1<?php
2
3/**
4 * DokuWiki Plugin authsaml (Action Component)
5 *
6 * Can intercepts the 'login' action and redirects the user to the IdP
7 * instead of showing the login form.
8 *
9 * @author  Sixto Martin <sixto.martin.garcia@gmail.com>
10 * @author  Andreas Aakre Solberg, UNINETT, http://www.uninett.no
11 * @author  François Kooman
12 * @author  Thijs Kinkhorst, Universiteit van Tilburg
13 * @author  Jorge Hervás <jordihv@gmail.com>, Lukas Slansky <lukas.slansky@upce.cz>
14
15 * @license GPL2 http://www.gnu.org/licenses/gpl.html
16 * @link https://github.com/pitbulk/dokuwiki-saml
17 */
18
19// must be run within Dokuwiki
20if (! defined('DOKU_INC'))
21    die();
22
23if (! defined('DOKU_LF'))
24    define('DOKU_LF', "\n");
25if (! defined('DOKU_TAB'))
26    define('DOKU_TAB', "\t");
27if (! defined('DOKU_PLUGIN'))
28    define('DOKU_PLUGIN', DOKU_INC . 'lib/plugins/');
29
30require_once DOKU_PLUGIN . 'action.php';
31
32class action_plugin_authsaml extends DokuWiki_Action_Plugin
33{
34
35    protected $saml;
36
37	/**
38	 * Register SAML event handlers
39	 */
40
41    public function register(Doku_Event_Handler $controller)
42    {
43
44        require_once('saml.php');
45        $this->loadConfig();
46        $this->saml = new saml_handler($this->conf);
47
48
49		$controller->register_hook('HTML_LOGINFORM_OUTPUT', 'BEFORE', $this, 'handle_login_form');
50        $controller->register_hook('ACTION_ACT_PREPROCESS', 'BEFORE', $this, 'handle_login');
51    }
52
53	/**
54	 * Redirect Login Handler. Redirect to the IdP if force_saml_login is True
55	 */
56    public function handle_login($event, $param)
57    {
58        global $ACT, $auth;
59
60        $this->saml->get_ssp_instance();
61
62        if ('login' == $ACT) {
63            $force_saml_login = $this->getConf('force_saml_login');
64            if ($force_saml_login) {
65				$this->saml->ssp->requireAuth();
66			}
67
68            if ($this->saml->ssp->isAuthenticated()) {
69
70	            $username = $this->saml->getUsername();
71
72                $user = $this->saml->getUserData($username);
73
74	            if(!$user) {
75		            if(!$this->saml->register_user($username)) {
76			            $auth->sucess = false;
77			            //Exception error creating
78		            }
79		            else {
80			            $user = $this->saml->getUserData($username);
81		            }
82	            }
83	            else {
84		            $this->saml->update_user($username);
85	            }
86    		    $this->saml->login($username);
87            }
88        }
89        if ('logout' == $ACT) {
90            if ($this->saml->ssp->isAuthenticated()) {
91                $this->saml->slo();
92            }
93        }
94    }
95
96	/**
97	 * Insert link to SAML SP
98	 */
99	function handle_login_form(&$event, $param)
100	{
101        global $auth;
102
103        $this->saml->get_ssp_instance();
104
105		$fieldset  = '<fieldset height="400px" style="margin-bottom:20px;"><legend padding-top:-5px">'.$this->getLang('saml_connect').'</legend>';
106		$fieldset .= '<center><a href="'.$this->saml->ssp->getLoginURL().'"><img src="lib/plugins/authsaml/logo.gif" alt="uniquid - saml"></a><br>';
107		$fieldset .= $this->getLang('login_link').'</center></fieldset>';
108		$pos = $event->data->findElementByAttribute('type', 'submit');
109		$event->data->insertElement($pos-4, $fieldset);
110	}
111
112}
113