coregrade/CoreGradeLearning
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-09-30 18:11:26 -04:00
commit e592ca6823
27270 changed files with 5002257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
auth/cas/CAS/readme_moodle.txt
+26
View File
@@ -0,0 +1,26 @@
Description of phpCAS import into Moodle
Last release can be found at https://github.com/apereo/phpCAS/releases
NOTICE:
* Before running composer command, make sure you have the composer version updated.
* Composer version 2.2.4 2022-01-08 12:30:42
STEPS:
* Make sure you're using the lowest supported PHP version for the given release (e.g. PHP 7.4 for Moodle 4.1)
* Create a temporary folder outside your Moodle installation
* Execute 'composer require apereo/phpcas:VERSION'
* Check any new libraries that have been added and make sure they do not exist in Moodle already.
* Remove the old 'vendor' directory in auth/cas/CAS/
* Copy contents of 'vendor' directory
* Create a commit with only the library changes.
- Note: Make sure to check the list of unversioned files and add any new files to the staging area.
* Update auth/cas/thirdpartylibs.xml
* Apply the modifications described in the CHANGES section
* Create another commit with the previous two steps of changes
CHANGES:
* Remove all the hidden folders and files in vendor/apereo/phpcas/ (find . -name ".*"):
- .codecov.yml
- .gitattributes
- .github
auth/cas/README-CAS
+8
View File
@@ -0,0 +1,8 @@
CAS-module README
auth/cas/auth.php
+400
View File
@@ -0,0 +1,400 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Authentication Plugin: CAS Authentication
*
* Authentication using CAS (Central Authentication Server).
*
* @author Martin Dougiamas
* @author Jerome GUTIERREZ
* @author Iñaki Arenaza
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
* @package auth_cas
*/
defined('MOODLE_INTERNAL') || die();
require_once($CFG->dirroot.'/auth/ldap/auth.php');
require_once($CFG->dirroot.'/auth/cas/CAS/vendor/autoload.php');
require_once($CFG->dirroot.'/auth/cas/CAS/vendor/apereo/phpcas/source/CAS.php');
/**
* CAS authentication plugin.
*/
class auth_plugin_cas extends auth_plugin_ldap {
/**
* Constructor.
*/
public function __construct() {
$this->authtype = 'cas';
$this->roleauth = 'auth_cas';
$this->errorlogtag = '[AUTH CAS] ';
$this->init_plugin($this->authtype);
}
/**
* Old syntax of class constructor. Deprecated in PHP7.
*
* @deprecated since Moodle 3.1
*/
public function auth_plugin_cas() {
debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER);
self::__construct();
}
function prevent_local_passwords() {
return true;
}
/**
* Authenticates user against CAS
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username (with system magic quotes)
* @param string $password The password (with system magic quotes)
* @return bool Authentication success or failure.
*/
function user_login($username, $password) {
$this->connectCAS();
return phpCAS::isAuthenticated() && (trim(core_text::strtolower(phpCAS::getUser())) == $username);
}
/**
* Returns true if this authentication plugin is 'internal'.
*
* @return bool
*/
function is_internal() {
return false;
}
/**
* Returns true if this authentication plugin can change the user's
* password.
*
* @return bool
*/
function can_change_password() {
return false;
}
/**
* Authentication choice (CAS or other)
* Redirection to the CAS form or to login/index.php
* for other authentication
*/
function loginpage_hook() {
global $frm;
global $CFG;
global $SESSION, $OUTPUT, $PAGE;
$site = get_site();
$CASform = get_string('CASform', 'auth_cas');
$username = optional_param('username', '', PARAM_RAW);
$courseid = optional_param('courseid', 0, PARAM_INT);
if (!empty($username)) {
if (isset($SESSION->wantsurl) && (strstr($SESSION->wantsurl, 'ticket') ||
strstr($SESSION->wantsurl, 'NOCAS'))) {
unset($SESSION->wantsurl);
}
return;
}
// Return if CAS enabled and settings not specified yet
if (empty($this->config->hostname)) {
return;
}
// If the multi-authentication setting is used, check for the param before connecting to CAS.
if ($this->config->multiauth) {
// If there is an authentication error, stay on the default authentication page.
if (!empty($SESSION->loginerrormsg)) {
return;
}
$authCAS = optional_param('authCAS', '', PARAM_RAW);
if ($authCAS != 'CAS') {
return;
}
}
// Connection to CAS server
$this->connectCAS();
if (phpCAS::checkAuthentication()) {
$frm = new stdClass();
$frm->username = phpCAS::getUser();
$frm->password = 'passwdCas';
$frm->logintoken = \core\session\manager::get_login_token();
// Redirect to a course if multi-auth is activated, authCAS is set to CAS and the courseid is specified.
if ($this->config->multiauth && !empty($courseid)) {
redirect(new moodle_url('/course/view.php', array('id'=>$courseid)));
}
return;
}
if (isset($_GET['loginguest']) && ($_GET['loginguest'] == true)) {
$frm = new stdClass();
$frm->username = 'guest';
$frm->password = 'guest';
$frm->logintoken = \core\session\manager::get_login_token();
return;
}
// Force CAS authentication (if needed).
if (!phpCAS::isAuthenticated()) {
phpCAS::setLang($this->config->language);
phpCAS::forceAuthentication();
}
}
/**
* Connect to the CAS (clientcas connection or proxycas connection)
*
*/
function connectCAS() {
global $CFG;
static $connected = false;
if (!$connected) {
// Form the base URL of the server with just the protocol and hostname.
