diff --git a/api.php b/api.php index fa62084..552dfa7 100644 --- a/api.php +++ b/api.php @@ -11,7 +11,6 @@ */ - include("session_verif.php"); include("bdd.php"); include('php-csrf.php'); @@ -37,33 +36,6 @@ $endpoint = explode("?",array_pop($url_parts))[0]; switch($endpoint){ - case 'auth': - /*try{ - $_SESSION["utilisateur_authentifie"] = true; - session_regenerate_id(true); - $_SESSION["heure_debut"] = time(); - echo(json_encode(["status"=>"1","msg"=>"Authentification réussie."])); - }catch(Exception $e){ - echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); - }*/ - echo( json_encode(["status"=> "0","msg"=> "Authentification par api pas encore active."])); - - break; - - case 'unauth': - $_SESSION["utilisateur_authentifie"] = false; - echo json_encode(["status"=>"1","msg"=>"Déconnection réussie."]); - session_destroy(); - session_abort(); - break; - - case 'test_auth': - if($_SESSION["utilisateur_authentifie"] == true){ - echo(json_encode(["status"=> "1","msg"=> "Bonjour ".$_SESSION["unsername"]." !"])); - }else{ - echo(json_encode(["status"=> "4","msg"=> "Utilisateur non authentifié."])); - } - break; case 'rechercher': @@ -182,53 +154,115 @@ if($_SERVER['REQUEST_METHOD'] === 'POST'){ - verifier_session(); - + + $user_auth = isset($_SESSION["utilisateur_authentifie"]) && ($_SESSION["utilisateur_authentifie"] == 1); + $admin_auth = $user_auth && isset($_SESSION["admin"]) && ($_SESSION["admin"] == 1); switch(array_pop($url_parts)){ case "aj_doc": + if($user_auth){ + if(!$csrf->validate($context='televersement',$_POST["jeton-csrf"])){ + echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant ou invalide. ( contenu du champ : ".$_POST["jeton-csrf"]." )"]) ); + break; + } - if(!$csrf->validate($context='televersement',$_POST["jeton-csrf"])){ - echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant ou invalide. ( contenu du champ : ".$_POST["jeton-csrf"]." )"]) ); + try{ + ajouter_doc($_POST); + + }catch(Exception $e){ + echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); + } + break; + }else{ break; } - try{ - ajouter_doc($_POST); - - }catch(Exception $e){ - echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); - } - break; - case "valider_ensemble": - if(!$csrf->validate($context='valider_ensemble',$_POST["jeton-csrf"])){ - echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant.".$_POST["jeton-csrf"]]) ); - break; - } - try{ - valider_ensemble($_POST["ensemble_id"]); - echo(json_encode(["status"=>"1","msg"=>"Ensemble validé."])); - }catch(Exception $e){ - echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); + if($admin_auth){ + if(!$csrf->validate($context='valider_ensemble',$_POST["jeton-csrf"])){ + echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant.".$_POST["jeton-csrf"]]) ); + break; + } + try{ + valider_ensemble($_POST["ensemble_id"]); + echo(json_encode(["status"=>"1","msg"=>"Ensemble validé."])); + }catch(Exception $e){ + echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); + } } + break; case "supprimer_ensemble": - if(!$csrf->validate($context='supprimer_ensemble',$_POST["jeton-csrf"])){ + if($admin_auth){ + if(!$csrf->validate($context='supprimer_ensemble',$_POST["jeton-csrf"])){ + echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) ); + break; + } + + try{ + supprimer_ensemble($_POST["ensemble_id"]); + echo(json_encode(["status"=>"1","msg"=>"Ensemble supprimé."])); + }catch(Exception $e){ + echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); + } + } + + break; + + case "connection": + + if(!$csrf->validate($context='connection',$_POST["jeton-csrf"])){ echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) ); break; } - try{ - supprimer_ensemble($_POST["ensemble_id"]); - echo(json_encode(["status"=>"1","msg"=>"Ensemble supprimé."])); - }catch(Exception $e){ - echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); + $username = $_POST['username']; + $password = $_POST['password']; + + $succes = connecter_utilisateur(htmlspecialchars($username),$password); + + if($succes == 1){ + echo( json_encode(["status"=> "1","msg"=> "Utilisateur connecté !" ]) ); + }else{ + echo( json_encode(["status"=> "0","msg"=> "Utilisateur inconnu ou informations d'identification erronées." ]) ); } break; + + + case "deconnection": + if(!$csrf->validate($context='deconnection',$_POST["jeton-csrf"])){ + echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) ); + break; + } + session_destroy(); + echo( json_encode(["status"=> "1","msg"=> "Utilisateur déconnecté !" ]) ); + break; + + case "inscription": + + if(!$csrf->validate($context='inscription',$_POST["jeton-csrf"])){ + echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) ); + break; + } + + $username = $_POST['username']; + $password = $_POST['password']; + + $password_hash = password_hash($password, PASSWORD_DEFAULT); + + $succes = inscription_utilisateur(htmlspecialchars($username),$password_hash); + + if($succes == 1){ + echo( json_encode(["status"=> "1","msg"=> "Utilisateur inscrit !" ]) ); + }else{ + echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription :/" ]) ); + } + + break; + default: echo(json_encode(["status"=> "2","msg"=> "Opération inconnue."])); } @@ -236,4 +270,6 @@ exit; } + + ?> \ No newline at end of file diff --git a/bdd.php b/bdd.php index 23d324c..2ce7514 100644 --- a/bdd.php +++ b/bdd.php @@ -346,4 +346,57 @@ function generer_chronologie(){ return $resultat_complet; } +function connecter_utilisateur($username,$password){ + + global $conn; + + $ret = 0; + + $stmt = $conn->prepare("SELECT password_hash,admin FROM users WHERE username = ?"); + $stmt->bind_param("s", $username); + $stmt->execute(); + $stmt->store_result(); + + if ($stmt->num_rows > 0) { + + $stmt->bind_result($password_hash,$admin); + $ret = $stmt->fetch(); + + if (password_verify($password, $password_hash)) { + $_SESSION["utilisateur_authentifie"] = true; + $_SESSION["username"] = $username; + $_SESSION["admin"] = $admin; + $ret = 1; + } else { + $ret = 0; + } + } else { + $ret = 0; + } + + $stmt->close(); + return $ret; +} + + +function inscription_utilisateur($username,$password_hash){ + + global $conn; + + $stmt = $conn->prepare("INSERT INTO users (username, password_hash) VALUES (?, ?)"); + $stmt->bind_param("ss", $username, $password_hash); + + + // met le statut de l'utilisateur à connecté pour lui eviter de se connecter just après l'inscription + $_SESSION["utilisateur_authentifie"] = true; + $_SESSION["username"] = $username; + $_SESSION["admin"] = 0; + + + $ret = $stmt->execute(); + $stmt->close(); + + return $ret; +} + ?> diff --git a/connection.php b/connection.php new file mode 100644 index 0000000..41c8382 --- /dev/null +++ b/connection.php @@ -0,0 +1,39 @@ + + + + + + + +
+
+   __    ____   ___  _   _ /'/ ____  _  _  ___    __   
+  /__\  (  _ \ / __)( )_( )   (_  _)( \( )/ __)  /__\  
+ /(__)\  )   /( (__  ) _ (     _)(_  )  ( \__ \ /(__)\ 
+(__)(__)(_)\_) \___)(_) (_)   (____)(_)\_)(___/(__)(__)
+    
+ +
+
+ + + +
+

Oui c'est vide oui ~\_(^-^)_/~

+ + +script($context='connection', $name='jeton_csrf', $declaration='var', $time2Live=-1, $max_hashes=5); + include "_partials/_footer.php"; +?> + diff --git a/css/connection.css b/css/connection.css new file mode 100644 index 0000000..2ce8600 --- /dev/null +++ b/css/connection.css @@ -0,0 +1,115 @@ + +.gros-titre{ + font-size: larger; + font-weight: bolder; +} + +.centre-vertical{ + margin-top: auto; + margin-bottom: auto; +} + + +.centre-horizontal{ + margin: auto; + justify-content: center; +} + +.centre-txt{ + text-align: center; +} + +.etaler{ + width: 100%; +} + +.bulle-rouge{ + width: fit-content; + padding-top: 5px; + padding-left: 5px; + padding-right: 5px; + padding-bottom: 5px; + background-color: rgba(255, 0, 0, 0.283); + border-radius: 5px; + border-width: 2px; + border-color: rgba(255, 0, 0, 0.283); +} + +.button{ + margin-top: 10px; + width: fit-content; + padding-top: 1%; + padding-left: 1%; + padding-right: 1%; + padding-bottom: 1%; + border-radius: 5px; + font-weight:bolder; + text-decoration: none; + color: black; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + border-top: 0px; + border-left: 0px; + border-right: 0px; + +} + +.color-red-tr{ + background-color: rgba(224, 54, 54, 0.482); + border-color: rgba(224, 54, 54, 0.482); +} + +.color-green-tr{ + background-color: rgba(71, 224, 54, 0.482); + border-color: rgba(71, 224, 54, 0.482); +} + +.barre-recherche{ + margin-top: 10px; + width: 80vw; + max-width: 800px; + border-radius: 15px; + border-width: 5px; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + background-color: rgba(224, 54, 54, 0.482); + padding: 20px; +} +.champ{ + margin-left: auto; + margin-right: auto; + display: block; + font-size: larger; + margin-top: 1vw; +} +.champ-titre{ + font-size: larger; + margin-top: 1vw; +} + +.formulaire{ + margin-top: 5vw; + width: 50vw; + margin-left: 25vw; + margin-right: 25vw; +} + +.submit-button{ + margin-top: 5vh; + width: fit-content; + padding-top: 5%; + padding-left: 5%; + padding-right: 5%; + padding-bottom: 5%; + border-radius: 5px; + font-weight:bolder; + font-size: xx-large; + text-decoration: none; + color: black; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + border-top: 0px; + border-left: 0px; + border-right: 0px; + margin-left: auto; + margin-right: auto; + display: block; +} + diff --git a/css/deconnection.css b/css/deconnection.css new file mode 100644 index 0000000..2ce8600 --- /dev/null +++ b/css/deconnection.css @@ -0,0 +1,115 @@ + +.gros-titre{ + font-size: larger; + font-weight: bolder; +} + +.centre-vertical{ + margin-top: auto; + margin-bottom: auto; +} + + +.centre-horizontal{ + margin: auto; + justify-content: center; +} + +.centre-txt{ + text-align: center; +} + +.etaler{ + width: 100%; +} + +.bulle-rouge{ + width: fit-content; + padding-top: 5px; + padding-left: 5px; + padding-right: 5px; + padding-bottom: 5px; + background-color: rgba(255, 0, 0, 0.283); + border-radius: 5px; + border-width: 2px; + border-color: rgba(255, 0, 0, 0.283); +} + +.button{ + margin-top: 10px; + width: fit-content; + padding-top: 1%; + padding-left: 1%; + padding-right: 1%; + padding-bottom: 1%; + border-radius: 5px; + font-weight:bolder; + text-decoration: none; + color: black; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + border-top: 0px; + border-left: 0px; + border-right: 0px; + +} + +.color-red-tr{ + background-color: rgba(224, 54, 54, 0.482); + border-color: rgba(224, 54, 54, 0.482); +} + +.color-green-tr{ + background-color: rgba(71, 224, 54, 0.482); + border-color: rgba(71, 224, 54, 0.482); +} + +.barre-recherche{ + margin-top: 10px; + width: 80vw; + max-width: 800px; + border-radius: 15px; + border-width: 5px; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + background-color: rgba(224, 54, 54, 0.482); + padding: 20px; +} +.champ{ + margin-left: auto; + margin-right: auto; + display: block; + font-size: larger; + margin-top: 1vw; +} +.champ-titre{ + font-size: larger; + margin-top: 1vw; +} + +.formulaire{ + margin-top: 5vw; + width: 50vw; + margin-left: 25vw; + margin-right: 25vw; +} + +.submit-button{ + margin-top: 5vh; + width: fit-content; + padding-top: 5%; + padding-left: 5%; + padding-right: 5%; + padding-bottom: 5%; + border-radius: 5px; + font-weight:bolder; + font-size: xx-large; + text-decoration: none; + color: black; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + border-top: 0px; + border-left: 0px; + border-right: 0px; + margin-left: auto; + margin-right: auto; + display: block; +} + diff --git a/css/index.css b/css/index.css index 07ade22..2ba7da2 100644 --- a/css/index.css +++ b/css/index.css @@ -114,6 +114,10 @@ background-color: rgba(224, 54, 54, 0.482); padding: 20px; } +#recherche_input{ + width: 80vw; + max-width: 800px; +} .champ{ border-radius: 3px; diff --git a/css/inscription.css b/css/inscription.css new file mode 100644 index 0000000..8b60efd --- /dev/null +++ b/css/inscription.css @@ -0,0 +1,120 @@ + +.gros-titre{ + font-size: larger; + font-weight: bolder; +} + +.centre-vertical{ + margin-top: auto; + margin-bottom: auto; +} + + +.centre-horizontal{ + margin: auto; + justify-content: center; +} + +.centre-txt{ + text-align: center; +} + +.etaler{ + width: 100%; +} + +.bulle-rouge{ + width: fit-content; + padding-top: 5px; + padding-left: 5px; + padding-right: 5px; + padding-bottom: 5px; + background-color: rgba(255, 0, 0, 0.283); + border-radius: 5px; + border-width: 2px; + border-color: rgba(255, 0, 0, 0.283); +} + +.button{ + margin-top: 10px; + width: fit-content; + padding-top: 1%; + padding-left: 1%; + padding-right: 1%; + padding-bottom: 1%; + border-radius: 5px; + font-weight:bolder; + text-decoration: none; + color: black; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + border-top: 0px; + border-left: 0px; + border-right: 0px; +} + +.color-red-tr{ + background-color: rgba(224, 54, 54, 0.482); + border-color: rgba(224, 54, 54, 0.482); +} + +.color-green-tr{ + background-color: rgba(71, 224, 54, 0.482); + border-color: rgba(71, 224, 54, 0.482); +} + +.barre-recherche{ + margin-top: 10px; + width: 80vw; + max-width: 800px; + border-radius: 15px; + border-width: 5px; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + background-color: rgba(224, 54, 54, 0.482); + padding: 20px; +} +.champ{ + margin-left: auto; + margin-right: auto; + display: block; + font-size: larger; + margin-top: 1vw; +} +.champ-titre{ + font-size: larger; + margin-top: 1vw; +} + +.formulaire{ + margin-top: 5vw; + width: 50vw; + margin-left: 25vw; + margin-right: 25vw; +} + +.input-details-exo{ + z-index: 1000; + position: relative; + font-size: larger; + margin-top: 1vw; +} + +.submit-button{ + margin-top: 5vh; + width: fit-content; + padding-top: 5%; + padding-left: 5%; + padding-right: 5%; + padding-bottom: 5%; + border-radius: 5px; + font-weight:bolder; + font-size: xx-large; + text-decoration: none; + color: black; + border-bottom: 3px solid rgba(224, 54, 54, 0.482); + border-top: 0px; + border-left: 0px; + border-right: 0px; + margin-left: auto; + margin-right: auto; + display: block; +} diff --git a/deconnection.php b/deconnection.php new file mode 100644 index 0000000..926b956 --- /dev/null +++ b/deconnection.php @@ -0,0 +1,34 @@ + + + + + + + +
+
+   __    ____   ___  _   _ /'/ ____  _  _  ___    __   
+  /__\  (  _ \ / __)( )_( )   (_  _)( \( )/ __)  /__\  
+ /(__)\  )   /( (__  ) _ (     _)(_  )  ( \__ \ /(__)\ 
+(__)(__)(_)\_) \___)(_) (_)   (____)(_)\_)(___/(__)(__)
+    
+ +
+

Merci d'être passé sur Arch'INSA ! ~\_(^-^)_/~

+ + +script($context='deconnection', $name='jeton_csrf', $declaration='var', $time2Live=-1, $max_hashes=5); + include "_partials/_footer.php"; +?> + diff --git a/index.php b/index.php index 8b0c189..99cf576 100644 --- a/index.php +++ b/index.php @@ -24,12 +24,19 @@

Comme vous pouvez le constater, on cherche quelqu'un pour le design (html + css) du site :D club.info@amicale-insat.fr

- connection - déconnection + S'inscrire + Se connecter + Se déconnecter

- +

Salut !

Vous n'êtes pas connecté !

diff --git a/init_db.php b/init_db.php index de12de0..b91ba18 100644 --- a/init_db.php +++ b/init_db.php @@ -60,8 +60,12 @@ $sql = " FOREIGN KEY (theme_id) REFERENCES themes(id) ); - - + CREATE TABLE IF NOT EXISTS users ( + id INT AUTO_INCREMENT PRIMARY KEY, + username VARCHAR(50) NOT NULL UNIQUE, + password_hash VARCHAR(255) NOT NULL, + admin BOOLEAN DEFAULT 0 + ); "; diff --git a/inscription.php b/inscription.php new file mode 100644 index 0000000..565a750 --- /dev/null +++ b/inscription.php @@ -0,0 +1,37 @@ + + + + + + + +
+
+   __    ____   ___  _   _ /'/ ____  _  _  ___    __   
+  /__\  (  _ \ / __)( )_( )   (_  _)( \( )/ __)  /__\  
+ /(__)\  )   /( (__  ) _ (     _)(_  )  ( \__ \ /(__)\ 
+(__)(__)(_)\_) \___)(_) (_)   (____)(_)\_)(___/(__)(__)
+    
+ +
+
+ + + +
+

Oui c'est vide oui ~\_(^-^)_/~

+ + +script($context='inscription', $name='jeton_csrf', $declaration='var', $time2Live=-1, $max_hashes=5); + include "_partials/_footer.php"; +?> + diff --git a/js/connection.js b/js/connection.js new file mode 100644 index 0000000..75af75b --- /dev/null +++ b/js/connection.js @@ -0,0 +1,26 @@ +function connection(){ + + const formData = new FormData(); + + formData.append("username",document.getElementById("username-input").value); + formData.append("password",document.getElementById("password-input").value); + formData.append("jeton-csrf",jeton_csrf); + + + fetch('api.php/connection', { + method: 'POST', + body: formData + }) + .then(response => response.json()) + .then(data => { + //console.log(data); + if(data.status == 1){ + window.location.href = "index.php"; + }else{ + alert("Une erreur s'est produite lors de votre connection : "+data.msg); + } + }) + .catch(error => { + console.error('Error:', error); + }); +} \ No newline at end of file diff --git a/js/deconnection.js b/js/deconnection.js new file mode 100644 index 0000000..0c31cdf --- /dev/null +++ b/js/deconnection.js @@ -0,0 +1,28 @@ +function deconnection(){ + + + const formData = new FormData(); + + formData.append("jeton-csrf",jeton_csrf); + + fetch('api.php/deconnection', { + method: 'POST', + body:formData + }) + .then(response => response.json()) + .then(data => { + //console.log(data); + if(data.status == 1){ + window.location.href = "index.php"; + }else{ + alert("Une erreur s'est produite lors de votre déconnection : "+data.msg); + } + }) + .catch(error => { + console.error('Error:', error); + }); +} + +window.onload = function(){ + deconnection(); +} \ No newline at end of file diff --git a/js/index.js b/js/index.js index 47d0db1..7cddbc6 100644 --- a/js/index.js +++ b/js/index.js @@ -1,31 +1,3 @@ -async function test_auth(){ - resp = await fetch("api.php/test_auth"); - data = await resp.json(); - document.getElementById("user_status").innerText = data["msg"]; -} - -// fonction de test, innutile en prod -async function authenticate_user(){ - /*resp = await fetch("api.php/auth"); - data = await resp.json(); - if(data.status == 1){ - document.getElementById("user_status").innerText = data["msg"]; - }*/ - - document.location.href = "session_verif.php"; -} - - -async function unauthenticate_user(){ - resp = await fetch("api.php/unauth"); - data = await resp.json(); - if(data.status == 1){ - document.getElementById("user_status").innerText = data["msg"]; - } -} - - - async function rechercher(){ var req = document.getElementById("recherche_input").value; var themes = []; diff --git a/js/inscription.js b/js/inscription.js new file mode 100644 index 0000000..3852124 --- /dev/null +++ b/js/inscription.js @@ -0,0 +1,25 @@ +function inscription(){ + + const formData = new FormData(); + + formData.append("username",document.getElementById("username-input").value); + formData.append("password",document.getElementById("password-input").value); + + formData.append("jeton-csrf",jeton_csrf); + + fetch('api.php/inscription', { + method: 'POST', + body: formData + }) + .then(response => response.text()) + .then(data => { + if(data.status == 1){ + window.location.href = "index.php"; + }else{ + alert("Une erreur s'est produite lors de votre inscription. Ce nom d'utilisateur doit être déjà pris ! "); + } + }) + .catch(error => { + console.error('Error:', error); + }); +} \ No newline at end of file diff --git a/phpCAS-1.6.1/CAS.php b/phpCAS-1.6.1/CAS.php deleted file mode 100644 index 6ddcf07..0000000 --- a/phpCAS-1.6.1/CAS.php +++ /dev/null @@ -1,32 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -require_once __DIR__.'/source/CAS.php'; - -trigger_error('Including CAS.php is deprecated. Install phpCAS using composer instead.', E_USER_DEPRECATED); diff --git a/phpCAS-1.6.1/LICENSE b/phpCAS-1.6.1/LICENSE deleted file mode 100644 index 261eeb9..0000000 --- a/phpCAS-1.6.1/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/phpCAS-1.6.1/NOTICE b/phpCAS-1.6.1/NOTICE deleted file mode 100644 index 70d9ffc..0000000 --- a/phpCAS-1.6.1/NOTICE +++ /dev/null @@ -1,81 +0,0 @@ -Copyright 2007-2011, JA-SIG, Inc. -This project includes software developed by Jasig. -http://www.jasig.org/ - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this software except in compliance with the License. -You may obtain a copy of the License at: - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -=========================================================================== - -Copyright © 2003-2007, The ESUP-Portail consortium - -Requirements for sources originally licensed under the New BSD License: - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -- Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. - -- Redistributions in binary form must reproduce the above copyright notice, -this list of conditions and the following disclaimer in the documentation -and/or other materials provided with the distribution. - -- Neither the name of JA-SIG, Inc. nor the names of its contributors may be -used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. - -=========================================================================== - -Copyright (c) 2009, Regents of the University of Nebraska -All rights reserved. - -Requirements for CAS_Autloader originally licensed under the New BSD License: - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -Redistributions of source code must retain the above copyright notice, this list -of conditions and the following disclaimer. - -Redistributions in binary form must reproduce the above copyright notice, this -list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -Neither the name of the University of Nebraska nor the names of its contributors -may be used to endorse or promote products derived from this software without -specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. diff --git a/phpCAS-1.6.1/README.md b/phpCAS-1.6.1/README.md deleted file mode 100644 index d481289..0000000 --- a/phpCAS-1.6.1/README.md +++ /dev/null @@ -1,35 +0,0 @@ -phpCAS -======= - -phpCAS is an authentication library that allows PHP applications to easily authenticate -users via a Central Authentication Service (CAS) server. - -Please see the wiki website for more information: - -https://apereo.github.io/phpCAS/ - -Api documentation can be found here: - -https://apereo.github.io/phpCAS/api/ - - -[![Test](https://github.com/apereo/phpCAS/actions/workflows/test.yml/badge.svg)](https://github.com/apereo/phpCAS/actions/workflows/test.yml) - -LICENSE -------- - -Copyright 2007-2020, Apereo Foundation. -This project includes software developed by Apereo Foundation. -http://www.apereo.org/ - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this software except in compliance with the License. -You may obtain a copy of the License at: - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/phpCAS-1.6.1/composer.json b/phpCAS-1.6.1/composer.json deleted file mode 100644 index bf8a17c..0000000 --- a/phpCAS-1.6.1/composer.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "name" : "apereo/phpcas", - "description" : "Provides a simple API for authenticating users against a CAS server", - "keywords" : [ - "cas", - "jasig", - "apereo" - ], - "homepage" : "https://wiki.jasig.org/display/CASC/phpCAS", - "type" : "library", - "license" : "Apache-2.0", - "authors" : [{ - "name" : "Joachim Fritschi", - "homepage" : "https://github.com/jfritschi", - "email" : "jfritschi@freenet.de" - }, { - "name" : "Adam Franco", - "homepage" : "https://github.com/adamfranco" - }, { - "name" : "Henry Pan", - "homepage" : "https://github.com/phy25" - } - ], - "require" : { - "php" : ">=7.1.0", - "ext-curl" : "*", - "ext-dom" : "*", - "psr/log" : "^1.0 || ^2.0 || ^3.0" - }, - "require-dev" : { - "monolog/monolog" : "^1.0.0 || ^2.0.0", - "phpunit/phpunit" : ">=7.5", - "phpstan/phpstan" : "^1.5" - }, - "autoload" : { - "files": ["source/CAS.php"], - "classmap" : [ - "source/" - ] - }, - "autoload-dev" : { - "psr-4" : { - "PhpCas\\" : "test/CAS/" - } - }, - "scripts" : { - "test" : "phpunit", - "phpstan" : "phpstan" - }, - "extra" : { - "branch-alias" : { - "dev-master" : "1.3.x-dev" - } - } -} diff --git a/phpCAS-1.6.1/source/CAS.php b/phpCAS-1.6.1/source/CAS.php deleted file mode 100644 index 71c0475..0000000 --- a/phpCAS-1.6.1/source/CAS.php +++ /dev/null @@ -1,2083 +0,0 @@ - - * @author Olivier Berger - * @author Brett Bieber - * @author Joachim Fritschi - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * @ingroup public - */ - -use Psr\Log\LoggerInterface; - -// -// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI'] -// in IIS -// -if (!isset($_SERVER['REQUEST_URI']) && isset($_SERVER['SCRIPT_NAME']) && isset($_SERVER['QUERY_STRING'])) { - $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING']; -} - - -// ######################################################################## -// CONSTANTS -// ######################################################################## - -// ------------------------------------------------------------------------ -// CAS VERSIONS -// ------------------------------------------------------------------------ - -/** - * phpCAS version. accessible for the user by phpCAS::getVersion(). - */ -define('PHPCAS_VERSION', '1.6.1'); - -/** - * @addtogroup public - * @{ - */ - -/** - * phpCAS supported protocols. accessible for the user by phpCAS::getSupportedProtocols(). - */ - -/** - * CAS version 1.0 - */ -define("CAS_VERSION_1_0", '1.0'); -/*! - * CAS version 2.0 -*/ -define("CAS_VERSION_2_0", '2.0'); -/** - * CAS version 3.0 - */ -define("CAS_VERSION_3_0", '3.0'); - -// ------------------------------------------------------------------------ -// SAML defines -// ------------------------------------------------------------------------ - -/** - * SAML protocol - */ -define("SAML_VERSION_1_1", 'S1'); - -/** - * XML header for SAML POST - */ -define("SAML_XML_HEADER", ''); - -/** - * SOAP envelope for SAML POST - */ -define("SAML_SOAP_ENV", ''); - -/** - * SOAP body for SAML POST - */ -define("SAML_SOAP_BODY", ''); - -/** - * SAMLP request - */ -define("SAMLP_REQUEST", ''); -define("SAMLP_REQUEST_CLOSE", ''); - -/** - * SAMLP artifact tag (for the ticket) - */ -define("SAML_ASSERTION_ARTIFACT", ''); - -/** - * SAMLP close - */ -define("SAML_ASSERTION_ARTIFACT_CLOSE", ''); - -/** - * SOAP body close - */ -define("SAML_SOAP_BODY_CLOSE", ''); - -/** - * SOAP envelope close - */ -define("SAML_SOAP_ENV_CLOSE", ''); - -/** - * SAML Attributes - */ -define("SAML_ATTRIBUTES", 'SAMLATTRIBS'); - -/** @} */ -/** - * @addtogroup publicPGTStorage - * @{ - */ -// ------------------------------------------------------------------------ -// FILE PGT STORAGE -// ------------------------------------------------------------------------ -/** - * Default path used when storing PGT's to file - */ -define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH", session_save_path()); -/** @} */ -// ------------------------------------------------------------------------ -// SERVICE ACCESS ERRORS -// ------------------------------------------------------------------------ -/** - * @addtogroup publicServices - * @{ - */ - -/** - * phpCAS::service() error code on success - */ -define("PHPCAS_SERVICE_OK", 0); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the CAS server did not respond. - */ -define("PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE", 1); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the response of the CAS server was ill-formed. - */ -define("PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE", 2); -/** - * phpCAS::service() error code when the PT could not retrieve because - * the CAS server did not want to. - */ -define("PHPCAS_SERVICE_PT_FAILURE", 3); -/** - * phpCAS::service() error code when the service was not available. - */ -define("PHPCAS_SERVICE_NOT_AVAILABLE", 4); - -// ------------------------------------------------------------------------ -// SERVICE TYPES -// ------------------------------------------------------------------------ -/** - * phpCAS::getProxiedService() type for HTTP GET - */ -define("PHPCAS_PROXIED_SERVICE_HTTP_GET", 'CAS_ProxiedService_Http_Get'); -/** - * phpCAS::getProxiedService() type for HTTP POST - */ -define("PHPCAS_PROXIED_SERVICE_HTTP_POST", 'CAS_ProxiedService_Http_Post'); -/** - * phpCAS::getProxiedService() type for IMAP - */ -define("PHPCAS_PROXIED_SERVICE_IMAP", 'CAS_ProxiedService_Imap'); - - -/** @} */ -// ------------------------------------------------------------------------ -// LANGUAGES -// ------------------------------------------------------------------------ -/** - * @addtogroup publicLang - * @{ - */ - -define("PHPCAS_LANG_ENGLISH", 'CAS_Languages_English'); -define("PHPCAS_LANG_FRENCH", 'CAS_Languages_French'); -define("PHPCAS_LANG_GREEK", 'CAS_Languages_Greek'); -define("PHPCAS_LANG_GERMAN", 'CAS_Languages_German'); -define("PHPCAS_LANG_JAPANESE", 'CAS_Languages_Japanese'); -define("PHPCAS_LANG_SPANISH", 'CAS_Languages_Spanish'); -define("PHPCAS_LANG_CATALAN", 'CAS_Languages_Catalan'); -define("PHPCAS_LANG_CHINESE_SIMPLIFIED", 'CAS_Languages_ChineseSimplified'); -define("PHPCAS_LANG_GALEGO", 'CAS_Languages_Galego'); -define("PHPCAS_LANG_PORTUGUESE", 'CAS_Languages_Portuguese'); - -/** @} */ - -/** - * @addtogroup internalLang - * @{ - */ - -/** - * phpCAS default language (when phpCAS::setLang() is not used) - */ -define("PHPCAS_LANG_DEFAULT", PHPCAS_LANG_ENGLISH); - -/** @} */ -// ------------------------------------------------------------------------ -// DEBUG -// ------------------------------------------------------------------------ -/** - * @addtogroup publicDebug - * @{ - */ - -/** - * The default directory for the debug file under Unix. - * @return string directory for the debug file - */ -function gettmpdir() { -if (!empty($_ENV['TMP'])) { return realpath($_ENV['TMP']); } -if (!empty($_ENV['TMPDIR'])) { return realpath( $_ENV['TMPDIR']); } -if (!empty($_ENV['TEMP'])) { return realpath( $_ENV['TEMP']); } -return "/tmp"; -} -define('DEFAULT_DEBUG_DIR', gettmpdir()."/"); - -/** @} */ - -// include the class autoloader -require_once __DIR__ . '/CAS/Autoload.php'; - -/** - * The phpCAS class is a simple container for the phpCAS library. It provides CAS - * authentication for web applications written in PHP. - * - * @ingroup public - * @class phpCAS - * @category Authentication - * @package PhpCAS - * @author Pascal Aubry - * @author Olivier Berger - * @author Brett Bieber - * @author Joachim Fritschi - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -class phpCAS -{ - - /** - * This variable is used by the interface class phpCAS. - * - * @var CAS_Client - * @hideinitializer - */ - private static $_PHPCAS_CLIENT; - - /** - * @var array - * This variable is used to store where the initializer is called from - * (to print a comprehensive error in case of multiple calls). - * - * @hideinitializer - */ - private static $_PHPCAS_INIT_CALL; - - /** - * @var array - * This variable is used to store phpCAS debug mode. - * - * @hideinitializer - */ - private static $_PHPCAS_DEBUG; - - /** - * This variable is used to enable verbose mode - * This pevents debug info to be show to the user. Since it's a security - * feature the default is false - * - * @hideinitializer - */ - private static $_PHPCAS_VERBOSE = false; - - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * @addtogroup publicInit - * @{ - */ - - /** - * phpCAS client initializer. - * - * @param string $server_version the version of the CAS server - * @param string $server_hostname the hostname of the CAS server - * @param int $server_port the port the CAS server is running on - * @param string $server_uri the URI the CAS server is responding on - * @param string|string[]|CAS_ServiceBaseUrl_Interface - * $service_base_url the base URL (protocol, host and the - * optional port) of the CAS client; pass - * in an array to use auto discovery with - * an allowlist; pass in - * CAS_ServiceBaseUrl_Interface for custom - * behavior. Added in 1.6.0. Similar to - * serverName config in other CAS clients. - * @param bool $changeSessionID Allow phpCAS to change the session_id - * (Single Sign Out/handleLogoutRequests - * is based on that change) - * @param \SessionHandlerInterface $sessionHandler the session handler - * - * @return void a newly created CAS_Client object - * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be - * called, only once, and before all other methods (except phpCAS::getVersion() - * and phpCAS::setDebug()). - */ - public static function client($server_version, $server_hostname, - $server_port, $server_uri, $service_base_url, - $changeSessionID = true, \SessionHandlerInterface $sessionHandler = null - ) { - phpCAS :: traceBegin(); - if (is_object(self::$_PHPCAS_CLIENT)) { - phpCAS :: error(self::$_PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . self::$_PHPCAS_INIT_CALL['file'] . ':' . self::$_PHPCAS_INIT_CALL['line'] . ')'); - } - - // store where the initializer is called from - $dbg = debug_backtrace(); - self::$_PHPCAS_INIT_CALL = array ( - 'done' => true, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__ . '::' . __FUNCTION__ - ); - - // initialize the object $_PHPCAS_CLIENT - try { - self::$_PHPCAS_CLIENT = new CAS_Client( - $server_version, false, $server_hostname, $server_port, $server_uri, $service_base_url, - $changeSessionID, $sessionHandler - ); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - phpCAS :: traceEnd(); - } - - /** - * phpCAS proxy initializer. - * - * @param string $server_version the version of the CAS server - * @param string $server_hostname the hostname of the CAS server - * @param string $server_port the port the CAS server is running on - * @param string $server_uri the URI the CAS server is responding on - * @param string|string[]|CAS_ServiceBaseUrl_Interface - * $service_base_url the base URL (protocol, host and the - * optional port) of the CAS client; pass - * in an array to use auto discovery with - * an allowlist; pass in - * CAS_ServiceBaseUrl_Interface for custom - * behavior. Added in 1.6.0. Similar to - * serverName config in other CAS clients. - * @param bool $changeSessionID Allow phpCAS to change the session_id - * (Single Sign Out/handleLogoutRequests - * is based on that change) - * @param \SessionHandlerInterface $sessionHandler the session handler - * - * @return void a newly created CAS_Client object - * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be - * called, only once, and before all other methods (except phpCAS::getVersion() - * and phpCAS::setDebug()). - */ - public static function proxy($server_version, $server_hostname, - $server_port, $server_uri, $service_base_url, - $changeSessionID = true, \SessionHandlerInterface $sessionHandler = null - ) { - phpCAS :: traceBegin(); - if (is_object(self::$_PHPCAS_CLIENT)) { - phpCAS :: error(self::$_PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . self::$_PHPCAS_INIT_CALL['file'] . ':' . self::$_PHPCAS_INIT_CALL['line'] . ')'); - } - - // store where the initialzer is called from - $dbg = debug_backtrace(); - self::$_PHPCAS_INIT_CALL = array ( - 'done' => true, - 'file' => $dbg[0]['file'], - 'line' => $dbg[0]['line'], - 'method' => __CLASS__ . '::' . __FUNCTION__ - ); - - // initialize the object $_PHPCAS_CLIENT - try { - self::$_PHPCAS_CLIENT = new CAS_Client( - $server_version, true, $server_hostname, $server_port, $server_uri, $service_base_url, - $changeSessionID, $sessionHandler - ); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - phpCAS :: traceEnd(); - } - - /** - * Answer whether or not the client or proxy has been initialized - * - * @return bool - */ - public static function isInitialized () - { - return (is_object(self::$_PHPCAS_CLIENT)); - } - - /** @} */ - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * @addtogroup publicDebug - * @{ - */ - - /** - * Set/unset PSR-3 logger - * - * @param LoggerInterface $logger the PSR-3 logger used for logging, or - * null to stop logging. - * - * @return void - */ - public static function setLogger($logger = null) - { - if (empty(self::$_PHPCAS_DEBUG['unique_id'])) { - self::$_PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4); - } - self::$_PHPCAS_DEBUG['logger'] = $logger; - self::$_PHPCAS_DEBUG['indent'] = 0; - phpCAS :: trace('START ('.date("Y-m-d H:i:s").') phpCAS-' . PHPCAS_VERSION . ' ******************'); - } - - /** - * Set/unset debug mode - * - * @param string $filename the name of the file used for logging, or false - * to stop debugging. - * - * @return void - * - * @deprecated - */ - public static function setDebug($filename = '') - { - trigger_error('phpCAS::setDebug() is deprecated in favor of phpCAS::setLogger().', E_USER_DEPRECATED); - - if ($filename != false && gettype($filename) != 'string') { - phpCAS :: error('type mismatched for parameter $dbg (should be false or the name of the log file)'); - } - if ($filename === false) { - self::$_PHPCAS_DEBUG['filename'] = false; - - } else { - if (empty ($filename)) { - if (preg_match('/^Win.*/', getenv('OS'))) { - if (isset ($_ENV['TMP'])) { - $debugDir = $_ENV['TMP'] . '/'; - } else { - $debugDir = ''; - } - } else { - $debugDir = DEFAULT_DEBUG_DIR; - } - $filename = $debugDir . 'phpCAS.log'; - } - - if (empty (self::$_PHPCAS_DEBUG['unique_id'])) { - self::$_PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4); - } - - self::$_PHPCAS_DEBUG['filename'] = $filename; - self::$_PHPCAS_DEBUG['indent'] = 0; - - phpCAS :: trace('START ('.date("Y-m-d H:i:s").') phpCAS-' . PHPCAS_VERSION . ' ******************'); - } - } - - /** - * Enable verbose errors messages in the website output - * This is a security relevant since internal status info may leak an may - * help an attacker. Default is therefore false - * - * @param bool $verbose enable verbose output - * - * @return void - */ - public static function setVerbose($verbose) - { - if ($verbose === true) { - self::$_PHPCAS_VERBOSE = true; - } else { - self::$_PHPCAS_VERBOSE = false; - } - } - - - /** - * Show is verbose mode is on - * - * @return bool verbose - */ - public static function getVerbose() - { - return self::$_PHPCAS_VERBOSE; - } - - /** - * Logs a string in debug mode. - * - * @param string $str the string to write - * - * @return void - * @private - */ - public static function log($str) - { - $indent_str = "."; - - - if (isset(self::$_PHPCAS_DEBUG['logger']) || !empty(self::$_PHPCAS_DEBUG['filename'])) { - for ($i = 0; $i < self::$_PHPCAS_DEBUG['indent']; $i++) { - - $indent_str .= '| '; - } - // allow for multiline output with proper identing. Usefull for - // dumping cas answers etc. - $str2 = str_replace("\n", "\n" . self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str, $str); - $str3 = self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str2; - if (isset(self::$_PHPCAS_DEBUG['logger'])) { - self::$_PHPCAS_DEBUG['logger']->info($str3); - } - if (!empty(self::$_PHPCAS_DEBUG['filename'])) { - // Check if file exists and modifiy file permissions to be only - // readable by the webserver - if (!file_exists(self::$_PHPCAS_DEBUG['filename'])) { - touch(self::$_PHPCAS_DEBUG['filename']); - // Chmod will fail on windows - @chmod(self::$_PHPCAS_DEBUG['filename'], 0600); - } - error_log($str3 . "\n", 3, self::$_PHPCAS_DEBUG['filename']); - } - } - - } - - /** - * This method is used by interface methods to print an error and where the - * function was originally called from. - * - * @param string $msg the message to print - * - * @return void - * @private - */ - public static function error($msg) - { - phpCAS :: traceBegin(); - $dbg = debug_backtrace(); - $function = '?'; - $file = '?'; - $line = '?'; - if (is_array($dbg)) { - for ($i = 1; $i < sizeof($dbg); $i++) { - if (is_array($dbg[$i]) && isset($dbg[$i]['class']) ) { - if ($dbg[$i]['class'] == __CLASS__) { - $function = $dbg[$i]['function']; - $file = $dbg[$i]['file']; - $line = $dbg[$i]['line']; - } - } - } - } - if (self::$_PHPCAS_VERBOSE) { - echo "
\nphpCAS error: " . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . " in " . $file . " on line " . $line . "
\n"; - } - phpCAS :: trace($msg . ' in ' . $file . 'on line ' . $line ); - phpCAS :: traceEnd(); - - throw new CAS_GracefullTerminationException(__CLASS__ . "::" . $function . '(): ' . $msg); - } - - /** - * This method is used to log something in debug mode. - * - * @param string $str string to log - * - * @return void - */ - public static function trace($str) - { - $dbg = debug_backtrace(); - phpCAS :: log($str . ' [' . basename($dbg[0]['file']) . ':' . $dbg[0]['line'] . ']'); - } - - /** - * This method is used to indicate the start of the execution of a function - * in debug mode. - * - * @return void - */ - public static function traceBegin() - { - $dbg = debug_backtrace(); - $str = '=> '; - if (!empty ($dbg[1]['class'])) { - $str .= $dbg[1]['class'] . '::'; - } - $str .= $dbg[1]['function'] . '('; - if (is_array($dbg[1]['args'])) { - foreach ($dbg[1]['args'] as $index => $arg) { - if ($index != 0) { - $str .= ', '; - } - if (is_object($arg)) { - $str .= get_class($arg); - } else { - $str .= str_replace(array("\r\n", "\n", "\r"), "", var_export($arg, true)); - } - } - } - if (isset($dbg[1]['file'])) { - $file = basename($dbg[1]['file']); - } else { - $file = 'unknown_file'; - } - if (isset($dbg[1]['line'])) { - $line = $dbg[1]['line']; - } else { - $line = 'unknown_line'; - } - $str .= ') [' . $file . ':' . $line . ']'; - phpCAS :: log($str); - if (!isset(self::$_PHPCAS_DEBUG['indent'])) { - self::$_PHPCAS_DEBUG['indent'] = 0; - } else { - self::$_PHPCAS_DEBUG['indent']++; - } - } - - /** - * This method is used to indicate the end of the execution of a function in - * debug mode. - * - * @param mixed $res the result of the function - * - * @return void - */ - public static function traceEnd($res = '') - { - if (empty(self::$_PHPCAS_DEBUG['indent'])) { - self::$_PHPCAS_DEBUG['indent'] = 0; - } else { - self::$_PHPCAS_DEBUG['indent']--; - } - $str = ''; - if (is_object($res)) { - $str .= '<= ' . get_class($res); - } else { - $str .= '<= ' . str_replace(array("\r\n", "\n", "\r"), "", var_export($res, true)); - } - - phpCAS :: log($str); - } - - /** - * This method is used to indicate the end of the execution of the program - * - * @return void - */ - public static function traceExit() - { - phpCAS :: log('exit()'); - while (self::$_PHPCAS_DEBUG['indent'] > 0) { - phpCAS :: log('-'); - self::$_PHPCAS_DEBUG['indent']--; - } - } - - /** @} */ - // ######################################################################## - // INTERNATIONALIZATION - // ######################################################################## - /** - * @addtogroup publicLang - * @{ - */ - - /** - * This method is used to set the language used by phpCAS. - * - * @param string $lang string representing the language. - * - * @return void - * - * @sa PHPCAS_LANG_FRENCH, PHPCAS_LANG_ENGLISH - * @note Can be called only once. - */ - public static function setLang($lang) - { - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setLang($lang); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** @} */ - // ######################################################################## - // VERSION - // ######################################################################## - /** - * @addtogroup public - * @{ - */ - - /** - * This method returns the phpCAS version. - * - * @return string the phpCAS version. - */ - public static function getVersion() - { - return PHPCAS_VERSION; - } - - /** - * This method returns supported protocols. - * - * @return array an array of all supported protocols. Use internal protocol name as array key. - */ - public static function getSupportedProtocols() - { - $supportedProtocols = array(); - $supportedProtocols[CAS_VERSION_1_0] = 'CAS 1.0'; - $supportedProtocols[CAS_VERSION_2_0] = 'CAS 2.0'; - $supportedProtocols[CAS_VERSION_3_0] = 'CAS 3.0'; - $supportedProtocols[SAML_VERSION_1_1] = 'SAML 1.1'; - - return $supportedProtocols; - } - - /** @} */ - // ######################################################################## - // HTML OUTPUT - // ######################################################################## - /** - * @addtogroup publicOutput - * @{ - */ - - /** - * This method sets the HTML header used for all outputs. - * - * @param string $header the HTML header. - * - * @return void - */ - public static function setHTMLHeader($header) - { - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setHTMLHeader($header); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** - * This method sets the HTML footer used for all outputs. - * - * @param string $footer the HTML footer. - * - * @return void - */ - public static function setHTMLFooter($footer) - { - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setHTMLFooter($footer); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** @} */ - // ######################################################################## - // PGT STORAGE - // ######################################################################## - /** - * @addtogroup publicPGTStorage - * @{ - */ - - /** - * This method can be used to set a custom PGT storage object. - * - * @param CAS_PGTStorage_AbstractStorage $storage a PGT storage object that inherits from the - * CAS_PGTStorage_AbstractStorage class - * - * @return void - */ - public static function setPGTStorage($storage) - { - phpCAS :: traceBegin(); - phpCAS::_validateProxyExists(); - - try { - self::$_PHPCAS_CLIENT->setPGTStorage($storage); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - phpCAS :: traceEnd(); - } - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests in a database. - * - * @param string $dsn_or_pdo a dsn string to use for creating a PDO - * object or a PDO object - * @param string $username the username to use when connecting to the - * database - * @param string $password the password to use when connecting to the - * database - * @param string $table the table to use for storing and retrieving - * PGT's - * @param string $driver_options any driver options to use when connecting - * to the database - * - * @return void - */ - public static function setPGTStorageDb($dsn_or_pdo, $username='', - $password='', $table='', $driver_options=null - ) { - phpCAS :: traceBegin(); - phpCAS::_validateProxyExists(); - - try { - self::$_PHPCAS_CLIENT->setPGTStorageDb($dsn_or_pdo, $username, $password, $table, $driver_options); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - phpCAS :: traceEnd(); - } - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests onto the filesystem. - * - * @param string $path the path where the PGT's should be stored - * - * @return void - */ - public static function setPGTStorageFile($path = '') - { - phpCAS :: traceBegin(); - phpCAS::_validateProxyExists(); - - try { - self::$_PHPCAS_CLIENT->setPGTStorageFile($path); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - phpCAS :: traceEnd(); - } - /** @} */ - // ######################################################################## - // ACCESS TO EXTERNAL SERVICES - // ######################################################################## - /** - * @addtogroup publicServices - * @{ - */ - - /** - * Answer a proxy-authenticated service handler. - * - * @param string $type The service type. One of - * PHPCAS_PROXIED_SERVICE_HTTP_GET; PHPCAS_PROXIED_SERVICE_HTTP_POST; - * PHPCAS_PROXIED_SERVICE_IMAP - * - * @return CAS_ProxiedService - * @throws InvalidArgumentException If the service type is unknown. - */ - public static function getProxiedService ($type) - { - phpCAS :: traceBegin(); - phpCAS::_validateProxyExists(); - - try { - $res = self::$_PHPCAS_CLIENT->getProxiedService($type); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - return $res; - } - - /** - * Initialize a proxied-service handler with the proxy-ticket it should use. - * - * @param CAS_ProxiedService $proxiedService Proxied Service Handler - * - * @return void - * @throws CAS_ProxyTicketException If there is a proxy-ticket failure. - * The code of the Exception will be one of: - * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_FAILURE - */ - public static function initializeProxiedService (CAS_ProxiedService $proxiedService) - { - phpCAS::_validateProxyExists(); - - try { - self::$_PHPCAS_CLIENT->initializeProxiedService($proxiedService); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** - * This method is used to access an HTTP[S] service. - * - * @param string $url the service to access. - * @param int &$err_code an error code Possible values are - * PHPCAS_SERVICE_OK (on success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, PHPCAS_SERVICE_PT_FAILURE, - * PHPCAS_SERVICE_NOT_AVAILABLE. - * @param string &$output the output of the service (also used to give an - * error message on failure). - * - * @return bool true on success, false otherwise (in this later case, - * $err_code gives the reason why it failed and $output contains an error - * message). - */ - public static function serviceWeb($url, & $err_code, & $output) - { - phpCAS :: traceBegin(); - phpCAS::_validateProxyExists(); - - try { - $res = self::$_PHPCAS_CLIENT->serviceWeb($url, $err_code, $output); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd($res); - return $res; - } - - /** - * This method is used to access an IMAP/POP3/NNTP service. - * - * @param string $url a string giving the URL of the service, - * including the mailing box for IMAP URLs, as accepted by imap_open(). - * @param string $service a string giving for CAS retrieve Proxy ticket - * @param string $flags options given to imap_open(). - * @param int &$err_code an error code Possible values are - * PHPCAS_SERVICE_OK (on success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, PHPCAS_SERVICE_PT_FAILURE, - * PHPCAS_SERVICE_NOT_AVAILABLE. - * @param string &$err_msg an error message on failure - * @param string &$pt the Proxy Ticket (PT) retrieved from the CAS - * server to access the URL on success, false on error). - * - * @return object|false IMAP stream on success, false otherwise (in this later - * case, $err_code gives the reason why it failed and $err_msg contains an - * error message). - */ - public static function serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) - { - phpCAS :: traceBegin(); - phpCAS::_validateProxyExists(); - - try { - $res = self::$_PHPCAS_CLIENT->serviceMail($url, $service, $flags, $err_code, $err_msg, $pt); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd($res); - return $res; - } - - /** @} */ - // ######################################################################## - // AUTHENTICATION - // ######################################################################## - /** - * @addtogroup publicAuth - * @{ - */ - - /** - * Set the times authentication will be cached before really accessing the - * CAS server in gateway mode: - * - -1: check only once, and then never again (until you pree login) - * - 0: always check - * - n: check every "n" time - * - * @param int $n an integer. - * - * @return void - */ - public static function setCacheTimesForAuthRecheck($n) - { - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setCacheTimesForAuthRecheck($n); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - - /** - * Set a callback function to be run when receiving CAS attributes - * - * The callback function will be passed an $success_elements - * payload of the response (\DOMElement) as its first parameter. - * - * @param string $function Callback function - * @param array $additionalArgs optional array of arguments - * - * @return void - */ - public static function setCasAttributeParserCallback($function, array $additionalArgs = array()) - { - phpCAS::_validateClientExists(); - - self::$_PHPCAS_CLIENT->setCasAttributeParserCallback($function, $additionalArgs); - } - - /** - * Set a callback function to be run when a user authenticates. - * - * The callback function will be passed a $logoutTicket as its first - * parameter, followed by any $additionalArgs you pass. The $logoutTicket - * parameter is an opaque string that can be used to map the session-id to - * logout request in order to support single-signout in applications that - * manage their own sessions (rather than letting phpCAS start the session). - * - * phpCAS::forceAuthentication() will always exit and forward client unless - * they are already authenticated. To perform an action at the moment the user - * logs in (such as registering an account, performing logging, etc), register - * a callback function here. - * - * @param callable $function Callback function - * @param array $additionalArgs optional array of arguments - * - * @return void - */ - public static function setPostAuthenticateCallback ($function, array $additionalArgs = array()) - { - phpCAS::_validateClientExists(); - - self::$_PHPCAS_CLIENT->setPostAuthenticateCallback($function, $additionalArgs); - } - - /** - * Set a callback function to be run when a single-signout request is - * received. The callback function will be passed a $logoutTicket as its - * first parameter, followed by any $additionalArgs you pass. The - * $logoutTicket parameter is an opaque string that can be used to map a - * session-id to the logout request in order to support single-signout in - * applications that manage their own sessions (rather than letting phpCAS - * start and destroy the session). - * - * @param callable $function Callback function - * @param array $additionalArgs optional array of arguments - * - * @return void - */ - public static function setSingleSignoutCallback ($function, array $additionalArgs = array()) - { - phpCAS::_validateClientExists(); - - self::$_PHPCAS_CLIENT->setSingleSignoutCallback($function, $additionalArgs); - } - - /** - * This method is called to check if the user is already authenticated - * locally or has a global cas session. A already existing cas session is - * determined by a cas gateway call.