diff --git a/Crowd-Login-Admin.php b/Crowd-Login-Admin.php index ddec6d6..2c973f5 100644 --- a/Crowd-Login-Admin.php +++ b/Crowd-Login-Admin.php @@ -1,68 +1,65 @@ - - - - -
- -
-
-

Settings

-

These are rather important.

-

Application Name:
-
-*The application name given to you by your Crowd administrator. Example: crowd_app -

-

Application Password:
-
-*The application password given to you by your Crowd administrator. -

-

Crowd URL:
-
-*Example: https://crowd.example.local:8443/crowd -

- - -
-
-

Advanced

-

For the intrepid and daring among you.

-

Login mode:
- >
- >
->

-

For latter two options, create account as:
- -

-

-Security mode:
- >
- >
-

-
-
-
-

Test Settings

-

Use this form as a limited test for those settings you saved.* This will test user creation and group membership. If settings don't work, use another browser to try actually logging in. (unless you'd rather get locked out)

-

*You did save them, right?

-
-

Username:
- -

Password:
- -

- - -
-

-

Test Results:

+ +
+ +
+
+

Settings

+

These are rather important.

+
+

+ Application Name:
+
+ *The application name given to you by your Crowd administrator. Example: crowd_app +

+
+
+

+ Application Password:
+
+ *The application password given to you by your Crowd administrator. +

+
+

+ Crowd URL:
+
+ *Example: https://crowd.example.local:8443/crowd +

+ + +
+
+

Advanced

+

For the intrepid and daring among you.

+

Login mode: +

+
+ /> + +
+
+ /> + +
+
+ /> + +
+
+ /> + +
+
+

+

+ Security mode:
+ >
+ >
+

+
+
+
+

Test Settings

+

Use this form as a limited test for those settings you saved.* This will test user creation and group membership. If settings don't work, use another browser to try actually logging in. (unless you'd rather get locked out)

+

*You did save them, right?

+
+

+ Username:
+ +

+

Password:
+ +

+ + +
+

+

Test Results:

+ +

+
+ + Debug Info:
"; + echo "crowd_directory_type: ".get_option("crowd_directory_type")."/".$_POST['LDAP']."
"; + echo "crowd_login_mode: ".get_option("crowd_login_mode")."/".$_POST['mode']."
"; + echo "crowd_group: ".get_option("crowd_group")."/".$_POST['group_name']."
"; + echo "crowd_account_type: ".get_option("crowd_account_type")."/".$_POST['create_type']."

"; + } + ?>
-*/ -//Echo settings -if($debug == "true") -{ -echo "

Debug Info:
"; -echo "crowd_directory_type: ".get_option("crowd_directory_type")."/".$_POST['LDAP']."
"; -echo "crowd_login_mode: ".get_option("crowd_login_mode")."/".$_POST['mode']."
"; -echo "crowd_group: ".get_option("crowd_group")."/".$_POST['group_name']."
"; -echo "crowd_account_type: ".get_option("crowd_account_type")."/".$_POST['create_type']."