$serverurl = new moodle_url("/");
$servicebaseurl = $serverurl->get_scheme() ? $serverurl->get_scheme() . "://" : '';
$servicebaseurl .= $serverurl->get_host();
// Add the port if set.
$servicebaseurl .= $serverurl->get_port() ? ':' . $serverurl->get_port() : '';
// Make sure phpCAS doesn't try to start a new PHP session when connecting to the CAS server.
if ($this->config->proxycas) {
phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri,
$servicebaseurl, false);
} else {
phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port,
$this->config->baseuri, $servicebaseurl, false);
}
// Some CAS installs require SSLv3 that should be explicitly set.
if (!empty($this->config->curl_ssl_version)) {
phpCAS::setExtraCurlOption(CURLOPT_SSLVERSION, $this->config->curl_ssl_version);
}
$connected = true;
}
// If Moodle is configured to use a proxy, phpCAS needs some curl options set.
if (!empty($CFG->proxyhost) && !is_proxybypass(phpCAS::getServerLoginURL())) {
phpCAS::setExtraCurlOption(CURLOPT_PROXY, $CFG->proxyhost);
if (!empty($CFG->proxyport)) {
phpCAS::setExtraCurlOption(CURLOPT_PROXYPORT, $CFG->proxyport);
}
if (!empty($CFG->proxytype)) {
// Only set CURLOPT_PROXYTYPE if it's something other than the curl-default http
if ($CFG->proxytype == 'SOCKS5') {
phpCAS::setExtraCurlOption(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
}
}
if (!empty($CFG->proxyuser) and !empty($CFG->proxypassword)) {
phpCAS::setExtraCurlOption(CURLOPT_PROXYUSERPWD, $CFG->proxyuser.':'.$CFG->proxypassword);
if (defined('CURLOPT_PROXYAUTH')) {
// any proxy authentication if PHP 5.1
phpCAS::setExtraCurlOption(CURLOPT_PROXYAUTH, CURLAUTH_BASIC | CURLAUTH_NTLM);
}
}
}
if ($this->config->certificate_check && $this->config->certificate_path){
phpCAS::setCasServerCACert($this->config->certificate_path);
} else {
// Don't try to validate the server SSL credentials
phpCAS::setNoCasServerValidation();
}
}
/**
* Returns the URL for changing the user's pw, or empty if the default can
* be used.
*
* @return moodle_url
*/
function change_password_url() {
return null;
}
/**
* Returns true if user should be coursecreator.
*
* @param mixed $username username (without system magic quotes)
* @return boolean result
*/
function iscreator($username) {
if (empty($this->config->host_url) or (empty($this->config->attrcreators) && empty($this->config->groupecreators)) or empty($this->config->memberattribute)) {
return false;
}
$extusername = core_text::convert($username, 'utf-8', $this->config->ldapencoding);
// Test for group creator
if (!empty($this->config->groupecreators)) {
$ldapconnection = $this->ldap_connect();
if ($this->config->memberattribute_isdn) {
if(!($userid = $this->ldap_find_userdn($ldapconnection, $extusername))) {
return false;
}
} else {
$userid = $extusername;
}
$group_dns = explode(';', $this->config->groupecreators);
if (ldap_isgroupmember($ldapconnection, $userid, $group_dns, $this->config->memberattribute)) {
return true;
}
}
// Build filter for attrcreator
if (!empty($this->config->attrcreators)) {
$attrs = explode(';', $this->config->attrcreators);
$filter = '(& ('.$this->config->user_attribute."=$username)(|";
foreach ($attrs as $attr){
if(strpos($attr, '=')) {
$filter .= "($attr)";
} else {
$filter .= '('.$this->config->memberattribute."=$attr)";
}
}
$filter .= '))';
// Search
$result = $this->ldap_get_userlist($filter);
if (count($result) != 0) {
return true;
}
}
return false;
}
/**
* Reads user information from LDAP and returns it as array()
*
* If no LDAP servers are configured, user information has to be
* provided via other methods (CSV file, manually, etc.). Return
* an empty array so existing user info is not lost. Otherwise,
* calls parent class method to get user info.
*
* @param string $username username
* @return mixed array with no magic quotes or false on error
*/
function get_userinfo($username) {
if (empty($this->config->host_url)) {
return array();
}
return parent::get_userinfo($username);
}
/**
* Syncronizes users from LDAP server to moodle user table.
