Answer an attribute for the authenticated user.
public static getAttribute ( string $key ) : mixed | ||
$key | string | attribute name |
return | mixed | string for a single value or an array if multiple values exist. |
private function setName() { if ($this->config->get('cas-name-attribute-key') !== null && phpCAS::hasAttribute($this->config->get('cas-name-attribute-key'))) { $_SESSION[':cas']['name'] = phpCAS::getAttribute($this->config->get('cas-name-attribute-key')); } else { $_SESSION[':cas']['name'] = $this->getUser(); } }
function getNick() { return phpCAS::getAttribute('displayName') ?: explode('@', phpCAS::getUser())[0]; }
public function newUserSession() { // Do nothing if this user is not AuthCAS type $identity = $this->getEvent()->get('identity'); if ($identity->plugin != 'AuthCAS') { return; } $sUser = $this->getUserName(); $oUser = $this->api->getUserByName($sUser); if (is_null($oUser)) { //LD if ((int) $this->get('autoCreate') === 1) { // auto-create // Get configuration settings: $ldapserver = $this->get('server'); $ldapport = $this->get('ldapport'); $ldapver = $this->get('ldapversion'); $ldaptls = $this->get('ldaptls'); $ldapoptreferrals = $this->get('ldapoptreferrals'); $searchuserattribute = $this->get('searchuserattribute'); $extrauserfilter = $this->get('extrauserfilter'); $usersearchbase = $this->get('usersearchbase'); $binddn = $this->get('binddn'); $bindpwd = $this->get('bindpwd'); $username = $sUser; if (empty($ldapport)) { $ldapport = 389; } // Try to connect $ldapconn = ldap_connect($ldapserver, (int) $ldapport); if (false == $ldapconn) { $this->setAuthFailure(1, gT('Could not connect to LDAP server.')); return; } // using LDAP version if ($ldapver === null) { // If the version hasn't been set, default = 2 $ldapver = 2; } ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, $ldapver); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, $ldapoptreferrals); if (!empty($ldaptls) && $ldaptls == '1' && $ldapver == 3 && preg_match("/^ldaps:\\/\\//", $ldapserver) == 0) { // starting TLS secure layer if (!ldap_start_tls($ldapconn)) { $this->setAuthFailure(100, ldap_error($ldapconn)); ldap_close($ldapconn); // all done? close connection return; } } // We first do a LDAP search from the username given // to find the userDN and then we procced to the bind operation if (empty($binddn)) { // There is no account defined to do the LDAP search, // let's use anonymous bind instead $ldapbindsearch = @ldap_bind($ldapconn); } else { // An account is defined to do the LDAP search, let's use it $ldapbindsearch = @ldap_bind($ldapconn, $binddn, $bindpwd); } if (!$ldapbindsearch) { $this->setAuthFailure(100, ldap_error($ldapconn)); ldap_close($ldapconn); // all done? close connection return; } // Now prepare the search filter if ($extrauserfilter != "") { $usersearchfilter = "(&({$searchuserattribute}={$username}){$extrauserfilter})"; } else { $usersearchfilter = "({$searchuserattribute}={$username})"; } // Search for the user $dnsearchres = ldap_search($ldapconn, $usersearchbase, $usersearchfilter, array($searchuserattribute, "displayname", "mail")); $rescount = ldap_count_entries($ldapconn, $dnsearchres); if ($rescount == 1) { $userentry = ldap_get_entries($ldapconn, $dnsearchres); $userdn = $userentry[0]["dn"]; $oUser = new User(); $oUser->users_name = $username; $oUser->password = hash('sha256', createPassword()); $oUser->full_name = $userentry[0]["displayname"][0]; $oUser->parent_id = 1; $oUser->email = $userentry[0]["mail"][0]; if ($oUser->save()) { $permission = new