lib.php 26.8 KB
Newer Older
Donal McMullan's avatar
Donal McMullan committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?php
/**
 * This program is part of Mahara
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 *
 * @package    mahara
 * @subpackage auth-internal
 * @author     Nigel McNie <nigel@catalyst.net.nz>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
 * @copyright  (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
 *
 */

defined('INTERNAL') || die();
28
require_once(get_config('docroot') . 'auth/lib.php');
29
require_once(get_config('libroot') . 'peer.php');
30
require_once(get_config('libroot') . 'applicationset.php');
31
require_once(get_config('docroot') . 'api/xmlrpc/lib.php');
Donal McMullan's avatar
Donal McMullan committed
32
33
34
35
36
37
38

/**
 * The XMLRPC authentication method, which authenticates users against the
 * ID Provider's XMLRPC service. This is special - it doesn't extend Auth, it's
 * not static, and it doesn't implement the expected methods. It doesn't replace
 * the user's existing Auth type, whatever that might be; it supplements it.
 */
39
class AuthXmlrpc extends Auth {
Donal McMullan's avatar
Donal McMullan committed
40

41
42
    public $file = null;

43
44
45
46
47
48
49
    /**
     * Get the party started with an optional id
     * TODO: appraise
     * @param int $id   The auth instance id
     */
    public function __construct($id = null) {

50
        $this->has_instance_config = true;
51
52
        $this->type                            = 'xmlrpc';

53
54
        $this->config['wwwroot']               = '';
        $this->config['wwwroot_orig']          = '';
55
56
        $this->config['shortname']             = '';
        $this->config['name']                  = '';
57
        $this->config['portno']                = 80;
58
59
60
        $this->config['xmlrpcserverurl']       = '';
        $this->config['changepasswordurl']     = '';
        $this->config['updateuserinfoonlogin'] = 1;
61
62
        $this->config['weautocreateusers']     = 0;
        $this->config['theyautocreateusers']   = 0;
63
64
65
66
        $this->config['wessoout']              = 1;
        $this->config['theyssoin']             = 0;
        $this->config['parent']                = null;
        $this->file = fopen('/tmp/out.txt', 'w');
67
        if (!empty($id)) {
68
69
70
71
72
73
74
75
76
77
78
79
            return $this->init($id);
        }
        return true;
    }

    /**
     * Get config variables
     */
    public function init($id = null) {
        $this->ready = parent::init($id);
        return $this->ready;
    }
Donal McMullan's avatar
Donal McMullan committed
80

81
82
83
84
85
86
    public function __get($name) {
        if (array_key_exists($name, $this->config)) {
            return $this->config[$name];
        }
    }

87
88
89
90
91
92
93
94
95
96
97
98
    /**
     * The keepalive_client function is tricky to implement in Mahara. Moodle 
     * accomplishes this simply, because that application already updates the user 
     * table once for every page view.
     * I think that we *really* don't want to do that with Mahara. There are heaps of
     * ways that we could implement this that are not very portable, but for now, it's
     * best if we leave this on the todo pile. If it becomes crucially important for a 
     * stakeholder, we can provide some implementation of it.
     */
    public static function keepalive_client() {}
    public static function keepalive_server() {}

Donal McMullan's avatar
Donal McMullan committed
99
100
101
    /**
     * Grab a delegate object for auth stuff
     */
102
    public function request_user_authorise($token, $remotewwwroot) {
103
        global $USER;
104
        $this->must_be_ready();
Donal McMullan's avatar
Donal McMullan committed
105
106
        $peer = get_peer($remotewwwroot);

107
        if ($peer->deleted != 0 || $this->config['theyssoin'] != 1) {
Donal McMullan's avatar
Donal McMullan committed
108
109
110
111
112
113
114
115
116
117
118
            throw new MaharaException('We don\'t accept SSO connections from '.$peer->name );
        }

        $client = new Client();
        $client->set_method('auth/mnet/auth.php/user_authorise')
               ->add_param($token)
               ->add_param(sha1($_SERVER['HTTP_USER_AGENT']))
               ->send($remotewwwroot);

        $remoteuser = (object)$client->response;

119
        if (empty($remoteuser) or !property_exists($remoteuser, 'username')) {
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
            $errorobject = $remoteuser;

