From 80914c356afd24ff26a58e3415bae7bf285f2eed Mon Sep 17 00:00:00 2001
From: Eric Rasmussen <erasmussen2@unl.edu>
Date: Tue, 26 Jan 2010 23:27:38 +0000
Subject: [PATCH] SimpleCAS dir for cas_auth_unl
---
plugins/cas_auth_unl/SimpleCAS/Autoload.php | 62 ++++++++
plugins/cas_auth_unl/SimpleCAS/Protocol.php | 83 +++++++++++
.../SimpleCAS/Protocol/Version1.php | 133 ++++++++++++++++++
.../SimpleCAS/Protocol/Version2.php | 94 +++++++++++++
.../Protocol/Version2/ValidationResponse.php | 62 ++++++++
.../cas_auth_unl/SimpleCAS/ProxyGranting.php | 31 ++++
.../SimpleCAS/ProxyGranting/Storage.php | 7 +
.../SimpleCAS/ProxyGranting/Storage/File.php | 14 ++
.../cas_auth_unl/SimpleCAS/SingleSignOut.php | 24 ++++
9 files changed, 510 insertions(+)
create mode 100644 plugins/cas_auth_unl/SimpleCAS/Autoload.php
create mode 100644 plugins/cas_auth_unl/SimpleCAS/Protocol.php
create mode 100644 plugins/cas_auth_unl/SimpleCAS/Protocol/Version1.php
create mode 100644 plugins/cas_auth_unl/SimpleCAS/Protocol/Version2.php
create mode 100644 plugins/cas_auth_unl/SimpleCAS/Protocol/Version2/ValidationResponse.php
create mode 100644 plugins/cas_auth_unl/SimpleCAS/ProxyGranting.php
create mode 100644 plugins/cas_auth_unl/SimpleCAS/ProxyGranting/Storage.php
create mode 100644 plugins/cas_auth_unl/SimpleCAS/ProxyGranting/Storage/File.php
create mode 100644 plugins/cas_auth_unl/SimpleCAS/SingleSignOut.php
diff --git a/plugins/cas_auth_unl/SimpleCAS/Autoload.php b/plugins/cas_auth_unl/SimpleCAS/Autoload.php
new file mode 100644
index 00000000..b26f5a07
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/Autoload.php
@@ -0,0 +1,62 @@
+<?php
+function SimpleCAS_Autoload($class)
+{
+ if (substr($class, 0, 9) !== 'SimpleCAS') {
+ return false;
+ }
+ $fp = @fopen(str_replace('_', '/', $class) . '.php', 'r', true);
+ if ($fp) {
+ fclose($fp);
+ require str_replace('_', '/', $class) . '.php';
+ if (!class_exists($class, false) && !interface_exists($class, false)) {
+ die(new Exception('Class ' . $class . ' was not present in ' .
+ str_replace('_', '/', $class) . '.php (include_path="' . get_include_path() .
+ '") [SimpleCAS_Autoload version 0.1.0]'));
+ }
+ return true;
+ }
+ $e = new Exception('Class ' . $class . ' could not be loaded from ' .
+ str_replace('_', '/', $class) . '.php, file does not exist (include_path="' . get_include_path() .
