Merge branch 'hotfix/GS_fix_case_issue_SAML_signin'

.gitignore

@@ -1 +1,2 @@
 .DS_Store
+.idea

Limesurvey-SAML-Authentication/AuthSAML.php

@@ -12,6 +12,8 @@
  * URL: https://github.com/Frankniesten/Limesurvey-SAML-Authentication
  */
 
+use SimpleSAML\Auth\Simple;
+
 class AuthSAML extends LimeSurvey\PluginManager\AuthPluginBase
 {
     protected $storage = 'DbStorage';
@@ -20,6 +22,9 @@ class AuthSAML extends LimeSurvey\PluginManager\AuthPluginBase
     static protected $description = 'Core: SAML authentication';
     static protected $name = 'SAML';
 
+    /**
+     * @var array
+     */
     protected $settings = array(
         'simplesamlphp_path' => array(
             'type' => 'string',
@@ -83,11 +88,14 @@ class AuthSAML extends LimeSurvey\PluginManager\AuthPluginBase
         ),
     );
 
-    public function init() {
+    /**
+     * init
+     */
+    public function init()
+    {
         $this->storage = $this->get('storage_base', null, null, 'DbStorage');
 
         $this->subscribe('getGlobalBasePermissions');
-
         $this->subscribe('beforeLogin');
         $this->subscribe('newUserSession');
         $this->subscribe('afterLogout');
@@ -98,13 +106,13 @@ public function init() {
     }
 
     /**
+     * getGlobalBasePermissions
+     *
      * Add AuthLDAP Permission to global Permission
      */
     public function getGlobalBasePermissions()
     {
         $this->getEvent()->append('globalBasePermissions', array(
-
-
             'auth_saml' => array(
                 'create' => false,
                 'update' => false,
@@ -118,43 +126,55 @@ public function getGlobalBasePermissions()
         ));
     }
 
-    public function beforeLogin() {
-        $ssp = $this->get_saml_instance();
-
+    /**
+     * beforeLogin
+     */
+    public function beforeLogin()
+    {
         if ($this->get('force_saml_login', null, null, false)) {
-            $ssp->requireAuth();
+            $this->getSAMLInstance()->requireAuth();
         }
 
-        if ($ssp->isAuthenticated()) {
+        if ($this->getSAMLInstance()->isAuthenticated()) {
             $this->setAuthPlugin();
             $this->newUserSession();
         }
     }
 
+    /**
+     * afterLogout
+     */
     public function afterLogout()
     {
-        $ssp = $this->get_saml_instance();
         $redirect = $this->get('logout_redirect', null, null, '/admin');
-        if ($ssp->isAuthenticated()) {
-            Yii::app()->controller->redirect($ssp->getLogoutUrl($redirect));
+
+        if ($this->getSAMLInstance()->isAuthenticated()) {
+            Yii::app()->controller->redirect($this->getSAMLInstance()->getLogoutUrl($redirect));
             Yii::app()->end();
         }
     }
 
+    /**
+     * newLoginForm
+     */
     public function newLoginForm()
     {
-        $authtype_base = $this->get('authtype_base', null, null, 'Authdb');
-
-        $ssp = $this->get_saml_instance();
-        $this->getEvent()->getContent($authtype_base)->addContent('<li><center>Click on that button to initiate SAML Login<br><a href="'.$ssp->getLoginURL().'" title="SAML Login"><img src="'.Yii::app()->getConfig('imageurl').'/saml_logo.gif"></a></center><br></li>', 'prepend');
-    }
-
-    public function newUserSession() {
+        $authTypeBase = $this->get('authtype_base', null, null, 'Authdb');
 
-        $ssp = $this->get_saml_instance();
+        $loginFormContent = '<div style="text-align:center; padding-bottom: 10px; margin-bottom: 10px; border-bottom: dashed 1px #000;">Click on that button to initiate SAML Login<br><a href="'.$this->getSAMLInstance()->getLoginURL().'" title="SAML Login"><img height="60" src="'.Yii::app()->getConfig('imageurl').'/saml_logo.png"></a></><br></div>';
 
-        if ($ssp->isAuthenticated()) {
+        $this
+            ->getEvent()
+            ->getContent($authTypeBase)
+            ->addContent($loginFormContent, 'prepend');
+    }
 
+    /**
+     * newUserSession
+     */
+    public function newUserSession()
+    {
+        if ($this->getSAMLInstance()->isAuthenticated()) {
             $sUser = $this->getUserName();
             $name = $this->getUserCommonName();
             $mail = $this->getUserMail();
@@ -189,12 +209,18 @@ public function newUserSession() {
             } elseif (is_null($oUser)) {
                 throw new CHttpException(401, gT("We are sorry but you do not have an account."));
             } else {
-
                 // *** Update user ***
                 $auto_update_users = $this->get('auto_update_users', null, null, true);
 
                 if ($auto_update_users) {
+                    /**
+                     * Added 'users_name' => $sUser
+                     * to prevent getting stuck in redirect loop when
+                     * there is a difference in case between existing username
+                     * and the username coming from SAML
+                     */
                     $changes = array (
+                        'users_name' => $sUser,
                         'full_name' => $name,
                         'email' => $mail,
                     );
@@ -207,40 +233,43 @@ public function newUserSession() {
             }
         }
         $flag = $this->get('simplesamlphp_cookie_session_storage', null, null, true);
+
         if ($flag){
             $session = SimpleSAML_Session::getSessionFromRequest();
             $session->cleanup();
         }
     }
 
