Exemplo n.º 1
0
 /**
  * Initializes the authority objects based on an associative array of arguments
  * @param array $args an associate array of arguments. The argument list is dependent on the authority
  *
  * General - Required keys:
  *   TITLE => The human readable title of the AuthorityImage
  *   INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
  *
  * General - Optional keys:
  *   LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
  *
  * CAS - Required keys:
  *   CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
  *                   CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
  *   CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
  *   CAS_PORT => The port the CAS server is listening on, e.g. "443"
  *   CAS_PATH => The path of the CAS application, e.g. "/cas/"
  *   CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
  *                  of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
  *                  validation will be performed (not recommended for production).
  *
  * CAS - Optional keys:
  *   ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your 
  *                  CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your 
  *                       CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *
  * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
  *
  */
 public function init($args)
 {
     parent::init($args);
     // include the PHPCAS library
     if (empty($args['CAS_PHPCAS_PATH'])) {
         require_once 'CAS.php';
     } else {
         require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
     }
     if (empty($args['CAS_PROTOCOL'])) {
         throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_HOST'])) {
         throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PORT'])) {
         throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PATH'])) {
         throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PROXY_INIT'])) {
         phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
     } else {
         phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
         if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
             phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
         }
         if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
             phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
         }
     }
     if (empty($args['CAS_CA_CERT'])) {
         phpCAS::setNoCasServerValidation();
     } else {
         phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
     }
     // Record any attribute mapping configured.
     if (!empty($args['ATTRA_EMAIL'])) {
         CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
     }
     if (!empty($args['ATTRA_FIRST_NAME'])) {
         CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
     }
     if (!empty($args['ATTRA_LAST_NAME'])) {
         CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
     }
     if (!empty($args['ATTRA_FULL_NAME'])) {
         CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
     }
     // Store an attribute for group membership if configured.
     if (!empty($args['ATTRA_MEMBER_OF'])) {
         CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
     }
 }
 public function init($args)
 {
     parent::init($args);
     // set field map using SHIB_XXX_FIELD = "" maps to $_SERVER values
     foreach ($args as $arg => $value) {
         if (preg_match("/^shib_(email|firstname|lastname|fullname)_field\$/", strtolower($arg), $bits)) {
             $key = strtolower($bits[1]);
             $this->fieldMap[$key] = $value;
         }
     }
     if (isset($args['SHIB_ATTRIBUTES']) && is_array($args['SHIB_ATTRIBUTES'])) {
         $this->attributes = $args['SHIB_ATTRIBUTES'];
     }
 }
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     if (!isset($args['DB_TYPE'])) {
         $args = array_merge(Kurogo::getSiteSection('database'), $args);
     }
     $this->connection = new db($args);
     $this->tableMap = array('user' => 'users', 'group' => 'groups', 'groupmembers' => 'groupmembers');
     $this->fieldMap = array('user_userid' => 'userID', 'user_password' => 'password', 'user_email' => 'email', 'user_firstname' => 'firstname', 'user_lastname' => 'lastname', 'user_fullname' => 'fullname', 'group_groupname' => 'group', 'group_gid' => 'gid', 'group_groupmember' => 'gid', 'groupmember_group' => 'gid', 'groupmember_user' => 'userID', 'groupmember_authority' => '');
     foreach ($args as $arg => $value) {
         if (preg_match("/^db_(user|group|groupmember)_(.*?)_field\$/", strtolower($arg), $bits)) {
             $key = sprintf("%s_%s", $bits[1], $bits[2]);
             if (isset($this->fieldMap[$key])) {
                 $this->fieldMap[$key] = $value;
             }
         } elseif (preg_match("/^db_(.*?)_table\$/", strtolower($arg), $bits)) {
             $key = $bits[1];
             if (isset($this->tableMap[$key])) {
