2010-03-10 19:49:04 +01:00
< ? php
/*******************************************************************************
* Copyright ( C ) 2007 Easter - eggs
* http :// ldapsaisie . labs . libre - entreprise . org
*
* Author : See AUTHORS file in top - level directory .
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
2010-11-24 19:12:21 +01:00
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
2010-03-10 19:49:04 +01:00
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
2010-11-24 19:12:21 +01:00
* Foundation , Inc . , 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA .
2010-03-10 19:49:04 +01:00
******************************************************************************/
/**
2010-11-24 19:12:21 +01:00
* CAS Authentication provider for LSauth
2010-03-10 19:49:04 +01:00
*
* @ author Benjamin Renard < brenard @ easter - eggs . com >
*/
2010-11-24 19:12:21 +01:00
class LSauthMethod_CAS extends LSauthMethod {
2019-07-02 14:21:04 +02:00
// Configured flag
private $configured = false ;
2019-03-12 11:42:53 +01:00
public function __construct () {
2010-11-24 19:12:21 +01:00
LSauth :: disableLoginForm ();
2019-03-12 13:10:24 +01:00
if ( ! parent :: __construct ())
2010-11-24 19:12:21 +01:00
return ;
2010-03-10 19:49:04 +01:00
if ( LSsession :: includeFile ( PHP_CAS_PATH )) {
if ( defined ( 'PHP_CAS_DEBUG_FILE' )) {
2019-07-02 14:21:04 +02:00
LSlog :: debug ( 'LSauthMethod_CAS : enable debug file ' . PHP_CAS_DEBUG_FILE );
2010-03-10 19:49:04 +01:00
phpCAS :: setDebug ( PHP_CAS_DEBUG_FILE );
}
2019-07-02 14:21:04 +02:00
LSlog :: debug ( 'LSauthMethod_CAS : initialise phpCAS :: client with CAS server URL https://' . LSAUTH_CAS_SERVER_HOSTNAME . ':' . LSAUTH_CAS_SERVER_PORT . ( defined ( 'LSAUTH_CAS_SERVER_URI' ) ? LSAUTH_CAS_SERVER_URI : '' ));
phpCAS :: client (
constant ( LSAUTH_CAS_VERSION ),
LSAUTH_CAS_SERVER_HOSTNAME ,
LSAUTH_CAS_SERVER_PORT ,
( defined ( 'LSAUTH_CAS_SERVER_URI' ) ? LSAUTH_CAS_SERVER_URI : '' ),
false
);
// Configure CAS server SSL validation
$cas_server_ssl_validation_configured = false ;
if ( defined ( 'LSAUTH_CAS_SERVER_NO_SSL_VALIDATION' ) && LSAUTH_CAS_SERVER_NO_SSL_VALIDATION ) {
LSlog :: debug ( 'LSauthMethod_CAS : disable CAS server SSL validation => /!\ NOT RECOMMENDED IN PRODUCTION ENVIRONMENT /!\\' );
2010-03-10 19:49:04 +01:00
phpCAS :: setNoCasServerValidation ();
2019-07-02 14:21:04 +02:00
$cas_server_ssl_validation_configured = true ;
2010-03-10 19:49:04 +01:00
}
2019-07-02 14:21:04 +02:00
2012-03-29 18:32:13 +02:00
if ( defined ( 'LSAUTH_CAS_SERVER_SSL_CACERT' )) {
2019-07-02 14:21:04 +02:00
LSlog :: debug ( 'LSauthMethod_CAS : validate CAS server SSL certificate using ' . LSAUTH_CAS_SERVER_SSL_CACERT . ' CA certificate file.' );
2010-03-10 19:49:04 +01:00
phpCAS :: setCasServerCACert ( LSAUTH_CAS_SERVER_SSL_CACERT );
2019-07-02 14:21:04 +02:00
$cas_server_ssl_validation_configured = true ;
}
// Check CAS server SSL validation is now configured
if ( ! $cas_server_ssl_validation_configured ) {
LSerror :: addErrorCode ( 'LSauthMethod_CAS_02' );