Permission(); $permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_cas_autocreate_permissions'), true); // read again user from newly created entry $this->setAuthSuccess($oUser); return; } else { $this->setAuthFailure(self::ERROR_USERNAME_INVALID); throw new CHttpException(401, 'User not saved : ' . $userentry[0]["mail"][0] . " / " . $userentry[0]["displayName"]); return; } } else { // if no entry or more than one entry returned // then deny authentication $this->setAuthFailure(100, ldap_error($ldapconn)); ldap_close($ldapconn); // all done? close connection throw new CHttpException(401, 'No authorized user found for login "' . $username . '"'); return; } } else { if ((int) $this->get('autoCreate') === 2) { try { // import phpCAS lib $basedir = dirname(__FILE__); Yii::setPathOfAlias('myplugin', $basedir); Yii::import('myplugin.third_party.CAS.*'); require_once 'CAS.php'; $cas_host = $this->get('casAuthServer'); $cas_context = $this->get('casAuthUri'); $cas_port = (int) $this->get('casAuthPort'); // Initialize phpCAS //phpCAS::client($cas_version, $cas_host, $cas_port, $cas_context, false); // disable SSL validation of the CAS server //phpCAS::setNoCasServerValidation(); $cas_fullname = phpCAS::getAttribute($this->get('casFullnameAttr')); $cas_login = phpCAS::getAttribute($this->get('casLoginAttr')); } catch (Exception $e) { $this->setAuthFailure(self::ERROR_USERNAME_INVALID); throw new CHttpException(401, 'Cas attributes not found for "' . $username . '"'); return; } $oUser = new User(); $oUser->users_name = phpCAS::getUser(); $oUser->password = hash('sha256', createPassword()); $oUser->full_name = $cas_fullname; $oUser->parent_id = 1; $oUser->email = 'example' . $cas_fullname . '@example.com'; if ($oUser->save()) { if ($this->api->getConfigKey('auth_cas_autocreate_permissions')) { $permission = new Permission(); $permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_cas_autocreate_permissions'), true); } $this->setAuthSuccess($oUser); return; } else { $this->setAuthFailure(self::ERROR_USERNAME_INVALID); throw new CHttpException(401, 'User not saved : ' . $sUser . ' / ' . $cas_fullname); return; } } } } else { $this->setAuthSuccess($oUser); return; } }
if (judge_ip($client_ip)) { //内网,则要求登陆CAS帐号 $isSchoolNET = TRUE; //$cas=getCASUser(); //$username = getAttribute("employeeNumber"); phpCAS::setDebug(); $_cas_server_version = CAS_VERSION_2_0; $_hostname = 'sso.buaa.edu.cn'; $_hostport = 443; $_uri = ''; //initialize phpCAS phpCAS::client($_cas_server_version, $_hostname, $_hostport, $_uri); //no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); //force CAS authentication phpCAS::forceAuthentication(); //showmessage("cas halt"); if (isset($_REQUEST['logout'])) { phpCAS::logout(); } //获取学号或者教职工的教工号 /////////////// ////////////////////// $auth1 = phpCAS::checkAuthentication(); if ($auth1) { $cas = phpCAS::getUser(); $username = phpCAS::getAttribute("employeeNumber"); } } $collegeid_len = strlen($username); //print_r($username);exit;
$dg->set_col_title("sch1", mb_convert_encoding("Όνομα Σχολείου", "utf-8", "iso-8859-7")); $dg->set_col_title("titel", mb_convert_encoding("Τίτλος προγράμματος", "utf-8", "iso-8859-7")); //$dg ->set_col_title("done", mb_convert_encoding("Ξεκίνησε;", "utf-8","iso-8859-7" )); //$dg ->set_col_title("agree", mb_convert_encoding("Δήλ.Ολοκλ.", "utf-8","iso-8859-7" )); $dg->enable_search(true); $dg->set_dimension(1100, 700); $dg->set_pagesize(30); $dg->set_col_dynalink("id", "prog.php", "id"); $dg->set_col_dynalink("titel", "prog.php", "id"); // get data from CAS server if (!$prDebug) { $_SESSION['admin'] = 0; $sch_name = phpCAS::getAttribute('description'); $uid = phpCAS::getUser(); $em1 = $uid . "@sch.gr"; $em2 = phpCAS::getAttribute('mail'); if (!strcmp($uid, 'dipeira') || !strcmp($uid, 'taypeira')) { $_SESSION['admin'] = 1; } $_SESSION['email1'] = $em1; $_SESSION['email2'] = $em2; } else { $sch_name = $prsch_name; $uid = $pruid; $em1 = $prem1; $em2 = $prem2; } if (isset($sch_name)) { echo "<h2>" . iconv('Windows-1253', 'UTF-8', 'Σχολείο: ') . $sch_name . "</h2>"; } if (isset($em1) || isset($em2)) {
