Merge branch 'cas-user-whitelist' into 'nightly'

Added CAS user whitelist feature

See merge request gnu/gnu-social!142
This commit is contained in:
mmn 2017-12-17 17:38:21 +00:00
commit c285f80b18
3 changed files with 12 additions and 0 deletions

View File

@ -40,6 +40,7 @@ class CasAuthenticationPlugin extends AuthenticationPlugin
public $port = 443;
public $path = '';
public $takeOverLogin = false;
public $user_whitelist = null;
function checkPassword($username, $password)
{
@ -145,6 +146,7 @@ class CasAuthenticationPlugin extends AuthenticationPlugin
$casSettings['port']=$this->port;
$casSettings['path']=$this->path;
$casSettings['takeOverLogin']=$this->takeOverLogin;
$casSettings['user_whitelist']=$this->user_whitelist;
}
function onPluginVersion(array &$versions)

View File

@ -24,6 +24,11 @@ path (): Path on the server to CAS. Usually blank.
takeOverLogin (false): Take over the main login action. If takeOverLogin is
set, anytime the standard username/password login form would be shown,
a CAS login will be done instead.
user_whitelist (null): Only allow login via CAS for users listed in this
array. This is useful when both CAS and password authentication is enabled
and there is a mismatch between some GNU social account names and CAS user
names. This prevents CAS users from logging in as someone else on GNU
social. When set to null, no CAS logins are filtered by this feature.
* required
default values are in (parenthesis)

View File

@ -41,6 +41,11 @@ class CasloginAction extends Action
$this->serverError(_m('Incorrect username or password.'));
}
if (is_array($casSettings['user_whitelist']) && !in_array($user->nickname, $casSettings['user_whitelist'])) {
// TRANS: Server error displayed when trying to log in with non-whitelisted user name (when whitelists are enabled.)
$this->serverError(_m('Incorrect username or password.'));
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when login fails in CAS authentication plugin.