MDL-8590 auth cleanup - part 1

auth/README

@@ -1,9 +1,9 @@
 This directory contains authentication modules.
 
-Each of these modules describes a different way to 
-check that a user has provided a correct 
+Each of these modules describes a different way to
+check that a user has provided a correct
 
-   - username, and 
+   - username, and
    - password.
 
 Even when external forms of authentication are being used, Moodle still
@@ -22,18 +22,18 @@ part of the enabled plugin sequence).
 email - authentication by email  (DEFAULT METHOD)
 
     - user fills out form with email address
-    - email sent to user with link 
+    - email sent to user with link
     - user clicks on link in email to confirm
     - user account is created
     - user can log in
 
 
 none  - no authentication at all .. very insecure!!
-    
+
     - user logs in using ANY username and password
     - if the username doesn't already exist then
       a new account is created
-    - when user tries to access a course they 
+    - when user tries to access a course they
       are forced to set up their account details
 
 manual - internal authentication only
@@ -81,7 +81,7 @@ nntp  - Uses an external NNTP server
 
 
 db  - Uses an external database to check username/password
-    
+
     - user logs in using username and password
     - these are checked against an external database
     - if correct, user is logged in
@@ -203,14 +203,14 @@ AUTHENTICATION
 
 Basic fuctions to authenticate users with external db.
 
-Mandatory: 
+Mandatory:
 
     auth_plugin_foo()
 
     Constructor. At the least, it populates config member variable with settings
     from the Moodle database. It makes sense to put other startup code here.
 
-    user_login($username, $password) 
+    user_login($username, $password)
 
     Authenticate username, password with userdatabase.
 
@@ -225,7 +225,7 @@ Optional:
     Query other userinformation from database.
 
     Returns:
-    Userinformation in array ( name => value, .... 
+    Userinformation in array ( name => value, ....
     or false in case of error
 
 
@@ -251,17 +251,17 @@ USER CREATION
 
 Functions that enable usercreation, activation and deactivation
 from moodle to external database
-  
-  
-    user_exists ($username) 
+
+
+    user_exists ($username)
 
     Checks if given username exist on external db
 
     Returns:
     true if given usernname exist or false
 
 
-    user_create ($userobject,$plainpass) 
+    user_create ($userobject,$plainpass)
 
     Creates new user to external db. User should be created
     in inactive stage until confirmed by email.
@@ -270,7 +270,7 @@ from moodle to external database
     True on success otherwise false
 
 
-    user_activate ($username) 
+    user_activate ($username)
 
     activate new user after email-address is confirmed
 
@@ -297,11 +297,3 @@ USER INFORMATION AND SYNCRONIZATION
     All usernames in array or false on error.
 
 
-    get_users($filter='*') 
-
-    Get ALL USEROBJECTS FROM EXTERNAL DB.
-
-    Returns:
-    Array of all users as objects from external db
-
-

auth/README2

@@ -11,9 +11,6 @@ get_auth_plugin() that does the work for you:
 
    $ldapauth = get_auth_plugin('ldap');
 
-If an auth is not specified, get_auth_plugin() will return you the auth plugin
-defined in the $CFG->auth variable.
-
 Auth plugin classes are pretty basic. They contain the same functions that were
 previously in each plugin's lib.php file, but refactored to become class
 methods, and tweaked to reference the plugin's instantiated config to get at the
@@ -63,6 +60,7 @@ user_login($username, $password)
    This is the primary method that is used by the authenticate_user_login()
    function in moodlelib.php. This method should return a boolean indicating
    whether or not the username and password authenticate successfully.
+   Both parameter must have magic quotes applied.
 
 is_internal()
    Returns true if this authentication plugin is "internal" (which means that
@@ -79,9 +77,10 @@ change_password_url()
 Other Methods
 -----------------
 
-get_userinfo()
+get_userinfo($username)
    This method should return an array of fields from the authentication source
-   for the given username.
+   for the given username. Username parameter must have magic quotes applied.
+   The returned array does not have magic quotes applied.
 
