[Fusionforge-commits] r12809 - in trunk/src: plugins/authbuiltin/www plugins/authcas/include plugins/authcas/www plugins/authhttpd/include plugins/authhttpd/www plugins/authldap/www www/account www/include

Roland Mas lolando at fusionforge.org
Wed Mar 16 22:00:59 CET 2011


Author: lolando
Date: 2011-03-16 22:00:58 +0100 (Wed, 16 Mar 2011)
New Revision: 12809

Added:
   trunk/src/www/include/login-form.php
Modified:
   trunk/src/plugins/authbuiltin/www/post-login.php
   trunk/src/plugins/authcas/include/AuthCASPlugin.class.php
   trunk/src/plugins/authcas/www/post-login.php
   trunk/src/plugins/authhttpd/include/AuthHTTPDPlugin.class.php
   trunk/src/plugins/authhttpd/www/post-login.php
   trunk/src/plugins/authldap/www/post-login.php
   trunk/src/www/account/login.php
Log:
Factor login page and form, and allow direct authentication when it makes sense.

auth* plugins can now provide a redirection link if their authentication
requires no interaction on the forge (eg. with CAS, Kerberos or other
single-sign-on systems).  When there's only one active auth* plugin, and it
provides such a link, the "log in" link can be made to point at wherever the
user needs to be redirected, which avoids a form with only one button and
no parameters.


Modified: trunk/src/plugins/authbuiltin/www/post-login.php
===================================================================
--- trunk/src/plugins/authbuiltin/www/post-login.php	2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authbuiltin/www/post-login.php	2011-03-16 21:00:58 UTC (rev 12809)
@@ -31,6 +31,7 @@
 
 require_once('../../../www/env.inc.php');
 require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
 
 $plugin = plugin_get_object('authbuiltin');
 
@@ -119,9 +120,8 @@
 	html_feedback_top($feedback);
 }
 
-$params = array();
-$params['return_to'] = $return_to;
-plugin_hook('display_auth_form');
+// Otherwise, display the login form again
+display_login_form($return_to, $triggered);
 
 $HTML->footer(array());
 

Modified: trunk/src/plugins/authcas/include/AuthCASPlugin.class.php
===================================================================
--- trunk/src/plugins/authcas/include/AuthCASPlugin.class.php	2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authcas/include/AuthCASPlugin.class.php	2011-03-16 21:00:58 UTC (rev 12809)
@@ -96,6 +96,8 @@
 </form>' ;
 
 		$params['html_snippets'][$this->name] = $result;
+
+		$params['transparent_redirect_urls'][$this->name] = util_make_url('/plugins/authcas/post-login.php?return_to='.htmlspecialchars(stripslashes($return_to)).'&login=1');
 	}
 
     /**

Modified: trunk/src/plugins/authcas/www/post-login.php
===================================================================
--- trunk/src/plugins/authcas/www/post-login.php	2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authcas/www/post-login.php	2011-03-16 21:00:58 UTC (rev 12809)
@@ -33,6 +33,7 @@
 
 require_once('../../../www/env.inc.php');
 require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
 
 $plugin = plugin_get_object('authcas');
 
@@ -44,24 +45,6 @@
 $error_msg = htmlspecialchars(getStringFromRequest('error_msg'));
 $triggered = getIntFromRequest('triggered');
 
-//
-//	Validate return_to
-//
-if ($return_to) {
-	$tmpreturn=explode('?',$return_to);
-	$rtpath = $tmpreturn[0] ;
-
-	if (@is_file(forge_get_config('url_root').$rtpath)
-	    || @is_dir(forge_get_config('url_root').$rtpath)
-	    || (strpos($rtpath,'/projects') == 0)
-	    || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
-		$newrt = $return_to ;
-	} else {
-		$newrt = '/' ;
-	}
-	$return_to = $newrt ;
-}
-
 if (forge_get_config('use_ssl') && !session_issecure()) {
 	//force use of SSL for login
 	// redirect
@@ -77,6 +60,8 @@
 		$plugin->startSession(phpCAS::getUser());
 	}
 	if ($return_to) {
+		validate_return_to($return_to);
+
 		header ("Location: " . util_make_url($return_to));
 		exit;
 	} else {
@@ -99,6 +84,8 @@
 				$plugin->startSession(phpCAS::getUser());
 			}
 			if ($return_to) {
+				validate_return_to($return_to);
+				
 				header ("Location: " . util_make_url($return_to));
 				exit;
 			} else {
@@ -110,15 +97,8 @@
 }
 
 // Otherwise, display the login form again
+display_login_page($return_to, $triggered);
 
-$HTML->header(array('title'=>'Login'));
-
-$params = array();
-$params['return_to'] = $return_to;
-plugin_hook('display_auth_form');
-
-$HTML->footer(array());
-
 // Local Variables:
 // mode: php
 // c-file-style: "bsd"

Modified: trunk/src/plugins/authhttpd/include/AuthHTTPDPlugin.class.php
===================================================================
--- trunk/src/plugins/authhttpd/include/AuthHTTPDPlugin.class.php	2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authhttpd/include/AuthHTTPDPlugin.class.php	2011-03-16 21:00:58 UTC (rev 12809)
@@ -72,6 +72,9 @@
 </form>' ;
 		
 		$params['html_snippets'][$this->name] = $result;
+
+		$params['transparent_redirect_urls'][$this->name] = util_make_url('/plugins/authhttpd/post-login.php?return_to
+='.htmlspecialchars(stripslashes($return_to)));
 	}
 
