forked from catalyst/moodle-auth_saml2
-
Notifications
You must be signed in to change notification settings - Fork 1
/
lib.php
86 lines (80 loc) · 2.55 KB
/
lib.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Main file
*
* @package auth_saml2
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @copyright Catalyst IT
*/
/**
* Check if we have the saml=on param set. If so, disable guest access and force the user to log in with saml.
*
* @since Moodle 3.8
* @return void
*/
function auth_saml2_after_config() {
global $CFG;
try {
$saml = optional_param('saml', null, PARAM_BOOL);
if ($saml == 1) {
if (isguestuser()) {
// We want to force users to log in with a real account, so log guest users out.
require_logout();
}
// We have the saml=on param set. Disable guest access (in memory -
// not saved in database) to force the login with saml for this request.
unset($CFG->autologinguests);
}
} catch (\Exception $exception) {
debugging('auth_saml2_after_config error', DEBUG_DEVELOPER, $exception->getTrace());
}
}
/**
* Callback immediately after require_login succeeds.
*
* This callback requires Moodle 3.7+. On earlier versions this will not run. It also won't run
* on pages which don't call require_login, so we use the _before_http_headers() callback too.
*
* @since Moodle 3.7
*/
function auth_saml2_after_require_login() {
\auth_saml2\auto_login::process();
}
/**
* Callback before HTTP headers are sent.
*
* This is called on every page.
*/
function auth_saml2_before_http_headers() {
\auth_saml2\auto_login::process();
}
/**
* Add service status checks
*
* @return array of check objects
*/
function auth_saml2_status_checks() : array {
global $saml2auth;
require_once(__DIR__ . '/setup.php');
// Only if saml is configured then check certificate expiry.
if ($saml2auth->is_configured()) {
return [
new \auth_saml2\check\certificateexpiry(),
];
}
return [];
}