 Upgrading from Moodle 1.7
 -----------------------------

auth/cas/README-CAS

@@ -2,6 +2,6 @@ CAS-module README
 
 Please read comments from lib.php for auth/cas module
 The auth/cas module is using part of the /auth/ldap module. The /auth/ldap directory should exist.
-The auth/cas use the PHPCAS project from http://esup-phpcas.sourceforge.net 
+The auth/cas use the PHPCAS project from http://esup-phpcas.sourceforge.net
 
 

auth/cas/auth.php

@@ -11,8 +11,9 @@
  * 2006-08-28  File created.
  */
 
-// This page cannot be called directly
-if (!isset($CFG)) exit;
+if (!defined('MOODLE_INTERNAL')) {
+    die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
+}
 
 /**
  * CAS authentication plugin.
@@ -38,21 +39,21 @@ function auth_plugin_cas() {
      *
      * @param string $username The username
      * @param string $password The password
-     * @returns bool Authentication success or failure.
+     * @return bool Authentication success or failure.
      */
     function user_login ($username, $password) {
         if (! function_exists('ldap_connect')) {
             print_error('auth_casnotinstalled','mnet');
             return false;
         }
-        
+
         global $CFG;
 
         // don't allow blank usernames or passwords
         if (!$username or !$password) {
             return false;
         }
-     
+
         // CAS specific
         if ($CFG->auth == "cas" and !empty($this->config->enabled)) {
             if ($this->config->create_user == '0') {
@@ -72,7 +73,7 @@ function user_login ($username, $password) {
 
         if ($ldap_connection) {
             $ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
-          
+
             // if ldap_user_dn is empty, user does not exist
             if (!$ldap_user_dn) {
                 ldap_close($ldap_connection);
@@ -205,7 +206,7 @@ function automatic_authenticate ($user='') {
     /**
      * Returns true if this authentication plugin is 'internal'.
      *
-     * @returns bool
+     * @return bool
      */
     function is_internal() {
         return false;
@@ -215,7 +216,7 @@ function is_internal() {
      * Returns true if this authentication plugin can change the user's
      * password.
      *
-     * @returns bool
+     * @return bool
      */
     function can_change_password() {
         return false;
@@ -229,15 +230,15 @@ function can_change_password() {
      *
      * @param array $page An object containing all the data for this page.
      */
-    function config_form($config, $err) {
+    function config_form($config, $err, $user_fields) {
         include 'config.html';
     }
 
     /**
      * Returns the URL for changing the user's pw, or false if the default can
      * be used.
      *
-     * @returns bool
+     * @return bool
      */
     function change_password_url() {
         return $this->config->changepasswordurl;
@@ -288,7 +289,7 @@ function process_config($config) {
         set_config('changepasswordurl', $config->changepasswordurl, 'auth/cas');
 
         // save LDAP settings
-        // TODO: Do we want the CAS LDAP settings to be separate from the LDAP settings?
+        // TODO: settings must be separated now that we have multiauth!
         $ldapauth = get_auth_plugin('ldap');
         $ldapauth->process_config($config);
 

auth/cas/auth_ldap_sync_users.php

@@ -2,39 +2,46 @@
 /** auth_ldap_sync_users.php
  *  Modified for cas Module
  *
- * This script is meant to be called from a cronjob to sync moodle with the LDAP 
+ * This script is meant to be called from a cronjob to sync moodle with the LDAP
  * backend in those setups where the LDAP backend acts as 'master'.
- * 
+ *
  * Recommended cron entry:
  * # 5 minutes past 4am
  * 5 4 * * * /usr/bin/php -c /etc/php4/cli/php.ini /var/www/moodle/auth/ldap/auth_ldap_sync_users.php
- * 
- * Notes: 
+ *
+ * Notes:
  *   - If you have a large number of users, you may want to raise the memory limits
  *     by passing -d momory_limit=256M
  *   - For debugging & better logging, you are encouraged to use in the command line:
  *     -d log_errors=1 -d error_reporting=E_ALL -d display_errors=0 -d html_errors=0
- *     
+ *
  * Performance notes:
  * We have optimized it as best as we could for Postgres and mySQL, with 27K students
- * we have seen this take 10 minutes. 
- *    
+ * we have seen this take 10 minutes.
+ *
  */
 
