[Fusionforge-commits] r12809 - in trunk/src: plugins/authbuiltin/www plugins/authcas/include plugins/authcas/www plugins/authhttpd/include plugins/authhttpd/www plugins/authldap/www www/account www/include
Roland Mas
lolando at fusionforge.org
Wed Mar 16 22:00:59 CET 2011
Author: lolando
Date: 2011-03-16 22:00:58 +0100 (Wed, 16 Mar 2011)
New Revision: 12809
Added:
trunk/src/www/include/login-form.php
Modified:
trunk/src/plugins/authbuiltin/www/post-login.php
trunk/src/plugins/authcas/include/AuthCASPlugin.class.php
trunk/src/plugins/authcas/www/post-login.php
trunk/src/plugins/authhttpd/include/AuthHTTPDPlugin.class.php
trunk/src/plugins/authhttpd/www/post-login.php
trunk/src/plugins/authldap/www/post-login.php
trunk/src/www/account/login.php
Log:
Factor login page and form, and allow direct authentication when it makes sense.
auth* plugins can now provide a redirection link if their authentication
requires no interaction on the forge (eg. with CAS, Kerberos or other
single-sign-on systems). When there's only one active auth* plugin, and it
provides such a link, the "log in" link can be made to point at wherever the
user needs to be redirected, which avoids a form with only one button and
no parameters.
Modified: trunk/src/plugins/authbuiltin/www/post-login.php
===================================================================
--- trunk/src/plugins/authbuiltin/www/post-login.php 2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authbuiltin/www/post-login.php 2011-03-16 21:00:58 UTC (rev 12809)
@@ -31,6 +31,7 @@
require_once('../../../www/env.inc.php');
require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
$plugin = plugin_get_object('authbuiltin');
@@ -119,9 +120,8 @@
html_feedback_top($feedback);
}
-$params = array();
-$params['return_to'] = $return_to;
-plugin_hook('display_auth_form');
+// Otherwise, display the login form again
+display_login_form($return_to, $triggered);
$HTML->footer(array());
Modified: trunk/src/plugins/authcas/include/AuthCASPlugin.class.php
===================================================================
--- trunk/src/plugins/authcas/include/AuthCASPlugin.class.php 2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authcas/include/AuthCASPlugin.class.php 2011-03-16 21:00:58 UTC (rev 12809)
@@ -96,6 +96,8 @@
</form>' ;
$params['html_snippets'][$this->name] = $result;
+
+ $params['transparent_redirect_urls'][$this->name] = util_make_url('/plugins/authcas/post-login.php?return_to='.htmlspecialchars(stripslashes($return_to)).'&login=1');
}
/**
Modified: trunk/src/plugins/authcas/www/post-login.php
===================================================================
--- trunk/src/plugins/authcas/www/post-login.php 2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authcas/www/post-login.php 2011-03-16 21:00:58 UTC (rev 12809)
@@ -33,6 +33,7 @@
require_once('../../../www/env.inc.php');
require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
$plugin = plugin_get_object('authcas');
@@ -44,24 +45,6 @@
$error_msg = htmlspecialchars(getStringFromRequest('error_msg'));
$triggered = getIntFromRequest('triggered');
-//
-// Validate return_to
-//
-if ($return_to) {
- $tmpreturn=explode('?',$return_to);
- $rtpath = $tmpreturn[0] ;
-
- if (@is_file(forge_get_config('url_root').$rtpath)
- || @is_dir(forge_get_config('url_root').$rtpath)
- || (strpos($rtpath,'/projects') == 0)
- || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
- $newrt = $return_to ;
- } else {
- $newrt = '/' ;
- }
- $return_to = $newrt ;
-}
-
if (forge_get_config('use_ssl') && !session_issecure()) {
//force use of SSL for login
// redirect
@@ -77,6 +60,8 @@
$plugin->startSession(phpCAS::getUser());
}
if ($return_to) {
+ validate_return_to($return_to);
+
header ("Location: " . util_make_url($return_to));
exit;
} else {
@@ -99,6 +84,8 @@
$plugin->startSession(phpCAS::getUser());
}
if ($return_to) {
+ validate_return_to($return_to);
+
header ("Location: " . util_make_url($return_to));
exit;
} else {
@@ -110,15 +97,8 @@
}
// Otherwise, display the login form again
+display_login_page($return_to, $triggered);
-$HTML->header(array('title'=>'Login'));
-
-$params = array();
-$params['return_to'] = $return_to;
-plugin_hook('display_auth_form');
-
-$HTML->footer(array());
-
// Local Variables:
// mode: php
// c-file-style: "bsd"
Modified: trunk/src/plugins/authhttpd/include/AuthHTTPDPlugin.class.php
===================================================================
--- trunk/src/plugins/authhttpd/include/AuthHTTPDPlugin.class.php 2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authhttpd/include/AuthHTTPDPlugin.class.php 2011-03-16 21:00:58 UTC (rev 12809)
@@ -72,6 +72,9 @@
</form>' ;
$params['html_snippets'][$this->name] = $result;
+
+ $params['transparent_redirect_urls'][$this->name] = util_make_url('/plugins/authhttpd/post-login.php?return_to
+='.htmlspecialchars(stripslashes($return_to)));
}
/**
Modified: trunk/src/plugins/authhttpd/www/post-login.php
===================================================================
