This method is called to force authentication if the user was not already
authenticated. If the user is not authenticated, halt by redirecting to
the CAS server.
| public static forceAuthentication ( ) : boolean | ||
| return | boolean | Authentication |
function checkAndSetUserSession()
{
// store session data
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = null;
}
if (isset($_REQUEST['login']) or isset($_REQUEST['logout'])) {
// initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, 'login.kth.se', 443, '');
//phpCAS::proxy(CAS_VERSION_2_0,'login.kth.se',443,'');
phpCAS::setNoCasServerValidation();
// If you want the redirect back from the login server to enter your application by some
// specfic URL rather than just back to the current request URI, call setFixedCallbackURL.
//phpCAS::setFixedCallbackURL('http://xml.csc.kth.se/~wiiala/DM2517/project/php/index.php');
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
$_SESSION['user'] = phpCAS::getUser();
//Logga ut och redirecta till vår standardsida
if (isset($_REQUEST['logout'])) {
unset($_SESSION['user']);
phpCAS::logoutWithRedirectService('http://kth.kribba.com/');
}
}
}
public function get_login()
{
Logger::debug('main', 'AuthMethod_CAS::get_login()');
if (!isset($_SESSION['backup_sso']) || !is_array($_SESSION['backup_sso'])) {
$_SESSION['backup_sso'] = array();
}
foreach ($_REQUEST as $k => $v) {
$_SESSION['backup_sso'][$k] = $v;
}
$buf = $this->prefs->get('AuthMethod', 'CAS');
$CAS_server_url = $buf['user_authenticate_cas_server_url'];
if (!isset($CAS_server_url) || $CAS_server_url == '') {
Logger::error('main', 'AuthMethod_CAS::get_login() - Unable to find CAS server url in Preferences');
return NULL;
}
phpCAS::client(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), parse_url($CAS_server_url, PHP_URL_PORT), parse_url($CAS_server_url, PHP_URL_PATH));
Logger::debug('main', 'AuthMethod_CAS::get_login() - Parsing URL - Host:"' . parse_url($CAS_server_url, PHP_URL_HOST) . '" Port:"' . parse_url($CAS_server_url, PHP_URL_PORT) . '" Path:"' . parse_url($CAS_server_url, PHP_URL_PATH) . '"');
phpCAS::setNoCasServerValidation();
if (!phpCAS::forceAuthentication()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::forceAuthentication failed');
return NULL;
}
if (!phpCAS::isAuthenticated()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::isAuthenticated failed');
return NULL;
}
$this->login = phpCAS::getUser();
foreach ($_SESSION['backup_sso'] as $k => $v) {
if (isset($_REQUEST[$k])) {
continue;
}
$_REQUEST[$k] = $v;
}
return $this->login;
}
public function execute($filterChain)
{
$user = $this->getContext()->getUser();
// We put an LDAP object in the context in order to reuse it later
$this->getContext()->set('ldap', new uapvLdap());
// Filters can be called several times (because of internal forwards)
// Authentication is only done the first time
if ($this->isFirstCall() && (sfConfig::get('app_cas_server_force_authentication', false) || !$user->isAuthenticated())) {
// phpCAS is not php5-compliant, we remove php warnings and strict errors
$errorReporting = ini_get('error_reporting');
error_reporting($errorReporting & ~E_STRICT & ~E_NOTICE);
if (sfConfig::get('app_cas_server_debug', false)) {
phpCAS::setDebug();
}
// see /tmp/phpCAS.log
phpCAS::client(sfConfig::get('app_cas_server_version', CAS_VERSION_2_0), sfConfig::get('app_cas_server_host', 'localhost'), sfConfig::get('app_cas_server_port', 443), sfConfig::get('app_cas_server_path', ''), false);
// Don't call session_start again,
// symfony already did it
//phpCAS::handleLogoutRequests ();
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
// if necessary the user will be
// redirected to the cas server
// At this point the user is authenticated, we log him in
$user->signIn(phpCAS::getUser());
// Previous settings can now be restored
error_reporting($errorReporting);
}
// "credential" verification
parent::execute($filterChain);
}
function forceAuth()
{
if (!phpCAS::isAuthenticated()) {
// If they're not currently logged in, take them to the RPI CAS page
phpCAS::forceAuthentication();
}
}
function force_login()
{
if (!isset($GLOBALS['PHPCAS_CLIENT'])) {
check_auth();
}
phpCAS::forceAuthentication();
}
function metodillo()
{
$sSQL = "SELECT * FROM PM_PARAMETERS WHERE PRM_ID = 'CAS_URL' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$sURL = $aResSQL[1]['PRM_VALUE'];
