Commit 9c851a99 authored by Tim Steiner's avatar Tim Steiner
Browse files

Updates to CAS Authentication.

parent 39bf75b7
......@@ -110,7 +110,7 @@ class Unl_Cas
}
}
$paramString = '';
$this->_serviceUrl = urlencode($serviceUrl . $paramString);
$this->_serviceUrl = $serviceUrl . $paramString;
}
/**
......@@ -248,7 +248,7 @@ class Unl_Cas
*/
public function getLoginUrl()
{
$location = $this->_casUrl . '/login?service=' . $this->_serviceUrl;
$location = $this->_casUrl . '/login?service=' . urlencode($this->_serviceUrl);
switch ($this->_gatewayOrRenew) {
case self::PARAM_GATEWAY:
$location .= '&gateway=true';
......@@ -286,7 +286,7 @@ class Unl_Cas
}
require_once ('Zend/Http/Client.php');
$client = new Zend_Http_Client($this->_casUrl . '/serviceValidate?service=' . $this->_serviceUrl . '&ticket=' . $ticket);
$client = new Zend_Http_Client($this->_casUrl . '/serviceValidate?service=' . urlencode($this->_serviceUrl) . '&ticket=' . $ticket);
$response = $client->request();
if ($response->isSuccessful() && $this->_parseResponse($response->getBody())) {
$this->_addValidTicket($ticket);
......
......@@ -12,28 +12,30 @@ abstract class Unl_Controller_Action_Authenticate extends Unl_Controller_Action
*/
public function loginAction()
{
$session = new Zend_Session_Namespace(get_called_class());
$baseUrl = Zend_Controller_Front::getInstance()->getBaseUrl();
try {
$session = new Zend_Session_Namespace(__CLASS__);
$baseUrl = Zend_Controller_Front::getInstance()->getBaseUrl();
try {
$referer = Zend_Uri_Http::factory($_SERVER['HTTP_REFERER']);
} catch (Exception $e) {
}
if ($referer &&
$referer->getHost() == $_SERVER['HTTP_HOST'] &&
(!$referer->getPort() || $referer->getPort() == $_SERVER['SERVER_PORT']) &&
substr($referer->getPath(), 0, strlen($baseUrl)) == $baseUrl) {
$session->referer = substr($referer->getPath(), strlen($baseUrl));
$session->referer = ltrim($session->referer, '/');
if ($referer->getQuery()) {
$session->referer .= '?' . $referer->getQuery();
}
if ($referer->getFragment()) {
$session->referer .= '#' . $referer->getFragment();
}
} else {
$session->referer = $this->_getDefaultLandingPath();
}
} catch (Exception $e) {
}
if ($this->_getParam('referer')) {
$session->referer = $this->_getParam('referer');
} else if ($referer &&
$referer->getHost() == $_SERVER['HTTP_HOST'] &&
(!$referer->getPort() || $referer->getPort() == $_SERVER['SERVER_PORT']) &&
substr($referer->getPath(), 0, strlen($baseUrl)) == $baseUrl) {
$session->referer = substr($referer->getPath(), strlen($baseUrl));
$session->referer = ltrim($session->referer, '/');
if ($referer->getQuery()) {
$session->referer .= '?' . $referer->getQuery();
}
if ($referer->getFragment()) {
$session->referer .= '#' . $referer->getFragment();
}
} else {
$session->referer = $this->_getDefaultLandingPath();
}
$this->_redirect($this->_getCasAdapter()->getLoginUrl());
}
......@@ -65,33 +67,30 @@ abstract class Unl_Controller_Action_Authenticate extends Unl_Controller_Action
public function casAction()
{
$auth = Zend_Auth::getInstance();
$casAdapter = $this->_getCasAdapter();
if ($this->_getParam('logoutRequest')) {
$casAdapter->handleLogoutRequest($this->_getParam('logoutRequest'));
}
try {
$result = $auth->authenticate(new Unl_Auth_Adapter_Cas($casAdapter));
} catch (Exception $e) {
//
}
if ($result && $result->isValid()) {
$this->_setupUser(Zend_Auth::getInstance()->getIdentity());
} else {
Zend_Auth::getInstance()->clearIdentity();
if (!isset($_COOKIE['unl_sso'])) {
setcookie('unl_sso', 'fake', time() - 60*60*24, '/', '.unl.edu');
}
}
$session = new Zend_Session_Namespace(get_called_class());
if ($session->referer) {
$this->_redirect($session->referer);
} else {
$this->_redirect($this->_getDefaultLandingPath());
}
$casAdapter = $this->_getCasAdapter();
$casAdapter->setTicket($this->_getParam('ticket'));
if ($this->_getParam('logoutRequest')) {
$casAdapter->handleLogoutRequest($this->_getParam('logoutRequest'));
}
try {
$result = $auth->authenticate(new Unl_Auth_Adapter_Cas($casAdapter));
} catch (Exception $e) {
//
}
if ($result && $result->isValid()) {
$this->_setupUser(Zend_Auth::getInstance()->getIdentity());
} else {
Zend_Auth::getInstance()->clearIdentity();
if (!isset($_COOKIE['unl_sso'])) {
setcookie('unl_sso', 'fake', time() - 60*60*24, '/', '.unl.edu');
}
}
$session = new Zend_Session_Namespace(__CLASS__);
$this->_redirect($session->referer);
}
/**
......@@ -117,26 +116,30 @@ abstract class Unl_Controller_Action_Authenticate extends Unl_Controller_Action
return '/';
}
/**
* Sets up the CAS adapter and returns it.
