Пример #1
0
 /**
  * This method will parse the DOM and pull out the attributes from the XML
  * payload and put them into an array, then put the array into the session.
  *
  * @param string $success_elements payload of the response
  *
  * @return bool true when successfull, halt otherwise by calling
  * CAS_Client::_authError().
  */
 private function _readExtraAttributesCas20($success_elements)
 {
     phpCAS::traceBegin();
     $extra_attributes = array();
     // "Jasig Style" Attributes:
     //
     // 	<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
     // 		<cas:authenticationSuccess>
     // 			<cas:user>jsmith</cas:user>
     // 			<cas:attributes>
     // 				<cas:attraStyle>RubyCAS</cas:attraStyle>
     // 				<cas:surname>Smith</cas:surname>
     // 				<cas:givenName>John</cas:givenName>
     // 				<cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
     // 				<cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
     // 			</cas:attributes>
     // 			<cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
     // 		</cas:authenticationSuccess>
     // 	</cas:serviceResponse>
     //
     if ($success_elements->item(0)->getElementsByTagName("attributes")->length != 0) {
         $attr_nodes = $success_elements->item(0)->getElementsByTagName("attributes");
         phpCas::trace("Found nested jasig style attributes");
         if ($attr_nodes->item(0)->hasChildNodes()) {
             // Nested Attributes
             foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
                 phpCas::trace("Attribute [" . $attr_child->localName . "] = " . $attr_child->nodeValue);
                 $this->_addAttributeToArray($extra_attributes, $attr_child->localName, $attr_child->nodeValue);
             }
         }
     } else {
         // "RubyCAS Style" attributes
         //
         // 	<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
         // 		<cas:authenticationSuccess>
         // 			<cas:user>jsmith</cas:user>
         //
         // 			<cas:attraStyle>RubyCAS</cas:attraStyle>
         // 			<cas:surname>Smith</cas:surname>
         // 			<cas:givenName>John</cas:givenName>
         // 			<cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
         // 			<cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
         //
         // 			<cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
         // 		</cas:authenticationSuccess>
         // 	</cas:serviceResponse>
         //
         phpCas::trace("Testing for rubycas style attributes");
         $childnodes = $success_elements->item(0)->childNodes;
         foreach ($childnodes as $attr_node) {
             switch ($attr_node->localName) {
                 case 'user':
                 case 'proxies':
                 case 'proxyGrantingTicket':
                     continue;
                 default:
                     if (strlen(trim($attr_node->nodeValue))) {
                         phpCas::trace("Attribute [" . $attr_node->localName . "] = " . $attr_node->nodeValue);
                         $this->_addAttributeToArray($extra_attributes, $attr_node->localName, $attr_node->nodeValue);
                     }
             }
         }
     }
     // "Name-Value" attributes.
     //
     // Attribute format from these mailing list thread:
     // http://jasig.275507.n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.html
     // Note: This is a less widely used format, but in use by at least two institutions.
     //
     // 	<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
     // 		<cas:authenticationSuccess>
     // 			<cas:user>jsmith</cas:user>
     //
     // 			<cas:attribute name='attraStyle' value='Name-Value' />
     // 			<cas:attribute name='surname' value='Smith' />
     // 			<cas:attribute name='givenName' value='John' />
     // 			<cas:attribute name='memberOf' value='CN=Staff,OU=Groups,DC=example,DC=edu' />
     // 			<cas:attribute name='memberOf' value='CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu' />
     //
     // 			<cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
     // 		</cas:authenticationSuccess>
     // 	</cas:serviceResponse>
     //
     if (!count($extra_attributes) && $success_elements->item(0)->getElementsByTagName("attribute")->length != 0) {
         $attr_nodes = $success_elements->item(0)->getElementsByTagName("attribute");
         $firstAttr = $attr_nodes->item(0);
         if (!$firstAttr->hasChildNodes() && $firstAttr->hasAttribute('name') && $firstAttr->hasAttribute('value')) {
             phpCas::trace("Found Name-Value style attributes");
             // Nested Attributes
             foreach ($attr_nodes as $attr_node) {
                 if ($attr_node->hasAttribute('name') && $attr_node->hasAttribute('value')) {
                     phpCas::trace("Attribute [" . $attr_node->getAttribute('name') . "] = " . $attr_node->getAttribute('value'));
                     $this->_addAttributeToArray($extra_attributes, $attr_node->getAttribute('name'), $attr_node->getAttribute('value'));
                 }
             }
         }
     }
     $this->setAttributes($extra_attributes);
     phpCAS::traceEnd();
     return true;
 }
 /**
  * This method tells if the user has already been (previously) authenticated
  * by looking into the session variables.
  *
  * @note This function switches to callback mode when needed.
  *
  * @return TRUE when the user has already been authenticated; FALSE otherwise.
  *
  * @private
  */
 function wasPreviouslyAuthenticated()
 {
     $cas = new phpCas();
     $cas->traceBegin();
     if ($this->isCallbackMode()) {
         $this->callback();
     }
     $auth = FALSE;
     if ($this->isProxy()) {
         // CAS proxy: username and PGT must be present
         if ($this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt'])) {
             // authentication already done
             $this->setUser($_SESSION['phpCAS']['user']);
             $this->setPGT($_SESSION['phpCAS']['pgt']);
             $cas->trace('user = `' . $_SESSION['phpCAS']['user'] . '\', PGT = `' . $_SESSION['phpCAS']['pgt'] . '\'');
             $auth = TRUE;
         } elseif ($this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt'])) {
             // these two variables should be empty or not empty at the same time
             $cas->trace('username found (`' . $_SESSION['phpCAS']['user'] . '\') but PGT is empty');
             // unset all tickets to enforce authentication
             unset($_SESSION['phpCAS']);
             $this->setST('');
             $this->setPT('');
         } elseif (!$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt'])) {
             // these two variables should be empty or not empty at the same time
             $cas->trace('PGT found (`' . $_SESSION['phpCAS']['pgt'] . '\') but username is empty');
             // unset all tickets to enforce authentication
             unset($_SESSION['phpCAS']);
             $this->setST('');
             $this->setPT('');
         } else {
             $cas->trace('neither user not PGT found');
         }
     } else {
         // `simple' CAS client (not a proxy): username must be present
         if ($this->isSessionAuthenticated()) {
             // authentication already done
             $this->setUser($_SESSION['phpCAS']['user']);
             $cas->trace('user = `' . $_SESSION['phpCAS']['user'] . '\'');
             $auth = TRUE;
         } else {
             $cas->trace('no user found');
         }
     }
     $cas->traceEnd($auth);
     return $auth;
 }