ldapsaisie/public_html/includes/class/class.LSauthMethod_CAS.php

<?php
/*******************************************************************************
 * Copyright (C) 2007 Easter-eggs
 * http://ldapsaisie.labs.libre-entreprise.org
 *
 * Author: See AUTHORS file in top-level directory.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version 2
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

******************************************************************************/

/**
 * CAS Authentication provider for LSauth
 *
 * @author Benjamin Renard <brenard@easter-eggs.com>
 */
class LSauthMethod_CAS extends LSauthMethod {

  // Configured flag
  private $configured = false;

  public function __construct() {
		LSauth :: disableLoginForm();
		
		if (!parent :: __construct())
			return;

		if (LSsession :: includeFile(PHP_CAS_PATH)) {
			if (defined('PHP_CAS_DEBUG_FILE')) {
				LSlog :: debug('LSauthMethod_CAS : enable debug file '.PHP_CAS_DEBUG_FILE);
				phpCAS::setDebug(PHP_CAS_DEBUG_FILE);
			}
			LSlog :: debug('LSauthMethod_CAS : initialise phpCAS :: client with CAS server URL https://'.LSAUTH_CAS_SERVER_HOSTNAME.':'.LSAUTH_CAS_SERVER_PORT.(defined('LSAUTH_CAS_SERVER_URI')?LSAUTH_CAS_SERVER_URI: ''));
			phpCAS::client (
				constant(LSAUTH_CAS_VERSION),
				LSAUTH_CAS_SERVER_HOSTNAME,
				LSAUTH_CAS_SERVER_PORT,
				(defined('LSAUTH_CAS_SERVER_URI')?LSAUTH_CAS_SERVER_URI: ''),
				false
			);

			// Configure CAS server SSL validation
			$cas_server_ssl_validation_configured = false;
			if (defined('LSAUTH_CAS_SERVER_NO_SSL_VALIDATION') && LSAUTH_CAS_SERVER_NO_SSL_VALIDATION) {
				LSlog :: debug('LSauthMethod_CAS : disable CAS server SSL validation => /!\ NOT RECOMMENDED IN PRODUCTION ENVIRONMENT /!\\');
				phpCAS::setNoCasServerValidation();
				$cas_server_ssl_validation_configured = true;
			}
			
			if (defined('LSAUTH_CAS_SERVER_SSL_CACERT')) {
				LSlog :: debug('LSauthMethod_CAS : validate CAS server SSL certificate using '.LSAUTH_CAS_SERVER_SSL_CACERT.' CA certificate file.');
				phpCAS::setCasServerCACert(LSAUTH_CAS_SERVER_SSL_CACERT);
				$cas_server_ssl_validation_configured = true;
			}

			// Check CAS server SSL validation is now configured
			if (!$cas_server_ssl_validation_configured) {
				LSerror :: addErrorCode('LSauthMethod_CAS_02');
				return false;
			}

			if (defined('LSAUTH_CAS_CURL_SSLVERION')) {
				LSlog :: debug('LSauthMethod_CAS : use specific SSL version '.LSAUTH_CAS_CURL_SSLVERION);
				phpCAS::setExtraCurlOption(CURLOPT_SSLVERSION,LSAUTH_CAS_CURL_SSLVERION);
			}

			if (LSAUTH_CAS_DISABLE_LOGOUT) {
				LSlog :: debug('LSauthMethod_CAS : disable logout');
				LSauth :: disableLogoutBtn();
			}

			// Set configured flag
			$this -> configured = true;
			return true;
		}
		else {
			LSerror :: addErrorCode('LSauthMethod_CAS_01');
		}
		return false;
	}

  /**
   * Check Auth Data
   * 
   * Return authentication data or false
   * 
   * @retval Array|false Array of authentication data or False
   **/
  public function getAuthData() {
		if ($this -> configured) {
			// Launch Auth
			LSlog :: debug('LSauthMethod_CAS : force authentication');
			phpCAS::forceAuthentication();