*
* If no LDAP servers are configured, simply return. Otherwise,
* call parent class method to do the work.
*
* @param bool $do_updates will do pull in data updates from LDAP if relevant
* @return nothing
*/
function sync_users($do_updates=true) {
if (empty($this->config->host_url)) {
error_log('[AUTH CAS] '.get_string('noldapserver', 'auth_cas'));
return;
}
parent::sync_users($do_updates);
}
/**
* Hook for logout page
*/
function logoutpage_hook() {
global $USER, $redirect;
// Only do this if the user is actually logged in via CAS
if ($USER->auth === $this->authtype) {
// Check if there is an alternative logout return url defined
if (isset($this->config->logout_return_url) && !empty($this->config->logout_return_url)) {
// Set redirect to alternative return url
$redirect = $this->config->logout_return_url;
}
}
}
/**
* Post logout hook.
*
* Note: this method replace the prelogout_hook method to avoid redirect to CAS logout
* before the event userlogout being triggered.
*
* @param stdClass $user clone of USER object object before the user session was terminated
*/
public function postlogout_hook($user) {
global $CFG;
// Only redirect to CAS logout if the user is logged as a CAS user.
if (!empty($this->config->logoutcas) && $user->auth == $this->authtype) {
$backurl = !empty($this->config->logout_return_url) ? $this->config->logout_return_url : $CFG->wwwroot;
$this->connectCAS();
phpCAS::logoutWithRedirectService($backurl);
}
}
/**
* Return a list of identity providers to display on the login page.
*
* @param string|moodle_url $wantsurl The requested URL.
* @return array List of arrays with keys url, iconurl and name.
*/
public function loginpage_idp_list($wantsurl) {
if (empty($this->config->hostname)) {
// CAS is not configured.
return [];
}
if ($this->config->auth_logo) {
$iconurl = moodle_url::make_pluginfile_url(
context_system::instance()->id,
'auth_cas',
'logo',
null,
null,
$this->config->auth_logo);
} else {
$iconurl = null;
}
return [
[
'url' => new moodle_url(get_login_url(), [
'authCAS' => 'CAS',
]),
'iconurl' => $iconurl,
'name' => format_string($this->config->auth_name),
],
];
}
}
auth/cas/classes/privacy/provider.php
+41
View File
@@ -0,0 +1,41 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Privacy Subsystem implementation for auth_cas.
*
* @package auth_cas
* @copyright 2018 Carlos Escobedo <carlos@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace auth_cas\privacy;
defined('MOODLE_INTERNAL') || die();
/**
* Privacy Subsystem for auth_cas implementing null_provider.
*
* @copyright 2018 Carlos Escobedo <carlos@moodle.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class provider implements \core_privacy\local\metadata\null_provider {
/**
* Get the language string identifier with the component's language
* file to explain why this plugin stores no data.
*
* @return string
*/
public static function get_reason(): string {
return 'privacy:metadata';
}
}
auth/cas/classes/task/sync_task.php
+54
View File
@@ -0,0 +1,54 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* A scheduled task for CAS user sync.
*
* @package auth_cas
* @copyright 2015 Vadim Dvorovenko <Vadimon@mail.ru>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
namespace auth_cas\task;
/**
* A scheduled task class for CAS user sync.
*
* @copyright 2015 Vadim Dvorovenko <Vadimon@mail.ru>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class sync_task extends \core\task\scheduled_task {
/**
* Get a descriptive name for this task (shown to admins).
*
* @return string
*/
public function get_name() {
return get_string('synctask', 'auth_cas');
}
/**
* Run users sync.
*/
public function execute() {
global $CFG;
if (is_enabled_auth('cas')) {
$auth = get_auth_plugin('cas');
$auth->sync_users(true);
}
}
}
auth/cas/cli/sync_users.php
+67
View File
@@ -0,0 +1,67 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* CAS user sync script.
*
* This script is meant to be called from a cronjob to sync moodle with the CAS
* backend in those setups where the CAS backend acts as 'master'.
*
* Notes:
* - it is required to use the web server account when executing PHP CLI scripts
* - you need to change the "www-data" to match the apache user account
* - use "su" if "sudo" not available
* - If you have a large number of users, you may want to raise the memory limits
* by passing -d momory_limit=256M
* - For debugging & better logging, you are encouraged to use in the command line:
* -d log_errors=1 -d error_reporting=E_ALL -d display_errors=0 -d html_errors=0
*
* Performance notes:
* We have optimized it as best as we could for PostgreSQL and MySQL, with 27K students
* we have seen this take 10 minutes.
*
* @package auth_cas
* @copyright 2007 Jerome Gutierrez - based on code by Martin Langhoff
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @deprecated since Moodle 3.0 MDL-51824 - please do not use this CLI script any more, use scheduled task instead.
