auth/cas: MDL-25062 CAS authentication plugin does not validate the C…

…AS server certificate

If we enable the server validation but don't specify a certificate file path
flag the error and don't let the user save the settings.

auth/cas/auth.php

@@ -206,6 +206,19 @@ function connectCAS() {
     function config_form($config, $err, $user_fields) {
         include 'config.html';
     }
+
+    /**
+     * A chance to validate form data, and last chance to
+     * do stuff before it is inserted in config_plugin
+     * @param object object with submitted configuration settings (without system magic quotes)
+     * @param array $err array of error messages
+     */
+    function validate_form(&$form, &$err) {
+        $certificate_path = trim($form->certificate_path);
+        if ($form->certificate_check && empty($certificate_path)) {
+            $err['certificate_path'] = get_string('auth_cas_certificate_path_empty', 'auth');
+        }
+    }
     /**
      * Returns the URL for changing the user's pw, or empty if the default can
      * be used.

lang/en_utf8/auth.php

@@ -43,6 +43,7 @@
 $string['auth_cas_multiauth'] = "Turn this to ''yes'' if you want to have multi-authentication (CAS + other authentication)";
 $string['auth_cas_certificate_check'] = "Turn this to ''yes'' if you want to validate the server certificate";
 $string['auth_cas_certificate_path'] = "Path of the CA chain file (PEM Format) to validate the server certificate";
+$string['auth_cas_certificate_path_empty'] = "If you turn on Server validation, you need to specify a certificate path";
 $string['accesCAS'] = "CAS users";
 $string['accesNOCAS'] = "other users";
 $string['CASform'] = "Authentication choice";