Add Casuser auth backend
This commit is contained in:
parent
c7f8c7c500
commit
c71109124c
4 changed files with 123 additions and 0 deletions
|
@ -158,6 +158,8 @@ auth:
|
||||||
# User backends
|
# User backends
|
||||||
backends:
|
backends:
|
||||||
- db
|
- db
|
||||||
|
#- ldap
|
||||||
|
#- casuser
|
||||||
|
|
||||||
#
|
#
|
||||||
# Login form
|
# Login form
|
||||||
|
@ -231,6 +233,28 @@ auth:
|
||||||
|
|
||||||
# CAS Fake authenticated user
|
# CAS Fake authenticated user
|
||||||
#fake_authenticated_user: 'myusername'
|
#fake_authenticated_user: 'myusername'
|
||||||
|
|
||||||
|
# CAS user attributes to retreive with their properties:
|
||||||
|
# [attr name]:
|
||||||
|
# # CAS attribute name (optional, default: [attr name])
|
||||||
|
# cas_name: [CAS attr name]
|
||||||
|
# # Alternative CAS attribute name to retrieve if the first one is not defined (optional)
|
||||||
|
# alt_cas_name: [alternative CAS attr name]
|
||||||
|
# # Type of value (optional, default: 'string', possible values: string, bool, int, float)
|
||||||
|
# type: [type of value]
|
||||||
|
# # Default attribute value (optional, default: null)
|
||||||
|
# default: null
|
||||||
|
# Note: only used by casuser auth backend.
|
||||||
|
user_attributes:
|
||||||
|
login:
|
||||||
|
cas_name: 'uid'
|
||||||
|
default: null
|
||||||
|
name:
|
||||||
|
cas_name: 'displayName'
|
||||||
|
cas_ldap_name: 'cn'
|
||||||
|
default: null
|
||||||
|
mail:
|
||||||
|
type: 'string'
|
||||||
|
|
||||||
#
|
#
|
||||||
# Database user backend
|
# Database user backend
|
||||||
|
|
|
@ -158,6 +158,8 @@ auth:
|
||||||
# User backends
|
# User backends
|
||||||
backends:
|
backends:
|
||||||
#- ldap
|
#- ldap
|
||||||
|
#- db
|
||||||
|
#- casuser
|
||||||
|
|
||||||
#
|
#
|
||||||
# Login form
|
# Login form
|
||||||
|
@ -232,6 +234,28 @@ auth:
|
||||||
# CAS Fake authenticated user
|
# CAS Fake authenticated user
|
||||||
#fake_authenticated_user: 'myusername'
|
#fake_authenticated_user: 'myusername'
|
||||||
|
|
||||||
|
# CAS user attributes to retreive with their properties:
|
||||||
|
# [attr name]:
|
||||||
|
# # CAS attribute name (optional, default: [attr name])
|
||||||
|
# cas_name: [CAS attr name]
|
||||||
|
# # Alternative CAS attribute name to retrieve if the first one is not defined (optional)
|
||||||
|
# alt_cas_name: [alternative CAS attr name]
|
||||||
|
# # Type of value (optional, default: 'string', possible values: string, bool, int, float)
|
||||||
|
# type: [type of value]
|
||||||
|
# # Default attribute value (optional, default: null)
|
||||||
|
# default: null
|
||||||
|
# Note: only used by casuser auth backend.
|
||||||
|
user_attributes:
|
||||||
|
login:
|
||||||
|
cas_name: 'uid'
|
||||||
|
default: null
|
||||||
|
name:
|
||||||
|
cas_name: 'displayName'
|
||||||
|
cas_ldap_name: 'cn'
|
||||||
|
default: null
|
||||||
|
mail:
|
||||||
|
type: 'string'
|
||||||
|
|
||||||
#
|
#
|
||||||
# Database user backend
|
# Database user backend
|
||||||
#
|
#
|
||||||
|
|
|
@ -37,6 +37,26 @@ class Cas extends Method {
|
||||||
'fake_authenticated_user' => null,
|
'fake_authenticated_user' => null,
|
||||||
'debug_log_file' => null,
|
'debug_log_file' => null,
|
||||||
'ca_cert_certificate_path' => null,
|
'ca_cert_certificate_path' => null,
|
||||||
|
'user_attributes' => array(
|
||||||
|
'login' => array(
|
||||||
|
'cas_name' => 'uid',
|
||||||
|
'type' => 'string',
|
||||||
|
'multivalued' => false,
|
||||||
|
'default' => null,
|
||||||
|
),
|
||||||
|
'mail' => array(
|
||||||
|
'type' => 'string',
|
||||||
|
'multivalued' => false,
|
||||||
|
'default' => null,
|
||||||
|
),
|
||||||
|
'name' => array(
|
||||||
|
'cas_name' => 'displayName',
|
||||||
|
'alt_cas_name' => 'cn',
|
||||||
|
'type' => 'string',
|
||||||
|
'multivalued' => false,
|
||||||
|
'default' => null,
|
||||||
|
),
|
||||||
|
),
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
self :: $fake_authenticated_user = App :: get(
|
self :: $fake_authenticated_user = App :: get(
|
||||||
|
|
55
src/Auth/Casuser.php
Normal file
55
src/Auth/Casuser.php
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace EesyPHP\Auth;
|
||||||
|
|
||||||
|
use EesyPHP\App;
|
||||||
|
use EesyPHP\Auth\User;
|
||||||
|
use EesyPHP\Config;
|
||||||
|
use EesyPHP\Log;
|
||||||
|
use function EesyPHP\cast;
|
||||||
|
use function EesyPHP\vardump;
|
||||||
|
|
||||||
|
use phpCAS;
|
||||||
|
|
||||||
|
class Casuser extends Backend {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retreive CAS attribute value(s) from CAS authenticated user
|
||||||
|
* @param string $attr The CAS attribute name
|
||||||
|
* @param mixed $default The default value to return if the CAS attribute is undefined
|
||||||
|
* (optional, default: null)
|
||||||
|
* @param string|null $cast The expected type of value (optional, default: string)
|
||||||
|
*/
|
||||||
|
public static function get_attr($attr, $default=null, $cast=null) {
|
||||||
|
if (!phpCAS::hasAttribute($attr))
|
||||||
|
return $default;
|
||||||
|
return cast(phpCAS::getAttribute($attr), $cast?$cast:'string');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Retreive a user by its username
|
||||||
|
* @param string $username
|
||||||
|
* @return \EesyPHP\Auth\User|null|false The user object if found, null it not, false in case of error
|
||||||
|
*/
|
||||||
|
public static function get_user($username) {
|
||||||
|
if (!phpCAS :: isAuthenticated()) {
|
||||||
|
Log::error("get_user(%s): phpCAS not authenticated, can't compute user");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
$info = array();
|
||||||
|
foreach(Config::get('auth.cas.user_attributes') as $name => $attr_config) {
|
||||||
|
$cas_name = Config::get("cas_name", null, 'string', false, $attr_config);
|
||||||
|
$alt_cas_name = Config::get("alt_cas_name", $name, 'string', false, $attr_config);
|
||||||
|
if (!$cas_name || is_null(self :: get_attr($cas_name)))
|
||||||
|
$cas_name = $alt_cas_name;
|
||||||
|
$info[$name] = self :: get_attr(
|
||||||
|
$cas_name?$cas_name:$name,
|
||||||
|
Config::get("default", null, null, false, $attr_config)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
Log::debug('User "%s" info computed from CAS attributes:\n%s', $username, vardump($info));
|
||||||
|
return new User($username, '\\EesyPHP\\Auth\\Casuser', $info);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue