diff --git a/includes/admin-option-page-functions.php b/includes/admin-option-page-functions.php deleted file mode 100644 index 2cc83c5..0000000 --- a/includes/admin-option-page-functions.php +++ /dev/null @@ -1,209 +0,0 @@ - $get_options_func( 'wpcasldap_email_suffix' ), - 'cas_version' => $get_options_func( 'wpcasldap_cas_version' ), - 'include_path' => $get_options_func( 'wpcasldap_include_path' ), - 'server_hostname' => $get_options_func( 'wpcasldap_server_hostname' ), - 'server_port' => $get_options_func( 'wpcasldap_server_port' ), - 'server_path' => $get_options_func( 'wpcasldap_server_path' ), - 'useradd' => $get_options_func( 'wpcasldap_useradd' ), - 'userrole' => $get_options_func( 'wpcasldap_userrole' ), - 'ldaphost' => $get_options_func( 'wpcasldap_ldaphost' ), - 'ldapport' => $get_options_func( 'wpcasldap_ldapport' ), - 'useldap' => $get_options_func( 'wpcasldap_useldap' ), - 'ldapbasedn' => $get_options_func( 'wpcasldap_ldapbasedn' ), - ); - - if ( is_array( $wp_cas_ldap_options ) && 0 < count( $wp_cas_ldap_options ) ) { - foreach ( $wp_cas_ldap_options as $key => $val ) { - $out[ $key ] = $val; - } - } - return $out; -} diff --git a/includes/class-wp-cas-ldap-settings.php b/includes/class-wp-cas-ldap-settings.php new file mode 100644 index 0000000..3e7b726 --- /dev/null +++ b/includes/class-wp-cas-ldap-settings.php @@ -0,0 +1,457 @@ + array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_cas_version' ), + ), + 'include_path' => array (), + 'server_hostname' => array (), + 'server_port' => array ( + 'type' => 'integer', + 'sanitize_callback' => 'intval', + 'default' => 443, + ), + 'server_path' => array (), + 'disable_cas_logout' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_yes_or_no' ), + ), + 'cas_redirect_using_js' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_yes_or_no' ), + ), + 'useradd' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_yes_or_no' ), + ), + 'email_suffix' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_strip_at' ), + ), + 'userrole' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_user_role' ), + ), + 'ldaphost' => array (), + 'ldapport' => array ( + 'type' => 'integer', + 'sanitize_callback' => 'intval', + 'default' => 389, + ), + 'ldapbasedn' => array (), + 'ldapbinddn' => array (), + 'ldapbindpwd' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_encrypt_ldapbindpwd' ), + ), + 'ldap_users_basedn' => array (), + 'ldap_users_filter' => array (), + 'ldap_groups_basedn' => array (), + 'ldap_groups_filter' => array (), + 'useldap' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_yes_or_no' ), + ), + 'ldap_map_login_attr' => array ( + 'default' => 'samaccountname', + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'ldap_map_email_attr' => array ( + 'default' => 'mail', + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'ldap_map_alt_email_attr' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'ldap_map_first_name_attr' => array ( + 'default' => 'givenname', + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'ldap_map_last_name_attr' => array ( + 'default' => 'sn', + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'ldap_map_role_attr' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'ldap_map_nickname_attr' => array ( + 'default' => 'cn', + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'ldap_map_nicename_attr' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'ldap_map_affiliations_attr' => array ( + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_ldap_attr_name'), + ), + 'who_can_view' => array ( + 'default' => 'everyone', + 'sanitize_callback' => array( 'wp_cas_ldap_settings', 'sanitize_who_can_view'), + ), + 'access_denied_redirect_url' => array (), + ); + + /** + * get_options function hook for WordPress. + * + * @return array contains plugin configuration options from database. + */ + public static function get_options( ) { + global $wp_cas_ldap_options; + + $out = array (); + foreach (self :: $options as $opt => $opt_args) { + if (is_array($wp_cas_ldap_options) && array_key_exists($opt, $wp_cas_ldap_options)) { + $out[ $opt ] = $wp_cas_ldap_options[ $opt ]; + } + elseif ( self :: is_enabled_for_network( ) ) { + $out[ $opt ] = get_site_option ( + "wpcasldap_$opt", + (isset($opt_args['default'])?$opt_args['default']:false) + ); + } + else { + $out[ $opt ] = get_option ( + "wpcasldap_$opt", + (isset($opt_args['default'])?$opt_args['default']:false) + ); + } + } + + return $out; + } + + /** + * get_option_sanitizer method + * + * @param string $option the setting option name. + * @return string the sanitize_callback to use for this setting option + **/ + public static function get_option_sanitizer($option) { + if (isset(self :: $options[$option]) && isset(self :: $options[$option]['sanitize_callback'])) { + if (is_callable(self :: $options[$option]['sanitize_callback'])) + return self :: $options[$option]['sanitize_callback']; + } + return array('wp_cas_ldap_settings', 'wp_cas_ldap_dummy'); + } + + + /** + * Options settings sanitizers + **/ + + /** + * sanitize_strip_at method + * + * @param string $in domain suffix in email address. + * @return string domain suffix without '@' symbol. + */ + function sanitize_strip_at( $in ) { + return str_replace( '@', '', $in ); + } + + /** + * sanitize_yes_or_no method + * + * @param string $in value is 'yes' or anything else. + * @return string value will be 'yes or 'no'. + */ + function sanitize_yes_or_no( $in ) { + return ( 'yes' === strtolower( $in ) ) ? 'yes' : 'no'; + } + + /** + * sanitize_one_or_two method + * + * @param string $in value is '1.0' or anything else. + * @return string value will be '1.0' or '2.0'. + */ + function sanitize_cas_version( $in ) { + return ( '1.0' === $in ) ? '1.0' : '2.0'; + } + + /** + * sanitize_user_role method + * + * @param string $in value is 'subscriber', 'contributor', 'author', 'editor', + * 'administrator', or anything else. + * @return string value will be 'subscriber', 'contributor', 'author', + * 'editor', or 'administrator'. + */ + function sanitize_user_role( $in ) { + $roles = array( + 'subscriber', + 'contributor', + 'author', + 'editor', + 'administrator', + ); + if ( in_array( $in, $roles ) ) { + return $in; + } else { + return 'subscriber'; + } + } + + /** + * sanitize_attr_name method + * + * @param string $in value is an LDAP attribute name + * @return string value will be a valid LDAP attribute name + */ + function sanitize_ldap_attr_name( $in ) { + return preg_replace('/[^a-zA-Z0-9]/', '', $in); + } + + /** + * sanitize_who_can_view method + * + * @param string $in value is the who_can_view parameter value + * @return string value will be a 'cas_authenticated_users', + * 'wordpress_authenticated_users' or 'everyone'. + */ + function sanitize_who_can_view( $in ) { + if ($in == 'cas_authenticated_users' || $in == 'wordpress_authenticated_users') + return $in; + return 'everyone'; + } + + /** + * sanitize_dummy function + * + * @param string $in input value + * @return string unchange input value + */ + function wp_cas_ldap_dummy( $in ) { + return $in; + } + + /** + * sanitize_encrypt_ldapbindpwd method + * + * @param string $in value is the LDAP bind plain-password + * @return string value will be the LDAP bind encrypted password + */ + function sanitize_encrypt_ldapbindpwd( $in ) { + if (strlen($in) > 0) + return self :: encrypt($in); + return $in; + } + + /** + * Methods to encrypt/decrypt LDAP Bind password + * + * This mecanism provided from Authorizer Wordpress plugin. + * Author: Paul Ryan + * Plugin URI: https://github.com/uhm-coe/authorizer + * License: GPL2 + * Version: 2.8.6 + */ + + /** + * Encryption key (not secret!). + * + * @var string + */ + private static $key = 'ka1Ieku&vaeng5pais#o9Air'; + + /** + * Encryption salt (not secret!). + * + * @var string + */ + private static $iv = 'Eob1Sie8aK5zai9Iech/eyu6'; + + /** + * Basic encryption using a public (not secret!) key. Used for general + * database obfuscation of passwords. + * + * @param string $text String to encrypt. + * @param string $library Encryption library to use (openssl). + * @return string Encrypted string. + */ + public static function encrypt( $text, $library = 'openssl' ) { + $result = ''; + + // Use openssl library (better) if it is enabled. + if ( function_exists( 'openssl_encrypt' ) && 'openssl' === $library ) { + $result = base64_encode( + openssl_encrypt( + $text, + 'AES-256-CBC', + hash( 'sha256', self::$key ), + 0, + substr( hash( 'sha256', self::$iv ), 0, 16 ) + ) + ); + } elseif ( function_exists( 'mcrypt_encrypt' ) ) { // Use mcrypt library (deprecated in PHP 7.1) if php5-mcrypt extension is enabled. + $result = base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, self::$key, $text, MCRYPT_MODE_ECB, 'abcdefghijklmnopqrstuvwxyz012345' ) ); + } else { // Fall back to basic obfuscation. + $length = strlen( $text ); + for ( $i = 0; $i < $length; $i++ ) { + $char = substr( $text, $i, 1 ); + $keychar = substr( self::$key, ( $i % strlen( self::$key ) ) - 1, 1 ); + $char = chr( ord( $char ) + ord( $keychar ) ); + $result .