/** * Wrong order of valid regexp * * @return void * * @expectedException CAS_AuthenticationException * @outputBuffering enabled */ public function testAllowedProxiesRegexpFailureWrongOrder() { $this->object->setTicket('ST-123456-asdfasdfasgww2323radf3'); $this->object->getAllowedProxyChains()->allowProxyChain(new CAS_ProxyChain(array('/^https\\:\\/\\/anotherdomain.org\\/mysite\\/test2$/', '/http\\:\\/\\/firstproxy\\.com.*$/'))); $result = $this->object->validateCAS20($url, $text_response, $tree_response); $this->assertFalse($result); }
/** * This method is used to print the HTML output when the user was not * authenticated. * * @param CAS_Client $client phpcas client * @param string $failure the failure that occured * @param string $cas_url the URL the CAS server was asked for * @param bool $no_response the response from the CAS server (other * parameters are ignored if TRUE) * @param bool $bad_response bad response from the CAS server ($err_code * and $err_msg ignored if TRUE) * @param string $cas_response the response of the CAS server * @param int $err_code the error code given by the CAS server * @param string $err_msg the error message given by the CAS server */ public function __construct($client, $failure, $cas_url, $no_response, $bad_response = '', $cas_response = '', $err_code = '', $err_msg = '') { phpCAS::traceBegin(); $lang = $client->getLangObj(); $client->printHTMLHeader($lang->getAuthenticationFailed()); printf($lang->getYouWereNotAuthenticated(), htmlentities($client->getURL()), $_SERVER['SERVER_ADMIN']); phpCAS::trace('CAS URL: ' . $cas_url); phpCAS::trace('Authentication failure: ' . $failure); if ($no_response) { phpCAS::trace('Reason: no response from the CAS server'); } else { if ($bad_response) { phpCAS::trace('Reason: bad response from the CAS server'); } else { switch ($client->getServerVersion()) { case CAS_VERSION_1_0: phpCAS::trace('Reason: CAS error'); break; case CAS_VERSION_2_0: if (empty($err_code)) { phpCAS::trace('Reason: no CAS error'); } else { phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg); } break; } } phpCAS::trace('CAS response: ' . $cas_response); } $client->printHTMLFooter(); phpCAS::traceExit(); }
/** * The constructor of the class, should be called only by inherited classes. * * @param CAS_Client $cas_parent the CAS _client instance that creates the * current object. * * @return void * * @protected */ function __construct($cas_parent) { phpCAS::traceBegin(); if (!$cas_parent->isProxy()) { phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy'); } phpCAS::traceEnd(); }
/** * Test that a service ticket can be successfully fails. * @expectedException CAS_AuthenticationException * @outputBuffering enabled */ public function test_invalid_ticket_failure() { $this->object->setTicket('ST-1856339-aA5Yuvrxzpv8Tau1cYQ7'); ob_start(); $result = $this->object->validateCAS20($url, $text_response, $tree_response); ob_end_clean(); $this->assertTrue($result); $this->assertEquals("<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\n <cas:authenticationFailure code='INVALID_TICKET'>\n Ticket ST-1856339-aA5Yuvrxzpv8Tau1cYQ7 not recognized\n </cas:authenticationFailure>\n</cas:serviceResponse>\n\n", $text_response); $this->assertInstanceOf('DOMElement', $tree_response); }
/** * Test that the user is redirected to the CAS server */ public function test_redirect() { try { ob_start(); $this->object->forceAuthentication(); $this->assertTrue(false, 'Should have thrown a CAS_GracefullTerminationException.'); } catch (CAS_GracefullTerminationException $e) { ob_end_clean(); // It would be great to test for the existance of headers here, but // the don't get set properly due to output before the test. } }
/** * Validate user attributes. * * @return void */ public function validateUserAttributes() { $attras = $this->object->getAttributes(); $this->assertInternalType('array', $attras); if (count($attras) != 4 || !is_array($attras['memberOf'])) { print "\n"; print_r($attras); } $this->assertEquals(4, count($attras)); $this->assertTrue($this->object->hasAttribute('givenName')); // direct access $this->assertEquals('John', $this->object->getAttribute('givenName')); // array access $this->assertArrayHasKey('givenName', $attras); $this->assertEquals('John', $attras['givenName']); $this->assertTrue($this->object->hasAttribute('surname')); // direct access $this->assertEquals('Smith', $this->object->getAttribute('surname')); // array access $this->assertArrayHasKey('surname', $attras); $this->assertEquals('Smith', $attras['surname']); $this->assertTrue($this->object->hasAttribute('memberOf')); // direct access $memberOf = $this->object->getAttribute('memberOf'); $this->assertInternalType('array', $memberOf); $this->assertEquals(2, count($memberOf)); $this->assertTrue(in_array('CN=Staff,OU=Groups,DC=example,DC=edu', $memberOf)); $this->assertTrue(in_array('CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu', $memberOf)); // array access $this->assertArrayHasKey('memberOf', $attras); $this->assertInternalType('array', $attras['memberOf']); $this->assertEquals(2, count($attras['memberOf'])); $this->assertTrue(in_array('CN=Staff,OU=Groups,DC=example,DC=edu', $attras['memberOf'])); $this->assertTrue(in_array('CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu', $attras['memberOf'])); }