 
-if (!empty($_SERVER['GATEWAY_INTERFACE'])) {
-    error_log("should not be called from apache!");
+if (isset($_SERVER['REMOTE_ADDR'])) {
+    error_log("should not be called from web server!");
     exit;
 }
 
+$nomoodlecookie = true; // cookie not needed
+
 require_once(dirname(dirname(dirname(__FILE__))).'/config.php'); // global moodle config file.
 
 require_once($CFG->dirroot.'/course/lib.php');
 require_once($CFG->dirroot.'/lib/blocklib.php');
 require_once($CFG->dirroot.'/mod/resource/lib.php');
 require_once($CFG->dirroot.'/mod/forum/lib.php');
 require_once($CFG->dirroot.'/lib/moodlelib.php');
-$CFG->debug=10;
+
+if (!is_enabled_auth('cas')) {
+    echo "Plugin not enabled!";
+    die;
+}
+
 $casauth = get_auth_plugin('cas');
 $casauth->sync_users(1000, true);
 

auth/cas/config.html

@@ -52,7 +52,7 @@ <h4><?php print_string('auth_cas_server_settings', 'auth') ?> </h4>
         unset($options);
         $options[1] = get_string('yes');
         choose_from_menu ($options, 'use_cas', $config->use_cas, get_string('no'), '', '');
-       
+
         ?>
     </td>
     <td><?php print_string('auth_cas_enabled', 'auth') ?></td>
@@ -63,11 +63,11 @@ <h4><?php print_string('auth_cas_server_settings', 'auth') ?> </h4>
     <td>
         <input name="hostname" type="text" size="30" value="<?php echo $config->hostname ?>" />
         <?php
-        
+
         if (isset($err['hostname'])) {
             formerr($err['hostname']);
-        }    
-        
+        }
+
         ?>
     </td>
     <td><?php print_string('auth_cas_hostname', 'auth') ?></td>
@@ -78,11 +78,11 @@ <h4><?php print_string('auth_cas_server_settings', 'auth') ?> </h4>
     <td>
         <input name="baseuri" type="text" size="30" value="<?php echo $config->baseuri ?>" />
         <?php
-        
+
         if (isset($err['baseuri'])) {
             formerr($err['baseuri']);
         }
-        
+
         ?>
     </td>
     <td><?php print_string('auth_cas_baseuri', 'auth') ?></td>
@@ -93,11 +93,11 @@ <h4><?php print_string('auth_cas_server_settings', 'auth') ?> </h4>
     <td>
         <input name="port" type="text" size="30" value="<?php echo $config->port ?>" />
         <?php
-        
+
         if (isset($err['port'])) {
             formerr($err['port']);
         }
-        
+
         ?>
     </td>
     <td><?php print_string('auth_cas_port', 'auth') ?></td>

auth/cas/index_form.html

@@ -12,7 +12,7 @@
   <tr>
     <td width="50%" align="center" valign="top" class="generalbox">
       <p><?php print_string("loginusing") ?>:<br />
-        (<?php print_string("cookiesenabled");?>) 
+        (<?php print_string("cookiesenabled");?>)
          <?php helpbutton("cookies", get_string("cookiesenabled"))?><br /><?php formerr($errormsg) ?>
       </p>
       <form action="index.php" method="post" id="login">
@@ -41,7 +41,7 @@
     $changebuttonname = get_string("senddetails");
 ?>
       <hr width="80%" />
-      <p><?php print_string("forgotten") ?></p> 
+      <p><?php print_string("forgotten") ?></p>
         <form action="<?php p($changepassword) ?>" method="get" id="changepassword">
           <input type="submit" value="<?php p($changebuttonname) ?>" />
         </form>