MDL-48887 An auth plugin hook enabling removal of redundant redirects

This introduces a new hook allowing an auth plugin to redirect to an external login page directly without redundant redirects to the standard login page first, or where possible to authenticate the user and simply continue loading the page without any redirects. For some protocols such as SAML reducing the number of redirects to the bare minimum greatly speeds up the login process on high latency networks.
2025-04-22 00:42:54 +02:00 · 2015-01-20 14:25:14 +11:00 · 2015-01-20 14:25:14 +11:00 · bf08e3f94c
commit bf08e3f94c
parent be5743f655
2 changed files with 36 additions and 2 deletions
--- a/lib/authlib.php
+++ b/lib/authlib.php
@ -435,6 +435,26 @@ class auth_plugin_base {
        //override if needed
    }

+    /**
+     * Hook for overriding behaviour before going to the login page.
+     *
+     * This method is called from require_login from potentially any page for
+     * all enabled auth plugins and gives each plugin a chance to redirect
+     * directly to an external login page, or to instantly login a user where
+     * possible.
+     *
+     * If an auth plugin implements this hook, it must not rely on ONLY this
+     * hook in order to work, as there are many ways a user can browse directly
+     * to the standard login page. As a general rule in this case you should
+     * also implement the loginpage_hook as well.
+     *
+     */
+    function pre_loginpage_hook() {
+        // override if needed, eg by redirecting to an external login page
+        // or logging in a user:
+        // complete_user_login($user);
+    }
+
    /**
     * Post authentication hook.
     * This method is called from authenticate_user_login() for all enabled auth plugins.
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@ -2902,8 +2902,22 @@ function require_login($courseorid = null, $autologinguest = true, $cm = null, $
            if (!empty($_SERVER['HTTP_REFERER'])) {
                $SESSION->fromurl  = $_SERVER['HTTP_REFERER'];
            }
-            redirect(get_login_url());
-            exit; // Never reached.
+
+            // Give auth plugins an opportunity to authenticate or redirect to an external login page
+            $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
+            foreach($authsequence as $authname) {
+                $authplugin = get_auth_plugin($authname);
+                $authplugin->pre_loginpage_hook();
+                if (isloggedin()) {
+                    break;
+                }
+            }
+
+            // If we're still not logged in then go to the login page
+            if (!isloggedin()) {
+                redirect(get_login_url());
+                exit; // Never reached.
+            }
        }
    }