+ '") [SimpleCAS_Autoload version 0.1.0]');
+ $trace = $e->getTrace();
+ if (isset($trace[2]) && isset($trace[2]['function']) &&
+ in_array($trace[2]['function'], array('class_exists', 'interface_exists'))) {
+ return false;
+ }
+ if (isset($trace[1]) && isset($trace[1]['function']) &&
+ in_array($trace[1]['function'], array('class_exists', 'interface_exists'))) {
+ return false;
+ }
+ die ((string) $e);
+}
+
+// set up __autoload
+if (function_exists('spl_autoload_register')) {
+ if (!($_____t = spl_autoload_functions()) || !in_array('SimpleCAS_Autoload', spl_autoload_functions())) {
+ spl_autoload_register('SimpleCAS_Autoload');
+ if (function_exists('__autoload') && ($_____t === false)) {
+ // __autoload() was being used, but now would be ignored, add
+ // it to the autoload stack
+ spl_autoload_register('__autoload');
+ }
+ }
+ unset($_____t);
+} elseif (!function_exists('__autoload')) {
+ function __autoload($class) { return SimpleCAS_Autoload($class); }
+}
+
+// set up include_path if it doesn't register our current location
+$____paths = explode(PATH_SEPARATOR, get_include_path());
+$____found = false;
+foreach ($____paths as $____path) {
+ if ($____path == dirname(dirname(__FILE__))) {
+ $____found = true;
+ break;
+ }
+}
+if (!$____found) {
+ set_include_path(get_include_path() . PATH_SEPARATOR . dirname(dirname(__FILE__)));
+}
+unset($____paths);
+unset($____path);
+unset($____found);
diff --git a/plugins/cas_auth_unl/SimpleCAS/Protocol.php b/plugins/cas_auth_unl/SimpleCAS/Protocol.php
new file mode 100644
index 00000000..d050a6d4
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/Protocol.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Interface all CAS servers must implement.
+ *
+ * Each concrete class which implements this server interface must provide
+ * all the following functions.
+ *
+ * PHP version 5
+ *
+ * @category Authentication
+ * @package SimpleCAS
+ * @author Brett Bieber <brett.bieber@gmail.com>
+ * @copyright 2008 Regents of the University of Nebraska
+ * @license http://www1.unl.edu/wdn/wiki/Software_License BSD License
+ * @link http://code.google.com/p/simplecas/
+ */
+abstract class SimpleCAS_Protocol
+{
+ const DEFAULT_REQUEST_CLASS = 'HTTP_Request2';
+
+ protected $requestClass;
+ protected $request;
+
+ /**
+ * Returns the login URL for the cas server.
+ *
+ * @param string $service The URL to the service requesting authentication.
+ *
+ * @return string
+ */
+ abstract function getLoginURL($service);
+
+ /**
+ * Returns the logout url for the CAS server.
+ *
+ * @param string $service A URL to provide the user upon logout.
+ *
+ * @return string
+ */
+ abstract function getLogoutURL($service = null);
+
+ /**
+ * Returns the version of this cas server.
+ *
+ * @return string
+ */
+ abstract function getVersion();
+
+ /**
+ * Function to validate a ticket and service combination.
+ *
+ * @param string $ticket Ticket given by the CAS Server
+ * @param string $service Service requesting authentication
+ *
+ * @return false|string False on failure, user name on success.
+ */
+ abstract function validateTicket($ticket, $service);
+
+ /**
+ * Get the HTTP_Request2 object.
+ *
+ * @return HTTP_Request
+ */
+ function getRequest()
+ {
+ $class = empty($this->requestClass) ? self::DEFAULT_REQUEST_CLASS : $this->requestClass;
+ if (!$this->request instanceof $class) {
+ $this->request = new $class();
+ }
+ return $this->request;
+ }
+
+ /**
+ * Set the HTTP Request object.
+ *
+ * @param $request
+ */
+ function setRequest($request)
+ {
+ $this->request = $request;
+ }
+}
+?>
\ No newline at end of file
diff --git a/plugins/cas_auth_unl/SimpleCAS/Protocol/Version1.php b/plugins/cas_auth_unl/SimpleCAS/Protocol/Version1.php
new file mode 100644
index 00000000..7879522f
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/Protocol/Version1.php
@@ -0,0 +1,133 @@
+<?php
+/**
+ * Class representing a CAS server which supports the CAS1 protocol.
+ *
+ * PHP version 5
+ *
+ * @category Authentication
+ * @package SimpleCAS
+ * @author Brett Bieber <brett.bieber@gmail.com>
+ * @copyright 2008 Regents of the University of Nebraska
+ * @license http://www1.unl.edu/wdn/wiki/Software_License BSD License
+ * @link http://code.google.com/p/simplecas/
+ */
+class SimpleCAS_Protocol_Version1 extends SimpleCAS_Protocol
+{
+ const VERSION = '1.0';
+
+ protected $request;
+
+ /**
+ * Construct a new SimpleCAS server object.
+ *
+ * <code>
+ * $options = array('hostname' => 'login.unl.edu',
+ * 'port' => 443,
+ * 'uri' => 'cas');
+ * $protocol = new SimpleCAS_Protocol_Version1($options);
+ * </code>
+ *
+ * @param array()
+ */
+ function __construct($options)
+ {
+ foreach ($options as $option=>$val) {
+ $this->$option = $val;
+ }
+ }
+
+ /**
+ * Returns the URL used to validate a ticket.
+ *
+ * @param string $ticket Ticket to validate
+ * @param string $service URL to the service requesting authentication
+ *
+ * @return string
+ */
+ function getValidationURL($ticket, $service)
+ {
+ return 'https://' . $this->hostname . '/'
+ . $this->uri . '/validate?'
+ . 'service=' . urlencode($service)
+ . '&ticket=' . $ticket;
+ }
+
+ /**
+ * Returns the URL to login form for the CAS server.
+ *
+ * @param string $service Service url requesting authentication.
+ *
+ * @return string
+ */
+ function getLoginURL($service)
+ {
+ return 'https://' . $this->hostname
+ . '/'.$this->uri
+ . '/login?service='
+ . urlencode($service);
+ }
+
+ /**
+ * Returns the URL to logout of the CAS server.
+ *
+ * @param string $service Service url provided to the user.
+ *
+ * @return string
+ */
+ function getLogoutURL($service = '')
+ {
+ if (isset($service)) {
+ $service = '?url='.urlencode($service);
+ }
+
+ return 'https://' . $this->hostname
+ . '/'.$this->uri
+ . '/logout'
+ . $service;
+ }
+
+ /**
+ * Function to validate a ticket and service combination.
+ *
+ * @param string $ticket Ticket given by the CAS Server
+ * @param string $service Service requesting authentication
+ *
+ * @return false|string False on failure, user name on success.
+ */
+ function validateTicket($ticket, $service)
+ {
+ $validation_url = $this->getValidationURL($ticket, $service);
+
+ $http_request = clone $this->getRequest();
+
+ $defaultClass = SimpleCAS_Protocol::DEFAULT_REQUEST_CLASS;
+ if ($http_request instanceof $defaultClass) {
+ $http_request->setURL($validation_url);
+
+ $response = $http_request->send();
+ } else {
+ $http_request->setUri($validation_url);
+
+ $response = $http_request->request();
+ }
+
+
+ if ($response->getStatus() == 200
+ && substr($response->getBody(), 0, 3) == 'yes') {
+ list($message, $uid) = explode("\n", $response->getBody());
+ return $uid;
+ }
+ return false;
+ }
+
+ /**
+ * Returns the CAS server protocol this object implements.
+ *
+ * @return string
+ */
+ function getVersion()
+ {
+ return self::VERSION;
+ }
+}
+?>
\ No newline at end of file
diff --git a/plugins/cas_auth_unl/SimpleCAS/Protocol/Version2.php b/plugins/cas_auth_unl/SimpleCAS/Protocol/Version2.php
new file mode 100644
index 00000000..e32d665a
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/Protocol/Version2.php
@@ -0,0 +1,94 @@
+<?php
+/**
+ * Class representing a CAS server which supports the CAS2 protocol.