 	/**

Modified: trunk/src/plugins/authhttpd/www/post-login.php
===================================================================
--- trunk/src/plugins/authhttpd/www/post-login.php	2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authhttpd/www/post-login.php	2011-03-16 21:00:58 UTC (rev 12809)
@@ -33,6 +33,7 @@
 
 require_once('../../../www/env.inc.php');
 require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
 
 $plugin = plugin_get_object('authcas');
 
@@ -44,24 +45,6 @@
 $error_msg = htmlspecialchars(getStringFromRequest('error_msg'));
 $triggered = getIntFromRequest('triggered');
 
-//
-//	Validate return_to
-//
-if ($return_to) {
-	$tmpreturn=explode('?',$return_to);
-	$rtpath = $tmpreturn[0] ;
-
-	if (@is_file(forge_get_config('url_root').$rtpath)
-	    || @is_dir(forge_get_config('url_root').$rtpath)
-	    || (strpos($rtpath,'/projects') == 0)
-	    || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
-		$newrt = $return_to ;
-	} else {
-		$newrt = '/' ;
-	}
-	$return_to = $newrt ;
-}
-
 if (forge_get_config('use_ssl') && !session_issecure()) {
 	//force use of SSL for login
 	// redirect
@@ -72,6 +55,8 @@
 	$plugin->startSession($GLOBALS['REMOTE_USER']);
 }
 if ($return_to) {
+	validate_return_to($return_to);
+
 	header ("Location: " . util_make_url($return_to));
 	exit;
 } else {

Modified: trunk/src/plugins/authldap/www/post-login.php
===================================================================
--- trunk/src/plugins/authldap/www/post-login.php	2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authldap/www/post-login.php	2011-03-16 21:00:58 UTC (rev 12809)
@@ -31,6 +31,7 @@
 
 require_once('../../../www/env.inc.php');
 require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
 
 $plugin = plugin_get_object('authldap');
 
@@ -120,9 +121,8 @@
 	html_feedback_top($feedback);
 }
 
-$params = array();
-$params['return_to'] = $return_to;
-plugin_hook('display_auth_form');
+// Otherwise, display the login form again
+display_login_form($return_to, $triggered);
 
 $HTML->footer(array());
 

Modified: trunk/src/www/account/login.php
===================================================================
--- trunk/src/www/account/login.php	2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/www/account/login.php	2011-03-16 21:00:58 UTC (rev 12809)
@@ -40,31 +40,8 @@
 	session_logout();
 }
 
-$HTML->header(array('title'=>'Login'));
+display_login_page($return_to, $triggered);
 
-echo '<p>';
-if ($triggered) {
-	echo '<div class="warning">' ;
-	echo _('You\'ve been redirected to this login page because you have tried accessing a page that was not available to you as an anonymous user.');
-	echo '</div> ' ;
-}
-echo '</p>';
-
-// see AuthBuiltinPlugin::displayAuthForm() that should do the work by default
-
-$params = array();
-$params['return_to'] = $return_to;
-$params['html_snippets'] = array();
-plugin_hook_by_reference('display_auth_form', $params);
-
-foreach ($params['html_snippets'] as $p => $s) {
-	$plugin = plugin_get_object($p);
-	echo '<h2>'.$plugin->text.'</h2>';
-	echo $s;
-}
-
-$HTML->footer(array());
-
 // Local Variables:
 // mode: php
 // c-file-style: "bsd"

Added: trunk/src/www/include/login-form.php
===================================================================
--- trunk/src/www/include/login-form.php	                        (rev 0)
+++ trunk/src/www/include/login-form.php	2011-03-16 21:00:58 UTC (rev 12809)
@@ -0,0 +1,90 @@
+<?php
+/**
+ * FusionForge login form functions
+ *
+ * Copyright 2011, Roland Mas
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+function validate_return_to(&$return_to='/') {
+	$newrt = '/' ;
+
+	if ($return_to) {
+		$tmpreturn=explode('?',$return_to);
+		$rtpath = $tmpreturn[0] ;
+		
+		if (@is_file(forge_get_config('url_root').$rtpath)
+		    || @is_dir(forge_get_config('url_root').$rtpath)
+		    || (strpos($rtpath,'/projects') == 0)
+		    || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
+			$newrt = $return_to ;
+		}
+	}
+
+	$return_to = $newrt;
+}
+
+function display_login_page($return_to='/', $triggered=false) {
+	display_login_form($return_to, $triggered, true);
+}
+
+function display_login_form($return_to='/', $triggered=false, $full_page=false) {
+	validate_return_to($return_to);
+
+	$params = array();
+	$params['return_to'] = $return_to;
+	$params['html_snippets'] = array();
+	$params['transparent_redirect_urls'] = array();
+	plugin_hook_by_reference('display_auth_form', $params);
+
+	if (!$formonly) {
+		if (count($params['html_snippets']) == 1
+		    && count($params['transparent_redirect_urls']) == 1) {
+			session_redirect($params['transparent_redirect_urls'][0]);
+		}
+	
+		$HTML->header(array('title'=>'Login'));
+	}
+
+	if ($triggered) {
+		echo '<p>';
+		echo '<div class="warning">' ;
+		echo _('You\'ve been redirected to this login page because you have tried accessing a page that was not available to you as an anonymous user.');
+		echo '</div> ' ;
+		echo '</p>';
+	}
+	
+	// see AuthBuiltinPlugin::displayAuthForm() that should do the work by default
+	
+	foreach ($params['html_snippets'] as $p => $s) {
+		$plugin = plugin_get_object($p);
+		echo '<h2>'.$plugin->text.'</h2>';
+		echo $s;
+	}
+	
+	if (!$formonly) {
+		$HTML->footer(array());
+	}
+}
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>




More information about the Fusionforge-commits mailing list