(cas login call without any interactive - * prompt) - * - * @return bool true when the user is authenticated, false when a previous - * gateway login failed or the function will not return if the user is - * redirected to the cas server for a gateway login attempt - */ - public static function checkAuthentication() - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - $auth = self::$_PHPCAS_CLIENT->checkAuthentication(); - - // store where the authentication has been checked and the result - self::$_PHPCAS_CLIENT->markAuthenticationCall($auth); - - phpCAS :: traceEnd($auth); - return $auth; - } - - /** - * This method is called to force authentication if the user was not already - * authenticated. If the user is not authenticated, halt by redirecting to - * the CAS server. - * - * @return bool Authentication - */ - public static function forceAuthentication() - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - $auth = self::$_PHPCAS_CLIENT->forceAuthentication(); - - // store where the authentication has been checked and the result - self::$_PHPCAS_CLIENT->markAuthenticationCall($auth); - - /* if (!$auth) { - phpCAS :: trace('user is not authenticated, redirecting to the CAS server'); - self::$_PHPCAS_CLIENT->forceAuthentication(); - } else { - phpCAS :: trace('no need to authenticate (user `' . phpCAS :: getUser() . '\' is already authenticated)'); - }*/ - - phpCAS :: traceEnd(); - return $auth; - } - - /** - * This method is called to renew the authentication. - * - * @return void - **/ - public static function renewAuthentication() - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - $auth = self::$_PHPCAS_CLIENT->renewAuthentication(); - - // store where the authentication has been checked and the result - self::$_PHPCAS_CLIENT->markAuthenticationCall($auth); - - //self::$_PHPCAS_CLIENT->renewAuthentication(); - phpCAS :: traceEnd(); - } - - /** - * This method is called to check if the user is authenticated (previously or by - * tickets given in the URL). - * - * @return bool true when the user is authenticated. - */ - public static function isAuthenticated() - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - // call the isAuthenticated method of the $_PHPCAS_CLIENT object - $auth = self::$_PHPCAS_CLIENT->isAuthenticated(); - - // store where the authentication has been checked and the result - self::$_PHPCAS_CLIENT->markAuthenticationCall($auth); - - phpCAS :: traceEnd($auth); - return $auth; - } - - /** - * Checks whether authenticated based on $_SESSION. Useful to avoid - * server calls. - * - * @return bool true if authenticated, false otherwise. - * @since 0.4.22 by Brendan Arnold - */ - public static function isSessionAuthenticated() - { - phpCAS::_validateClientExists(); - - return (self::$_PHPCAS_CLIENT->isSessionAuthenticated()); - } - - /** - * This method returns the CAS user's login name. - * - * @return string the login name of the authenticated user - * @warning should only be called after phpCAS::forceAuthentication() - * or phpCAS::checkAuthentication(). - * */ - public static function getUser() - { - phpCAS::_validateClientExists(); - - try { - return self::$_PHPCAS_CLIENT->getUser(); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** - * Answer attributes about the authenticated user. - * - * @warning should only be called after phpCAS::forceAuthentication() - * or phpCAS::checkAuthentication(). - * - * @return array - */ - public static function getAttributes() - { - phpCAS::_validateClientExists(); - - try { - return self::$_PHPCAS_CLIENT->getAttributes(); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** - * Answer true if there are attributes for the authenticated user. - * - * @warning should only be called after phpCAS::forceAuthentication() - * or phpCAS::checkAuthentication(). - * - * @return bool - */ - public static function hasAttributes() - { - phpCAS::_validateClientExists(); - - try { - return self::$_PHPCAS_CLIENT->hasAttributes(); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** - * Answer true if an attribute exists for the authenticated user. - * - * @param string $key attribute name - * - * @return bool - * @warning should only be called after phpCAS::forceAuthentication() - * or phpCAS::checkAuthentication(). - */ - public static function hasAttribute($key) - { - phpCAS::_validateClientExists(); - - try { - return self::$_PHPCAS_CLIENT->hasAttribute($key); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** - * Answer an attribute for the authenticated user. - * - * @param string $key attribute name - * - * @return mixed string for a single value or an array if multiple values exist. - * @warning should only be called after phpCAS::forceAuthentication() - * or phpCAS::checkAuthentication(). - */ - public static function getAttribute($key) - { - phpCAS::_validateClientExists(); - - try { - return self::$_PHPCAS_CLIENT->getAttribute($key); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** - * Handle logout requests. - * - * @param bool $check_client additional safety check - * @param array $allowed_clients array of allowed clients - * - * @return void - */ - public static function handleLogoutRequests($check_client = true, $allowed_clients = array()) - { - phpCAS::_validateClientExists(); - - return (self::$_PHPCAS_CLIENT->handleLogoutRequests($check_client, $allowed_clients)); - } - - /** - * This method returns the URL to be used to login. - * - * @return string the login URL - */ - public static function getServerLoginURL() - { - phpCAS::_validateClientExists(); - - return self::$_PHPCAS_CLIENT->getServerLoginURL(); - } - - /** - * Set the login URL of the CAS server. - * - * @param string $url the login URL - * - * @return void - * @since 0.4.21 by Wyman Chan - */ - public static function setServerLoginURL($url = '') - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setServerLoginURL($url); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * Set the serviceValidate URL of the CAS server. - * Used for all CAS versions of URL validations. - * Examples: - * CAS 1.0 http://www.exemple.com/validate - * CAS 2.0 http://www.exemple.com/validateURL - * CAS 3.0 http://www.exemple.com/p3/serviceValidate - * - * @param string $url the serviceValidate URL - * - * @return void - */ - public static function setServerServiceValidateURL($url = '') - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setServerServiceValidateURL($url); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * Set the proxyValidate URL of the CAS server. - * Used for all CAS versions of proxy URL validations - * Examples: - * CAS 1.0 http://www.exemple.com/ - * CAS 2.0 http://www.exemple.com/proxyValidate - * CAS 3.0 http://www.exemple.com/p3/proxyValidate - * - * @param string $url the proxyValidate URL - * - * @return void - */ - public static function setServerProxyValidateURL($url = '') - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setServerProxyValidateURL($url); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * Set the samlValidate URL of the CAS server. - * - * @param string $url the samlValidate URL - * - * @return void - */ - public static function setServerSamlValidateURL($url = '') - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setServerSamlValidateURL($url); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * This method returns the URL to be used to logout. - * - * @return string the URL to use to log out - */ - public static function getServerLogoutURL() - { - phpCAS::_validateClientExists(); - - return self::$_PHPCAS_CLIENT->getServerLogoutURL(); - } - - /** - * Set the logout URL of the CAS server. - * - * @param string $url the logout URL - * - * @return void - * @since 0.4.21 by Wyman Chan - */ - public static function setServerLogoutURL($url = '') - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setServerLogoutURL($url); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * This method is used to logout from CAS. - * - * @param string $params an array that contains the optional url and - * service parameters that will be passed to the CAS server - * - * @return void - */ - public static function logout($params = "") - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - $parsedParams = array (); - if ($params != "") { - if (is_string($params)) { - phpCAS :: error('method `phpCAS::logout($url)\' is now deprecated, use `phpCAS::logoutWithUrl($url)\' instead'); - } - if (!is_array($params)) { - phpCAS :: error('type mismatched for parameter $params (should be `array\')'); - } - foreach ($params as $key => $value) { - if ($key != "service" && $key != "url") { - phpCAS :: error('only `url\' and `service\' parameters are allowed for method `phpCAS::logout($params)\''); - } - $parsedParams[$key] = $value; - } - } - self::$_PHPCAS_CLIENT->logout($parsedParams); - // never reached - phpCAS :: traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS - * server. - * - * @param string $service a URL that will be transmitted to the CAS server - * - * @return void - */ - public static function logoutWithRedirectService($service) - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - if (!is_string($service)) { - phpCAS :: error('type mismatched for parameter $service (should be `string\')'); - } - self::$_PHPCAS_CLIENT->logout(array ( "service" => $service )); - // never reached - phpCAS :: traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS - * server. - * - * @param string $url a URL that will be transmitted to the CAS server - * - * @return void - * @deprecated The url parameter has been removed from the CAS server as of - * version 3.3.5.1 - */ - public static function logoutWithUrl($url) - { - trigger_error('Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED); - phpCAS :: traceBegin(); - if (!is_object(self::$_PHPCAS_CLIENT)) { - phpCAS :: error('this method should only be called after ' . __CLASS__ . '::client() or' . __CLASS__ . '::proxy()'); - } - if (!is_string($url)) { - phpCAS :: error('type mismatched for parameter $url (should be `string\')'); - } - self::$_PHPCAS_CLIENT->logout(array ( "url" => $url )); - // never reached - phpCAS :: traceEnd(); - } - - /** - * This method is used to logout from CAS. Halts by redirecting to the CAS - * server. - * - * @param string $service a URL that will be transmitted to the CAS server - * @param string $url a URL that will be transmitted to the CAS server - * - * @return void - * - * @deprecated The url parameter has been removed from the CAS server as of - * version 3.3.5.1 - */ - public static function logoutWithRedirectServiceAndUrl($service, $url) - { - trigger_error('Function deprecated for cas servers >= 3.3.5.1', E_USER_DEPRECATED); - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - if (!is_string($service)) { - phpCAS :: error('type mismatched for parameter $service (should be `string\')'); - } - if (!is_string($url)) { - phpCAS :: error('type mismatched for parameter $url (should be `string\')'); - } - self::$_PHPCAS_CLIENT->logout( - array ( - "service" => $service, - "url" => $url - ) - ); - // never reached - phpCAS :: traceEnd(); - } - - /** - * Set the fixed URL that will be used by the CAS server to transmit the - * PGT. When this method is not called, a phpCAS script uses its own URL - * for the callback. - * - * @param string $url the URL - * - * @return void - */ - public static function setFixedCallbackURL($url = '') - { - phpCAS :: traceBegin(); - phpCAS::_validateProxyExists(); - - try { - self::$_PHPCAS_CLIENT->setCallbackURL($url); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * Set the fixed URL that will be set as the CAS service parameter. When this - * method is not called, a phpCAS script uses its own URL. - * - * @param string $url the URL - * - * @return void - */ - public static function setFixedServiceURL($url) - { - phpCAS :: traceBegin(); - phpCAS::_validateProxyExists(); - - try { - self::$_PHPCAS_CLIENT->setURL($url); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * Get the URL that is set as the CAS service parameter. - * - * @return string Service Url - */ - public static function getServiceURL() - { - phpCAS::_validateProxyExists(); - return (self::$_PHPCAS_CLIENT->getURL()); - } - - /** - * Retrieve a Proxy Ticket from the CAS server. - * - * @param string $target_service Url string of service to proxy - * @param int &$err_code error code - * @param string &$err_msg error message - * - * @return string Proxy Ticket - */ - public static function retrievePT($target_service, & $err_code, & $err_msg) - { - phpCAS::_validateProxyExists(); - - try { - return (self::$_PHPCAS_CLIENT->retrievePT($target_service, $err_code, $err_msg)); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - } - - /** - * Set the certificate of the CAS server CA and if the CN should be properly - * verified. - * - * @param string $cert CA certificate file name - * @param bool $validate_cn Validate CN in certificate (default true) - * - * @return void - */ - public static function setCasServerCACert($cert, $validate_cn = true) - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->setCasServerCACert($cert, $validate_cn); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * Set no SSL validation for the CAS server. - * - * @return void - */ - public static function setNoCasServerValidation() - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - phpCAS :: trace('You have configured no validation of the legitimacy of the cas server. This is not recommended for production use.'); - self::$_PHPCAS_CLIENT->setNoCasServerValidation(); - phpCAS :: traceEnd(); - } - - - /** - * Disable the removal of a CAS-Ticket from the URL when authenticating - * DISABLING POSES A SECURITY RISK: - * We normally remove the ticket by an additional redirect as a security - * precaution to prevent a ticket in the HTTP_REFERRER or be carried over in - * the URL parameter - * - * @return void - */ - public static function setNoClearTicketsFromUrl() - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - self::$_PHPCAS_CLIENT->setNoClearTicketsFromUrl(); - phpCAS :: traceEnd(); - } - - /** @} */ - - /** - * Change CURL options. - * CURL is used to connect through HTTPS to CAS server - * - * @param string $key the option key - * @param string $value the value to set - * - * @return void - */ - public static function setExtraCurlOption($key, $value) - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - self::$_PHPCAS_CLIENT->setExtraCurlOption($key, $value); - phpCAS :: traceEnd(); - } - - /** - * Set a salt/seed for the session-id hash to make it harder to guess. - * - * When $changeSessionID = true phpCAS will create a session-id that is derived - * from the service ticket. Doing so allows phpCAS to look-up and destroy the - * proper session on single-log-out requests. While the service tickets - * provided by the CAS server may include enough data to generate a strong - * hash, clients may provide an additional salt to ensure that session ids - * are not guessable if the session tickets do not have enough entropy. - * - * @param string $salt The salt to combine with the session ticket. - * - * @return void - */ - public static function setSessionIdSalt($salt) { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - self::$_PHPCAS_CLIENT->setSessionIdSalt($salt); - phpCAS :: traceEnd(); - } - - /** - * If you want your service to be proxied you have to enable it (default - * disabled) and define an accepable list of proxies that are allowed to - * proxy your service. - * - * Add each allowed proxy definition object. For the normal CAS_ProxyChain - * class, the constructor takes an array of proxies to match. The list is in - * reverse just as seen from the service. Proxies have to be defined in reverse - * from the service to the user. If a user hits service A and gets proxied via - * B to service C the list of acceptable on C would be array(B,A). The definition - * of an individual proxy can be either a string or a regexp (preg_match is used) - * that will be matched against the proxy list supplied by the cas server - * when validating the proxy tickets. The strings are compared starting from - * the beginning and must fully match with the proxies in the list. - * Example: - * phpCAS::allowProxyChain(new CAS_ProxyChain(array( - * 'https://app.example.com/' - * ))); - * phpCAS::allowProxyChain(new CAS_ProxyChain(array( - * '/^https:\/\/app[0-9]\.example\.com\/rest\//', - * 'http://client.example.com/' - * ))); - * - * For quick testing or in certain production screnarios you might want to - * allow allow any other valid service to proxy your service. To do so, add - * the "Any" chain: - * phpCAS::allowProxyChain(new CAS_ProxyChain_Any); - * THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY - * IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER - * ON THIS SERVICE. - * - * @param CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be - * matched against the proxies requesting access - * - * @return void - */ - public static function allowProxyChain(CAS_ProxyChain_Interface $proxy_chain) - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - if (self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_2_0 - && self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_3_0 - ) { - phpCAS :: error('this method can only be used with the cas 2.0/3.0 protocols'); - } - self::$_PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain); - phpCAS :: traceEnd(); - } - - /** - * Answer an array of proxies that are sitting in front of this application. - * This method will only return a non-empty array if we have received and - * validated a Proxy Ticket. - * - * @return array - * @access public - * @since 6/25/09 - */ - public static function getProxies () - { - phpCAS::_validateProxyExists(); - - return(self::$_PHPCAS_CLIENT->getProxies()); - } - - // ######################################################################## - // PGTIOU/PGTID and logoutRequest rebroadcasting - // ######################################################################## - - /** - * Add a pgtIou/pgtId and logoutRequest rebroadcast node. - * - * @param string $rebroadcastNodeUrl The rebroadcast node URL. Can be - * hostname or IP. - * - * @return void - */ - public static function addRebroadcastNode($rebroadcastNodeUrl) - { - phpCAS::traceBegin(); - phpCAS::log('rebroadcastNodeUrl:'.$rebroadcastNodeUrl); - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->addRebroadcastNode($rebroadcastNodeUrl); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS::traceEnd(); - } - - /** - * This method is used to add header parameters when rebroadcasting - * pgtIou/pgtId or logoutRequest. - * - * @param String $header Header to send when rebroadcasting. - * - * @return void - */ - public static function addRebroadcastHeader($header) - { - phpCAS :: traceBegin(); - phpCAS::_validateClientExists(); - - try { - self::$_PHPCAS_CLIENT->addRebroadcastHeader($header); - } catch (Exception $e) { - phpCAS :: error(get_class($e) . ': ' . $e->getMessage()); - } - - phpCAS :: traceEnd(); - } - - /** - * Checks if a client already exists - * - * @throws CAS_OutOfSequenceBeforeClientException - * - * @return void - */ - private static function _validateClientExists() - { - if (!is_object(self::$_PHPCAS_CLIENT)) { - throw new CAS_OutOfSequenceBeforeClientException(); - } - } - - /** - * Checks of a proxy client aready exists - * - * @throws CAS_OutOfSequenceBeforeProxyException - * - * @return void - */ - private static function _validateProxyExists() - { - if (!is_object(self::$_PHPCAS_CLIENT)) { - throw new CAS_OutOfSequenceBeforeProxyException(); - } - } - - /** - * @return CAS_Client - */ - public static function getCasClient() - { - return self::$_PHPCAS_CLIENT; - } - - /** - * For testing purposes, use this method to set the client to a test double - * - * @return void - */ - public static function setCasClient(\CAS_Client $client) - { - self::$_PHPCAS_CLIENT = $client; - } -} -// ######################################################################## -// DOCUMENTATION -// ######################################################################## - -// ######################################################################## -// MAIN PAGE - -/** - * @mainpage - * - * The following pages only show the source documentation. - * - */ - -// ######################################################################## -// MODULES DEFINITION - -/** @defgroup public User interface */ - -/** @defgroup publicInit Initialization - * @ingroup public */ - -/** @defgroup publicAuth Authentication - * @ingroup public */ - -/** @defgroup publicServices Access to external services - * @ingroup public */ - -/** @defgroup publicConfig Configuration - * @ingroup public */ - -/** @defgroup publicLang Internationalization - * @ingroup publicConfig */ - -/** @defgroup publicOutput HTML output - * @ingroup publicConfig */ - -/** @defgroup publicPGTStorage PGT storage - * @ingroup publicConfig */ - -/** @defgroup publicDebug Debugging - * @ingroup public */ - -/** @defgroup internal Implementation */ - -/** @defgroup internalAuthentication Authentication - * @ingroup internal */ - -/** @defgroup internalBasic CAS Basic client features (CAS 1.0, Service Tickets) - * @ingroup internal */ - -/** @defgroup internalProxy CAS Proxy features (CAS 2.0, Proxy Granting Tickets) - * @ingroup internal */ - -/** @defgroup internalSAML CAS SAML features (SAML 1.1) - * @ingroup internal */ - -/** @defgroup internalPGTStorage PGT storage - * @ingroup internalProxy */ - -/** @defgroup internalPGTStorageDb PGT storage in a database - * @ingroup internalPGTStorage */ - -/** @defgroup internalPGTStorageFile PGT storage on the filesystem - * @ingroup internalPGTStorage */ - -/** @defgroup internalCallback Callback from the CAS server - * @ingroup internalProxy */ - -/** @defgroup internalProxyServices Proxy other services - * @ingroup internalProxy */ - -/** @defgroup internalService CAS client features (CAS 2.0, Proxied service) - * @ingroup internal */ - -/** @defgroup internalConfig Configuration - * @ingroup internal */ - -/** @defgroup internalBehave Internal behaviour of phpCAS - * @ingroup internalConfig */ - -/** @defgroup internalOutput HTML output - * @ingroup internalConfig */ - -/** @defgroup internalLang Internationalization - * @ingroup internalConfig - * - * To add a new language: - * - 1. define a new constant PHPCAS_LANG_XXXXXX in CAS/CAS.php - * - 2. copy any file from CAS/languages to CAS/languages/XXXXXX.php - * - 3. Make the translations - */ - -/** @defgroup internalDebug Debugging - * @ingroup internal */ - -/** @defgroup internalMisc Miscellaneous - * @ingroup internal */ - -// ######################################################################## -// EXAMPLES - -/** - * @example example_simple.php - */ -/** - * @example example_service.php - */ -/** - * @example example_service_that_proxies.php - */ -/** - * @example example_service_POST.php - */ -/** - * @example example_proxy_serviceWeb.php - */ -/** - * @example example_proxy_serviceWeb_chaining.php - */ -/** - * @example example_proxy_POST.php - */ -/** - * @example example_proxy_GET.php - */ -/** - * @example example_lang.php - */ -/** - * @example example_html.php - */ -/** - * @example example_pgt_storage_file.php - */ -/** - * @example example_pgt_storage_db.php - */ -/** - * @example example_gateway.php - */ -/** - * @example example_logout.php - */ -/** - * @example example_rebroadcast.php - */ -/** - * @example example_custom_urls.php - */ -/** - * @example example_advanced_saml11.php - */ diff --git a/phpCAS-1.6.1/source/CAS/AuthenticationException.php b/phpCAS-1.6.1/source/CAS/AuthenticationException.php deleted file mode 100644 index 803c889..0000000 --- a/phpCAS-1.6.1/source/CAS/AuthenticationException.php +++ /dev/null @@ -1,115 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This interface defines methods that allow proxy-authenticated service handlers - * to interact with phpCAS. - * - * Proxy service handlers must implement this interface as well as call - * phpCAS::initializeProxiedService($this) at some point in their implementation. - * - * While not required, proxy-authenticated service handlers are encouraged to - * implement the CAS_ProxiedService_Testable interface to facilitate unit testing. - * - * @class CAS_AuthenticationException - * @category Authentication - * @package PhpCAS - * @author Joachim Fritschi - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -class CAS_AuthenticationException -extends RuntimeException -implements CAS_Exception -{ - - /** - * This method is used to print the HTML output when the user was not - * authenticated. - * - * @param CAS_Client $client phpcas client - * @param string $failure the failure that occured - * @param string $cas_url the URL the CAS server was asked for - * @param bool $no_response the response from the CAS server (other - * parameters are ignored if TRUE) - * @param bool $bad_response bad response from the CAS server ($err_code - * and $err_msg ignored if TRUE) - * @param string $cas_response the response of the CAS server - * @param int $err_code the error code given by the CAS server - * @param string $err_msg the error message given by the CAS server - */ - public function __construct($client,$failure,$cas_url,$no_response, - $bad_response=false,$cas_response='',$err_code=-1,$err_msg='' - ) { - $messages = array(); - phpCAS::traceBegin(); - $lang = $client->getLangObj(); - $client->printHTMLHeader($lang->getAuthenticationFailed()); - - if (phpCAS::getVerbose()) { - printf( - $lang->getYouWereNotAuthenticated(), - htmlentities($client->getURL()), - $_SERVER['SERVER_ADMIN'] ?? '' - ); - } - - phpCAS::trace($messages[] = 'CAS URL: '.$cas_url); - phpCAS::trace($messages[] = 'Authentication failure: '.$failure); - if ( $no_response ) { - phpCAS::trace($messages[] = 'Reason: no response from the CAS server'); - } else { - if ( $bad_response ) { - phpCAS::trace($messages[] = 'Reason: bad response from the CAS server'); - } else { - switch ($client->getServerVersion()) { - case CAS_VERSION_1_0: - phpCAS::trace($messages[] = 'Reason: CAS error'); - break; - case CAS_VERSION_2_0: - case CAS_VERSION_3_0: - if ( $err_code === -1 ) { - phpCAS::trace($messages[] = 'Reason: no CAS error'); - } else { - phpCAS::trace($messages[] = 'Reason: ['.$err_code.'] CAS error: '.$err_msg); - } - break; - } - } - phpCAS::trace($messages[] = 'CAS response: '.$cas_response); - } - $client->printHTMLFooter(); - phpCAS::traceExit(); - - parent::__construct(implode("\n", $messages)); - } - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/Autoload.php b/phpCAS-1.6.1/source/CAS/Autoload.php deleted file mode 100644 index 29395d5..0000000 --- a/phpCAS-1.6.1/source/CAS/Autoload.php +++ /dev/null @@ -1,95 +0,0 @@ - - * @copyright 2008 Regents of the University of Nebraska - * @license http://www1.unl.edu/wdn/wiki/Software_License BSD License - * @link http://code.google.com/p/simplecas/ - **/ - -/** - * Autoload a class - * - * @param string $class Classname to load - * - * @return bool - */ -function CAS_autoload($class) -{ - // Static to hold the Include Path to CAS - static $include_path; - // Check only for CAS classes - if (substr($class, 0, 4) !== 'CAS_' && substr($class, 0, 7) !== 'PhpCas\\') { - return false; - } - - // Setup the include path if it's not already set from a previous call - if (empty($include_path)) { - $include_path = array(dirname(__DIR__)); - } - - // Declare local variable to store the expected full path to the file - foreach ($include_path as $path) { - $class_path = str_replace('_', DIRECTORY_SEPARATOR, $class); - // PhpCas namespace mapping - if (substr($class_path, 0, 7) === 'PhpCas\\') { - $class_path = 'CAS' . DIRECTORY_SEPARATOR . substr($class_path, 7); - } - - $file_path = $path . DIRECTORY_SEPARATOR . $class_path . '.php'; - $fp = @fopen($file_path, 'r', true); - if ($fp) { - fclose($fp); - include $file_path; - if (!class_exists($class, false) && !interface_exists($class, false)) { - die( - new Exception( - 'Class ' . $class . ' was not present in ' . - $file_path . - ' [CAS_autoload]' - ) - ); - } - return true; - } - } - - $e = new Exception( - 'Class ' . $class . ' could not be loaded from ' . - $file_path . ', file does not exist (Path="' - . implode(':', $include_path) .'") [CAS_autoload]' - ); - $trace = $e->getTrace(); - if (isset($trace[2]) && isset($trace[2]['function']) - && in_array($trace[2]['function'], array('class_exists', 'interface_exists', 'trait_exists')) - ) { - return false; - } - if (isset($trace[1]) && isset($trace[1]['function']) - && in_array($trace[1]['function'], array('class_exists', 'interface_exists', 'trait_exists')) - ) { - return false; - } - die ((string) $e); -} - -// Set up autoload if not already configured by composer. -if (!class_exists('CAS_Client')) -{ - trigger_error('phpCAS autoloader is deprecated. Install phpCAS using composer instead.', E_USER_DEPRECATED); - spl_autoload_register('CAS_autoload'); - if (function_exists('__autoload') - && !in_array('__autoload', spl_autoload_functions()) - ) { - // __autoload() was being used, but now would be ignored, add - // it to the autoload stack - spl_autoload_register('__autoload'); - } -} diff --git a/phpCAS-1.6.1/source/CAS/Client.php b/phpCAS-1.6.1/source/CAS/Client.php deleted file mode 100644 index 8ca9711..0000000 --- a/phpCAS-1.6.1/source/CAS/Client.php +++ /dev/null @@ -1,4387 +0,0 @@ - - * @author Olivier Berger - * @author Brett Bieber - * @author Joachim Fritschi - * @author Adam Franco - * @author Tobias Schiebeck - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * The CAS_Client class is a client interface that provides CAS authentication - * to PHP applications. - * - * @class CAS_Client - * @category Authentication - * @package PhpCAS - * @author Pascal Aubry - * @author Olivier Berger - * @author Brett Bieber - * @author Joachim Fritschi - * @author Adam Franco - * @author Tobias Schiebeck - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - */ - -class CAS_Client -{ - - // ######################################################################## - // HTML OUTPUT - // ######################################################################## - /** - * @addtogroup internalOutput - * @{ - */ - - /** - * This method filters a string by replacing special tokens by appropriate values - * and prints it. The corresponding tokens are taken into account: - * - __CAS_VERSION__ - * - __PHPCAS_VERSION__ - * - __SERVER_BASE_URL__ - * - * Used by CAS_Client::PrintHTMLHeader() and CAS_Client::printHTMLFooter(). - * - * @param string $str the string to filter and output - * - * @return void - */ - private function _htmlFilterOutput($str) - { - $str = str_replace('__CAS_VERSION__', $this->getServerVersion(), $str); - $str = str_replace('__PHPCAS_VERSION__', phpCAS::getVersion(), $str); - $str = str_replace('__SERVER_BASE_URL__', $this->_getServerBaseURL(), $str); - echo $str; - } - - /** - * A string used to print the header of HTML pages. Written by - * CAS_Client::setHTMLHeader(), read by CAS_Client::printHTMLHeader(). - * - * @hideinitializer - * @see CAS_Client::setHTMLHeader, CAS_Client::printHTMLHeader() - */ - private $_output_header = ''; - - /** - * This method prints the header of the HTML output (after filtering). If - * CAS_Client::setHTMLHeader() was not used, a default header is output. - * - * @param string $title the title of the page - * - * @return void - * @see _htmlFilterOutput() - */ - public function printHTMLHeader($title) - { - if (!phpCAS::getVerbose()) { - return; - } - - $this->_htmlFilterOutput( - str_replace( - '__TITLE__', $title, - (empty($this->_output_header) - ? '__TITLE__

