Changeset 160056

Timestamp:

10/02/2009 10:40:47 PM (16 years ago)

Author:

wnorris

Message:

allow individual user fields to be marked as 'managed'

Location:

shibboleth/trunk

Files:

• options-admin.php (modified) (1 diff)
• options-user.php (modified) (7 diffs)
• shibboleth.php (modified) (7 diffs)

shibboleth/trunk/options-admin.php

@@ -148 +148 @@
             </p>
 
-            <table class="form-table optiontable editform" cellspacing="2" cellpadding="5" width="100%">
+            <table class="form-table optiontable editform" cellspacing="2" cellpadding="5">
                 <tr valign="top">
                     <th scope="row"><label for="username"><?php _e('Username') ?></label</th>
-                    <td><input type="text" id="username" name="headers[username]" value="<?php echo $shib_headers['username'] ?>" /></td>
+                    <td><input type="text" id="username" name="headers[username][name]" value="<?php echo 
+                        $shib_headers['username']['name'] ?>" /></td>
+                    <td width="60%"></td>
                 </tr>
                 <tr valign="top">
                     <th scope="row"><label for="first_name"><?php _e('First name') ?></label</th>
-                    <td><input type="text" id="first_name" name="headers[first_name]" value="<?php echo $shib_headers['first_name'] ?>" /></td>
+                    <td><input type="text" id="first_name" name="headers[first_name][name]" value="<?php echo 
+                        $shib_headers['first_name']['name'] ?>" /></td>
+                    <td><input type="checkbox" id="first_name_managed" name="headers[first_name][managed]" <?php 
+                        checked($shib_headers['first_name']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
                 </tr>
                 <tr valign="top">
                     <th scope="row"><label for="last_name"><?php _e('Last name') ?></label</th>
-                    <td><input type="text" id="last_name" name="headers[last_name]" value="<?php echo $shib_headers['last_name'] ?>" /></td>
+                    <td><input type="text" id="last_name" name="headers[last_name][name]" value="<?php echo 
+                        $shib_headers['last_name']['name'] ?>" /></td>
+                    <td><input type="checkbox" id="last_name_managed" name="headers[last_name][managed]" <?php 
+                        checked($shib_headers['last_name']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
                 </tr>
                 <tr valign="top">
                     <th scope="row"><label for="nickname"><?php _e('Nickname') ?></label</th>
-                    <td><input type="text" id="nickname" name="headers[nickname]" value="<?php echo $shib_headers['nickname'] ?>" /></td>
-                </tr>
-                <tr valign="top">
-                    <th scope="row"><label for="display_name"><?php _e('Display name') ?></label</th>
-                    <td><input type="text" id="display_name" name="headers[display_name]" value="<?php echo $shib_headers['display_name'] ?>" /></td>
-                </tr>
-                <tr valign="top">
-                    <th scope="row"><label for="email"><?php _e('Email Address') ?></label</th>
-                    <td><input type="text" id="email" name="headers[email]" value="<?php echo $shib_headers['email'] ?>" /></td>
-                </tr>
-                <tr valign="top">
-                    <th scope="row"><label for="update_users"><?php _e('Update User Data', 'shibboleth') ?></label</th>
-                    <td>
-                        <input type="checkbox" id="update_users" name="update_users" <?php echo shibboleth_get_option('shibboleth_update_users') ? ' checked="checked"' : '' ?> />
-                        <label for="update_users"><?php _e('Use Shibboleth data to update user profile data each time the user logs in.', 'shibboleth'); ?></label>
-
-                        <p><?php _e('This will prevent users from being able to manually update these'
-                            . ' fields.  Note that Shibboleth data is always used to populate the user'
-                            . ' profile during account creation.', 'shibboleth'); ?></p>
-
-                    </td>
+                    <td><input type="text" id="nickname" name="headers[nickname][name]" value="<?php echo 
+                        $shib_headers['nickname']['name'] ?>" /></td>
+                    <td><input type="checkbox" id="nickname_managed" name="headers[nickname][managed]" <?php 
+                        checked($shib_headers['nickname']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
+                </tr>
+                <tr valign="top">
+                    <th scope="row"><label for="_display_name"><?php _e('Display name', 'shibboleth') ?></label</th>
+                    <td><input type="text" id="_display_name" name="headers[display_name][name]" value="<?php echo 
+                        $shib_headers['display_name']['name'] ?>" /></td>
+                    <td><input type="checkbox" id="display_name_managed" name="headers[display_name][managed]" <?php 
+                        checked($shib_headers['display_name']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
+                </tr>
+                <tr valign="top">
+                    <th scope="row"><label for="email"><?php _e('Email Address', 'shibboleth') ?></label</th>
+                    <td><input type="text" id="email" name="headers[email][name]" value="<?php echo 
+                        $shib_headers['email']['name'] ?>" /></td>
+                    <td><input type="checkbox" id="email_managed" name="headers[email][managed]" <?php 
+                        checked($shib_headers['email']['managed']) ?> /> <?php _e('Managed', 'shibboleth') ?></td>
                 </tr>
             </table>
+
+            <p><?php _e('<em>Managed</em> profile fields are updated each time the user logs in using the current'
+                . ' data provided by Shibboleth.  Additionally, users will be prevented from manually updating these'
+                . ' fields from within WordPress.  Note that Shibboleth data is always used to populate the user'
+                . ' profile during initial account creation.', 'shibboleth'); ?></p>
 
