Exemplo n.º 1
0
 /**
  * Calls the logoutRemoteUser method within SSO plug-in if the user
  * was logged on with SSO.
  *
  * @return  void
  *
  * @since   2.0
  */
 public function logout()
 {
     $session = JFactory::getSession();
     $app = JFactory::getApplication();
     // Get the SSO plug-in name from login if we used SSO
     if ($class = $session->get(SHSsoHelper::SESSION_PLUGIN_KEY, false)) {
         // Lets disable SSO until the user requests login
         SHSsoHelper::disable();
         $router = $app->getRouter();
         // We need to add a callback on the router to tell the routed page we just logged out from SSO
         $router->setVar('ssologoutkey', SHFactory::getConfig()->get('sso.bypasskey', 'nosso'));
         $router->setVar('ssologoutval', $session->get(SHSsoHelper::SESSION_STATUS_KEY, SHSsoHelper::STATUS_ENABLE));
         $router->attachBuildRule('SHSso::logoutRouterRule');
         $index = array_search($class, $this->_observers);
         // Ensure the SSO plug-in is still available
         if ($index !== false && method_exists($this->_observers[$index], 'logoutRemoteUser')) {
             $this->_observers[$index]->logoutRemoteUser();
         }
     }
 }
Exemplo n.º 2
0
 /**
  * Method for attempting single sign on.
  *
  * @return  boolean  True on successful SSO or False on failure.
  *
  * @since   2.0
  */
 protected function _attemptSSO()
 {
     // Check the required SSO libraries exist
     if (!(class_exists('SHSsoHelper') && class_exists('SHSso'))) {
         // Error: classes missing
         SHLog::add(JText::_('LIB_SHSSOMONITOR_ERR_15001'), 15001, JLog::ERROR, 'sso');
         return;
     }
     try {
         $config = SHFactory::getConfig();
         // Check if SSO is disabled via the session
         if (SHSsoHelper::status() !== SHSsoHelper::STATUS_ENABLE) {
             // It is disabled so do not continue
             return;
         }
         SHSsoHelper::enable();
         $forceLogin = false;
         $userId = JFactory::getUser()->get('id');
         if ($config->get('sso.forcelogin', false)) {
             if ($userId) {
                 // Log out current user if detect user is not equal
                 $forceLogin = true;
             }
         } else {
             if ($userId) {
                 // User already logged in and no forcelogout
                 return;
             }
         }
         /*
          * Lets check the IP rule is valid before we continue -
          * if the IP rule is false then SSO is not allowed here.
          */
         jimport('joomla.application.input');
         $input = new JInput($_SERVER);
         // Get the IP address of this client
         $myIp = $input->get('REMOTE_ADDR', false, 'string');
         // Get a list of the IP addresses specific to the specified rule
         $ipList = json_decode($config->get('sso.iplist'));
         // Get the rule value
         $ipRule = $config->get('sso.iprule', SHSsoHelper::RULE_ALLOW_ALL);
         if (!SHSsoHelper::doIPCheck($myIp, $ipList, $ipRule)) {
             if (!$forceLogin) {
                 // This IP isn't allowed
                 SHLog::add(JText::_('LIB_SHSSO_DEBUG_15004'), 15004, JLog::DEBUG, 'sso');
             }
             return;
         }
         /*
          * We are going to check if we are in backend.
          * If so then we need to check if sso is allowed
          * to execute on the backend.
          */
         if (JFactory::getApplication()->isAdmin()) {
             if (!$config->get('sso.backend', false)) {
                 if (!$forceLogin) {
                     // Not allowed to SSO on backend
                     SHLog::add(JText::_('LIB_SHSSO_DEBUG_15006'), 15006, JLog::DEBUG, 'sso');
                 }
                 return;
             }
         }
         // Instantiate the main SSO library for detection & authentication
         $sso = new SHSso($config->get('sso.plugintype', 'sso'));
         $detection = $sso->detect();
         if ($detection) {
             // Check the detected user is not blacklisted
             $blacklist = (array) json_decode($config->get('user.blacklist'));
             if (in_array($detection['username'], $blacklist)) {
                 SHLog::add(JText::sprintf('LIB_SHSSO_DEBUG_15007', $detection['username']), 15007, JLog::DEBUG, 'sso');
                 // Detected user is blacklisted
                 return;
             }
             // Check if the current logged in user matches the detection
             if ($forceLogin && strtolower($detection['username']) != strtolower(JFactory::getUser()->get('username'))) {
                 SHLog::add(JText::sprintf('LIB_SHSSO_DEBUG_15008', $detection['username']), 15008, JLog::DEBUG, 'sso');
                 // Need to logout the current user
                 JFactory::getApplication()->logout();
             }
         }
         // Attempt the login
         return $sso->login($detection);
     } catch (Exception $e) {
         SHLog::add($e, 15002, JLog::ERROR, 'sso');
     }
 }