/**
* Wrong order of valid regexp
*
* @return void
*
* @expectedException CAS_AuthenticationException
* @outputBuffering enabled
*/
public function testAllowedProxiesRegexpFailureWrongOrder()
{
$this->object->setTicket('ST-123456-asdfasdfasgww2323radf3');
$this->object->getAllowedProxyChains()->allowProxyChain(new CAS_ProxyChain(array('/^https\\:\\/\\/anotherdomain.org\\/mysite\\/test2$/', '/http\\:\\/\\/firstproxy\\.com.*$/')));
$result = $this->object->validateCAS20($url, $text_response, $tree_response);
$this->assertFalse($result);
}
/**
* This method is used to print the HTML output when the user was not
* authenticated.
*
* @param CAS_Client $client phpcas client
* @param string $failure the failure that occured
* @param string $cas_url the URL the CAS server was asked for
* @param bool $no_response the response from the CAS server (other
* parameters are ignored if TRUE)
* @param bool $bad_response bad response from the CAS server ($err_code
* and $err_msg ignored if TRUE)
* @param string $cas_response the response of the CAS server
* @param int $err_code the error code given by the CAS server
* @param string $err_msg the error message given by the CAS server
*/
public function __construct($client, $failure, $cas_url, $no_response, $bad_response = '', $cas_response = '', $err_code = '', $err_msg = '')
{
phpCAS::traceBegin();
$lang = $client->getLangObj();
$client->printHTMLHeader($lang->getAuthenticationFailed());
printf($lang->getYouWereNotAuthenticated(), htmlentities($client->getURL()), $_SERVER['SERVER_ADMIN']);
phpCAS::trace('CAS URL: ' . $cas_url);
phpCAS::trace('Authentication failure: ' . $failure);
if ($no_response) {
phpCAS::trace('Reason: no response from the CAS server');
} else {
if ($bad_response) {
phpCAS::trace('Reason: bad response from the CAS server');
} else {
switch ($client->getServerVersion()) {
case CAS_VERSION_1_0:
phpCAS::trace('Reason: CAS error');
break;
case CAS_VERSION_2_0:
if (empty($err_code)) {
phpCAS::trace('Reason: no CAS error');
} else {
phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg);
}
break;
}
}
phpCAS::trace('CAS response: ' . $cas_response);
}
$client->printHTMLFooter();
phpCAS::traceExit();
}
/**
* The constructor of the class, should be called only by inherited classes.
*
* @param CAS_Client $cas_parent the CAS _client instance that creates the
* current object.
*
* @return void
*
* @protected
*/
function __construct($cas_parent)
{
phpCAS::traceBegin();
if (!$cas_parent->isProxy()) {
phpCAS::error('defining PGT storage makes no sense when not using a CAS proxy');
}
phpCAS::traceEnd();
}
/**
* Test that a service ticket can be successfully fails.
* @expectedException CAS_AuthenticationException
* @outputBuffering enabled
*/
public function test_invalid_ticket_failure()
{
$this->object->setTicket('ST-1856339-aA5Yuvrxzpv8Tau1cYQ7');
ob_start();
$result = $this->object->validateCAS20($url, $text_response, $tree_response);
ob_end_clean();
$this->assertTrue($result);
$this->assertEquals("<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\n <cas:authenticationFailure code='INVALID_TICKET'>\n Ticket ST-1856339-aA5Yuvrxzpv8Tau1cYQ7 not recognized\n </cas:authenticationFailure>\n</cas:serviceResponse>\n\n", $text_response);
$this->assertInstanceOf('DOMElement', $tree_response);
}
/**
* Test that the user is redirected to the CAS server
*/
public function test_redirect()
{
try {
ob_start();
$this->object->forceAuthentication();
$this->assertTrue(false, 'Should have thrown a CAS_GracefullTerminationException.');
} catch (CAS_GracefullTerminationException $e) {
ob_end_clean();
// It would be great to test for the existance of headers here, but
// the don't get set properly due to output before the test.
}
}
/**
* Validate user attributes.
*
* @return void
*/
public function validateUserAttributes()
{
$attras = $this->object->getAttributes();
$this->assertInternalType('array', $attras);
if (count($attras) != 4 || !is_array($attras['memberOf'])) {
print "\n";
print_r($attras);
}
$this->assertEquals(4, count($attras));
$this->assertTrue($this->object->hasAttribute('givenName'));
// direct access
$this->assertEquals('John', $this->object->getAttribute('givenName'));
// array access
$this->assertArrayHasKey('givenName', $attras);
$this->assertEquals('John', $attras['givenName']);
$this->assertTrue($this->object->hasAttribute('surname'));
// direct access
$this->assertEquals('Smith', $this->object->getAttribute('surname'));
// array access
$this->assertArrayHasKey('surname', $attras);
$this->assertEquals('Smith', $attras['surname']);
$this->assertTrue($this->object->hasAttribute('memberOf'));
// direct access
$memberOf = $this->object->getAttribute('memberOf');
$this->assertInternalType('array', $memberOf);
$this->assertEquals(2, count($memberOf));
$this->assertTrue(in_array('CN=Staff,OU=Groups,DC=example,DC=edu', $memberOf));
$this->assertTrue(in_array('CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu', $memberOf));
// array access
$this->assertArrayHasKey('memberOf', $attras);
$this->assertInternalType('array', $attras['memberOf']);
$this->assertEquals(2, count($attras['memberOf']));
$this->assertTrue(in_array('CN=Staff,OU=Groups,DC=example,DC=edu', $attras['memberOf']));
$this->assertTrue(in_array('CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu', $attras['memberOf']));
}
/**
* Verify that a CAS_ProxyTicketException is thrown if we try to access a service
* that results in a proxy-ticket failure.