             <br class="clear" />

shibboleth/trunk/options-user.php

@@ -5 +5 @@
 add_action('personal_options_update', 'shibboleth_personal_options_update');
 add_action('show_user_profile', 'shibboleth_show_user_profile');
-add_action('edit_user_profile', 'shibboleth_edit_user_profile');
+add_action('admin_footer-user-edit.php', 'shibboleth_admin_footer_edit_user');
 
 
@@ -17 +17 @@
         add_filter('show_password_fields', create_function('$v', 'return false;'));
 
-        if (shibboleth_get_option('shibboleth_update_users')) {
-            echo '
-            <script type="text/javascript">
-                jQuery(function() {
-                    jQuery("#first_name,#last_name,#nickname,#display_name,#email").attr("disabled", true);
-                    jQuery("h3:contains(\'Name\')").after("<div class=\"updated fade\"><p>' 
-                        . __('These fields cannot be changed from WordPress.', 'shibboleth') . '<p></div>");
-                    jQuery("form#your-profile").submit(function() {
-                        jQuery("#first_name,#last_name,#nickname,#display_name,#email").attr("disabled", false);
-                    });
+        add_action('admin_footer-profile.php', 'shibboleth_admin_footer_profile');
+    }
+}
+
+function shibboleth_admin_footer_profile() {
+    $managed_fields = shibboleth_get_managed_user_fields();
+
+    if ( !empty($managed_fields) ) {
+        $selectors = join(',', array_map(create_function('$a', 'return "#$a";'), $managed_fields));
+
+        echo '
+        <script type="text/javascript">
+            jQuery(function() {
+                jQuery("' . $selectors . '").attr("disabled", true);
+                jQuery("#first_name").parents(".form-table").before("<div class=\"updated fade\"><p>' 
+                    . __('Some profile fields cannot be changed from WordPress.', 'shibboleth') . '</p></div>");
+                jQuery("form#your-profile").submit(function() {
+                    jQuery("' . $selectors . '").attr("disabled", false);
                 });
-            </script>';
-        }
+            });
+        </script>';
     }
 }
@@ -38 +46 @@
  * Shibboleth managed attributes.
  */
-function shibboleth_edit_user_profile() {
+function shibboleth_admin_footer_edit_user() {
     global $user_id;
 
@@ -44 +52 @@
         $shibboleth_fields = array();
 
-        if (shibboleth_get_option('shibboleth_update_users')) {
-            $shibboleth_fields = array_merge($shibboleth_fields, 
-                array('user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email'));
-        }
+        $shibboleth_fields = array_merge($shibboleth_fields, shibboleth_get_managed_user_fields());
 
         if (shibboleth_get_option('shibboleth_update_roles')) {
@@ -64 +69 @@
                 jQuery(function() {
                     jQuery("' . implode(',', $selectors) . '").before("<span style=\"color: #F00; font-weight: bold;\">*</span> ");
-                    jQuery("h3:contains(\'Name\')")
-                        .after("<div class=\"updated fade\"><p><span style=\"color: #F00; font-weight: bold;\">*</span> ' 
-                            . __('Starred fields are managed by Shibboleth and should not be changed from WordPress.', 'shibboleth') . '</p></div>");
+                    jQuery("#first_name").parents(".form-table")
+                        .before("<div class=\"updated fade\"><p><span style=\"color: #F00; font-weight: bold;\">*</span> ' 
+                        . __('Starred fields are managed by Shibboleth and should not be changed from WordPress.', 'shibboleth') . '</p></div>");
                 });
             </script>';
@@ -79 +84 @@
 function shibboleth_show_user_profile() {
     $user = wp_get_current_user();
-    if (get_usermeta($user->ID, 'shibboleth_account')) {
-        if (shibboleth_get_option('shibboleth_password_change_url')) {
+    $password_change_url = shibboleth_get_option('shibboleth_password_change_url');
+    if (get_usermeta($user->ID, 'shibboleth_account') && !empty($password_change_url) ) {
 ?>
     <table class="form-table">
         <tr>
-            <th>Change Password</th>
-            <td><a href="<?php echo shibboleth_get_option('shibboleth_password_change_url'); 
-                ?>" target="_blank"><?php _e('Change your password', 'shibboleth'); ?></a></td>
+            <th><?php _e('Change Password') ?></th>
+            <td><a href="<?php echo esc_url($password_change_url); ?>" target="_blank"><?php 
+                _e('Change your password', 'shibboleth'); ?></a></td>
         </tr>
     </table>
 <?php
-        }
     }
 }
@@ -96 +100 @@
 
