phpCAS client initializer.
| public static client ( string $server_version, string $server_hostname, string $server_port, string $server_uri, boolean $changeSessionID = true ) : a | ||
| $server_version | string | the version of the CAS server |
| $server_hostname | string | the hostname of the CAS server |
| $server_port | string | the port the CAS server is running on |
| $server_uri | string | the URI the CAS server is responding on |
| $changeSessionID | boolean | Allow phpCAS to change the session_id (Single Sign Out/handleLogoutRequests is based on that change) |
| return | a | newly created CAS_Client object |
public function __construct()
{
// These are default values for the first login and should be changed via GUI
$CAS_HOSTNAME = 'your.domain.org';
$CAS_PORT = '443';
$CAS_PATH = '/cas';
$this->autocreate = OCP\Config::getAppValue('user_cas', 'cas_autocreate', true);
$this->updateUserData = OCP\Config::getAppValue('user_cas', 'cas_update_user_data', true);
$this->defaultGroup = OCP\Config::getAppValue('user_cas', 'cas_default_group', '');
$this->protectedGroups = explode(',', str_replace(' ', '', OCP\Config::getAppValue('user_cas', 'cas_protected_groups', '')));
$this->mailMapping = OCP\Config::getAppValue('user_cas', 'cas_email_mapping', '');
$this->displayNameMapping = OCP\Config::getAppValue('user_cas', 'cas_displayName_mapping', '');
$this->groupMapping = OCP\Config::getAppValue('user_cas', 'cas_group_mapping', '');
$casVersion = OCP\Config::getAppValue('user_cas', 'cas_server_version', '2.0');
$casHostname = OCP\Config::getAppValue('user_cas', 'cas_server_hostname', $CAS_HOSTNAME);
$casPort = OCP\Config::getAppValue('user_cas', 'cas_server_port', $CAS_PORT);
$casPath = OCP\Config::getAppValue('user_cas', 'cas_server_path', $CAS_PATH);
$casCertPath = OCP\Config::getAppValue('user_cas', 'cas_cert_path', '');
global $initialized_cas;
if (!$initialized_cas) {
phpCAS::client($casVersion, $casHostname, (int) $casPort, $casPath, false);
if (!empty($casCertPath)) {
phpCAS::setCasServerCACert($casCertPath);
} else {
phpCAS::setNoCasServerValidation();
}
$initialized_cas = true;
}
}
public function get_login()
{
Logger::debug('main', 'AuthMethod_CAS::get_login()');
if (!isset($_SESSION['backup_sso']) || !is_array($_SESSION['backup_sso'])) {
$_SESSION['backup_sso'] = array();
}
foreach ($_REQUEST as $k => $v) {
$_SESSION['backup_sso'][$k] = $v;
}
$buf = $this->prefs->get('AuthMethod', 'CAS');
$CAS_server_url = $buf['user_authenticate_cas_server_url'];
if (!isset($CAS_server_url) || $CAS_server_url == '') {
Logger::error('main', 'AuthMethod_CAS::get_login() - Unable to find CAS server url in Preferences');
return NULL;
}
phpCAS::client(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), parse_url($CAS_server_url, PHP_URL_PORT), parse_url($CAS_server_url, PHP_URL_PATH));
Logger::debug('main', 'AuthMethod_CAS::get_login() - Parsing URL - Host:"' . parse_url($CAS_server_url, PHP_URL_HOST) . '" Port:"' . parse_url($CAS_server_url, PHP_URL_PORT) . '" Path:"' . parse_url($CAS_server_url, PHP_URL_PATH) . '"');
phpCAS::setNoCasServerValidation();
if (!phpCAS::forceAuthentication()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::forceAuthentication failed');
return NULL;
}
if (!phpCAS::isAuthenticated()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::isAuthenticated failed');
return NULL;
}
$this->login = phpCAS::getUser();
foreach ($_SESSION['backup_sso'] as $k => $v) {
if (isset($_REQUEST[$k])) {
continue;
}
$_REQUEST[$k] = $v;
}
return $this->login;
}
private function init_cas_client()
{
if (class_exists('phpCAS')) {
return true;
}
require getConfig('casldap_phpcas_path');
$cas_debug_file = getConfig('cas_debug_file_path');
if (!empty($cas_debug_file)) {
phpCAS::setDebug($cas_debug_file);
}
$cas_host = getConfig('cas_host');
