1<?php 2// This file is part of Moodle - http://moodle.org/ 3// 4// Moodle is free software: you can redistribute it and/or modify 5// it under the terms of the GNU General Public License as published by 6// the Free Software Foundation, either version 3 of the License, or 7// (at your option) any later version. 8// 9// Moodle is distributed in the hope that it will be useful, 10// but WITHOUT ANY WARRANTY; without even the implied warranty of 11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12// GNU General Public License for more details. 13// 14// You should have received a copy of the GNU General Public License 15// along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17/** 18 * Admin settings and defaults. 19 * 20 * @package auth_cas 21 * @copyright 2017 Stephen Bourget 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25defined('MOODLE_INTERNAL') || die; 26 27if ($ADMIN->fulltree) { 28 29 if (!function_exists('ldap_connect')) { 30 $notify = new \core\output\notification(get_string('auth_casnotinstalled', 'auth_cas'), 31 \core\output\notification::NOTIFY_WARNING); 32 $settings->add(new admin_setting_heading('auth_casnotinstalled', '', $OUTPUT->render($notify))); 33 } else { 34 // We use a couple of custom admin settings since we need to massage the data before it is inserted into the DB. 35 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_lowercase_configtext.php'); 36 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_contexts_configtext.php'); 37 38 // Include needed files. 39 require_once($CFG->dirroot.'/auth/cas/auth.php'); 40 require_once($CFG->dirroot.'/auth/cas/languages.php'); 41 42 // Introductory explanation. 43 $settings->add(new admin_setting_heading('auth_cas/pluginname', '', 44 new lang_string('auth_casdescription', 'auth_cas'))); 45 46 // CAS server configuration label. 47 $settings->add(new admin_setting_heading('auth_cas/casserversettings', 48 new lang_string('auth_cas_server_settings', 'auth_cas'), '')); 49 50 // Authentication method name. 51 $settings->add(new admin_setting_configtext('auth_cas/auth_name', 52 get_string('auth_cas_auth_name', 'auth_cas'), 53 get_string('auth_cas_auth_name_description', 'auth_cas'), 54 get_string('auth_cas_auth_service', 'auth_cas'), 55 PARAM_RAW_TRIMMED)); 56 57 // Authentication method logo. 58 $opts = array('accepted_types' => array('.png', '.jpg', '.gif', '.webp', '.tiff', '.svg')); 59 $settings->add(new admin_setting_configstoredfile('auth_cas/auth_logo', 60 get_string('auth_cas_auth_logo', 'auth_cas'), 61 get_string('auth_cas_auth_logo_description', 'auth_cas'), 'logo', 0, $opts)); 62 63 64 // Hostname. 65 $settings->add(new admin_setting_configtext('auth_cas/hostname', 66 get_string('auth_cas_hostname_key', 'auth_cas'), 67 get_string('auth_cas_hostname', 'auth_cas'), '', PARAM_RAW_TRIMMED)); 68 69 // Base URI. 70 $settings->add(new admin_setting_configtext('auth_cas/baseuri', 71 get_string('auth_cas_baseuri_key', 'auth_cas'), 72 get_string('auth_cas_baseuri', 'auth_cas'), '', PARAM_RAW_TRIMMED)); 73 74 // Port. 75 $settings->add(new admin_setting_configtext('auth_cas/port', 76 get_string('auth_cas_port_key', 'auth_cas'), 77 get_string('auth_cas_port', 'auth_cas'), '', PARAM_INT)); 78 79 // CAS Version. 80 $casversions = array(); 81 $casversions[CAS_VERSION_1_0] = 'CAS 1.0'; 82 $casversions[CAS_VERSION_2_0] = 'CAS 2.0'; 83 $settings->add(new admin_setting_configselect('auth_cas/casversion', 84 new lang_string('auth_cas_casversion', 'auth_cas'), 85 new lang_string('auth_cas_version', 'auth_cas'), CAS_VERSION_2_0, $casversions)); 86 87 // Language. 88 if (!isset($CASLANGUAGES) || empty($CASLANGUAGES)) { 89 // Prevent warnings on other admin pages. 90 // $CASLANGUAGES is defined in /auth/cas/languages.php. 91 $CASLANGUAGES = array(); 92 $CASLANGUAGES[PHPCAS_LANG_ENGLISH] = 'English'; 93 $CASLANGUAGES[PHPCAS_LANG_FRENCH] = 'French'; 94 } 95 $settings->add(new admin_setting_configselect('auth_cas/language', 96 new lang_string('auth_cas_language_key', 'auth_cas'), 97 new lang_string('auth_cas_language', 'auth_cas'), PHPCAS_LANG_ENGLISH, $CASLANGUAGES)); 98 99 // Proxy. 100 $yesno = array( 101 new lang_string('no'), 102 new lang_string('yes'), 103 ); 104 $settings->add(new admin_setting_configselect('auth_cas/proxycas', 105 new lang_string('auth_cas_proxycas_key', 'auth_cas'), 106 new lang_string('auth_cas_proxycas', 'auth_cas'), 0 , $yesno)); 107 108 // Logout option. 