			$this -> authData = array(
				'username' => phpCAS::getUser()
			);
			LSlog :: debug('LSauthMethod_CAS : auth data : '.varDump($this -> authData));
			return $this -> authData;
		}
		return;
	}
	
 /**
  * Logout
  * 
  * @retval boolean True on success or False
  **/
	public function logout() {
		if($this -> configured) {
			if (LSauth :: displayLogoutBtn()) {
				phpCAS :: forceAuthentication();
				LSlog :: debug("LSauthMethod_CAS :: logout() : trigger CAS logout");
				phpCAS :: logout();
				return true;
			}
			else
				LSlog :: warning("LSauthMethod_CAS :: logout() : logout is disabled");
		}
		return;
	}

}

/*
 * Error Codes
 */
LSerror :: defineError('LSauthMethod_CAS_01',
_("LSauthMethod_CAS : Failed to load phpCAS.")
);
LSerror :: defineError('LSauthMethod_CAS_02',
_("LSauthMethod_CAS : Please check your configuration : you must configure CAS server SSL certificate validation using one of the following constant : LSAUTH_CAS_SERVER_SSL_CACERT or LSAUTH_CAS_SERVER_NO_SSL_VALIDATION")
);
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`<?php`
			`/*******************************************************************************`
			`* Copyright (C) 2007 Easter-eggs`
			`* http://ldapsaisie.labs.libre-entreprise.org`
			`*`
			`* Author: See AUTHORS file in top-level directory.`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License version 2`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00
			`******************************************************************************/`

			`/**`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`* CAS Authentication provider for LSauth`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`*`
			`* @author Benjamin Renard <brenard@easter-eggs.com>`
			`*/`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`class LSauthMethod_CAS extends LSauthMethod {`

LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`// Configured flag`
			`private $configured = false;`

Explicitly defined class methods visibility and upgrade PHP class constructor syntax 2019-03-12 11:42:53 +01:00			`public function __construct() {`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`LSauth :: disableLoginForm();`

Fix parent constructor calls 2019-03-12 13:10:24 +01:00			`if (!parent :: __construct())`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`return;`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00
			`if (LSsession :: includeFile(PHP_CAS_PATH)) {`
			`if (defined('PHP_CAS_DEBUG_FILE')) {`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSlog :: debug('LSauthMethod_CAS : enable debug file '.PHP_CAS_DEBUG_FILE);`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`phpCAS::setDebug(PHP_CAS_DEBUG_FILE);`
			`}`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSlog :: debug('LSauthMethod_CAS : initialise phpCAS :: client with CAS server URL https://'.LSAUTH_CAS_SERVER_HOSTNAME.':'.LSAUTH_CAS_SERVER_PORT.(defined('LSAUTH_CAS_SERVER_URI')?LSAUTH_CAS_SERVER_URI: ''));`
			`phpCAS::client (`
			`constant(LSAUTH_CAS_VERSION),`
			`LSAUTH_CAS_SERVER_HOSTNAME,`
			`LSAUTH_CAS_SERVER_PORT,`
			`(defined('LSAUTH_CAS_SERVER_URI')?LSAUTH_CAS_SERVER_URI: ''),`
			`false`
			`);`

			`// Configure CAS server SSL validation`
			`$cas_server_ssl_validation_configured = false;`
			`if (defined('LSAUTH_CAS_SERVER_NO_SSL_VALIDATION') && LSAUTH_CAS_SERVER_NO_SSL_VALIDATION) {`
			`LSlog :: debug('LSauthMethod_CAS : disable CAS server SSL validation => /!\ NOT RECOMMENDED IN PRODUCTION ENVIRONMENT /!\\');`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`phpCAS::setNoCasServerValidation();`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`$cas_server_ssl_validation_configured = true;`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00
LSauth::CAS : fix bug about LSAUTH_CAS_SERVER_SSL_CERT and LSAUTH_CAS_SERVER_SSL_CACERT parameters 2012-03-29 18:32:13 +02:00			`if (defined('LSAUTH_CAS_SERVER_SSL_CACERT')) {`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSlog :: debug('LSauthMethod_CAS : validate CAS server SSL certificate using '.LSAUTH_CAS_SERVER_SSL_CACERT.' CA certificate file.');`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`phpCAS::setCasServerCACert(LSAUTH_CAS_SERVER_SSL_CACERT);`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`$cas_server_ssl_validation_configured = true;`
			`}`