/** * Constructor * * @param AuthenticationAuthority $AuthenticationAuthority * @return void */ public function __construct(AuthenticationAuthority $AuthenticationAuthority) { parent::__construct($AuthenticationAuthority); if (!phpCAS::isAuthenticated()) { phpCAS::forceAuthentication(); } $this->setUserID(phpCAS::getUser()); if (!method_exists('phpCAS', 'getAttribute')) { throw new KurogoConfigurationException('CASAuthentication attribute mapping requires phpCAS 1.2.0 or greater.'); } foreach (self::$attributeMap as $property => $attribute) { if (phpCAS::hasAttribute($attribute)) { $method = 'set' . $property; $this->{$method}(phpCAS::getAttribute($property)); } } }
/** * Called after the user has been authenticated and found in iTop. This method can * Update the user's definition (profiles...) on the fly to keep it in sync with an external source * @param User $oUser The user to update/synchronize * @param string $sLoginMode The login mode used (cas|form|basic|url) * @param string $sAuthentication The authentication method used * @return void */ public static function UpdateUser(User $oUser, $sLoginMode, $sAuthentication) { $bCASUpdateProfiles = MetaModel::GetConfig()->Get('cas_update_profiles'); if ($sLoginMode == 'cas' && $bCASUpdateProfiles && phpCAS::hasAttribute('memberOf')) { $aMemberOf = phpCAS::getAttribute('memberOf'); if (!is_array($aMemberOf)) { $aMemberOf = array($aMemberOf); } // Just one entry, turn it into an array return self::SetProfilesFromCAS($oUser, $aMemberOf); } // No groups defined in CAS or not CAS at all: do nothing... return true; }
/** * Checks to see if boilerkey is required, and if so, is present * * @param string $return the return location * @return bool **/ private function checkBoilerkey($return = '') { // If boilerkey isn't required, just return true for our check if (!$this->isBoilerkeyRequired()) { return true; } // Check the last auth time for boilerkey $lastAuth = phpCAS::getAttribute('boilerkeyauthtime'); // If there is a last auth time, we just have to make sure it's not // above the configurable threshold if (isset($lastAuth) && !empty($lastAuth)) { $current = time(); $lastAuth = strtotime($lastAuth); // Take the absolute value just in case system times are slightly out of sync $diff = abs($current - $lastAuth); if ($diff / 60 < $this->params->get('boilerkey_timeout', 15)) { return true; } } // We either don't have a cas session with boilerkey, or it's too old. // So we essentially make them reauth. $return = !empty($return) ? '&return=' . base64_encode($return) : ''; $loginUrl = 'https://www.purdue.edu/apps/account/cas/logout?reauthWithBoilerkeyService='; // Not sure why we need to encode twice. I think somewhere along the lines, the CAS server // removes the encoding once. $loginUrl .= urlencode(urlencode(self::getRedirectUri('pucas') . $return)); // Kill the session var holding the CAS ticket, otherwise it will find the old session // and never actually redirect to the CAS server logout/login page unset($_SESSION['phpCAS']); phpCAS::setServerLoginURL($loginUrl); phpCAS::forceAuthentication(); }