__TITLE__

' - : $this->_output_header) - ) - ); - } - - /** - * A string used to print the footer of HTML pages. Written by - * CAS_Client::setHTMLFooter(), read by printHTMLFooter(). - * - * @hideinitializer - * @see CAS_Client::setHTMLFooter, CAS_Client::printHTMLFooter() - */ - private $_output_footer = ''; - - /** - * This method prints the footer of the HTML output (after filtering). If - * CAS_Client::setHTMLFooter() was not used, a default footer is output. - * - * @return void - * @see _htmlFilterOutput() - */ - public function printHTMLFooter() - { - if (!phpCAS::getVerbose()) { - return; - } - - $lang = $this->getLangObj(); - $message = empty($this->_output_footer) - ? '
phpCAS __PHPCAS_VERSION__ ' . $lang->getUsingServer() . - ' __SERVER_BASE_URL__ (CAS __CAS_VERSION__)
' - : $this->_output_footer; - - $this->_htmlFilterOutput($message); - } - - /** - * This method set the HTML header used for all outputs. - * - * @param string $header the HTML header. - * - * @return void - */ - public function setHTMLHeader($header) - { - // Argument Validation - if (gettype($header) != 'string') - throw new CAS_TypeMismatchException($header, '$header', 'string'); - - $this->_output_header = $header; - } - - /** - * This method set the HTML footer used for all outputs. - * - * @param string $footer the HTML footer. - * - * @return void - */ - public function setHTMLFooter($footer) - { - // Argument Validation - if (gettype($footer) != 'string') - throw new CAS_TypeMismatchException($footer, '$footer', 'string'); - - $this->_output_footer = $footer; - } - - /** - * Simple wrapper for printf function, that respects - * phpCAS verbosity setting. - * - * @param string $format - * @param string|int|float ...$values - * - * @see printf() - */ - private function printf(string $format, ...$values): void - { - if (phpCAS::getVerbose()) { - printf($format, ...$values); - } - } - - /** @} */ - - - // ######################################################################## - // INTERNATIONALIZATION - // ######################################################################## - /** - * @addtogroup internalLang - * @{ - */ - /** - * A string corresponding to the language used by phpCAS. Written by - * CAS_Client::setLang(), read by CAS_Client::getLang(). - - * @note debugging information is always in english (debug purposes only). - */ - private $_lang = PHPCAS_LANG_DEFAULT; - - /** - * This method is used to set the language used by phpCAS. - * - * @param string $lang representing the language. - * - * @return void - */ - public function setLang($lang) - { - // Argument Validation - if (gettype($lang) != 'string') - throw new CAS_TypeMismatchException($lang, '$lang', 'string'); - - phpCAS::traceBegin(); - $obj = new $lang(); - if (!($obj instanceof CAS_Languages_LanguageInterface)) { - throw new CAS_InvalidArgumentException( - '$className must implement the CAS_Languages_LanguageInterface' - ); - } - $this->_lang = $lang; - phpCAS::traceEnd(); - } - /** - * Create the language - * - * @return CAS_Languages_LanguageInterface object implementing the class - */ - public function getLangObj() - { - $classname = $this->_lang; - return new $classname(); - } - - /** @} */ - // ######################################################################## - // CAS SERVER CONFIG - // ######################################################################## - /** - * @addtogroup internalConfig - * @{ - */ - - /** - * a record to store information about the CAS server. - * - $_server['version']: the version of the CAS server - * - $_server['hostname']: the hostname of the CAS server - * - $_server['port']: the port the CAS server is running on - * - $_server['uri']: the base URI the CAS server is responding on - * - $_server['base_url']: the base URL of the CAS server - * - $_server['login_url']: the login URL of the CAS server - * - $_server['service_validate_url']: the service validating URL of the - * CAS server - * - $_server['proxy_url']: the proxy URL of the CAS server - * - $_server['proxy_validate_url']: the proxy validating URL of the CAS server - * - $_server['logout_url']: the logout URL of the CAS server - * - * $_server['version'], $_server['hostname'], $_server['port'] and - * $_server['uri'] are written by CAS_Client::CAS_Client(), read by - * CAS_Client::getServerVersion(), CAS_Client::_getServerHostname(), - * CAS_Client::_getServerPort() and CAS_Client::_getServerURI(). - * - * The other fields are written and read by CAS_Client::_getServerBaseURL(), - * CAS_Client::getServerLoginURL(), CAS_Client::getServerServiceValidateURL(), - * CAS_Client::getServerProxyValidateURL() and CAS_Client::getServerLogoutURL(). - * - * @hideinitializer - */ - private $_server = array( - 'version' => '', - 'hostname' => 'none', - 'port' => -1, - 'uri' => 'none'); - - /** - * This method is used to retrieve the version of the CAS server. - * - * @return string the version of the CAS server. - */ - public function getServerVersion() - { - return $this->_server['version']; - } - - /** - * This method is used to retrieve the hostname of the CAS server. - * - * @return string the hostname of the CAS server. - */ - private function _getServerHostname() - { - return $this->_server['hostname']; - } - - /** - * This method is used to retrieve the port of the CAS server. - * - * @return int the port of the CAS server. - */ - private function _getServerPort() - { - return $this->_server['port']; - } - - /** - * This method is used to retrieve the URI of the CAS server. - * - * @return string a URI. - */ - private function _getServerURI() - { - return $this->_server['uri']; - } - - /** - * This method is used to retrieve the base URL of the CAS server. - * - * @return string a URL. - */ - private function _getServerBaseURL() - { - // the URL is build only when needed - if ( empty($this->_server['base_url']) ) { - $this->_server['base_url'] = 'https://' . $this->_getServerHostname(); - if ($this->_getServerPort()!=443) { - $this->_server['base_url'] .= ':' - .$this->_getServerPort(); - } - $this->_server['base_url'] .= $this->_getServerURI(); - } - return $this->_server['base_url']; - } - - /** - * This method is used to retrieve the login URL of the CAS server. - * - * @param bool $gateway true to check authentication, false to force it - * @param bool $renew true to force the authentication with the CAS server - * - * @return string a URL. - * @note It is recommended that CAS implementations ignore the "gateway" - * parameter if "renew" is set - */ - public function getServerLoginURL($gateway=false,$renew=false) - { - phpCAS::traceBegin(); - // the URL is build only when needed - if ( empty($this->_server['login_url']) ) { - $this->_server['login_url'] = $this->_buildQueryUrl($this->_getServerBaseURL().'login','service='.urlencode($this->getURL())); - } - $url = $this->_server['login_url']; - if ($renew) { - // It is recommended that when the "renew" parameter is set, its - // value be "true" - $url = $this->_buildQueryUrl($url, 'renew=true'); - } elseif ($gateway) { - // It is recommended that when the "gateway" parameter is set, its - // value be "true" - $url = $this->_buildQueryUrl($url, 'gateway=true'); - } - phpCAS::traceEnd($url); - return $url; - } - - /** - * This method sets the login URL of the CAS server. - * - * @param string $url the login URL - * - * @return string login url - */ - public function setServerLoginURL($url) - { - // Argument Validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - return $this->_server['login_url'] = $url; - } - - - /** - * This method sets the serviceValidate URL of the CAS server. - * - * @param string $url the serviceValidate URL - * - * @return string serviceValidate URL - */ - public function setServerServiceValidateURL($url) - { - // Argument Validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - return $this->_server['service_validate_url'] = $url; - } - - - /** - * This method sets the proxyValidate URL of the CAS server. - * - * @param string $url the proxyValidate URL - * - * @return string proxyValidate URL - */ - public function setServerProxyValidateURL($url) - { - // Argument Validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - return $this->_server['proxy_validate_url'] = $url; - } - - - /** - * This method sets the samlValidate URL of the CAS server. - * - * @param string $url the samlValidate URL - * - * @return string samlValidate URL - */ - public function setServerSamlValidateURL($url) - { - // Argument Validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - return $this->_server['saml_validate_url'] = $url; - } - - - /** - * This method is used to retrieve the service validating URL of the CAS server. - * - * @return string serviceValidate URL. - */ - public function getServerServiceValidateURL() - { - phpCAS::traceBegin(); - // the URL is build only when needed - if ( empty($this->_server['service_validate_url']) ) { - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - $this->_server['service_validate_url'] = $this->_getServerBaseURL() - .'validate'; - break; - case CAS_VERSION_2_0: - $this->_server['service_validate_url'] = $this->_getServerBaseURL() - .'serviceValidate'; - break; - case CAS_VERSION_3_0: - $this->_server['service_validate_url'] = $this->_getServerBaseURL() - .'p3/serviceValidate'; - break; - } - } - $url = $this->_buildQueryUrl( - $this->_server['service_validate_url'], - 'service='.urlencode($this->getURL()) - ); - phpCAS::traceEnd($url); - return $url; - } - /** - * This method is used to retrieve the SAML validating URL of the CAS server. - * - * @return string samlValidate URL. - */ - public function getServerSamlValidateURL() - { - phpCAS::traceBegin(); - // the URL is build only when needed - if ( empty($this->_server['saml_validate_url']) ) { - switch ($this->getServerVersion()) { - case SAML_VERSION_1_1: - $this->_server['saml_validate_url'] = $this->_getServerBaseURL().'samlValidate'; - break; - } - } - - $url = $this->_buildQueryUrl( - $this->_server['saml_validate_url'], - 'TARGET='.urlencode($this->getURL()) - ); - phpCAS::traceEnd($url); - return $url; - } - - /** - * This method is used to retrieve the proxy validating URL of the CAS server. - * - * @return string proxyValidate URL. - */ - public function getServerProxyValidateURL() - { - phpCAS::traceBegin(); - // the URL is build only when needed - if ( empty($this->_server['proxy_validate_url']) ) { - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - $this->_server['proxy_validate_url'] = ''; - break; - case CAS_VERSION_2_0: - $this->_server['proxy_validate_url'] = $this->_getServerBaseURL().'proxyValidate'; - break; - case CAS_VERSION_3_0: - $this->_server['proxy_validate_url'] = $this->_getServerBaseURL().'p3/proxyValidate'; - break; - } - } - $url = $this->_buildQueryUrl( - $this->_server['proxy_validate_url'], - 'service='.urlencode($this->getURL()) - ); - phpCAS::traceEnd($url); - return $url; - } - - - /** - * This method is used to retrieve the proxy URL of the CAS server. - * - * @return string proxy URL. - */ - public function getServerProxyURL() - { - // the URL is build only when needed - if ( empty($this->_server['proxy_url']) ) { - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - $this->_server['proxy_url'] = ''; - break; - case CAS_VERSION_2_0: - case CAS_VERSION_3_0: - $this->_server['proxy_url'] = $this->_getServerBaseURL().'proxy'; - break; - } - } - return $this->_server['proxy_url']; - } - - /** - * This method is used to retrieve the logout URL of the CAS server. - * - * @return string logout URL. - */ - public function getServerLogoutURL() - { - // the URL is build only when needed - if ( empty($this->_server['logout_url']) ) { - $this->_server['logout_url'] = $this->_getServerBaseURL().'logout'; - } - return $this->_server['logout_url']; - } - - /** - * This method sets the logout URL of the CAS server. - * - * @param string $url the logout URL - * - * @return string logout url - */ - public function setServerLogoutURL($url) - { - // Argument Validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - return $this->_server['logout_url'] = $url; - } - - /** - * An array to store extra curl options. - */ - private $_curl_options = array(); - - /** - * This method is used to set additional user curl options. - * - * @param string $key name of the curl option - * @param string $value value of the curl option - * - * @return void - */ - public function setExtraCurlOption($key, $value) - { - $this->_curl_options[$key] = $value; - } - - /** @} */ - - // ######################################################################## - // Change the internal behaviour of phpcas - // ######################################################################## - - /** - * @addtogroup internalBehave - * @{ - */ - - /** - * The class to instantiate for making web requests in readUrl(). - * The class specified must implement the CAS_Request_RequestInterface. - * By default CAS_Request_CurlRequest is used, but this may be overridden to - * supply alternate request mechanisms for testing. - */ - private $_requestImplementation = 'CAS_Request_CurlRequest'; - - /** - * Override the default implementation used to make web requests in readUrl(). - * This class must implement the CAS_Request_RequestInterface. - * - * @param string $className name of the RequestImplementation class - * - * @return void - */ - public function setRequestImplementation ($className) - { - $obj = new $className; - if (!($obj instanceof CAS_Request_RequestInterface)) { - throw new CAS_InvalidArgumentException( - '$className must implement the CAS_Request_RequestInterface' - ); - } - $this->_requestImplementation = $className; - } - - /** - * @var boolean $_clearTicketsFromUrl; If true, phpCAS will clear session - * tickets from the URL after a successful authentication. - */ - private $_clearTicketsFromUrl = true; - - /** - * Configure the client to not send redirect headers and call exit() on - * authentication success. The normal redirect is used to remove the service - * ticket from the client's URL, but for running unit tests we need to - * continue without exiting. - * - * Needed for testing authentication - * - * @return void - */ - public function setNoClearTicketsFromUrl () - { - $this->_clearTicketsFromUrl = false; - } - - /** - * @var callback $_attributeParserCallbackFunction; - */ - private $_casAttributeParserCallbackFunction = null; - - /** - * @var array $_attributeParserCallbackArgs; - */ - private $_casAttributeParserCallbackArgs = array(); - - /** - * Set a callback function to be run when parsing CAS attributes - * - * The callback function will be passed a XMLNode as its first parameter, - * followed by any $additionalArgs you pass. - * - * @param string $function callback function to call - * @param array $additionalArgs optional array of arguments - * - * @return void - */ - public function setCasAttributeParserCallback($function, array $additionalArgs = array()) - { - $this->_casAttributeParserCallbackFunction = $function; - $this->_casAttributeParserCallbackArgs = $additionalArgs; - } - - /** @var callable $_postAuthenticateCallbackFunction; - */ - private $_postAuthenticateCallbackFunction = null; - - /** - * @var array $_postAuthenticateCallbackArgs; - */ - private $_postAuthenticateCallbackArgs = array(); - - /** - * Set a callback function to be run when a user authenticates. - * - * The callback function will be passed a $logoutTicket as its first parameter, - * followed by any $additionalArgs you pass. The $logoutTicket parameter is an - * opaque string that can be used to map a session-id to the logout request - * in order to support single-signout in applications that manage their own - * sessions (rather than letting phpCAS start the session). - * - * phpCAS::forceAuthentication() will always exit and forward client unless - * they are already authenticated. To perform an action at the moment the user - * logs in (such as registering an account, performing logging, etc), register - * a callback function here. - * - * @param callable $function callback function to call - * @param array $additionalArgs optional array of arguments - * - * @return void - */ - public function setPostAuthenticateCallback ($function, array $additionalArgs = array()) - { - $this->_postAuthenticateCallbackFunction = $function; - $this->_postAuthenticateCallbackArgs = $additionalArgs; - } - - /** - * @var callable $_signoutCallbackFunction; - */ - private $_signoutCallbackFunction = null; - - /** - * @var array $_signoutCallbackArgs; - */ - private $_signoutCallbackArgs = array(); - - /** - * Set a callback function to be run when a single-signout request is received. - * - * The callback function will be passed a $logoutTicket as its first parameter, - * followed by any $additionalArgs you pass. The $logoutTicket parameter is an - * opaque string that can be used to map a session-id to the logout request in - * order to support single-signout in applications that manage their own sessions - * (rather than letting phpCAS start and destroy the session). - * - * @param callable $function callback function to call - * @param array $additionalArgs optional array of arguments - * - * @return void - */ - public function setSingleSignoutCallback ($function, array $additionalArgs = array()) - { - $this->_signoutCallbackFunction = $function; - $this->_signoutCallbackArgs = $additionalArgs; - } - - // ######################################################################## - // Methods for supplying code-flow feedback to integrators. - // ######################################################################## - - /** - * Ensure that this is actually a proxy object or fail with an exception - * - * @throws CAS_OutOfSequenceBeforeProxyException - * - * @return void - */ - public function ensureIsProxy() - { - if (!$this->isProxy()) { - throw new CAS_OutOfSequenceBeforeProxyException(); - } - } - - /** - * Mark the caller of authentication. This will help client integraters determine - * problems with their code flow if they call a function such as getUser() before - * authentication has occurred. - * - * @param bool $auth True if authentication was successful, false otherwise. - * - * @return null - */ - public function markAuthenticationCall ($auth) - { - // store where the authentication has been checked and the result - $dbg = debug_backtrace(); - $this->_authentication_caller = array ( - 'file' => $dbg[1]['file'], - 'line' => $dbg[1]['line'], - 'method' => $dbg[1]['class'] . '::' . $dbg[1]['function'], - 'result' => (boolean)$auth - ); - } - private $_authentication_caller; - - /** - * Answer true if authentication has been checked. - * - * @return bool - */ - public function wasAuthenticationCalled () - { - return !empty($this->_authentication_caller); - } - - /** - * Ensure that authentication was checked. Terminate with exception if no - * authentication was performed - * - * @throws CAS_OutOfSequenceBeforeAuthenticationCallException - * - * @return void - */ - private function _ensureAuthenticationCalled() - { - if (!$this->wasAuthenticationCalled()) { - throw new CAS_OutOfSequenceBeforeAuthenticationCallException(); - } - } - - /** - * Answer the result of the authentication call. - * - * Throws a CAS_OutOfSequenceException if wasAuthenticationCalled() is false - * and markAuthenticationCall() didn't happen. - * - * @return bool - */ - public function wasAuthenticationCallSuccessful () - { - $this->_ensureAuthenticationCalled(); - return $this->_authentication_caller['result']; - } - - - /** - * Ensure that authentication was checked. Terminate with exception if no - * authentication was performed - * - * @throws CAS_OutOfSequenceException - * - * @return void - */ - public function ensureAuthenticationCallSuccessful() - { - $this->_ensureAuthenticationCalled(); - if (!$this->_authentication_caller['result']) { - throw new CAS_OutOfSequenceException( - 'authentication was checked (by ' - . $this->getAuthenticationCallerMethod() - . '() at ' . $this->getAuthenticationCallerFile() - . ':' . $this->getAuthenticationCallerLine() - . ') but the method returned false' - ); - } - } - - /** - * Answer information about the authentication caller. - * - * Throws a CAS_OutOfSequenceException if wasAuthenticationCalled() is false - * and markAuthenticationCall() didn't happen. - * - * @return string the file that called authentication - */ - public function getAuthenticationCallerFile () - { - $this->_ensureAuthenticationCalled(); - return $this->_authentication_caller['file']; - } - - /** - * Answer information about the authentication caller. - * - * Throws a CAS_OutOfSequenceException if wasAuthenticationCalled() is false - * and markAuthenticationCall() didn't happen. - * - * @return int the line that called authentication - */ - public function getAuthenticationCallerLine () - { - $this->_ensureAuthenticationCalled(); - return $this->_authentication_caller['line']; - } - - /** - * Answer information about the authentication caller. - * - * Throws a CAS_OutOfSequenceException if wasAuthenticationCalled() is false - * and markAuthenticationCall() didn't happen. - * - * @return string the method that called authentication - */ - public function getAuthenticationCallerMethod () - { - $this->_ensureAuthenticationCalled(); - return $this->_authentication_caller['method']; - } - - /** @} */ - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - /** - * @addtogroup internalConfig - * @{ - */ - - /** - * CAS_Client constructor. - * - * @param string $server_version the version of the CAS server - * @param bool $proxy true if the CAS client is a CAS proxy - * @param string $server_hostname the hostname of the CAS server - * @param int $server_port the port the CAS server is running on - * @param string $server_uri the URI the CAS server is responding on - * @param bool $changeSessionID Allow phpCAS to change the session_id - * (Single Sign Out/handleLogoutRequests - * is based on that change) - * @param string|string[]|CAS_ServiceBaseUrl_Interface - * $service_base_url the base URL (protocol, host and the - * optional port) of the CAS client; pass - * in an array to use auto discovery with - * an allowlist; pass in - * CAS_ServiceBaseUrl_Interface for custom - * behavior. Added in 1.6.0. Similar to - * serverName config in other CAS clients. - * @param \SessionHandlerInterface $sessionHandler the session handler - * - * @return self a newly created CAS_Client object - */ - public function __construct( - $server_version, - $proxy, - $server_hostname, - $server_port, - $server_uri, - $service_base_url, - $changeSessionID = true, - \SessionHandlerInterface $sessionHandler = null - ) { - // Argument validation - if (gettype($server_version) != 'string') - throw new CAS_TypeMismatchException($server_version, '$server_version', 'string'); - if (gettype($proxy) != 'boolean') - throw new CAS_TypeMismatchException($proxy, '$proxy', 'boolean'); - if (gettype($server_hostname) != 'string') - throw new CAS_TypeMismatchException($server_hostname, '$server_hostname', 'string'); - if (gettype($server_port) != 'integer') - throw new CAS_TypeMismatchException($server_port, '$server_port', 'integer'); - if (gettype($server_uri) != 'string') - throw new CAS_TypeMismatchException($server_uri, '$server_uri', 'string'); - if (gettype($changeSessionID) != 'boolean') - throw new CAS_TypeMismatchException($changeSessionID, '$changeSessionID', 'boolean'); - - $this->_setServiceBaseUrl($service_base_url); - - if (empty($sessionHandler)) { - $sessionHandler = new CAS_Session_PhpSession; - } - - phpCAS::traceBegin(); - // true : allow to change the session_id(), false session_id won't be - // changed and logout won't be handled because of that - $this->_setChangeSessionID($changeSessionID); - - $this->setSessionHandler($sessionHandler); - - if (!