diff --git a/config-templates/authsources.php b/config-templates/authsources.php
index 6afe417811d36c5248af6fa115dc3001d2bf1456..643c33221fd9095dd5aa14a4b511cf26c792bb89 100644
--- a/config-templates/authsources.php
+++ b/config-templates/authsources.php
@@ -354,6 +354,11 @@ $config = array(
//'remember.username.enabled' => FALSE,
//'remember.username.checked' => FALSE,
+ // Give the user an option to save their organization choice for future login
+ // attempts. And when enabled, what should the default be, checked or not.
+ //'remember.organization.enabled' => false,
+ //'remember.organization.checked' => false,
+
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
diff --git a/dictionaries/login.definition.json b/dictionaries/login.definition.json
index be3b12d4ed6dbd72db6a4b010b083652fc03074a..29ff2249d37c3a9e83de45268a75630e653e16b4 100644
--- a/dictionaries/login.definition.json
+++ b/dictionaries/login.definition.json
@@ -62,7 +62,10 @@
"remember_username": {
"en": "Remember my username"
},
- "remember_me": {
- "en": "Remember me"
- }
+ "remember_me": {
+ "en": "Remember me"
+ },
+ "remember_organization": {
+ "en": "Remember my organization"
+ }
}
diff --git a/modules/core/lib/Auth/UserPassOrgBase.php b/modules/core/lib/Auth/UserPassOrgBase.php
index ccdc1cda5980ee6f8e72ed611764346fbdd92779..8c22372268200a6925101731c13eacd372785f42 100644
--- a/modules/core/lib/Auth/UserPassOrgBase.php
+++ b/modules/core/lib/Auth/UserPassOrgBase.php
@@ -57,6 +57,22 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
*/
protected $rememberUsernameChecked = FALSE;
+ /**
+ * Storage for authsource config option remember.organization.enabled
+ * loginuserpassorg.php page/template use this option to present users
+ * with a checkbox to save their organization choice for the next login request.
+ * @var bool
+ */
+ protected $rememberOrganizationEnabled = false;
+
+ /**
+ * Storage for authsource config option remember.organization.checked
+ * loginuserpassorg.php page/template use this option to
+ * default the remember organization checkbox to checked or not.
+ * @var bool
+ */
+ protected $rememberOrganizationChecked = false;
+
/**
* Constructor for this authentication source.
@@ -83,6 +99,15 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
$this->rememberUsernameChecked = (bool) $config['remember.username.checked'];
unset($config['remember.username.checked']);
}
+ // Get the remember organization config options
+ if (isset($config['remember.organization.enabled'])) {
+ $this->rememberOrganizationEnabled = (bool) $config['remember.organization.enabled'];
+ unset($config['remember.organization.enabled']);
+ }
+ if (isset($config['remember.organization.checked'])) {
+ $this->rememberOrganizationChecked = (bool) $config['remember.organization.checked'];
+ unset($config['remember.organization.checked']);
+ }
$this->usernameOrgMethod = 'none';
}
@@ -133,10 +158,27 @@ abstract class sspmod_core_Auth_UserPassOrgBase extends SimpleSAML_Auth_Source {
* Getter for the authsource config option remember.username.checked
* @return bool
*/
- public function getRememberUsernameChecked() {
+ public function getRememberUsernameChecked()
+ {
return $this->rememberUsernameChecked;
}
+ /**
+ * Getter for the authsource config option remember.organization.enabled
+ * @return bool
+ */
+ public function getRememberOrganizationEnabled()
+ {
+ return $this->rememberOrganizationEnabled;
+ }
+
+ /**
+ * Getter for the authsource config option remember.organization.checked
+ * @return bool
+ */
+ public function getRememberOrganizationChecked() {
+ return $this->rememberOrganizationChecked;
+ }
/**
* Initialize login.