/** * Verify that a CAS_ProxyTicketException is thrown if we try to access a service * that results in a proxy-ticket failure. * * @return void * * @expectedException CAS_ProxyTicketException */ public function testPtException() { $service = $this->object->getProxiedService(PHPCAS_PROXIED_SERVICE_IMAP); $service->setServiceUrl('imap://mail.example.edu/path/that/doesnt/exist'); $service->setMailbox('mailbox_name'); $service->setOptions(OP_READONLY); $stream = $service->open(); }
/** * Verify that using the CAS_ProxyChain will allow regex modifiers * * @return void */ public function testRegexModifiers() { $this->object->allowProxyChain(new CAS_ProxyChain(array('/^https?:\\/\\/service1\\.EXAMPLE\\.com\\/.*/i', '/^http:\\/\\/serVice[0-9]\\.example\\.com\\/[^\\/]+\\/path/ix'))); $this->assertTrue($this->object->isProxyListAllowed($this->list_size_0), 'Should be ok with no proxies in front.'); $this->assertFalse($this->object->isProxyListAllowed($this->list_size_1), 'Should not allow inexact matches in length.'); $this->assertTrue($this->object->isProxyListAllowed($this->list_size_2), 'Should allow modifiers on Regular expressions'); $this->assertFalse($this->object->isProxyListAllowed($this->list_size_3), 'Should not allow inexact matches in length.'); $this->assertFalse($this->object->isProxyListAllowed($this->list_size_4), 'Should not allow inexact matches in length.'); }
/** * Direct usage of the Proxied POST service. * * @return void */ public function testHttpPost() { $service = $this->object->getProxiedService(PHPCAS_PROXIED_SERVICE_HTTP_POST); $service->setUrl('http://www.service.com/post_webservice'); $service->setBody('<request><method>doSomething</method><param type="string">with this</param></request>'); $service->setContentType('text/xml'); $service->send(); $this->assertEquals(200, $service->getResponseStatusCode()); $this->assertEquals("<result><string>Yay, it worked.</string></result>", $service->getResponseBody()); }
/** * Fetch our proxy ticket. * * Descendent classes should call this method once their service URL is available * to initialize their proxy ticket. * * @return void * @throws CAS_OutOfSequenceException If called after a proxy ticket has * already been initialized. */ protected function initializeProxyTicket() { if (!empty($this->_proxyTicket)) { throw new CAS_OutOfSequenceException('Already initialized, cannot initialize again.'); } // Allow usage of a particular CAS_Client for unit testing. if (empty($this->_casClient)) { phpCAS::initializeProxiedService($this); } else { $this->_casClient->initializeProxiedService($this); } }
/** * Test matching a domain cookie. * * @return void */ public function testProtectedCookieMatchesTargetDomainCookie() { $headers = array('Set-Cookie: message="hello world"; path=/; domain=.example.com'); $cookies = $this->object->parseCookieHeaders($headers, 'otherhost.example.com'); $this->assertTrue($this->object->cookieMatchesTarget($cookies[0], parse_url('http://service.example.com/make_changes.php'))); }
/** * This method is used to add header parameters when rebroadcasting * pgtIou/pgtId or logoutRequest. * * @param String $header Header to send when rebroadcasting. * * @return void */ public static function addRebroadcastHeader($header) { phpCAS::traceBegin(); phpCAS::_validateClientExists(); try { self::$_PHPCAS_CLIENT->addRebroadcastHeader($header); } catch (Exception $e) { phpCAS::error(get_class($e) . ': ' . $e->getMessage()); } phpCAS::traceEnd(); }
private function initializeCAS() { $casClient = new \CAS_Client(CAS_VERSION_2_0, true, Config::get('cas.hostname'), Config::get('cas.port'), Config::get('cas.context')); $casClient->setNoCasServerValidation(); if (true === Config::get('pgtservice.enabled', false)) { $casClient->setCallbackURL(Config::get('pgtservice.callback')); $casClient->setPGTStorage(new ProxyTicketServiceStorage($casClient)); } else { if (false !== Config::get('redis.hostname', false)) { $casClient->setCallbackURL($this->url->getURL() . '/callback.php'); $redis = new \Redis(); $redis->connect(Config::get('redis.hostname'), Config::get('redis.port', 6379), 2, null, 100); $redis->setOption(\Redis::OPT_SERIALIZER, \Redis::SERIALIZER_PHP); $redis->setOption(\Redis::OPT_PREFIX, Config::get('application.project_name') . ':PHPCAS_TICKET_STORAGE:'); $redis->select((int) Config::get('redis.hostname', 2)); $casClient->setPGTStorage(new RedisTicketStorage($casClient, $redis)); } else { $casClient->setCallbackURL($this->url->getURL() . '/callback.php'); $casClient->setPGTStorageFile(session_save_path()); // Handle logout requests but do not validate the server $casClient->handleLogoutRequests(false); } } // Accept all proxy chains $casClient->getAllowedProxyChains()->allowProxyChain(new \CAS_ProxyChain_Any()); return $casClient; }