Skip to content
Snippets Groups Projects
Commit f6f84c1d authored by Tim Steiner's avatar Tim Steiner
Browse files

Adding in support for passive CAS authentication. (ie: if you are already... 

Adding in support for passive CAS authentication.  (ie: if you are already logged into CAS when you first visit this site, you will automatically be logged in.)
parent 929475c7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
application/modules/auth/controllers/IndexController.php
+ 25
32
View file @ f6f84c1d
...@@ -21,7 +21,7 @@ class Auth_IndexController extends App_Controller_Action { ...@@ -21,7 +21,7 @@ class Auth_IndexController extends App_Controller_Action {
$session = new Zend_Session_Namespace(__CLASS__); $session = new Zend_Session_Namespace(__CLASS__);
$baseUrl = Zend_Controller_Front::getInstance()->getBaseUrl(); $baseUrl = Zend_Controller_Front::getInstance()->getBaseUrl();
try { try {
$referer = Zend_Uri_Http::factory($_SERVER['HTTP_REFERER']); $referer = Zend_Uri_Http::factory($_SERVER['HTTP_REFERER']);
} catch (Exception $e) { } catch (Exception $e) {
} }
if ($referer && if ($referer &&
...@@ -39,35 +39,20 @@ class Auth_IndexController extends App_Controller_Action { ...@@ -39,35 +39,20 @@ class Auth_IndexController extends App_Controller_Action {
$session->referer = '/'; $session->referer = '/';
} }
$this->_redirect('/auth/index/validate'); $this->_redirect($this->_getCasAdapter()->getLoginUrl());
return;
} }
public function logoutAction() public function logoutAction()
{ {
Zend_Auth::getInstance()->clearIdentity(); Zend_Auth::getInstance()->clearIdentity();
$this->_redirect('/'); $this->_getCasAdapter()->clearIdentity();
$this->_redirect($this->_getCasAdapter()->getLogoutUrl());
} }
public function validateAction() public function validateAction()
{ {
$username = $this->getRequest()->getParam('username');
$password = $this->getRequest()->getParam('password');
$auth = Unl_Auth::getInstance(); $auth = Unl_Auth::getInstance();
$auth->pushAdapter($this->_getCasAdapter());
//$ldap = new Unl_Ldap('ldap://localhost:10389');
//$ldapAdapter = new Unl_Auth_Adapter_Ldap($ldap, $username, $password);
//$auth->pushAdapter($ldapAdapter);
if ($_SERVER['HTTPS'] == 'on') {
$serviceUrl = 'https://';
} else {
$serviceUrl = 'http://';
}
$serviceUrl .= $_SERVER['SERVER_NAME'] . Zend_Controller_Front::getInstance()->getBaseUrl() . '/auth/index/validate';
$casAdapter = new Unl_Auth_Adapter_Cas($serviceUrl, 'https://login.unl.edu/cas', $this->_getParam('ticket'));
$auth->pushAdapter($casAdapter);
try { try {
$result = $auth->authenticate(); $result = $auth->authenticate();
...@@ -75,18 +60,11 @@ class Auth_IndexController extends App_Controller_Action { ...@@ -75,18 +60,11 @@ class Auth_IndexController extends App_Controller_Action {
// //
} }
if (!$result || !$result->isValid()) { if ($result && $result->isValid()) {
$session = new Zend_Session_Namespace(__CLASS__); $user = Auth_UserModel::findCurrentUser();
$session->errorMessage = 'Login Failed'; if (!$user) {
// Don't redirect, CAS is already doing it. $user = Auth_UserModel::fetchNewFromLdap($auth->getIdentity());
//$this->_redirect('/auth/index'); }
$this->_disableLayoutAndView();
return;
}
$user = Auth_UserModel::findCurrentUser();
if (!$user) {
$user = Auth_UserModel::fetchNewFromLdap($auth->getIdentity());
} }
$session = new Zend_Session_Namespace(__CLASS__); $session = new Zend_Session_Namespace(__CLASS__);
...@@ -96,5 +74,20 @@ class Auth_IndexController extends App_Controller_Action { ...@@ -96,5 +74,20 @@ class Auth_IndexController extends App_Controller_Action {
$this->_redirect('/'); $this->_redirect('/');
} }
} }
/**
* Sets up the CAS adapter and returns it.