$cas_port = getConfig('cas_port') or 443;
$cas_context = getConfig('cas_context');
switch (getConfig('cas_version')) {
case 1:
$cas_version = CAS_VERSION_1_0;
break;
case 2:
$cas_version = CAS_VERSION_2_0;
break;
case 3:
$cas_version = CAS_VERSION_3_0;
break;
default:
$cas_version = CAS_VERSION_2_0;
break;
}
phpCAS::client($cas_version, $cas_host, intval($cas_port), $cas_context);
$cas_server_ca_cert_path = getConfig('cas_server_ca_cert_path');
if ($cas_server_ca_cert_path) {
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
} else {
phpCAS::setNoCasServerValidation();
}
}
public static function initialized_php_cas()
{
if (!self::$_initialized_php_cas) {
$casVersion = OCP\Config::getAppValue('user_cas', 'cas_server_version', '2.0');
$casHostname = OCP\Config::getAppValue('user_cas', 'cas_server_hostname', $_SERVER['SERVER_NAME']);
$casPort = OCP\Config::getAppValue('user_cas', 'cas_server_port', 443);
$casPath = OCP\Config::getAppValue('user_cas', 'cas_server_path', '/cas');
$casDebugFile = OCP\Config::getAppValue('user_cas', 'cas_debug_file', '');
$casCertPath = OCP\Config::getAppValue('user_cas', 'cas_cert_path', '');
$php_cas_path = OCP\Config::getAppValue('user_cas', 'cas_php_cas_path', 'CAS.php');
if (!class_exists('phpCAS')) {
if (empty($php_cas_path)) {
$php_cas_path = 'CAS.php';
}
OC_Log::write('cas', "Try to load phpCAS library ({$php_cas_path})", OC_Log::DEBUG);
include_once $php_cas_path;
if (!class_exists('phpCAS')) {
OC_Log::write('cas', 'Fail to load phpCAS library !', OC_Log::ERROR);
return false;
}
}
if ($casDebugFile !== '') {
phpCAS::setDebug($casDebugFile);
}
phpCAS::client($casVersion, $casHostname, (int) $casPort, $casPath, false);
if (!empty($casCertPath)) {
phpCAS::setCasServerCACert($casCertPath);
} else {
phpCAS::setNoCasServerValidation();
}
self::$_initialized_php_cas = true;
}
return self::$_initialized_php_cas;
}
public function execute($filterChain)
{
$user = $this->getContext()->getUser();
// We put an LDAP object in the context in order to reuse it later
$this->getContext()->set('ldap', new uapvLdap());
// Filters can be called several times (because of internal forwards)
// Authentication is only done the first time
if ($this->isFirstCall() && (sfConfig::get('app_cas_server_force_authentication', false) || !$user->isAuthenticated())) {
// phpCAS is not php5-compliant, we remove php warnings and strict errors
$errorReporting = ini_get('error_reporting');
error_reporting($errorReporting & ~E_STRICT & ~E_NOTICE);
if (sfConfig::get('app_cas_server_debug', false)) {
phpCAS::setDebug();
}
// see /tmp/phpCAS.log
phpCAS::client(sfConfig::get('app_cas_server_version', CAS_VERSION_2_0), sfConfig::get('app_cas_server_host', 'localhost'), sfConfig::get('app_cas_server_port', 443), sfConfig::get('app_cas_server_path', ''), false);
// Don't call session_start again,
// symfony already did it
//phpCAS::handleLogoutRequests ();
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
// if necessary the user will be
// redirected to the cas server
// At this point the user is authenticated, we log him in
$user->signIn(phpCAS::getUser());
// Previous settings can now be restored
error_reporting($errorReporting);
}
// "credential" verification
parent::execute($filterChain);
}
/**
* Initialize the class, this must be called before anything else
* @param $config
* @param bool $changeSessionID Allow phpCAS to change the session_id (Single Sign Out/handleLogoutRequests is based on that change)
* @param $debugLog Set to a path to enable debug log
*/
public static function init($config, $changeSessionID = true, $debugLog = null)
{
if ($debugLog != null) {
phpCAS::setDebug($debugLog);
}
phpCAS::client(CAS_VERSION_2_0, $config['site'], $config['port'], "cas", $changeSessionID);
self::$config = $config;
