-
Notifications
You must be signed in to change notification settings - Fork 73
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #13 from subfission/xmas-update
Xmas update
- Loading branch information
Showing
11 changed files
with
323 additions
and
292 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,8 @@ | ||
/bootstrap/compiled.php | ||
.env.*.php | ||
.env.php | ||
/tests/CASAuthTest.php | ||
/build | ||
.idea | ||
/composer.lock | ||
/vendor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<phpunit bootstrap="vendor/autoload.php" | ||
backupGlobals="false" | ||
backupStaticAttributes="false" | ||
colors="true" | ||
verbose="true" | ||
convertErrorsToExceptions="true" | ||
convertNoticesToExceptions="true" | ||
convertWarningsToExceptions="true" | ||
processIsolation="false" | ||
stopOnFailure="false"> | ||
<testsuites> | ||
<testsuite name="League Test Suite"> | ||
<directory>tests</directory> | ||
</testsuite> | ||
</testsuites> | ||
<filter> | ||
<whitelist> | ||
<directory suffix=".php">src/</directory> | ||
</whitelist> | ||
</filter> | ||
<logging> | ||
<log type="tap" target="build/report.tap"/> | ||
<log type="junit" target="build/report.junit.xml"/> | ||
<log type="coverage-html" target="build/coverage" charset="UTF-8" yui="true" highlight="true"/> | ||
<log type="coverage-text" target="build/coverage.txt"/> | ||
<log type="coverage-clover" target="build/logs/clover.xml"/> | ||
</logging> | ||
</phpunit> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,65 +1,150 @@ | ||
<?php namespace Subfission\Cas; | ||
|
||
use Illuminate\Auth\AuthManager; | ||
use phpCAS; | ||
|
||
class CasManager { | ||
class CasManager | ||
{ | ||
|
||
protected $config; | ||
|
||
var $config; | ||
/** | ||
* The active connection instance. | ||
* | ||
* @var string | ||
* @param array $config | ||
*/ | ||
protected $connections; | ||
public function __construct(array $config) | ||
{ | ||
$this->parseConfig($config); | ||
if ($this->config[ 'cas_debug' ] === true) { | ||
phpCAS::setDebug(); | ||
} else { | ||
phpCAS::setDebug($this->config[ 'cas_debug' ]); | ||
} | ||
|
||
phpCAS::setVerbose($this->config[ 'cas_verbose_errors' ]); | ||
|
||
session_name($this->config[ 'cas_session_name' ]); | ||
|
||
$this->configureCas($this->config[ 'cas_proxy' ] ? 'proxy' : 'client'); | ||
|
||
$this->configureCasValidation(); | ||
|
||
// set login and logout URLs of the CAS server | ||
phpCAS::setServerLoginURL($this->config[ 'cas_login_url' ]); | ||
phpCAS::setServerLogoutURL($this->config[ 'cas_logout_url' ]); | ||
} | ||
|
||
/** | ||
* @var \Illuminate\Auth\AuthManager | ||
* Configure CAS Client|Proxy | ||
* @param $method | ||
*/ | ||
private $auth; | ||
protected function configureCas($method = 'client') | ||
{ | ||
$server_version = $this->config[ 'cas_enable_saml' ] ? SAML_VERSION_1_1 : CAS_VERSION_2_0; | ||
phpCAS::$method($server_version, $this->config[ 'cas_hostname' ], (int)$this->config[ 'cas_port' ], | ||
$this->config[ 'cas_uri' ], $this->config[ 'cas_control_session' ]); | ||
|
||
if ($this->config[ 'cas_enable_saml' ]) { | ||
// Handle SAML logout requests that emanate from the CAS host exclusively. | ||
// Failure to restrict SAML logout requests to authorized hosts could | ||
// allow denial of service attacks where at the least the server is | ||
// tied up parsing bogus XML messages. | ||
