From 2c23f318ce1318ab6ee38d170955e026c357f134 Mon Sep 17 00:00:00 2001
From: Eric Rasmussen <erasmussen2@unl.edu>
Date: Tue, 26 Jan 2010 23:22:53 +0000
Subject: [PATCH] SimpleCAS dir for cas_auth_unl
---
plugins/cas_auth_unl/SimpleCAS.php | 274 +++++++++++++++++++++++++++++
1 file changed, 274 insertions(+)
create mode 100644 plugins/cas_auth_unl/SimpleCAS.php
diff --git a/plugins/cas_auth_unl/SimpleCAS.php b/plugins/cas_auth_unl/SimpleCAS.php
new file mode 100644
index 00000000..f9002949
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS.php
@@ -0,0 +1,274 @@
+<?php
+/**
+ * This is a CAS client authentication library for PHP 5.
+ *
+ * <code>
+ * <?php
+ * $protocol = new SimpleCAS_Protocol_Version2('login.unl.edu', 443, 'cas');
+ * $client = SimpleCAS::client($protocol);
+ * $client->forceAuthentication();
+ *
+ * if (isset($_GET['logout'])) {
+ * $client->logout();
+ * }
+ *
+ * if ($client->isAuthenticated()) {
+ * echo '<h1>Authentication Successful!</h1>';
+ * echo '<p>The user\'s login is '.$client->getUsername().'</p>';
+ * echo '<a href="?logout">Logout</a>';
+ * }
+ * </code>
+ *
+ * PHP version 5
+ *
+ * @category Authentication
+ * @package SimpleCAS
+ * @author Brett Bieber <brett.bieber@gmail.com>
+ * @copyright 2008 Regents of the University of Nebraska
+ * @license http://www1.unl.edu/wdn/wiki/Software_License BSD License
+ * @link http://code.google.com/p/simplecas/
+ */
+class SimpleCAS
+{
+ /**
+ * Version of the CAS library.
+ */
+ const VERSION = '0.0.1';
+
+ /**
+ * Singleton CAS object
+ *
+ * @var CAS
+ */
+ static private $_instance;
+
+ /**
+ * Is user authenticated?
+ *
+ * @var bool
+ */
+ private $_authenticated = false;
+
+ /**
+ * Protocol for the server running the CAS service.
+ *
+ * @var SimpleCAS_Protocol
+ */
+ protected $protocol;
+
+ /**
+ * User's login name if authenticated.
+ *
+ * @var string
+ */
+ protected $username;
+
+ /**
+ * (Optional) alternative service URL to return to after CAS authentication.
+ *
+ * @var string
+ */
+ static protected $url;
+
+ /**
+ * Construct a CAS client object.
+ *
+ * @param SimpleCAS_Protocol $protocol Protocol to use for authentication.
+ */
+ private function __construct(SimpleCAS_Protocol $protocol)
+ {
+ $this->protocol = $protocol;
+
+ if ($this->protocol instanceof SimpleCAS_SingleSignOut
+ && isset($_POST)) {
+ if ($ticket = $this->protocol->validateLogoutRequest($_POST)) {
+ $this->logout($ticket);
+ }
+ }
+
+ if (session_id() == '') {
+ session_start();
+ }
+
+ if (isset($_SESSION['__SIMPLECAS_TICKET'])) {
+ $this->_authenticated = true;
+ }
+
+
+ if ($this->_authenticated == false
+ && isset($_GET['ticket'])) {
+ $this->validateTicket($_GET['ticket']);
+ }
+ }
+
+ /**
+ * Checks a ticket to see if it is valid.
+ *
+ * If the CAS server verifies the ticket, a session is created and the user
+ * is marked as authenticated.
+ *
+ * @param string $ticket Ticket from the CAS Server
+ *
+ * @return bool
+ */
+ protected function validateTicket($ticket)
+ {
+ if ($uid = $this->protocol->validateTicket($ticket, self::getURL())) {
+ $this->setAuthenticated($uid);
+ $this->redirect(self::getURL());
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /**
+ * Marks the current session as authenticated.
+ *
+ * @param string $uid User name returned by the CAS server.
+ *
+ * @return void
+ */
+ protected function setAuthenticated($uid)
+ {
+ $_SESSION['__SIMPLECAS_TICKET'] = true;
+ $_SESSION['__SIMPLECAS_UID'] = $uid;
+ $this->_authenticated = true;
+ }
+
+ /**
+ * Return the authenticated user's login name.
+ *
+ * @return string
+ */
+ public function getUsername()
+ {
+ return $_SESSION['__SIMPLECAS_UID'];
+ }
+
+ /**
+ * Singleton interface, returns CAS object.
+ *
+ * @param CAS_Server $server CAS Server object
+ *
+ * @return CAS
+ */
+ static public function client(SimpleCAS_Protocol $protocol)
+ {
+ if (!isset(self::$_instance)) {
+ self::$_instance = new self($protocol);
+ }
+
+ return self::$_instance;
+ }
+
+ /**
+ * If client is not authenticated, this will redirecting to login and exit.
+ *
+ * Otherwise, return the CAS object.
+ *
+ * @return CAS
+ */
+ function forceAuthentication()
+ {
+ if (!$this->isAuthenticated()) {
+ self::redirect($this->protocol->getLoginURL(self::getURL()));
+ }
+ return $this;
+ }
+
+ /**
+ * Check if this user has been authenticated or not.
+ *
+ * @return bool
+ */
+ function isAuthenticated()
+ {
+ return $this->_authenticated;
+ }
+
+ /**
+ * Destroys session data for this client, redirects to the server logout
+ * url.
+ *
+ * @param string $url URL to provide the client on logout.
+ *
+ * @return void
+ */
+ public function logout($url = '')
+ {
+ session_destroy();
+ if (empty($url)) {
+ $url = self::getURL();
+ }
+ $this->redirect($this->protocol->getLogoutURL($url));
+ }
+
+ /**
+ * Returns the current URL without CAS affecting parameters.
+ *
+ * @return string url
+ */
+ static public function getURL()
+ {
+ if (!empty(self::$url)) {
+ return self::$url;
+ }
+ if (isset($_SERVER['HTTPS'])
+ && !empty($_SERVER['HTTPS'])
+ && $_SERVER['HTTPS'] == 'on') {
+ $protocol = 'https';
+ } else {
+ $protocol = 'http';
+ }
+
+ $url = $protocol.'://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
+
+ $replacements = array('/\?logout/' => '',
+ '/&ticket=[^&]*/' => '',
+ '/\?ticket=[^&;]*/' => '?',
+ '/\?%26/' => '?',
+ '/\?&/' => '?',
+ '/\?$/' => '');
+
+ $url = preg_replace(array_keys($replacements),
+ array_values($replacements), $url);
+
+ return $url;
+ }
+
+ /**
+ * Set an alternative return URL
+ *
+ * @param string $url alternative return URL
+ *
+ * @return void
+ */
+ public static function setURL($url)
+ {
+ self::$url = $url;
+ }
+
+ /**
+ * Send a header to redirect the client to another URL.
+ *
+ * @param string $url URL to redirect the client to.
+ *
+ * @return void
+ */
+ public static function redirect($url)
+ {
+ header("Location: $url");
+ exit();
+ }
+
+ /**
+ * Get the version of the CAS library
+ *
+ * @return string
+ */
+ static public function getVersion()
+ {
+ return self::VERSION;
+ }
+}
--
GitLab