     /**
+     * getSAMLInstance
+     *
      * Initialize SAML authentication
-     * @return void
+     * @return Simple
      */
-    public function get_saml_instance() {
-
+    public function getSAMLInstance()
+    {
         if ($this->ssp == null) {
+            $simpleSAMLPath = $this->get('simplesamlphp_path', null, null, '/var/www/simplesamlphp');
+            require_once($simpleSAMLPath.'/lib/_autoload.php');
 
-            $simplesamlphp_path = $this->get('simplesamlphp_path', null, null, '/var/www/simplesamlphp');
-
-            require_once($simplesamlphp_path.'/lib/_autoload.php');
-
-            $saml_authsource = $this->get('saml_authsource', null, null, 'limesurvey');
-
-            $this->ssp = new \SimpleSAML\Auth\Simple($saml_authsource);
+            $samlAuthSource = $this->get('saml_authsource', null, null, 'limesurvey');
+            $this->ssp = new Simple($samlAuthSource);
         }
 
         return $this->ssp;
     }
 
     /**
+     * getUserName
+     *
      * Get Userdata from SAML Attributes
      * @return void
      */
-    public function getUserName() {
-
+    public function getUserName()
+    {
         if ($this->_username == null) {
             $username = $this->getUserNameAttribute();
+
             if ($username !== false) {
                 $this->setUsername($username);
             }
@@ -249,27 +278,39 @@ public function getUserName() {
         return $this->_username;
     }
 
+    /**
+     * getUserNameAttribute
+     *
+     * @return false
+     */
     public function getUserNameAttribute()
     {
-        $ssp = $this->get_saml_instance();
-        $attributes = $this->ssp->getAttributes();
+        $attributes = $this->getSAMLInstance()->getAttributes();
+
         if (!empty($attributes)) {
             $saml_uid_mapping = $this->get('saml_uid_mapping', null, null, 'uid');
+
             if (array_key_exists($saml_uid_mapping, $attributes) && !empty($attributes[$saml_uid_mapping])) {
-                $username = $attributes[$saml_uid_mapping][0];
-                return $username;
+                return $attributes[$saml_uid_mapping][0];
             }
         }
+
         return false;
     }
 
-    public function getUserCommonName() {
-
+    /**
+     * getUserCommonName
+     *
+     * @return string
+     */
+    public function getUserCommonName()
+    {
         $name = '';
-        $ssp = $this->get_saml_instance();
-        $attributes = $this->ssp->getAttributes();
+        $attributes = $this->getSAMLInstance()->getAttributes();
+
         if (!empty($attributes)) {
             $saml_name_mapping = $this->get('saml_name_mapping', null, null, 'cn');
+
             if (array_key_exists($saml_name_mapping , $attributes) && !empty($attributes[$saml_name_mapping])) {
                 $name = $attributes[$saml_name_mapping][0];
             }
@@ -278,13 +319,19 @@ public function getUserCommonName() {
         return $name;
     }
 
-    public function getUserMail() {
-
+    /**
+     * getUserMail
+     *
+     * @return string
+     */
+    public function getUserMail()
+    {
         $mail = '';
-        $ssp = $this->get_saml_instance();
-        $attributes = $this->ssp->getAttributes();
+        $attributes = $this->getSAMLInstance()->getAttributes();
+
         if (!empty($attributes)) {
             $saml_mail_mapping = $this->get('saml_mail_mapping', null, null, 'mail');
+
             if (array_key_exists($saml_mail_mapping , $attributes) && !empty($attributes[$saml_mail_mapping])) {
                 $mail = $attributes[$saml_mail_mapping][0];
             }

README.md

@@ -11,7 +11,7 @@ LimeSurvey authentication plugin for authenticating users against an SAML Identi
 - Paste it inside **limesurvey/plugins/AuthSAML** folder
 - Configure the plugin from the **Plugin Manager**
 - Go to **Admin > Configuration > Plugin Manager** or **https:/example.com/index.php/admin/pluginmanager/sa/index** and **Enable** the plugin
-- Place your own custom **saml_logo.gif** image at **imesurvey/assets/images**. It will be displayed as the login button
+- Place your own custom **saml_logo.png** image at **imesurvey/assets/images**. It will be displayed as the login button
 
 ## Configuration options
 - **Path to the SimpleSAMLphp folder**: path to the simpleSAMLphp installation
@@ -24,6 +24,7 @@ set this to **true** so the code can handle session conficts between simpleSAMLp
 - **SAML attributed used as name**: the attribute returned from the IdP that will be the users human friendly name
 - **Auto create users**: check if the user exists in the local database and if not the plugin creates the user from the SAML metadata
 - **Auto update users**: check if IdP has different attribute values for email and name and update them on LimeSurvey
+- **SAML login Text**: Text show on the Login page
 - **Force SAML login**: if this is set to true the plugin will force the login path to use only simpleSAMLphp
 - **Authtype base**: LimeSurvey internal configuration options, use it only if you know what you are doing. Configures where the users data are stored.
 - **Storage base**: LimeSurvey internal configuration options, use it only if you know what you are doing. Configures where the plugin settings are stored.