$private_key = null;
if (isset($config['private_key'])) {
$key = static::resolve_filename($config['private_key']);
$private_key = openssl_get_privatekey("file:///{$key}");
if ($private_key === false) {
throw new NXAuthError("Failed to open private key {$key}");
}
}
if (isset($config['ca_cert']) && $config['ca_cert'] != null) {
self::$ca_cert = static::resolve_filename($config['ca_cert']);
phpCAS::setCasServerCACert(self::$ca_cert);
} else {
phpCAS::setNoCasServerValidation();
// Disable curl ssl verification
phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYHOST, 0);
phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYPEER, 0);
}
NXAPI::init(array('private_key' => $private_key, 'key_id' => $config['key_id'], 'url' => "https://" . $config['site'], 'ca_cert' => self::$ca_cert));
}
/**
* Attempts to authenticate users via CAS
*/
public function index()
{
// If they don't have CAS configured, send them onto the application's
// internal authentication system
if (!defined('CAS')) {
header('Location: ' . BASE_URL . '/login/login?return_url=' . $this->return_url);
exit;
}
require_once CAS . '/CAS.php';
\phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false);
\phpCAS::setNoCasServerValidation();
\phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// They may be authenticated according to CAS,
// but that doesn't mean they have person record
// and even if they have a person record, they may not
// have a user account for that person record.
try {
$_SESSION['USER'] = new Person(\phpCAS::getUser());
header("Location: {$this->return_url}");
exit;
} catch (\Exception $e) {
$_SESSION['errorMessages'][] = $e;
}
$this->template->blocks[] = new Block('loginForm.inc', array('return_url' => $this->return_url));
}
function metodillo()
{
$sSQL = "SELECT * FROM PM_PARAMETERS WHERE PRM_ID = 'CAS_URL' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$sURL = $aResSQL[1]['PRM_VALUE'];
$sURI = $aResSQL[1]['PRM_VALUE_2'];
$res = false;
$RBAC = RBAC::getSingleton();
$RBAC->initRBAC();
require_once 'CAS-1.2.2/CAS.php';
phpCAS::client(CAS_VERSION_2_0, $sURL, 443, $sURI, false);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
if (phpCAS::isAuthenticated() == true) {
$sCasUser = phpCAS::getUser();
$sSQL = "SELECT USR_UID FROM USERS WHERE USR_USERNAME = '******' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$nUserId = $aResSQL[1]['USR_UID'];
$RBAC->singleSignOn = true;
$RBAC->userObj->fields['USR_UID'] = $nUserId;
$RBAC->userObj->fields['USR_USERNAME'] = $sCasUser;
$res = true;
} else {
$res = false;
}
} else {
$res = false;
}
} else {
$res = false;
}
return $res;
}
function checkAndSetUserSession()
{
// store session data
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = null;
}
if (isset($_REQUEST['login']) or isset($_REQUEST['logout'])) {
// initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, 'login.kth.se', 443, '');
//phpCAS::proxy(CAS_VERSION_2_0,'login.kth.se',443,'');
phpCAS::setNoCasServerValidation();
// If you want the redirect back from the login server to enter your application by some
// specfic URL rather than just back to the current request URI, call setFixedCallbackURL.
//phpCAS::setFixedCallbackURL('http://xml.csc.kth.se/~wiiala/DM2517/project/php/index.php');
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
$_SESSION['user'] = phpCAS::getUser();
//Logga ut och redirecta till vår standardsida
if (isset($_REQUEST['logout'])) {
unset($_SESSION['user']);
phpCAS::logoutWithRedirectService('http://kth.kribba.com/');
}
}
}
/**
* [Put your description here]
*/
function main($content, $conf)
{
$this->conf = $conf;
$this->pi_setPiVarDefaults();
$this->pi_USER_INT_obj = 1;
// Configuring so caching is not expected. This value means that no cHash params are ever set. We do this, because it's a USER_INT object!