$this->_isLogoutRequest()) { - if (session_id() === "") { - // skip Session Handling for logout requests and if don't want it - session_start(); - phpCAS :: trace("Starting a new session " . session_id()); - } - } - - // Only for debug purposes - if ($this->isSessionAuthenticated()){ - phpCAS :: trace("Session is authenticated as: " . $this->getSessionValue('user')); - } else { - phpCAS :: trace("Session is not authenticated"); - } - // are we in proxy mode ? - $this->_proxy = $proxy; - - // Make cookie handling available. - if ($this->isProxy()) { - if (!$this->hasSessionValue('service_cookies')) { - $this->setSessionValue('service_cookies', array()); - } - // TODO remove explicit call to $_SESSION - $this->_serviceCookieJar = new CAS_CookieJar( - $_SESSION[static::PHPCAS_SESSION_PREFIX]['service_cookies'] - ); - } - - // check version - $supportedProtocols = phpCAS::getSupportedProtocols(); - if (isset($supportedProtocols[$server_version]) === false) { - phpCAS::error( - 'this version of CAS (`'.$server_version - .'\') is not supported by phpCAS '.phpCAS::getVersion() - ); - } - - if ($server_version === CAS_VERSION_1_0 && $this->isProxy()) { - phpCAS::error( - 'CAS proxies are not supported in CAS '.$server_version - ); - } - - $this->_server['version'] = $server_version; - - // check hostname - if ( empty($server_hostname) - || !preg_match('/[\.\d\-a-z]*/', $server_hostname) - ) { - phpCAS::error('bad CAS server hostname (`'.$server_hostname.'\')'); - } - $this->_server['hostname'] = $server_hostname; - - // check port - if ( $server_port == 0 - || !is_int($server_port) - ) { - phpCAS::error('bad CAS server port (`'.$server_hostname.'\')'); - } - $this->_server['port'] = $server_port; - - // check URI - if ( !preg_match('/[\.\d\-_a-z\/]*/', $server_uri) ) { - phpCAS::error('bad CAS server URI (`'.$server_uri.'\')'); - } - // add leading and trailing `/' and remove doubles - if(strstr($server_uri, '?') === false) $server_uri .= '/'; - $server_uri = preg_replace('/\/\//', '/', '/'.$server_uri); - $this->_server['uri'] = $server_uri; - - // set to callback mode if PgtIou and PgtId CGI GET parameters are provided - if ( $this->isProxy() ) { - if(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId'])) { - $this->_setCallbackMode(true); - $this->_setCallbackModeUsingPost(false); - } elseif (!empty($_POST['pgtIou'])&&!empty($_POST['pgtId'])) { - $this->_setCallbackMode(true); - $this->_setCallbackModeUsingPost(true); - } else { - $this->_setCallbackMode(false); - $this->_setCallbackModeUsingPost(false); - } - - - } - - if ( $this->_isCallbackMode() ) { - //callback mode: check that phpCAS is secured - if ( !$this->getServiceBaseUrl()->isHttps() ) { - phpCAS::error( - 'CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server' - ); - } - } else { - //normal mode: get ticket and remove it from CGI parameters for - // developers - $ticket = (isset($_GET['ticket']) ? $_GET['ticket'] : ''); - if (preg_match('/^[SP]T-/', $ticket) ) { - phpCAS::trace('Ticket \''.$ticket.'\' found'); - $this->setTicket($ticket); - unset($_GET['ticket']); - } else if ( !empty($ticket) ) { - //ill-formed ticket, halt - phpCAS::error( - 'ill-formed ticket found in the URL (ticket=`' - .htmlentities($ticket).'\')' - ); - } - - } - phpCAS::traceEnd(); - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX Session Handling XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - /** - * @addtogroup internalConfig - * @{ - */ - - /** The session prefix for phpCAS values */ - const PHPCAS_SESSION_PREFIX = 'phpCAS'; - - /** - * @var bool A variable to whether phpcas will use its own session handling. Default = true - * @hideinitializer - */ - private $_change_session_id = true; - - /** - * @var SessionHandlerInterface - */ - private $_sessionHandler; - - /** - * Set a parameter whether to allow phpCAS to change session_id - * - * @param bool $allowed allow phpCAS to change session_id - * - * @return void - */ - private function _setChangeSessionID($allowed) - { - $this->_change_session_id = $allowed; - } - - /** - * Get whether phpCAS is allowed to change session_id - * - * @return bool - */ - public function getChangeSessionID() - { - return $this->_change_session_id; - } - - /** - * Set the session handler. - * - * @param \SessionHandlerInterface $sessionHandler - * - * @return bool - */ - public function setSessionHandler(\SessionHandlerInterface $sessionHandler) - { - $this->_sessionHandler = $sessionHandler; - if (session_status() !== PHP_SESSION_ACTIVE) { - return session_set_save_handler($this->_sessionHandler, true); - } - return true; - } - - /** - * Get a session value using the given key. - * - * @param string $key - * @param mixed $default default value if the key is not set - * - * @return mixed - */ - protected function getSessionValue($key, $default = null) - { - $this->validateSession($key); - - if (isset($_SESSION[static::PHPCAS_SESSION_PREFIX][$key])) { - return $_SESSION[static::PHPCAS_SESSION_PREFIX][$key]; - } - - return $default; - } - - /** - * Determine whether a session value is set or not. - * - * To check if a session value is empty or not please use - * !!(getSessionValue($key)). - * - * @param string $key - * - * @return bool - */ - protected function hasSessionValue($key) - { - $this->validateSession($key); - - return isset($_SESSION[static::PHPCAS_SESSION_PREFIX][$key]); - } - - /** - * Set a session value using the given key and value. - * - * @param string $key - * @param mixed $value - * - * @return string - */ - protected function setSessionValue($key, $value) - { - $this->validateSession($key); - - $this->ensureSessionArray(); - $_SESSION[static::PHPCAS_SESSION_PREFIX][$key] = $value; - } - - /** - * Ensure that the session array is initialized before writing to it. - */ - protected function ensureSessionArray() { - // init phpCAS session array - if (!isset($_SESSION[static::PHPCAS_SESSION_PREFIX]) - || !is_array($_SESSION[static::PHPCAS_SESSION_PREFIX])) { - $_SESSION[static::PHPCAS_SESSION_PREFIX] = array(); - } - } - - /** - * Remove a session value with the given key. - * - * @param string $key - */ - protected function removeSessionValue($key) - { - $this->validateSession($key); - - if (isset($_SESSION[static::PHPCAS_SESSION_PREFIX][$key])) { - unset($_SESSION[static::PHPCAS_SESSION_PREFIX][$key]); - return true; - } - - return false; - } - - /** - * Remove all phpCAS session values. - */ - protected function clearSessionValues() - { - unset($_SESSION[static::PHPCAS_SESSION_PREFIX]); - } - - /** - * Ensure $key is a string for session utils input - * - * @param string $key - * - * @return bool - */ - protected function validateSession($key) - { - if (!is_string($key)) { - throw new InvalidArgumentException('Session key must be a string.'); - } - - return true; - } - - /** - * Renaming the session - * - * @param string $ticket name of the ticket - * - * @return void - */ - protected function _renameSession($ticket) - { - phpCAS::traceBegin(); - if ($this->getChangeSessionID()) { - if (!empty($this->_user)) { - $old_session = $_SESSION; - phpCAS :: trace("Killing session: ". session_id()); - session_destroy(); - // set up a new session, of name based on the ticket - $session_id = $this->_sessionIdForTicket($ticket); - phpCAS :: trace("Starting session: ". $session_id); - session_id($session_id); - session_start(); - phpCAS :: trace("Restoring old session vars"); - $_SESSION = $old_session; - } else { - phpCAS :: trace ( - 'Session should only be renamed after successfull authentication' - ); - } - } else { - phpCAS :: trace( - "Skipping session rename since phpCAS is not handling the session." - ); - } - phpCAS::traceEnd(); - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX AUTHENTICATION XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - /** - * @addtogroup internalAuthentication - * @{ - */ - - /** - * The Authenticated user. Written by CAS_Client::_setUser(), read by - * CAS_Client::getUser(). - * - * @hideinitializer - */ - private $_user = ''; - - /** - * This method sets the CAS user's login name. - * - * @param string $user the login name of the authenticated user. - * - * @return void - */ - private function _setUser($user) - { - $this->_user = $user; - } - - /** - * This method returns the CAS user's login name. - * - * @return string the login name of the authenticated user - * - * @warning should be called only after CAS_Client::forceAuthentication() or - * CAS_Client::isAuthenticated(), otherwise halt with an error. - */ - public function getUser() - { - // Sequence validation - $this->ensureAuthenticationCallSuccessful(); - - return $this->_getUser(); - } - - /** - * This method returns the CAS user's login name. - * - * @return string the login name of the authenticated user - * - * @warning should be called only after CAS_Client::forceAuthentication() or - * CAS_Client::isAuthenticated(), otherwise halt with an error. - */ - private function _getUser() - { - // This is likely a duplicate check that could be removed.... - if ( empty($this->_user) ) { - phpCAS::error( - 'this method should be used only after '.__CLASS__ - .'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()' - ); - } - return $this->_user; - } - - /** - * The Authenticated users attributes. Written by - * CAS_Client::setAttributes(), read by CAS_Client::getAttributes(). - * @attention client applications should use phpCAS::getAttributes(). - * - * @hideinitializer - */ - private $_attributes = array(); - - /** - * Set an array of attributes - * - * @param array $attributes a key value array of attributes - * - * @return void - */ - public function setAttributes($attributes) - { - $this->_attributes = $attributes; - } - - /** - * Get an key values arry of attributes - * - * @return array of attributes - */ - public function getAttributes() - { - // Sequence validation - $this->ensureAuthenticationCallSuccessful(); - // This is likely a duplicate check that could be removed.... - if ( empty($this->_user) ) { - // if no user is set, there shouldn't be any attributes also... - phpCAS::error( - 'this method should be used only after '.__CLASS__ - .'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()' - ); - } - return $this->_attributes; - } - - /** - * Check whether attributes are available - * - * @return bool attributes available - */ - public function hasAttributes() - { - // Sequence validation - $this->ensureAuthenticationCallSuccessful(); - - return !empty($this->_attributes); - } - /** - * Check whether a specific attribute with a name is available - * - * @param string $key name of attribute - * - * @return bool is attribute available - */ - public function hasAttribute($key) - { - // Sequence validation - $this->ensureAuthenticationCallSuccessful(); - - return $this->_hasAttribute($key); - } - - /** - * Check whether a specific attribute with a name is available - * - * @param string $key name of attribute - * - * @return bool is attribute available - */ - private function _hasAttribute($key) - { - return (is_array($this->_attributes) - && array_key_exists($key, $this->_attributes)); - } - - /** - * Get a specific attribute by name - * - * @param string $key name of attribute - * - * @return string attribute values - */ - public function getAttribute($key) - { - // Sequence validation - $this->ensureAuthenticationCallSuccessful(); - - if ($this->_hasAttribute($key)) { - return $this->_attributes[$key]; - } - } - - /** - * This method is called to renew the authentication of the user - * If the user is authenticated, renew the connection - * If not, redirect to CAS - * - * @return bool true when the user is authenticated; otherwise halt. - */ - public function renewAuthentication() - { - phpCAS::traceBegin(); - // Either way, the user is authenticated by CAS - $this->removeSessionValue('auth_checked'); - if ( $this->isAuthenticated(true) ) { - phpCAS::trace('user already authenticated'); - $res = true; - } else { - $this->redirectToCas(false, true); - // never reached - $res = false; - } - phpCAS::traceEnd(); - return $res; - } - - /** - * This method is called to be sure that the user is authenticated. When not - * authenticated, halt by redirecting to the CAS server; otherwise return true. - * - * @return bool true when the user is authenticated; otherwise halt. - */ - public function forceAuthentication() - { - phpCAS::traceBegin(); - - if ( $this->isAuthenticated() ) { - // the user is authenticated, nothing to be done. - phpCAS::trace('no need to authenticate'); - $res = true; - } else { - // the user is not authenticated, redirect to the CAS server - $this->removeSessionValue('auth_checked'); - $this->redirectToCas(false/* no gateway */); - // never reached - $res = false; - } - phpCAS::traceEnd($res); - return $res; - } - - /** - * An integer that gives the number of times authentication will be cached - * before rechecked. - * - * @hideinitializer - */ - private $_cache_times_for_auth_recheck = 0; - - /** - * Set the number of times authentication will be cached before rechecked. - * - * @param int $n number of times to wait for a recheck - * - * @return void - */ - public function setCacheTimesForAuthRecheck($n) - { - if (gettype($n) != 'integer') - throw new CAS_TypeMismatchException($n, '$n', 'string'); - - $this->_cache_times_for_auth_recheck = $n; - } - - /** - * This method is called to check whether the user is authenticated or not. - * - * @return bool true when the user is authenticated, false when a previous - * gateway login failed or the function will not return if the user is - * redirected to the cas server for a gateway login attempt - */ - public function checkAuthentication() - { - phpCAS::traceBegin(); - $res = false; // default - if ( $this->isAuthenticated() ) { - phpCAS::trace('user is authenticated'); - /* The 'auth_checked' variable is removed just in case it's set. */ - $this->removeSessionValue('auth_checked'); - $res = true; - } else if ($this->getSessionValue('auth_checked')) { - // the previous request has redirected the client to the CAS server - // with gateway=true - $this->removeSessionValue('auth_checked'); - } else { - // avoid a check against CAS on every request - // we need to write this back to session later - $unauth_count = $this->getSessionValue('unauth_count', -2); - - if (($unauth_count != -2 - && $this->_cache_times_for_auth_recheck == -1) - || ($unauth_count >= 0 - && $unauth_count < $this->_cache_times_for_auth_recheck) - ) { - if ($this->_cache_times_for_auth_recheck != -1) { - $unauth_count++; - phpCAS::trace( - 'user is not authenticated (cached for ' - .$unauth_count.' times of ' - .$this->_cache_times_for_auth_recheck.')' - ); - } else { - phpCAS::trace( - 'user is not authenticated (cached for until login pressed)' - ); - } - $this->setSessionValue('unauth_count', $unauth_count); - } else { - $this->setSessionValue('unauth_count', 0); - $this->setSessionValue('auth_checked', true); - phpCAS::trace('user is not authenticated (cache reset)'); - $this->redirectToCas(true/* gateway */); - // never reached - } - } - phpCAS::traceEnd($res); - return $res; - } - - /** - * This method is called to check if the user is authenticated (previously or by - * tickets given in the URL). - * - * @param bool $renew true to force the authentication with the CAS server - * - * @return bool true when the user is authenticated. Also may redirect to the - * same URL without the ticket. - */ - public function isAuthenticated($renew=false) - { - phpCAS::traceBegin(); - $res = false; - - if ( $this->_wasPreviouslyAuthenticated() ) { - if ($this->hasTicket()) { - // User has a additional ticket but was already authenticated - phpCAS::trace( - 'ticket was present and will be discarded, use renewAuthenticate()' - ); - if ($this->_clearTicketsFromUrl) { - phpCAS::trace("Prepare redirect to : ".$this->getURL()); - session_write_close(); - header('Location: '.$this->getURL()); - flush(); - phpCAS::traceExit(); - throw new CAS_GracefullTerminationException(); - } else { - phpCAS::trace( - 'Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.' - ); - $res = true; - } - } else { - // the user has already (previously during the session) been - // authenticated, nothing to be done. - phpCAS::trace( - 'user was already authenticated, no need to look for tickets' - ); - $res = true; - } - - // Mark the auth-check as complete to allow post-authentication - // callbacks to make use of phpCAS::getUser() and similar methods - $this->markAuthenticationCall($res); - } else { - if ($this->hasTicket()) { - $validate_url = ''; - $text_response = ''; - $tree_response = ''; - - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - // if a Service Ticket was given, validate it - phpCAS::trace( - 'CAS 1.0 ticket `'.$this->getTicket().'\' is present' - ); - $this->validateCAS10( - $validate_url, $text_response, $tree_response, $renew - ); // if it fails, it halts - phpCAS::trace( - 'CAS 1.0 ticket `'.$this->getTicket().'\' was validated' - ); - $this->setSessionValue('user', $this->_getUser()); - $res = true; - $logoutTicket = $this->getTicket(); - break; - case CAS_VERSION_2_0: - case CAS_VERSION_3_0: - // if a Proxy Ticket was given, validate it - phpCAS::trace( - 'CAS '.$this->getServerVersion().' ticket `'.$this->getTicket().'\' is present' - ); - $this->validateCAS20( - $validate_url, $text_response, $tree_response, $renew - ); // note: if it fails, it halts - phpCAS::trace( - 'CAS '.$this->getServerVersion().' ticket `'.$this->getTicket().'\' was validated' - ); - if ( $this->isProxy() ) { - $this->_validatePGT( - $validate_url, $text_response, $tree_response - ); // idem - phpCAS::trace('PGT `'.$this->_getPGT().'\' was validated'); - $this->setSessionValue('pgt', $this->_getPGT()); - } - $this->setSessionValue('user', $this->_getUser()); - if (!empty($this->_attributes)) { - $this->setSessionValue('attributes', $this->_attributes); - } - $proxies = $this->getProxies(); - if (!empty($proxies)) { - $this->setSessionValue('proxies', $this->getProxies()); - } - $res = true; - $logoutTicket = $this->getTicket(); - break; - case SAML_VERSION_1_1: - // if we have a SAML ticket, validate it. - phpCAS::trace( - 'SAML 1.1 ticket `'.$this->getTicket().'\' is present' - ); - $this->validateSA( - $validate_url, $text_response, $tree_response, $renew - ); // if it fails, it halts - phpCAS::trace( - 'SAML 1.1 ticket `'.$this->getTicket().'\' was validated' - ); - $this->setSessionValue('user', $this->_getUser()); - $this->setSessionValue('attributes', $this->_attributes); - $res = true; - $logoutTicket = $this->getTicket(); - break; - default: - phpCAS::trace('Protocol error'); - break; - } - } else { - // no ticket given, not authenticated - phpCAS::trace('no ticket found'); - } - - // Mark the auth-check as complete to allow post-authentication - // callbacks to make use of phpCAS::getUser() and similar methods - $this->markAuthenticationCall($res); - - if ($res) { - // call the post-authenticate callback if registered. - if ($this->_postAuthenticateCallbackFunction) { - $args = $this->_postAuthenticateCallbackArgs; - array_unshift($args, $logoutTicket); - call_user_func_array( - $this->_postAuthenticateCallbackFunction, $args - ); - } - - // if called with a ticket parameter, we need to redirect to the - // app without the ticket so that CAS-ification is transparent - // to the browser (for later POSTS) most of the checks and - // errors should have been made now, so we're safe for redirect - // without masking error messages. remove the ticket as a - // security precaution to prevent a ticket in the HTTP_REFERRER - if ($this->_clearTicketsFromUrl) { - phpCAS::trace("Prepare redirect to : ".$this->getURL()); - session_write_close(); - header('Location: '.$this->getURL()); - flush(); - phpCAS::traceExit(); - throw new CAS_GracefullTerminationException(); - } - } - } - phpCAS::traceEnd($res); - return $res; - } - - /** - * This method tells if the current session is authenticated. - * - * @return bool true if authenticated based soley on $_SESSION variable - */ - public function isSessionAuthenticated () - { - return !!$this->getSessionValue('user'); - } - - /** - * This method tells if the user has already been (previously) authenticated - * by looking into the session variables. - * - * @note This function switches to callback mode when needed. - * - * @return bool true when the user has already been authenticated; false otherwise. - */ - private function _wasPreviouslyAuthenticated() - { - phpCAS::traceBegin(); - - if ( $this->_isCallbackMode() ) { - // Rebroadcast the pgtIou and pgtId to all nodes - if ($this->_rebroadcast&&!isset($_POST['rebroadcast'])) { - $this->_rebroadcast(self::PGTIOU); - } - $this->_callback(); - } - - $auth = false; - - if ( $this->isProxy() ) { - // CAS proxy: username and PGT must be present - if ( $this->isSessionAuthenticated() - && $this->getSessionValue('pgt') - ) { - // authentication already done - $this->_setUser($this->getSessionValue('user')); - if ($this->hasSessionValue('attributes')) { - $this->setAttributes($this->getSessionValue('attributes')); - } - $this->_setPGT($this->getSessionValue('pgt')); - phpCAS::trace( - 'user = `'.$this->getSessionValue('user').'\', PGT = `' - .$this->getSessionValue('pgt').'\'' - ); - - // Include the list of proxies - if ($this->hasSessionValue('proxies')) { - $this->_setProxies($this->getSessionValue('proxies')); - phpCAS::trace( - 'proxies = "' - .implode('", "', $this->getSessionValue('proxies')).'"' - ); - } - - $auth = true; - } elseif ( $this->isSessionAuthenticated() - && !$this->getSessionValue('pgt') - ) { - // these two variables should be empty or not empty at the same time - phpCAS::trace( - 'username found (`'.$this->getSessionValue('user') - .'\') but PGT is empty' - ); - // unset all tickets to enforce authentication - $this->clearSessionValues(); - $this->setTicket(''); - } elseif ( !$this->isSessionAuthenticated() - && $this->getSessionValue('pgt') - ) { - // these two variables should be empty or not empty at the same time - phpCAS::trace( - 'PGT found (`'.$this->getSessionValue('pgt') - .'\') but username is empty' - ); - // unset all tickets to enforce authentication - $this->clearSessionValues(); - $this->setTicket(''); - } else { - phpCAS::trace('neither user nor PGT found'); - } - } else { - // `simple' CAS client (not a proxy): username must be present - if ( $this->isSessionAuthenticated() ) { - // authentication already done - $this->_setUser($this->getSessionValue('user')); - if ($this->hasSessionValue('attributes')) { - $this->setAttributes($this->getSessionValue('attributes')); - } - phpCAS::trace('user = `'.$this->getSessionValue('user').'\''); - - // Include the list of proxies - if ($this->hasSessionValue('proxies')) { - $this->_setProxies($this->getSessionValue('proxies')); - phpCAS::trace( - 'proxies = "' - .implode('", "', $this->getSessionValue('proxies')).'"' - ); - } - - $auth = true; - } else { - phpCAS::trace('no user found'); - } - } - - phpCAS::traceEnd($auth); - return $auth; - } - - /** - * This method is used to redirect the client to the CAS server. - * It is used by CAS_Client::forceAuthentication() and - * CAS_Client::checkAuthentication(). - * - * @param bool $gateway true to check authentication, false to force it - * @param bool $renew true to force the authentication with the CAS server - * - * @return void - */ - public function redirectToCas($gateway=false,$renew=false) - { - phpCAS::traceBegin(); - $cas_url = $this->getServerLoginURL($gateway, $renew); - session_write_close(); - if (php_sapi_name() === 'cli') { - @header('Location: '.$cas_url); - } else { - header('Location: '.$cas_url); - } - phpCAS::trace("Redirect to : ".$cas_url); - $lang = $this->getLangObj(); - $this->printHTMLHeader($lang->getAuthenticationWanted()); - $this->printf('

'. $lang->getShouldHaveBeenRedirected(). '