"; -} -?> - - \ No newline at end of file diff --git a/Crowd-Login.php b/Crowd-Login.php index ada0c4a..3463064 100644 --- a/Crowd-Login.php +++ b/Crowd-Login.php @@ -8,14 +8,23 @@ Author URI: */ -require_once( WP_PLUGIN_DIR."/crowd-login/Crowd.php"); -require_once( ABSPATH . WPINC . '/registration.php'); +define ("PLUGIN_ROOT", plugin_dir_url(__FILE__)); + +require_once(__DIR__ . "/Crowd.php"); +require_once(ABSPATH . WPINC . '/registration.php'); //Admin function crowd_menu() { include 'Crowd-Login-Admin.php'; } +function load_crowd_login_admin_js($hook) { + if ("settings_page_crowd-login" === $hook) { + wp_enqueue_script("crowd-login-admin-js", PLUGIN_ROOT . "/crowd-login-admin.js", array("jquery", "underscore")); + } +} +add_action("admin_enqueue_scripts", "load_crowd_login_admin_js"); + function crowd_admin_actions() { add_options_page("Crowd Login", "Crowd Login", 10, "crowd-login", "crowd_menu"); } @@ -29,6 +38,7 @@ function crowd_activation_hook() { add_option('crowd_security_mode', 'security_low'); add_option('crowd_login_mode', 'mode_normal'); add_option('crowd_account_type', 'Contributor'); + add_option("crowd_wordpress_role_mappings", array()); } // Reset Crowd instance and principal token @@ -91,14 +101,36 @@ function crowd_authenticate($user, $username, $password) { } $auth_result = crowd_can_authenticate($username, $password); + if($auth_result == true && !is_a($auth_result, 'WP_Error')) { $user = get_userdatabylogin($username); if ( !$user || (strtolower($user->user_login) != strtolower($username)) ) { //No user, can we create? switch(get_option('crowd_login_mode')) { + + case "mode_map_group": + $mappings = get_option("crowd_wordpress_role_mappings"); + $crowd_groups = get_crowd_groups($username)->string; + $crowd_groups = is_array($crowd_groups) ? $crowd_groups : array($crowd_groups); + $role = NULL; + foreach ($mappings as $mapping_key => $mapping_value) { + if (in_array($mapping_value, $crowd_groups)) { + $role = $mapping_key; + break; + } + } + if ($role != NULL) { + $new_user_id = crowd_create_wp_user($username, $role); + return new WP_User($new_user_id); + } else { + do_action("wp_login_failed", $username); + return new WP_Error('group not mapped', __("Crowd Login Error: Crowd group is not mapped.")); + } + break; + case 'mode_create_all': - $new_user_id = crowd_create_wp_user($username); + $new_user_id = crowd_create_wp_user($username, get_option('crowd_account_type')); if(!is_a($new_user_id, 'WP_Error')) { //It worked return new WP_User($new_user_id); @@ -110,7 +142,7 @@ function crowd_authenticate($user, $username, $password) { case 'mode_create_group': if(crowd_is_in_group($username)) { - $new_user_id = crowd_create_wp_user($username); + $new_user_id = crowd_create_wp_user($username, get_option('crowd_account_type')); if(!is_a($new_user_id, 'WP_Error')) { //It worked return new WP_User($new_user_id); @@ -168,28 +200,29 @@ function crowd_can_authenticate($username, $password) { return $princ_token; } -function crowd_is_in_group($username) { - global $crowd; - $result = false; - - // If we can't get a Crowd instance, fail +function get_crowd_groups($username) { + global $crowd; if ($crowd == NULL) { - return $result; + return NULL; } + $groups = $crowd->findGroupMemberships($username); + return $groups; +} - $crowd_group = $get_option('crowd_group'); +function crowd_is_in_group($username) { + $result = false; + $crowd_group = get_option('crowd_group'); - $groups = $crowd->findGroupMemberships($username); + $groups = get_crowd_groups($username); if ($groups == NULL) { return $result; } - $result = in_array($crowd_group, $groups); - + $result = $crowd_group === $groups->string; return $result; } -function crowd_create_wp_user($username) { +function crowd_create_wp_user($username, $role) { global $crowd, $princ_token; $result = 0; @@ -213,7 +246,7 @@ function crowd_create_wp_user($username) { 'display_name' => $person['givenName'] .' '. $person['sn'], 'first_name' => $person['givenName'], 'last_name' => $person['sn'], - 'role' => strtolower(get_option('crowd_account_type')) + 'role' => strtolower($role) // get_option('crowd_account_type')) ); $result = wp_insert_user($userData); diff --git a/crowd-login-admin.js b/crowd-login-admin.js new file mode 100644 index 0000000..e6c9bea --- /dev/null +++ b/crowd-login-admin.js @@ -0,0 +1,50 @@ +function selectRole(checkedRole, selectName) { + function checked(role) { + return (role === checkedRole) ? 'selected="selected"' : "" ; + } + var selectNameHtml = (null == selectName) ? "crowd_account_type" : selectName; + var html = ' '; + return html; +} +function groupInput(group) { + return '
'; +} +function mapGroup() { + var positions = _.keys(crowdWordpressRoleMappings); + function oneLineHtml(position) { + var html = '
' + position + "
"; + return html; + } + var html = '
' + _.chain(positions).map(oneLineHtml).reduce(function(acc,b) { return acc + b}, "").value() + "
"; + return html; +} + +(function($){ + $(document).ready(function(){ + + $(".cl-mode").click(function(){ + $(".additional-input").remove(); + var id = $(this).attr("id"); + if (id === "cl-mode-create-all") { + var html = selectRole(crowdAccountType); + $("#cl-mode-create-all").parent().append(html); + } else if (id === "cl-mode-create-group") { + var html = selectRole(crowdAccountType); + var parent = $("#cl-mode-create-group").parent() + parent.append(html); + parent.append(groupInput(crowdGroup)); + } else if (id === "cl-mode-map-group") { + $("#cl-mode-map-group").parent().append(mapGroup()); + } + }); + + $(".cl-mode[checked='checked']").click(); + + }); +})(jQuery); diff --git a/readme.txt b/readme.txt index 850298e..8d328a7 100644 --- a/readme.txt +++ b/readme.txt @@ -19,6 +19,7 @@ Having a single login for every service is a must in large organizations. This p * * Normal Mode: Authenticates existing Wordpress usernames against Crowd. This requires you to create all Wordpress accounts manually using the same user names as those in your Crowd directory. * * Account Creation Mode 1: Creates Wordpress accounts automatically for any Crowd user. * * Account Creation Mode 2: Creates Wordpress accounts automatically for Crowd users in a specific Group you specify. +* * Account Creation Mode 3: Creates Wordpress accounts automatically for Crowd users in groups you specify, you have to map these groups onto Wordpress roles. If user is in Crowd group A, B and mapping from B Crowd group is to role which has more capabilities like **Administrator**, than role which is mapped from Crowd group A, like **Editor**, then the user will have the role with more capabilities (**Administrator**). * Intuitive control panel. = Architecture =