test-cas-client-sp/index.php

<?php

/*

 ************************************
 *          Configuration           *
 ************************************

*/

// PhpCAS library path
$phpCAS_path = "CAS.php";

// All valid CAS servers
$cas_servers = array(
	// CAS server hostname
	$_SERVER['SERVER_NAME'] => array(
		// Context of the CAS Server
		'context' => '/idp/cas',
		// CAS server port
		'port' => 8443,
		// If you running this application in HTTP only, uncomment following parameter
		//'insecure' => true,
		// Disable CAS server Validation
		'ssl_validation' => false,
		// If ssl_validation is enable you must define
		'ssl_cacert_path' => '/etc/ssl/certs/ca-certificates.crt',
		'ssl_cn_validation' => true,
		// Extra CURL options (for phpCAS client)
		'extra_curl_options' => array(
			// Uncomment it in case of 'dh key too small' error
			// 'CURLOPT_SSL_CIPHER_LIST' => 'DEFAULT@SECLEVEL=1',
		),
	),
	$_SERVER['SERVER_NAME'].'2' => array(
		// Context of the CAS Server
		'context' => '/idp/cas',
		// CAS server port
		'port' => 8443,
		// If you running this application in HTTP only, uncomment following parameter
		//'insecure' => true,
		// Disable CAS server Validation
		'ssl_validation' => false,
		// If ssl_validation is enable you must define
		'ssl_cacert_path' => '/etc/ssl/certs/ca-certificates.crt',
		'ssl_cn_validation' => true,
		// Extra CURL options (for phpCAS client)
		'extra_curl_options' => array(
			// Uncomment it in case of 'dh key too small' error
			// 'CURLOPT_SSL_CIPHER_LIST' => 'DEFAULT@SECLEVEL=1',
		),
	),
);

// FQDN of CAS server
$default_cas_server = key($cas_servers);

// PhpCAS debug logs

// Log directory path
$phpCAS_logdir = 'logs';

// Log filename format
// Compose with :
//  - {cas_server} : the CAS server
//  - {remote_addr} : connected user remote IP address
//  - {session_id} : connected user session_id
$phpCAS_logfile_format = '{session_id}-{cas_server}.log';

// Local app URL (auto-detect on first acces if null)
$service_url = null;

/*

 ************************************
 *               Main               *
 ************************************

*/

$warnings = array();

session_start();
require $phpCAS_path;
CAS_GracefullTerminationException::throwInsteadOfExiting();

// Initialize session variables
if (isset($_SESSION['cas_server']) && array_key_exists($_SESSION['cas_server'], $cas_servers)) {
	$cas_host = $_SESSION['cas_server'];
}
else {
	$_SESSION['cas_server'] = $cas_host = $default_cas_server;
}
if (!isset($_SESSION['user'])) $_SESSION['user'] = null;
if (!isset($_SESSION['attributes'])) $_SESSION['attributes'] = null;

// Generate phpCAS debug log file path
$phpCAS_logfile = "$phpCAS_logdir/$phpCAS_logfile_format";
$phpCAS_logfile = str_replace('{cas_server}', $cas_host, $phpCAS_logfile);
$phpCAS_logfile = str_replace('{remote_addr}', $_SERVER['REMOTE_ADDR'], $phpCAS_logfile);
$phpCAS_logfile = str_replace('{session_id}', session_id(), $phpCAS_logfile);

$phpCAS_config = array();

function init_phpCAS() {
	global $phpCAS_logfile, $phpCAS_config, $warnings, $cas_host, $cas_servers, $service_url;

	// Make sure service URL is defined (otherwise, load it from session or auto-detect)
	if (is_null($service_url)) {
		if (isset($_SESSION['service_url'])) {
			$service_url = $_SESSION['service_url'];
		}
		else {
			$https = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off');
			$request_uri = $_SERVER['REQUEST_URI'];
			$request_uri = preg_replace('/\?.*$/', '', $request_uri);
			$service_url = "http".($https?"s":"")."://".$_SERVER['SERVER_NAME'];
			if (($_SERVER['SERVER_PORT'] != 443 && $https) || ($_SERVER['SERVER_PORT'] != 80 && !$https))
				$service_url .= ":".$_SERVER['SERVER_PORT'];
			$service_url .= $request_uri;
			$_SESSION['service_url'] = $service_url;
		}
	}
	// Compute phpCAS configuration
	$phpCAS_config = array(
		'CAS Hostname' => $cas_host,
		'CAS server port' => $cas_servers[$cas_host]['port'],
		'CAS server context' => $cas_servers[$cas_host]['context'],
		'Service URL' => $service_url,
	);