109 $settings->add(new admin_setting_configselect('auth_cas/logoutcas', 110 new lang_string('auth_cas_logoutcas_key', 'auth_cas'), 111 new lang_string('auth_cas_logoutcas', 'auth_cas'), 0 , $yesno)); 112 113 // Multi-auth. 114 $settings->add(new admin_setting_configselect('auth_cas/multiauth', 115 new lang_string('auth_cas_multiauth_key', 'auth_cas'), 116 new lang_string('auth_cas_multiauth', 'auth_cas'), 0 , $yesno)); 117 118 // Server validation. 119 $settings->add(new admin_setting_configselect('auth_cas/certificate_check', 120 new lang_string('auth_cas_certificate_check_key', 'auth_cas'), 121 new lang_string('auth_cas_certificate_check', 'auth_cas'), 0 , $yesno)); 122 123 // Certificate path. 124 $settings->add(new admin_setting_configfile('auth_cas/certificate_path', 125 get_string('auth_cas_certificate_path_key', 'auth_cas'), 126 get_string('auth_cas_certificate_path', 'auth_cas'), '')); 127 128 // CURL SSL version. 129 $sslversions = array(); 130 $sslversions[''] = get_string('auth_cas_curl_ssl_version_default', 'auth_cas'); 131 if (defined('CURL_SSLVERSION_TLSv1')) { 132 $sslversions[CURL_SSLVERSION_TLSv1] = get_string('auth_cas_curl_ssl_version_TLSv1x', 'auth_cas'); 133 } 134 if (defined('CURL_SSLVERSION_TLSv1_0')) { 135 $sslversions[CURL_SSLVERSION_TLSv1_0] = get_string('auth_cas_curl_ssl_version_TLSv10', 'auth_cas'); 136 } 137 if (defined('CURL_SSLVERSION_TLSv1_1')) { 138 $sslversions[CURL_SSLVERSION_TLSv1_1] = get_string('auth_cas_curl_ssl_version_TLSv11', 'auth_cas'); 139 } 140 if (defined('CURL_SSLVERSION_TLSv1_2')) { 141 $sslversions[CURL_SSLVERSION_TLSv1_2] = get_string('auth_cas_curl_ssl_version_TLSv12', 'auth_cas'); 142 } 143 if (defined('CURL_SSLVERSION_SSLv2')) { 144 $sslversions[CURL_SSLVERSION_SSLv2] = get_string('auth_cas_curl_ssl_version_SSLv2', 'auth_cas'); 145 } 146 if (defined('CURL_SSLVERSION_SSLv3')) { 147 $sslversions[CURL_SSLVERSION_SSLv3] = get_string('auth_cas_curl_ssl_version_SSLv3', 'auth_cas'); 148 } 149 $settings->add(new admin_setting_configselect('auth_cas/curl_ssl_version', 150 new lang_string('auth_cas_curl_ssl_version_key', 'auth_cas'), 151 new lang_string('auth_cas_curl_ssl_version', 'auth_cas'), '' , $sslversions)); 152 153 // Alt Logout URL. 154 $settings->add(new admin_setting_configtext('auth_cas/logout_return_url', 155 get_string('auth_cas_logout_return_url_key', 'auth_cas'), 156 get_string('auth_cas_logout_return_url', 'auth_cas'), '', PARAM_URL)); 157 158 // LDAP server settings. 159 $settings->add(new admin_setting_heading('auth_cas/ldapserversettings', 160 new lang_string('auth_ldap_server_settings', 'auth_ldap'), '')); 161 162 // Host. 163 $settings->add(new admin_setting_configtext('auth_cas/host_url', 164 get_string('auth_ldap_host_url_key', 'auth_ldap'), 165 get_string('auth_ldap_host_url', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 166 167 // Version. 168 $versions = array(); 169 $versions[2] = '2'; 170 $versions[3] = '3'; 171 $settings->add(new admin_setting_configselect('auth_cas/ldap_version', 172 new lang_string('auth_ldap_version_key', 'auth_ldap'), 173 new lang_string('auth_ldap_version', 'auth_ldap'), 3, $versions)); 174 175 // Start TLS. 176 $settings->add(new admin_setting_configselect('auth_cas/start_tls', 177 new lang_string('start_tls_key', 'auth_ldap'), 178 new lang_string('start_tls', 'auth_ldap'), 0 , $yesno)); 179 180 181 // Encoding. 182 $settings->add(new admin_setting_configtext('auth_cas/ldapencoding', 183 get_string('auth_ldap_ldap_encoding_key', 'auth_ldap'), 184 get_string('auth_ldap_ldap_encoding', 'auth_ldap'), 'utf-8', PARAM_RAW_TRIMMED)); 185 186 // Page Size. (Hide if not available). 187 $settings->add(new admin_setting_configtext('auth_cas/pagesize', 188 get_string('pagesize_key', 'auth_ldap'), 189 get_string('pagesize', 'auth_ldap'), '250', PARAM_INT)); 190 191 // Bind settings. 192 $settings->add(new admin_setting_heading('auth_cas/ldapbindsettings', 193 new lang_string('auth_ldap_bind_settings', 'auth_ldap'), '')); 194 195 // User ID. 196 $settings->add(new admin_setting_configtext('auth_cas/bind_dn', 197 get_string('auth_ldap_bind_dn_key', 'auth_ldap'), 198 get_string('auth_ldap_bind_dn', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 199 200 // Password. 