* Overide this if you need to initialize the CAS adapter with different settings.
* @return Unl_Cas
*/
protected function _getCasAdapter()
{
static $adapter = NULL;
if (!$adapter) {
/**
* Sets up the CAS adapter and returns it.
* Overide this if you need to initialize the CAS adapter with different settings.
* @return Unl_Cas
*/
protected function _getCasAdapter()
{
static $adapter = NULL;
if (!$adapter) {
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$serviceUrl = 'https://';
} else {
$serviceUrl = 'http://';
}
$path = Zend_Controller_Front::getInstance()->getRouter()->assemble(array('action' => 'cas'));
$path = Zend_Controller_Front::getInstance()->getRouter()->assemble(array(
'module' => $this->getRequest()->getModuleName(),
'controller' => $this->getRequest()->getControllerName(),
'action' => 'cas'
));
$serviceUrl .= $_SERVER['SERVER_NAME'] . $path;
$adapter = new Unl_Cas($serviceUrl, 'https://login.unl.edu/cas', $this->_getParam('ticket'));
}
return $adapter;
}
$adapter = new Unl_Cas($serviceUrl, 'https://login.unl.edu/cas');
}
return $adapter;
}
}
\ No newline at end of file
<?php
/**
* A Zend Controller Plugin that facilitates using transparent CAS authentication.
* To enable this module, add the following lines to your application.ini:
* resources.frontController.plugins[] = Unl_Controller_Plugin_Authenticate
* unl.cas.controller = <name of the controller that extends Unl_Controller_Action_Authenticate>
*
* @author tsteiner
*
*/
class Unl_Controller_Plugin_Authenticate extends Zend_Controller_Plugin_Abstract
{
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$front = Zend_Controller_Front::getInstance();
$options = $front->getParam('bootstrap')->getOptions();
$casOptions = (isset($options['unl']['cas']) ? $options['unl']['cas'] : array());
// Get the controller name. This is required.
if (isset($casOptions['controller'])) {
$casController = $casOptions['controller'];
} else {
return;
}
// Get the module name. This is only required if using modules.
if (isset($casOptions['module'])) {
$casModule = $casOptions['module'];
} else if (!isset($options['resources']['modules'])) {
$casModule = 'default';
} else {
return;
}
// Get the action name. This isn't normally needed.
if (isset($casOptions['action'])) {
$casAction = $casOptions['action'];
} else {
$casAction = 'cas';
}
// Transparent checks should not be done if the original request is an authentication request.
if ($request->getModuleName() == $casModule && $request->getControllerName() == $casController) {
return;
}
// Transparent checks should not be done on non-HTTP, non-GET requests.
if (!$request instanceof Zend_Controller_Request_Http || !$request->isGet()) {
return;
}
// If there's no SSO cookie, there's no need to do a transparent login unless a user is already logged in.
if (!array_key_exists('unl_sso', $_COOKIE) && !Zend_Auth::getInstance()->hasIdentity()) {
return;
}
// Build the cas service URL.
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$serviceUrl = 'https://';
} else {
$serviceUrl = 'http://';
}
$casPath = Zend_Controller_Front::getInstance()->getRouter()->assemble(array(
'module' => $casModule,
'controller' => $casController,
'action' => $casAction,
));
$serviceUrl .= $_SERVER['SERVER_NAME'] . $casPath;
// Init the CAS Adapter.
$casAdapter = new Unl_Cas($serviceUrl, 'https://login.unl.edu/cas');
// If either the user has no ticket, the ticket is expired, or a user isn't logged in, go ahead with transparent login.
if ($casAdapter->isTicketExpired() || !Zend_Auth::getInstance()->hasIdentity()) {
$currentPath = Zend_Controller_Front::getInstance()->getRouter()->assemble(array());
$currentPath = substr($currentPath, strlen($front->getBaseUrl()));
$session = new Zend_Session_Namespace('Unl_Controller_Action_Authenticate');
$session->referer = $currentPath;
$casAdapter->setGateway();
header('Location: ' . $casAdapter->getLoginUrl());
exit;
}
}
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment