public function execute($filterChain) { $user = $this->getContext()->getUser(); // We put an LDAP object in the context in order to reuse it later $this->getContext()->set('ldap', new uapvLdap()); // Filters can be called several times (because of internal forwards) // Authentication is only done the first time if ($this->isFirstCall() && (sfConfig::get('app_cas_server_force_authentication', false) || !$user->isAuthenticated())) { // phpCAS is not php5-compliant, we remove php warnings and strict errors $errorReporting = ini_get('error_reporting'); error_reporting($errorReporting & ~E_STRICT & ~E_NOTICE); if (sfConfig::get('app_cas_server_debug', false)) { phpCAS::setDebug(); } // see /tmp/phpCAS.log phpCAS::client(sfConfig::get('app_cas_server_version', CAS_VERSION_2_0), sfConfig::get('app_cas_server_host', 'localhost'), sfConfig::get('app_cas_server_port', 443), sfConfig::get('app_cas_server_path', ''), false); // Don't call session_start again, // symfony already did it //phpCAS::handleLogoutRequests (); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); // if necessary the user will be // redirected to the cas server // At this point the user is authenticated, we log him in $user->signIn(phpCAS::getUser()); // Previous settings can now be restored error_reporting($errorReporting); } // "credential" verification parent::execute($filterChain); }
function checkAndSetUserSession() { // store session data if (!isset($_SESSION['user'])) { $_SESSION['user'] = null; } if (isset($_REQUEST['login']) or isset($_REQUEST['logout'])) { // initialize phpCAS phpCAS::client(CAS_VERSION_2_0, 'login.kth.se', 443, ''); //phpCAS::proxy(CAS_VERSION_2_0,'login.kth.se',443,''); phpCAS::setNoCasServerValidation(); // If you want the redirect back from the login server to enter your application by some // specfic URL rather than just back to the current request URI, call setFixedCallbackURL. //phpCAS::setFixedCallbackURL('http://xml.csc.kth.se/~wiiala/DM2517/project/php/index.php'); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). $_SESSION['user'] = phpCAS::getUser(); //Logga ut och redirecta till vår standardsida if (isset($_REQUEST['logout'])) { unset($_SESSION['user']); phpCAS::logoutWithRedirectService('http://kth.kribba.com/'); } } }
function getUser() { if (phpCAS::isAuthenticated()) { return phpCAS::getUser(); } return null; }
public function get_login() { Logger::debug('main', 'AuthMethod_CAS::get_login()'); if (!isset($_SESSION['backup_sso']) || !is_array($_SESSION['backup_sso'])) { $_SESSION['backup_sso'] = array(); } foreach ($_REQUEST as $k => $v) { $_SESSION['backup_sso'][$k] = $v; } $buf = $this->prefs->get('AuthMethod', 'CAS'); $CAS_server_url = $buf['user_authenticate_cas_server_url']; if (!isset($CAS_server_url) || $CAS_server_url == '') { Logger::error('main', 'AuthMethod_CAS::get_login() - Unable to find CAS server url in Preferences'); return NULL; } phpCAS::client(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), parse_url($CAS_server_url, PHP_URL_PORT), parse_url($CAS_server_url, PHP_URL_PATH)); Logger::debug('main', 'AuthMethod_CAS::get_login() - Parsing URL - Host:"' . parse_url($CAS_server_url, PHP_URL_HOST) . '" Port:"' . parse_url($CAS_server_url, PHP_URL_PORT) . '" Path:"' . parse_url($CAS_server_url, PHP_URL_PATH) . '"'); phpCAS::setNoCasServerValidation(); if (!phpCAS::forceAuthentication()) { Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::forceAuthentication failed'); return NULL; } if (!phpCAS::isAuthenticated()) { Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::isAuthenticated failed'); return NULL; } $this->login = phpCAS::getUser(); foreach ($_SESSION['backup_sso'] as $k => $v) { if (isset($_REQUEST[$k])) { continue; } $_REQUEST[$k] = $v; } return $this->login; }
public function processLogin() { include_once COPIX_UTILS_PATH . '../../CAS-1.2.2/CAS.php'; $_SESSION['chartValid'] = false; $ppo = new CopixPPO(); $ppo->user = _currentUser(); if ($ppo->user->isConnected()) { $url_return = CopixUrl::get('kernel||doSelectHome'); /* * PATCH FOR CHARTE */ $this->user->forceReload(); if (!$this->service('charte|CharteService')->checkUserValidation()) { $this->flash->redirect = $url_return; return $this->go('charte|charte|valid'); } return _arRedirect($url_return); //return new CopixActionReturn (COPIX_AR_REDIRECT, $url_return); } else { $conf_Cas_host = CopixConfig::get('default|conf_Cas_host'); $conf_Cas_port = CopixConfig::get('default|conf_Cas_port'); $conf_Cas_path = CopixConfig::get('default|conf_Cas_path'); phpCAS::client(CAS_VERSION_2_0, $conf_Cas_host, (int) $conf_Cas_port, $conf_Cas_path, false); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); $ppo->cas_user = phpCAS::getUser(); if ($ppo->cas_user) { $ppo->iconito_user = Kernel::getUserInfo("LOGIN", $ppo->cas_user); if ($ppo->iconito_user['login']) { _currentUser()->login(array('login' => $ppo->iconito_user['login'], 'assistance' => true)); $url_return = CopixUrl::get('kernel||doSelectHome'); // $url_return = CopixUrl::get ('assistance||users'); $this->user->forceReload(); if (!$this->service('charte|CharteService')->checkUserValidation()) { $this->flash->redirect = $url_return; return $this->go('charte|charte|valid'); } return new CopixActionReturn(COPIX_AR_REDIRECT, $url_return); } else { $ppo->cas_error = 'no-iconito-user'; return _arPpo($ppo, 'cas.tpl'); } } } $ppo = new CopixPPO(); $ppo->TITLE_PAGE = $pTitle; phpCAS::setDebug(); $conf_Cas_host = CopixConfig::get('default|conf_Cas_host'); $conf_Cas_port = CopixConfig::get('default|conf_Cas_port'); $conf_Cas_path = CopixConfig::get('default|conf_Cas_path'); phpCAS::client(CAS_VERSION_2_0, $conf_Cas_host, (int) $conf_Cas_port, $conf_Cas_path, false); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); if (isset($_REQUEST['logout'])) { phpCAS::logout(); } die(phpCAS::getUser()); die('ok'); return _arPpo($ppo, 'handlers.list.tpl'); }
public function __construct() { $this->attr = phpCAS::getAttributes(); $this->attr['username'] = phpCAS::getUser(); $this->id = $this->attr['user_id']; unset($this->attr['sequence_token']); }
function metodillo() { $sSQL = "SELECT * FROM PM_PARAMETERS WHERE PRM_ID = 'CAS_URL' "; $aResSQL = executeQuery($sSQL); if (count($aResSQL)) { $sURL = $aResSQL[1]['PRM_VALUE']; $sURI = $aResSQL[1]['PRM_VALUE_2']; $res = false; $RBAC = RBAC::getSingleton(); $RBAC->initRBAC(); require_once 'CAS-1.2.2/CAS.php'; phpCAS::client(CAS_VERSION_2_0, $sURL, 443, $sURI, false); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); if (phpCAS::isAuthenticated() == true) { $sCasUser = phpCAS::getUser(); $sSQL = "SELECT USR_UID FROM USERS WHERE USR_USERNAME = '******' "; $aResSQL = executeQuery($sSQL); if (count($aResSQL)) { $nUserId = $aResSQL[1]['USR_UID']; $RBAC->singleSignOn = true; $RBAC->userObj->fields['USR_UID'] = $nUserId; $RBAC->userObj->fields['USR_USERNAME'] = $sCasUser; $res = true; } else { $res = false; } } else { $res = false; } } else { $res = false; } return $res; }
public function beforeLogin() { // configure phpCAS $cas_host = $this->get('casAuthServer'); $cas_context = $this->get('casAuthUri'); $cas_port = (int) $this->get('casAuthPort'); // import phpCAS lib $basedir = dirname(__FILE__); Yii::setPathOfAlias('myplugin', $basedir); Yii::import('myplugin.third_party.CAS.*'); require_once 'third_party/CAS/CAS.php'; // Initialize phpCAS phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context, false); // disable SSL validation of the CAS server phpCAS::setNoCasServerValidation(); //force CAS authentication phpCAS::forceAuthentication(); $this->setUsername(phpCAS::getUser()); $oUser = $this->api->getUserByName($this->getUserName()); if ($oUser || $this->get('autoCreate')) { // User authenticated and found. Cas become the authentication system $this->getEvent()->set('default', get_class($this)); $this->setAuthPlugin(); // This plugin handles authentication, halt further execution of auth plugins } elseif ($this->get('is_default', null, null)) { // Fall back to another authentication mecanism throw new CHttpException(401, 'Wrong credentials for LimeSurvey administration.'); } }
/** * Attempts to authenticate users via CAS */ public function index() { // If they don't have CAS configured, send them onto the application's // internal authentication system if (!defined('CAS')) { header('Location: ' . BASE_URL . '/login/login?return_url=' . $this->return_url); exit; } require_once CAS . '/CAS.php'; \phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false); \phpCAS::setNoCasServerValidation(); \phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // They may be authenticated according to CAS, // but that doesn't mean they have person record // and even if they have a person record, they may not // have a user account for that person record. try { $_SESSION['USER'] = new Person(\phpCAS::getUser()); header("Location: {$this->return_url}"); exit; } catch (\Exception $e) { $_SESSION['errorMessages'][] = $e; } $this->template->blocks[] = new Block('loginForm.inc', array('return_url' => $this->return_url)); }