', $cas_url); - $this->printHTMLFooter(); - phpCAS::traceExit(); - throw new CAS_GracefullTerminationException(); - } - - - /** - * This method is used to logout from CAS. - * - * @param array $params an array that contains the optional url and service - * parameters that will be passed to the CAS server - * - * @return void - */ - public function logout($params) - { - phpCAS::traceBegin(); - $cas_url = $this->getServerLogoutURL(); - $paramSeparator = '?'; - if (isset($params['url'])) { - $cas_url = $cas_url . $paramSeparator . "url=" - . urlencode($params['url']); - $paramSeparator = '&'; - } - if (isset($params['service'])) { - $cas_url = $cas_url . $paramSeparator . "service=" - . urlencode($params['service']); - } - header('Location: '.$cas_url); - phpCAS::trace("Prepare redirect to : ".$cas_url); - - phpCAS::trace("Destroying session : ".session_id()); - session_unset(); - session_destroy(); - if (session_status() === PHP_SESSION_NONE) { - phpCAS::trace("Session terminated"); - } else { - phpCAS::error("Session was not terminated"); - phpCAS::trace("Session was not terminated"); - } - $lang = $this->getLangObj(); - $this->printHTMLHeader($lang->getLogout()); - $this->printf('

'.$lang->getShouldHaveBeenRedirected(). '

', $cas_url); - $this->printHTMLFooter(); - phpCAS::traceExit(); - throw new CAS_GracefullTerminationException(); - } - - /** - * Check of the current request is a logout request - * - * @return bool is logout request. - */ - private function _isLogoutRequest() - { - return !empty($_POST['logoutRequest']); - } - - /** - * This method handles logout requests. - * - * @param bool $check_client true to check the client bofore handling - * the request, false not to perform any access control. True by default. - * @param array $allowed_clients an array of host names allowed to send - * logout requests. - * - * @return void - */ - public function handleLogoutRequests($check_client=true, $allowed_clients=array()) - { - phpCAS::traceBegin(); - if (!$this->_isLogoutRequest()) { - phpCAS::trace("Not a logout request"); - phpCAS::traceEnd(); - return; - } - if (!$this->getChangeSessionID() - && is_null($this->_signoutCallbackFunction) - ) { - phpCAS::trace( - "phpCAS can't handle logout requests if it is not allowed to change session_id." - ); - } - phpCAS::trace("Logout requested"); - $decoded_logout_rq = urldecode($_POST['logoutRequest']); - phpCAS::trace("SAML REQUEST: ".$decoded_logout_rq); - $allowed = false; - if ($check_client) { - if ($allowed_clients === array()) { - $allowed_clients = array( $this->_getServerHostname() ); - } - $client_ip = $_SERVER['REMOTE_ADDR']; - $client = gethostbyaddr($client_ip); - phpCAS::trace("Client: ".$client."/".$client_ip); - foreach ($allowed_clients as $allowed_client) { - if (($client == $allowed_client) - || ($client_ip == $allowed_client) - ) { - phpCAS::trace( - "Allowed client '".$allowed_client - ."' matches, logout request is allowed" - ); - $allowed = true; - break; - } else { - phpCAS::trace( - "Allowed client '".$allowed_client."' does not match" - ); - } - } - } else { - phpCAS::trace("No access control set"); - $allowed = true; - } - // If Logout command is permitted proceed with the logout - if ($allowed) { - phpCAS::trace("Logout command allowed"); - // Rebroadcast the logout request - if ($this->_rebroadcast && !isset($_POST['rebroadcast'])) { - $this->_rebroadcast(self::LOGOUT); - } - // Extract the ticket from the SAML Request - preg_match( - "|(.*)|", - $decoded_logout_rq, $tick, PREG_OFFSET_CAPTURE, 3 - ); - $wrappedSamlSessionIndex = preg_replace( - '||', '', $tick[0][0] - ); - $ticket2logout = preg_replace( - '||', '', $wrappedSamlSessionIndex - ); - phpCAS::trace("Ticket to logout: ".$ticket2logout); - - // call the post-authenticate callback if registered. - if ($this->_signoutCallbackFunction) { - $args = $this->_signoutCallbackArgs; - array_unshift($args, $ticket2logout); - call_user_func_array($this->_signoutCallbackFunction, $args); - } - - // If phpCAS is managing the session_id, destroy session thanks to - // session_id. - if ($this->getChangeSessionID()) { - $session_id = $this->_sessionIdForTicket($ticket2logout); - phpCAS::trace("Session id: ".$session_id); - - // destroy a possible application session created before phpcas - if (session_id() !== "") { - session_unset(); - session_destroy(); - } - // fix session ID - session_id($session_id); - $_COOKIE[session_name()]=$session_id; - $_GET[session_name()]=$session_id; - - // Overwrite session - session_start(); - session_unset(); - session_destroy(); - phpCAS::trace("Session ". $session_id . " destroyed"); - } - } else { - phpCAS::error("Unauthorized logout request from client '".$client."'"); - phpCAS::trace("Unauthorized logout request from client '".$client."'"); - } - flush(); - phpCAS::traceExit(); - throw new CAS_GracefullTerminationException(); - - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX BASIC CLIENT FEATURES (CAS 1.0) XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - // ######################################################################## - // ST - // ######################################################################## - /** - * @addtogroup internalBasic - * @{ - */ - - /** - * The Ticket provided in the URL of the request if present - * (empty otherwise). Written by CAS_Client::CAS_Client(), read by - * CAS_Client::getTicket() and CAS_Client::_hasPGT(). - * - * @hideinitializer - */ - private $_ticket = ''; - - /** - * This method returns the Service Ticket provided in the URL of the request. - * - * @return string service ticket. - */ - public function getTicket() - { - return $this->_ticket; - } - - /** - * This method stores the Service Ticket. - * - * @param string $st The Service Ticket. - * - * @return void - */ - public function setTicket($st) - { - $this->_ticket = $st; - } - - /** - * This method tells if a Service Ticket was stored. - * - * @return bool if a Service Ticket has been stored. - */ - public function hasTicket() - { - return !empty($this->_ticket); - } - - /** @} */ - - // ######################################################################## - // ST VALIDATION - // ######################################################################## - /** - * @addtogroup internalBasic - * @{ - */ - - /** - * @var string the certificate of the CAS server CA. - * - * @hideinitializer - */ - private $_cas_server_ca_cert = null; - - - /** - - * validate CN of the CAS server certificate - - * - - * @hideinitializer - - */ - - private $_cas_server_cn_validate = true; - - /** - * Set to true not to validate the CAS server. - * - * @hideinitializer - */ - private $_no_cas_server_validation = false; - - - /** - * Set the CA certificate of the CAS server. - * - * @param string $cert the PEM certificate file name of the CA that emited - * the cert of the server - * @param bool $validate_cn valiate CN of the CAS server certificate - * - * @return void - */ - public function setCasServerCACert($cert, $validate_cn) - { - // Argument validation - if (gettype($cert) != 'string') { - throw new CAS_TypeMismatchException($cert, '$cert', 'string'); - } - if (gettype($validate_cn) != 'boolean') { - throw new CAS_TypeMismatchException($validate_cn, '$validate_cn', 'boolean'); - } - if (!file_exists($cert)) { - throw new CAS_InvalidArgumentException("Certificate file does not exist " . $this->_requestImplementation); - } - $this->_cas_server_ca_cert = $cert; - $this->_cas_server_cn_validate = $validate_cn; - } - - /** - * Set no SSL validation for the CAS server. - * - * @return void - */ - public function setNoCasServerValidation() - { - $this->_no_cas_server_validation = true; - } - - /** - * This method is used to validate a CAS 1,0 ticket; halt on failure, and - * sets $validate_url, $text_reponse and $tree_response on success. - * - * @param string &$validate_url reference to the the URL of the request to - * the CAS server. - * @param string &$text_response reference to the response of the CAS - * server, as is (XML text). - * @param string &$tree_response reference to the response of the CAS - * server, as a DOM XML tree. - * @param bool $renew true to force the authentication with the CAS server - * - * @return bool true when successfull and issue a CAS_AuthenticationException - * and false on an error - * @throws CAS_AuthenticationException - */ - public function validateCAS10(&$validate_url,&$text_response,&$tree_response,$renew=false) - { - phpCAS::traceBegin(); - // build the URL to validate the ticket - $validate_url = $this->getServerServiceValidateURL() - .'&ticket='.urlencode($this->getTicket()); - - if ( $renew ) { - // pass the renew - $validate_url .= '&renew=true'; - } - - $headers = ''; - $err_msg = ''; - // open and read the URL - if ( !$this->_readURL($validate_url, $headers, $text_response, $err_msg) ) { - phpCAS::trace( - 'could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')' - ); - throw new CAS_AuthenticationException( - $this, 'CAS 1.0 ticket not validated', $validate_url, - true/*$no_response*/ - ); - } - - if (preg_match('/^no\n/', $text_response)) { - phpCAS::trace('Ticket has not been validated'); - throw new CAS_AuthenticationException( - $this, 'ST not validated', $validate_url, false/*$no_response*/, - false/*$bad_response*/, $text_response - ); - } else if (!preg_match('/^yes\n/', $text_response)) { - phpCAS::trace('ill-formed response'); - throw new CAS_AuthenticationException( - $this, 'Ticket not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, $text_response - ); - } - // ticket has been validated, extract the user name - $arr = preg_split('/\n/', $text_response); - $this->_setUser(trim($arr[1])); - - $this->_renameSession($this->getTicket()); - - // at this step, ticket has been validated and $this->_user has been set, - phpCAS::traceEnd(true); - return true; - } - - /** @} */ - - - // ######################################################################## - // SAML VALIDATION - // ######################################################################## - /** - * @addtogroup internalSAML - * @{ - */ - - /** - * This method is used to validate a SAML TICKET; halt on failure, and sets - * $validate_url, $text_reponse and $tree_response on success. These - * parameters are used later by CAS_Client::_validatePGT() for CAS proxies. - * - * @param string &$validate_url reference to the the URL of the request to - * the CAS server. - * @param string &$text_response reference to the response of the CAS - * server, as is (XML text). - * @param string &$tree_response reference to the response of the CAS - * server, as a DOM XML tree. - * @param bool $renew true to force the authentication with the CAS server - * - * @return bool true when successfull and issue a CAS_AuthenticationException - * and false on an error - * - * @throws CAS_AuthenticationException - */ - public function validateSA(&$validate_url,&$text_response,&$tree_response,$renew=false) - { - phpCAS::traceBegin(); - $result = false; - // build the URL to validate the ticket - $validate_url = $this->getServerSamlValidateURL(); - - if ( $renew ) { - // pass the renew - $validate_url .= '&renew=true'; - } - - $headers = ''; - $err_msg = ''; - // open and read the URL - if ( !$this->_readURL($validate_url, $headers, $text_response, $err_msg) ) { - phpCAS::trace( - 'could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')' - ); - throw new CAS_AuthenticationException( - $this, 'SA not validated', $validate_url, true/*$no_response*/ - ); - } - - phpCAS::trace('server version: '.$this->getServerVersion()); - - // analyze the result depending on the version - switch ($this->getServerVersion()) { - case SAML_VERSION_1_1: - // create new DOMDocument Object - $dom = new DOMDocument(); - // Fix possible whitspace problems - $dom->preserveWhiteSpace = false; - // read the response of the CAS server into a DOM object - if (!($dom->loadXML($text_response))) { - phpCAS::trace('dom->loadXML() failed'); - throw new CAS_AuthenticationException( - $this, 'SA not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, - $text_response - ); - } - // read the root node of the XML tree - if (!($tree_response = $dom->documentElement)) { - phpCAS::trace('documentElement() failed'); - throw new CAS_AuthenticationException( - $this, 'SA not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, - $text_response - ); - } else if ( $tree_response->localName != 'Envelope' ) { - // insure that tag name is 'Envelope' - phpCAS::trace( - 'bad XML root node (should be `Envelope\' instead of `' - .$tree_response->localName.'\'' - ); - throw new CAS_AuthenticationException( - $this, 'SA not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, - $text_response - ); - } else if ($tree_response->getElementsByTagName("NameIdentifier")->length != 0) { - // check for the NameIdentifier tag in the SAML response - $success_elements = $tree_response->getElementsByTagName("NameIdentifier"); - phpCAS::trace('NameIdentifier found'); - $user = trim($success_elements->item(0)->nodeValue); - phpCAS::trace('user = `'.$user.'`'); - $this->_setUser($user); - $this->_setSessionAttributes($text_response); - $result = true; - } else { - phpCAS::trace('no tag found in SAML payload'); - throw new CAS_AuthenticationException( - $this, 'SA not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, - $text_response - ); - } - } - if ($result) { - $this->_renameSession($this->getTicket()); - } - // at this step, ST has been validated and $this->_user has been set, - phpCAS::traceEnd($result); - return $result; - } - - /** - * This method will parse the DOM and pull out the attributes from the SAML - * payload and put them into an array, then put the array into the session. - * - * @param string $text_response the SAML payload. - * - * @return bool true when successfull and false if no attributes a found - */ - private function _setSessionAttributes($text_response) - { - phpCAS::traceBegin(); - - $result = false; - - $attr_array = array(); - - // create new DOMDocument Object - $dom = new DOMDocument(); - // Fix possible whitspace problems - $dom->preserveWhiteSpace = false; - if (($dom->loadXML($text_response))) { - $xPath = new DOMXPath($dom); - $xPath->registerNamespace('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol'); - $xPath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:1.0:assertion'); - $nodelist = $xPath->query("//saml:Attribute"); - - if ($nodelist) { - foreach ($nodelist as $node) { - $xres = $xPath->query("saml:AttributeValue", $node); - $name = $node->getAttribute("AttributeName"); - $value_array = array(); - foreach ($xres as $node2) { - $value_array[] = $node2->nodeValue; - } - $attr_array[$name] = $value_array; - } - // UGent addition... - foreach ($attr_array as $attr_key => $attr_value) { - if (count($attr_value) > 1) { - $this->_attributes[$attr_key] = $attr_value; - phpCAS::trace("* " . $attr_key . "=" . print_r($attr_value, true)); - } else { - $this->_attributes[$attr_key] = $attr_value[0]; - phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]); - } - } - $result = true; - } else { - phpCAS::trace("SAML Attributes are empty"); - $result = false; - } - } - phpCAS::traceEnd($result); - return $result; - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX PROXY FEATURES (CAS 2.0) XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - // ######################################################################## - // PROXYING - // ######################################################################## - /** - * @addtogroup internalProxy - * @{ - */ - - /** - * @var bool is the client a proxy - * A boolean telling if the client is a CAS proxy or not. Written by - * CAS_Client::CAS_Client(), read by CAS_Client::isProxy(). - */ - private $_proxy; - - /** - * @var CAS_CookieJar Handler for managing service cookies. - */ - private $_serviceCookieJar; - - /** - * Tells if a CAS client is a CAS proxy or not - * - * @return bool true when the CAS client is a CAS proxy, false otherwise - */ - public function isProxy() - { - return $this->_proxy; - } - - - /** @} */ - // ######################################################################## - // PGT - // ######################################################################## - /** - * @addtogroup internalProxy - * @{ - */ - - /** - * the Proxy Grnting Ticket given by the CAS server (empty otherwise). - * Written by CAS_Client::_setPGT(), read by CAS_Client::_getPGT() and - * CAS_Client::_hasPGT(). - * - * @hideinitializer - */ - private $_pgt = ''; - - /** - * This method returns the Proxy Granting Ticket given by the CAS server. - * - * @return string the Proxy Granting Ticket. - */ - private function _getPGT() - { - return $this->_pgt; - } - - /** - * This method stores the Proxy Granting Ticket. - * - * @param string $pgt The Proxy Granting Ticket. - * - * @return void - */ - private function _setPGT($pgt) - { - $this->_pgt = $pgt; - } - - /** - * This method tells if a Proxy Granting Ticket was stored. - * - * @return bool true if a Proxy Granting Ticket has been stored. - */ - private function _hasPGT() - { - return !empty($this->_pgt); - } - - /** @} */ - - // ######################################################################## - // CALLBACK MODE - // ######################################################################## - /** - * @addtogroup internalCallback - * @{ - */ - /** - * each PHP script using phpCAS in proxy mode is its own callback to get the - * PGT back from the CAS server. callback_mode is detected by the constructor - * thanks to the GET parameters. - */ - - /** - * @var bool a boolean to know if the CAS client is running in callback mode. Written by - * CAS_Client::setCallBackMode(), read by CAS_Client::_isCallbackMode(). - * - * @hideinitializer - */ - private $_callback_mode = false; - - /** - * This method sets/unsets callback mode. - * - * @param bool $callback_mode true to set callback mode, false otherwise. - * - * @return void - */ - private function _setCallbackMode($callback_mode) - { - $this->_callback_mode = $callback_mode; - } - - /** - * This method returns true when the CAS client is running in callback mode, - * false otherwise. - * - * @return bool A boolean. - */ - private function _isCallbackMode() - { - return $this->_callback_mode; - } - - /** - * @var bool a boolean to know if the CAS client is using POST parameters when in callback mode. - * Written by CAS_Client::_setCallbackModeUsingPost(), read by CAS_Client::_isCallbackModeUsingPost(). - * - * @hideinitializer - */ - private $_callback_mode_using_post = false; - - /** - * This method sets/unsets usage of POST parameters in callback mode (default/false is GET parameters) - * - * @param bool $callback_mode_using_post true to use POST, false to use GET (default). - * - * @return void - */ - private function _setCallbackModeUsingPost($callback_mode_using_post) - { - $this->_callback_mode_using_post = $callback_mode_using_post; - } - - /** - * This method returns true when the callback mode is using POST, false otherwise. - * - * @return bool A boolean. - */ - private function _isCallbackModeUsingPost() - { - return $this->_callback_mode_using_post; - } - - /** - * the URL that should be used for the PGT callback (in fact the URL of the - * current request without any CGI parameter). Written and read by - * CAS_Client::_getCallbackURL(). - * - * @hideinitializer - */ - private $_callback_url = ''; - - /** - * This method returns the URL that should be used for the PGT callback (in - * fact the URL of the current request without any CGI parameter, except if - * phpCAS::setFixedCallbackURL() was used). - * - * @return string The callback URL - */ - private function _getCallbackURL() - { - // the URL is built when needed only - if ( empty($this->_callback_url) ) { - // remove the ticket if present in the URL - $final_uri = $this->getServiceBaseUrl()->get(); - $request_uri = $_SERVER['REQUEST_URI']; - $request_uri = preg_replace('/\?.*$/', '', $request_uri); - $final_uri .= $request_uri; - $this->_callback_url = $final_uri; - } - return $this->_callback_url; - } - - /** - * This method sets the callback url. - * - * @param string $url url to set callback - * - * @return string the callback url - */ - public function setCallbackURL($url) - { - // Sequence validation - $this->ensureIsProxy(); - // Argument Validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - return $this->_callback_url = $url; - } - - /** - * This method is called by CAS_Client::CAS_Client() when running in callback - * mode. It stores the PGT and its PGT Iou, prints its output and halts. - * - * @return void - */ - private function _callback() - { - phpCAS::traceBegin(); - if ($this->_isCallbackModeUsingPost()) { - $pgtId = $_POST['pgtId']; - $pgtIou = $_POST['pgtIou']; - } else { - $pgtId = $_GET['pgtId']; - $pgtIou = $_GET['pgtIou']; - } - if (preg_match('/^PGTIOU-[\.\-\w]+$/', $pgtIou)) { - if (preg_match('/^[PT]GT-[\.\-\w]+$/', $pgtId)) { - phpCAS::trace('Storing PGT `'.$pgtId.'\' (id=`'.$pgtIou.'\')'); - $this->_storePGT($pgtId, $pgtIou); - if ($this->isXmlResponse()) { - echo '' . "\r\n"; - echo ''; - phpCAS::traceExit("XML response sent"); - } else { - $this->printHTMLHeader('phpCAS callback'); - echo '

Storing PGT `'.$pgtId.'\' (id=`'.$pgtIou.'\').