 /**
- * Ensure profile data isn't updated by the user.  This only applies to 
- * accounts that were provisioned through Shibboleth, and only if the option
- * to manage user attributes exclusively from Shibboleth is enabled.
+ * Ensure profile data isn't updated by the user.  This only applies to accounts that were 
+ * provisioned through Shibboleth, and only for those user fields marked as 'managed'.
  */
 function shibboleth_personal_options_update() {
     $user = wp_get_current_user();
 
-    if (get_usermeta($user->ID, 'shibboleth_account') && shibboleth_get_option('shibboleth_update_users')) {
-        add_filter('pre_user_first_name', 
-            create_function('$n', 'return $GLOBALS["current_user"]->first_name;'));
+    if ( get_usermeta($user->ID, 'shibboleth_account') ) {
+        $managed = shibboleth_get_managed_user_fields();
 
-        add_filter('pre_user_last_name', 
-            create_function('$n', 'return $GLOBALS["current_user"]->last_name;'));
+        if ( in_array('first_name', $managed) ) {
+            add_filter('pre_user_first_name', create_function('$n', 'return $GLOBALS["current_user"]->first_name;'));
+        }
 
-        add_filter('pre_user_nickname', 
-            create_function('$n', 'return $GLOBALS["current_user"]->nickname;'));
+        if ( in_array('last_name', $managed) ) {
+            add_filter('pre_user_last_name', create_function('$n', 'return $GLOBALS["current_user"]->last_name;'));
+        }
 
-        add_filter('pre_user_display_name', 
-            create_function('$n', 'return $GLOBALS["current_user"]->display_name;'));
+        if ( in_array('nickname', $managed) ) {
+            add_filter('pre_user_nickname', create_function('$n', 'return $GLOBALS["current_user"]->nickname;'));
+        }
 
-        add_filter('pre_user_email', 
-            create_function('$e', 'return $GLOBALS["current_user"]->user_email;'));
+        if ( in_array('display_name', $managed) ) {
+            add_filter('pre_user_display_name', create_function('$n', 'return $GLOBALS["current_user"]->display_name;'));
+        }
+
+        if ( in_array('email', $managed) ) {
+            add_filter('pre_user_email', create_function('$e', 'return $GLOBALS["current_user"]->user_email;'));
+        }
     }
 }

shibboleth/trunk/shibboleth.php

@@ -34 +34 @@
 
     $headers = array(
-        'username' => 'eppn',
-        'first_name' => 'givenName',
-        'last_name' => 'sn',
-        'nickname' => 'eppn',
-        'display_name' => 'displayName',
-        'email' => 'mail',
+        'username' => array( 'name' => 'eppn', 'managed' => false),
+        'first_name' => array( 'name' => 'givenName', 'managed' => true),
+        'last_name' => array( 'name' => 'sn', 'managed' => true),
+        'nickname' => array( 'name' => 'eppn', 'managed' => true),
+        'display_name' => array( 'name' => 'displayName', 'managed' => true),
+        'email' => array( 'name' => 'mail', 'managed' => true),
     );
     shibboleth_add_option('shibboleth_headers', $headers);
@@ -52 +52 @@
             'value' => 'faculty',
         ),
+        // TODO: this could likely do strange things if WordPress has an actual role named 'default'
         'default' => 'subscriber',
     );
     shibboleth_add_option('shibboleth_roles', $roles);
 
-    shibboleth_add_option('shibboleth_update_users', true);
     shibboleth_add_option('shibboleth_update_roles', true);
 
     shibboleth_insert_htaccess();
+
+    shibboleth_migrate_old_data();
 
     shibboleth_update_option('shibboleth_plugin_revision', SHIBBOLETH_PLUGIN_REVISION);
@@ -76 +78 @@
 register_deactivation_hook('shibboleth/shibboleth.php', 'shibboleth_deactivate_plugin');
 