$sURI = $aResSQL[1]['PRM_VALUE_2'];
$res = false;
$RBAC = RBAC::getSingleton();
$RBAC->initRBAC();
require_once 'CAS-1.2.2/CAS.php';
phpCAS::client(CAS_VERSION_2_0, $sURL, 443, $sURI, false);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
if (phpCAS::isAuthenticated() == true) {
$sCasUser = phpCAS::getUser();
$sSQL = "SELECT USR_UID FROM USERS WHERE USR_USERNAME = '******' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$nUserId = $aResSQL[1]['USR_UID'];
$RBAC->singleSignOn = true;
$RBAC->userObj->fields['USR_UID'] = $nUserId;
$RBAC->userObj->fields['USR_USERNAME'] = $sCasUser;
$res = true;
} else {
$res = false;
}
} else {
$res = false;
}
} else {
$res = false;
}
return $res;
}
public function beforeLogin()
{
// configure phpCAS
$cas_host = $this->get('casAuthServer');
$cas_context = $this->get('casAuthUri');
$cas_port = (int) $this->get('casAuthPort');
// import phpCAS lib
$basedir = dirname(__FILE__);
Yii::setPathOfAlias('myplugin', $basedir);
Yii::import('myplugin.third_party.CAS.*');
require_once 'third_party/CAS/CAS.php';
// Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context, false);
// disable SSL validation of the CAS server
phpCAS::setNoCasServerValidation();
//force CAS authentication
phpCAS::forceAuthentication();
$this->setUsername(phpCAS::getUser());
$oUser = $this->api->getUserByName($this->getUserName());
if ($oUser || $this->get('autoCreate')) {
// User authenticated and found. Cas become the authentication system
$this->getEvent()->set('default', get_class($this));
$this->setAuthPlugin();
// This plugin handles authentication, halt further execution of auth plugins
} elseif ($this->get('is_default', null, null)) {
// Fall back to another authentication mecanism
throw new CHttpException(401, 'Wrong credentials for LimeSurvey administration.');
}
}
/**
* Attempts to authenticate users via CAS
*/
public function index()
{
// If they don't have CAS configured, send them onto the application's
// internal authentication system
if (!defined('CAS')) {
header('Location: ' . BASE_URL . '/login/login?return_url=' . $this->return_url);
exit;
}
require_once CAS . '/CAS.php';
\phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false);
\phpCAS::setNoCasServerValidation();
\phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// They may be authenticated according to CAS,
// but that doesn't mean they have person record
// and even if they have a person record, they may not
// have a user account for that person record.
try {
$_SESSION['USER'] = new Person(\phpCAS::getUser());
header("Location: {$this->return_url}");
exit;
} catch (\Exception $e) {
$_SESSION['errorMessages'][] = $e;
}
$this->template->blocks[] = new Block('loginForm.inc', array('return_url' => $this->return_url));
}
public function beforeLogin()
{
if (!is_null($this->api->getRequest()->getParam('noAuthCAS')) || $this->api->getRequest()->getIsPostRequest()) {
# Local authentication forced through 'noAuthCAS' url parameter
$this->getEvent()->set('default', "Authdb");
} else {
// configure phpCAS
$cas_host = $this->get('casAuthServer');
$cas_context = $this->get('casAuthUri');
$cas_port = (int) $this->get('casAuthPort');
$cas_version = $this->get('casVersion');
// import phpCAS lib
$basedir = dirname(__FILE__);
Yii::setPathOfAlias('myplugin', $basedir);
Yii::import('myplugin.third_party.CAS.CAS', true);
// Initialize phpCAS
phpCAS::client($cas_version, $cas_host, $cas_port, $cas_context, false);
// disable SSL validation of the CAS server
phpCAS::setNoCasServerValidation();
//force CAS authentication
phpCAS::forceAuthentication();
$this->setUsername(phpCAS::getUser());
$oUser = $this->api->getUserByName($this->getUserName());
if ($oUser || (int) $this->get('autoCreate') > 0) {
// User authenticated and found. Cas become the authentication system
$this->getEvent()->set('default', get_class($this));
$this->setAuthPlugin();
// This plugin handles authentication, halt further execution of auth plugins
} elseif ($this->get('is_default', null, null)) {
// Fall back to another authentication mecanism
throw new CHttpException(401, 'Wrong credentials for LimeSurvey administration.');
}
}
}
/**
* Main execution method. Initializes CAS client and force authentication if required before passing user to parent startup method.