$this->pi_loadLL();
$this->typeExecution = "prod";
$urlCas = "none";
$portCas = "none";
if ($this->typeExecution == "dev") {
$urlCas = "xinf-devlinux.intranet.haras-nationaux.fr";
$portCas = 7777;
} else {
if ($this->typeExecution == "prod") {
$urlCas = "cerbere.haras-nationaux.fr";
$portCas = 443;
}
}
session_start();
if (isset($_GET["action"]) && $_GET["action"] == "disconnect") {
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, $urlCas, $portCas, 'cas', 'true');
$ur = phpCAS::getServerLogoutURL();
phpCAS::killSession();
//Suppression de la sesssion de harasire
setcookie("netid", "", time() - 3600, "/", ".haras-nationaux.fr");
//$urCid = "http://www4.haras-nationaux.fr/cid-internet-web/InvalidateSessionServlet?service=".$ur;
$content .= '<IFRAME src="' . $ur . '" frameborder="no" height="600" width="670"></IFRAME>';
return $this->pi_wrapInBaseClass($content);
}
}
public function __construct()
{
\phpCAS::setDebug();
\phpCAS::client(CAS_VERSION_2_0, "itebeta.baidu.com", 443, "");
\phpCAS::setNoCasServerValidation();
\phpCAS::forceAuthentication();
$this->username = \phpCAS::getUser();
}
public function __construct()
{
$setup = self::loadSetup();
$this->client = phpCAS::client(CAS_VERSION_2_0, $setup['host'], $setup['port'], $setup['context']);
// For simplicities sake at the moment we are not validating the server auth.
phpCAS::setNoCasServerValidation();
phpCAS::setPostAuthenticateCallback(array($this, 'loginCallback'));
}
public function init($options)
{
parent::init($options);
$this->cas_server = $this->getOption("CAS_SERVER");
$this->cas_port = $this->getOption("CAS_PORT");
$this->cas_uri = $this->getOption("CAS_URI");
phpCAS::client(CAS_VERSION_1_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
phpCAS::setNoCasServerValidation();
}
private function prepare()
{
\phpCAS::client(CAS_VERSION_2_0, $this->casUrl, $this->casPort, $this->casUri, false);
//\phpCAS::setDebug('/tmp/cas.log');
\phpCAS::setNoCasServerValidation();
//\phpCAS::setSingleSignoutCallback(array($this, 'casSingleSignOut'));
//\phpCAS::setPostAuthenticateCallback(array($this, 'casPostAuth'));
\phpCAS::handleLogoutRequests(true, $this->casAllowedIpClients);
}
function initPhpCAS($host, $port, $context, $CA_certificate_file)
{
phpCAS::client(SAML_VERSION_1_1, $host, intval($port), $context, false);
if ($CA_certificate_file) {
phpCAS::setCasServerCACert($CA_certificate_file);
} else {
phpCAS::setNoCasServerValidation();
}
//phpCAS::setLang(PHPCAS_LANG_FRENCH);
}
public function __construct()
{
parent::__construct();
$this->load->database();
$this->load->library('grocery_CRUD');
include_once 'CAS.php';
phpCAS::client('2.0', 'cas.uhp-nancy.fr', 443, '/cas', false);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests(false);
}
public function __construct(ComponentCollection $collection, $settings)
{
$this->settings['host'] = 'cas.ucdavis.edu';
$this->settings['context'] = '/cas';
$this->settings['port'] = 443;
$this->settings['ca_cert_path'] = '/usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt';
phpCAS::client(CAS_VERSION_2_0, $this->settings['host'], $this->settings['port'], $this->settings['context']);
phpCAS::setCasServerCACert($this->settings['ca_cert_path']);
parent::__construct($collection, $settings);
}
private function initCasClient()
{
if (!$this->_casInitialized) {
require_once 'CAS.php';
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, $this->getOption('cas_server_host', 'localhost'), (int) $this->getOption('cas_server_port', 443), $this->getOption('cas_server_path', ''), false);
// Don't call session_start again
$this->_casInitialized = true;
}
}
/**
* Initializes the authority objects based on an associative array of arguments
* @param array $args an associate array of arguments. The argument list is dependent on the authority
*
* General - Required keys:
* TITLE => The human readable title of the AuthorityImage
* INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
*
* General - Optional keys:
* LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
*
* CAS - Required keys:
* CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
* CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
* CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
* CAS_PORT => The port the CAS server is listening on, e.g. "443"
* CAS_PATH => The path of the CAS application, e.g. "/cas/"
* CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
* of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
* validation will be performed (not recommended for production).
