diff --git a/example/includes/config.yml b/example/includes/config.yml index d9b2a80..94f2532 100644 --- a/example/includes/config.yml +++ b/example/includes/config.yml @@ -230,6 +230,9 @@ auth: # CAS Fake authenticated user #fake_authenticated_user: 'myusername' + #fake_authenticated_user_attributes: + # attr1: value1 + # attr2: value2 # CAS user attributes to retrieve with their properties: # [attr name]: diff --git a/skel/config.yml b/skel/config.yml index 7cc8d9f..48551f2 100644 --- a/skel/config.yml +++ b/skel/config.yml @@ -230,6 +230,9 @@ auth: # CAS Fake authenticated user #fake_authenticated_user: 'myusername' + #fake_authenticated_user_attributes: + # attr1: value1 + # attr2: value2 # CAS user attributes to retrieve with their properties: # [attr name]: diff --git a/src/Auth/Cas.php b/src/Auth/Cas.php index 673dcda..d84e279 100644 --- a/src/Auth/Cas.php +++ b/src/Auth/Cas.php @@ -9,6 +9,8 @@ use EesyPHP\Url; use phpCAS; +use function EesyPHP\cast; + class Cas extends Method { /** @@ -39,6 +41,7 @@ class Cas extends Method { 'version' => '2.0', 'logout' => true, 'fake_authenticated_user' => null, + 'fake_authenticated_user_attributes' => [], 'debug_log_file' => null, 'ca_cert_certificate_path' => null, 'user_attributes' => array( @@ -182,4 +185,42 @@ class Cas extends Method { Url :: redirect(isset($_REQUEST['next'])?urldecode($_REQUEST['next']):null); Log :: fatal('No CAS ticket or fail to authenticate you'); } + + /** + * Check if user is authenticated using CAS backend + * @return bool + */ + public static function is_authenticated() { + return self :: $fake_authenticated_user || phpCAS :: isAuthenticated(); + } + + /** + * Retrieve CAS attribute value(s) from CAS authenticated user + * @param string $attr The CAS attribute name + * @param mixed $default The default value to return if the CAS attribute is undefined + * (optional, default: null) + * @param string|null $cast The expected type of value (optional, default: string) + * @return mixed + */ + public static function get_attr($attr, $default=null, $cast=null) { + if (self :: $fake_authenticated_user) + return App::get( + "auth.cas.fake_authenticated_user_attributes.$attr", + $default, + $cast ?? "string" + ); + if (!phpCAS::hasAttribute($attr)) + return $default; + return cast(phpCAS::getAttribute($attr), $cast?$cast:'string'); + } + + /** + * Retrieve CAS attributes's value(s) from CAS authenticated user + * @return array + */ + public static function get_attrs() { + if (self :: $fake_authenticated_user) + return App::get("auth.cas.fake_authenticated_user_attributes", [], "array"); + return phpCAS::getAttributes(); + } } diff --git a/src/Auth/Casuser.php b/src/Auth/Casuser.php index 4905591..5aed175 100644 --- a/src/Auth/Casuser.php +++ b/src/Auth/Casuser.php @@ -4,40 +4,25 @@ namespace EesyPHP\Auth; use EesyPHP\App; use EesyPHP\Auth; +use EesyPHP\Auth\Cas; use EesyPHP\Auth\User; use EesyPHP\Check; use EesyPHP\Config; use EesyPHP\I18n; use EesyPHP\Log; -use function EesyPHP\cast; use function EesyPHP\format_callable; use function EesyPHP\vardump; -use phpCAS; - class Casuser extends Backend { - /** - * Retrieve CAS attribute value(s) from CAS authenticated user - * @param string $attr The CAS attribute name - * @param mixed $default The default value to return if the CAS attribute is undefined - * (optional, default: null) - * @param string|null $cast The expected type of value (optional, default: string) - */ - public static function get_attr($attr, $default=null, $cast=null) { - if (!phpCAS::hasAttribute($attr)) - return $default; - return cast(phpCAS::getAttribute($attr), $cast?$cast:'string'); - } - /** * Retrieve a user by its username * @param string $username * @return \EesyPHP\Auth\User|null|false The user object if found, null it not, false in case of error */ public static function get_user($username) { - if (!phpCAS :: isAuthenticated()) { - Log::error("get_user(%s): phpCAS not authenticated, can't compute user"); + if (!Cas :: is_authenticated()) { + Log::error("get_user(%s): CAS backend not authenticated, can't compute user"); return null; } @@ -45,14 +30,14 @@ class Casuser extends Backend { self :: check_user_filters($username); $info = array(); - foreach(Config::get('auth.cas.user_attributes') as $name => $attr_config) { + foreach(App::get('auth.cas.user_attributes') as $name => $attr_config) { $cas_name = Config::get("cas_name", null, 'string', false, $attr_config); $alt_cas_name = Config::get("alt_cas_name", $name, 'string', false, $attr_config); - if (!$cas_name || is_null(self :: get_attr($cas_name))) + if (!$cas_name || is_null(Cas :: get_attr($cas_name))) $cas_name = $alt_cas_name; - $info[$name] = self :: get_attr( + $info[$name] = Cas :: get_attr( $cas_name?$cas_name:$name, - Config::get("default", null, null, false, $attr_config) + default: Config::get("default", null, null, false, $attr_config) ); } Log::debug('User "%s" info computed from CAS attributes:\n%s', $username, vardump($info)); @@ -65,12 +50,12 @@ class Casuser extends Backend { * @return void|never */ public static function check_user_filters($username) { - foreach(Config::get('auth.cas.user_filters', [], 'array') as $attr => $filter) { + foreach(App::get('auth.cas.user_filters', [], 'array') as $attr => $filter) { if (is_callable($filter)) { if ( !$filter( $username, - is_string($attr)?phpCAS::getAttribute($attr):phpCAS::getAttributes() + is_string($attr)?Cas::get_attr($attr):Cas::get_attrs() ) ) { @@ -88,7 +73,7 @@ class Casuser extends Backend { Log::fatal(I18n::_("Configuration error in CAS auth backend.")); } - $attr_values = self :: get_attr($attr, [], 'array'); + $attr_values = Cas :: get_attr($attr, [], 'array'); if (!$attr_values) { Log::warning( "get_user(%s): filter out by attribute %s (not defined)",