diff --git a/modules/core/templates/loginuserpass.php b/modules/core/templates/loginuserpass.php
index d957fc43a2b0745ad86aaf14a8a2d3f57b329129..210db853a470b4c075eb7a8027af29fa8b7c1580 100644
--- a/modules/core/templates/loginuserpass.php
+++ b/modules/core/templates/loginuserpass.php
@@ -142,6 +142,16 @@ if ($this->data['errorcode'] !== null) {
}
?>
</select></td>
+ <td style="padding: .4em;">
+ <?php
+ if ($this->data['rememberOrganizationEnabled']) {
+ echo str_repeat("\t", 4);
+ echo '<input type="checkbox" id="remember_organization" tabindex="5" name="remember_organization" value="Yes" ';
+ echo ($this->data['rememberOrganizationChecked'] ? 'checked="Yes" /> ' : '/> ');
+ echo $this->t('{login:remember_organization}');
+ }
+ ?>
+ </td>
</tr>
<?php
}
diff --git a/modules/core/www/loginuserpassorg.php b/modules/core/www/loginuserpassorg.php
index b853d8ca85dacc03d4c4e4989bf43da089664db8..be1dc21fa5749a0f2adbcc4b1f4dc89c3c5d1347 100644
--- a/modules/core/www/loginuserpassorg.php
+++ b/modules/core/www/loginuserpassorg.php
@@ -41,6 +41,8 @@ if (array_key_exists('password', $_REQUEST)) {
if (array_key_exists('organization', $_REQUEST)) {
$organization = $_REQUEST['organization'];
+} elseif ($source->getRememberOrganizationEnabled() && array_key_exists($source->getAuthId() . '-organization', $_COOKIE)) {
+ $organization = $_COOKIE[$source->getAuthId() . '-organization'];
} elseif (isset($state['core:organization'])) {
$organization = (string)$state['core:organization'];
} else {
@@ -65,9 +67,17 @@ if ($organizations === NULL || !empty($organization)) {
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += (isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300);
- \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, FALSE);
+ \SimpleSAML\Utils\HTTP::setCookie($source->getAuthId() . '-username', $username, $params, false);
}
+ if ($source->getRememberOrganizationEnabled()) {
+ $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
+ $params = $sessionHandler->getCookieParams();
+ $params['expire'] = time();
+ $params['expire'] += (isset($_REQUEST['remember_organization']) && $_REQUEST['remember_organization'] == 'Yes' ? 31536000 : -300);
+ setcookie($source->getAuthId() . '-organization', $organization, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
+ }
+
try {
sspmod_core_Auth_UserPassOrgBase::handleLogin($authStateId, $username, $password, $organization);
} catch (SimpleSAML_Error_Error $e) {
@@ -97,6 +107,9 @@ $t->data['rememberUsernameChecked'] = $source->getRememberUsernameChecked();
$t->data['rememberMeEnabled'] = false;
$t->data['rememberMeChecked'] = false;
if (isset($_COOKIE[$source->getAuthId() . '-username'])) $t->data['rememberUsernameChecked'] = TRUE;
+$t->data['rememberOrganizationEnabled'] = $source->getRememberOrganizationEnabled();
+$t->data['rememberOrganizationChecked'] = $source->getRememberOrganizationChecked();
+if (isset($_COOKIE[$source->getAuthId() . '-organization'])) $t->data['rememberOrganizationChecked'] = true;
$t->data['errorcode'] = $errorCode;
$t->data['errorcodes'] = SimpleSAML\Error\ErrorCodes::getAllErrorCodeMessages();
$t->data['errorparams'] = $errorParams;
diff --git a/tests/modules/core/lib/Auth/UserPassOrgBaseTest.php b/tests/modules/core/lib/Auth/UserPassOrgBaseTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..9b2fdea587f8460d4072e942f0bdbf6e7a9a8e94
--- /dev/null
+++ b/tests/modules/core/lib/Auth/UserPassOrgBaseTest.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: agustin
+ * Date: 16.10.2017
+ * Time: 12:17
+ */
+
+namespace SimpleSAML\Test\Module\core\Auth;
+
+use SimpleSAML\Module\core\Auth\UserPassOrgBase;
+
+class UserPassOrgBaseTest extends \PHPUnit_Framework_TestCase
+{
+ public function testRememberOrganizationEnabled()
+ {
+ $config = array(
+ 'ldap:LDAPMulti',
+
+ 'remember.organization.enabled' => true,
+ 'remember.organization.checked' => false,
+
+ 'my-org' => array(
+ 'description' => 'My organization',
+ // The rest of the options are the same as those available for
+ // the LDAP authentication source.
+ 'hostname' => 'ldap://ldap.myorg.com',
+ 'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
+ // Whether SSL/TLS should be used when contacting the LDAP server.
+ 'enable_tls' => false,
+ )
+ );
+
+ $mockUserPassOrgBase = $this->getMockBuilder('\sspmod_core_Auth_UserPassOrgBase')
+ ->setConstructorArgs(array(array('AuthId' => 'my-org'), &$config))
+ ->setMethods(array())
+ ->getMockForAbstractClass();
+
+ $this->assertTrue($mockUserPassOrgBase->getRememberOrganizationEnabled());
+ }
+}