*
* @return void
*
* @expectedException CAS_ProxyTicketException
*/
public function testPtException()
{
$service = $this->object->getProxiedService(PHPCAS_PROXIED_SERVICE_IMAP);
$service->setServiceUrl('imap://mail.example.edu/path/that/doesnt/exist');
$service->setMailbox('mailbox_name');
$service->setOptions(OP_READONLY);
$stream = $service->open();
}
/**
* Verify that using the CAS_ProxyChain will allow regex modifiers
*
* @return void
*/
public function testRegexModifiers()
{
$this->object->allowProxyChain(new CAS_ProxyChain(array('/^https?:\\/\\/service1\\.EXAMPLE\\.com\\/.*/i', '/^http:\\/\\/serVice[0-9]\\.example\\.com\\/[^\\/]+\\/path/ix')));
$this->assertTrue($this->object->isProxyListAllowed($this->list_size_0), 'Should be ok with no proxies in front.');
$this->assertFalse($this->object->isProxyListAllowed($this->list_size_1), 'Should not allow inexact matches in length.');
$this->assertTrue($this->object->isProxyListAllowed($this->list_size_2), 'Should allow modifiers on Regular expressions');
$this->assertFalse($this->object->isProxyListAllowed($this->list_size_3), 'Should not allow inexact matches in length.');
$this->assertFalse($this->object->isProxyListAllowed($this->list_size_4), 'Should not allow inexact matches in length.');
}
/**
* Direct usage of the Proxied POST service.
*
* @return void
*/
public function testHttpPost()
{
$service = $this->object->getProxiedService(PHPCAS_PROXIED_SERVICE_HTTP_POST);
$service->setUrl('http://www.service.com/post_webservice');
$service->setBody('<request><method>doSomething</method><param type="string">with this</param></request>');
$service->setContentType('text/xml');
$service->send();
$this->assertEquals(200, $service->getResponseStatusCode());
$this->assertEquals("<result><string>Yay, it worked.</string></result>", $service->getResponseBody());
}
/**
* Fetch our proxy ticket.
*
* Descendent classes should call this method once their service URL is available
* to initialize their proxy ticket.
*
* @return void
* @throws CAS_OutOfSequenceException If called after a proxy ticket has
* already been initialized.
*/
protected function initializeProxyTicket()
{
if (!empty($this->_proxyTicket)) {
throw new CAS_OutOfSequenceException('Already initialized, cannot initialize again.');
}
// Allow usage of a particular CAS_Client for unit testing.
if (empty($this->_casClient)) {
phpCAS::initializeProxiedService($this);
} else {
$this->_casClient->initializeProxiedService($this);
}
}
/**
* Test matching a domain cookie.
*
* @return void
*/
public function testProtectedCookieMatchesTargetDomainCookie()
{
$headers = array('Set-Cookie: message="hello world"; path=/; domain=.example.com');
$cookies = $this->object->parseCookieHeaders($headers, 'otherhost.example.com');
$this->assertTrue($this->object->cookieMatchesTarget($cookies[0], parse_url('http://service.example.com/make_changes.php')));
}
/**
* This method is used to add header parameters when rebroadcasting
* pgtIou/pgtId or logoutRequest.
*
* @param String $header Header to send when rebroadcasting.
*
* @return void
*/
public static function addRebroadcastHeader($header)
{
phpCAS::traceBegin();
phpCAS::_validateClientExists();
try {
self::$_PHPCAS_CLIENT->addRebroadcastHeader($header);
} catch (Exception $e) {
phpCAS::error(get_class($e) . ': ' . $e->getMessage());
}
phpCAS::traceEnd();
}
private function initializeCAS()
{
$casClient = new \CAS_Client(CAS_VERSION_2_0, true, Config::get('cas.hostname'), Config::get('cas.port'), Config::get('cas.context'));
$casClient->setNoCasServerValidation();
if (true === Config::get('pgtservice.enabled', false)) {
$casClient->setCallbackURL(Config::get('pgtservice.callback'));
$casClient->setPGTStorage(new ProxyTicketServiceStorage($casClient));
} else {
if (false !== Config::get('redis.hostname', false)) {
$casClient->setCallbackURL($this->url->getURL() . '/callback.php');
$redis = new \Redis();
$redis->connect(Config::get('redis.hostname'), Config::get('redis.port', 6379), 2, null, 100);
$redis->setOption(\Redis::OPT_SERIALIZER, \Redis::SERIALIZER_PHP);
$redis->setOption(\Redis::OPT_PREFIX, Config::get('application.project_name') . ':PHPCAS_TICKET_STORAGE:');
$redis->select((int) Config::get('redis.hostname', 2));
$casClient->setPGTStorage(new RedisTicketStorage($casClient, $redis));
} else {
$casClient->setCallbackURL($this->url->getURL() . '/callback.php');
$casClient->setPGTStorageFile(session_save_path());
// Handle logout requests but do not validate the server
$casClient->handleLogoutRequests(false);
}
}
// Accept all proxy chains
$casClient->getAllowedProxyChains()->allowProxyChain(new \CAS_ProxyChain_Any());
return $casClient;
}