* @todo MDL-50264 This will be deleted in Moodle 3.2.
*/
define('CLI_SCRIPT', true);
require(__DIR__.'/../../../config.php');
require_once($CFG->dirroot.'/course/lib.php');
require_once($CFG->libdir.'/clilib.php');
// Ensure errors are well explained
set_debugging(DEBUG_DEVELOPER, true);
if (!is_enabled_auth('cas')) {
error_log('[AUTH CAS] '.get_string('pluginnotenabled', 'auth_ldap'));
die;
}
cli_problem('[AUTH CAS] The sync users cron has been deprecated. Please use the scheduled task instead.');
// Abort execution of the CLI script if the auth_cas\task\sync_task is enabled.
$task = \core\task\manager::get_scheduled_task('auth_cas\task\sync_task');
if (!$task->get_disabled()) {
cli_error('[AUTH CAS] The scheduled task sync_task is enabled, the cron execution has been aborted.');
}
$casauth = get_auth_plugin('cas');
$casauth->sync_users(true);
auth/cas/db/install.php
+6
View File
@@ -0,0 +1,6 @@
<?php
function xmldb_auth_cas_install() {
global $CFG, $DB;
}
auth/cas/db/tasks.php
+39
View File
@@ -0,0 +1,39 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Definition of auth_cas tasks.
*
* @package auth_cas
* @category task
* @copyright 2015 Vadim Dvorovenko <Vadimon@mail.ru>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
$tasks = array(
array(
'classname' => 'auth_cas\task\sync_task',
'blocking' => 0,
'minute' => '0',
'hour' => '0',
'day' => '*',
'month' => '*',
'dayofweek' => '*',
'disabled' => 1
)
);
auth/cas/db/upgrade.php
+44
View File
@@ -0,0 +1,44 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* CAS authentication plugin upgrade code
*
* @package auth_cas
* @copyright 2013 Iñaki Arenaza
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* Function to upgrade auth_cas.
* @param int $oldversion the version we are upgrading from
* @return bool result
*/
function xmldb_auth_cas_upgrade($oldversion) {
// Automatically generated Moodle v4.1.0 release upgrade line.
// Put any upgrade step following this.
// Automatically generated Moodle v4.2.0 release upgrade line.
// Put any upgrade step following this.
// Automatically generated Moodle v4.3.0 release upgrade line.
// Put any upgrade step following this.
// Automatically generated Moodle v4.4.0 release upgrade line.
// Put any upgrade step following this.
return true;
}
auth/cas/lang/en/auth_cas.php
+80
View File
@@ -0,0 +1,80 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Strings for component 'auth_cas', language 'en'.
*
* @package auth_cas
* @copyright 1999 onwards Martin Dougiamas {@link http://moodle.com}
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
$string['auth_cas_auth_name'] = 'Authentication method name';
$string['auth_cas_auth_name_description'] = 'Provide a name for the CAS authentication method that is familiar to your users.';
$string['auth_cas_auth_logo'] = 'Authentication method logo';
$string['auth_cas_auth_logo_description'] = 'Provide a logo for the CAS authentication method that is familiar to your users.';
$string['auth_cas_auth_user_create'] = 'Create users externally';
$string['auth_cas_auth_service'] = 'CAS';
$string['auth_cas_baseuri'] = 'URI of the server (nothing if no baseUri)<br />For example, if the CAS server responds to host.domaine.fr/CAS/ then<br />cas_baseuri = CAS/';
$string['auth_cas_baseuri_key'] = 'Base URI';
$string['auth_cas_broken_password'] = 'You cannot proceed without changing your password, however there is no available page for changing it. Please contact your Moodle Administrator.';
$string['auth_cas_cantconnect'] = 'LDAP part of CAS-module cannot connect to server: {$a}';
$string['auth_cas_casversion'] = 'CAS protocol version';
$string['auth_cas_certificate_check'] = 'Select \'yes\' if you want to validate the server certificate';
$string['auth_cas_certificate_path_empty'] = 'If you turn on Server validation, you need to specify a certificate path';
$string['auth_cas_certificate_check_key'] = 'Server validation';
$string['auth_cas_certificate_path'] = 'Path of the CA chain file (PEM Format) to validate the server certificate';
$string['auth_cas_certificate_path_key'] = 'Certificate path';
$string['auth_cas_create_user'] = 'Turn this on if you want to insert CAS-authenticated users in Moodle database. If not then only users who already exist in the Moodle database can log in.';
$string['auth_cas_create_user_key'] = 'Create user';
$string['auth_cas_curl_ssl_version'] = 'The SSL version (2 or 3) to use. By default PHP will try to determine this itself, although in some cases this must be set manually.';
$string['auth_cas_curl_ssl_version_default'] = 'Default';
$string['auth_cas_curl_ssl_version_key'] = 'cURL SSL Version';
