MDL-29093 - Authentication for authentication only, not for user creation

There are cases when a moodle installation needs to only deal
user authentication and not user creation (this is especially
interesting when using external authentication sources such as LDAP,
CAS, etc.)

Add an option to prevent automatic user creation if the administrator
does't want users to be automatically created.

Signed-off-by: Iñaki Arenaza <iarenaza@mondragon.edu>

diff --git a/admin/settings/plugins.php b/admin/settings/plugins.php
index 599aa08..8546e0a 100644 (file)
--- a/admin/settings/plugins.php
+++ b/admin/settings/plugins.php
@@ -74,6 +74,7 @@ if ($hassiteconfig) {
     $temp->add(new admin_setting_manageauths());
     $temp->add(new admin_setting_heading('manageauthscommonheading', get_string('commonsettings', 'admin'), ''));
     $temp->add(new admin_setting_special_registerauth());
+    $temp->add(new admin_setting_configcheckbox('authonly', get_string('authonly', 'admin'), get_string('authonly_help', 'admin'), 0));
     $temp->add(new admin_setting_configcheckbox('loginpageautofocus', get_string('loginpageautofocus', 'admin'), get_string('loginpageautofocus_help', 'admin'), 0));
     $temp->add(new admin_setting_configselect('guestloginbutton', get_string('guestloginbutton', 'auth'),
                                               get_string('showguestlogin', 'auth'), '1', array('0'=>get_string('hide'), '1'=>get_string('show'))));

diff --git a/lang/en/admin.php b/lang/en/admin.php
index 56e87ae..2ce95f3 100644 (file)
--- a/lang/en/admin.php
+++ b/lang/en/admin.php
@@ -59,6 +59,8 @@ $string['antivirus'] = 'Anti-Virus';
 $string['appearance'] = 'Appearance';
 $string['aspellpath'] = 'Path to aspell';
 $string['authentication'] = 'Authentication';
+$string['authonly'] = 'Authentication for authentication only';
+$string['authonly_help'] = 'Enabling this option makes authentication plugins only authenticate already existing users. No new users will be created as part of the login process, even if entered username and password are valid. This also means you need to create new users using other mechanisms (manual creation, user uploading, LDAP sync, etc.)';
 $string['authsettings'] = 'Manage authentication';
 $string['autolang'] = 'Language autodetect';
 $string['autologinguests'] = 'Auto-login guests';

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index bfb8855..16a6436 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -3769,8 +3769,12 @@ function authenticate_user_login($username, $password) {
                 $user = update_user_record($username);
             }
         } else {
-            // if user not found, create him
-            $user = create_user_record($username, $password, $auth);
+            // if user not found and user creation is not disabled, create it
+            if (empty($CFG->authonly)) {
+                $user = create_user_record($username, $password, $auth);
+            } else {
+                continue;
+            }
         }
 
         $authplugin->sync_roles($user);