...
 
Commits (3)
......@@ -40,6 +40,7 @@ class CasAuthenticationPlugin extends AuthenticationPlugin
public $port = 443;
public $path = '';
public $takeOverLogin = false;
public $user_whitelist = null;
function checkPassword($username, $password)
{
......@@ -145,6 +146,7 @@ class CasAuthenticationPlugin extends AuthenticationPlugin
$casSettings['port']=$this->port;
$casSettings['path']=$this->path;
$casSettings['takeOverLogin']=$this->takeOverLogin;
$casSettings['user_whitelist']=$this->user_whitelist;
}
function onPluginVersion(array &$versions)
......
......@@ -24,6 +24,11 @@ path (): Path on the server to CAS. Usually blank.
takeOverLogin (false): Take over the main login action. If takeOverLogin is
set, anytime the standard username/password login form would be shown,
a CAS login will be done instead.
user_whitelist (null): Only allow login via CAS for users listed in this
array. This is useful when both CAS and password authentication is enabled
and there is a mismatch between some GNU social account names and CAS user
names. This prevents CAS users from logging in as someone else on GNU
social. When set to null, no CAS logins are filtered by this feature.
* required
default values are in (parenthesis)
......
......@@ -41,6 +41,11 @@ class CasloginAction extends Action
$this->serverError(_m('Incorrect username or password.'));
}
if (is_array($casSettings['user_whitelist']) && !in_array($user->nickname, $casSettings['user_whitelist'])) {
// TRANS: Server error displayed when trying to log in with non-whitelisted user name (when whitelists are enabled.)
$this->serverError(_m('Incorrect username or password.'));
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when login fails in CAS authentication plugin.
......