/**
* Test setting the attributes array.
*
* @covers ::setAttributes
*/
public function testSetAttributes()
{
$bag = new CasPropertyBag($this->randomMachineName(8));
$attributes = array('foo' => array('bar'), 'baz' => array('quux, foobar'));
$bag->setAttributes($attributes);
$this->assertEquals($attributes, \PHPUnit_Framework_Assert::readAttribute($bag, 'attributes'));
}
/**
* Test parsing out CAS attributes from response.
*
* @covers ::validateVersion2
* @covers ::parseAttributes
*/
public function testParseAttributes()
{
$ticket = $this->randomMachineName(8);
$service_params = array();
$response = "<cas:serviceResponse xmlns:cas='http://example.com/cas'>\n <cas:authenticationSuccess>\n <cas:user>username</cas:user>\n <cas:attributes>\n <cas:email>foo@example.com</cas:email>\n <cas:memberof>cn=foo,o=example</cas:memberof>\n <cas:memberof>cn=bar,o=example</cas:memberof>\n </cas:attributes>\n </cas:authenticationSuccess>\n </cas:serviceResponse>";
$mock = new MockHandler([new Response(200, array(), $response)]);
$handler = HandlerStack::create($mock);
$httpClient = new Client(['handler' => $handler]);
$casHelper = $this->getMockBuilder('\\Drupal\\cas\\Service\\CasHelper')->disableOriginalConstructor()->getMock();
$casHelper->expects($this->any())->method('getCasProtocolVersion')->willReturn('2.0');
$casValidator = new CasValidator($httpClient, $casHelper);
$expected_bag = new CasPropertyBag('username');
$expected_bag->setAttributes(array('email' => array('*****@*****.**'), 'memberof' => array('cn=foo,o=example', 'cn=bar,o=example')));
$actual_bag = $casValidator->validateTicket($ticket, $service_params);
$this->assertEquals($expected_bag, $actual_bag);
}
/**
* Validation of a service ticket for Version 2 of the CAS protocol.
*
* @param string $data
* The raw validation response data from CAS server.
*
* @return array
* An array containing validation result data from the CAS server.
* @throws CasValidateException
*/
private function validateVersion2($data)
{
$dom = new \DOMDocument();
$dom->preserveWhiteSpace = FALSE;
$dom->encoding = "utf-8";
// Suppress errors from this function, as we intend to throw our own
// exception.
if (@$dom->loadXML($data) === FALSE) {
throw new CasValidateException("XML from CAS server is not valid.");
}
$failure_elements = $dom->getElementsByTagName('authenticationFailure');
if ($failure_elements->length > 0) {
// Failed validation, extract the message and toss exception.
$failure_element = $failure_elements->item(0);
$error_code = $failure_element->getAttribute('code');
$error_msg = $failure_element->nodeValue;
throw new CasValidateException("Error Code " . trim($error_code) . ": " . trim($error_msg));
}
$success_elements = $dom->getElementsByTagName("authenticationSuccess");
if ($success_elements->length === 0) {
// All responses should have either an authenticationFailure
// or authenticationSuccess node.
throw new CasValidateException("XML from CAS server is not valid.");
}
// There should only be one success element, grab it and extract username.
$success_element = $success_elements->item(0);
$user_element = $success_element->getElementsByTagName("user");
if ($user_element->length == 0) {
throw new CasValidateException("No user found in ticket validation response.");
}
$username = $user_element->item(0)->nodeValue;
$this->casHelper->log("Extracted user: {$username}");
$property_bag = new CasPropertyBag($username);
// If the server provided any attributes, parse them out into the property
// bag.
$attribute_elements = $dom->getElementsByTagName("attributes");
if ($attribute_elements->length > 0) {
$property_bag->setAttributes($this->parseAttributes($attribute_elements));
}
// Look for a proxy chain, and if it exists, validate it against config.
$proxy_chain = $success_element->getElementsByTagName("proxy");
if ($this->casHelper->canBeProxied() && $proxy_chain->length > 0) {
$this->verifyProxyChain($proxy_chain);
}
if ($this->casHelper->isProxy()) {
// Extract the PGTIOU from the XML.
$pgt_element = $success_element->getElementsByTagName("proxyGrantingTicket");
if ($pgt_element->length == 0) {
throw new CasValidateException("Proxy initialized, but no PGTIOU provided in response.");
}
$pgt = $pgt_element->item(0)->nodeValue;
$this->casHelper->log("Extracted PGT: {$pgt}");
$property_bag->setPgt($pgt);
}
return $property_bag;
}
