diff --git a/config/proxyauth.config.php b/config/proxyauth.config.php new file mode 100644 index 0000000..47e9b9f --- /dev/null +++ b/config/proxyauth.config.php @@ -0,0 +1,15 @@ + array( + 'replace_form' => false, + 'button_text' => 'Login with SSO', + 'remember' => true, + 'sso_domain' => '', + 'logout_url' => '', + 'create_account' => true, + 'username_header' => 'REMOTE_USER', + 'email_header' => '', + 'fullname_header' => '' + ) +); diff --git a/proxyauth.php b/proxyauth.php index 61ddf54..8cb8d86 100644 --- a/proxyauth.php +++ b/proxyauth.php @@ -2,7 +2,7 @@ /** * Name: Proxy Auth * Description: Authenticate a user against reverse proxy headers - * Version: 1.1 + * Version: 1.2 * Author: Mark Wane */ @@ -18,19 +18,27 @@ use Friendica\Core\Hook; use Friendica\DI; use Friendica\Model\User; +use Friendica\Core\System; +use Friendica\Util\ConfigFileLoader; function proxyauth_install(){ + Hook::register( 'load_config', 'addon/proxyauth/proxyauth.php', 'proxyauth_config' ); Hook::register( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' ); Hook::register( 'login_hook', 'addon/proxyauth/proxyauth.php', 'proxyauth_login' ); Hook::register( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' ); } function proxyauth_uninstall(){ + Hook::unregister( 'load_config', 'addon/proxyauth/proxyauth.php', 'proxyauth_config' ); Hook::unregister( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' ); Hook::unregister( 'login_hook', 'addon/proxyauth/proxyauth.php', 'proxyauth_login' ); Hook::unregister( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' ); } +function proxyauth_config( $a, $l ){ + $a->getConfigCache()->load( $l->loadAddonConfig( 'proxyauth' ) ); +} + function proxyauth_hook( $a, &$b ){ $acc = proxyauth_auth(); @@ -43,30 +51,48 @@ function proxyauth_hook( $a, &$b ){ } function proxyauth_login( $a, &$o ){ - $o = '
-
- -
- + $replace = DI::config()->get( 'proxyauth', 'replace_form' ); + $text = DI::config()->get( 'proxyauth', 'button_text' ); + $remember = DI::config()->get( 'proxyauth', 'remember' ); + + if ( $replace ){ + $o = ' +
+ +
+ +
+
- -
- '; + '; + } } function proxyauth_logout( $a ){ + $domain = DI::config()->get( 'proxyauth', 'sso_domain' ); + $url = DI::config()->get( 'proxyauth', 'logout_url' ); + DI::cookie()->clear(); DI::session()->clear(); info( DI::l10n()->t( 'Logging out') ); - if ( ! stripos( $_SERVER['HTTP_REFERER'], 'auth.cool110.xyz' ) ) { - DI::baseUrl()->redirect( '/logout_sso' ); + if ( ! stripos( $_SERVER['HTTP_REFERER'], $domain ) ) { + if ( '' != $url ){ + System::externalRedirect( $url ); + } else { + DI::baseUrl()->redirect( '/logout_sso' ); + } } } function proxyauth_auth(){ - $uid = $_SERVER['HTTP_UID'] ?? NULL; - $mail = $_SERVER['HTTP_MAIL'] ?? NULL; - $name = $_SERVER['HTTP_CN'] ?? NULL; + $create = DI::config()->get( 'proxyauth', 'create_account' ); + $uid_header = DI::config()->get( 'proxyauth', 'username_header' ); + $mail_header = DI::config()->get( 'proxyauth', 'email_header' ); + $name_header = DI::config()->get( 'proxyauth', 'fullame_header' ); + + $uid = $_SERVER[ $uid_header ] ?? NULL; + $mail = $_SERVER[ $mail_header ] ?? NULL; + $name = $_SERVER[ $name_header ] ?? NULL; if ( is_null( $uid ) ){ return false; @@ -78,9 +104,12 @@ function proxyauth_auth(){ return $acc; } - proxyauth_create_user( $uid, $mail, $name ); - - return proxyauth_get_user( $uid ); + if ( $create ){ + proxyauth_create_user( $uid, $mail, $name ); + return proxyauth_get_user( $uid ); + } else { + return NULL; + } } function proxyauth_create_user( $uid, $mail, $name ){