2010-03-10 19:49:04 +01:00
< ? php
/*******************************************************************************
* Copyright ( C ) 2007 Easter - eggs
2021-04-13 18:04:19 +02:00
* https :// ldapsaisie . org
2010-03-10 19:49:04 +01:00
*
* Author : See AUTHORS file in top - level directory .
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
2010-11-24 19:12:21 +01:00
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
2010-03-10 19:49:04 +01:00
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
2010-11-24 19:12:21 +01:00
* Foundation , Inc . , 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA .
2010-03-10 19:49:04 +01:00
******************************************************************************/
/**
2010-11-24 19:12:21 +01:00
* CAS Authentication provider for LSauth
2010-03-10 19:49:04 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*/
2010-11-24 19:12:21 +01:00
class LSauthMethod_CAS extends LSauthMethod {
2019-07-02 14:21:04 +02:00
// Configured flag
private $configured = false ;
2019-03-12 11:42:53 +01:00
public function __construct () {
2021-06-10 18:45:00 +02:00
LSauth :: disableLoginForm ();
2022-12-31 02:01:17 +01:00
parent :: __construct ();
2021-06-10 18:45:00 +02:00
if ( LSsession :: includeFile ( PHP_CAS_PATH , true )) {
if ( defined ( 'PHP_CAS_DEBUG_FILE' )) {
self :: log_debug ( 'LSauthMethod_CAS : enable debug file ' . PHP_CAS_DEBUG_FILE );
phpCAS :: setDebug ( PHP_CAS_DEBUG_FILE );
}
self :: log_debug ( 'LSauthMethod_CAS : initialise phpCAS :: client with CAS server URL https://' . LSAUTH_CAS_SERVER_HOSTNAME . ':' . LSAUTH_CAS_SERVER_PORT . ( defined ( 'LSAUTH_CAS_SERVER_URI' ) ? LSAUTH_CAS_SERVER_URI : '' ));
phpCAS :: client (
constant ( LSAUTH_CAS_VERSION ),
LSAUTH_CAS_SERVER_HOSTNAME ,
LSAUTH_CAS_SERVER_PORT ,
( defined ( 'LSAUTH_CAS_SERVER_URI' ) ? LSAUTH_CAS_SERVER_URI : '' ),
false
);
// Configure CAS server SSL validation
$cas_server_ssl_validation_configured = false ;
if ( defined ( 'LSAUTH_CAS_SERVER_NO_SSL_VALIDATION' ) && LSAUTH_CAS_SERVER_NO_SSL_VALIDATION ) {
self :: log_debug ( 'LSauthMethod_CAS : disable CAS server SSL validation => /!\ NOT RECOMMENDED IN PRODUCTION ENVIRONMENT /!\\' );
phpCAS :: setNoCasServerValidation ();
$cas_server_ssl_validation_configured = true ;
}
if ( defined ( 'LSAUTH_CAS_SERVER_SSL_CACERT' )) {
self :: log_debug ( 'LSauthMethod_CAS : validate CAS server SSL certificate using ' . LSAUTH_CAS_SERVER_SSL_CACERT . ' CA certificate file.' );
phpCAS :: setCasServerCACert ( LSAUTH_CAS_SERVER_SSL_CACERT );
$cas_server_ssl_validation_configured = true ;
}
// Check CAS server SSL validation is now configured
if ( ! $cas_server_ssl_validation_configured ) {
LSerror :: addErrorCode ( 'LSauthMethod_CAS_02' );
2022-12-31 02:01:17 +01:00
return ;
2021-06-10 18:45:00 +02:00
}
if ( defined ( 'LSAUTH_CAS_CURL_SSLVERION' )) {
self :: log_debug ( 'LSauthMethod_CAS : use specific SSL version ' . LSAUTH_CAS_CURL_SSLVERION );
phpCAS :: setExtraCurlOption ( CURLOPT_SSLVERSION , LSAUTH_CAS_CURL_SSLVERION );
}
if ( LSAUTH_CAS_DISABLE_LOGOUT ) {
self :: log_debug ( 'LSauthMethod_CAS : disable logout' );
LSauth :: disableLogoutBtn ();
}
// Set configured flag
$this -> configured = true ;
}
else {
LSerror :: addErrorCode ( 'LSauthMethod_CAS_01' );
}
}
2010-03-10 19:49:04 +01:00
2010-11-24 19:12:21 +01:00
/**
* Check Auth Data
2020-04-29 15:54:21 +02:00
*
2010-11-24 19:12:21 +01:00
* Return authentication data or false
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return array | false Array of authentication data or False
2010-11-24 19:12:21 +01:00
**/
public function getAuthData () {
2021-06-10 18:45:00 +02:00
if ( $this -> configured ) {
// Launch Auth
self :: log_debug ( 'LSauthMethod_CAS : force authentication' );
phpCAS :: forceAuthentication ();
$this -> authData = array (
'username' => phpCAS :: getUser ()
);
self :: log_debug ( 'LSauthMethod_CAS : auth data : ' . varDump ( $this -> authData ));
return $this -> authData ;
}
2023-01-02 01:17:46 +01:00
return false ;
2021-06-10 18:45:00 +02:00
}
2020-04-29 15:54:21 +02:00
2010-11-24 19:12:21 +01:00
/**
* Logout
2020-04-29 15:54:21 +02:00
*
2022-12-31 05:52:31 +01:00
* @ return boolean True on success or False
2010-11-24 19:12:21 +01:00
**/
2021-06-10 18:45:00 +02:00
public function logout () {
if ( $this -> configured ) {
if ( LSauth :: displayLogoutBtn ()) {
phpCAS :: forceAuthentication ();
self :: log_debug ( " LSauthMethod_CAS :: logout() : trigger CAS logout " );
phpCAS :: logout ();
return true ;
}
else
self :: log_warning ( " LSauthMethod_CAS :: logout() : logout is disabled " );
}
2023-01-02 01:17:46 +01:00
return false ;
2021-06-10 18:45:00 +02:00
}
2010-11-24 19:12:21 +01:00
2010-03-10 19:49:04 +01:00
}
2019-03-11 22:42:20 +01:00
2010-03-10 19:49:04 +01:00
/*
* Error Codes
*/
2010-11-24 19:12:21 +01:00
LSerror :: defineError ( 'LSauthMethod_CAS_01' ,
2020-08-25 17:31:50 +02:00
___ ( " LSauthMethod_CAS : Failed to load phpCAS. " )
2010-03-10 19:49:04 +01:00
);
2019-07-02 14:21:04 +02:00
LSerror :: defineError ( 'LSauthMethod_CAS_02' ,
2020-08-25 17:31:50 +02:00
___ ( " LSauthMethod_CAS : Please check your configuration : you must configure CAS server SSL certificate validation using one of the following constant : LSAUTH_CAS_SERVER_SSL_CACERT or LSAUTH_CAS_SERVER_NO_SSL_VALIDATION " )
2019-07-02 14:21:04 +02:00
);