= $char; + } + $result = base64_encode( $result ); + } + + return $result; + } + + + /** + * Basic decryption using a public (not secret!) key. Used for general + * database obfuscation of passwords. + * + * @param string $secret String to encrypt. + * @param string $library Encryption lib to use (openssl). + * @return string Decrypted string + */ + public static function decrypt( $secret, $library = 'openssl' ) { + $result = ''; + + // Use openssl library (better) if it is enabled. + if ( function_exists( 'openssl_decrypt' ) && 'openssl' === $library ) { + $result = openssl_decrypt( + base64_decode( $secret ), + 'AES-256-CBC', + hash( 'sha256', self::$key ), + 0, + substr( hash( 'sha256', self::$iv ), 0, 16 ) + ); + } elseif ( function_exists( 'mcrypt_decrypt' ) ) { // Use mcrypt library (deprecated in PHP 7.1) if php5-mcrypt extension is enabled. + $secret = base64_decode( $secret ); + $result = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, self::$key, $secret, MCRYPT_MODE_ECB, 'abcdefghijklmnopqrstuvwxyz012345' ), "\0$result" ); + } else { // Fall back to basic obfuscation. + $secret = base64_decode( $secret ); + $length = strlen( $secret ); + for ( $i = 0; $i < $length; $i++ ) { + $char = substr( $secret, $i, 1 ); + $keychar = substr( self::$key, ( $i % strlen( self::$key ) ) - 1, 1 ); + $char = chr( ord( $char ) - ord( $keychar ) ); + $result .= $char; + } + } + + return $result; + } + + /** + * Detect if plugin is enabled for the network or a site + **/ + public static function is_enabled_for_network($plugin = 'wordpress-cas-client') { + if ( ! function_exists( 'is_plugin_active_for_network' ) ) + require_once( ABSPATH . '/wp-admin/includes/plugin.php' ); + + return is_plugin_active_for_network('wordpress-cas-client/wordpress-cas-client.php'); + } + + /** + * update_network_settings method + * + * Save network settings + */ + public static function update_network_settings( ) { + // Stop silently if current user doesn't have permissions. + if ( ! current_user_can( 'manage_network_options' ) ) + return false; + + // Check if admin form is posted + if ( isset( $_POST['wpcasldap_server_hostname'] ) ) { + foreach (self :: $options as $opt => $opt_args) { + $sanitizer = self :: get_option_sanitizer($opt); + $value = call_user_func($sanitizer, (isset($_POST["wpcasldap_$opt"])?$_POST["wpcasldap_$opt"]:"")); + update_site_option( 'wpcasldap_'.$opt, $value); + } + } + } + + /** + * Wordpress hook methods + **/ + + /** + * register_settings method + * + * Use as admin_init hook for WordPress. + */ + public static function register_settings( ) { + global $wp_cas_ldap_options; + + foreach ( self :: $options as $option => $option_args ) { + if ( ! isset( $wp_cas_ldap_options[ $option ] ) ) { + register_setting('wpcasldap', 'wpcasldap_' . $option, $option_args); + } + } + } + + /** + * add_cas_client_admin_menu method + * + * Use as admin_menu hook for WordPress. + */ + public static function add_cas_client_admin_menu( ) { + if ( function_exists( 'add_management_page' ) ) { + add_submenu_page( + 'options-general.php', + 'CAS Client', + 'CAS Client', + CAPABILITY, + 'wpcasldap', + 'wp_cas_ldap_options_page' + ); + } else { + add_options_page( + 'CAS Client', + 'CAS Client', + CAPABILITY, + basename(__FILE__), + 'wp_cas_ldap_options_page' + ); + } + } + + /** + * add_cas_client_network_admin_menu method + * + * Use as network_admin_menu hook for WordPress. + */ + public static function add_cas_client_network_admin_menu( ) { + add_submenu_page( + 'settings.php', + 'CAS Client', + 'CAS Client', + 'manage_network', + 'casclient', + 'wp_cas_ldap_options_page' + ); + + // Handle admin form POST request + self :: update_network_settings(); + } +} diff --git a/includes/class-wp-cas-ldap-user.php b/includes/class-wp-cas-ldap-user.php index 8e83eae..49491e7 100644 --- a/includes/class-wp-cas-ldap-user.php +++ b/includes/class-wp-cas-ldap-user.php @@ -32,28 +32,42 @@ * WP_CAS_LDAP_User class */ class WP_CAS_LDAP_User { - private $data = null; + private $dn = null; + private $attributes = array(); + private $groups = array(); /** * __construct method for WP_CAS_LDAP_User class * - * @param array $member_array information about the ldap user. + * @param array $entry informations about the ldap user. */ - function __construct( $member_array ) { - $this->data = $member_array; + function __construct( $dn, $attributes ) { + $this -> dn = $dn; + if (is_array($attributes)) { + foreach ($attributes as $attr => $values) { + if (isset($values['count'])) unset($values['count']); + $this -> attributes[strtolower($attr)] = $values; + } + } + } + + /** + * get_user_dn method for WP_CAS_LDAP_User class + * + * @return string|false returns the user DN from private $dn. + */ + function get_user_dn( ) { + return $this -> dn; } /** * get_user_name method for WP_CAS_LDAP_User class * - * @return string|false returns 'cn' value fromprivate $data array. + * @return string|false returns the user name from private $attributes array. */ function get_user_name( ) { - if ( isset( $this->data[0]['cn'][0] ) ) { - return $this->data[0]['cn'][0]; - } else { - return false; - } + global $wp_cas_ldap_use_options; + return $this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_nicename_attr'], $wp_cas_ldap_use_options['ldap_map_nickname_attr']); } /** @@ -63,26 +77,67 @@ function get_user_name( ) { */ function get_user_data( ) { global $wp_cas_ldap_use_options; - if ( isset( $this->data[0]['uid'][0] ) || isset( $this->data[0]['employeeid'][0] ) ) { - $user_role = ''; - $user_nice_name = sanitize_title_with_dashes( $this->data[0]['samaccountname'][0] ); - if ( isset( $this->data[0]['employeeid'][0] ) ) { - $user_role = $GLOBALS['defaultEmployeeUserrole']; - } else { - $user_role = $GLOBALS['defaultStudentUserrole']; - } + if ( $wp_cas_ldap_use_options['ldap_map_login_attr'] && $this->get_user_attr($wp_cas_ldap_use_options['ldap_map_login_attr']) ) { return array( - 'user_login' => $this->data[0]['samaccountname'][0], + 'user_login' => $this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_login_attr']), 'user_pass' => generate_password( 32, 64 ), - 'user_email' => $this->data[0]['mail'][0], - 'first_name' => $this->data[0]['givenname'][0], - 'last_name' => $this->data[0]['sn'][0], - 'role' => $user_role, - 'nickname' => $this->data[0]['cn'][0], - 'user_nicename' => $user_nice_name, + 'user_email' => $this -> get_user_attr( + $wp_cas_ldap_use_options['ldap_map_email_attr'], + $wp_cas_ldap_use_options['ldap_map_alt_email_attr'], + ($wp_cas_ldap_use_options['email_suffix']?$this->get_user_attr($wp_cas_ldap_use_options['ldap_map_login_attr']). '@' . $wp_cas_ldap_use_options['email_suffix']:null) + ), + 'first_name' => $this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_first_name_attr']), + 'last_name' => $this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_last_name_attr']), + 'role' => $this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_role_attr'], null, $wp_cas_ldap_use_options['userrole']), + 'affiliations' => $this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_affiliations_attr'], null, null, true), + 'nickname' => $this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_nickname_attr']), + 'user_nicename' => $this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_nicename_attr'], null, sanitize_title_with_dashes($this -> get_user_attr($wp_cas_ldap_use_options['ldap_map_login_attr']))), + 'ldap_groups' => $this -> groups, ); } else { return false; } } + + /** + * get_user_attr method for WP_CAS_LDAP_User class + * + * @return string|null + */ + function get_user_attr($attr, $alt_attr=null, $default_value=null, $all=null) { + $attr = ($attr?strtolower($attr):null); + $alt_attr = ($alt_attr?strtolower($alt_attr):null); + if($attr && isset($this->attributes[$attr]) && !empty($this->attributes[$attr])) { + return ($all?$this->attributes[$attr]:$this->attributes[$attr][0]); + } + elseif($alt_attr && isset($this->attributes[$alt_attr]) && !empty($this->attributes[$alt_attr])) { + return ($all?$this->attributes[$alt_attr]:$this->attributes[$alt_attr][0]); + } + else { + return $default_value; + } + } + + /** + * get_user_groups method for WP_CAS_LDAP_User class + * + * @return array + */ + function get_user_groups() { + return $this -> groups; + } + + /** + * set_user_groups method for WP_CAS_LDAP_User class + * + * @param array $groups array of ldap user's groups DN. + * @return boolean + */ + function set_user_groups($groups) { + if (is_array($groups)) { + $this -> groups = $groups; + return True; + } + return False; + } } diff --git a/includes/class-wp-cas-ldap.php b/includes/class-wp-cas-ldap.php index 6abf7c0..a3b60f4 100644 --- a/includes/class-wp-cas-ldap.php +++ b/includes/class-wp-cas-ldap.php @@ -44,68 +44,29 @@ class WP_CAS_LDAP { * wp_cas_ldap_now_puser() is called. */ function authenticate( ) { - global $wp_cas_ldap_use_options, $cas_configured, $blog_id; + global $wp_cas_ldap_use_options, $blog_id; - if ( ! $cas_configured ) { - exit( __( 'WordPress CAS Client plugin not configured', 'wpcasldap' ) ); - } - - if ( phpCAS::isAuthenticated( ) ) { - // CAS was successful - - $user = get_user_by( 'login', phpCAS::getUser( ) ); - // If user already exists - if ( $user ) { - // Update user information from ldap - if ( 'yes' === $wp_cas_ldap_use_options['useldap'] && function_exists( 'ldap_connect' ) ) { - - $existing_user = get_ldap_user( phpCAS::getUser( ) ); - if ( $existing_user ) { - $user_data = $existing_user->get_user_data( ); - $user_data['ID'] = $user->ID; - - //Remove role from userdata - unset( $user_data['role'] ); - - $user_id = wp_update_user( $user_data ); - - if ( is_wp_error( $user_id ) ) { - $error_string = $user_id->get_error_message( ); - error_log( 'Update user failed: ' . $error_string ); - echo '

' . $error_string . '

'; - } - } - } - - $user_exists = is_user_member_of_blog( $user->ID, $blog_id ); - if ( ! $user_exists ) { - if ( function_exists( 'add_user_to_blog' ) ) { - add_user_to_blog( $blog_id, $user->ID, $wp_cas_ldap_use_options['userrole'] ); - } - } + $cas_user = authenticate_cas_user(); - // the CAS user has a WP account - wp_set_auth_cookie($user->ID); + $user = get_user_by( 'login', $cas_user ); + // If user already exists + if ( $user ) { + update_and_auth_user($cas_user, $user); - if ( isset( $_GET['redirect_to'] ) ) { - wp_redirect( preg_match( '/^http/', $_GET['redirect_to'] ) ? $_GET['redirect_to'] : site_url( ) ); - exit( ); - } - wp_redirect( site_url( '/wp-admin/' ) ); + if ( isset( $_GET['redirect_to'] ) ) { + wp_redirect( preg_match( '/^http/', $_GET['redirect_to'] ) ? $_GET['redirect_to'] : site_url( ) ); exit( ); + } + wp_redirect( site_url( '/wp-admin/' ) ); + exit( ); + } else { + // the CAS user _does_not_have_ a WP account + if ( function_exists( 'wp_cas_ldap_now_puser' ) && 'yes' === $wp_cas_ldap_use_options['useradd'] ) { + wp_cas_ldap_now_puser( $cas_user ); } else { - // the CAS user _does_not_have_ a WP account - if ( function_exists( 'wp_cas_ldap_now_puser' ) && 'yes' === $wp_cas_ldap_use_options['useradd'] ) { - wp_cas_ldap_now_puser( phpCAS::getUser( ) ); - } else { - exit( __( 'you do not have permission here', 'wpcasldap' ) ); - } + self :: deny_access(); } - } else { - // Authenticate the user - phpCAS::forceAuthentication( ); - exit( ); } } @@ -113,13 +74,23 @@ function authenticate( ) { * logout function hook for WordPress. */ function logout( ) { + global $wp_cas_ldap_use_options; + if ('yes' === $wp_cas_ldap_use_options['disable_cas_logout'] ) { + // Drop local session to avoid PHP auto-reconnect + session_unset(); + session_destroy(); + $message = __( 'You are now logged off.', 'wpcasldap' ); + wp_die( $message, $message, array ('response' => 200) ); + exit ( ); + } + global $cas_configured; - global $get_options_func; if ( ! $cas_configured ) { - exit( __( 'WordPress CAS Client plugin not configured', 'wpcasldap' ) ); + $message = __( 'WordPress CAS Client plugin not configured.', 'wpcasldap' ); + wp_die( $message, $message ); } - phpCAS::logout( array( 'url' => $get_options_func( 'siteurl' ) ) ); + phpCAS::logout( array( 'url' => get_site_url() ) ); exit( ); } @@ -149,6 +120,169 @@ function show_password_fields( $show_password_fields ) { * Disable reset, lost, and retrieve password features in WordPress. */ function disable_function( ) { - exit( __( 'Sorry, this feature is disabled.', 'wpcasldap' ) ); + wp_die( + __( 'Sorry, this feature is disabled.', 'wpcasldap' ), + __("Feature disabled", 'wpcasldap'), + array( + 'response' => 200, + 'back_link' => true, + ) + ); + } + + /* + * restrict_access method hook for WordPress. + * + * Retrict access to site based on 'who_can_view' parameter. + */ + public function restrict_access( $wp ) { + global $wp_cas_ldap_use_options; + + // No restriction on everyone mode + if (!isset($wp_cas_ldap_use_options['who_can_view']) || $wp_cas_ldap_use_options['who_can_view'] == 'everyone') { + return $wp; + } + + // Allow some generic cas (inspired by Wordpress Authorizer plugin) + if ( + // Always allow access if WordPress is installing. + // phpcs:ignore WordPress.CSRF.NonceVerification.NoNonceVerification + ( defined( 'WP_INSTALLING' ) && isset( $_GET['key'] ) ) || + // Allow access for requests to /wp-json/oauth1 so oauth clients can authenticate to use the REST API. + ( property_exists( $wp, 'matched_query' ) && stripos( $wp->matched_query, 'rest_oauth1=' ) === 0 ) || + // Allow access for non-GET requests to /wp-json/*, since REST API authentication already covers them. + ( property_exists( $wp, 'matched_query' ) && 0 === stripos( $wp->matched_query, 'rest_route=' ) && isset( $_SERVER['REQUEST_METHOD'] ) && 'GET' !== $_SERVER['REQUEST_METHOD'] ) || + // Allow access for GET requests to /wp-json/ (root), since REST API discovery calls rely on this. + ( property_exists( $wp, 'matched_query' ) && 'rest_route=/' === $wp->matched_query ) + ) + return $wp; + + // User is already logged in ? + if (is_user_logged_in()) { + // Put CAS user infos in global variable + $GLOBALS['CAS_USER'] = $_SESSION['CAS_USER']; + $GLOBALS['CAS_USER_DATA'] = $_SESSION['CAS_USER_DATA']; + + // Allow access in 'cas_authenticated_users' mode + if ( $wp_cas_ldap_use_options['who_can_view'] == 'cas_authenticated_users' ) { + return $wp; + } + + // So we are in wordpress_authenticated_users mode + + // Always allow access to admins. + if ( current_user_can( 'create_users' ) ) + return $wp; + + // Allow access if user is member of the current blog + if (is_user_member_of_blog( get_current_user_id() )) + return $wp; + else + self :: deny_access(); + } + + // Auth user via CAS + $cas_user = authenticate_cas_user(); + + // User already exists in Wordpress ? + $user = get_user_by( 'login', $cas_user ); + if ( $user ) { + // Update user and allow access + update_and_auth_user($cas_user, $user); + + // Need redirect user after login to make him directly recognized + wp_redirect( site_url( $wp->request ) ); + exit(); + } + elseif ( $wp_cas_ldap_use_options['who_can_view'] == 'cas_authenticated_users' ) { + // Allow user only in 'cas_authenticated_users' mode + + // Retreive CAS user infos (if not already in session) + if (!isset($_SESSION['CAS_USER']) || !isset($_SESSION['CAS_USER_DATA']) || $_SESSION['CAS_USER'] != $cas_user) { + // Retreive user data as new user + $user_data = get_new_user_data( $cas_user ); + + // Unset wordpress user specific infos + unset($user_data['user_pass']); + unset($user_data['role']); + + // Store user data in session + $_SESSION['CAS_USER'] = $cas_user; + $_SESSION['CAS_USER_DATA'] = $user_data; + } + + // Put CAS user infos in global variable + $GLOBALS['CAS_USER'] = $_SESSION['CAS_USER']; + $GLOBALS['CAS_USER_DATA'] = $_SESSION['CAS_USER_DATA']; + + return $wp; + } + elseif ('yes' === $wp_cas_ldap_use_options['useradd']) { + // Wordpress user account could be created + wp_cas_ldap_now_puser( $cas_user ); + return $wp; + } + + // Deny access + self :: deny_access(); } + + /** + * Deny access to user : + * - if this is a REST API call, render an error message as JSON + * - otherwise, redirect to access denied page if defined or render an error message using wp_die() + **/ + function deny_access() { + $deny_access_message = __( 'Access to this site is restricted.', 'wpcasldap' ); + $current_path = ! empty( $_SERVER['REQUEST_URI'] ) ? esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : home_url(); + if ( property_exists( $wp, 'matched_query' ) && stripos( $wp->matched_query, 'rest_route=' ) === 0 && 'GET' === $_SERVER['REQUEST_METHOD'] ) { + wp_send_json( + array( + 'code' => 'rest_cannot_view', + 'message' => $deny_access_message, + 'data' => array( + 'status' => 401, + ), + ) + ); + } + else { + global $wp_cas_ldap_use_options; + if (isset($wp_cas_ldap_use_options['access_denied_redirect_url']) && !empty($wp_cas_ldap_use_options['access_denied_redirect_url'])) { + // If site relative URL ? + if ($wp_cas_ldap_use_options['access_denied_redirect_url'][0] == '/') { + if ('wordpress_authenticated_users' != $wp_cas_ldap_use_options['who_can_view']) { + wp_redirect( site_url( $wp_cas_ldap_use_options['access_denied_redirect_url'] ) ); + exit(); + } + } + else { + wp_redirect( $wp_cas_ldap_use_options['access_denied_redirect_url'] ); + exit(); + } + } + + $page_title = sprintf( + /* TRANSLATORS: %s: Name of blog */ + __( '%s - Access restricted', 'wpcasldap' ), + get_bloginfo( 'name' ) + ); + $error_message = apply_filters( 'the_content', $deny_access_message ); + wp_die( wp_kses( $error_message, false ), esc_html( $page_title ) ); + } + + // Sanity check: we should never get here. + wp_die( '

Access denied.

', 'Site Access Restricted' ); + } + + /* + * plugins_loaded method hook for WordPress. + * + * Load plugin textdomain + */ + public function plugins_loaded( $wp ) { + $plugin_rel_path = basename( realpath( dirname( __FILE__ ).'/../' ) ) . '/languages'; /* Relative to WP_PLUGIN_DIR */ + load_plugin_textdomain( 'wpcasldap', false, $plugin_rel_path ); + } + } diff --git a/includes/update-network-settings.php b/includes/update-network-settings.php deleted file mode 100644 index 35ca3a2..0000000 --- a/includes/update-network-settings.php +++ /dev/null @@ -1,59 +0,0 @@ -this link.", 'wpcasldap' ), $cas_redirect_url); + $redirect_script = << +if (location.hash) { + var path = location.pathname; + if (path.includes('?')) { + path += '&cas_redirect='; + } + else { + path += '?cas_redirect='; + } + window.location = '$cas_root_redirect_url' + encodeURIComponent(location.origin + path + encodeURIComponent(location.href)); +} +else { + window.location = '$cas_root_redirect_url' + encodeURIComponent(location.href); +} + +EOF; + wp_die("

$title

$message

$noredirect_message

$redirect_script", $title); + } else { + // Authenticate the user + phpCAS::forceAuthentication(); + exit(); + } +} + +/** + * Update and authenticated user + * + * @retval void */ -function wp_cas_ldap_now_puser( $new_user_id ) { +function update_and_auth_user($cas_user, $wordpress_user) { global $wp_cas_ldap_use_options; - $user_data = ''; + + // Initialize return $user_data from Wordpress user infos + $user_data = array ( + 'ID' => $wordpress_user->ID, + 'user_login' => $wordpress_user->user_login, + 'first_name' => $wordpress_user->first_name, + 'last_name' => $wordpress_user->last_name, + 'user_email' => $wordpress_user->user_email, + 'nickname' => $wordpress_user->nickname, + 'user_nicename' => $wordpress_user->user_nicename, + ); + + // Update user information from ldap if ( 'yes' === $wp_cas_ldap_use_options['useldap'] && function_exists( 'ldap_connect' ) ) { - $new_user = get_ldap_user( $new_user_id ); + $existing_user = get_ldap_user( $cas_user ); + if ( $existing_user ) { + $new_user_data = $existing_user->get_user_data( ); + $new_user_data['ID'] = $wordpress_user->ID; - if ( $new_user ) { - $user_data = $new_user->get_user_data(); - } else { - error_log( 'User not found on LDAP Server: ' . $new_user_id ); + // Remove role and password from userdata + unset( $new_user_data['role'] ); + unset( $new_user_data['user_pass'] ); + + $user_id = wp_update_user( $user_data ); + + if ( is_wp_error( $user_id ) ) { + $error_string = $user_id->get_error_message( ); + error_log( 'Update user failed: ' . $error_string ); + echo '

' . $error_string . '

'; + } + else { + $user_data = $new_user_data; + } + } + } + + $user_exists = is_user_member_of_blog( $wordpress_user->ID, $blog_id ); + if ( ! $user_exists ) { + if ( function_exists( 'add_user_to_blog' ) ) { + add_user_to_blog( $blog_id, $wordpress_user->ID, $wp_cas_ldap_use_options['userrole'] ); } - } else { - $user_data = array( - 'user_login' => $new_user_id, - 'user_pass' => generate_password( 32, 64 ), - 'user_email' => $new_user_id . '@' . $wp_cas_ldap_use_options['email_suffix'], - 'role' => $wp_cas_ldap_use_options['userrole'], - ); } + // the CAS user has a WP account + wp_set_auth_cookie($wordpress_user->ID); + + // Update user data in session + $_SESSION['CAS_USER'] = $cas_user; + $_SESSION['CAS_USER_DATA'] = $user_data; + + return $user_data; +} + +/** + * wp_cas_ldap_now_puser function + * + * @param string $new_user_id the username of a user + */ +function wp_cas_ldap_now_puser( $new_user_id ) { + global $wp_cas_ldap_use_options; + $user_data = get_new_user_data( $new_user_id ); + if ( ! function_exists( 'wp_insert_user' ) ) { include_once ( ABSPATH . WPINC . '/registration.php' ); } - if ( $user_data ) { - $user_id = wp_insert_user( $user_data ); - if ( is_wp_error( $user_id ) ) { - $error_string = $user_id->get_error_message( ); - error_log( 'Inserting a user in wp failed: ' . $error_string ); - echo '

' . $error_string . '

'; - return; - } else { - wp_set_auth_cookie( $user_id ); + $user_id = wp_insert_user( $user_data ); + if ( is_wp_error( $user_id ) ) { + $error_string = $user_id->get_error_message( ); + error_log( 'Inserting a user in wp failed: ' . $error_string ); + echo '

' . $error_string . '

'; + return; + } else { + // Set CAS user info in session + $user_data['ID'] = $user_id; + $_SESSION['CAS_USER'] = $new_user_id; + $_SESSION['CAS_USER_DATA'] = $user_data; - if ( isset( $_GET['redirect_to'] ) ) { - wp_redirect( preg_match( '/^http/', $_GET['redirect_to'] ) ? $_GET['redirect_to'] : site_url( ) ); - exit( ); - } + wp_set_auth_cookie( $user_id ); - wp_redirect( site_url( '/wp-admin/' ) ); + if ( isset( $_GET['redirect_to'] ) ) { + wp_redirect( preg_match( '/^http/', $_GET['redirect_to'] ) ? $_GET['redirect_to'] : site_url( ) ); exit( ); } + + wp_redirect( site_url( '/wp-admin/' ) ); + exit( ); } } /** * get_ldap_user function * - * @param string $uid ldap sAMAccountName value to match + * @param string $login User login * @return false|WP_CAS_LDAP_User returns WP_CAS_LDAP_User object as long as user is * found on the ldap server, otherwise false. */ -function get_ldap_user( $uid ) { +function get_ldap_user( $login ) { global $wp_cas_ldap_use_options; $ds = ldap_connect( $wp_cas_ldap_use_options['ldaphost'], $wp_cas_ldap_use_options['ldapport'] ); //Can't connect to LDAP. @@ -100,34 +204,106 @@ function get_ldap_user( $uid ) { if ( ! ldap_set_option( $ds, LDAP_OPT_REFERRALS, 0 ) ) { error_log( 'Failed to set LDAP Referrals to False.' ); } else { - // Get LDAP service sccount username - $ldap_user = $GLOBALS['ldapUser']; - // Get service account associated password - $ldap_pass = $GLOBALS['ldapPassword']; - $bind = ldap_bind( $ds, $ldap_user, $ldap_pass ); + // Get LDAP service account DN/password + $ldap_bind_dn = $wp_cas_ldap_use_options['ldapbinddn']; + $ldap_bind_pwd = $wp_cas_ldap_use_options['ldapbindpwd']; + if (strlen($ldap_bind_pwd) > 0) + $ldap_bind_pwd = wp_cas_ldap_settings :: decrypt($ldap_bind_pwd); + + $bind = ldap_bind( $ds, $ldap_bind_dn, $ldap_bind_pwd ); //Check to make sure we're bound. if ( ! $bind ) { - error_log( 'LDAP Bind failed with Service Account: ' . $ldap_user ); + error_log( 'LDAP Bind failed with Service Account' ); } else { + // Compose LDAP filter string from user login + $filterstr = '('.$wp_cas_ldap_use_options['ldap_map_login_attr'] . '=' . $login.')'; + if ($wp_cas_ldap_use_options['ldap_users_filter']) { + $optional_filterstr = $wp_cas_ldap_use_options['ldap_users_filter']; + if ($optional_filterstr[0] != '(') + $optional_filterstr = "($optional_filterstr)"; + $filterstr = "(&".$optional_filterstr.$filterstr.")"; + } $search = ldap_search( $ds, - $wp_cas_ldap_use_options['ldapbasedn'], - 'sAMAccountName=' . $uid, + ($wp_cas_ldap_use_options['ldap_users_basedn']?$wp_cas_ldap_use_options['ldap_users_basedn']:$wp_cas_ldap_use_options['ldapbasedn']), + $filterstr, array( - 'uid', - 'mail', - 'givenname', - 'sn', - 'rolename', - 'cn', - 'EmployeeID', - 'sAMAccountName', - ),0 + $wp_cas_ldap_use_options['ldap_map_login_attr'], + $wp_cas_ldap_use_options['ldap_map_email_attr'], + $wp_cas_ldap_use_options['ldap_map_alt_email_attr'], + $wp_cas_ldap_use_options['ldap_map_first_name_attr'], + $wp_cas_ldap_use_options['ldap_map_last_name_attr'], + $wp_cas_ldap_use_options['ldap_map_role_attr'], + $wp_cas_ldap_use_options['ldap_map_affiliations_attr'], + $wp_cas_ldap_use_options['ldap_map_nickname_attr'], + $wp_cas_ldap_use_options['ldap_map_nicename_attr'], + ), + 0 ); if($search) { - $info = ldap_get_entries( $ds, $search ); - return new WP_CAS_LDAP_User( $info ); + $count = ldap_count_entries( $ds, $search); + if ($count == 1) { + $entry = ldap_first_entry( $ds, $search ); + $user = new WP_CAS_LDAP_User( + ldap_get_dn( $ds, $entry), + ldap_get_attributes( $ds, $entry) + ); + ldap_free_result($search); + + // Get user's groups (if configured) + if ($wp_cas_ldap_use_options['ldap_groups_filter']) { + + // Generate user's group LDAP filter from user's DN and data + $filterstr = $wp_cas_ldap_use_options['ldap_groups_filter']; + $user_data = $user -> get_user_data(); + if (!preg_match_all("|\{([^\}]+)\}|", $filterstr, $matches, PREG_PATTERN_ORDER)) { + error_log( "Fail to compose user's groups LDAP filter : no keyword to substitute" ); + } + else { + for($i=0;$i get_user_dn(); + elseif (isset($user_data[$info])) + $value = $user_data[$info]; + else { + error_log( "Fail to compose user's groups LDAP filter : unknown keyword '$keyword'" ); + return $user; + } + $filterstr = str_replace($keyword, $value, $filterstr); + } + + // Lookup for user's groups in LDAP + $basedn = ($wp_cas_ldap_use_options['ldap_groups_basedn']?$wp_cas_ldap_use_options['ldap_groups_basedn']:$wp_cas_ldap_use_options['ldapbasedn']); + $search = ldap_search( + $ds, + $basedn, + $filterstr + ); + if(!$search) { + ldap_get_option($ds, LDAP_OPT_DIAGNOSTIC_MESSAGE, $details); + error_log( "Fail to retreive user's groups with filter '$filterstr' on $basedn : ".ldap_error($ds).($details?", details : $details":"") ); + return $user; + } + $data = ldap_get_entries($ds, $search); + $user_groups = array(); + for($i=0; $i < $data['count']; $i++) { + $user_groups[] = $data[$i]['dn']; + } + ldap_free_result($search); + $user -> set_user_groups($user_groups); + } + return $user; + } + } + else { + error_log("Duplicated users found in LDAP for login '$login'."); + } + } + else { + error_log("User not found in LDAP for login '$login'."); } } } @@ -136,3 +312,31 @@ function get_ldap_user( $uid ) { } return false; } + +/** + * get_new_user_data function + * + * @param string $cas_user the username of a user + * @return array returns new user data + */ +function get_new_user_data($cas_user) { + global $wp_cas_ldap_use_options; + + if ( 'yes' === $wp_cas_ldap_use_options['useldap'] && function_exists( 'ldap_connect' ) ) { + $ldap_user = get_ldap_user( $cas_user ); + + if ( $ldap_user ) { + $user_data = $ldap_user->get_user_data(); + if ($user_data) + return $user_data; + } + error_log( 'User not found on LDAP Server: ' . $cas_user ); + } + + return array ( + 'user_login' => $cas_user, + 'user_email' => $cas_user . '@' . $wp_cas_ldap_use_options['email_suffix'], + 'role' => $wp_cas_ldap_use_options['userrole'], + 'user_pass' => generate_password( 32, 64 ), + ); +} diff --git a/includes/wp-cas-ldap-options-page.php b/includes/wp-cas-ldap-options-page.php index 385df91..a2ab6de 100644 --- a/includes/wp-cas-ldap-options-page.php +++ b/includes/wp-cas-ldap-options-page.php @@ -26,7 +26,7 @@ * Phone: +1 425.564.4201 */ -require_once constant( 'CAS_CLIENT_ROOT' ) . '/includes/admin-option-page-functions.php'; +require_once constant( 'CAS_CLIENT_ROOT' ) . '/includes/class-wp-cas-ldap-settings.php'; /** * wp_cas_ldap_options_page function hook for WordPress. @@ -35,10 +35,10 @@ function wp_cas_ldap_options_page( ) { global $wp_cas_ldap_options, $form_action; // Get Options - $option_array_def = wp_cas_ldap_get_options( ); + $option_array_def = wp_cas_ldap_settings :: get_options( ); ?>
-

CAS Client

+

'; settings_fields( 'wpcasldap' ); @@ -52,7 +52,7 @@ function wp_cas_ldap_options_page( ) { ?>

'; _e( 'Save yourself some trouble, open up another browser or use another machine to test logins. That way you can preserve this session to adjust the configuration or deactivate the plugin.', 'wpcasldap' ); echo '"'; @@ -67,7 +67,7 @@ function wp_cas_ldap_options_page( ) {

'; - _e( 'Note: The phpCAS library is required for this plugin to work. We need to know the server path to the CAS.php file.', 'wpcasldap' ); + _e( 'Note: The phpCAS library is required for this plugin to work. We need to know the server absolute path to the CAS.php file.', 'wpcasldap' ); echo ''; ?>

@@ -78,7 +78,7 @@ function wp_cas_ldap_options_page( ) { @@ -86,6 +86,11 @@ function wp_cas_ldap_options_page( ) { '; + if ( isset( $option_array_def['include_path'] ) && !empty( $option_array_def['include_path'] ) && !file_exists( $option_array_def['include_path'] ) ) { + echo "

"; + _e( 'WARNING : The path to CAS.php file currently defined is incorrect!', 'wpcasldap' ); + echo "

"; + } ?> @@ -112,7 +117,7 @@ function wp_cas_ldap_options_page( ) { - + @@ -190,7 +195,79 @@ function wp_cas_ldap_options_page( ) { + + + + + + + +'; +?> + +'; +?> + +'; + _e( "Note: If you disable CAS logout, when a user click on the logout link, he will only be logged off from Wordpress, not from the CAS server (and potential other CAS authenticated services).", 'wpcasldap' ); + echo '

'; +?> + + + + + + + + + + +'; +?> + +'; +?> + +'; + _e( "Note: Using Javascript to redirect user to CAS login page enables to keep hashtag in URL (if present).", 'wpcasldap' ); + echo '

'; +?> + + + + '; - _e( 'Treatment of Unregistered User', 'wpcasldap' ); + _e( 'Treatment of unregistered users', 'wpcasldap' ); echo ''; ?> @@ -212,9 +289,9 @@ function wp_cas_ldap_options_page( ) { @@ -271,6 +348,14 @@ function wp_cas_ldap_options_page( ) { echo '>Administrator'; ?> +

+'; + _e( "Note: This default role is only used to create the user on its first connection. Afterwards, the user role could be configured in Wordpress and will not be overwritten from LDAP.", 'wpcasldap' ); + echo ''; +?> +

+ '; ?> - + '; ?> - + '; + echo '

'; + _e( "Note: This suffix is used to constitute user email if it couldn't be retreived from LDAP. You must only enter the email domain name (without the '@').", 'wpcasldap' ); + echo '

'; ?> @@ -339,6 +427,8 @@ function wp_cas_ldap_options_page( ) { if ( function_exists( 'ldap_connect' ) ) { if ( ! isset( $wp_cas_ldap_options['ldapbasedn'] ) || + ! isset( $wp_cas_ldap_options['ldapbinddn'] ) || + ! isset( $wp_cas_ldap_options['ldapbindpwd'] ) || ! isset( $wp_cas_ldap_options['ldapport'] ) || ! isset( $wp_cas_ldap_options['ldaphost'] ) ) { echo '

'; @@ -410,16 +500,264 @@ function wp_cas_ldap_options_page( ) { ?> + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
@@ -224,13 +301,13 @@ function wp_cas_ldap_options_page( ) { echo ( 'yes' === $option_array_def['useradd'] ) ? 'checked="checked"' : ''; echo ' />'; ?> - + '; ?> - +
+ + +'; +?> +
+ + + 0) + echo wp_cas_ldap_settings :: decrypt($option_array_def['ldapbindpwd']); + echo '" />'; +?> +
+ + +'; + echo '

'; + _e( "Note: This parameter is optional. The base DN of the LDAP server is used otherwise.", 'wpcasldap' ); + echo '

'; +?> +
+ + +'; + echo '

'; + _e( "Note: This parameter is optional. If it's provided, this filter will be combined with the LDAP filter generating from the user's login.", 'wpcasldap' ); + echo '

'; +?> +
+ + +'; + echo '

'; + _e( "Note: This parameter is optional. The base DN of the LDAP server is used otherwise.", 'wpcasldap' ); + echo '

'; +?> +
+ + +'; + echo '

'; + _e( "Note: This parameter is required to retreive the user's groups. In this filter, the keywords enclosed by brace will be replace by user's corresponding information. For instance, {user_login} will be replace by the user's login or {user_email} by the user's email. You also can use the keyword {user_dn} that will be replaced by the LDAP user object's DN.", 'wpcasldap' ); + echo '

'; +?> +
+'; + _e( 'LDAP attributes mapping', 'wpcasldap' ); + echo ''; + echo '

'; + _e( "You have to configure here which LDAP attributes could be mapped with Wordpress user profil information.", 'wpcasldap' ); + echo '

'; +?> + + __('the login', 'wpcasldap'), + 'first_name' => __('the first name', 'wpcasldap'), + 'last_name' => __('the last name', 'wpcasldap'), + 'nickname' => __('the nickname', 'wpcasldap'), + 'nicename' => __('the nice name', 'wpcasldap'), + 'role' => __('the role', 'wpcasldap'), + 'affiliations' => __('the affiliations', 'wpcasldap'), + 'email' => __('the email', 'wpcasldap'), + 'alt_email' => __('the alternative email', 'wpcasldap'), + ); + foreach($map_attrs as $key => $label) { + if (! isset( $wp_cas_ldap_options['ldap_map_'.$key.'_attr'] )) { +?> + + + + + +
+ + +'; +?> +
'; + _e( 'Site access restriction', 'wpcasldap' ); + echo ''; ?> +

+ +

    +
  • CAS authenticated users, the user will be authenticated using CAS and authenticated in Wordpress only if he already has an account.", 'wpcasldap' ); ?>
    • +
  • Wordpress authenticated users, the user will be authenticated using CAS and authenticated in Wordpress if he already has an account or if you choose to allow adding user in database. Otherwise, the access will be denied.", 'wpcasldap' ); ?>
    • +
  • everyone, no restriction will be applied.", 'wpcasldap'); ?>
    • +
+