$string['auth_cas_curl_ssl_version_SSLv2'] = 'SSLv2';
$string['auth_cas_curl_ssl_version_SSLv3'] = 'SSLv3';
$string['auth_cas_curl_ssl_version_TLSv1x'] = 'TLSv1.x';
$string['auth_cas_curl_ssl_version_TLSv10'] = 'TLSv1.0';
$string['auth_cas_curl_ssl_version_TLSv11'] = 'TLSv1.1';
$string['auth_cas_curl_ssl_version_TLSv12'] = 'TLSv1.2';
$string['auth_casdescription'] = 'This method uses a CAS server (Central Authentication Service) to authenticate users in a Single Sign On environment (SSO). You can also use a simple LDAP authentication. If the given username and password are valid according to CAS, Moodle creates a new user entry in its database, taking user attributes from LDAP if required. On following logins only the username and password are checked.';
$string['auth_cas_enabled'] = 'Turn this on if you want to use CAS authentication.';
$string['auth_cas_hostname'] = 'Hostname of the CAS server <br />eg: host.domain.fr';
$string['auth_cas_hostname_key'] = 'Hostname';
$string['auth_cas_changepasswordurl'] = 'Password-change URL';
$string['auth_cas_invalidcaslogin'] = 'Sorry, your login has failed - you could not be authorised';
$string['auth_cas_language'] = 'Select language for authentication pages';
$string['auth_cas_language_key'] = 'Language';
$string['auth_cas_logincas'] = 'Secure connection access';
$string['auth_cas_logout_return_url_key'] = 'Alternative logout return URL';
$string['auth_cas_logout_return_url'] = 'Provide the URL that CAS users shall be redirected to after logging out.<br />If left empty, users will be redirected to the location that moodle will redirect users to';
$string['auth_cas_logoutcas'] = 'Select \'yes\' if you want to logout from CAS when you disconnect from Moodle';
$string['auth_cas_logoutcas_key'] = 'CAS logout option';
$string['auth_cas_multiauth'] = 'Select \'yes\' if you want to have multi-authentication (CAS + other authentication)';
$string['auth_cas_multiauth_key'] = 'Multi-authentication';
$string['auth_casnotinstalled'] = 'Cannot use CAS authentication. The PHP LDAP module is not installed.';
$string['auth_cas_port'] = 'Port of the CAS server';
$string['auth_cas_port_key'] = 'Port';
$string['auth_cas_proxycas'] = 'Select \'yes\' if you use CAS in proxy-mode';
$string['auth_cas_proxycas_key'] = 'Proxy mode';
$string['auth_cas_server_settings'] = 'CAS server configuration';
$string['auth_cas_text'] = 'Secure connection';
$string['auth_cas_use_cas'] = 'Use CAS';
$string['auth_cas_version'] = 'CAS protocol version to use';
$string['CASform'] = 'Authentication choice';
$string['noldapserver'] = 'No LDAP server configured for CAS! Syncing disabled.';
$string['pluginname'] = 'CAS server (SSO)';
$string['synctask'] = 'CAS users sync job';
$string['privacy:metadata'] = 'The CAS server (SSO) authentication plugin does not store any personal data.';
auth/cas/languages.php
+16
View File
@@ -0,0 +1,16 @@
<?php
$caslangconstprefix = 'PHPCAS_LANG_';
$caslangprefixlen = strlen('CAS_Languages_');
$CASLANGUAGES = array ();
$consts = get_defined_constants(true);
foreach ($consts['user'] as $key => $value) {
if (preg_match("/^$caslangconstprefix/", $key)) {
$CASLANGUAGES[$value] = substr($value, $caslangprefixlen);
}
}
if (empty($CASLANGUAGES)) {
$CASLANGUAGES = array (PHPCAS_LANG_ENGLISH => 'English',
PHPCAS_LANG_FRENCH => 'French');
}
auth/cas/lib.php
+67
View File
@@ -0,0 +1,67 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Authentication Plugin: CAS Authentication.
*
* Authentication using CAS (Central Authentication Server).
*
* @package auth_cas
* @copyright 2018 Fabrice Ménard <menard.fabrice@gmail.com>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die;
/**
* Serves the logo file settings.
*
* @param stdClass $course course object
* @param stdClass $cm course module object
* @param stdClass $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool false|void
*/
function auth_cas_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = []) {
if ($context->contextlevel != CONTEXT_SYSTEM) {
return false;
}
if ($filearea !== 'logo' ) {
return false;
}
// Extract the filename / filepath from the $args array.
$filename = array_pop($args);
if (!$args) {
$filepath = '/';
} else {
$filepath = '/' . implode('/', $args) . '/';
}
// Retrieve the file from the Files API.
$itemid = 0;
$fs = get_file_storage();
$file = $fs->get_file($context->id, 'auth_cas', $filearea, $itemid, $filepath, $filename);
if (!$file) {
return false; // The file does not exist.
}
send_stored_file($file, null, 0, $forcedownload, $options);
}
auth/cas/settings.php
+293
View File
@@ -0,0 +1,293 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Admin settings and defaults.