--- trunk/src/plugins/authhttpd/www/post-login.php 2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authhttpd/www/post-login.php 2011-03-16 21:00:58 UTC (rev 12809)
@@ -33,6 +33,7 @@
require_once('../../../www/env.inc.php');
require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
$plugin = plugin_get_object('authcas');
@@ -44,24 +45,6 @@
$error_msg = htmlspecialchars(getStringFromRequest('error_msg'));
$triggered = getIntFromRequest('triggered');
-//
-// Validate return_to
-//
-if ($return_to) {
- $tmpreturn=explode('?',$return_to);
- $rtpath = $tmpreturn[0] ;
-
- if (@is_file(forge_get_config('url_root').$rtpath)
- || @is_dir(forge_get_config('url_root').$rtpath)
- || (strpos($rtpath,'/projects') == 0)
- || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
- $newrt = $return_to ;
- } else {
- $newrt = '/' ;
- }
- $return_to = $newrt ;
-}
-
if (forge_get_config('use_ssl') && !session_issecure()) {
//force use of SSL for login
// redirect
@@ -72,6 +55,8 @@
$plugin->startSession($GLOBALS['REMOTE_USER']);
}
if ($return_to) {
+ validate_return_to($return_to);
+
header ("Location: " . util_make_url($return_to));
exit;
} else {
Modified: trunk/src/plugins/authldap/www/post-login.php
===================================================================
--- trunk/src/plugins/authldap/www/post-login.php 2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/plugins/authldap/www/post-login.php 2011-03-16 21:00:58 UTC (rev 12809)
@@ -31,6 +31,7 @@
require_once('../../../www/env.inc.php');
require_once $gfcommon.'include/pre.php';
+require_once('../../../www/include/login-form.php');
$plugin = plugin_get_object('authldap');
@@ -120,9 +121,8 @@
html_feedback_top($feedback);
}
-$params = array();
-$params['return_to'] = $return_to;
-plugin_hook('display_auth_form');
+// Otherwise, display the login form again
+display_login_form($return_to, $triggered);
$HTML->footer(array());
Modified: trunk/src/www/account/login.php
===================================================================
--- trunk/src/www/account/login.php 2011-03-16 21:00:39 UTC (rev 12808)
+++ trunk/src/www/account/login.php 2011-03-16 21:00:58 UTC (rev 12809)
@@ -40,31 +40,8 @@
session_logout();
}
-$HTML->header(array('title'=>'Login'));
+display_login_page($return_to, $triggered);
-echo '<p>';
-if ($triggered) {
- echo '<div class="warning">' ;
- echo _('You\'ve been redirected to this login page because you have tried accessing a page that was not available to you as an anonymous user.');
- echo '</div> ' ;
-}
-echo '</p>';
-
-// see AuthBuiltinPlugin::displayAuthForm() that should do the work by default
-
-$params = array();
-$params['return_to'] = $return_to;
-$params['html_snippets'] = array();
-plugin_hook_by_reference('display_auth_form', $params);
-
-foreach ($params['html_snippets'] as $p => $s) {
- $plugin = plugin_get_object($p);
- echo '<h2>'.$plugin->text.'</h2>';
- echo $s;
-}
-
-$HTML->footer(array());
-
// Local Variables:
// mode: php
// c-file-style: "bsd"
Added: trunk/src/www/include/login-form.php
===================================================================
--- trunk/src/www/include/login-form.php (rev 0)
+++ trunk/src/www/include/login-form.php 2011-03-16 21:00:58 UTC (rev 12809)
@@ -0,0 +1,90 @@
+<?php
+/**
+ * FusionForge login form functions
+ *
+ * Copyright 2011, Roland Mas
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+function validate_return_to(&$return_to='/') {
+ $newrt = '/' ;
+
+ if ($return_to) {
+ $tmpreturn=explode('?',$return_to);
+ $rtpath = $tmpreturn[0] ;
+
+ if (@is_file(forge_get_config('url_root').$rtpath)
+ || @is_dir(forge_get_config('url_root').$rtpath)
+ || (strpos($rtpath,'/projects') == 0)
+ || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
+ $newrt = $return_to ;
+ }
+ }
+
+ $return_to = $newrt;
+}
+
+function display_login_page($return_to='/', $triggered=false) {
+ display_login_form($return_to, $triggered, true);
+}
+
+function display_login_form($return_to='/', $triggered=false, $full_page=false) {
+ validate_return_to($return_to);
+
+ $params = array();
+ $params['return_to'] = $return_to;
+ $params['html_snippets'] = array();
+ $params['transparent_redirect_urls'] = array();
+ plugin_hook_by_reference('display_auth_form', $params);
+
+ if (!$formonly) {
+ if (count($params['html_snippets']) == 1
+ && count($params['transparent_redirect_urls']) == 1) {
+ session_redirect($params['transparent_redirect_urls'][0]);
+ }
+
+ $HTML->header(array('title'=>'Login'));
+ }
+
+ if ($triggered) {
+ echo '<p>';
+ echo '<div class="warning">' ;
+ echo _('You\'ve been redirected to this login page because you have tried accessing a page that was not available to you as an anonymous user.');
+ echo '</div> ' ;
+ echo '</p>';
+ }
+
+ // see AuthBuiltinPlugin::displayAuthForm() that should do the work by default
+
+ foreach ($params['html_snippets'] as $p => $s) {
+ $plugin = plugin_get_object($p);
+ echo '<h2>'.$plugin->text.'</h2>';
+ echo $s;
+ }
+
+ if (!$formonly) {
+ $HTML->footer(array());
+ }
+}
+
+// Local Variables:
+// mode: php
+// c-file-style: "bsd"
+// End:
+
+?>
More information about the Fusionforge-commits
mailing list