            $errreport = 'Authorisation failure. ';
            $faultcode = 1;

            if (property_exists($errorobject, 'faultCode')) {
                $errreport .= "\nCode: ".$errorobject->faultCode;
                $faultcode  = $errorobject->faultCode;
            }

            if (property_exists($errorobject, 'faultString')) {
                $errreport .= "\nMessage: ".$errorobject->faultString;
            }

            throw new AccessDeniedException($errreport, $faultcode);
Donal McMullan's avatar
Donal McMullan committed
135
136
137
138
139
140
        }

        $virgin = false;

        set_cookie('institution', $peer->institution, 0, get_mahara_install_subdirectory());
        $oldlastlogin = null;
141
142
        $create = false;
        $update = false;
Donal McMullan's avatar
Donal McMullan committed
143

144
        // Retrieve a $user object. If that fails, create a blank one.
145
        try {
146
147
148
149
150
            $user = new User;
            $user->find_by_instanceid_username($this->instanceid, $remoteuser->username);
            if ('1' == $this->config['updateuserinfoonlogin']) {
                $update = true;
            }
151
        } catch (Exception $e) {
152
            if (!empty($this->config['weautocreateusers'])) {
153
                $user = new User;
154
155
156
157
158
                $create = true;
            } else {
                return false;
            }
        }
159

160
161
162
        /*******************************************/

        if ($create) {
Donal McMullan's avatar
Donal McMullan committed
163

164
165
166
167
168
169
170
171
            $user->username           = $remoteuser->username;
            $user->institution        = $peer->institution;            
            $user->passwordchange     = 1;
            $user->active             = 1;
            $user->deleted            = 0;

            //TODO: import institution's expiry?:
            //$institution = new Institution($peer->institution);
172
            $user->expiry             = null;
173
174
175
176
177
178
179
180
181
182
            $user->expirymailsent     = 0;
            $user->lastlogin          = time();
    
            $user->firstname          = $remoteuser->firstname;
            $user->lastname           = $remoteuser->lastname;
            $user->preferredname      = $remoteuser->firstname;
            $user->email              = $remoteuser->email;

            //TODO: import institution's per-user-quota?:
            //$user->quota              = $userrecord->quota;
Donal McMullan's avatar
Donal McMullan committed
183
            $user->authinstance       = empty($this->config['parent']) ? $this->instanceid : $this->parent;
184
185
            $user->commit();

Donal McMullan's avatar
Donal McMullan committed
186

187
188
189
190
191
192
193
194
            set_profile_field($user->id, 'firstname', $user->firstname);
            set_profile_field($user->id, 'lastname', $user->lastname);
            set_profile_field($user->id, 'email', $user->email);

        } elseif ($update) {

            if ($user->firstname != $remoteuser->firstname) {
                $user->firstname = $remoteuser->firstname;
195
                set_profile_field($user->id, 'firstname', $user->firstname);
196
197
198
199
            }

            if ($user->lastname != $remoteuser->lastname) {
                $user->lastname = $remoteuser->lastname;
200
                set_profile_field($user->id, 'lastname', $user->lastname);
201
202
203
204
            }

            if ($user->email != $remoteuser->email) {
                $user->email = $remoteuser->email;
205
                set_profile_field($user->id, 'email', $user->email);
206
207
208
209
            }

            $user->preferredname      = $remoteuser->firstname;
            $user->lastlogin          = time();
210

211
212
213
214
            //TODO: import institution's per-user-quota?:
            //$user->quota              = $userrecord->quota;
            $user->commit();
        }
215
216


217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
        // See if we need to create/update a profile Icon image
        if ($create || $update) {

            $client->set_method('auth/mnet/auth.php/fetch_user_image')
                   ->add_param($user->username)
                   ->send($remotewwwroot);

            $imageobject = (object)$client->response;

            $u = preg_replace('/[^A-Za-z0-9 ]/', '', $user->username);
            $filename = '/tmp/'.intval($this->instanceid).'_'.$u;

            if (array_key_exists('f1', $client->response)) {
                $imagecontents = base64_decode($client->response['f1']);
                file_put_contents($filename, $imagecontents);
                $imageexists = false;
                $icons       = false;

                if ($update) {
Donal McMullan's avatar
Donal McMullan committed
236
                    $newchecksum = sha1_file($filename);
237
                    $icons = get_records_select_array('artefact', 'artefacttype = \'profileicon\' AND owner = ? ', array($user->id), '', 'id');
238
239
240
                    if (false != $icons) {
                        foreach ($icons as $icon) {
                            $iconfile = get_config('dataroot') . 'artefact/internal/profileicons/' . ($icon->id % 256) . '/'.$icon->id;
Donal McMullan's avatar
Donal McMullan committed
241
                            $checksum = sha1_file($iconfile);
242
243
244
245
246
247
248
                            if ($newchecksum == $checksum) {
                                $imageexists = true;
                                unlink($filename);
                                break;
                            }
                        }
                    }
249
250
                }

