a/shibboleth.php b/shibboleth.php index a7229b2..b5e5a17 100644 --- a/shibboleth.php +++ b/shibboleth.php @@ -467,7 +467,8 @@ function shibboleth_authenticate( $user, $username, $password ) { if ( shibboleth_session_active() ) { return shibboleth_authenticate_user(); } else { - $idp = 'preset'; + $idps = shibboleth_getoption( 'shibboleth_idps' ); + $idp = key( $idps ); $redirect_to = null; if ( isset( $_REQUEST['idp'] ) ) { @@ -506,26 +507,29 @@ function shibboleth_login_form_shibboleth() { function shibboleth_get_password_reset_url( $user_login ) { $user_idp = ''; - if ( empty( $user_login ) ) { - // If no user was provided, try to use the preset values. - $user_idp = 'preset'; - } else { + $idps = shibboleth_getoption( 'shibboleth_idps' ); + + if ( ! empty( $user_login ) ) { $user = get_user_by( 'login', $user_login ); if ( $user ) { $user_idp = shibboleth_get_user_idp( $user->ID ); + + if ( empty( $user_idp ) ) { + return null; + } } + } elseif ( count( $idps ) === 1 ) { + // If there is only one IdP, we can use it as the default. + $user_idp = key( $idps ); } - if ( $user_idp ) { - // Use the provided constant for all Shibboleth accounts. - if ( defined( 'SHIBBOLETH_PASSWORD_RESET_URL' ) ) { - return SHIBBOLETH_PASSWORD_RESET_URL; - } + // Use the provided constant for all Shibboleth accounts. + if ( defined( 'SHIBBOLETH_PASSWORD_RESET_URL' ) ) { + return SHIBBOLETH_PASSWORD_RESET_URL; + } - $idps = shibboleth_getoption( 'shibboleth_idps' ); - if ( isset( $idps[ $user_idp ] ) ) { - return $idps[ $user_idp ]['password_reset_url']; - } + if ( ! empty( $user_idp ) && isset( $idps[ $user_idp ] ) ) { + return $idps[ $user_idp ]['password_reset_url']; } } @@ -558,10 +562,14 @@ function shibboleth_login_url( $login_url ) { $default = shibboleth_getoption( 'shibboleth_default_to_shib_login' ); if ( $default ) { - $login_url = add_query_arg( 'action', 'shibboleth', $login_url ); - } + $idps = shibboleth_getoption( 'shibboleth_idps' ); - // TODO: Do we need to add the idp_code here? + // Only send people directly to Shibboleth if there is only 1 IdP. + if ( count( $idps ) === 1 ) { + $login_url = add_query_arg( 'action', 'shibboleth', $login_url ); + $login_url = add_query_arg( 'idp', key( $idps ), $login_url ); + } + } return $login_url; } @@ -673,8 +681,13 @@ function shibboleth_set_user_idp( $user_id, $user_idp = null ) { if ( empty( $user_idp ) ) { $default_idp = null; - // TODO: Do we want the IdP 'environment header' to be configurable? - $session_entity_id = shibboleth_getenv( 'Shib-Identity-Provider' ); + // Allow the environment variable name to be overriden. + $entity_id_env_var = 'Shib-Identity-Provider'; + if ( defined( 'SHIBBOLETH_IDP_ENV_VAR' ) ) { + $entity_id_env_var = SHIBBOLETH_IDP_ENV_VAR; + } + + $session_entity_id = shibboleth_getenv( $entity_id_env_var ); $idps = get_site_option( 'shibboleth_idps', array() ); @@ -1054,7 +1067,6 @@ function shibboleth_disable_login_form() { $bypass = defined( 'SHIBBOLETH_ALLOW_LOCAL_AUTH' ) && SHIBBOLETH_ALLOW_LOCAL_AUTH; if ( $disable && ! $bypass ) { - // TODO: Is this doing the right thing? $password_reset_url = shibboleth_get_password_reset_url( '' ); ?>