'; - $this->printHTMLFooter(); - phpCAS::traceExit("HTML response sent"); - } - phpCAS::traceExit("Successfull Callback"); - } else { - phpCAS::error('PGT format invalid' . $pgtId); - phpCAS::traceExit('PGT format invalid' . $pgtId); - } - } else { - phpCAS::error('PGTiou format invalid' . $pgtIou); - phpCAS::traceExit('PGTiou format invalid' . $pgtIou); - } - - // Flush the buffer to prevent from sending anything other then a 200 - // Success Status back to the CAS Server. The Exception would normally - // report as a 500 error. - flush(); - throw new CAS_GracefullTerminationException(); - } - - /** - * Check if application/xml or text/xml is pressent in HTTP_ACCEPT header values - * when return value is complex and contains attached q parameters. - * Example: HTTP_ACCEPT = text/html,application/xhtml+xml,application/xml;q=0.9 - * @return bool - */ - private function isXmlResponse() - { - if (!array_key_exists('HTTP_ACCEPT', $_SERVER)) { - return false; - } - if (strpos($_SERVER['HTTP_ACCEPT'], 'application/xml') === false && strpos($_SERVER['HTTP_ACCEPT'], 'text/xml') === false) { - return false; - } - - return true; - } - - /** @} */ - - // ######################################################################## - // PGT STORAGE - // ######################################################################## - /** - * @addtogroup internalPGTStorage - * @{ - */ - - /** - * @var CAS_PGTStorage_AbstractStorage - * an instance of a class inheriting of PGTStorage, used to deal with PGT - * storage. Created by CAS_Client::setPGTStorageFile(), used - * by CAS_Client::setPGTStorageFile() and CAS_Client::_initPGTStorage(). - * - * @hideinitializer - */ - private $_pgt_storage = null; - - /** - * This method is used to initialize the storage of PGT's. - * Halts on error. - * - * @return void - */ - private function _initPGTStorage() - { - // if no SetPGTStorageXxx() has been used, default to file - if ( !is_object($this->_pgt_storage) ) { - $this->setPGTStorageFile(); - } - - // initializes the storage - $this->_pgt_storage->init(); - } - - /** - * This method stores a PGT. Halts on error. - * - * @param string $pgt the PGT to store - * @param string $pgt_iou its corresponding Iou - * - * @return void - */ - private function _storePGT($pgt,$pgt_iou) - { - // ensure that storage is initialized - $this->_initPGTStorage(); - // writes the PGT - $this->_pgt_storage->write($pgt, $pgt_iou); - } - - /** - * This method reads a PGT from its Iou and deletes the corresponding - * storage entry. - * - * @param string $pgt_iou the PGT Iou - * - * @return string mul The PGT corresponding to the Iou, false when not found. - */ - private function _loadPGT($pgt_iou) - { - // ensure that storage is initialized - $this->_initPGTStorage(); - // read the PGT - return $this->_pgt_storage->read($pgt_iou); - } - - /** - * This method can be used to set a custom PGT storage object. - * - * @param CAS_PGTStorage_AbstractStorage $storage a PGT storage object that - * inherits from the CAS_PGTStorage_AbstractStorage class - * - * @return void - */ - public function setPGTStorage($storage) - { - // Sequence validation - $this->ensureIsProxy(); - - // check that the storage has not already been set - if ( is_object($this->_pgt_storage) ) { - phpCAS::error('PGT storage already defined'); - } - - // check to make sure a valid storage object was specified - if ( !($storage instanceof CAS_PGTStorage_AbstractStorage) ) - throw new CAS_TypeMismatchException($storage, '$storage', 'CAS_PGTStorage_AbstractStorage object'); - - // store the PGTStorage object - $this->_pgt_storage = $storage; - } - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests in a database. - * - * @param string|PDO $dsn_or_pdo a dsn string to use for creating a PDO - * object or a PDO object - * @param string $username the username to use when connecting to the - * database - * @param string $password the password to use when connecting to the - * database - * @param string $table the table to use for storing and retrieving - * PGTs - * @param string $driver_options any driver options to use when connecting - * to the database - * - * @return void - */ - public function setPGTStorageDb( - $dsn_or_pdo, $username='', $password='', $table='', $driver_options=null - ) { - // Sequence validation - $this->ensureIsProxy(); - - // Argument validation - if (!(is_object($dsn_or_pdo) && $dsn_or_pdo instanceof PDO) && !is_string($dsn_or_pdo)) - throw new CAS_TypeMismatchException($dsn_or_pdo, '$dsn_or_pdo', 'string or PDO object'); - if (gettype($username) != 'string') - throw new CAS_TypeMismatchException($username, '$username', 'string'); - if (gettype($password) != 'string') - throw new CAS_TypeMismatchException($password, '$password', 'string'); - if (gettype($table) != 'string') - throw new CAS_TypeMismatchException($table, '$password', 'string'); - - // create the storage object - $this->setPGTStorage( - new CAS_PGTStorage_Db( - $this, $dsn_or_pdo, $username, $password, $table, $driver_options - ) - ); - } - - /** - * This method is used to tell phpCAS to store the response of the - * CAS server to PGT requests onto the filesystem. - * - * @param string $path the path where the PGT's should be stored - * - * @return void - */ - public function setPGTStorageFile($path='') - { - // Sequence validation - $this->ensureIsProxy(); - - // Argument validation - if (gettype($path) != 'string') - throw new CAS_TypeMismatchException($path, '$path', 'string'); - - // create the storage object - $this->setPGTStorage(new CAS_PGTStorage_File($this, $path)); - } - - - // ######################################################################## - // PGT VALIDATION - // ######################################################################## - /** - * This method is used to validate a PGT; halt on failure. - * - * @param string &$validate_url the URL of the request to the CAS server. - * @param string $text_response the response of the CAS server, as is - * (XML text); result of - * CAS_Client::validateCAS10() or - * CAS_Client::validateCAS20(). - * @param DOMElement $tree_response the response of the CAS server, as a DOM XML - * tree; result of CAS_Client::validateCAS10() or CAS_Client::validateCAS20(). - * - * @return bool true when successfull and issue a CAS_AuthenticationException - * and false on an error - * - * @throws CAS_AuthenticationException - */ - private function _validatePGT(&$validate_url,$text_response,$tree_response) - { - phpCAS::traceBegin(); - if ( $tree_response->getElementsByTagName("proxyGrantingTicket")->length == 0) { - phpCAS::trace(' not found'); - // authentication succeded, but no PGT Iou was transmitted - throw new CAS_AuthenticationException( - $this, 'Ticket validated but no PGT Iou transmitted', - $validate_url, false/*$no_response*/, false/*$bad_response*/, - $text_response - ); - } else { - // PGT Iou transmitted, extract it - $pgt_iou = trim( - $tree_response->getElementsByTagName("proxyGrantingTicket")->item(0)->nodeValue - ); - if (preg_match('/^PGTIOU-[\.\-\w]+$/', $pgt_iou)) { - $pgt = $this->_loadPGT($pgt_iou); - if ( $pgt == false ) { - phpCAS::trace('could not load PGT'); - throw new CAS_AuthenticationException( - $this, - 'PGT Iou was transmitted but PGT could not be retrieved', - $validate_url, false/*$no_response*/, - false/*$bad_response*/, $text_response - ); - } - $this->_setPGT($pgt); - } else { - phpCAS::trace('PGTiou format error'); - throw new CAS_AuthenticationException( - $this, 'PGT Iou was transmitted but has wrong format', - $validate_url, false/*$no_response*/, false/*$bad_response*/, - $text_response - ); - } - } - phpCAS::traceEnd(true); - return true; - } - - // ######################################################################## - // PGT VALIDATION - // ######################################################################## - - /** - * This method is used to retrieve PT's from the CAS server thanks to a PGT. - * - * @param string $target_service the service to ask for with the PT. - * @param int &$err_code an error code (PHPCAS_SERVICE_OK on success). - * @param string &$err_msg an error message (empty on success). - * - * @return string|false a Proxy Ticket, or false on error. - */ - public function retrievePT($target_service,&$err_code,&$err_msg) - { - // Argument validation - if (gettype($target_service) != 'string') - throw new CAS_TypeMismatchException($target_service, '$target_service', 'string'); - - phpCAS::traceBegin(); - - // by default, $err_msg is set empty and $pt to true. On error, $pt is - // set to false and $err_msg to an error message. At the end, if $pt is false - // and $error_msg is still empty, it is set to 'invalid response' (the most - // commonly encountered error). - $err_msg = ''; - - // build the URL to retrieve the PT - $cas_url = $this->getServerProxyURL().'?targetService=' - .urlencode($target_service).'&pgt='.$this->_getPGT(); - - $headers = ''; - $cas_response = ''; - // open and read the URL - if ( !$this->_readURL($cas_url, $headers, $cas_response, $err_msg) ) { - phpCAS::trace( - 'could not open URL \''.$cas_url.'\' to validate ('.$err_msg.')' - ); - $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE; - $err_msg = 'could not retrieve PT (no response from the CAS server)'; - phpCAS::traceEnd(false); - return false; - } - - $bad_response = false; - - // create new DOMDocument object - $dom = new DOMDocument(); - // Fix possible whitspace problems - $dom->preserveWhiteSpace = false; - // read the response of the CAS server into a DOM object - if ( !($dom->loadXML($cas_response))) { - phpCAS::trace('dom->loadXML() failed'); - // read failed - $bad_response = true; - } - - if ( !$bad_response ) { - // read the root node of the XML tree - if ( !($root = $dom->documentElement) ) { - phpCAS::trace('documentElement failed'); - // read failed - $bad_response = true; - } - } - - if ( !$bad_response ) { - // insure that tag name is 'serviceResponse' - if ( $root->localName != 'serviceResponse' ) { - phpCAS::trace('localName failed'); - // bad root node - $bad_response = true; - } - } - - if ( !$bad_response ) { - // look for a proxySuccess tag - if ( $root->getElementsByTagName("proxySuccess")->length != 0) { - $proxy_success_list = $root->getElementsByTagName("proxySuccess"); - - // authentication succeded, look for a proxyTicket tag - if ( $proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->length != 0) { - $err_code = PHPCAS_SERVICE_OK; - $err_msg = ''; - $pt = trim( - $proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->item(0)->nodeValue - ); - phpCAS::trace('original PT: '.trim($pt)); - phpCAS::traceEnd($pt); - return $pt; - } else { - phpCAS::trace(' was found, but not '); - } - } else if ($root->getElementsByTagName("proxyFailure")->length != 0) { - // look for a proxyFailure tag - $proxy_failure_list = $root->getElementsByTagName("proxyFailure"); - - // authentication failed, extract the error - $err_code = PHPCAS_SERVICE_PT_FAILURE; - $err_msg = 'PT retrieving failed (code=`' - .$proxy_failure_list->item(0)->getAttribute('code') - .'\', message=`' - .trim($proxy_failure_list->item(0)->nodeValue) - .'\')'; - phpCAS::traceEnd(false); - return false; - } else { - phpCAS::trace('neither nor found'); - } - } - - // at this step, we are sure that the response of the CAS server was - // illformed - $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE; - $err_msg = 'Invalid response from the CAS server (response=`' - .$cas_response.'\')'; - - phpCAS::traceEnd(false); - return false; - } - - /** @} */ - - // ######################################################################## - // READ CAS SERVER ANSWERS - // ######################################################################## - - /** - * @addtogroup internalMisc - * @{ - */ - - /** - * This method is used to acces a remote URL. - * - * @param string $url the URL to access. - * @param string &$headers an array containing the HTTP header lines of the - * response (an empty array on failure). - * @param string &$body the body of the response, as a string (empty on - * failure). - * @param string &$err_msg an error message, filled on failure. - * - * @return bool true on success, false otherwise (in this later case, $err_msg - * contains an error message). - */ - private function _readURL($url, &$headers, &$body, &$err_msg) - { - phpCAS::traceBegin(); - $className = $this->_requestImplementation; - $request = new $className(); - - if (count($this->_curl_options)) { - $request->setCurlOptions($this->_curl_options); - } - - $request->setUrl($url); - - if (empty($this->_cas_server_ca_cert) && !$this->_no_cas_server_validation) { - phpCAS::error( - 'one of the methods phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.' - ); - } - if ($this->_cas_server_ca_cert != '') { - $request->setSslCaCert( - $this->_cas_server_ca_cert, $this->_cas_server_cn_validate - ); - } - - // add extra stuff if SAML - if ($this->getServerVersion() == SAML_VERSION_1_1) { - $request->addHeader("soapaction: http://www.oasis-open.org/committees/security"); - $request->addHeader("cache-control: no-cache"); - $request->addHeader("pragma: no-cache"); - $request->addHeader("accept: text/xml"); - $request->addHeader("connection: keep-alive"); - $request->addHeader("content-type: text/xml"); - $request->makePost(); - $request->setPostBody($this->_buildSAMLPayload()); - } - - if ($request->send()) { - $headers = $request->getResponseHeaders(); - $body = $request->getResponseBody(); - $err_msg = ''; - phpCAS::traceEnd(true); - return true; - } else { - $headers = ''; - $body = ''; - $err_msg = $request->getErrorMessage(); - phpCAS::traceEnd(false); - return false; - } - } - - /** - * This method is used to build the SAML POST body sent to /samlValidate URL. - * - * @return string the SOAP-encased SAMLP artifact (the ticket). - */ - private function _buildSAMLPayload() - { - phpCAS::traceBegin(); - - //get the ticket - $sa = urlencode($this->getTicket()); - - $body = SAML_SOAP_ENV.SAML_SOAP_BODY.SAMLP_REQUEST - .SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE - .SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE; - - phpCAS::traceEnd($body); - return ($body); - } - - /** @} **/ - - // ######################################################################## - // ACCESS TO EXTERNAL SERVICES - // ######################################################################## - - /** - * @addtogroup internalProxyServices - * @{ - */ - - - /** - * Answer a proxy-authenticated service handler. - * - * @param string $type The service type. One of: - * PHPCAS_PROXIED_SERVICE_HTTP_GET, PHPCAS_PROXIED_SERVICE_HTTP_POST, - * PHPCAS_PROXIED_SERVICE_IMAP - * - * @return CAS_ProxiedService - * @throws InvalidArgumentException If the service type is unknown. - */ - public function getProxiedService ($type) - { - // Sequence validation - $this->ensureIsProxy(); - $this->ensureAuthenticationCallSuccessful(); - - // Argument validation - if (gettype($type) != 'string') - throw new CAS_TypeMismatchException($type, '$type', 'string'); - - switch ($type) { - case PHPCAS_PROXIED_SERVICE_HTTP_GET: - case PHPCAS_PROXIED_SERVICE_HTTP_POST: - $requestClass = $this->_requestImplementation; - $request = new $requestClass(); - if (count($this->_curl_options)) { - $request->setCurlOptions($this->_curl_options); - } - $proxiedService = new $type($request, $this->_serviceCookieJar); - if ($proxiedService instanceof CAS_ProxiedService_Testable) { - $proxiedService->setCasClient($this); - } - return $proxiedService; - case PHPCAS_PROXIED_SERVICE_IMAP; - $proxiedService = new CAS_ProxiedService_Imap($this->_getUser()); - if ($proxiedService instanceof CAS_ProxiedService_Testable) { - $proxiedService->setCasClient($this); - } - return $proxiedService; - default: - throw new CAS_InvalidArgumentException( - "Unknown proxied-service type, $type." - ); - } - } - - /** - * Initialize a proxied-service handler with the proxy-ticket it should use. - * - * @param CAS_ProxiedService $proxiedService service handler - * - * @return void - * - * @throws CAS_ProxyTicketException If there is a proxy-ticket failure. - * The code of the Exception will be one of: - * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_FAILURE - * @throws CAS_ProxiedService_Exception If there is a failure getting the - * url from the proxied service. - */ - public function initializeProxiedService (CAS_ProxiedService $proxiedService) - { - // Sequence validation - $this->ensureIsProxy(); - $this->ensureAuthenticationCallSuccessful(); - - $url = $proxiedService->getServiceUrl(); - if (!is_string($url)) { - throw new CAS_ProxiedService_Exception( - "Proxied Service ".get_class($proxiedService) - ."->getServiceUrl() should have returned a string, returned a " - .gettype($url)." instead." - ); - } - $pt = $this->retrievePT($url, $err_code, $err_msg); - if (!$pt) { - throw new CAS_ProxyTicketException($err_msg, $err_code); - } - $proxiedService->setProxyTicket($pt); - } - - /** - * This method is used to access an HTTP[S] service. - * - * @param string $url the service to access. - * @param int &$err_code an error code Possible values are - * PHPCAS_SERVICE_OK (on success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, PHPCAS_SERVICE_PT_FAILURE, - * PHPCAS_SERVICE_NOT_AVAILABLE. - * @param string &$output the output of the service (also used to give an error - * message on failure). - * - * @return bool true on success, false otherwise (in this later case, $err_code - * gives the reason why it failed and $output contains an error message). - */ - public function serviceWeb($url,&$err_code,&$output) - { - // Sequence validation - $this->ensureIsProxy(); - $this->ensureAuthenticationCallSuccessful(); - - // Argument validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - try { - $service = $this->getProxiedService(PHPCAS_PROXIED_SERVICE_HTTP_GET); - $service->setUrl($url); - $service->send(); - $output = $service->getResponseBody(); - $err_code = PHPCAS_SERVICE_OK; - return true; - } catch (CAS_ProxyTicketException $e) { - $err_code = $e->getCode(); - $output = $e->getMessage(); - return false; - } catch (CAS_ProxiedService_Exception $e) { - $lang = $this->getLangObj(); - $output = sprintf( - $lang->getServiceUnavailable(), $url, $e->getMessage() - ); - $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; - return false; - } - } - - /** - * This method is used to access an IMAP/POP3/NNTP service. - * - * @param string $url a string giving the URL of the service, including - * the mailing box for IMAP URLs, as accepted by imap_open(). - * @param string $serviceUrl a string giving for CAS retrieve Proxy ticket - * @param string $flags options given to imap_open(). - * @param int &$err_code an error code Possible values are - * PHPCAS_SERVICE_OK (on success), PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, PHPCAS_SERVICE_PT_FAILURE, - * PHPCAS_SERVICE_NOT_AVAILABLE. - * @param string &$err_msg an error message on failure - * @param string &$pt the Proxy Ticket (PT) retrieved from the CAS - * server to access the URL on success, false on error). - * - * @return object|false an IMAP stream on success, false otherwise (in this later - * case, $err_code gives the reason why it failed and $err_msg contains an - * error message). - */ - public function serviceMail($url,$serviceUrl,$flags,&$err_code,&$err_msg,&$pt) - { - // Sequence validation - $this->ensureIsProxy(); - $this->ensureAuthenticationCallSuccessful(); - - // Argument validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - if (gettype($serviceUrl) != 'string') - throw new CAS_TypeMismatchException($serviceUrl, '$serviceUrl', 'string'); - if (gettype($flags) != 'integer') - throw new CAS_TypeMismatchException($flags, '$flags', 'string'); - - try { - $service = $this->getProxiedService(PHPCAS_PROXIED_SERVICE_IMAP); - $service->setServiceUrl($serviceUrl); - $service->setMailbox($url); - $service->setOptions($flags); - - $stream = $service->open(); - $err_code = PHPCAS_SERVICE_OK; - $pt = $service->getImapProxyTicket(); - return $stream; - } catch (CAS_ProxyTicketException $e) { - $err_msg = $e->getMessage(); - $err_code = $e->getCode(); - $pt = false; - return false; - } catch (CAS_ProxiedService_Exception $e) { - $lang = $this->getLangObj(); - $err_msg = sprintf( - $lang->getServiceUnavailable(), - $url, - $e->getMessage() - ); - $err_code = PHPCAS_SERVICE_NOT_AVAILABLE; - $pt = false; - return false; - } - } - - /** @} **/ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX PROXIED CLIENT FEATURES (CAS 2.0) XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - // ######################################################################## - // PT - // ######################################################################## - /** - * @addtogroup internalService - * @{ - */ - - /** - * This array will store a list of proxies in front of this application. This - * property will only be populated if this script is being proxied rather than - * accessed directly. - * - * It is set in CAS_Client::validateCAS20() and can be read by - * CAS_Client::getProxies() - * - * @access private - */ - private $_proxies = array(); - - /** - * Answer an array of proxies that are sitting in front of this application. - * - * This method will only return a non-empty array if we have received and - * validated a Proxy Ticket. - * - * @return array - * @access public - */ - public function getProxies() - { - return $this->_proxies; - } - - /** - * Set the Proxy array, probably from persistant storage. - * - * @param array $proxies An array of proxies - * - * @return void - * @access private - */ - private function _setProxies($proxies) - { - $this->_proxies = $proxies; - if (!empty($proxies)) { - // For proxy-authenticated requests people are not viewing the URL - // directly since the client is another application making a - // web-service call. - // Because of this, stripping the ticket from the URL is unnecessary - // and causes another web-service request to be performed. Additionally, - // if session handling on either the client or the server malfunctions - // then the subsequent request will not complete successfully. - $this->setNoClearTicketsFromUrl(); - } - } - - /** - * A container of patterns to be allowed as proxies in front of the cas client. - * - * @var CAS_ProxyChain_AllowedList - */ - private $_allowed_proxy_chains; - - /** - * Answer the CAS_ProxyChain_AllowedList object for this client. - * - * @return CAS_ProxyChain_AllowedList - */ - public function getAllowedProxyChains () - { - if (empty($this->_allowed_proxy_chains)) { - $this->_allowed_proxy_chains = new CAS_ProxyChain_AllowedList(); - } - return $this->_allowed_proxy_chains; - } - - /** @} */ - // ######################################################################## - // PT VALIDATION - // ######################################################################## - /** - * @addtogroup internalProxied - * @{ - */ - - /** - * This method is used to validate a cas 2.0 ST or PT; halt on failure - * Used for all CAS 2.0 validations - * - * @param string &$validate_url the url of the reponse - * @param string &$text_response the text of the repsones - * @param DOMElement &$tree_response the domxml tree of the respones - * @param bool $renew true to force the authentication with the CAS server - * - * @return bool true when successfull and issue a CAS_AuthenticationException - * and false on an error - * - * @throws CAS_AuthenticationException - */ - public function validateCAS20(&$validate_url,&$text_response,&$tree_response, $renew=false) - { - phpCAS::traceBegin(); - phpCAS::trace($text_response); - // build the URL to validate the ticket - if ($this->getAllowedProxyChains()->isProxyingAllowed()) { - $validate_url = $this->getServerProxyValidateURL().'&ticket=' - .urlencode($this->getTicket()); - } else { - $validate_url = $this->getServerServiceValidateURL().'&ticket=' - .urlencode($this->getTicket()); - } - - if ( $this->isProxy() ) { - // pass the callback url for CAS proxies - $validate_url .= '&pgtUrl='.urlencode($this->_getCallbackURL()); - } - - if ( $renew ) { - // pass the renew - $validate_url .= '&renew=true'; - } - - // open and read the URL - if ( !$this->_readURL($validate_url, $headers, $text_response, $err_msg) ) { - phpCAS::trace( - 'could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')' - ); - throw new CAS_AuthenticationException( - $this, 'Ticket not validated', $validate_url, - true/*$no_response*/ - ); - } - - // create new DOMDocument object - $dom = new DOMDocument(); - // Fix possible whitspace problems - $dom->preserveWhiteSpace = false; - // CAS servers should only return data in utf-8 - $dom->encoding = "utf-8"; - // read the response of the CAS server into a DOMDocument object - if ( !($dom->loadXML($text_response))) { - // read failed - throw new CAS_AuthenticationException( - $this, 'Ticket not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, $text_response - ); - } else if ( !($tree_response = $dom->documentElement) ) { - // read the root node of the XML tree - // read failed - throw new CAS_AuthenticationException( - $this, 'Ticket not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, $text_response - ); - } else if ($tree_response->localName != 'serviceResponse') { - // insure that tag name is 'serviceResponse' - // bad root node - throw new CAS_AuthenticationException( - $this, 'Ticket not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, $text_response - ); - } else if ( $tree_response->getElementsByTagName("authenticationFailure")->length != 0) { - // authentication failed, extract the error code and message and throw exception - $auth_fail_list = $tree_response - ->getElementsByTagName("authenticationFailure"); - throw new CAS_AuthenticationException( - $this, 'Ticket not validated', $validate_url, - false/*$no_response*/, false/*$bad_response*/, - $text_response, - $auth_fail_list->item(0)->getAttribute('code')/*$err_code*/, - trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/ - ); - } else if ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) { - // authentication succeded, extract the user name - $success_elements = $tree_response - ->getElementsByTagName("authenticationSuccess"); - if ( $success_elements->item(0)->getElementsByTagName("user")->length == 0) { - // no user specified => error - throw new CAS_AuthenticationException( - $this, 'Ticket not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, $text_response - ); - } else { - $this->_setUser( - trim( - $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue - ) - ); - $this->_readExtraAttributesCas20($success_elements); - // Store the proxies we are sitting behind for authorization checking - $proxyList = array(); - if ( sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) { - foreach ($arr as $proxyElem) { - phpCAS::trace("Found Proxy: ".$proxyElem->nodeValue); - $proxyList[] = trim($proxyElem->nodeValue); - } - $this->_setProxies($proxyList); - phpCAS::trace("Storing Proxy List"); - } - // Check if the proxies in front of us are allowed - if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) { - throw new CAS_AuthenticationException( - $this, 'Proxy not allowed', $validate_url, - false/*$no_response*/, true/*$bad_response*/, - $text_response - ); - } else { - $result = true; - } - } - } else { - throw new CAS_AuthenticationException( - $this, 'Ticket not validated', $validate_url, - false/*$no_response*/, true/*$bad_response*/, - $text_response - ); - } - - $this->_renameSession($this->getTicket()); - - // at this step, Ticket has been validated and $this->_user has been set, - - phpCAS::traceEnd($result); - return $result; - } - - /** - * This method recursively parses the attribute XML. - * It also collapses name-value pairs into a single - * array entry. It parses all common formats of - * attributes and well formed XML files. - * - * @param string $root the DOM root element to be parsed - * @param string $namespace namespace of the elements - * - * @return an array of the parsed XML elements - * - * Formats tested: - * - * "Jasig Style" Attributes: - * - * - * - * jsmith - * - * RubyCAS - * Smith - * John - * CN=Staff,OU=Groups,DC=example,DC=edu - * CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu - * - * PGTIOU-84678-8a9d2sfa23casd - * - * - * - * "Jasig Style" Attributes (longer version): - * - * - * - * jsmith - * - * - * surname - * Smith - * - * - * givenName - * John - * - * - * memberOf - * ['CN=Staff,OU=Groups,DC=example,DC=edu', 'CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu'] - * - * - * PGTIOU-84678-8a9d2sfa23casd - * - * - * - * "RubyCAS Style" attributes - * - * - * - * jsmith - * - * RubyCAS - * Smith - * John - * CN=Staff,OU=Groups,DC=example,DC=edu - * CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu - * - * PGTIOU-84678-8a9d2sfa23casd - * - * - * - * "Name-Value" attributes. - * - * Attribute format from these mailing list thread: - * http://jasig.275507.n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.html - * Note: This is a less widely used format, but in use by at least two institutions. - * - * - * - * jsmith - * - * - * - * - * - * - * - * PGTIOU-84678-8a9d2sfa23casd - * - * - * - * result: - * - * Array ( - * [surname] => Smith - * [givenName] => John - * [memberOf] => Array ( - * [0] => CN=Staff, OU=Groups, DC=example, DC=edu - * [1] => CN=Spanish Department, OU=Departments, OU=Groups, DC=example, DC=edu - * ) - * ) - */ - private function _xml_to_array($root, $namespace = "cas") - { - $result = array(); - if ($root->hasAttributes()) { - $attrs = $root->attributes; - $pair = array(); - foreach ($attrs as $attr) { - if ($attr->name === "name") { - $pair['name'] = $attr->value; - } elseif ($attr->name === "value") { - $pair['value'] = $attr->value; - } else { - $result[$attr->name] = $attr->value; - } - if (array_key_exists('name', $pair) && array_key_exists('value', $pair)) { - $result[$pair['name']] = $pair['value']; - } - } - } - if ($root->hasChildNodes()) { - $children = $root->childNodes; - if ($children->length == 1) { - $child = $children->item(0); - if ($child->nodeType == XML_TEXT_NODE) { - $result['_value'] = $child->nodeValue; - return (count($result) == 1) ? $result['_value'] : $result; - } - } - $groups = array(); - foreach ($children as $child) { - $child_nodeName = str_ireplace($namespace . ":", "", $child->nodeName); - if (in_array($child_nodeName, array("user", "proxies", "proxyGrantingTicket"))) { - continue; - } - if (!isset($result[$child_nodeName])) { - $res = $this->_xml_to_array($child, $namespace); - if (!empty($res)) { - $result[$child_nodeName] = $this->_xml_to_array($child, $namespace); - } - } else { - if (!isset($groups[$child_nodeName])) { - $result[$child_nodeName] = array($result[$child_nodeName]); - $groups[$child_nodeName] = 1; - } - $result[$child_nodeName][] = $this->_xml_to_array($child, $namespace); - } - } - } - return $result; - } - - /** - * This method parses a "JSON-like array" of strings - * into an array of strings - * - * @param string $json_value the json-like string: - * e.g.: - * ['CN=Staff,OU=Groups,DC=example,DC=edu', 'CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu'] - * - * @return array of strings Description - * e.g.: - * Array ( - * [0] => CN=Staff,OU=Groups,DC=example,DC=edu - * [1] => CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu - * ) - */ - private function _parse_json_like_array_value($json_value) - { - $parts = explode(",", trim($json_value, "[]")); - $out = array(); - $quote = ''; - foreach ($parts as $part) { - $part = trim($part); - if ($quote === '') { - $value = ""; - if ($this->_startsWith($part, '\'')) { - $quote = '\''; - } elseif ($this->_startsWith($part, '"')) { - $quote = '"'; - } else { - $out[] = $part; - } - $part = ltrim($part, $quote); - } - if ($quote !