			`// Check CAS server SSL validation is now configured`
			`if (!$cas_server_ssl_validation_configured) {`
			`LSerror :: addErrorCode('LSauthMethod_CAS_02');`
			`return false;`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`

LSauthCAS : added possibility to set CURLOPT_SSLVERSION option with parameter LSAUTH_CAS_CURL_SSLVERION 2012-03-29 18:33:12 +02:00			`if (defined('LSAUTH_CAS_CURL_SSLVERION')) {`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSlog :: debug('LSauthMethod_CAS : use specific SSL version '.LSAUTH_CAS_CURL_SSLVERION);`
LSauthCAS : added possibility to set CURLOPT_SSLVERSION option with parameter LSAUTH_CAS_CURL_SSLVERION 2012-03-29 18:33:12 +02:00			`phpCAS::setExtraCurlOption(CURLOPT_SSLVERSION,LSAUTH_CAS_CURL_SSLVERION);`
			`}`

LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`if (LSAUTH_CAS_DISABLE_LOGOUT) {`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSlog :: debug('LSauthMethod_CAS : disable logout');`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`LSauth :: disableLogoutBtn();`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`

LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`// Set configured flag`
			`$this -> configured = true;`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`return true;`
			`}`
			`else {`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`LSerror :: addErrorCode('LSauthMethod_CAS_01');`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`
			`return false;`
			`}`

LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`/**`
			`* Check Auth Data`
			`*`
			`* Return authentication data or false`
			`*`
			`* @retval Array\|false Array of authentication data or False`
			`**/`
			`public function getAuthData() {`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`if ($this -> configured) {`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`// Launch Auth`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSlog :: debug('LSauthMethod_CAS : force authentication');`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`phpCAS::forceAuthentication();`

			`$this -> authData = array(`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`'username' => phpCAS::getUser()`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`);`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSlog :: debug('LSauthMethod_CAS : auth data : '.varDump($this -> authData));`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`return $this -> authData;`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`
			`return;`
			`}`

LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`/**`
			`* Logout`
			`*`
			`* @retval boolean True on success or False`
			`**/`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`public function logout() {`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`if($this -> configured) {`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`if (LSauth :: displayLogoutBtn()) {`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`phpCAS :: forceAuthentication();`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSlog :: debug("LSauthMethod_CAS :: logout() : trigger CAS logout");`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`phpCAS :: logout();`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`return true;`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`else`
			`LSlog :: warning("LSauthMethod_CAS :: logout() : logout is disabled");`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`return;`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`}`
Code cleaning 2019-03-11 22:42:20 +01:00
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`/*`
			`* Error Codes`
			`*/`
LSauth : Recasted - Creation of LSauthMethod class 2010-11-24 19:12:21 +01:00			`LSerror :: defineError('LSauthMethod_CAS_01',`
			`_("LSauthMethod_CAS : Failed to load phpCAS.")`
LSauthCAS : Added CAS authentification support. 2010-03-10 19:49:04 +01:00			`);`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`LSerror :: defineError('LSauthMethod_CAS_02',`
LSauthMethod::CAS : Remove deprecated LSAUTH_CAS_SERVER_SSL_CERT parameter (since corresponding bogus setCasServerCert() method has been remove in phpCAS) 2020-01-22 17:36:35 +01:00			`_("LSauthMethod_CAS : Please check your configuration : you must configure CAS server SSL certificate validation using one of the following constant : LSAUTH_CAS_SERVER_SSL_CACERT or LSAUTH_CAS_SERVER_NO_SSL_VALIDATION")`
LSauthMethod_CAS : improve logging 2019-07-02 14:21:04 +02:00			`);`
Code cleaning 2019-03-11 22:42:20 +01:00