/** * Main execution method. Initializes CAS client and force authentication if required before passing user to parent startup method. * * @param object $controller A reference to the instantiating controller object * @return boolean * @access public */ function startup(&$controller) { // CAS authentication required if user is not logged in //debug($controller);exit; //if (!$this->user()) { if (!isset($this->request->query['ticket'])) { // Set debug mode phpCAS::setDebug(false); //if(!empty(phpCAS::getUser())) // debug($this); //Initialize phpCAS //debug(isset($this->request->query['ticket'])); phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri')); // No SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // Force CAS authentication if required phpCAS::forceAuthentication(); //debug();exit; $model =& $this->getModel(); $controller->data[$model->alias][$this->fields['username']] = phpCAS::getUser(); $controller->data[$model->alias][$this->fields['password']] = 'a'; //$this->User->['username']=phpCAS::getUser(); //$this->User->['password']='******'; } return parent::startup($controller); //$this->redirect(array('controller'=>'User','action'=>'login')); }
public function __construct() { \phpCAS::setDebug(); \phpCAS::client(CAS_VERSION_2_0, "itebeta.baidu.com", 443, ""); \phpCAS::setNoCasServerValidation(); \phpCAS::forceAuthentication(); $this->username = \phpCAS::getUser(); }
public function checkPassword($uid, $password) { if (!phpCAS::isAuthenticated()) { return false; } $uid = phpCAS::getUser(); return $uid; }
/** * Collect any tokens that the user may have supplied. Reply NULL if none * are found. * * @return mixed * @access public * @since 3/16/05 */ function collect() { if (phpCAS::isAuthenticated()) { return phpCAS::getUser(); } else { return null; } }
protected function determineUsername() { $this->initializeCASClient(); if ($this->isAuthenticated()) { return phpCAS::getUser(); } else { return false; } }
public function Login($username, $loginContext) { Log::Debug('Attempting CAS login for username: %s', $username); $isAuth = phpCAS::isAuthenticated(); Log::Debug('CAS is auth ok: %s', $isAuth); $username = phpCAS::getUser(); $this->Synchronize($username); return $this->authToDecorate->Login($username, $loginContext); }
public static function modelAttributes() { $userInfo = array_combine(array('username', 'email', 'user_id'), explode('|', \phpCAS::getUser())); $casInfo = array_change_key_case(array_map('urldecode', \phpCAS::getAttributes()), CASE_LOWER); $casInfo['realname'] = $casInfo['username']; unset($casInfo['useraccountcontrol'], $casInfo['usernum'], $casInfo['useremail']); $return = array_merge($casInfo, $userInfo); return $return; }
public static function login() { if (self::$_user) { return self::$_user; } self::init(); phpCAS::forceAuthentication(); session_write_close(); return phpCAS::getUser(); }
/** * Return user details, if the user is logged in. */ public function user() { if (phpCAS::isAuthenticated()) { $userlogin = phpCAS::getUser(); $attributes = phpCAS::getAttributes(); return (object) array('userlogin' => $userlogin, 'attributes' => $attributes); } else { show_error("User was not authenticated yet."); } }
public static function post_login($parameters) { $uid = $parameters['uid']; $casBackend = OC_USER_CAS::getInstance(); $userDatabase = new \OC\User\Database(); if (phpCAS::isAuthenticated()) { // $cas_attributes may vary in name, therefore attributes are fetched to $attributes $cas_attributes = phpCAS::getAttributes(); $cas_uid = phpCAS::getUser(); // parameters $attributes = array(); if ($cas_uid == $uid) { \OCP\Util::writeLog('cas', 'attr \\"' . implode(',', $cas_attributes) . '\\" for the user: '******'cas_name'] = $cas_attributes[$casBackend->displayNameMapping]; } else { $attributes['cas_name'] = $cas_attributes['cn']; } if (array_key_exists($casBackend->mailMapping, $cas_attributes)) { $attributes['cas_email'] = $cas_attributes[$casBackend->mailMapping]; } else { $attributes['cas_email'] = $cas_attributes['mail']; } if (array_key_exists($casBackend->groupMapping, $cas_attributes)) { $attributes['cas_groups'] = $cas_attributes[$casBackend->groupMapping]; } else { if (!empty($casBackend->defaultGroup)) { $attributes['cas_groups'] = array($casBackend->defaultGroup); \OCP\Util::writeLog('cas', 'Using default group "' . $casBackend->defaultGroup . '" for the user: '******'/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) { \OCP\Util::writeLog('cas', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', \OCP\Util::DEBUG); return false; } else { $random_password = \OCP\Util::generateRandomBytes(20); \OCP\Util::writeLog('cas', 'Creating new user: ' . $uid, \OCP\Util::DEBUG); $userDatabase->createUser($uid, $random_password); // after creating the user, fill the attributes if ($userDatabase->userExists($uid)) { OC_USER_CAS_Hooks::update_user($uid, $attributes); } } } // try to update user attributes if ($casBackend->updateUserData) { OC_USER_CAS_Hooks::update_user($cas_uid, $attributes); } return true; } } return false; }
public function checkPassword($uid, $password) { if (!phpCAS::forceAuthentication()) { return false; } $uid = phpCAS::getUser(); if ($uid === false) { OCP\Util::writeLog('user_cas', 'phpCAS return no user !', OCP\Util::ERROR); return false; } return $uid; }
/** * Check username against CAS authentication backend. User needs to exist in MySQL to be able to log in. * * @param string $username User name to check * @param string $password User password to check * @return int Authentication success (0 = fail, 1 = success) FIXME bool */ function cas_authenticate($username, $password) { $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username)); if ($row['username'] && $row['username'] == $username) { if ($username == phpCAS::getUser()) { return 1; } dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'CAS: username does not match CAS user'), 'authlog'); } else { dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'CAS: NOT found in DB'), 'authlog'); } //session_logout(); return 0; }
public function preLogUser($sessionId) { if ($_GET['get_action'] == "logout") { phpCAS::logout(); return; } phpCAS::forceAuthentication(); $cas_user = phpCAS::getUser(); if (!$this->userExists($cas_user) && $this->autoCreateUser()) { $this->createUser($cas_user, openssl_random_pseudo_bytes(20)); } if ($this->userExists($cas_user)) { AuthService::logUser($cas_user, "", true); } }
public function FilterPreDoLogin($sLogin, &$sEmail, &$sPassword) { $sUser = phpCAS::getUser(); if ($sUser !== '' && $sUser == 'admin') { // TODO Admin login $sEmail = $sUser; $sPassword = '******'; } else { $aResult = array(); $aResult = $this->oAccountManagementProvider->GetEmailAndPassword($sUser); $sLogin = $sUser; $sEmail = $aResult['email']; $sPassword = $aResult['passwd']; } }
/** * Redirect the user to a login page if he isn't logged in. * * @return void */ protected function _doSecure() { // phpCAS is not php5-compliant, we disable error reporting $errorReporting = ini_get('error_reporting'); error_reporting(0); $this->initCasClient(); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); // if necessary the user will be // redirected to the cas server // At this point the user is authenticated, we log him in $this->setUserId(phpCAS::getUser()); // Previous settings can now be restored error_reporting($errorReporting); }
/** * Try to login with the CAS server */ public function login() { sfCAS::initPhpCAS(); phpCAS::forceAuthentication(); $username = phpCAS::getUser(); $data = sfGuardUserTable::getInstance()->findOneBy('username', $username); if (!$data || $data->getPassword() == NULL && !$data->getIsActive()) { $data = $this->registerUser($username, $data); } if ($data) { $this->signin($data, false); } else { die('Unauthorized.'); } }
protected function casUser() { $cas_host = \Config::get('app.cas_host'); $cas_context = \Config::get('app.cas_context'); $cas_port = \Config::get('app.cas_port'); \phpCAS::setDebug(); \phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context); \phpCAS::setNoCasServerValidation(); if (\phpCAS::isAuthenticated()) { $attributes = array('id' => \phpCAS::getUser(), 'name' => \phpCAS::getUser()); return new GenericUser($attributes); } else { \phpCAS::setServerURL(\Config::get('app.url')); \phpCAS::forceAuthentication(); } return null; }
public function _getUser() { // 解密cas server传来的原始数据 $encKey = $this->cfg['encKey']; if ($encVal = Encrypt::auth(phpCAS::getUser(), $encKey, 'DECODE')) { $encVal = json_decode($encVal, true); if ($this->isAdmin) { // 获取redis权限 $redis = new \Redis(); $redis->connect($this->cfg['redis']['host'], $this->cfg['redis']['port']); $redis->select($this->cfg['redis']['dbname']); $res = unserialize($redis->get('group' . $encVal['ugroup'] . '_' . $this->cfg['siteid'])); $encVal['permMenu'] = unserialize($redis->get('group' . $encVal['ugroup'] . '_' . $this->cfg['siteid'])); } } return $encVal ?: false; }
protected function _findUser($u = null, $p = null) { phpCAS::forceAuthentication(); $username = phpCAS::getUser(); $userModel = $this->settings['userModel']; list($plugin, $model) = pluginSplit($userModel); $fields = $this->settings['fields']; $conditions = array($model . '.' . $fields['username'] => $username); if (!empty($this->settings['scope'])) { $conditions = array_merge($conditions, $this->settings['scope']); } $result = ClassRegistry::init($userModel)->find('first', array('conditions' => $conditions, 'recursive' => 0)); if (empty($result) || empty($result[$model])) { return false; } return $result[$model]; }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // TRANS: Client error displayed when trying to log in while already logged on. $this->clientError(_m('Already logged in.')); } else { global $casSettings; phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false); phpCAS::setNoCasServerValidation(); phpCAS::handleLogoutRequests(); phpCAS::forceAuthentication(); global $casTempPassword; $casTempPassword = common_good_rand(16); $user = common_check_user(phpCAS::getUser(), $casTempPassword); if (!$user) { // TRANS: Server error displayed when trying to log in with incorrect username or password. $this->serverError(_m('Incorrect username or password.')); return; } // success! if (!common_set_user($user)) { // TRANS: Server error displayed when login fails in CAS authentication plugin. $this->serverError(_m('Error setting user. You are probably not authorized.')); return; } common_real_login(true); $url = common_get_returnto(); if ($url) { // We don't have to return to it again common_set_returnto(null); } else { if (common_config('site', 'private') && $casSettings['takeOverLogin']) { //SSO users expect to just go to the URL they entered //if we don't have a returnto set, the user entered the //main StatusNet url, so send them there. $url = common_local_url('public'); } else { //With normal logins (regular form-based username/password), //the user would expect to go to their home after logging in. $url = common_local_url('public', array('nickname' => $user->nickname)); } } common_redirect($url, 303); } }
/** * Cette methode permet de verifier si l'utilisateur * du portail poss�de d�j� une authentification SSO sur le * serveur CAS. * Si ce dernier ne poss�de pas d'authetification, le plugin redirige l'utilisateur sur * une page d'authentification CAS dans une iframe. */ function main($content, $conf) { session_start(); //$idPageAuth = '3434'; $idPageAuth = '3682'; $this->typeExecution = "prod"; $urlCas = "none"; $portCas = "none"; if ($this->typeExecution == "dev") { $urlCas = "xinf-devlinux.intranet.haras-nationaux.fr"; $portCas = 7777; } else { if ($this->typeExecution == "prod") { $urlCas = "cerbere.haras-nationaux.fr"; $portCas = 443; } } //debug($_SESSION); if ($GLOBALS["TSFE"]->page["tx_dlcube04CAS_auth_cas_required"] == 1) { phpCAS::client(CAS_VERSION_2_0, $urlCas, $portCas, 'cas', 'true'); $auth = phpCAS::checkAuthentication(); if (!$auth) { $_SESSION["service_id_auth"] = $GLOBALS["TSFE"]->id; header('Location: ' . t3lib_div::locationHeaderUrl($this->pi_getPageLink($idPageAuth, "", array("action" => "auth")))); exit; } else { $_SESSION["portalId"] = phpCAS::getUser(); } } if (isset($_GET["action_cas"]) && $_GET["action_cas"] == "logout") { unset($_SESSION["portalId"]); header('Location: ' . t3lib_div::locationHeaderUrl($this->pi_getPageLink("3683", "", array("action" => "disconnect")))); } /** * Gestion des langues pour le cookie */ if (isset($_GET["lang"])) { if ($_GET["lang"] == "fr") { $this->cookie_fr(); } if ($_GET["lang"] == "en") { $this->cookie_en(); } } }