251
252
253
254
                if (false == $imageexists) {
                    $filesize = filesize($filename);
                    if (!$user->quota_allowed($filesize)) {
                        $error = get_string('profileiconuploadexceedsquota', 'artefact.internal', get_config('wwwroot'));
255
                    }
256
257
258
259
260

                    require_once('file.php');
                    $mime = get_mime_type($filename);
                    if (!is_image_mime_type($mime)) {
                        $error = get_string('filenotimage');
261
262
                    }

263
264
265
266
                    list($width, $height) = getimagesize($filename);
                    if ($width > 300 || $height > 300) {
                        $error = get_string('profileiconimagetoobig', 'artefact.internal', $width, $height);
                    }
267

268
269
270
271
272
273
274
                    try {
                        $user->quota_add($filesize);
                    }
                    catch (QuotaException $qe) {
                        $error =  get_string('profileiconuploadexceedsquota', 'artefact.internal', get_config('wwwroot'));
                    }

275
276
                    require_once(get_config('docroot') .'/artefact/lib.php');
                    require_once(get_config('docroot') .'/artefact/internal/lib.php');
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296

                    // Entry in artefact table
                    $artefact = new ArtefactTypeProfileIcon();
                    $artefact->set('owner', $user->id);
                    $artefact->set('title', 'Profile Icon');
                    $artefact->set('note', 'Profile Icon');
                    $artefact->commit();

                    $id = $artefact->get('id');

                    // Move the file into the correct place.
                    $directory = get_config('dataroot') . 'artefact/internal/profileicons/' . ($id % 256) . '/';
                    check_dir_exists($directory);
                    rename($filename, $directory . $id);
                    if ($create || empty($icons)) {
                        $user->profileicon = $id;
                    }
                }

                $user->commit();
Donal McMullan's avatar
Donal McMullan committed
297
            }
298
        }
Donal McMullan's avatar
Donal McMullan committed
299

300
301
        /*******************************************/

302
        // We know who our user is now. Bring her back to life.
303
        $USER->reanimate($user->id, $this->instanceid);
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
        return true;
    }

    /**
     * Given a username, returns whether the user exists in the usr table
     *
     * @param string $username The username to attempt to identify
     * @return bool            Whether the username exists
     */
    public function user_exists($username) {
        $this->must_be_ready();
        $userrecord = false;

        // The user is likely to be associated with the parent instance
        if (is_numeric($this->config['parent']) && $this->config['parent'] > 0) {
            $_instanceid = $this->config['parent'];
            $userrecord = get_record('usr', 'LOWER(username)', strtolower($username), 'authinstance', $_instanceid);
Donal McMullan's avatar
Donal McMullan committed
321
        }
322
323
324
325
326
327
328
329
330
331

        if (empty($userrecord)) {
            $_instanceid = $this->instanceid;
            $userrecord = get_record('usr', 'LOWER(username)', strtolower($username), 'authinstance', $_instanceid);
        }

        if ($userrecord != false) {
            return $userrecord;
        }
        throw new AuthUnknownUserException("\"$username\" is not known to Auth");
Donal McMullan's avatar
Donal McMullan committed
332
333
334
335
336
337
338
339
340
341
342
    }

    /**
     * Given a user that we know about, return an array of information about them
     *
     * Used when a user who was otherwise unknown authenticates successfully,
     * or if getting userinfo on each login is enabled for this auth method.
     *
     * Does not need to be implemented for the internal authentication method,
     * because all users are already known about.
     */
343
344
345
346
347
348
349
350
    public function get_user_info($username) {
        $this->must_be_ready();
        
        $userdata = parent::get_user_info_cached($username);
        /**
         * Here, we will sift through the data returned by the XMLRPC server
         * and update any userdata properties that have changed
         */
Donal McMullan's avatar
Donal McMullan committed
351
352
353
354
355
356
357
    }

}

/**
 * Plugin configuration class
 */
358
class PluginAuthXmlrpc extends PluginAuth {
Donal McMullan's avatar
Donal McMullan committed
359