                 $this->tableMap[$key] = $value;
             }
         } else {
             switch ($arg) {
                 case 'DB_USER_PASSWORD_HASH':
                     if (!in_array($value, hash_algos())) {
                         throw new KurogoConfigurationException("Hashing algorithm {$value} not available");
                     }
                     $this->hashAlgo = $value;
                     break;
                 case 'DB_USER_PASSWORD_SALT':
                     $this->hashSalt = $value;
                     break;
                 case 'DB_GROUP_GROUPMEMBER_PROPERTY':
                     if (!in_array($value, array('group', 'gid'))) {
                         throw new KurogoConfigurationException("Invalid value for DB_GROUP_GROUPMEMBER_PROPERTY {$value}. Should be gid or group");
                     }
                     $this->fieldMap['group_groupmember'] = $value;
                     break;
             }
         }
     }
 }
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     if (!isset($args['FACEBOOK_API_KEY'], $args['FACEBOOK_API_SECRET']) || strlen($args['FACEBOOK_API_KEY']) == 0 || strlen($args['FACEBOOK_API_SECRET']) == 0) {
         throw new KurogoConfigurationException("API key and secret not set");
     }
     $this->api_key = $args['FACEBOOK_API_KEY'];
     $this->api_secret = $args['FACEBOOK_API_SECRET'];
     if (isset($_SESSION['fb_access_token'])) {
         $this->access_token = $_SESSION['fb_access_token'];
     }
     if (isset($args['FACEBOOK_API_PERMS'])) {
         $this->perms = array_unique(array_merge($this->perms, $args['FACEBOOK_API_PERMS']));
     }
 }
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     $this->ldapServer = isset($args['LDAP_HOST']) ? $args['LDAP_HOST'] : null;
     $this->ldapPort = isset($args['LDAP_PORT']) ? $args['LDAP_PORT'] : 389;
     $this->ldapSearchBase = isset($args['LDAP_SEARCH_BASE']) ? $args['LDAP_SEARCH_BASE'] : null;
     $this->ldapUserSearchBase = isset($args['LDAP_USER_SEARCH_BASE']) ? $args['LDAP_USER_SEARCH_BASE'] : null;
     $this->ldapGroupSearchBase = isset($args['LDAP_GROUP_SEARCH_BASE']) ? $args['LDAP_GROUP_SEARCH_BASE'] : null;
     //used if anonymous searches are not permitted (i.e. AD)
     $this->ldapAdminDN = isset($args['LDAP_ADMIN_DN']) ? $args['LDAP_ADMIN_DN'] : null;
     $this->ldapAdminPassword = isset($args['LDAP_ADMIN_PASSWORD']) ? $args['LDAP_ADMIN_PASSWORD'] : null;
     $this->fieldMap = $this->defaultFieldMap();
     foreach ($args as $arg => $value) {
         if (preg_match("/^ldap_(user|group)_(.*?)_field\$/", strtolower($arg), $bits)) {
             if (isset($this->fieldMap[$bits[2]])) {
                 $this->fieldMap[$bits[2]] = strtolower($value);
             }
         }
     }
     if (empty($this->ldapServer)) {
         throw new KurogoConfigurationException("Invalid LDAP Server");
     }
     if (empty($this->ldapPort)) {
         throw new KurogoConfigurationException("Invalid LDAP Port");
     }
 }
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     $this->userFile = isset($args['PASSWD_USER_FILE']) ? $args['PASSWD_USER_FILE'] : null;
     $this->groupFile = isset($args['PASSWD_GROUP_FILE']) ? $args['PASSWD_GROUP_FILE'] : null;
     
     if ($this->userLogin != 'NONE') {        
         if (!is_readable($this->userFile)) {
             throw new Exception("Unable to load password file $this->userFile");
         }
     }
 }
    public function init($args) {
        parent::init($args);
        $args = is_array($args) ? $args : array();
        $this->tokenSessionVar = sprintf("%s_token", $this->getAuthorityIndex());
        $this->tokenSecretSessionVar = sprintf("%s_tokenSecret", $this->getAuthorityIndex());

        if (isset($_SESSION[$this->tokenSessionVar], $_SESSION[$this->tokenSecretSessionVar])) {
            $this->setToken($_SESSION[$this->tokenSessionVar]);
            $this->setTokenSecret($_SESSION[$this->tokenSecretSessionVar]);
        }
    }
 /**
  * Initializes the authority objects based on an associative array of arguments
  * @param array $args an associate array of arguments. The argument list is dependent on the authority
  *
  * General - Required keys:
  *   TITLE => The human readable title of the AuthorityImage
  *   INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
  *
  * General - Optional keys:
  *   LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
  *
  * CAS - Required keys:
  *   CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
  *                   CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
  *   CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
  *   CAS_PORT => The port the CAS server is listening on, e.g. "443"
  *   CAS_PATH => The path of the CAS application, e.g. "/cas/"
  *   CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
  *                  of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
  *                  validation will be performed (not recommended for production).
  *
  * CAS - Optional keys:
  *   ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your 
  *                  CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your 
  *                       CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *
  * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
  *
  */
 public function init($args)
 {
     parent::init($args);
     // include the PHPCAS library
     if (empty($args['CAS_PHPCAS_PATH'])) {
         require_once 'CAS.php';
     } else {
         require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
     }
     if (!empty($args['CAS_DEBUG_LOG'])) {
         phpCAS::setDebug($args['CAS_DEBUG_LOG']);
     }
     if (empty($args['CAS_PROTOCOL'])) {
         throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_HOST'])) {
         throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PORT'])) {
         throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PATH'])) {
         throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PROXY_INIT'])) {
         phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
     } else {
         phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
         if (!empty($args['CAS_PROXY_TICKET_PATH']) && !empty($args['CAS_PROXY_TICKET_DB_DSN'])) {
             throw new KurogoConfigurationException('Only one of CAS_PROXY_TICKET_PATH or CAS_PROXY_TICKET_DB_DSN may be set for ' . $this->AuthorityTitle);
         }
         if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
             if (version_compare(PHPCAS_VERSION, '1.3', '>=')) {
                 phpCAS::setPGTStorageFile($args['CAS_PROXY_TICKET_PATH']);
             } else {
                 phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
             }
         }
         if (!empty($args['CAS_PROXY_TICKET_DB_DSN'])) {
             $user = $pass = $table = $driver_opts = '';
             if (!empty($args['CAS_PROXY_TICKET_DB_USER'])) {
                 $user = $args['CAS_PROXY_TICKET_DB_USER'];
             }
             if (!empty($args['CAS_PROXY_TICKET_DB_PASS'])) {
                 $pass = $args['CAS_PROXY_TICKET_DB_PASS'];
             }
             if (!empty($args['CAS_PROXY_TICKET_DB_TABLE'])) {
                 $table = $args['CAS_PROXY_TICKET_DB_TABLE'];
             }
             if (!empty($args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'])) {
                 $driver_opts = $args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'];
             }
             phpCAS::setPGTStorageDb($args['CAS_PROXY_TICKET_DB_DSN'], $user, $pass, $table, $driver_opts);
         }
         if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
             phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
         }
     }
     if (empty($args['CAS_CA_CERT'])) {
         phpCAS::setNoCasServerValidation();
     } else {
         phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
     }
     // Record any attribute mapping configured.
     if (!empty($args['ATTRA_EMAIL'])) {
         CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
     }
     if (!empty($args['ATTRA_FIRST_NAME'])) {
         CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
     }
     if (!empty($args['ATTRA_LAST_NAME'])) {
         CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
     }
     if (!empty($args['ATTRA_FULL_NAME'])) {
         CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
     }
     // Store an attribute for group membership if configured.
     if (!empty($args['ATTRA_MEMBER_OF'])) {
         CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
     }
 }
    public function init($args)
    {
        parent::init($args);
        $args = is_array($args) ? $args : array();
        if (!isset($args['API_KEY'], $args['API_SECRET']) ||
            strlen($args['API_KEY'])==0 || strlen($args['API_SECRET'])==0) {
            throw new Exception("API key and secret not set");
        }

        $this->api_key = $args['API_KEY'];
        $this->api_secret = $args['API_SECRET'];
        if (isset($_SESSION['fb_access_token'])) {
            $this->access_token = $_SESSION['fb_access_token'];
        }
    }
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     $this->userFile = isset($args['PASSWD_USER_FILE']) ? $args['PASSWD_USER_FILE'] : null;
     $this->groupFile = isset($args['PASSWD_GROUP_FILE']) ? $args['PASSWD_GROUP_FILE'] : null;
     if (isset($args['PASSWD_HASH'])) {
         $hashAlgo = $args['PASSWD_HASH'];
         if ($hashAlgo == 'site') {
             $hashAlgo = 'hmac_sha1';
             $args['PASSWD_KEY'] = SITE_KEY;
         }
         if ($hashAlgo == 'server') {
             $hashAlgo = 'hmac_sha1';
             $args['PASSWD_KEY'] = SERVER_KEY;
         }
         if (preg_match("/^hmac_(.+)\$/", $hashAlgo, $bits)) {
             if (!isset($args['PASSWD_KEY'])) {
                 throw new KurogoConfigurationException("HMAC hash requires PASSWD_KEY");
             }
             $this->hmac = true;
             $this->hashKey = $args['PASSWD_KEY'];
             $hashAlgo = $bits[1];
         }
         if (!in_array($hashAlgo, hash_algos())) {
             throw new KurogoConfigurationException("Hashing algorithm {$hashAlgo} not available");
         }
         $this->hashAlgo = $hashAlgo;
     }
     if ($this->userLogin != 'NONE') {
         if (!is_readable($this->userFile)) {
             throw new KurogoConfigurationException("Unable to load password file {$this->userFile}");
         }
     }
 }