* @return Unl_Auth_Adapter_Cas
*/
protected function _getCasAdapter()
{
if ($_SERVER['HTTPS'] == 'on') {
$serviceUrl = 'https://';
} else {
$serviceUrl = 'http://';
}
$serviceUrl .= $_SERVER['SERVER_NAME'] . Zend_Controller_Front::getInstance()->getBaseUrl() . '/auth/index/validate';
return new Unl_Auth_Adapter_Cas($serviceUrl, 'https://login.unl.edu/cas', $this->_getParam('ticket'));
}
} }
application/modules/default/views/scripts/layout.phtml
+ 5
1
View file @ f6f84c1d
<?php <?php
$baseUrl = Zend_Controller_Front::getInstance()->getBaseUrl();
$staticBaseUrl = ''; $staticBaseUrl = '';
if ($_SERVER['HTTPS']) { if ($_SERVER['HTTPS']) {
$staticBaseUrl = 'https://'; $staticBaseUrl = 'https://';
...@@ -7,7 +9,7 @@ if ($_SERVER['HTTPS']) { ...@@ -7,7 +9,7 @@ if ($_SERVER['HTTPS']) {
$staticBaseUrl = 'http://'; $staticBaseUrl = 'http://';
} }
$staticBaseUrl .= $_SERVER['HTTP_HOST'] $staticBaseUrl .= $_SERVER['HTTP_HOST']
. Zend_Controller_Front::getInstance()->getBaseUrl(); . $baseUrl;
$this->headLink()->appendStylesheet($this->baseUrl() . '/css/index.css', 'all'); $this->headLink()->appendStylesheet($this->baseUrl() . '/css/index.css', 'all');
$this->headLink()->appendStylesheet($this->baseUrl() . '/css/print.css', 'print'); $this->headLink()->appendStylesheet($this->baseUrl() . '/css/print.css', 'print');
...@@ -99,6 +101,8 @@ try { ...@@ -99,6 +101,8 @@ try {
pageTracker._initData(); pageTracker._initData();
pageTracker._trackPageview(); pageTracker._trackPageview();
} catch(err) {} } catch(err) {}
WDN.idm.setLogoutURL('$baseUrl/auth/index/logout');
</script> </script>
EOF; EOF;
......
library/App/Controller/Action.php
+ 45
1
View file @ f6f84c1d
<?php <?php
/**
* A custom base controller class that takes care of setting up custom View Helpers.
*/
class App_Controller_Action extends Unl_Controller_Action class App_Controller_Action extends Unl_Controller_Action
{ {
public function init() public function init()
{ {
parent::init(); parent::init();
$this->view->addHelperPath(dirname(__FILE__) . '/../View/Helper', 'App_View_Helper'); $this->view->addHelperPath(dirname(__FILE__) . '/../View/Helper', 'App_View_Helper');
$this->view->doctype()->setDoctype(Zend_View_Helper_Doctype::XHTML1_TRANSITIONAL); $this->view->doctype()->setDoctype(Zend_View_Helper_Doctype::XHTML1_TRANSITIONAL);
// Zend_Controller_Action_HelperBroker::addPrefix('App_Controller_Helper'); // Zend_Controller_Action_HelperBroker::addPrefix('App_Controller_Helper');
$this->_transparentCasLogin();
}
protected function _transparentCasLogin()
{
$session = new Zend_Session_Namespace(__CLASS__);
// The auth module is doing its thing (probably an active login or logout). Let it be.
if (get_class($this) == 'Auth_IndexController') {
return;
}
// Only passively check for a login once per hour (per user)
if ($session->lastCasCheck > time() - 60*60) {
return;
}
$session->lastCasCheck = time();
// Do a passive authentication check
$redirectUri = $_SERVER['REQUEST_URI'];
$baseUrl = Zend_Controller_Front::getInstance()->getBaseUrl();
$redirectUri = substr($redirectUri, strlen($baseUrl));
$authSession = new Zend_Session_Namespace('Auth_IndexController');
$authSession->referer = $redirectUri;
if ($_SERVER['HTTPS'] == 'on') {
$serviceUrl = 'https://';
} else {
$serviceUrl = 'http://';
}
$serviceUrl .= $_SERVER['SERVER_NAME'] . Zend_Controller_Front::getInstance()->getBaseUrl() . '/auth/index/validate';
$casAdapter = new Unl_Auth_Adapter_Cas($serviceUrl, 'https://login.unl.edu/cas', $this->_getParam('ticket'));
$casAdapter->setGateway();
$this->_redirect($casAdapter->getLoginUrl());
} }
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment