summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJérôme Schneider <jschneider@entrouvert.com>2013-06-11 07:47:08 (GMT)
committerJérôme Schneider <jschneider@entrouvert.com>2013-06-11 07:47:08 (GMT)
commitf822bd5cc5797f7e566569f95f8f32365ca35af5 (patch)
tree2d41b47b2bf741dcfc99560af3a841bc25f9611b
parent554b3d97480a17931ca5a3df66798fa0c85c7898 (diff)
downloadspip-saml-f822bd5cc5797f7e566569f95f8f32365ca35af5.zip
spip-saml-f822bd5cc5797f7e566569f95f8f32365ca35af5.tar.gz
spip-saml-f822bd5cc5797f7e566569f95f8f32365ca35af5.tar.bz2
login_saml: unique id is email and not uid
-rw-r--r--balise/login_saml.php26
-rw-r--r--inc/simplesamlphp/config/authsources.php2
2 files changed, 16 insertions, 12 deletions
diff --git a/balise/login_saml.php b/balise/login_saml.php
index 031705a..2cff3c8 100644
--- a/balise/login_saml.php
+++ b/balise/login_saml.php
@@ -71,20 +71,18 @@ function login_saml_successfull()
$email = $attributes['email'][0];
$display_name = $first_name . ' ' . $last_name;
- spip_log("[auth_saml] authentification reussi pour l'utilisateur =".$login);
+ spip_log("[auth_saml] authentification reussi pour l'utilisateur =".$email);
// Si l'utilisateur figure deja dans la base, y recuperer les infos
- $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" ._q($login). " AND statut<>'5poubelle'" );
+ $result = spip_query("SELECT * FROM spip_auteurs WHERE email=" ._q($email). " AND statut<>'6form'" );
$row_auteur = spip_fetch_array($result);
spip_log("[auth_saml] attribus utilisateur =".$row_auteur['login']);
if ($row_auteur) {
- $GLOBALS['auteur_session'] = $row_auteur;
-
- spip_log("[auth_saml] updating user [" . $login . "]");
- spip_log("[auth_saml] display name : $display_name and email : $email");
- spip_query("UPDATE spip_auteurs SET nom=" . _q($display_name) . ", email=" . _q($email) . " WHERE login="._q($login));
+ spip_log("[auth_saml] updating user [" . $email . "]");
+ spip_log("[auth_saml] display name : $display_name and login : $login");
+ spip_query("UPDATE spip_auteurs SET nom=" . _q($display_name) . ", login=" . _q($login) . " WHERE email="._q($email));
}
else
@@ -92,15 +90,21 @@ function login_saml_successfull()
spip_log("[auth_saml] creating user [" . $login . "]");
spip_log("[auth_saml] display name : $display_name and email : $email");
$pass = generate_password();
- spip_query("INSERT INTO spip_auteurs (nom, login, email, pass, statut) VALUES ('$display_name', '$login', '$email', '$pass', '1comite')");
- // Si l'utilisateur figure deja dans la base, y recuperer les infos
- $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" ._q($login). " AND statut<>'5poubelle'" );
+ spip_query("INSERT INTO spip_auteurs (nom, login, email, pass, statut) VALUES ('$display_name', '$login', '$email', '$pass', '6forum')");
+ // On recupere l('utilisateur
+ $result = spip_query("SELECT * FROM spip_auteurs WHERE email=" ._q($email). " AND statut<>'6forum'" );
$row_auteur = spip_fetch_array($result);
}
+ // chargement de l'utilisateur en session
+ $GLOBALS['auteur_session'] = $row_auteur;
$session = charger_fonction('session', 'inc');
$cookie_session = $session($row_auteur);
spip_setcookie('spip_session', $cookie_session);
- $redirect = _DIR_RESTREINT_ABS. "?bonjour=oui";
+ if ($row_auteur['statut'][0] < 6)
+ $redirect = _DIR_RESTREINT_ABS. "?bonjour=oui";
+ else
+ $redirect = '/';
+ spip_log('[auth_saml] redirect ' . $redirect);
redirige_par_entete($redirect);
}
diff --git a/inc/simplesamlphp/config/authsources.php b/inc/simplesamlphp/config/authsources.php
index 79b18d1..624a6e4 100644
--- a/inc/simplesamlphp/config/authsources.php
+++ b/inc/simplesamlphp/config/authsources.php
@@ -22,7 +22,7 @@ $config = array(
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
- 'idp' => NULL,
+ 'idp' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata',
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.