$attr_config) { $cas_name = Config::get("cas_name", null, 'string', false, $attr_config); $alt_cas_name = Config::get("alt_cas_name", $name, 'string', false, $attr_config); if (!$cas_name || is_null(self :: get_attr($cas_name))) $cas_name = $alt_cas_name; $info[$name] = self :: get_attr( $cas_name?$cas_name:$name, Config::get("default", null, null, false, $attr_config) ); } Log::debug('User "%s" info computed from CAS attributes:\n%s', $username, vardump($info)); return new User($username, '\\EesyPHP\\Auth\\Casuser', $info); } /** * Check authenticated user match with configured filters and denied access if not * @param string $username * @return void|never */ public static function check_user_filters($username) { foreach(Config::get('auth.cas.user_filters', [], 'array') as $attr => $filter) { if (is_callable($filter)) { if ( !$filter( $username, is_string($attr)?phpCAS::getAttribute($attr):phpCAS::getAttributes() ) ) { Log::warning("get_user(%s): filter out by %s", $username, format_callable($filter)); Auth::access_denied(); } } else if (is_string($attr)) { $regex_valid = Check :: regex($filter, true); if ($regex_valid !== true) { Log::error( "Casuser auth backend: Invalid regex provided for attribute %s: %s (%s)", $attr, $regex_valid, $filter ); Log::fatal(I18n::_("Configuration error in CAS auth backend.")); } $attr_values = self :: get_attr($attr, [], 'array'); if (!$attr_values) { Log::warning( "get_user(%s): filter out by attribute %s (not defined)", $username, $attr ); Auth::access_denied(); } $match = false; foreach ($attr_values as $attr_value) { if (preg_match($filter, $attr_value)) { $match = true; break; } } if (!$match) { Log::warning( "get_user(%s): filter out by attribute %s (not match with '%s')", $username, $attr, $filter ); Auth::access_denied(); } } else { Log::error( "Casuser auth backend: Invalid filter rule configured (%s => %s)", vardump($attr), vardump($filter) ); Log::fatal(I18n::_("Configuration error in CAS auth backend.")); } } } }