+ *
+ * PHP version 5
+ *
+ * @category Authentication
+ * @package SimpleCAS
+ * @author Brett Bieber <brett.bieber@gmail.com>
+ * @copyright 2008 Regents of the University of Nebraska
+ * @license http://www1.unl.edu/wdn/wiki/Software_License BSD License
+ * @link http://code.google.com/p/simplecas/
+ */
+class SimpleCAS_Protocol_Version2 extends SimpleCAS_Protocol_Version1 implements SimpleCAS_SingleSignOut, SimpleCAS_ProxyGranting
+{
+ const VERSION = '2.0';
+
+ /**
+ * Returns the URL used to validate a ticket.
+ *
+ * @param string $ticket Ticket to validate
+ * @param string $service URL to the service requesting authentication
+ *
+ * @return string
+ */
+ function getValidationURL($ticket, $service, $pgtUrl = null)
+ {
+ return 'https://' . $this->hostname . '/'
+ . $this->uri . '/serviceValidate?'
+ . 'service=' . urlencode($service)
+ . '&ticket=' . $ticket
+ . '&pgtUrl=' . urlencode($pgtUrl);
+ }
+
+ /**
+ * Function to validate a ticket and service combination.
+ *
+ * @param string $ticket Ticket given by the CAS Server
+ * @param string $service Service requesting authentication
+ *
+ * @return false|string False on failure, user name on success.
+ */
+ function validateTicket($ticket, $service)
+ {
+ $validation_url = $this->getValidationURL($ticket, $service);
+
+ $http_request = clone $this->getRequest();
+
+ $defaultClass = SimpleCAS_Protocol::DEFAULT_REQUEST_CLASS;
+ if ($http_request instanceof $defaultClass) {
+ $http_request->setURL($validation_url);
+
+ $response = $http_request->send();
+ } else {
+ $http_request->setUri($validation_url);
+
+ $response = $http_request->request();
+ }
+
+ if ($response->getStatus() == 200) {
+ $validationResponse = new SimpleCAS_Protocol_Version2_ValidationResponse($response->getBody());
+ if ($validationResponse->authenticationSuccess()) {
+ return $validationResponse->__toString();
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Validates a single sign out logout request.
+ *
+ * @param mixed $post $_POST data
+ *
+ * @return bool
+ */
+ function validateLogoutRequest($post)
+ {
+ if (false) {
+ return $ticket;
+ }
+ return false;
+ }
+
+ function getProxyTicket()
+ {
+ throw new Exception('not implemented');
+ }
+
+ function validateProxyTicket($ticket)
+ {
+ throw new Exception('not implemented');
+ }
+}
+?>
\ No newline at end of file
diff --git a/plugins/cas_auth_unl/SimpleCAS/Protocol/Version2/ValidationResponse.php b/plugins/cas_auth_unl/SimpleCAS/Protocol/Version2/ValidationResponse.php
new file mode 100644
index 00000000..225a759b
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/Protocol/Version2/ValidationResponse.php
@@ -0,0 +1,62 @@
+<?php
+class SimpleCAS_Protocol_Version2_ValidationResponse
+{
+ protected $authenticationSuccess = false;
+ protected $user = false;
+ protected $pgtiou = false;
+ protected $proxies = array();
+
+ /**
+ * Construct a validation repsonse object from the CAS server's response.
+ *
+ * @param string $response
+ */
+ function __construct($response)
+ {
+ $xml = new DOMDocument();
+ if ($xml->loadXML($response)) {
+ if ($success = $xml->getElementsByTagName('authenticationSuccess')) {
+ if ($success->length > 0
+ && $uid = $success->item(0)->getElementsByTagName('user')) {
+ // We have the user name, check for PGTIOU
+ if ($iou = $success->item(0)->getElementsByTagName('proxyGrantingTicket')) {
+ if ($iou->length) {
+ $this->pgtiou = $iou->item(0)->nodeValue;
+ }
+ }
+ $this->authenticationSuccess = true;
+ $this->user = $uid->item(0)->nodeValue;
+ }
+ }
+ }
+ }
+
+ function authenticationSuccess()
+ {
+ return $this->authenticationSuccess;
+ }
+
+ function getPGTIOU()
+ {
+ return $this->pgtiou;
+ }
+
+ function getUser()
+ {
+ return $this->userid;
+ }
+
+ function __toString()
+ {
+ if ($this->authenticationSuccess()) {
+ return $this->user;
+ }
+ throw new Exception('Validation was not successful');
+ }
+
+ function logout()
+ {
+
+ }
+}
+?>
\ No newline at end of file
diff --git a/plugins/cas_auth_unl/SimpleCAS/ProxyGranting.php b/plugins/cas_auth_unl/SimpleCAS/ProxyGranting.php
new file mode 100644
index 00000000..3ab250ce
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/ProxyGranting.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * Interface for servers that implement proxy granting tickets.
