Add Casuser auth backend

example/includes/config.yml

@@ -158,6 +158,8 @@ auth:
   # User backends
   backends:
     - db
+    #- ldap
+    #- casuser
 
   #
   # Login form
@@ -232,6 +234,28 @@ auth:
     # CAS Fake authenticated user
     #fake_authenticated_user: 'myusername'
   
+    # CAS user attributes to retreive with their properties:
+    # [attr name]:
+    #   # CAS attribute name (optional, default: [attr name])
+    #   cas_name: [CAS attr name]
+    #   # Alternative CAS attribute name to retrieve if the first one is not defined (optional)
+    #   alt_cas_name: [alternative CAS attr name]
+    #   # Type of value (optional, default: 'string', possible values: string, bool, int, float)
+    #   type: [type of value]
+    #   # Default attribute value (optional, default: null)
+    #   default: null
+    # Note: only used by casuser auth backend.
+    user_attributes:
+      login:
+        cas_name: 'uid'
+        default: null
+      name:
+        cas_name: 'displayName'
+        cas_ldap_name: 'cn'
+        default: null
+      mail:
+        type: 'string'
+
   #
   # Database user backend
   #

skel/config.yml

@@ -158,6 +158,8 @@ auth:
   # User backends
   backends:
     #- ldap
+    #- db
+    #- casuser
 
   #
   # Login form
@@ -232,6 +234,28 @@ auth:
     # CAS Fake authenticated user
     #fake_authenticated_user: 'myusername'
 
+    # CAS user attributes to retreive with their properties:
+    # [attr name]:
+    #   # CAS attribute name (optional, default: [attr name])
+    #   cas_name: [CAS attr name]
+    #   # Alternative CAS attribute name to retrieve if the first one is not defined (optional)
+    #   alt_cas_name: [alternative CAS attr name]
+    #   # Type of value (optional, default: 'string', possible values: string, bool, int, float)
+    #   type: [type of value]
+    #   # Default attribute value (optional, default: null)
+    #   default: null
+    # Note: only used by casuser auth backend.
+    user_attributes:
+      login:
+        cas_name: 'uid'
+        default: null
+      name:
+        cas_name: 'displayName'
+        cas_ldap_name: 'cn'
+        default: null
+      mail:
+        type: 'string'
+
   #
   # Database user backend
   #

src/Auth/Cas.php

@@ -37,6 +37,26 @@ class Cas extends Method {
         'fake_authenticated_user' => null,
         'debug_log_file' => null,
         'ca_cert_certificate_path' => null,
+        'user_attributes' => array(
+          'login' => array(
+            'cas_name' => 'uid',
+            'type' => 'string',
+            'multivalued' => false,
+            'default' => null,
+          ),
+          'mail' => array(
+            'type' => 'string',
+            'multivalued' => false,
+            'default' => null,
+          ),
+          'name' => array(
+            'cas_name' => 'displayName',
+            'alt_cas_name' => 'cn',
+            'type' => 'string',
+            'multivalued' => false,
+            'default' => null,
+          ),
+        ),
       )
     );
     self :: $fake_authenticated_user = App :: get(

src/Auth/Casuser.php

@@ -0,0 +1,55 @@
+<?php
+
+namespace EesyPHP\Auth;
+
+use EesyPHP\App;
+use EesyPHP\Auth\User;
+use EesyPHP\Config;
+use EesyPHP\Log;
+use function EesyPHP\cast;
+use function EesyPHP\vardump;
+
+use phpCAS;
+
+class Casuser extends Backend {
+
+  /**
+   * Retreive CAS attribute value(s) from CAS authenticated user
+   * @param string $attr The CAS attribute name
+   * @param mixed $default The default value to return if the CAS attribute is undefined
+   *                       (optional, default: null)
+   * @param string|null $cast The expected type of value (optional, default: string)
+   */
+  public static function get_attr($attr, $default=null, $cast=null) {
+    if (!phpCAS::hasAttribute($attr))
+      return $default;
+    return cast(phpCAS::getAttribute($attr), $cast?$cast:'string');
+  }
+
+  /**
+   * Retreive a user by its username
+   * @param string $username
+   * @return \EesyPHP\Auth\User|null|false The user object if found, null it not, false in case of error
+   */
+  public static function get_user($username) {
+    if (!phpCAS :: isAuthenticated()) {
+      Log::error("get_user(%s): phpCAS not authenticated, can't compute user");
+      return null;
+    }
+
+    $info = array();
+    foreach(Config::get('auth.cas.user_attributes') as $name => $attr_config) {
+      $cas_name = Config::get("cas_name", null, 'string', false, $attr_config);
+      $alt_cas_name = Config::get("alt_cas_name", $name, 'string', false, $attr_config);
+      if (!$cas_name || is_null(self :: get_attr($cas_name)))
+        $cas_name = $alt_cas_name;
+      $info[$name] = self :: get_attr(
+        $cas_name?$cas_name:$name,
+        Config::get("default", null, null, false, $attr_config)
+      );
+    }
+    Log::debug('User "%s" info computed from CAS attributes:\n%s', $username, vardump($info));
+    return new User($username, '\\EesyPHP\\Auth\\Casuser', $info);
+  }
+
+}