201 $settings->add(new admin_setting_configpasswordunmask('auth_cas/bind_pw', 202 get_string('auth_ldap_bind_pw_key', 'auth_ldap'), 203 get_string('auth_ldap_bind_pw', 'auth_ldap'), '')); 204 205 // User Lookup settings. 206 $settings->add(new admin_setting_heading('auth_cas/ldapuserlookup', 207 new lang_string('auth_ldap_user_settings', 'auth_ldap'), '')); 208 209 // User Type. 210 $settings->add(new admin_setting_configselect('auth_cas/user_type', 211 new lang_string('auth_ldap_user_type_key', 'auth_ldap'), 212 new lang_string('auth_ldap_user_type', 'auth_ldap'), 'default', ldap_supported_usertypes())); 213 214 // Contexts. 215 $settings->add(new auth_ldap_admin_setting_special_contexts_configtext('auth_cas/contexts', 216 get_string('auth_ldap_contexts_key', 'auth_ldap'), 217 get_string('auth_ldap_contexts', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 218 219 // Search subcontexts. 220 $settings->add(new admin_setting_configselect('auth_cas/search_sub', 221 new lang_string('auth_ldap_search_sub_key', 'auth_ldap'), 222 new lang_string('auth_ldap_search_sub', 'auth_ldap'), 0 , $yesno)); 223 224 // Dereference aliases. 225 $optderef = array(); 226 $optderef[LDAP_DEREF_NEVER] = get_string('no'); 227 $optderef[LDAP_DEREF_ALWAYS] = get_string('yes'); 228 229 $settings->add(new admin_setting_configselect('auth_cas/opt_deref', 230 new lang_string('auth_ldap_opt_deref_key', 'auth_ldap'), 231 new lang_string('auth_ldap_opt_deref', 'auth_ldap'), LDAP_DEREF_NEVER , $optderef)); 232 233 // User attribute. 234 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_cas/user_attribute', 235 get_string('auth_ldap_user_attribute_key', 'auth_ldap'), 236 get_string('auth_ldap_user_attribute', 'auth_ldap'), '', PARAM_RAW)); 237 238 // Member attribute. 239 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_cas/memberattribute', 240 get_string('auth_ldap_memberattribute_key', 'auth_ldap'), 241 get_string('auth_ldap_memberattribute', 'auth_ldap'), '', PARAM_RAW)); 242 243 // Member attribute uses dn. 244 $settings->add(new admin_setting_configselect('auth_cas/memberattribute_isdn', 245 get_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap'), 246 get_string('auth_ldap_memberattribute_isdn', 'auth_ldap'), 0, $yesno)); 247 248 // Object class. 249 $settings->add(new admin_setting_configtext('auth_cas/objectclass', 250 get_string('auth_ldap_objectclass_key', 'auth_ldap'), 251 get_string('auth_ldap_objectclass', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 252 253 // Course Creators Header. 254 $settings->add(new admin_setting_heading('auth_cas/coursecreators', 255 new lang_string('coursecreators'), '')); 256 257 // Course creators attribute field mapping. 258 $settings->add(new admin_setting_configtext('auth_cas/attrcreators', 259 get_string('auth_ldap_attrcreators_key', 'auth_ldap'), 260 get_string('auth_ldap_attrcreators', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 261 262 // Course creator group field mapping. 263 $settings->add(new admin_setting_configtext('auth_cas/groupecreators', 264 get_string('auth_ldap_groupecreators_key', 'auth_ldap'), 265 get_string('auth_ldap_groupecreators', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 266 267 // User Account Sync. 268 $settings->add(new admin_setting_heading('auth_cas/syncusers', 269 new lang_string('auth_sync_script', 'auth'), '')); 270 271 // Remove external user. 272 $deleteopt = array(); 273 $deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth'); 274 $deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth'); 275 $deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth'); 276 277 $settings->add(new admin_setting_configselect('auth_cas/removeuser', 278 new lang_string('auth_remove_user_key', 'auth'), 279 new lang_string('auth_remove_user', 'auth'), AUTH_REMOVEUSER_KEEP, $deleteopt)); 280 } 281 282 // Display locking / mapping of profile fields. 283 $authplugin = get_auth_plugin('cas'); 284 $help = get_string('auth_ldapextrafields', 'auth_ldap'); 285 $help .= get_string('auth_updatelocal_expl', 'auth'); 286 $help .= get_string('auth_fieldlock_expl', 'auth'); 287 $help .= get_string('auth_updateremote_expl', 'auth'); 288 $help .= '<hr />'; 289 $help .= get_string('auth_updateremote_ldap', 'auth'); 290 display_auth_lock_options($settings, $authplugin->authtype, $authplugin->userfields, $help, true, true, 291 $authplugin->get_custom_user_profile_fields()); 292 293} 294