return false ;
2010-03-10 19:49:04 +01:00
}
2012-03-29 18:33:12 +02:00
if ( defined ( 'LSAUTH_CAS_CURL_SSLVERION' )) {
2019-07-02 14:21:04 +02:00
LSlog :: debug ( 'LSauthMethod_CAS : use specific SSL version ' . LSAUTH_CAS_CURL_SSLVERION );
2012-03-29 18:33:12 +02:00
phpCAS :: setExtraCurlOption ( CURLOPT_SSLVERSION , LSAUTH_CAS_CURL_SSLVERION );
}
2010-03-10 19:49:04 +01:00
if ( LSAUTH_CAS_DISABLE_LOGOUT ) {
2019-07-02 14:21:04 +02:00
LSlog :: debug ( 'LSauthMethod_CAS : disable logout' );
2010-11-24 19:12:21 +01:00
LSauth :: disableLogoutBtn ();
2010-03-10 19:49:04 +01:00
}
2019-07-02 14:21:04 +02:00
// Set configured flag
$this -> configured = true ;
2010-03-10 19:49:04 +01:00
return true ;
}
else {
2010-11-24 19:12:21 +01:00
LSerror :: addErrorCode ( 'LSauthMethod_CAS_01' );
2010-03-10 19:49:04 +01:00
}
return false ;
}
2010-11-24 19:12:21 +01:00
/**
* Check Auth Data
*
* Return authentication data or false
*
* @ retval Array | false Array of authentication data or False
**/
public function getAuthData () {
2019-07-02 14:21:04 +02:00
if ( $this -> configured ) {
2010-03-10 19:49:04 +01:00
// Launch Auth
2019-07-02 14:21:04 +02:00
LSlog :: debug ( 'LSauthMethod_CAS : force authentication' );
2010-03-10 19:49:04 +01:00
phpCAS :: forceAuthentication ();
$this -> authData = array (
2010-11-24 19:12:21 +01:00
'username' => phpCAS :: getUser ()
2010-03-10 19:49:04 +01:00
);
2019-07-02 14:21:04 +02:00
LSlog :: debug ( 'LSauthMethod_CAS : auth data : ' . varDump ( $this -> authData ));
2010-11-24 19:12:21 +01:00
return $this -> authData ;
2010-03-10 19:49:04 +01:00
}
return ;
}
2010-11-24 19:12:21 +01:00
/**
* Logout
*
* @ retval boolean True on success or False
**/
2010-03-10 19:49:04 +01:00
public function logout () {
2019-07-02 14:21:04 +02:00
if ( $this -> configured ) {
2010-11-24 19:12:21 +01:00
if ( LSauth :: displayLogoutBtn ()) {
2010-03-10 19:49:04 +01:00
phpCAS :: forceAuthentication ();
2019-07-02 14:21:04 +02:00
LSlog :: debug ( " LSauthMethod_CAS :: logout() : trigger CAS logout " );
2010-03-10 19:49:04 +01:00
phpCAS :: logout ();
2010-11-24 19:12:21 +01:00
return true ;
2010-03-10 19:49:04 +01:00
}
2019-07-02 14:21:04 +02:00
else
LSlog :: warning ( " LSauthMethod_CAS :: logout() : logout is disabled " );
2010-03-10 19:49:04 +01:00
}
2010-11-24 19:12:21 +01:00
return ;
2010-03-10 19:49:04 +01:00
}
2010-11-24 19:12:21 +01:00
2010-03-10 19:49:04 +01:00
}
2019-03-11 22:42:20 +01:00
2010-03-10 19:49:04 +01:00
/*
* Error Codes
*/
2010-11-24 19:12:21 +01:00
LSerror :: defineError ( 'LSauthMethod_CAS_01' ,
_ ( " LSauthMethod_CAS : Failed to load phpCAS. " )
2010-03-10 19:49:04 +01:00
);
2019-07-02 14:21:04 +02:00
LSerror :: defineError ( 'LSauthMethod_CAS_02' ,
2020-01-22 17:36:35 +01:00
_ ( " LSauthMethod_CAS : Please check your configuration : you must configure CAS server SSL certificate validation using one of the following constant : LSAUTH_CAS_SERVER_SSL_CACERT or LSAUTH_CAS_SERVER_NO_SSL_VALIDATION " )
2019-07-02 14:21:04 +02:00
);
2019-03-11 22:42:20 +01:00