diff --git a/auth.php b/auth.php index ee08ae9..b30d926 100644 --- a/auth.php +++ b/auth.php @@ -57,6 +57,7 @@ class auth_plugin_userkey extends auth_plugin_base { 'keylifetime' => 60, 'iprestriction' => 0, 'redirecturl' => '', + 'ssourl' => '', // TODO: use this field when implementing user creation. 'createuser' => 0. ); @@ -69,6 +70,30 @@ class auth_plugin_userkey extends auth_plugin_base { $this->userkeymanager = new core_userkey_manager($this->config); } + /** + * All the checking happens before the login page in this hook + */ + public function pre_loginpage_hook() { + global $SESSION; + + // If we previously tried to skip SSO on, but then navigated + // away, and come in from another deep link while SSO only is + // on, then reset the previous session memory of forcing SSO. + if (isset($SESSION->enrolkey_skipsso)) { + unset($SESSION->enrolkey_skipsso); + } + $this->loginpage_hook(); + } + + /** + * All the checking happens before the login page in this hook + */ + public function loginpage_hook() { + if ($this->should_login_redirect()) { + redirect($this->config->ssourl); + } + } + /** * Don't allow login using login form. * @@ -447,12 +472,39 @@ class auth_plugin_userkey extends auth_plugin_base { return $parameters; } + /** + * Check if we should redirect a user as part of login. + * + * @return bool + */ + public function should_login_redirect() { + global $SESSION; + $skipsso = optional_param('enrolkey_skipsso', 0, PARAM_BOOL); + + // Check whether we've skipped SSO already. + // This is here because loginpage_hook is called again during form + // submission (all of login.php is processed) and ?skipsso=on is not + // preserved forcing us to the SSO. + if ((isset($SESSION->enrolkey_skipsso) && $SESSION->enrolkey_skipsso == 1)) { + return false; + } + + $SESSION->enrolkey_skipsso = $skipsso; + + // If SSO only is set and user is not passing the skip param + // or has it already set in their session then redirect to the SSO URL. + if (isset($this->config->ssourl) && $this->config->ssourl != '' && !$skipsso) { + return true; + } + + } + /** * Check if we should redirect a user after logout. * * @return bool */ - protected function should_redirect() { + protected function should_logout_redirect() { global $SESSION; if (!isset($SESSION->userkey)) { @@ -470,6 +522,7 @@ class auth_plugin_userkey extends auth_plugin_base { return true; } + /** * Logout page hook. * @@ -480,7 +533,7 @@ class auth_plugin_userkey extends auth_plugin_base { public function logoutpage_hook() { global $redirect; - if ($this->should_redirect()) { + if ($this->should_logout_redirect()) { $redirect = $this->config->redirecturl; } } diff --git a/lang/en/auth_userkey.php b/lang/en/auth_userkey.php index 798a0f2..085956e 100644 --- a/lang/en/auth_userkey.php +++ b/lang/en/auth_userkey.php @@ -38,4 +38,6 @@ $string['redirecturl'] = 'Logout redirect URL'; $string['redirecturl_desc'] = 'Optionally you can redirect users to this URL after they logged out from LMS.'; $string['incorrectredirecturl'] = 'You should provide valid URL'; $string['userkey:generatekey'] = 'Generate login user key'; -$string['pluginisdisabled'] = 'The userkey authentication plugin is disabled.'; \ No newline at end of file +$string['pluginisdisabled'] = 'The userkey authentication plugin is disabled.'; +$string['ssourl'] = 'URL of SSO host'; +$string['ssourl_desc'] = 'URL of the SSO host to redirect users to. If defined users will be redirected here on login instead of the Moodle Login page'; diff --git a/settings.html b/settings.html index c94c020..9473a5b 100644 --- a/settings.html +++ b/settings.html @@ -56,6 +56,13 @@ $fields = get_auth_plugin('userkey')->get_allowed_mapping_fields(); notification($err[$field], 'notifyfailure'); } ?> + + + +
+ notification($err[$field], 'notifyfailure'); } ?> + + diff --git a/tests/auth_plugin_test.php b/tests/auth_plugin_test.php index e71b42e..c76d2c5 100644 --- a/tests/auth_plugin_test.php +++ b/tests/auth_plugin_test.php @@ -499,6 +499,7 @@ class auth_plugin_userkey_testcase extends advanced_testcase { $formconfig->keylifetime = 100; $formconfig->iprestriction = 0; $formconfig->redirecturl = 'http://google.com/'; + $formconfig->ssourl = 'http://google.com/'; $this->auth->process_config($formconfig); @@ -707,4 +708,61 @@ class auth_plugin_userkey_testcase extends advanced_testcase { $this->assertEquals('http://test.com/course/index.php?id=12&key=134', $redirect); } + /** + * Test that login page hook redirects correctly. + */ + public function test_loginpage_hook_redirects_correctly() { + global $SESSION; + + $SESSION->enrolkey_skipsso = 0; + set_config('ssourl', 'http://google.com', 'auth_userkey'); + $this->auth = new auth_plugin_userkey(); + + $userredirect = $this->auth->should_login_redirect(); + $this->assertEquals($userredirect, true); + + } + + /** + * Test that Moodle login page is displayed if url param is set correctly. + */ + public function test_login_page_displays_correctly_url_param_set() { + global $SESSION; + + $SESSION->enrolkey_skipsso = 1; + set_config('ssourl', 'http://google.com', 'auth_userkey'); + $this->auth = new auth_plugin_userkey(); + $userredirect = $this->auth->should_login_redirect(); + $this->assertEquals($userredirect, false); + + } + + /** + * Test that Moodle login page is displayed if no redirect url and no param is set. + */ + public function test_login_page_displays_correctly() { + global $SESSION; + + $SESSION->enrolkey_skipsso = 0; + set_config('ssourl', '', 'auth_userkey'); + $this->auth = new auth_plugin_userkey(); + $userredirect = $this->auth->should_login_redirect(); + $this->assertEquals($userredirect, false); + + } + + /** + * Test that Moodle login page is displayed if no redirect url, but param is set. + */ + public function test_login_page_displays_correctly_param_set() { + global $SESSION; + + $SESSION->enrolkey_skipsso = 1; + set_config('ssourl', '', 'auth_userkey'); + $this->auth = new auth_plugin_userkey(); + $userredirect = $this->auth->should_login_redirect(); + $this->assertEquals($userredirect, false); + + } + }