+ + + + + + + + + + + + + + +
+ + + +
+ + +'; +?> +
- +
\n" -"Language-Team: LANGUAGE \n" - -#: includes/class-wp-cas-ldap.php:50 includes/class-wp-cas-ldap.php:119 -msgid "WordPress CAS Client plugin not configured" -msgstr "" - -#: includes/class-wp-cas-ldap.php:102 -msgid "you do not have permission here" -msgstr "" - -#: includes/class-wp-cas-ldap.php:152 -msgid "Sorry, this feature is disabled." -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:46 -msgid "Configuration settings for WordPress CAS Client" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:50 -msgid "Note" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:55 -msgid "" -"Now that you’ve activated this plugin, WordPress is attempting to " -"authenticate using CAS, even if it’s not configured or misconfigured." -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:57 -msgid "" -"Save yourself some trouble, open up another browser or use another machine " -"to test logins. That way you can preserve this session to adjust the " -"configuration or deactivate the plugin." -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:64 -msgid "phpCAS include path" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:70 -msgid "" -"Note: The phpCAS library is required for this plugin to work. We need to " -"know the server path to the CAS.php file." -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:81 -msgid "CAS.php Path" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:102 -msgid "phpCAS::client() parameters" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:113 -msgid "CAS version" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:140 -msgid "Server Hostname" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:160 -msgid "Server Port" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:180 -msgid "Server Path" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:204 -msgid "Treatment of Unregistered User" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:215 -msgid "Add to Database" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:245 -msgid "Default Role" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:285 -msgid "Use LDAP to get user info" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:320 -msgid "E-mail Suffix" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:345 -msgid "LDAP parameters" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:357 -msgid "LDAP Host" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:379 -msgid "LDAP Port" -msgstr "" - -#: includes/wp-cas-ldap-options-page.php:401 -msgid "LDAP Base DN" -msgstr "" - -#. Plugin Name of the plugin/theme -msgid "WordPress CAS Client" -msgstr "" - -#. Plugin URI of the plugin/theme -msgid "https://github.com/BellevueCollege/wordpress-cas-client" -msgstr "" - -#. Description of the plugin/theme -msgid "" -"Integrates WordPress with existing CAS single sign-on architectures. " -"Additionally this plugin can use a LDAP server (such as Active Directory) " -"for populating user information after the user has successfully logged on to " -"WordPress. This plugin is a fork of the wpCAS-w-LDAP plugin." -msgstr "" - -#. Author of the plugin/theme -msgid "Bellevue College" -msgstr "" - -#. Author URI of the plugin/theme -msgid "http://www.bellevuecollege.edu" -msgstr "" diff --git a/languages/README.md b/languages/README.md new file mode 100644 index 0000000..abce092 --- /dev/null +++ b/languages/README.md @@ -0,0 +1,22 @@ +Translation how-to +================== + +The wpcasldap.pot file +--------------------------------- +This file contain the strings to translate. It could be generated using the _xgettext_ command. + +To generate _wpcasldap.pot_ file, please run the following command __in the plugin root directory__ : + + xgettext --from-code utf-8 \ + -o "languages/wpcasldap.pot" \ + --omit-header \ + --copyright-holder="Bellevue College" \ + --keyword="__" \ + --keyword="_e" \ + $( find -name "*.php" ) + +The wpcasldap-xx_YY.po and wpcasldap-xx_YY.mo files +------------------------------------------------------------------- +This files contains the translated strings for a specific language. +The _MO_ files are the compiled version of the _PO_ files. +These files could be created using tool like [poedit](https://poedit.net/). diff --git a/languages/wpcasldap-fr_FR.mo b/languages/wpcasldap-fr_FR.mo new file mode 100644 index 0000000..0e8617c Binary files /dev/null and b/languages/wpcasldap-fr_FR.mo differ diff --git a/languages/wpcasldap-fr_FR.po b/languages/wpcasldap-fr_FR.po new file mode 100644 index 0000000..0995ed9 --- /dev/null +++ b/languages/wpcasldap-fr_FR.po @@ -0,0 +1,420 @@ +msgid "" +msgstr "" +"Project-Id-Version: \n" +"POT-Creation-Date: \n" +"PO-Revision-Date: \n" +"Last-Translator: \n" +"Language-Team: \n" +"Language: fr_FR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.8.11\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#: includes/class-wp-cas-ldap.php:82 +msgid "You are now logged off." +msgstr "Vous êtes maintenant déconnecté(e)." + +#: includes/class-wp-cas-ldap.php:89 +#: includes/wordpress-cas-client-functions.php:42 +msgid "WordPress CAS Client plugin not configured." +msgstr "Le plugin Wordpress CAS Client n'est pas configuré." + +#: includes/class-wp-cas-ldap.php:124 +msgid "Sorry, this feature is disabled." +msgstr "Désolé, cette fonctionnalité est désactivée." + +#: includes/class-wp-cas-ldap.php:125 +msgid "Feature disabled" +msgstr "Fonctionnalité désactivée" + +#: includes/class-wp-cas-ldap.php:236 +msgid "Access to this site is restricted." +msgstr "L'accès à ce site est restreint." + +#: includes/class-wp-cas-ldap.php:267 +#, php-format +msgid "%s - Access restricted" +msgstr "%s - Accès restreint" + +#: includes/wordpress-cas-client-functions.php:59 +msgid "Authentication" +msgstr "Authentification" + +#: includes/wordpress-cas-client-functions.php:60 +msgid "Please wait" +msgstr "Merci de patienter" + +#: includes/wordpress-cas-client-functions.php:61 +msgid "You will be redirected soon to the login page." +msgstr "Vous allez être redirigé(e) vers la page de connexion." + +#: includes/wordpress-cas-client-functions.php:62 +#, php-format +msgid "" +"If you aren't automatically redirected, please click on this " +"link." +msgstr "" +"Si vous n'êtes pas automatiquement redirigé(e), merci de cliquer sur ce lien." + +#: includes/wp-cas-ldap-options-page.php:41 +msgid "CAS Client" +msgstr "Client CAS" + +#: includes/wp-cas-ldap-options-page.php:46 +msgid "Configuration settings for WordPress CAS Client" +msgstr "Paramètres de configuration de WordPress CAS Client" + +#: includes/wp-cas-ldap-options-page.php:50 +msgid "Note" +msgstr "Remarque" + +#: includes/wp-cas-ldap-options-page.php:55 +msgid "" +"Now that you've activated this plugin, WordPress is attempting to " +"authenticate using CAS, even if it's not configured or misconfigured." +msgstr "" +"Maintenant que ce plugin est activé, WordPress tente d'authentifier en " +"utilisant CAS, même si il n'est pas (ou mal) configuré." + +#: includes/wp-cas-ldap-options-page.php:57 +msgid "" +"Save yourself some trouble, open up another browser or use another machine " +"to test logins. That way you can preserve this session to adjust the " +"configuration or deactivate the plugin." +msgstr "" +"Il est recommandé de tester la connexion depuis un autre navigateur ou un " +"autre ordinateur. De cette façon, vous pouvez conserver cette session pour " +"ajuster la configuration ou désactiver le plug-in au besoin." + +#: includes/wp-cas-ldap-options-page.php:64 +msgid "phpCAS include path" +msgstr "Chemin d'inclusion de phpCAS" + +#: includes/wp-cas-ldap-options-page.php:70 +msgid "" +"Note: The phpCAS library is required for this plugin to work. We need to " +"know the server absolute path to the CAS.php file." +msgstr "" +"Remarque : La librairie phpCAS est indispensable pour que ce plugin " +"fonctionne. Vous devez connaître le chemin absolu du fichier CAS.php sur le " +"serveur." + +#: includes/wp-cas-ldap-options-page.php:81 +msgid "CAS.php path" +msgstr "Chemin du fichier CAS.php" + +#: includes/wp-cas-ldap-options-page.php:91 +msgid "WARNING : The path to CAS.php file currently defined is incorrect!" +msgstr "ATTENTION : Le chemin du fichier CAS.php renseigné est incorrect !" + +#: includes/wp-cas-ldap-options-page.php:107 +msgid "phpCAS::client() parameters" +msgstr "Paramètres de phpCAS::client()" + +#: includes/wp-cas-ldap-options-page.php:118 +msgid "CAS version" +msgstr "Version de CAS" + +#: includes/wp-cas-ldap-options-page.php:145 +msgid "Server Hostname" +msgstr "Nom du serveur" + +#: includes/wp-cas-ldap-options-page.php:165 +msgid "Server Port" +msgstr "Port du serveur" + +#: includes/wp-cas-ldap-options-page.php:185 +msgid "Server Path" +msgstr "Chemin du serveur" + +#: includes/wp-cas-ldap-options-page.php:205 +msgid "Disable CAS logout" +msgstr "Désactiver la déconnexion CAS" + +#: includes/wp-cas-ldap-options-page.php:217 +#: includes/wp-cas-ldap-options-page.php:252 +#: includes/wp-cas-ldap-options-page.php:304 +#: includes/wp-cas-ldap-options-page.php:381 +msgid "Yes" +msgstr "Oui" + +#: includes/wp-cas-ldap-options-page.php:223 +#: includes/wp-cas-ldap-options-page.php:258 +#: includes/wp-cas-ldap-options-page.php:310 +#: includes/wp-cas-ldap-options-page.php:388 +msgid "No" +msgstr "Non" + +#: includes/wp-cas-ldap-options-page.php:226 +msgid "" +"Note: If you disable CAS logout, when a user click on the logout link, he " +"will only be logged off from Wordpress, not from the CAS server (and " +"potential other CAS authenticated services)." +msgstr "" +"Remarque : Si vous désactivez la déconnexion CAS, quand l'utilisateur " +"cliquera sur le lien de déconnexion, il sera déconnecté uniquement au niveau " +"de WordPress, et non au niveau du serveur CAS (et potentiellement des autres " +"services utilisant l'authentification CAS)." + +#: includes/wp-cas-ldap-options-page.php:240 +msgid "Redirect to CAS login page using Javascript" +msgstr "Rediriger vers la page de connexion CAS en utilisant Javascript" + +#: includes/wp-cas-ldap-options-page.php:261 +msgid "" +"Note: Using Javascript to redirect user to CAS login page enables to keep " +"hashtag in URL (if present)." +msgstr "" +"Remarque : Utiliser Javascript pour rediriger l'utilisateur vers la page de " +"connexion CAS permet de conserver l'hashtag dans l'URL (s'il est présent)." + +#: includes/wp-cas-ldap-options-page.php:281 +msgid "Treatment of unregistered users" +msgstr "Traitement des utilisateurs non-inscris" + +#: includes/wp-cas-ldap-options-page.php:292 +msgid "Add to database" +msgstr "Ajouter à la base de données" + +#: includes/wp-cas-ldap-options-page.php:322 +msgid "Default role" +msgstr "Rôle par défaut" + +#: includes/wp-cas-ldap-options-page.php:354 +msgid "" +"Note: This default role is only used to create the user on its first " +"connection. Afterwards, the user role could be configured in Wordpress and " +"will not be overwritten from LDAP." +msgstr "" +"Remarque : Ce rôle par défaut est uniquement utilisé pour créer " +"l'utilisateur lors de sa première connexion. Par la suite, le rôle de " +"l'utilisateur peut-être configuré dans Wordpress et ne sera écrasé depuis le " +"LDAP." + +#: includes/wp-cas-ldap-options-page.php:370 +msgid "Use LDAP to get user info" +msgstr "Utiliser LDAP pour récupérer les informations de l'utilisateur" + +#: includes/wp-cas-ldap-options-page.php:405 +msgid "E-mail Suffix" +msgstr "Suffixe du courriel" + +#: includes/wp-cas-ldap-options-page.php:416 +msgid "" +"Note: This suffix is used to constitute user email if it couldn't be " +"retreived from LDAP. You must only enter the email domain name (without the " +"'@')." +msgstr "" +"Remarque : Ce suffixe est utilisé pour composer le courriel de l'utilisateur " +"si celui-ci n'a pu être récupéré depuis LDAP. Vous devez saisir uniquement " +"le nom de domaine de messagerie (sans le '@')." + +#: includes/wp-cas-ldap-options-page.php:435 +msgid "LDAP parameters" +msgstr "Paramètres LDAP" + +#: includes/wp-cas-ldap-options-page.php:447 +msgid "LDAP Host" +msgstr "Serveur LDAP" + +#: includes/wp-cas-ldap-options-page.php:469 +msgid "LDAP Port" +msgstr "Port du serveur LDAP" + +#: includes/wp-cas-ldap-options-page.php:491 +msgid "LDAP Base DN" +msgstr "Base DN du serveur LDAP" + +#: includes/wp-cas-ldap-options-page.php:512 +msgid "LDAP Bind DN" +msgstr "DN de connexion au serveur LDAP" + +#: includes/wp-cas-ldap-options-page.php:529 +msgid "LDAP Bind password" +msgstr "Mot de passe de connexion au serveur LDAP" + +#: includes/wp-cas-ldap-options-page.php:551 +msgid "LDAP users Base DN" +msgstr "Base DN des utilisateurs LDAP" + +#: includes/wp-cas-ldap-options-page.php:561 +#: includes/wp-cas-ldap-options-page.php:609 +msgid "" +"Note: This parameter is optional. The base DN of the LDAP server is used " +"otherwise." +msgstr "" +"Remarque : Ce paramètre est optionnel. Le base DN du serveur LDAP sera " +"utilisé à défaut." + +#: includes/wp-cas-ldap-options-page.php:575 +msgid "LDAP users filter" +msgstr "Filtre de recherche des utilisateurs LDAP" + +#: includes/wp-cas-ldap-options-page.php:585 +msgid "" +"Note: This parameter is optional. If it's provided, this filter will be " +"combined with the LDAP filter generating from the user's login." +msgstr "" +"Remarque : Ce paramètre est optionnel. S'il est fourni, ce filtre sera " +"combiné avec le filtre LDAP généré à partir de l'identifiant de " +"l'utilisateur." + +#: includes/wp-cas-ldap-options-page.php:599 +msgid "LDAP groups Base DN" +msgstr "Base DN des groupes LDAP" + +#: includes/wp-cas-ldap-options-page.php:623 +msgid "LDAP groups filter" +msgstr "Filtre de recherche des groupes LDAP" + +#: includes/wp-cas-ldap-options-page.php:633 +msgid "" +"Note: This parameter is required to retreive the user's groups. In this " +"filter, the keywords enclosed by brace will be replace by user's " +"corresponding information. For instance, {user_login} will be replace by the " +"user's login or {user_email} by the user's email. You also can use the " +"keyword {user_dn} that will be replaced by the LDAP user object's DN." +msgstr "" +"Remarque : Ce paramètre est obligatoire pour récupérer les groupes de " +"l'utilisateur. Dans ce filtre, les mots clé entourés par des accolades " +"seront remplacés par les informations correspondantes de l'utilisateur. Par " +"exemple, {user_login} sera remplacé par l'identifiant de l'utilisateur ou " +"{user_email} par l'email de l'utilisateur. Vous pouvez également utiliser le " +"mot clé {user_dn} qui sera remplacé par le DN de l'objet LDAP de " +"l'utilisateur." + +#: includes/wp-cas-ldap-options-page.php:644 +msgid "LDAP attributes mapping" +msgstr "Correspondance des attributs LDAP" + +#: includes/wp-cas-ldap-options-page.php:647 +msgid "" +"You have to configure here which LDAP attributes could be mapped with " +"Wordpress user profil information." +msgstr "" +"Vous devez configurer ici quels attributs LDAP peuvent être utilisés pour " +"renseigner les informations du profil de l'utilisateur dans Wordpress." + +#: includes/wp-cas-ldap-options-page.php:653 +msgid "the login" +msgstr "l'identifiant" + +#: includes/wp-cas-ldap-options-page.php:654 +msgid "the first name" +msgstr "le prénom" + +#: includes/wp-cas-ldap-options-page.php:655 +msgid "the last name" +msgstr "le nom de famille" + +#: includes/wp-cas-ldap-options-page.php:656 +msgid "the nickname" +msgstr "le surnom" + +#: includes/wp-cas-ldap-options-page.php:657 +msgid "the nice name" +msgstr "le nom d'affichage" + +#: includes/wp-cas-ldap-options-page.php:658 +msgid "the role" +msgstr "le rôle" + +#: includes/wp-cas-ldap-options-page.php:659 +msgid "the affiliations" +msgstr "les affiliations" + +#: includes/wp-cas-ldap-options-page.php:660 +msgid "the email" +msgstr "le courriel" + +#: includes/wp-cas-ldap-options-page.php:661 +msgid "the alternative email" +msgstr "le courriel alternatif" + +#: includes/wp-cas-ldap-options-page.php:670 +#, php-format +msgid "LDAP attribut for %s" +msgstr "L'attribut LDAP pour %s" + +#: includes/wp-cas-ldap-options-page.php:694 +msgid "Site access restriction" +msgstr "Restriction d'accès au site" + +#: includes/wp-cas-ldap-options-page.php:698 +msgid "You can restrict access to the public website here:" +msgstr "Vous pouvez restreindre l'accès au site public ici :" + +#: includes/wp-cas-ldap-options-page.php:700 +msgid "" +"If you choose to allow access only to CAS authenticated users, the " +"user will be authenticated using CAS and authenticated in Wordpress only if " +"he already has an account." +msgstr "" +"Si vous choisissez d'autoriser l'accès uniquement aux utilisateurs " +"authentifiés via CAS, l'utilisateur sera authentifié via CAS puis via " +"Wordpress uniquement s'il y possède déjà un compte utilisateur." + +#: includes/wp-cas-ldap-options-page.php:701 +msgid "" +"If you choose to allow access only to Wordpress authenticated users, the user will be authenticated using CAS and authenticated in Wordpress " +"if he already has an account or if you choose to allow adding user in " +"database. Otherwise, the access will be denied." +msgstr "" +"Si vous choisissez d'autoriser l'accès uniquement aux utilisateurs " +"authentifiés par Wordpress, l'utilisateur sera authentifié via CAS puis " +"via Wordpress s'il y possède déjà un compte utilisateur ou si vous avez " +"choisi d'autoriser l'ajout des utilisateurs non-inscrits dans la base de " +"données. Autrement, l'accès sera refusé." + +#: includes/wp-cas-ldap-options-page.php:702 +msgid "" +"If you choose to allow access to everyone, no restriction will be " +"applied." +msgstr "" +"Si vous choisissez d'autoriser l'accès à tout le monde, aucune " +"restriction ne sera appliquée." + +#: includes/wp-cas-ldap-options-page.php:711 +msgid "Restrict site access to" +msgstr "Restreindre l'accès à" + +#: includes/wp-cas-ldap-options-page.php:720 +msgid "Everyone" +msgstr "Tout le monde" + +#: includes/wp-cas-ldap-options-page.php:724 +msgid "CAS authenticated users" +msgstr "aux utilisateurs authentifiés via CAS" + +#: includes/wp-cas-ldap-options-page.php:728 +msgid "Wordpress authenticated users" +msgstr "aux utilisateurs authentifiés via Wordpress" + +#: includes/wp-cas-ldap-options-page.php:744 +msgid "Access denied redirect URL" +msgstr "URL de redirection en cas d'accès interdit" + +#: includes/wp-cas-ldap-options-page.php:760 +msgid "Save" +msgstr "Enregistrer" + +#~ msgid "" +#~ "Note: This default role is only used to create the user on its first " +#~ "connection. Afterwards, the user role could be configured in Wordpress " +#~ "and will not be overwritten by LDAP information." +#~ msgstr "" +#~ "Remarque : Ce rôle par défaut est uniquement utilisé pour créer " +#~ "l'utilisateur lors de sa première connexion. Par la suite, le rôle de " +#~ "l'utilisateur peut-être configuré dans Wordpress et ne sera écrasé depuis " +#~ "le LDAP." + +#~ msgid "" +#~ "If you aren't automatically redirected, please click on this " +#~ "link." +#~ msgstr "" +#~ "Si vous n'êtes pas redirigé(e) automatiquement, merci de cliquer sur ce lien." diff --git a/languages/wpcasldap.pot b/languages/wpcasldap.pot new file mode 100644 index 0000000..71d8b65 --- /dev/null +++ b/languages/wpcasldap.pot @@ -0,0 +1,342 @@ +#: includes/class-wp-cas-ldap.php:82 +msgid "You are now logged off." +msgstr "" + +#: includes/class-wp-cas-ldap.php:89 +#: includes/wordpress-cas-client-functions.php:42 +msgid "WordPress CAS Client plugin not configured." +msgstr "" + +#: includes/class-wp-cas-ldap.php:124 +msgid "Sorry, this feature is disabled." +msgstr "" + +#: includes/class-wp-cas-ldap.php:125 +msgid "Feature disabled" +msgstr "" + +#: includes/class-wp-cas-ldap.php:236 +msgid "Access to this site is restricted." +msgstr "" + +#: includes/class-wp-cas-ldap.php:267 +#, php-format +msgid "%s - Access restricted" +msgstr "" + +#: includes/wordpress-cas-client-functions.php:59 +msgid "Authentication" +msgstr "" + +#: includes/wordpress-cas-client-functions.php:60 +msgid "Please wait" +msgstr "" + +#: includes/wordpress-cas-client-functions.php:61 +msgid "You will be redirected soon to the login page." +msgstr "" + +#: includes/wordpress-cas-client-functions.php:62 +#, php-format +msgid "" +"If you aren't automatically redirected, please click on this " +"link." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:41 +msgid "CAS Client" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:46 +msgid "Configuration settings for WordPress CAS Client" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:50 +msgid "Note" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:55 +msgid "" +"Now that you've activated this plugin, WordPress is attempting to " +"authenticate using CAS, even if it's not configured or misconfigured." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:57 +msgid "" +"Save yourself some trouble, open up another browser or use another machine " +"to test logins. That way you can preserve this session to adjust the " +"configuration or deactivate the plugin." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:64 +msgid "phpCAS include path" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:70 +msgid "" +"Note: The phpCAS library is required for this plugin to work. We need to " +"know the server absolute path to the CAS.php file." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:81 +msgid "CAS.php path" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:91 +msgid "WARNING : The path to CAS.php file currently defined is incorrect!" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:107 +msgid "phpCAS::client() parameters" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:118 +msgid "CAS version" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:145 +msgid "Server Hostname" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:165 +msgid "Server Port" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:185 +msgid "Server Path" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:205 +msgid "Disable CAS logout" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:217 +#: includes/wp-cas-ldap-options-page.php:252 +#: includes/wp-cas-ldap-options-page.php:304 +#: includes/wp-cas-ldap-options-page.php:381 +msgid "Yes" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:223 +#: includes/wp-cas-ldap-options-page.php:258 +#: includes/wp-cas-ldap-options-page.php:310 +#: includes/wp-cas-ldap-options-page.php:388 +msgid "No" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:226 +msgid "" +"Note: If you disable CAS logout, when a user click on the logout link, he " +"will only be logged off from Wordpress, not from the CAS server (and " +"potential other CAS authenticated services)." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:240 +msgid "Redirect to CAS login page using Javascript" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:261 +msgid "" +"Note: Using Javascript to redirect user to CAS login page enables to keep " +"hashtag in URL (if present)." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:281 +msgid "Treatment of unregistered users" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:292 +msgid "Add to database" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:322 +msgid "Default role" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:354 +msgid "" +"Note: This default role is only used to create the user on its first " +"connection. Afterwards, the user role could be configured in Wordpress and " +"will not be overwritten from LDAP." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:370 +msgid "Use LDAP to get user info" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:405 +msgid "E-mail Suffix" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:416 +msgid "" +"Note: This suffix is used to constitute user email if it couldn't be " +"retreived from LDAP. You must only enter the email domain name (without the " +"'@')." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:435 +msgid "LDAP parameters" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:447 +msgid "LDAP Host" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:469 +msgid "LDAP Port" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:491 +msgid "LDAP Base DN" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:512 +msgid "LDAP Bind DN" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:529 +msgid "LDAP Bind password" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:551 +msgid "LDAP users Base DN" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:561 +#: includes/wp-cas-ldap-options-page.php:609 +msgid "" +"Note: This parameter is optional. The base DN of the LDAP server is used " +"otherwise." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:575 +msgid "LDAP users filter" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:585 +msgid "" +"Note: This parameter is optional. If it's provided, this filter will be " +"combined with the LDAP filter generating from the user's login." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:599 +msgid "LDAP groups Base DN" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:623 +msgid "LDAP groups filter" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:633 +msgid "" +"Note: This parameter is required to retreive the user's groups. In this " +"filter, the keywords enclosed by brace will be replace by user's " +"corresponding information. For instance, {user_login} will be replace by the " +"user's login or {user_email} by the user's email. You also can use the " +"keyword {user_dn} that will be replaced by the LDAP user object's DN." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:644 +msgid "LDAP attributes mapping" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:647 +msgid "" +"You have to configure here which LDAP attributes could be mapped with " +"Wordpress user profil information." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:653 +msgid "the login" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:654 +msgid "the first name" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:655 +msgid "the last name" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:656 +msgid "the nickname" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:657 +msgid "the nice name" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:658 +msgid "the role" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:659 +msgid "the affiliations" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:660 +msgid "the email" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:661 +msgid "the alternative email" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:670 +#, php-format +msgid "LDAP attribut for %s" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:694 +msgid "Site access restriction" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:698 +msgid "You can restrict access to the public website here:" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:700 +msgid "" +"If you choose to allow access only to CAS authenticated users, the " +"user will be authenticated using CAS and authenticated in Wordpress only if " +"he already has an account." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:701 +msgid "" +"If you choose to allow access only to Wordpress authenticated users, the user will be authenticated using CAS and authenticated in Wordpress " +"if he already has an account or if you choose to allow adding user in " +"database. Otherwise, the access will be denied." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:702 +msgid "" +"If you choose to allow access to everyone, no restriction will be " +"applied." +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:711 +msgid "Restrict site access to" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:720 +msgid "Everyone" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:724 +msgid "CAS authenticated users" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:728 +msgid "Wordpress authenticated users" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:744 +msgid "Access denied redirect URL" +msgstr "" + +#: includes/wp-cas-ldap-options-page.php:760 +msgid "Save" +msgstr "" diff --git a/wordpress-cas-client.php b/wordpress-cas-client.php index 219a631..ceed55b 100644 --- a/wordpress-cas-client.php +++ b/wordpress-cas-client.php @@ -1,13 +1,18 @@ CAS single sign-on architectures. Additionally this plugin can use a LDAP server (such as Active Directory) for populating user information after the user has successfully logged on to WordPress. This plugin is a fork of the wpCAS-w-LDAP plugin. -Version: 1.4 -Author: Bellevue College -Author URI: http://www.bellevuecollege.edu -License: GNU General Public License v2 or later -Plugin URI: BellevueCollege/wordpress-cas-client -*/ + * Plugin Name: WordPress CAS Client + * Description: Integrates WordPress with existing CAS + * single sign-on architectures. Additionally this plugin can use a LDAP server (such as Active Directory) for populating user + * information after the user has successfully logged on to WordPress. This plugin is a fork of the + * wpCAS-w-LDAP plugin. + * Version: 1.4 + * Author: Bellevue College + * Author URI: http://www.bellevuecollege.edu + * Text Domain: wpcasldap + * Domain Path: /languages + * License: GNU General Public License v2 or later + * Plugin URI: BellevueCollege/wordpress-cas-client + */ /* * WordPress CAS Client plugin used to authenticate users against a CAS server @@ -53,10 +58,10 @@ define( 'CAPABILITY', 'edit_themes' ); define( 'CAS_CLIENT_ROOT', dirname( __FILE__ ) ); -require_once constant( 'CAS_CLIENT_ROOT' ) . '/includes/admin-option-page-functions.php'; +require_once constant( 'CAS_CLIENT_ROOT' ) . '/includes/class-wp-cas-ldap-settings.php'; require_once constant( 'CAS_CLIENT_ROOT' ) . '/includes/class-wp-cas-ldap.php'; -require_once constant( 'CAS_CLIENT_ROOT' ) . '/includes/update-network-settings.php'; -require_once constant( 'CAS_CLIENT_ROOT' ) . '/config.php'; +if (file_exists(constant( 'CAS_CLIENT_ROOT' ) . '/config.php')) + require_once constant( 'CAS_CLIENT_ROOT' ) . '/config.php'; /* * Configure plugin WordPress Hooks @@ -66,8 +71,6 @@ * This global variable is set to either 'get_option' or 'get_site_option' * depending on multisite option value. */ -global $get_options_func; -$get_options_func = 'get_option'; /* * This global variable is defaulted to 'options.php' , but for network @@ -76,17 +79,15 @@ global $form_action; $form_action = 'options.php'; -if ( is_multisite( ) ) { - update_network_settings( ); - add_action( 'network_admin_menu', 'cas_client_settings' ); - - $get_options_func = 'get_site_option'; +if ( wp_cas_ldap_settings :: is_enabled_for_network( ) ) { + add_action( 'network_admin_menu', array ( 'wp_cas_ldap_settings', 'add_cas_client_network_admin_menu' ) ); $form_action = ''; } elseif ( is_admin( ) ) { - add_action( 'admin_init', 'wp_cas_ldap_register_settings' ); - add_action( 'admin_menu', 'wp_cas_ldap_options_page_add' ); + add_action( 'admin_init', array ( 'wp_cas_ldap_settings', 'register_settings' ) ); + add_action( 'admin_menu', array ( 'wp_cas_ldap_settings', 'add_cas_client_admin_menu' ) ); } +add_action( 'plugins_loaded', array( 'WP_CAS_LDAP', 'plugins_loaded' ) ); add_action( 'wp_authenticate', array( 'WP_CAS_LDAP', 'authenticate' ), 10, 2 ); add_action( 'wp_logout', array( 'WP_CAS_LDAP', 'logout' ) ); add_action( 'lost_password', array( 'WP_CAS_LDAP', 'disable_function' ) ); @@ -94,6 +95,8 @@ add_action( 'password_reset', array( 'WP_CAS_LDAP', 'disable_function' ) ); add_filter( 'show_password_fields', array( 'WP_CAS_LDAP', 'show_password_fields' ) ); +add_action( 'parse_request', array( 'WP_CAS_LDAP', 'restrict_access' ), 9 ); + /* * Prevent 'Password Changed' email from being sent * @@ -109,7 +112,7 @@ } } -$wp_cas_ldap_use_options = wp_cas_ldap_get_options( ); +$wp_cas_ldap_use_options = wp_cas_ldap_settings :: get_options( ); global $cas_configured; $cas_configured = false;