*
* @param object $controller A reference to the instantiating controller object
* @return boolean
* @access public
*/
function startup(&$controller)
{
// CAS authentication required if user is not logged in
//debug($controller);exit;
//if (!$this->user()) {
if (!isset($this->request->query['ticket'])) {
// Set debug mode
phpCAS::setDebug(false);
//if(!empty(phpCAS::getUser()))
// debug($this);
//Initialize phpCAS
//debug(isset($this->request->query['ticket']));
phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri'));
// No SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
// Force CAS authentication if required
phpCAS::forceAuthentication();
//debug();exit;
$model =& $this->getModel();
$controller->data[$model->alias][$this->fields['username']] = phpCAS::getUser();
$controller->data[$model->alias][$this->fields['password']] = 'a';
//$this->User->['username']=phpCAS::getUser();
//$this->User->['password']='******';
}
return parent::startup($controller);
//$this->redirect(array('controller'=>'User','action'=>'login'));
}
function forceAuth()
{
if (!CASUser::isAuthenticated()) {
phpCAS::forceAuthentication();
return false;
}
return true;
}
public function checkAuthentication()
{
if (phpCAS::isAuthenticated() && !AuthCookie::hasAuthCookie()) {
$this->loginCallback();
}
// force CAS authentication
phpCAS::forceAuthentication();
}
public function __construct()
{
\phpCAS::setDebug();
\phpCAS::client(CAS_VERSION_2_0, "itebeta.baidu.com", 443, "");
\phpCAS::setNoCasServerValidation();
\phpCAS::forceAuthentication();
$this->username = \phpCAS::getUser();
}
public function checkAuthentication()
{
if (phpCAS::isAuthenticated() && !Auth::isValidCookie(Auth::getCookieInfo(APP_COOKIE))) {
$this->loginCallback();
}
// force CAS authentication
$auth = phpCAS::forceAuthentication();
}
public static function login()
{
if (self::$_user) {
return self::$_user;
}
self::init();
phpCAS::forceAuthentication();
session_write_close();
return phpCAS::getUser();
}
public function Validate($username, $password)
{
try {
phpCAS::forceAuthentication();
} catch (Exception $ex) {
Log::Error('CAS exception: %s', $ex);
return false;
}
return true;
}
/**
* This function returns false if the used auth method cannot be
* done without user action (ie needs filling login/password in the
* form...). If it can be done automatically (SSL, CAS, etc...), then
* try to authenticate the user, and return the username if it succeeds,
* false otherwise).
*
* @returns The username if the authentification succeeds, false if
* it fails or is not applicable.
*/
function autoAuth()
{
// Instanciate phpCAS
include_once 'CAS/CAS.php';
phpCAS::client(CAS_VERSION_2_0, $this->casServerHostname, $this->casServerPort, $this->casServerURI);
// Do CAS authentication (force it)
phpCAS::forceAuthentication();
// If the CAS authentification was successful, phpCAS will get us back
// here and return the user login. Just what we needed !