phpCAS::handleLogoutRequests(true, explode(',', $this->config[ 'cas_real_hosts' ])); | ||
} | ||
} | ||
|
||
/** | ||
* Maintain backwards compatibility with config file | ||
* @param array $config | ||
*/ | ||
public function __construct() | ||
protected function parseConfig(array $config) | ||
{ | ||
$this->config = config('cas'); | ||
$this->auth = app('auth'); | ||
|
||
$defaults = [ | ||
'cas_hostname' => '', | ||
'cas_session_name' => 'CASAuth', | ||
'cas_control_session' => false, | ||
'cas_port' => 443, | ||
'cas_uri' => '/cas', | ||
'cas_validation' => '', | ||
'cas_cert' => '', | ||
'cas_proxy' => false, | ||
'cas_validate_cn' => true, | ||
'cas_login_url' => '', | ||
'cas_logout_url' => 'https://cas.myuniv.edu/cas/logout?service=', | ||
'cas_redirect_path' => 'home', | ||
'cas_enable_saml' => true, | ||
'cas_debug' => false, | ||
'cas_verbose_errors' => false, | ||
'cas_masquerade' => '' | ||
]; | ||
|
||
$this->config = array_merge($defaults, $config); | ||
} | ||
|
||
/** | ||
* Get a Cas connection instance. | ||
* Configure SSL Validation | ||
* | ||
* @param string $name | ||
* @return app\Cas\Directory | ||
* Having some kind of server cert validation in production | ||
* is highly recommended. | ||
*/ | ||
public function connection() | ||
protected function configureCasValidation() | ||
{ | ||
if ( ! isset($this->connections) ) | ||
{ | ||
$this->connections = $this->createConnection(); | ||
if ($this->config[ 'cas_validation' ] == 'ca' || $this->config[ 'cas_validation' ] == 'self') { | ||
phpCAS::setCasServerCACert($this->config[ 'cas_cert' ], $this->config[ 'cas_validate_cn' ]); | ||
} else { | ||
phpCAS::setNoCasServerValidation(); | ||
} | ||
|
||
return $this->connections; | ||
} | ||
|
||
/** | ||
* Create the given connection by name. | ||
* Authenticates the user based on the current request. | ||
* | ||
* @return app\Cas\Sso | ||
* @return bool | ||
*/ | ||
protected function createConnection() | ||
public function authenticate() | ||
{ | ||
return new Sso($this->config, $this->auth); | ||
return $this->config[ 'cas_masquerade' ] ? true : phpCAS::forceAuthentication(); | ||
} | ||
|
||
/** | ||
* Dynamically pass methods to the default connection. | ||
* | ||
* @param string $method | ||
* @param array $parameters | ||
* Retrieve authenticated credentials | ||
* @return string | ||
*/ | ||
public function user() | ||
{ | ||
return $this->config[ 'cas_masquerade' ] ? : phpCAS::getUser(); | ||
} | ||
|
||
public function getCurrentUser() | ||
{ | ||
return $this->user(); | ||
} | ||
|
||
public function logout($params) | ||
{ | ||
if (phpCAS::isSessionAuthenticated()) { | ||
phpCAS::logout($params); | ||
} | ||
} | ||
|
||
/** | ||
* Get the attributes for for the currently connected user. This method | ||
* can only be called after authenticate() or an error wil be thrown. | ||
* @return mixed | ||
*/ | ||
public function __call($method, $parameters) | ||
public function getAttributes() | ||
{ | ||
return call_user_func_array(array($this->connection(), $method), $parameters); | ||
// We don't error check because phpCAS has it's own error handling | ||
return $this->config[ 'cas_masquerade' ] ? null : phpCAS::getAttributes(); | ||
} | ||
|
||
/** | ||
* Checks to see is user is authenticated | ||
* | ||
* @return bool | ||
*/ | ||
public function isAuthenticated() | ||
{ | ||
return phpCAS::isAuthenticated(); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.