360
361
362
363
364
365
366
367
    private static $default_config = array(
        'instancename'          => '',
        'wwwroot'               => '',
        'wwwroot_orig'          => '',
        'name'                  => '',
        'appname'               => '',
        'portno'                => 80,
        'updateuserinfoonlogin' => 0, 
368
369
        'weautocreateusers'     => 0,
        'theyautocreateusers'   => 0,
370
371
372
373
        'wessoout'              => 0,
        'theyssoin'             => 0,
        'parent'                => null
    );
374

Donal McMullan's avatar
Donal McMullan committed
375
    public static function has_config() {
376
377
378
379
380
381
382
383
        return false;
    }

    public static function get_config_options() {
        return array();
    }

    public static function has_instance_config() {
384
        return true;
Donal McMullan's avatar
Donal McMullan committed
385
386
    }

387
    public static function get_instance_config_options($institution, $instance = 0) {
388

389
390
        $peer = new Peer();

Donal McMullan's avatar
Donal McMullan committed
391
        // TODO : switch to getrecord
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
        // Get a list of applications and make a dropdown from it
        $applicationset = new ApplicationSet();
        $apparray = array();
        foreach ($applicationset as $app) {
            $apparray[$app->name] = $app->displayname;
        }

        /**
         * A parent authority for XML-RPC is the data-source that a remote XML-RPC service
         * communicates with to authenticate a user, for example, the XML-RPC server that 
         * we connect to might be authorising users against an LDAP store. If this is the 
         * case, and we know of the LDAP store, and our users are able to log on to our 
         * system and be authenticated directly against the LDAP store, then we honor that 
         * association.
         * 
         * In this way, the unique relationship is between the username and the authority,
         * not the username and the institution. This allows an institution to have a user
         * 'donal' on server 'LDAP-1' and a different user 'donal' on server 'LDAP-2'.
         * 
         * Get a list of auth instances for this institution, and eliminate those that 
         * would not be valid parents (as they themselves require a parent). These are 
         * eliminated only to provide a saner interface to the admin user. In theory, it's
         * ok to chain authorities.
         */ 
        $instances = auth_get_auth_instances_for_institution($institution);
        $options = array('None');
        if (is_array($instances)) {
            foreach($instances as $someinstance) {
                if ($someinstance->requires_parent == 1) {
                    continue;
                }
                $options[$someinstance->id] = $someinstance->instancename;
            }
        }

        // Get the current data (if any exists) for this auth instance
428
        if ($instance > 0) {
429
            $default = get_record('auth_instance', 'id', $instance);
430
            if ($default == false) {
431
432
433
434
                throw new Exception(get_string('nodataforinstance', 'auth').$instance);
            }
            $current_config = get_records_menu('auth_instance_config', 'instance', $instance, '', 'field, value');

435
            if ($current_config == false) {
436
                throw new Exception('No config data for instance: '.$instance);
437
438
439
            }

            foreach (self::$default_config as $key => $value) {
440
                if (array_key_exists($key, $current_config)) {
441
                    self::$default_config[$key] = $current_config[$key];
442
443
444
445
446
447
448
449

                    // We can use the wwwroot to create a Peer object
                    if ('wwwroot' == $key) {
                        $peer->findByWwwroot($current_config[$key]);
                        self::$default_config['wwwroot_orig'] = $current_config[$key];
                    }
                } elseif (property_exists($default, $key)) {
                    self::$default_config[$key] = $default->{$key};
450
451
452
                }
            }
        } else {
453
454
455
456
457
458
459
460
            $max_priority = get_field('auth_instance', 'MAX(priority)', 'institution', $institution);
            self::$default_config['priority'] = ++$max_priority;
        }

        if (empty($peer->application->name)) {
            self::$default_config['appname'] = key(current($applicationset));
        } else {
            self::$default_config['appname'] = $peer->application->name;
461
462
463
464
465
466
467
468
        }

        $elements['instancename'] = array(
            'type' => 'text',
            'title' => get_string('authname','auth'),
            'rules' => array(
                'required' => true
            ),
469
            'defaultvalue' => self::$default_config['instancename'],
470
471
472
473
474
475
476
477
478
479
480
481
482
            'help'   => true
        );

        $elements['instance'] = array(
            'type' => 'hidden',
            'value' => $instance
        );