*
* @package auth_cas
* @copyright 2017 Stephen Bourget
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die;
if ($ADMIN->fulltree) {
if (!function_exists('ldap_connect')) {
$notify = new \core\output\notification(get_string('auth_casnotinstalled', 'auth_cas'),
\core\output\notification::NOTIFY_WARNING);
$settings->add(new admin_setting_heading('auth_casnotinstalled', '', $OUTPUT->render($notify)));
} else {
// We use a couple of custom admin settings since we need to massage the data before it is inserted into the DB.
require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_lowercase_configtext.php');
require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_contexts_configtext.php');
// Include needed files.
require_once($CFG->dirroot.'/auth/cas/auth.php');
require_once($CFG->dirroot.'/auth/cas/languages.php');
// Introductory explanation.
$settings->add(new admin_setting_heading('auth_cas/pluginname', '',
new lang_string('auth_casdescription', 'auth_cas')));
// CAS server configuration label.
$settings->add(new admin_setting_heading('auth_cas/casserversettings',
new lang_string('auth_cas_server_settings', 'auth_cas'), ''));
// Authentication method name.
$settings->add(new admin_setting_configtext('auth_cas/auth_name',
get_string('auth_cas_auth_name', 'auth_cas'),
get_string('auth_cas_auth_name_description', 'auth_cas'),
get_string('auth_cas_auth_service', 'auth_cas'),
PARAM_RAW_TRIMMED));
// Authentication method logo.
$opts = array('accepted_types' => array('.png', '.jpg', '.gif', '.webp', '.tiff', '.svg'));
$settings->add(new admin_setting_configstoredfile('auth_cas/auth_logo',
get_string('auth_cas_auth_logo', 'auth_cas'),
get_string('auth_cas_auth_logo_description', 'auth_cas'), 'logo', 0, $opts));
// Hostname.
$settings->add(new admin_setting_configtext('auth_cas/hostname',
get_string('auth_cas_hostname_key', 'auth_cas'),
get_string('auth_cas_hostname', 'auth_cas'), '', PARAM_RAW_TRIMMED));
// Base URI.
$settings->add(new admin_setting_configtext('auth_cas/baseuri',
get_string('auth_cas_baseuri_key', 'auth_cas'),
get_string('auth_cas_baseuri', 'auth_cas'), '', PARAM_RAW_TRIMMED));
// Port.
$settings->add(new admin_setting_configtext('auth_cas/port',
get_string('auth_cas_port_key', 'auth_cas'),
get_string('auth_cas_port', 'auth_cas'), '', PARAM_INT));
// CAS Version.
$casversions = array();
$casversions[CAS_VERSION_1_0] = 'CAS 1.0';
$casversions[CAS_VERSION_2_0] = 'CAS 2.0';
$settings->add(new admin_setting_configselect('auth_cas/casversion',
new lang_string('auth_cas_casversion', 'auth_cas'),
new lang_string('auth_cas_version', 'auth_cas'), CAS_VERSION_2_0, $casversions));
// Language.
if (!isset($CASLANGUAGES) || empty($CASLANGUAGES)) {
// Prevent warnings on other admin pages.
// $CASLANGUAGES is defined in /auth/cas/languages.php.
$CASLANGUAGES = array();
$CASLANGUAGES[PHPCAS_LANG_ENGLISH] = 'English';
$CASLANGUAGES[PHPCAS_LANG_FRENCH] = 'French';
}
$settings->add(new admin_setting_configselect('auth_cas/language',
new lang_string('auth_cas_language_key', 'auth_cas'),
new lang_string('auth_cas_language', 'auth_cas'), PHPCAS_LANG_ENGLISH, $CASLANGUAGES));
// Proxy.
$yesno = array(
new lang_string('no'),
new lang_string('yes'),
);
$settings->add(new admin_setting_configselect('auth_cas/proxycas',
new lang_string('auth_cas_proxycas_key', 'auth_cas'),
new lang_string('auth_cas_proxycas', 'auth_cas'), 0 , $yesno));
// Logout option.
$settings->add(new admin_setting_configselect('auth_cas/logoutcas',
new lang_string('auth_cas_logoutcas_key', 'auth_cas'),
new lang_string('auth_cas_logoutcas', 'auth_cas'), 0 , $yesno));
// Multi-auth.
$settings->add(new admin_setting_configselect('auth_cas/multiauth',
new lang_string('auth_cas_multiauth_key', 'auth_cas'),
new lang_string('auth_cas_multiauth', 'auth_cas'), 0 , $yesno));
// Server validation.
$settings->add(new admin_setting_configselect('auth_cas/certificate_check',
new lang_string('auth_cas_certificate_check_key', 'auth_cas'),
new lang_string('auth_cas_certificate_check', 'auth_cas'), 0 , $yesno));
// Certificate path.