*
* CAS - Optional keys:
* ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
*
* NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
*
*/
public function init($args)
{
parent::init($args);
// include the PHPCAS library
if (empty($args['CAS_PHPCAS_PATH'])) {
require_once 'CAS.php';
} else {
require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
}
if (empty($args['CAS_PROTOCOL'])) {
throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_HOST'])) {
throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PORT'])) {
throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PATH'])) {
throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PROXY_INIT'])) {
phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
} else {
phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
}
if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
}
}
if (empty($args['CAS_CA_CERT'])) {
phpCAS::setNoCasServerValidation();
} else {
phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
}
// Record any attribute mapping configured.
if (!empty($args['ATTRA_EMAIL'])) {
CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
}
if (!empty($args['ATTRA_FIRST_NAME'])) {
CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
}
if (!empty($args['ATTRA_LAST_NAME'])) {
CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
}
if (!empty($args['ATTRA_FULL_NAME'])) {
CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
}
// Store an attribute for group membership if configured.
if (!empty($args['ATTRA_MEMBER_OF'])) {
CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
}
}
function check_auth()
{
if (!isset($GLOBALS['PHPCAS_CLIENT'])) {
phpCAS::client(CAS_VERSION_2_0, 'cas.byu.edu', 443, 'cas');
//phpCAS::setCasServerCACert("../CAS/cas_ca.pem");
phpCAS::setNoCasServerValidation();
phpCAS::setDebug("cas_error.txt");
phpCAS::handleLogoutRequests(true, array('cas.byu.edu', 'cas1.byu.edu', 'cas2.byu.edu', 'cas3.byu.edu'));
}
return phpCAS::isAuthenticated();
}
/**
* Plugin initialization, action & filters register, etc
*/
function init($run_cas = true)
{
global $error;
if ($run_cas) {
/**
* phpCAS initialization
*/
include_once $this->phpcas_path;
if ($this->settings['server_hostname'] == '' || intval($this->settings['server_port']) == 0) {
$this->cas_configured = false;
}
if ($this->cas_configured) {
//If everything is alright, let's initialize the phpCAS client
phpCAS::client($this->settings['cas_version'], $this->settings['server_hostname'], intval($this->settings['server_port']), $this->settings['server_path'], false);
// function added in phpCAS v. 0.6.0
// checking for static method existance is frustrating in php4
$phpCas = new phpCas();
if (method_exists($phpCas, 'setCasServerCACert') && $this->settings['cert_path']) {
phpCAS::setCasServerCACert($this->settings['cert_path']);
} elseif (method_exists($phpCas, 'setNoCasServerValidation')) {
phpCAS::setNoCasServerValidation();
}
unset($phpCas);
if (defined('CAS_MAESTRO_DEBUG_ON') && CAS_MAESTRO_DEBUG_ON == true) {
phpCAS::setDebug(CAS_MAESTRO_PLUGIN_PATH . 'debug.log');
}
/**
* Filters and actions registration
*/
add_filter('authenticate', array(&$this, 'validate_login'), 30, 3);
add_filter('login_url', array(&$this, 'bypass_reauth'));
add_action('lost_password', array(&$this, 'disable_function'));
add_action('retrieve_password', array(&$this, 'disable_function'));
add_action('password_reset', array(&$this, 'disable_function'));
add_filter('show_password_fields', array(&$this, 'show_password_fields'));
} else {
$error = __("wpCAS is not configured. Please, login, go to the settings and configure with your credentials.", "CAS_Maestro");
//add_filter( 'login_head', array(&$this, 'display_login_notconfigured'));
}
}
add_action('wp_logout', array(&$this, 'process_logout'));
//Register the language initialization
add_action('init', array(&$this, 'lang_init'));
add_action('admin_init', array(&$this, 'add_meta_boxes'));
add_action('profile_update', array(&$this, 'onSaveProfile'), 10, 2);
add_action('admin_notices', array(&$this, 'notify_email_update'));
add_action('admin_menu', array(&$this, 'register_menus'), 50);
add_action('admin_enqueue_scripts', array(&$this, 'register_javascript'));
//Filter to rewrite the login form action to bypass cas
if ($this->bypass_cas) {
add_filter('site_url', array(&$this, 'bypass_cas_login_form'), 20, 3);
add_filter('authenticate', array(&$this, 'validate_noncas_login'), 30, 3);
}
}
/**
* This function returns false if the used auth method cannot be
* done without user action (ie needs filling login/password in the
* form...). If it can be done automatically (SSL, CAS, etc...), then
* try to authenticate the user, and return the username if it succeeds,
* false otherwise).
