-
Notifications
You must be signed in to change notification settings - Fork 1
/
surfconext.install
193 lines (170 loc) · 7.66 KB
/
surfconext.install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
<?php
/**
* @file
* Install, update and uninstall functions for the surfconext module.
*/
/**
* Implements hook_install().
*/
function surfconext_install() {
// Add displayname to user entity.
$field_name = 'display_name';
$field_info = field_info_field($field_name);
if (!$field_info) {
$field = array(
'field_name' => $field_name,
'type' => 'text',
'entity_types' => array('user'),
'cardinality' => 1,
'locked' => FALSE,
'format' => 'hidden',
);
$field = field_create_field($field);
}
$field_info_instance = field_info_instance('user', $field_name, 'user');
if (!$field_info_instance) {
$instance = array(
'field_name' => $field_name,
'bundle' => 'user',
'entity_type' => 'user',
'label' => t('Display Name'),
'description' => t('This is the displayName from SurfConext.'),
'required' => FALSE,
);
field_create_instance($instance);
}
}
/**
* Implements hook_uninstall().
*/
function surfconext_uninstall() {
// Get all variables that we use.
$result = db_select('variable', 'v')
->fields('v', array('name'))
->condition('name', db_like('surfconext_') . '%', 'LIKE')
->execute();
// Now delete them.
foreach ($result as $row) {
variable_del($row->name);
}
}
/**
* Implements hook_requirements().
*
* Use requirements to ensure that all conditions for SURFconext are met.
*/
function surfconext_requirements($phase) {
$requirements = array();
if ($phase == 'runtime') {
// Auto load simpleSAML.
$autoloaded = SurfConext::autoload();
// Get the t() function.
$t = get_t();
// Check if autoload worked.
$requirements['surfconext_simplesaml_autoloaded'] = array(
'title' => $t('SURFconext SimpleSAML class'),
'severity' => $autoloaded ? REQUIREMENT_OK : REQUIREMENT_ERROR,
'value' => $t('SimpleSAML class autoloaded'),
'description' => $autoloaded ? '' : $t('The SimpleSAML library can not be loaded, please check the !link.', array('!link' => l($t('SURFconext settings'), 'admin/config/people/surfconext'))),
);
// Make sure the class for SimpleSAML is available.
if (class_exists('SimpleSAML_Configuration')) {
// Make sure SimpleSAML is not set on PHPSESSION.
$config = SimpleSAML_Configuration::getInstance();
$requirements['surfconext_session'] = array(
'title' => $t('SURFconext session'),
'severity' => $config->getValue('store.type') == 'phpsession' ? REQUIREMENT_WARNING : REQUIREMENT_OK,
'value' => $t('Using %type', array('%type' => $config->getValue('store.type'))),
'description' => $config->getValue('store.type') != 'phpsession' ? '' : $t('The SimpleSAML library can not use PHP cookie sessions, as these will conflict with the Drupal session. Use either SQL or memcache sessions'),
);
}
// Check if we can find the simplesaml library.
$simplesaml_found = file_exists(SurfConext::getSimpleSamlBasedir() . '/lib/_autoload.php');
$requirements['surfconext_simplesaml_found'] = array(
'title' => $t('SURFconext SimpleSAML library'),
'severity' => $simplesaml_found ? REQUIREMENT_OK : REQUIREMENT_ERROR,
'value' => 'Found simpleSAML library',
'description' => $simplesaml_found ? '' : $t('The SimpleSAML library can not be located or loaded, please check the !link.', array('!link' => l($t('SURFconext settings'), 'admin/config/people/surfconext'))),
);
// Get the location of the metadata file.
$idp_filename = SurfConext::getSurfConextMetadataIdpFilename();
if ($simplesaml_found && ($idp_filename != '')) {
// Check if we filename is set and writable. The requirements hook will
// tell problems if the filename is not working.
$writable = !empty($idp_filename) || is_writable(dirname(drupal_realpath($idp_filename)));
$requirements['surfconext_setup'] = array(
'title' => $t('SURFconext metadata IdP file'),
'severity' => $writable ? REQUIREMENT_OK : REQUIREMENT_ERROR,
'value' => 'Location writable',
'description' => $writable ? '' : $t('The location for the IdP metadata is not writable or not setup correctly, please visit the SURFconext settings page !link.', array('!link' => l($t('here'), 'admin/config/people/surfconext'))),
);
// Check when metadata file was last updated.
$idp_file = @fopen($idp_filename, 'r');
if ($idp_file) {
$fstat = @fstat($idp_file);
// Compare modified time with now, may not differ longer than 48 hours.
if (!empty($fstat) && isset($fstat['mtime'])) {
$seconds_old = time() - $fstat['mtime'];
$is_expired = $seconds_old > (SurfConext::getSurfConextMetadataIdpFileMaxAge() * 60);
$requirements['surfconext_idp_age'] = array(
'title' => $t('SURFconext metadata IdP file age'),
'severity' => $is_expired ? REQUIREMENT_ERROR : REQUIREMENT_OK,
'value' => 'Is not expired',
'description' => $is_expired ? $t(
'The Metadata IdP file is expired (@days old), make sure the cron is running. Can not be older than @max_days days.',
array(
'@days' => round($seconds_old / (24 * 3600), 2),
'@max_days' => round(SurfConext::getSurfConextMetadataIdpFileMaxAge() / (24 * 60), 2),
)) : '',
);
}
}
// Get the SimpleSAML version.
$saml_version = SurfConext::getSAMLVersion();
if (!empty($saml_version)) {
list($low, $high) = explode('.', $saml_version, 2);
$version_correct = $low >= 1 && $high >= 5;
$requirements['surfconext_saml_version'] = array(
'title' => $t('SURFconext SimpleSAML'),
'severity' => $version_correct ? REQUIREMENT_OK : REQUIREMENT_ERROR,
'value' => 'Location writable',
'description' => $version_correct ? '' : $t('Please upgrade SimpleSAMLphp. You are using %ssp_version', array('%ssp_version' => $saml_version)),
);
}
}
// Check if master switch is on.
$enabled = SurfConext::isEnabled();
$requirements['surfconext_enabled'] = array(
'title' => $t('SURFconext master switch'),
'severity' => $enabled ? REQUIREMENT_OK : REQUIREMENT_ERROR,
'value' => $enabled ? $t('Enabled') : $t('Disabled'),
'description' => $enabled ? '' : $t('You need to review the !link and enable SURFconext authentication. You can also disable the SURFconext module.', array('!link' => l($t('SURFconext settings'), 'admin/config/people/surfconext'))),
);
// Warn if users can register Drupal accounts, but we don't care if the
// master switch is off.
if ($enabled) {
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
$requirements['surfconext_user_register'] = array(
'title' => $t('SURFconext and Drupal users'),
'severity' => $user_register == USER_REGISTER_ADMINISTRATORS_ONLY ? REQUIREMENT_OK : REQUIREMENT_ERROR,
'value' => $t('Only administrators can create Drupal user accounts.'),
'description' => $user_register == USER_REGISTER_ADMINISTRATORS_ONLY ? '' : $t('It is not recommended to allow visitors to register Drupal accounts on this website while SURFconext login is activated. You must only allow administrators to register accounts, !link.', array('!link' => l($t('here'), 'admin/config/people/accounts'))),
);
}
}
return $requirements;
}
/**
* Need to rebuild the registry.
*/
function surfconext_update_7000() {
// Rebuild the registry.
registry_rebuild();
cache_clear_all();
}
/**
* Add a field in the user profile to store DisplayName.
*/
function surfconext_update_7001() {
surfconext_install();
}