        $elements['institution'] = array(
            'type' => 'hidden',
            'value' => $institution
        );

483
484
485
486
487
        $elements['deleted'] = array(
            'type' => 'hidden',
            'value' => $peer->deleted
        );

488
489
490
491
492
        $elements['authname'] = array(
            'type' => 'hidden',
            'value' => 'xmlrpc'
        );

493
494
495
496
497
498
499
500
501
502
        $elements['parent'] = array(
            'type'                => 'select',
            'title'               => get_string('parent','auth'),
            'collapseifoneoption' => false,
            'options'             => $options,
            'defaultvalue'        => self::$default_config['parent'],
            'help'   => true
        );

        $elements['wwwroot'] = array(
503
            'type' => 'text',
504
            'title' => get_string('wwwroot', 'auth'),
505
506
507
            'rules' => array(
                'required' => true
            ),
508
            'defaultvalue' => self::$default_config['wwwroot'],
509
510
511
            'help'   => true
        );

512
513
514
515
516
517
518
519
520
521
        $elements['wwwroot_orig'] = array(
            'type' => 'hidden',
            'value' => self::$default_config['wwwroot_orig']
        );

        $elements['oldwwwroot'] = array(
            'type' => 'hidden',
            'value' => 'xmlrpc'
        );

522
523
524
525
526
527
        $elements['name'] = array(
            'type' => 'text',
            'title' => get_string('name', 'auth'),
            'rules' => array(
                'required' => true
            ),
528
            'defaultvalue' => $peer->name,
529
530
531
            'help'   => true
        );

532
533
534
535
536
537
538
539
540
        /**
         * empty($peer->appname) would ALWAYS return true, because the property doesn't really
         * exist. When we try to get $peer->appname, we're actually calling the peer class's
         * __get overloader. Unfortunately, the 'empty' function seems to just check for the
         * existence of the property - it doesn't call the overloader. Bug or feature?
         */
	     
        $tmpappname = $peer->appname;

541
542
543
544
545
546
        $elements['appname'] = array(
            'type'                => 'select',
            'title'               => get_string('application','auth'),
            'collapseifoneoption' => true,
            'multiple'            => false,
            'options'             => $apparray,
547
            'defaultvalue'        => empty($tmpappname)? key($apparray) : $tmpappname,
548
549
550
551
            'help'                => true
        );

        $elements['portno'] = array(
552
            'type' => 'text',
553
            'title' => get_string('port', 'auth'),
554
            'rules' => array(
555
556
                'required' => true,
                'integer'  => true
557
            ),
558
            'defaultvalue' => $peer->portno,
559
560
561
            'help'   => true
        );

562
563
564
565
566
567
568
569
570
571
572
        $elements['wessoout'] = array(
            'type'         => 'checkbox',
            'title'        => get_string('wessoout', 'auth'),
            'defaultvalue' => self::$default_config['wessoout'],
            'help'   => true
        );

        $elements['theyssoin'] = array(
            'type'         => 'checkbox',
            'title'        => get_string('theyssoin', 'auth'),
            'defaultvalue' => self::$default_config['theyssoin'],
573
574
575
576
577
578
579
580
581
582
            'help'   => true
        );

        $elements['updateuserinfoonlogin'] = array(
            'type'         => 'checkbox',
            'title'        => get_string('updateuserinfoonlogin', 'auth'),
            'defaultvalue' => self::$default_config['updateuserinfoonlogin'],
            'help'   => true
        );

583
        $elements['weautocreateusers'] = array(
584
            'type'         => 'checkbox',
585
586
            'title'        => get_string('weautocreateusers', 'auth'),
            'defaultvalue' => self::$default_config['weautocreateusers'],
587
588
589
            'help'   => true
        );

590
591
592
593
594
595
596
        $elements['theyautocreateusers'] = array(
            'type'         => 'checkbox',
            'title'        => get_string('theyautocreateusers', 'auth'),
            'defaultvalue' => self::$default_config['theyautocreateusers'],
            'help'   => true
        );
        
597
598
599
600
        return array(
            'elements' => $elements,
            'renderer' => 'table'
        );
Donal McMullan's avatar
Donal McMullan committed
601
    }
602

603
604
605
606
607
    public static function validate_config_options($values, $form) {

        $authinstance = new stdClass();
        $peer = new Peer();