+ *
+ * PHP version 5
+ *
+ * @category Authentication
+ * @package SimpleCAS
+ * @author Brett Bieber <brett.bieber@gmail.com>
+ * @copyright 2008 Regents of the University of Nebraska
+ * @license http://www1.unl.edu/wdn/wiki/Software_License BSD License
+ * @link http://code.google.com/p/simplecas/
+ */
+interface SimpleCAS_ProxyGranting
+{
+
+ /**
+ * get a proxy ticket
+ *
+ * @return string
+ */
+ function getProxyTicket();
+
+ /**
+ * try and validate a proxy ticket
+ *
+ * @param unknown_type $ticket
+ */
+ function validateProxyTicket($ticket);
+}
+?>
\ No newline at end of file
diff --git a/plugins/cas_auth_unl/SimpleCAS/ProxyGranting/Storage.php b/plugins/cas_auth_unl/SimpleCAS/ProxyGranting/Storage.php
new file mode 100644
index 00000000..e5560410
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/ProxyGranting/Storage.php
@@ -0,0 +1,7 @@
+<?php
+interface SimpleCAS_ProxyGranting_Storage
+{
+ function saveIOU($iou);
+ function getProxyGrantingTicket($iou);
+}
+?>
\ No newline at end of file
diff --git a/plugins/cas_auth_unl/SimpleCAS/ProxyGranting/Storage/File.php b/plugins/cas_auth_unl/SimpleCAS/ProxyGranting/Storage/File.php
new file mode 100644
index 00000000..b345c776
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/ProxyGranting/Storage/File.php
@@ -0,0 +1,14 @@
+<?php
+class SimpleCAS_ProxyGranting_Storage_File implements SimpleCAS_ProxyGranting_Storage
+{
+ function saveIOU($iou)
+ {
+ throw new Exception('not implemented');
+ }
+
+ function getProxyGrantingTicket($iou)
+ {
+ throw new Exception('not implemented');
+ }
+}
+?>
\ No newline at end of file
diff --git a/plugins/cas_auth_unl/SimpleCAS/SingleSignOut.php b/plugins/cas_auth_unl/SimpleCAS/SingleSignOut.php
new file mode 100644
index 00000000..1b0e97f4
--- /dev/null
+++ b/plugins/cas_auth_unl/SimpleCAS/SingleSignOut.php
@@ -0,0 +1,24 @@
+<?php
+/**
+ * Interface for servers that implement single sign out.
+ *
+ * PHP version 5
+ *
+ * @category Authentication
+ * @package SimpleCAS
+ * @author Brett Bieber <brett.bieber@gmail.com>
+ * @copyright 2008 Regents of the University of Nebraska
+ * @license http://www1.unl.edu/wdn/wiki/Software_License BSD License
+ * @link http://code.google.com/p/simplecas/
+ */
+interface SimpleCAS_SingleSignOut
+{
+ /**
+ * Determines if the posted request is a valid single sign out request.
+ *
+ * @param mixed $post $_POST data sent to the service.
+ *
+ * @return bool
+ */
+ function validateLogoutRequest($post);
+}
\ No newline at end of file
--
GitLab