*
* @returns The username if the authentification succeeds, false if
* it fails or is not applicable.
*/
function autoAuth()
{
// Instanciate phpCAS
include_once 'CAS/CAS.php';
phpCAS::client(CAS_VERSION_2_0, $this->casServerHostname, $this->casServerPort, $this->casServerURI);
// Do CAS authentication (force it)
phpCAS::forceAuthentication();
// If the CAS authentification was successful, phpCAS will get us back
// here and return the user login. Just what we needed !
return phpCAS::getUser();
}
/**
* Stores the configuration. Calls the parent configuration first,
* then does additional operations.
*
* @param object Properties $configuration
* @return object
* @access public
* @since 3/24/05
*/
function assignConfiguration(Properties $configuration)
{
parent::assignConfiguration($configuration);
$format = $configuration->getProperty('DISPLAY_NAME_FORMAT');
ArgumentValidator::validate($format, RegexValidatorRule::getRule('/\\[\\[([^]]+)\\]\\]/'));
$this->displayNameFormat = $format;
if ($debug = $configuration->getProperty('CAS_DEBUG_PATH')) {
ArgumentValidator::validate($debug, StringValidatorRule::getRule());
phpCAS::setDebug($debug);
}
$host = $configuration->getProperty('CAS_HOST');
ArgumentValidator::validate($host, RegexValidatorRule::getRule('/^[a-z0-9]+\\.[a-z0-9]+.[a-z]+$/'));
$port = $configuration->getProperty('CAS_PORT');
ArgumentValidator::validate($port, RegexValidatorRule::getRule('/^[0-9]+$/'));
$path = $configuration->getProperty('CAS_PATH');
ArgumentValidator::validate($path, RegexValidatorRule::getRule('/^\\/.*$/'));
phpCAS::client(CAS_VERSION_2_0, $host, intval($port), $path, false);
if ($cert = $configuration->getProperty('CAS_CERT')) {
phpCAS::setCasServerCACert($cert);
} else {
phpCAS::setNoCasServerValidation();
}
// Allow group lookup via a CASDirectory:
// https://mediawiki.middlebury.edu/wiki/LIS/CAS_Directory
$dirUrl = $configuration->getProperty('CASDIRECTORY_BASE_URL');
ArgumentValidator::validate($dirUrl, StringValidatorRule::getRule());
$this->directoryUrl = $dirUrl;
// set the callback URL for the PGT to be sent to. This must be an https url
// whose certificate is trusted by CAS.