return phpCAS::getUser();
}
public function checkPassword($uid, $password)
{
if (!phpCAS::forceAuthentication()) {
return false;
}
$uid = phpCAS::getUser();
if ($uid === false) {
OCP\Util::writeLog('user_cas', 'phpCAS return no user !', OCP\Util::ERROR);
return false;
}
return $uid;
}
public function authenticate(CakeRequest $request, CakeResponse $response)
{
$user = $this->getUser();
// CAS authentication required if user is not logged in
if (!$user) {
$this->initializeCASClient();
// Force CAS authentication if required
phpCAS::forceAuthentication();
$user = $this->getUser();
}
return $user;
}
public function Validate($username, $password)
{
try {
if ($_GET["doCAS"] == 1) {
phpCAS::forceAuthentication();
} else {
return parent::Validate($username, $password);
}
} catch (Exception $ex) {
Log::Error('CAS exception: %s', $ex);
return false;
}
return true;
}
public function preLogUser($sessionId)
{
if ($_GET['get_action'] == "logout") {
phpCAS::logout();
return;
}
phpCAS::forceAuthentication();
$cas_user = phpCAS::getUser();
if (!$this->userExists($cas_user) && $this->autoCreateUser()) {
$this->createUser($cas_user, openssl_random_pseudo_bytes(20));
}
if ($this->userExists($cas_user)) {
AuthService::logUser($cas_user, "", true);
}
}
/**
* Try to login with the CAS server
*/
public function login()
{
sfCAS::initPhpCAS();
phpCAS::forceAuthentication();
$username = phpCAS::getUser();
$data = sfGuardUserTable::getInstance()->findOneBy('username', $username);
if (!$data || $data->getPassword() == NULL && !$data->getIsActive()) {
$data = $this->registerUser($username, $data);
}
if ($data) {
$this->signin($data, false);
} else {
die('Unauthorized.');
}
}
/**
* Redirect the user to a login page if he isn't logged in.
*
* @return void
*/
protected function _doSecure()
{
// phpCAS is not php5-compliant, we disable error reporting
$errorReporting = ini_get('error_reporting');
error_reporting(0);
$this->initCasClient();
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
// if necessary the user will be
// redirected to the cas server
// At this point the user is authenticated, we log him in
$this->setUserId(phpCAS::getUser());
// Previous settings can now be restored
error_reporting($errorReporting);
}
protected function casUser()
{
$cas_host = \Config::get('app.cas_host');
$cas_context = \Config::get('app.cas_context');
$cas_port = \Config::get('app.cas_port');
\phpCAS::setDebug();
\phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
\phpCAS::setNoCasServerValidation();
if (\phpCAS::isAuthenticated()) {
$attributes = array('id' => \phpCAS::getUser(), 'name' => \phpCAS::getUser());
return new GenericUser($attributes);
} else {
\phpCAS::setServerURL(\Config::get('app.url'));
\phpCAS::forceAuthentication();
}
return null;
}
function handle($args)
{
parent::handle($args);
if (common_is_real_login()) {
// TRANS: Client error displayed when trying to log in while already logged on.
$this->clientError(_m('Already logged in.'));
} else {
global $casSettings;
phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests();
phpCAS::forceAuthentication();
global $casTempPassword;
$casTempPassword = common_good_rand(16);
$user = common_check_user(phpCAS::getUser(), $casTempPassword);
if (!$user) {
// TRANS: Server error displayed when trying to log in with incorrect username or password.
$this->serverError(_m('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when login fails in CAS authentication plugin.
$this->serverError(_m('Error setting user. You are probably not authorized.'));
return;
}
common_real_login(true);
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
} else {
if (common_config('site', 'private') && $casSettings['takeOverLogin']) {
//SSO users expect to just go to the URL they entered
//if we don't have a returnto set, the user entered the
//main StatusNet url, so send them there.
$url = common_local_url('public');
} else {
//With normal logins (regular form-based username/password),
//the user would expect to go to their home after logging in.
$url = common_local_url('public', array('nickname' => $user->nickname));
}
}
common_redirect($url, 303);
}
}
protected function _findUser($u = null, $p = null)
{
phpCAS::forceAuthentication();
$username = phpCAS::getUser();
$userModel = $this->settings['userModel'];
list($plugin, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
$conditions = array($model . '.' . $fields['username'] => $username);
if (!empty($this->settings['scope'])) {
$conditions = array_merge($conditions, $this->settings['scope']);
}
$result = ClassRegistry::init($userModel)->find('first', array('conditions' => $conditions, 'recursive' => 0));
if (empty($result) || empty($result[$model])) {
return false;
}
return $result[$model];
}
function authCAS($config)
{
require_once dirname(__FILE__) . '/CAS/CAS.php';
// get module configuration
$cas_validate = true;
$cas_version = CAS_VERSION_2_0;
$cas_language = 'english';
// phpCAS::setDebug();
phpCAS::client($cas_version, $config->cashostname, (int) $config->casport, $config->casbaseuri, false);
phpCAS::setLang($cas_language);
error_log("CAS: Entering");
$check = phpCAS::isSessionAuthenticated();
phpCAS::forceAuthentication();
$NetUsername = phpCAS::getUser();
//this stores their network user id
error_log("CAS: Exiting {$NetUsername}");
return $NetUsername;
}
public function __construct()
{
parent::__construct();
// $this->load->helper('url');
// $this->cismarty->assign("baseurl", base_url());
$this->cismarty->assign("curruser", "");
// $this->cismarty->assign("module", "manage");
//return;
require_once 'lib/phpcas/CAS.php';
phpCAS::setDebug();
/* phpCAS::client(CAS_VERSION_2_0, $this->config->item('cas_host'),
$this->config->item('cas_port'),
$this->config->item('cas_context'));
$this->load->library("session");
*/
//phpCAS::client(CAS_VERSION_2_0,'uuap.baidu.com',80,'');
phpCAS::client(CAS_VERSION_2_0, 'itebeta.baidu.com', 443, '');
$_SESSION['CAS_USER_LEVEL'] = 2;
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
if (isset($_REQUEST['logout'])) {
phpCAS::logout();
}
$this->cismarty->assign("curruser", phpCAS::getUser());
$this->currUser = phpCAS::getUser();
/*
$sessionPid = $this->session->userdata('productid');
if (isset($_REQUEST['productid'])) {
$this->session->set_userdata('productid', $_REQUEST['productid']);
}
$this->currProductId = $this->session->userdata('productid');
if (empty($this->currProductId)) {
$this->currProductId = 1;
}
$this->cismarty->assign('productid', $this->currProductId);
$this->cismarty->assign("module", strtolower(get_class($this)));
$this->load->model('product_model');
$products = $this->product_model->getProducts();
$currProduct = $this->product_model->getProduct($this->currProductId);
$this->currDbInfo = $currProduct->dbinfo;
$this->cismarty->assign("products", $products);
$this->cismarty->assign('product', $this->product_model->getProduct($this->currProductId));
*/
}
/**
* Displays the login page
*/
public function actionLogin()
{
Yii::import('application.vendors.CAS.*');
include_once 'CAS/Autoload.php';
spl_autoload_unregister(array('YiiBase', 'autoload'));
spl_autoload_register(array('YiiBase', 'autoload'));
include_once 'CAS.php';
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, 'sso.ui.ac.id', 443, 'cas');
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
phpCAS::checkAuthentication();
$username = phpCAS::getUser();
$identity = new UserIdentity($username);
if ($identity->authenticate()) {
Yii::app()->user->login($identity);
}
$this->redirect(array('home/index'));
}
public function FilterApplicationConfig(&$oConfig)
{
$sCasHost = \trim($this->Config()->Get('plugin', 'cas_server_host', ''));
$iCasPort = $this->Config()->Get('plugin', 'cas_server_port', 8443);
phpCAS::setDebug('/tmp/phpCAS-rl.log');
// Schrijft debug informatie naar een log-file
// Parameters: CAS version, CAS server url, CAS server port, CAS server URI (same as host),
// boolean indicating session start, communication protocol (SAML) between application and CAS server
phpCAS::client(CAS_VERSION_3_0, $sCasHost, $iCasPort, '', true, 'saml');
// Server from which logout requests are sent
// phpCAS::handleLogoutRequests(true, array('cas1.ugent.be','cas2.ugent.be','cas3.ugent.be','cas4.ugent.be','cas5.ugent.be','cas6.ugent.be'));
phpCAS::handleLogoutRequests(true, array('http://localhost:8080/php_cas_login/home.html'));
// Path to the "trusted certificate authorities" file:
// phpCAS::setCasServerCACert('/etc/ssl/certs/ca-certificates.crt');
// No server verification (less safe!):
phpCAS::setNoCasServerValidation();
// The actual user authentication
phpCAS::forceAuthentication();
$this->oAccountManagementProvider = $this->AccountManagementProvider($oConfig);
}