608
609
610
611
612
613
614
615
        if (false == $peer->findByWwwroot($values['wwwroot'])) {
            try {
                $peer->bootstrap($values['wwwroot'], null, $values['appname'], $values['institution']);
            } catch (RemoteServerException $e) {
                $form->set_error('wwwroot',get_string('cantretrievekey', 'auth'));
            }
        }

Donal McMullan's avatar
WIP    
Donal McMullan committed
616
        //TODO: test values and set appropriate errors on form
617
618
619
    }

    public static function save_config_options($values, $form) {
620

621
        db_begin();
622
        $authinstance = new stdClass();
623
        $peer = new Peer();
624
625
626
627
628

        if ($values['instance'] > 0) {
            $values['create'] = false;
            $current = get_records_assoc('auth_instance_config', 'instance', $values['instance'], '', 'field, value');
            $authinstance->id = $values['instance'];
629

630
631
632
633
634
635
636
637
638
639
640
641
642
643
        } else {
            $values['create'] = true;

            // Get the auth instance with the highest priority number (which is
            // the instance with the lowest priority).
            // TODO: rethink 'priority' as a fieldname... it's backwards!!
            $lastinstance = get_records_array('auth_instance', 'institution', $values['institution'], 'priority DESC', '*', '0', '1');

            if ($lastinstance == false) {
                $authinstance->priority = 0;
            } else {
                $authinstance->priority = $lastinstance[0]->priority + 1;
            }
        }
644
645
646
 
        if (false == $peer->findByWwwroot($values['wwwroot'])) {
            try {
Donal McMullan's avatar
WIP    
Donal McMullan committed
647
                $peer->bootstrap($values['wwwroot'], null, $values['appname'], $values['institution']);
648
649
650
651
652
653
            } catch (RemoteServerException $e) {
                $form->set_error('wwwroot',get_string('cantretrievekey', 'auth'));
                throw new RemoteServerException($e->getMessage(), $e->getCode());
            }
        }

654
        $peer->wwwroot              = preg_replace("|\/+$|", "", $values['wwwroot']);
655
656
657
658
659
660
661
662
663
664
665
666
667
668
        $peer->name                 = $values['name'];
        $peer->deleted              = $values['deleted'];
        $peer->portno               = $values['portno'];
        $peer->appname              = $values['appname'];
        $peer->institution          = $values['institution'];

        /**
         * The following properties are not user-updatable
        $peer->publickey            = $values['publickey'];
        $peer->publickeyexpires     = $values['publickeyexpires'];
        $peer->lastconnecttime      = $values['lastconnecttime'];
         */

        $peer->commit();
Donal McMullan's avatar
WIP    
Donal McMullan committed
669
        
670
671
672
673
674
675
676
677
678
679
680
681
682
683
        $authinstance->instancename = $values['instancename'];
        $authinstance->institution  = $values['institution'];
        $authinstance->authname     = $values['authname'];

        if ($values['create']) {
            $values['instance'] = insert_record('auth_instance', $authinstance, 'id', true);
        } else {
            update_record('auth_instance', $authinstance, array('id' => $values['instance']));
        }

        if (empty($current)) {
            $current = array();
        }

684
        self::$default_config = array(  'wwwroot'               => $values['wwwroot'],
685
                                        'updateuserinfoonlogin' => $values['updateuserinfoonlogin'],
686
687
                                        'weautocreateusers'     => $values['weautocreateusers'],
                                        'theyautocreateusers'   => $values['theyautocreateusers'],
688
689
690
691
                                        'parent'                => $values['parent'],
                                        'wessoout'              => $values['wessoout'],
                                        'theyssoin'             => $values['theyssoin']
                                        );
692
693
694
695
696
697
698

        foreach(self::$default_config as $field => $value) {
            $record = new stdClass();
            $record->instance = $values['instance'];
            $record->field    = $field;
            $record->value    = $value;

699
700
701
702
            if ($field == 'wwwroot') {
                $record->value    = dropslash($value);
            }

703
704
705
706
707
708
709
710
711
            if (empty($value)) {
                delete_records('auth_instance_config', 'field', $field, 'instance', $values['instance']);
            } elseif ($values['create'] || !array_key_exists($field, $current)) {
                insert_record('auth_instance_config', $record);
            } else {
                update_record('auth_instance_config', $record, array('instance' => $values['instance'], 'field' => $field));
            }
        }

712
        db_commit();
713
714
715
        return $values;
    }

Donal McMullan's avatar
Donal McMullan committed
716
717
}

718
?>