// $callbackUrl = $configuration->getProperty('CALLBACK_URL');
// ArgumentValidator::validate($callbackUrl, RegexValidatorRule::getRule('/^https:\/\/.*$/'));
// phpCAS::setFixedCallbackURL($callbackUrl);
$adminAccess = $configuration->getProperty('CASDIRECTORY_ADMIN_ACCESS');
ArgumentValidator::validate($adminAccess, StringValidatorRule::getRule());
$this->adminAccess = $adminAccess;
$classRoot = $configuration->getProperty('CASDIRECTORY_CLASS_ROOT');
if ($classRoot) {
ArgumentValidator::validate($classRoot, StringValidatorRule::getRule());
$this->classRoot = $classRoot;
} else {
$this->classRoot = null;
}
$groupIdRegex = $configuration->getProperty('CASDIRECTORY_GROUP_ID_REGEX');
if ($groupIdRegex) {
ArgumentValidator::validate($groupIdRegex, StringValidatorRule::getRule());
$this->groupIdRegex = $groupIdRegex;
} else {
$this->groupIdRegex = null;
}
// Root Groups to expose
ArgumentValidator::validate($configuration->getProperty('ROOT_GROUPS'), ArrayValidatorRuleWithRule::getRule(StringValidatorRule::getRule()));
$this->rootGroups = array_unique($configuration->getProperty('ROOT_GROUPS'));
}
function logoutCAS($config, $wwwroot)
{
require_once dirname(__FILE__) . '/CAS/CAS.php';
// get module configuration
$cas_validate = true;
$cas_version = CAS_VERSION_2_0;
$cas_language = 'english';
phpCAS::client($cas_version, $config->cashostname, (int) $config->casport, $config->casbaseuri, false);
error_log("CAS: Logout");
phpCAS::logout($wwwroot);
error_log("CAS: Logout Exit");
return true;
}
protected function initializeCASClient()
{
if (!phpCAS::isInitialized()) {
// Set debug mode
phpCAS::setDebug(false);
//Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, Configure::read('user_config.cas.hostname'), Configure::read('user_config.cas.port'), Configure::read('user_config.cas.uri'), true);
phpCAS::setFixedServiceURL($this->loginRedirectURL());
// No SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
}
return true;
}
public static function init()
{
if (self::$_init) {
return true;
}
$config = new \Yaf\Config\Ini(APPLICATION_CONFIG_PATH . '/phpcas.ini', \Yaf\ENVIRON);
phpCAS::setDebug('');
phpCAS::client($config->cas_version, $config->cas_host, intval($config->cas_port), $config->cas_context);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests(false);
self::$_init = true;
return true;
}
function __construct()
{
if (!self::$initialized) {
global $cas_cfg;
phpCAS::client(CAS_VERSION_2_0, $cas_cfg['host'], $cas_cfg['port'], $cas_cfg['context']);
// Perform SSL validation only if server_ca_cert path is provided.
if (isset($cas_cfg['server_ca_cert'])) {
phpCAS::setCasServerCACert($cas_cfg['server_ca_cert']);
} else {
phpCAS::setNoCasServerValidation();
}
self::$initialized = true;
}
}
function __construct($collection, $settings)
{
$this->_Collection = $collection;
if (Configure::read('CAS.debug_log_enabled')) {
phpCAS::setDebug(TMP . 'phpCas.log.txt');
}
phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri'));
$certServer = Configure::read('CAS.cert_path');
if (empty($certServer)) {
phpCAS::setNoCasServerValidation();
} else {
phpCAS::setCasServerCACert($certServer);
}
}
private function setCASSettings()
{
if ($this->options->IsCasDebugOn()) {
phpCAS::setDebug($this->options->DebugFile());
}
phpCAS::client($this->options->CasVersion(), $this->options->HostName(), $this->options->Port(), $this->options->ServerUri(), $this->options->ChangeSessionId());
if ($this->options->CasHandlesLogouts()) {
phpCAS::handleLogoutRequests(true, $this->options->LogoutServers());
}
if ($this->options->HasCertificate()) {
phpCAS::setCasServerCACert($this->options->Certificate());
}
phpCAS::setNoCasServerValidation();
}
/**
* Logout execution method. Initializes CAS client and force logout if required before returning to parent logout method.
*
* @param mixed $url Optional URL to redirect the user to after logout
* @return string AuthComponent::$loginAction
* @see AuthComponent::$loginAction
* @access public
*/
function logout()
{
// Set debug mode
phpCAS::setDebug(false);
//Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri'), true);
// No SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
// Force CAS logout if required
if (phpCAS::isAuthenticated()) {
phpCAS::logout(array('url' => 'http://www.cakephp.org'));
// Provide login url for your application
}
return parent::logout();
}
