Commit c285f80b authored by mmn's avatar mmn

Merge branch 'cas-user-whitelist' into 'nightly'

Added CAS user whitelist feature

See merge request !142
parents 9c0c8a19 1e1543dd
......@@ -40,6 +40,7 @@ class CasAuthenticationPlugin extends AuthenticationPlugin
public $port = 443;
public $path = '';
public $takeOverLogin = false;
public $user_whitelist = null;
function checkPassword($username, $password)
......@@ -145,6 +146,7 @@ class CasAuthenticationPlugin extends AuthenticationPlugin
function onPluginVersion(array &$versions)
......@@ -24,6 +24,11 @@ path (): Path on the server to CAS. Usually blank.
takeOverLogin (false): Take over the main login action. If takeOverLogin is
set, anytime the standard username/password login form would be shown,
a CAS login will be done instead.
user_whitelist (null): Only allow login via CAS for users listed in this
array. This is useful when both CAS and password authentication is enabled
and there is a mismatch between some GNU social account names and CAS user
names. This prevents CAS users from logging in as someone else on GNU
social. When set to null, no CAS logins are filtered by this feature.
* required
default values are in (parenthesis)
......@@ -41,6 +41,11 @@ class CasloginAction extends Action
$this->serverError(_m('Incorrect username or password.'));
if (is_array($casSettings['user_whitelist']) && !in_array($user->nickname, $casSettings['user_whitelist'])) {
// TRANS: Server error displayed when trying to log in with non-whitelisted user name (when whitelists are enabled.)
$this->serverError(_m('Incorrect username or password.'));
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when login fails in CAS authentication plugin.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment