From f822bd5cc5797f7e566569f95f8f32365ca35af5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Tue, 11 Jun 2013 09:47:08 +0200 Subject: [PATCH] login_saml: unique id is email and not uid --- balise/login_saml.php | 26 ++++++++++++++---------- inc/simplesamlphp/config/authsources.php | 2 +- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/balise/login_saml.php b/balise/login_saml.php index 031705a..2cff3c8 100644 --- a/balise/login_saml.php +++ b/balise/login_saml.php @@ -71,20 +71,18 @@ function login_saml_successfull() $email = $attributes['email'][0]; $display_name = $first_name . ' ' . $last_name; - spip_log("[auth_saml] authentification reussi pour l'utilisateur =".$login); + spip_log("[auth_saml] authentification reussi pour l'utilisateur =".$email); // Si l'utilisateur figure deja dans la base, y recuperer les infos - $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" ._q($login). " AND statut<>'5poubelle'" ); + $result = spip_query("SELECT * FROM spip_auteurs WHERE email=" ._q($email). " AND statut<>'6form'" ); $row_auteur = spip_fetch_array($result); spip_log("[auth_saml] attribus utilisateur =".$row_auteur['login']); if ($row_auteur) { - $GLOBALS['auteur_session'] = $row_auteur; - - spip_log("[auth_saml] updating user [" . $login . "]"); - spip_log("[auth_saml] display name : $display_name and email : $email"); - spip_query("UPDATE spip_auteurs SET nom=" . _q($display_name) . ", email=" . _q($email) . " WHERE login="._q($login)); + spip_log("[auth_saml] updating user [" . $email . "]"); + spip_log("[auth_saml] display name : $display_name and login : $login"); + spip_query("UPDATE spip_auteurs SET nom=" . _q($display_name) . ", login=" . _q($login) . " WHERE email="._q($email)); } else @@ -92,15 +90,21 @@ function login_saml_successfull() spip_log("[auth_saml] creating user [" . $login . "]"); spip_log("[auth_saml] display name : $display_name and email : $email"); $pass = generate_password(); - spip_query("INSERT INTO spip_auteurs (nom, login, email, pass, statut) VALUES ('$display_name', '$login', '$email', '$pass', '1comite')"); - // Si l'utilisateur figure deja dans la base, y recuperer les infos - $result = spip_query("SELECT * FROM spip_auteurs WHERE login=" ._q($login). " AND statut<>'5poubelle'" ); + spip_query("INSERT INTO spip_auteurs (nom, login, email, pass, statut) VALUES ('$display_name', '$login', '$email', '$pass', '6forum')"); + // On recupere l('utilisateur + $result = spip_query("SELECT * FROM spip_auteurs WHERE email=" ._q($email). " AND statut<>'6forum'" ); $row_auteur = spip_fetch_array($result); } + // chargement de l'utilisateur en session + $GLOBALS['auteur_session'] = $row_auteur; $session = charger_fonction('session', 'inc'); $cookie_session = $session($row_auteur); spip_setcookie('spip_session', $cookie_session); - $redirect = _DIR_RESTREINT_ABS. "?bonjour=oui"; + if ($row_auteur['statut'][0] < 6) + $redirect = _DIR_RESTREINT_ABS. "?bonjour=oui"; + else + $redirect = '/'; + spip_log('[auth_saml] redirect ' . $redirect); redirige_par_entete($redirect); } diff --git a/inc/simplesamlphp/config/authsources.php b/inc/simplesamlphp/config/authsources.php index 79b18d1..624a6e4 100644 --- a/inc/simplesamlphp/config/authsources.php +++ b/inc/simplesamlphp/config/authsources.php @@ -22,7 +22,7 @@ $config = array( // The entity ID of the IdP this should SP should contact. // Can be NULL/unset, in which case the user will be shown a list of available IdPs. - 'idp' => NULL, + 'idp' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata', // The URL to the discovery service. // Can be NULL/unset, in which case a builtin discovery service will be used.