$settings->add(new admin_setting_configfile('auth_cas/certificate_path',
get_string('auth_cas_certificate_path_key', 'auth_cas'),
get_string('auth_cas_certificate_path', 'auth_cas'), ''));
// CURL SSL version.
$sslversions = array();
$sslversions[''] = get_string('auth_cas_curl_ssl_version_default', 'auth_cas');
if (defined('CURL_SSLVERSION_TLSv1')) {
$sslversions[CURL_SSLVERSION_TLSv1] = get_string('auth_cas_curl_ssl_version_TLSv1x', 'auth_cas');
}
if (defined('CURL_SSLVERSION_TLSv1_0')) {
$sslversions[CURL_SSLVERSION_TLSv1_0] = get_string('auth_cas_curl_ssl_version_TLSv10', 'auth_cas');
}
if (defined('CURL_SSLVERSION_TLSv1_1')) {
$sslversions[CURL_SSLVERSION_TLSv1_1] = get_string('auth_cas_curl_ssl_version_TLSv11', 'auth_cas');
}
if (defined('CURL_SSLVERSION_TLSv1_2')) {
$sslversions[CURL_SSLVERSION_TLSv1_2] = get_string('auth_cas_curl_ssl_version_TLSv12', 'auth_cas');
}
if (defined('CURL_SSLVERSION_SSLv2')) {
$sslversions[CURL_SSLVERSION_SSLv2] = get_string('auth_cas_curl_ssl_version_SSLv2', 'auth_cas');
}
if (defined('CURL_SSLVERSION_SSLv3')) {
$sslversions[CURL_SSLVERSION_SSLv3] = get_string('auth_cas_curl_ssl_version_SSLv3', 'auth_cas');
}
$settings->add(new admin_setting_configselect('auth_cas/curl_ssl_version',
new lang_string('auth_cas_curl_ssl_version_key', 'auth_cas'),
new lang_string('auth_cas_curl_ssl_version', 'auth_cas'), '' , $sslversions));
// Alt Logout URL.
$settings->add(new admin_setting_configtext('auth_cas/logout_return_url',
get_string('auth_cas_logout_return_url_key', 'auth_cas'),
get_string('auth_cas_logout_return_url', 'auth_cas'), '', PARAM_URL));
// LDAP server settings.
$settings->add(new admin_setting_heading('auth_cas/ldapserversettings',
new lang_string('auth_ldap_server_settings', 'auth_ldap'), ''));
// Host.
$settings->add(new admin_setting_configtext('auth_cas/host_url',
get_string('auth_ldap_host_url_key', 'auth_ldap'),
get_string('auth_ldap_host_url', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
// Version.
$versions = array();
$versions[2] = '2';
$versions[3] = '3';
$settings->add(new admin_setting_configselect('auth_cas/ldap_version',
new lang_string('auth_ldap_version_key', 'auth_ldap'),
new lang_string('auth_ldap_version', 'auth_ldap'), 3, $versions));
// Start TLS.
$settings->add(new admin_setting_configselect('auth_cas/start_tls',
new lang_string('start_tls_key', 'auth_ldap'),
new lang_string('start_tls', 'auth_ldap'), 0 , $yesno));
// Encoding.
$settings->add(new admin_setting_configtext('auth_cas/ldapencoding',
get_string('auth_ldap_ldap_encoding_key', 'auth_ldap'),
get_string('auth_ldap_ldap_encoding', 'auth_ldap'), 'utf-8', PARAM_RAW_TRIMMED));
// Page Size. (Hide if not available).
$settings->add(new admin_setting_configtext('auth_cas/pagesize',
get_string('pagesize_key', 'auth_ldap'),
get_string('pagesize', 'auth_ldap'), '250', PARAM_INT));
// Bind settings.
$settings->add(new admin_setting_heading('auth_cas/ldapbindsettings',
new lang_string('auth_ldap_bind_settings', 'auth_ldap'), ''));
// User ID.
$settings->add(new admin_setting_configtext('auth_cas/bind_dn',
get_string('auth_ldap_bind_dn_key', 'auth_ldap'),
get_string('auth_ldap_bind_dn', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
// Password.
$settings->add(new admin_setting_configpasswordunmask('auth_cas/bind_pw',
get_string('auth_ldap_bind_pw_key', 'auth_ldap'),
get_string('auth_ldap_bind_pw', 'auth_ldap'), ''));
// User Lookup settings.
$settings->add(new admin_setting_heading('auth_cas/ldapuserlookup',
new lang_string('auth_ldap_user_settings', 'auth_ldap'), ''));
// User Type.
$settings->add(new admin_setting_configselect('auth_cas/user_type',
new lang_string('auth_ldap_user_type_key', 'auth_ldap'),
new lang_string('auth_ldap_user_type', 'auth_ldap'), 'default', ldap_supported_usertypes()));
// Contexts.
$settings->add(new auth_ldap_admin_setting_special_contexts_configtext('auth_cas/contexts',
get_string('auth_ldap_contexts_key', 'auth_ldap'),
get_string('auth_ldap_contexts', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
// Search subcontexts.
$settings->add(new admin_setting_configselect('auth_cas/search_sub',
new lang_string('auth_ldap_search_sub_key', 'auth_ldap'),
new lang_string('auth_ldap_search_sub', 'auth_ldap'), 0 , $yesno));
// Dereference aliases.
$optderef = array();
$optderef[LDAP_DEREF_NEVER] = get_string('no');
$optderef[LDAP_DEREF_ALWAYS] = get_string('yes');
$settings->add(new admin_setting_configselect('auth_cas/opt_deref',
new lang_string('auth_ldap_opt_deref_key', 'auth_ldap'),
new lang_string('auth_ldap_opt_deref', 'auth_ldap'), LDAP_DEREF_NEVER , $optderef));
// User attribute.
$settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_cas/user_attribute',
get_string('auth_ldap_user_attribute_key', 'auth_ldap'),
get_string('auth_ldap_user_attribute', 'auth_ldap'), '', PARAM_RAW));
// Member attribute.
$settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_cas/memberattribute',
get_string('auth_ldap_memberattribute_key', 'auth_ldap'),
get_string('auth_ldap_memberattribute', 'auth_ldap'), '', PARAM_RAW));
// Member attribute uses dn.
$settings->add(new admin_setting_configselect('auth_cas/memberattribute_isdn',
get_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap'),
get_string('auth_ldap_memberattribute_isdn', 'auth_ldap'), 0, $yesno));
// Object class.
$settings->add(new admin_setting_configtext('auth_cas/objectclass',
get_string('auth_ldap_objectclass_key', 'auth_ldap'),
get_string('auth_ldap_objectclass', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
// Course Creators Header.
$settings->add(new admin_setting_heading('auth_cas/coursecreators',
new lang_string('coursecreators'), ''));
// Course creators attribute field mapping.
$settings->add(new admin_setting_configtext('auth_cas/attrcreators',
get_string('auth_ldap_attrcreators_key', 'auth_ldap'),
get_string('auth_ldap_attrcreators', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
// Course creator group field mapping.
$settings->add(new admin_setting_configtext('auth_cas/groupecreators',
get_string('auth_ldap_groupecreators_key', 'auth_ldap'),
get_string('auth_ldap_groupecreators', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
// User Account Sync.
$settings->add(new admin_setting_heading('auth_cas/syncusers',
new lang_string('auth_sync_script', 'auth'), ''));
// Remove external user.
$deleteopt = array();
$deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth');
$deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth');
$deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth');
$settings->add(new admin_setting_configselect('auth_cas/removeuser',
new lang_string('auth_remove_user_key', 'auth'),
new lang_string('auth_remove_user', 'auth'), AUTH_REMOVEUSER_KEEP, $deleteopt));
}
// Display locking / mapping of profile fields.
$authplugin = get_auth_plugin('cas');
$help = get_string('auth_ldapextrafields', 'auth_ldap');
$help .= get_string('auth_updatelocal_expl', 'auth');
$help .= get_string('auth_fieldlock_expl', 'auth');
$help .= get_string('auth_updateremote_expl', 'auth');
$help .= '<hr />';
$help .= get_string('auth_updateremote_ldap', 'auth');
display_auth_lock_options($settings, $authplugin->authtype, $authplugin->userfields, $help, true, true,
$authplugin->get_custom_user_profile_fields());
}
auth/cas/thirdpartylibs.xml
+15
View File
@@ -0,0 +1,15 @@
<?xml version="1.0"?>
<libraries>
<library>
<location>CAS</location>
<name>CAS</name>
<description>phpCAS library to support CAS authentication plugin.</description>
<version>1.6.0</version>
<license>Apache</license>
<licenseversion>2.0</licenseversion>
<repository>https://github.com/apereo/phpCAS</repository>
<copyrights>
<copyright>2007-2020, Apereo Foundation</copyright>
</copyrights>
</library>
</libraries>
auth/cas/upgrade.txt
+7
View File
@@ -0,0 +1,7 @@
This files describes API changes in /auth/cas/*,
information provided here is intended especially for developers.
=== 3.3 ===
* The config.html file was migrated to use the admin settings API.
The identifier for configuration data stored in config_plugins table was converted from 'auth/cas' to 'auth_cas'.
auth/cas/version.php
+33
View File
@@ -0,0 +1,33 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Version details
*
* @package auth_cas
* @author Martin Dougiamas
* @author Jerome GUTIERREZ
* @author Iñaki Arenaza
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
$plugin->version = 2024042200; // The current plugin version (Date: YYYYMMDDXX).
$plugin->requires = 2024041600; // Requires this Moodle version.
$plugin->component = 'auth_cas'; // Full name of the plugin (used for diagnostics)
$plugin->dependencies = ['auth_ldap' => 2024041600];