auth/cas: MDL-25062 CAS authentication plugin does not validate the C…

…AS server certificate If we enable the server validation but don't specify a certificate file path flag the error and don't let the user save the settings.
jblotus · Nov 18, 2010 · 4029394 · 4029394
1 parent 1a92193
commit 4029394
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/auth/cas/auth.php b/auth/cas/auth.php
@@ -209,6 +209,19 @@ function config_form($config, $err, $user_fields) {
         include($CFG->dirroot.'/auth/cas/config.html');
     }
 
+    /**
+     * A chance to validate form data, and last chance to
+     * do stuff before it is inserted in config_plugin
+     * @param object object with submitted configuration settings (without system magic quotes)
+     * @param array $err array of error messages
+     */
+    function validate_form(&$form, &$err) {
+        $certificate_path = trim($form->certificate_path);
+        if ($form->certificate_check && empty($certificate_path)) {
+            $err['certificate_path'] = get_string('auth_cas_certificate_path_empty', 'auth_cas');
+        }
+    }
+
     /**
      * Returns the URL for changing the user's pw, or empty if the default can
      * be used.

diff --git a/auth/cas/config.html b/auth/cas/config.html
@@ -195,7 +195,7 @@ <h4><?php print_string('auth_cas_server_settings', 'auth_cas') ?></h4>
     <td align="right"><?php print_string('auth_cas_certificate_path_key', 'auth_cas') ?>:</td>
     <td>
         <input name="certificate_path" id="certificate_path" type="text" size="30" value="<?php echo $config->certificate_path ?>" />
-        <?php if (isset($err['certificate_path'])) formerr($err['certificate_path']); ?>
+        <?php if (isset($err['certificate_path'])) echo $OUTPUT->error_text($err['certificate_path']); ?>
     </td>
     <td>
         <?php print_string('auth_cas_certificate_path', 'auth_cas') ?>

diff --git a/auth/cas/lang/en/auth_cas.php b/auth/cas/lang/en/auth_cas.php
@@ -32,6 +32,7 @@
 $string['auth_cas_cantconnect'] = 'LDAP part of CAS-module cannot connect to server: {$a}';
 $string['auth_cas_casversion'] = 'Version';
 $string['auth_cas_certificate_check'] = 'Turn this to \'yes\' if you want to validate the server certificate';
+$string['auth_cas_certificate_path_empty'] = 'If you turn on Server validation, you need to specify a certificate path';
 $string['auth_cas_certificate_check_key'] = 'Server validation';
 $string['auth_cas_certificate_path'] = 'Path of the CA chain file (PEM Format) to validate the server certificate';
 $string['auth_cas_certificate_path_key'] = 'Certificate path';