+
+/**
+ * Migrate old data to newer formats.
+ */
+function shibboleth_migrate_old_data() {
+
+    // new header format, allowing each header to be marked as 'managed' individually
+    $managed = shibboleth_get_option('shibboleth_update_users');
+    $headers = shibboleth_get_option('shibboleth_headers');
+    $updated = false;
+
+    foreach ($headers as $key => $value) {
+        if ( is_string($value) ) {
+            $headers[$key] = array(
+                'name' => $value,
+                'managed' => $managed,
+            );
+            $updated = true;
+        }
+    }
+
+    if ( $updated ) {
+        shibboleth_update_option('shibboleth_headers', $headers);
+    }
+    shibboleth_remove_option('shibboleth_update_users');
+
+}
 
 /**
@@ -241 +270 @@
     }
 
-    $username = $_SERVER[$shib_headers['username']];
+    $username = $_SERVER[$shib_headers['username']['name']];
     $user = new WP_User($username);
 
@@ -266 +295 @@
     // update user data
     update_usermeta($user->ID, 'shibboleth_account', true);
-    if ( shibboleth_get_option('shibboleth_update_users') ) shibboleth_update_user_data($user->ID);
+    shibboleth_update_user_data($user->ID);
     if ( shibboleth_get_option('shibboleth_update_roles') ) $user->set_role($user_role);
 
@@ -289 +318 @@
 
     // always update user data and role on account creation
-    shibboleth_update_user_data($user->ID);
+    shibboleth_update_user_data($user->ID, true);
     $user_role = shibboleth_get_user_role();
     $user->set_role($user_role);
@@ -333 +362 @@
 
 /**
- * Update the user data for the specified user based on the current Shibboleth headers.
+ * Get the user fields that are managed by Shibboleth.
+ *
+ * @return Array user fields managed by Shibboleth
+ */
+function shibboleth_get_managed_user_fields() {
+    $headers = shibboleth_get_option('shibboleth_headers');
+    $managed = array();
+
+    foreach ($headers as $name => $value) {
+        if ( $value['managed'] ) {
+            $managed[] = $name;
+        }
+    }
+
+    return $managed;
+}
+
+
+/**
+ * Update the user data for the specified user based on the current Shibboleth headers.  Unless 
+ * the 'force_update' parameter is true, only the user fields marked as 'managed' fields will be 
+ * updated.
  *
  * @param int $user_id ID of the user to update
+ * @param boolean $force_update force update of user data, regardless of 'managed' flag on fields
  * @uses apply_filters() Calls 'shibboleth_user_*' before setting user attributes, 
- *       where '*' is one of: login, nicename, first_name, last_name, nickname, 
- *       display_name, email
- */
-function shibboleth_update_user_data($user_id) {
+ *       where '*' is one of: login, nicename, first_name, last_name, 
+ *       nickname, display_name, email
+ */
+function shibboleth_update_user_data($user_id, $force_update = false) {
     require_once( ABSPATH . WPINC . '/registration.php' );
 
     $shib_headers = shibboleth_get_option('shibboleth_headers');
+
+    $user_fields = array(
+        'user_login' => 'username',
+        'user_nicename' => 'username',
+        'first_name' => 'first_name',
+        'last_name' => 'last_name',
+        'nickname' => 'nickname',
+        'display_name' => 'display_name',
+        'user_email' => 'email'
+    );
 
     $user_data = array(
         'ID' => $user_id,
-        'user_login' => apply_filters('shibboleth_user_login', $_SERVER[$shib_headers['username']]),
-        'user_nicename' => apply_filters('shibboleth_user_nicename', $_SERVER[$shib_headers['username']]),
-        'first_name' => apply_filters('shibboleth_user_first_name', $_SERVER[$shib_headers['first_name']]),
-        'last_name' => apply_filters('shibboleth_user_last_name', $_SERVER[$shib_headers['last_name']]),
-        'nickname' => apply_filters('shibboleth_user_nickname', $_SERVER[$shib_headers['nickname']]),
-        'display_name' => apply_filters('shibboleth_user_display_name', $_SERVER[$shib_headers['display_name']]),
-        'user_email' => apply_filters('shibboleth_user_email', $_SERVER[$shib_headers['email']]),
     );
+    
+    foreach ($user_fields as $field => $header) {
+        if ( $force_update || $shib_headers[$header]['managed'] ) {
+            $filter = 'shibboleth_' . ( strpos($field, 'user_') === 0 ? '' : 'user_' ) . $field;
+            $user_data[$field] = apply_filters($filter, $_SERVER[$shib_headers[$header]['name']]);
+        }
+    }
 
     wp_update_user($user_data);