	// Set phpCAS log file
	if (is_writable($phpCAS_logfile) || (!is_file($phpCAS_logfile) && is_writable(dirname($phpCAS_logfile)))) {
		$phpCAS_config['Debug file'] = $phpCAS_logfile;
		phpCAS::setDebug($phpCAS_logfile);
	}

	try {
		phpCAS::client(
			CAS_VERSION_2_0,
			$cas_host,
			$cas_servers[$cas_host]['port'],
			$cas_servers[$cas_host]['context']
		);
		phpCAS::setNoClearTicketsFromUrl();
		phpCAS::setFixedServiceURL($service_url);

		// Set extra CURL options
		if (isset($cas_servers[$cas_host]['extra_curl_options']) && is_array($cas_servers[$cas_host]['extra_curl_options'])) {
			foreach($cas_servers[$cas_host]['extra_curl_options'] as $opt => $value) {
				if (is_string($opt) && substr($opt, 0, 7) == 'CURLOPT' && defined($opt))
					$opt = constant($opt);
				phpCAS::setExtraCurlOption($opt, $value);
			}
		}

		if ($cas_servers[$cas_host]['insecure']) {
			$phpCAS_config['Insecure'] = 'Yes';
			$phpCAS_config['Base URL'] = 'http://'.$cas_host.($cas_servers[$cas_host]['port']?':'.$cas_servers[$cas_host]['port']:'').$cas_servers[$cas_host]['context'];
			// Remove trailing slash if present
			if (substr($phpCAS_config['Base URL'], -1)=='/')
				$phpCAS_config['Base URL'] = substr($phpCAS_config['Base URL'], 0, -1);
			$phpCAS_config['Login URL'] = $phpCAS_config['Base URL']."/login?service=".urlencode($service_url);
			$phpCAS_config['Logout URL'] = $phpCAS_config['Base URL']."/logout";
			$phpCAS_config['Service validate URL'] = $phpCAS_config['Base URL']."/serviceValidate";
			phpCAS::setServerLoginURL($phpCAS_config['Login URL']);
			phpCAS::setServerLogoutURL($phpCAS_config['Logout URL']);
			phpCAS::setServerServiceValidateURL($phpCAS_config['Service validate URL']);
			// Be sure SSL validation is disabled
			$cas_servers[$cas_host]['ssl_validation'] = false;
		}
		else
			$phpCAS_config['Insecure'] = 'No';

		if ($cas_servers[$cas_host]['ssl_validation'] === true) {
			if (is_readable($cas_servers[$cas_host]['ssl_cacert_path'])) {
				$phpCAS_config['SSL Validation'] = 'Enabled';
				$phpCAS_config['SSL CA Cert Validation File'] = $cas_servers[$cas_host]['ssl_cacert_path'];
				$phpCAS_config['SSL CN Validation'] = (
					$cas_servers[$cas_host]['ssl_cn_validation']?
					'Enabled':'Disabled'
				);
				phpCAS::setCasServerCACert(
					$cas_servers[$cas_host]['ssl_cacert_path'],
					$cas_servers[$cas_host]['ssl_cn_validation']
				);
			}
			else {
				$warnings[] = 'SSL validation enable for this server but CA Cert file configured does not exists or is not readable';
				$phpCAS_config['SSL Validation'] = 'Disabled';
				phpCAS::setNoCasServerValidation();
			}
		}
		else {
			$phpCAS_config['SSL Validation'] = 'Disabled';
			phpCAS::setNoCasServerValidation();
		}

		phpCAS::setCacheTimesForAuthRecheck(0);
	}
	catch (CAS_GracefullTerminationException $e) {
		$warnings[] = 'PhpCAS return exception';
		return false;
	}
	return true;
}

function local_logout() {
	unset($_SESSION['session_url']);
	unset($_SESSION['phpCAS']);
	unset($_SESSION['user']);
	unset($_SESSION['attributes']);
	return !isset($_SESSION['phpCAS']);
}

function json_output($success=true, $data=null, $return_code=200, $exit=true) {
	global $warnings, $phpCAS_config, $phpCAS_logfile, $cas_servers;

	// Retreive phpCAS logs
	$logs = false;
	if (is_writable($phpCAS_logfile)) {
		$lines = file($phpCAS_logfile);
		if (is_array($lines)) {
			$logs = implode('',$lines);
		}
		else {
			$warnings[] = "Error reading PhpCAS debug log file ($phpCAS_logfile).";
		}
	}
	else {
		$warnings[] = "PhpCAS debug log file does not exists or is not writable ($phpCAS_logfile).";
	}

	// Compute return data
	$return = array(
		'success' => $success,
		'data' => $data,
		'logs' => $logs,
		'warnings' => $warnings,
		'config' => $phpCAS_config,
		'cas_servers' => $cas_servers,
		'cas_server' => $_SESSION['cas_server'],
		'user' => $_SESSION['user'],
		'attributes' => $_SESSION['attributes'],
	);

	// Handle JSON output
  http_response_code($return_code);
  header('Content-Type: application/json; charset=utf-8');
  echo json_encode($return);
  if ($exit) exit();
}

// Handle API call
if (isset($_REQUEST['do'])) {
	switch($_REQUEST['do']) {
		case 'status':
			json_output(init_phpCAS());
			break;

		case 'change_server':
			if (!isset($_REQUEST['server'])) {
				$warnings[] = "Invalid parameters: selected CAS server is missing.";
				json_output(false);
			}

		  if (!isset($cas_servers[$_REQUEST['server']])) {
				$warnings[] = "Invalid CAS server choiced";
				json_output(false);
			}
			if ($_SESSION['cas_server'] != $_REQUEST['server']) {
				local_logout();
			}
			$cas_host = $_SESSION['cas_server'] = $_REQUEST['server'];
			json_output(init_phpCAS());
			break;

		case 'login':
			if (!init_phpCAS()) json_output(false);
			if (phpCAS::isAuthenticated()) {
				$warnings[] = 'Already authenticated. Please logout (at least local logout) before.';
				json_output(false);
			}

			json_output(true, array('login_url' => phpCAS::getServerLoginURL()));
			break;

		case 'validate_ticket':
			if (!init_phpCAS()) json_output(false);

			if (phpCAS::isAuthenticated()) {
				$_SESSION['user'] = phpCAS::getUser();
				$_SESSION['attributes'] = phpCAS::getAttributes();
				json_output(true);
			}
			else {
				$warnings[] = 'Fail to validate ticket, please check logs.';
				json_output(false);
			}
			break;

		case 'logout':
			if (!init_phpCAS()) json_output(false);
			if (!phpCAS::isAuthenticated()) {
				$warnings[] = 'Not currently authenticated.';
				json_output(false);
			}
			if (!local_logout()) {
				$warnings[] = 'Fail to purge local session.';
				json_output(false);
			}
			$logout_url = phpCAS::getServerLogoutURL().'?<se></se>rvice='.$service_url;
			json_output(true, array('logout_url' => $logout_url));
			break;

		case 'locallogout':
			unset($_SESSION['session_url']);
			unset($_SESSION['phpCAS']);
			unset($_SESSION['user']);
			unset($_SESSION['attributes']);
			json_output();
			break;

		case 'truncatelog':
			$success = false;
			if (is_file($phpCAS_logfile)) {
				if (!is_writable(dirname($phpCAS_logfile))) {
					$warnings[] = 'Logs directory is not writable ('.dirname($phpCAS_logfile).').';
					json_output(false);
				}
				$fh = fopen($phpCAS_logfile, 'w');
				fclose($fh);
			}
			json_output(true);
			break;

		default:
			$warnings[] = 'Invalid request';
			json_output(false);
	}
}

?>
<html>
<head>
	<title>Test CAS</title>
	<script src="jquery-3.6.0.min.js"></script>
	<script src="app.js"></script>
	<style>
	h2 {
		border-bottom: 1px solid;
	}

	strong {
		font-size: 0.9em;
	}

	em {
		font-size: 0.8em;
	}

	#warnings {
		color: #fff;
		background-color: #C56E6E;
	}

	pre {
		margin-left: 1em;
		padding: 1em;
		border-left: 1px solid;
		background-color: #eee;
		font-size: 0.9em;
	}

	/* Defaulty hide UI components (expect menu) */
	#cas_server_selection, #cas_config, #user_info, #warnings, #cas_logs {
		display: none;
	}
	</style>

</style>
<body>
<h1>Test CAS Application</h1>

<div id='cas_server_selection'>
	<h2>CAS server selection</h2>
	<form action='index.php' method='POST'>
		<label for='server'>CAS server</label> :
		<select name='server' id='select_server'></select>
	</form>
</div>

<div id='cas_config'>
	<h2>PhpCAS configuration</h2>
	<ul></ul>
</div>

<h2>Menu</h2>
<ul>
 <li><button id='login_btn'>Login</button></li>
 <li><button id='caslogout_btn'>Logout on CAS server</button></li>
 <li><button id='locallogout_btn'>Logout on local application</button></li>
 <li><button id='truncatelog_btn'>Truncate Debug log file content</button></li>
</ul>

<div id='user_info'></div>

<div id='warnings'></div>

<div id='cas_logs'>
	<h2>PhpCAS Debug logs</h2>
	<pre></pre>
</div

</body>
</html>