== '') { - $value .= $part; - if ($this->_endsWith($part, $quote)) { - $out[] = rtrim($value, $quote); - $quote = ''; - } else { - $value .= ", "; - }; - } - } - return $out; - } - - /** - * This method recursively removes unneccessary hirarchy levels in array-trees. - * into an array of strings - * - * @param array $arr the array to flatten - * e.g.: - * Array ( - * [attributes] => Array ( - * [attribute] => Array ( - * [0] => Array ( - * [name] => surname - * [value] => Smith - * ) - * [1] => Array ( - * [name] => givenName - * [value] => John - * ) - * [2] => Array ( - * [name] => memberOf - * [value] => ['CN=Staff,OU=Groups,DC=example,DC=edu', 'CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu'] - * ) - * ) - * ) - * ) - * - * @return array the flattened array - * e.g.: - * Array ( - * [attribute] => Array ( - * [surname] => Smith - * [givenName] => John - * [memberOf] => Array ( - * [0] => CN=Staff, OU=Groups, DC=example, DC=edu - * [1] => CN=Spanish Department, OU=Departments, OU=Groups, DC=example, DC=edu - * ) - * ) - * ) - */ - private function _flatten_array($arr) - { - if (!is_array($arr)) { - if ($this->_startsWith($arr, '[') && $this->_endsWith($arr, ']')) { - return $this->_parse_json_like_array_value($arr); - } else { - return $arr; - } - } - $out = array(); - foreach ($arr as $key => $val) { - if (!is_array($val)) { - $out[$key] = $val; - } else { - switch (count($val)) { - case 1 : { - $key = key($val); - if (array_key_exists($key, $out)) { - $value = $out[$key]; - if (!is_array($value)) { - $out[$key] = array(); - $out[$key][] = $value; - } - $out[$key][] = $this->_flatten_array($val[$key]); - } else { - $out[$key] = $this->_flatten_array($val[$key]); - }; - break; - }; - case 2 : { - if (array_key_exists("name", $val) && array_key_exists("value", $val)) { - $key = $val['name']; - if (array_key_exists($key, $out)) { - $value = $out[$key]; - if (!is_array($value)) { - $out[$key] = array(); - $out[$key][] = $value; - } - $out[$key][] = $this->_flatten_array($val['value']); - } else { - $out[$key] = $this->_flatten_array($val['value']); - }; - } else { - $out[$key] = $this->_flatten_array($val); - } - break; - }; - default: { - $out[$key] = $this->_flatten_array($val); - } - } - } - } - return $out; - } - - /** - * This method will parse the DOM and pull out the attributes from the XML - * payload and put them into an array, then put the array into the session. - * - * @param DOMNodeList $success_elements payload of the response - * - * @return bool true when successfull, halt otherwise by calling - * CAS_Client::_authError(). - */ - private function _readExtraAttributesCas20($success_elements) - { - phpCAS::traceBegin(); - - $extra_attributes = array(); - if ($this->_casAttributeParserCallbackFunction !== null - && is_callable($this->_casAttributeParserCallbackFunction) - ) { - array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0)); - phpCAS :: trace("Calling attritubeParser callback"); - $extra_attributes = call_user_func_array( - $this->_casAttributeParserCallbackFunction, - $this->_casAttributeParserCallbackArgs - ); - } else { - phpCAS :: trace("Parse extra attributes: "); - $attributes = $this->_xml_to_array($success_elements->item(0)); - phpCAS :: trace(print_r($attributes,true). "\nFLATTEN Array: "); - $extra_attributes = $this->_flatten_array($attributes); - phpCAS :: trace(print_r($extra_attributes, true)."\nFILTER : "); - if (array_key_exists("attribute", $extra_attributes)) { - $extra_attributes = $extra_attributes["attribute"]; - } elseif (array_key_exists("attributes", $extra_attributes)) { - $extra_attributes = $extra_attributes["attributes"]; - }; - phpCAS :: trace(print_r($extra_attributes, true)."return"); - } - $this->setAttributes($extra_attributes); - phpCAS::traceEnd(); - return true; - } - - /** - * Add an attribute value to an array of attributes. - * - * @param array &$attributeArray reference to array - * @param string $name name of attribute - * @param string $value value of attribute - * - * @return void - */ - private function _addAttributeToArray(array &$attributeArray, $name, $value) - { - // If multiple attributes exist, add as an array value - if (isset($attributeArray[$name])) { - // Initialize the array with the existing value - if (!is_array($attributeArray[$name])) { - $existingValue = $attributeArray[$name]; - $attributeArray[$name] = array($existingValue); - } - - $attributeArray[$name][] = trim($value); - } else { - $attributeArray[$name] = trim($value); - } - } - - /** @} */ - - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - // XX XX - // XX MISC XX - // XX XX - // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - - /** - * @addtogroup internalMisc - * @{ - */ - - // ######################################################################## - // URL - // ######################################################################## - /** - * the URL of the current request (without any ticket CGI parameter). Written - * and read by CAS_Client::getURL(). - * - * @hideinitializer - */ - private $_url = ''; - - - /** - * This method sets the URL of the current request - * - * @param string $url url to set for service - * - * @return void - */ - public function setURL($url) - { - // Argument Validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - $this->_url = $url; - } - - /** - * This method returns the URL of the current request (without any ticket - * CGI parameter). - * - * @return string The URL - */ - public function getURL() - { - phpCAS::traceBegin(); - // the URL is built when needed only - if ( empty($this->_url) ) { - // remove the ticket if present in the URL - $final_uri = $this->getServiceBaseUrl()->get(); - $request_uri = explode('?', $_SERVER['REQUEST_URI'], 2); - $final_uri .= $request_uri[0]; - - if (isset($request_uri[1]) && $request_uri[1]) { - $query_string= $this->_removeParameterFromQueryString('ticket', $request_uri[1]); - - // If the query string still has anything left, - // append it to the final URI - if ($query_string !== '') { - $final_uri .= "?$query_string"; - } - } - - phpCAS::trace("Final URI: $final_uri"); - $this->setURL($final_uri); - } - phpCAS::traceEnd($this->_url); - return $this->_url; - } - - /** - * This method sets the base URL of the CAS server. - * - * @param string $url the base URL - * - * @return string base url - */ - public function setBaseURL($url) - { - // Argument Validation - if (gettype($url) != 'string') - throw new CAS_TypeMismatchException($url, '$url', 'string'); - - return $this->_server['base_url'] = $url; - } - - /** - * The ServiceBaseUrl object that provides base URL during service URL - * discovery process. - * - * @var CAS_ServiceBaseUrl_Interface - * - * @hideinitializer - */ - private $_serviceBaseUrl = null; - - /** - * Answer the CAS_ServiceBaseUrl_Interface object for this client. - * - * @return CAS_ServiceBaseUrl_Interface - */ - public function getServiceBaseUrl() - { - if (empty($this->_serviceBaseUrl)) { - phpCAS::error("ServiceBaseUrl object is not initialized"); - } - return $this->_serviceBaseUrl; - } - - /** - * This method sets the service base URL used during service URL discovery process. - * - * This is required since phpCAS 1.6.0 to protect the integrity of the authentication. - * - * @since phpCAS 1.6.0 - * - * @param $name can be any of the following: - * - A base URL string. The service URL discovery will always use this (protocol, - * hostname and optional port number) without using any external host names. - * - An array of base URL strings. The service URL discovery will check against - * this list before using the auto discovered base URL. If there is no match, - * the first base URL in the array will be used as the default. This option is - * helpful if your PHP website is accessible through multiple domains without a - * canonical name, or through both HTTP and HTTPS. - * - A class that implements CAS_ServiceBaseUrl_Interface. If you need to customize - * the base URL discovery behavior, you can pass in a class that implements the - * interface. - * - * @return void - */ - private function _setServiceBaseUrl($name) - { - if (is_array($name)) { - $this->_serviceBaseUrl = new CAS_ServiceBaseUrl_AllowedListDiscovery($name); - } else if (is_string($name)) { - $this->_serviceBaseUrl = new CAS_ServiceBaseUrl_Static($name); - } else if ($name instanceof CAS_ServiceBaseUrl_Interface) { - $this->_serviceBaseUrl = $name; - } else { - throw new CAS_TypeMismatchException($name, '$name', 'array, string, or CAS_ServiceBaseUrl_Interface object'); - } - } - - /** - * Removes a parameter from a query string - * - * @param string $parameterName name of parameter - * @param string $queryString query string - * - * @return string new query string - * - * @link http://stackoverflow.com/questions/1842681/regular-expression-to-remove-one-parameter-from-query-string - */ - private function _removeParameterFromQueryString($parameterName, $queryString) - { - $parameterName = preg_quote($parameterName); - return preg_replace( - "/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/", - '', $queryString - ); - } - - /** - * This method is used to append query parameters to an url. Since the url - * might already contain parameter it has to be detected and to build a proper - * URL - * - * @param string $url base url to add the query params to - * @param string $query params in query form with & separated - * - * @return string url with query params - */ - private function _buildQueryUrl($url, $query) - { - $url .= (strstr($url, '?') === false) ? '?' : '&'; - $url .= $query; - return $url; - } - - /** - * This method tests if a string starts with a given character. - * - * @param string $text text to test - * @param string $char character to test for - * - * @return bool true if the $text starts with $char - */ - private function _startsWith($text, $char) - { - return (strpos($text, $char) === 0); - } - - /** - * This method tests if a string ends with a given character - * - * @param string $text text to test - * @param string $char character to test for - * - * @return bool true if the $text ends with $char - */ - private function _endsWith($text, $char) - { - return (strpos(strrev($text), $char) === 0); - } - - /** - * Answer a valid session-id given a CAS ticket. - * - * The output must be deterministic to allow single-log-out when presented with - * the ticket to log-out. - * - * - * @param string $ticket name of the ticket - * - * @return string - */ - private function _sessionIdForTicket($ticket) - { - // Hash the ticket to ensure that the value meets the PHP 7.1 requirement - // that session-ids have a length between 22 and 256 characters. - return hash('sha256', $this->_sessionIdSalt . $ticket); - } - - /** - * Set a salt/seed for the session-id hash to make it harder to guess. - * - * @var string $_sessionIdSalt - */ - private $_sessionIdSalt = ''; - - /** - * Set a salt/seed for the session-id hash to make it harder to guess. - * - * @param string $salt - * - * @return void - */ - public function setSessionIdSalt($salt) { - $this->_sessionIdSalt = (string)$salt; - } - - // ######################################################################## - // AUTHENTICATION ERROR HANDLING - // ######################################################################## - /** - * This method is used to print the HTML output when the user was not - * authenticated. - * - * @param string $failure the failure that occured - * @param string $cas_url the URL the CAS server was asked for - * @param bool $no_response the response from the CAS server (other - * parameters are ignored if true) - * @param bool $bad_response bad response from the CAS server ($err_code - * and $err_msg ignored if true) - * @param string $cas_response the response of the CAS server - * @param int $err_code the error code given by the CAS server - * @param string $err_msg the error message given by the CAS server - * - * @return void - */ - private function _authError( - $failure, - $cas_url, - $no_response=false, - $bad_response=false, - $cas_response='', - $err_code=-1, - $err_msg='' - ) { - phpCAS::traceBegin(); - $lang = $this->getLangObj(); - $this->printHTMLHeader($lang->getAuthenticationFailed()); - $this->printf( - $lang->getYouWereNotAuthenticated(), htmlentities($this->getURL()), - isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN']:'' - ); - phpCAS::trace('CAS URL: '.$cas_url); - phpCAS::trace('Authentication failure: '.$failure); - if ( $no_response ) { - phpCAS::trace('Reason: no response from the CAS server'); - } else { - if ( $bad_response ) { - phpCAS::trace('Reason: bad response from the CAS server'); - } else { - switch ($this->getServerVersion()) { - case CAS_VERSION_1_0: - phpCAS::trace('Reason: CAS error'); - break; - case CAS_VERSION_2_0: - case CAS_VERSION_3_0: - if ( $err_code === -1 ) { - phpCAS::trace('Reason: no CAS error'); - } else { - phpCAS::trace( - 'Reason: ['.$err_code.'] CAS error: '.$err_msg - ); - } - break; - } - } - phpCAS::trace('CAS response: '.$cas_response); - } - $this->printHTMLFooter(); - phpCAS::traceExit(); - throw new CAS_GracefullTerminationException(); - } - - // ######################################################################## - // PGTIOU/PGTID and logoutRequest rebroadcasting - // ######################################################################## - - /** - * Boolean of whether to rebroadcast pgtIou/pgtId and logoutRequest, and - * array of the nodes. - */ - private $_rebroadcast = false; - private $_rebroadcast_nodes = array(); - - /** - * Constants used for determining rebroadcast node type. - */ - const HOSTNAME = 0; - const IP = 1; - - /** - * Determine the node type from the URL. - * - * @param String $nodeURL The node URL. - * - * @return int hostname - * - */ - private function _getNodeType($nodeURL) - { - phpCAS::traceBegin(); - if (preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $nodeURL)) { - phpCAS::traceEnd(self::IP); - return self::IP; - } else { - phpCAS::traceEnd(self::HOSTNAME); - return self::HOSTNAME; - } - } - - /** - * Store the rebroadcast node for pgtIou/pgtId and logout requests. - * - * @param string $rebroadcastNodeUrl The rebroadcast node URL. - * - * @return void - */ - public function addRebroadcastNode($rebroadcastNodeUrl) - { - // Argument validation - if ( !(bool)preg_match("/^(http|https):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i", $rebroadcastNodeUrl)) - throw new CAS_TypeMismatchException($rebroadcastNodeUrl, '$rebroadcastNodeUrl', 'url'); - - // Store the rebroadcast node and set flag - $this->_rebroadcast = true; - $this->_rebroadcast_nodes[] = $rebroadcastNodeUrl; - } - - /** - * An array to store extra rebroadcast curl options. - */ - private $_rebroadcast_headers = array(); - - /** - * This method is used to add header parameters when rebroadcasting - * pgtIou/pgtId or logoutRequest. - * - * @param string $header Header to send when rebroadcasting. - * - * @return void - */ - public function addRebroadcastHeader($header) - { - if (gettype($header) != 'string') - throw new CAS_TypeMismatchException($header, '$header', 'string'); - - $this->_rebroadcast_headers[] = $header; - } - - /** - * Constants used for determining rebroadcast type (logout or pgtIou/pgtId). - */ - const LOGOUT = 0; - const PGTIOU = 1; - - /** - * This method rebroadcasts logout/pgtIou requests. Can be LOGOUT,PGTIOU - * - * @param int $type type of rebroadcasting. - * - * @return void - */ - private function _rebroadcast($type) - { - phpCAS::traceBegin(); - - $rebroadcast_curl_options = array( - CURLOPT_FAILONERROR => 1, - CURLOPT_FOLLOWLOCATION => 1, - CURLOPT_RETURNTRANSFER => 1, - CURLOPT_CONNECTTIMEOUT => 1, - CURLOPT_TIMEOUT => 4); - - // Try to determine the IP address of the server - if (!empty($_SERVER['SERVER_ADDR'])) { - $ip = $_SERVER['SERVER_ADDR']; - } else if (!empty($_SERVER['LOCAL_ADDR'])) { - // IIS 7 - $ip = $_SERVER['LOCAL_ADDR']; - } - // Try to determine the DNS name of the server - if (!empty($ip)) { - $dns = gethostbyaddr($ip); - } - $multiClassName = 'CAS_Request_CurlMultiRequest'; - $multiRequest = new $multiClassName(); - - for ($i = 0; $i < sizeof($this->_rebroadcast_nodes); $i++) { - if ((($this->_getNodeType($this->_rebroadcast_nodes[$i]) == self::HOSTNAME) && !empty($dns) && (stripos($this->_rebroadcast_nodes[$i], $dns) === false)) - || (($this->_getNodeType($this->_rebroadcast_nodes[$i]) == self::IP) && !empty($ip) && (stripos($this->_rebroadcast_nodes[$i], $ip) === false)) - ) { - phpCAS::trace( - 'Rebroadcast target URL: '.$this->_rebroadcast_nodes[$i] - .$_SERVER['REQUEST_URI'] - ); - $className = $this->_requestImplementation; - $request = new $className(); - - $url = $this->_rebroadcast_nodes[$i].$_SERVER['REQUEST_URI']; - $request->setUrl($url); - - if (count($this->_rebroadcast_headers)) { - $request->addHeaders($this->_rebroadcast_headers); - } - - $request->makePost(); - if ($type == self::LOGOUT) { - // Logout request - $request->setPostBody( - 'rebroadcast=false&logoutRequest='.$_POST['logoutRequest'] - ); - } else if ($type == self::PGTIOU) { - // pgtIou/pgtId rebroadcast - $request->setPostBody('rebroadcast=false'); - } - - $request->setCurlOptions($rebroadcast_curl_options); - - $multiRequest->addRequest($request); - } else { - phpCAS::trace( - 'Rebroadcast not sent to self: ' - .$this->_rebroadcast_nodes[$i].' == '.(!empty($ip)?$ip:'') - .'/'.(!empty($dns)?$dns:'') - ); - } - } - // We need at least 1 request - if ($multiRequest->getNumRequests() > 0) { - $multiRequest->send(); - } - phpCAS::traceEnd(); - } - - /** @} */ -} diff --git a/phpCAS-1.6.1/source/CAS/CookieJar.php b/phpCAS-1.6.1/source/CAS/CookieJar.php deleted file mode 100644 index b243937..0000000 --- a/phpCAS-1.6.1/source/CAS/CookieJar.php +++ /dev/null @@ -1,385 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class provides access to service cookies and handles parsing of response - * headers to pull out cookie values. - * - * @class CAS_CookieJar - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_CookieJar -{ - - private $_cookies; - - /** - * Create a new cookie jar by passing it a reference to an array in which it - * should store cookies. - * - * @param array &$storageArray Array to store cookies - * - * @return void - */ - public function __construct (array &$storageArray) - { - $this->_cookies =& $storageArray; - } - - /** - * Store cookies for a web service request. - * Cookie storage is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt - * - * @param string $request_url The URL that generated the response headers. - * @param array $response_headers An array of the HTTP response header strings. - * - * @return void - * - * @access private - */ - public function storeCookies ($request_url, $response_headers) - { - $urlParts = parse_url($request_url); - $defaultDomain = $urlParts['host']; - - $cookies = $this->parseCookieHeaders($response_headers, $defaultDomain); - - foreach ($cookies as $cookie) { - // Enforce the same-origin policy by verifying that the cookie - // would match the url that is setting it - if (!$this->cookieMatchesTarget($cookie, $urlParts)) { - continue; - } - - // store the cookie - $this->storeCookie($cookie); - - phpCAS::trace($cookie['name'].' -> '.$cookie['value']); - } - } - - /** - * Retrieve cookies applicable for a web service request. - * Cookie applicability is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt - * - * @param string $request_url The url that the cookies will be for. - * - * @return array An array containing cookies. E.g. array('name' => 'val'); - * - * @access private - */ - public function getCookies ($request_url) - { - if (!count($this->_cookies)) { - return array(); - } - - // If our request URL can't be parsed, no cookies apply. - $target = parse_url($request_url); - if ($target === false) { - return array(); - } - - $this->expireCookies(); - - $matching_cookies = array(); - foreach ($this->_cookies as $key => $cookie) { - if ($this->cookieMatchesTarget($cookie, $target)) { - $matching_cookies[$cookie['name']] = $cookie['value']; - } - } - return $matching_cookies; - } - - - /** - * Parse Cookies without PECL - * From the comments in http://php.net/manual/en/function.http-parse-cookie.php - * - * @param array $header array of header lines. - * @param string $defaultDomain The domain to use if none is specified in - * the cookie. - * - * @return array of cookies - */ - protected function parseCookieHeaders( $header, $defaultDomain ) - { - phpCAS::traceBegin(); - $cookies = array(); - foreach ( $header as $line ) { - if ( preg_match('/^Set-Cookie2?: /i', $line)) { - $cookies[] = $this->parseCookieHeader($line, $defaultDomain); - } - } - - phpCAS::traceEnd($cookies); - return $cookies; - } - - /** - * Parse a single cookie header line. - * - * Based on RFC2965 http://www.ietf.org/rfc/rfc2965.txt - * - * @param string $line The header line. - * @param string $defaultDomain The domain to use if none is specified in - * the cookie. - * - * @return array - */ - protected function parseCookieHeader ($line, $defaultDomain) - { - if (!$defaultDomain) { - throw new CAS_InvalidArgumentException( - '$defaultDomain was not provided.' - ); - } - - // Set our default values - $cookie = array( - 'domain' => $defaultDomain, - 'path' => '/', - 'secure' => false, - ); - - $line = preg_replace('/^Set-Cookie2?: /i', '', trim($line)); - - // trim any trailing semicolons. - $line = trim($line, ';'); - - phpCAS::trace("Cookie Line: $line"); - - // This implementation makes the assumption that semicolons will not - // be present in quoted attribute values. While attribute values that - // contain semicolons are allowed by RFC2965, they are hopefully rare - // enough to ignore for our purposes. Most browsers make the same - // assumption. - $attributeStrings = explode(';', $line); - - foreach ( $attributeStrings as $attributeString ) { - // split on the first equals sign and use the rest as value - $attributeParts = explode('=', $attributeString, 2); - - $attributeName = trim($attributeParts[0]); - $attributeNameLC = strtolower($attributeName); - - if (isset($attributeParts[1])) { - $attributeValue = trim($attributeParts[1]); - // Values may be quoted strings. - if (strpos($attributeValue, '"') === 0) { - $attributeValue = trim($attributeValue, '"'); - // unescape any escaped quotes: - $attributeValue = str_replace('\"', '"', $attributeValue); - } - } else { - $attributeValue = null; - } - - switch ($attributeNameLC) { - case 'expires': - $cookie['expires'] = strtotime($attributeValue); - break; - case 'max-age': - $cookie['max-age'] = (int)$attributeValue; - // Set an expiry time based on the max-age - if ($cookie['max-age']) { - $cookie['expires'] = time() + $cookie['max-age']; - } else { - // If max-age is zero, then the cookie should be removed - // imediately so set an expiry before now. - $cookie['expires'] = time() - 1; - } - break; - case 'secure': - $cookie['secure'] = true; - break; - case 'domain': - case 'path': - case 'port': - case 'version': - case 'comment': - case 'commenturl': - case 'discard': - case 'httponly': - case 'samesite': - $cookie[$attributeNameLC] = $attributeValue; - break; - default: - $cookie['name'] = $attributeName; - $cookie['value'] = $attributeValue; - } - } - - return $cookie; - } - - /** - * Add, update, or remove a cookie. - * - * @param array $cookie A cookie array as created by parseCookieHeaders() - * - * @return void - * - * @access protected - */ - protected function storeCookie ($cookie) - { - // Discard any old versions of this cookie. - $this->discardCookie($cookie); - $this->_cookies[] = $cookie; - - } - - /** - * Discard an existing cookie - * - * @param array $cookie An cookie - * - * @return void - * - * @access protected - */ - protected function discardCookie ($cookie) - { - if (!isset($cookie['domain']) - || !isset($cookie['path']) - || !isset($cookie['path']) - ) { - throw new CAS_InvalidArgumentException('Invalid Cookie array passed.'); - } - - foreach ($this->_cookies as $key => $old_cookie) { - if ( $cookie['domain'] == $old_cookie['domain'] - && $cookie['path'] == $old_cookie['path'] - && $cookie['name'] == $old_cookie['name'] - ) { - unset($this->_cookies[$key]); - } - } - } - - /** - * Go through our stored cookies and remove any that are expired. - * - * @return void - * - * @access protected - */ - protected function expireCookies () - { - foreach ($this->_cookies as $key => $cookie) { - if (isset($cookie['expires']) && $cookie['expires'] < time()) { - unset($this->_cookies[$key]); - } - } - } - - /** - * Answer true if cookie is applicable to a target. - * - * @param array $cookie An array of cookie attributes. - * @param array|false $target An array of URL attributes as generated by parse_url(). - * - * @return bool - * - * @access private - */ - protected function cookieMatchesTarget ($cookie, $target) - { - if (!is_array($target)) { - throw new CAS_InvalidArgumentException( - '$target must be an array of URL attributes as generated by parse_url().' - ); - } - if (!isset($target['host'])) { - throw new CAS_InvalidArgumentException( - '$target must be an array of URL attributes as generated by parse_url().' - ); - } - - // Verify that the scheme matches - if ($cookie['secure'] && $target['scheme'] != 'https') { - return false; - } - - // Verify that the host matches - // Match domain and mulit-host cookies - if (strpos($cookie['domain'], '.') === 0) { - // .host.domain.edu cookies are valid for host.domain.edu - if (substr($cookie['domain'], 1) == $target['host']) { - // continue with other checks - } else { - // non-exact host-name matches. - // check that the target host a.b.c.edu is within .b.c.edu - $pos = strripos($target['host'], $cookie['domain']); - if (!$pos) { - return false; - } - // verify that the cookie domain is the last part of the host. - if ($pos + strlen($cookie['domain']) != strlen($target['host'])) { - return false; - } - // verify that the host name does not contain interior dots as per - // RFC 2965 section 3.3.2 Rejecting Cookies - // http://www.ietf.org/rfc/rfc2965.txt - $hostname = substr($target['host'], 0, $pos); - if (strpos($hostname, '.') !== false) { - return false; - } - } - } else { - // If the cookie host doesn't begin with '.', - // the host must case-insensitive match exactly - if (strcasecmp($target['host'], $cookie['domain']) !== 0) { - return false; - } - } - - // Verify that the port matches - if (isset($cookie['ports']) - && !in_array($target['port'], $cookie['ports']) - ) { - return false; - } - - // Verify that the path matches - if (strpos($target['path'], $cookie['path']) !== 0) { - return false; - } - - return true; - } - -} - -?> diff --git a/phpCAS-1.6.1/source/CAS/Exception.php b/phpCAS-1.6.1/source/CAS/Exception.php deleted file mode 100644 index 2ff7cd6..0000000 --- a/phpCAS-1.6.1/source/CAS/Exception.php +++ /dev/null @@ -1,59 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * A root exception interface for all exceptions in phpCAS. - * - * All exceptions thrown in phpCAS should implement this interface to allow them - * to be caught as a category by clients. Each phpCAS exception should extend - * an appropriate SPL exception class that best fits its type. - * - * For example, an InvalidArgumentException in phpCAS should be defined as - * - * class CAS_InvalidArgumentException - * extends InvalidArgumentException - * implements CAS_Exception - * { } - * - * This definition allows the CAS_InvalidArgumentException to be caught as either - * an InvalidArgumentException or as a CAS_Exception. - * - * @class CAS_Exception - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - */ -interface CAS_Exception -{ - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/GracefullTerminationException.php b/phpCAS-1.6.1/source/CAS/GracefullTerminationException.php deleted file mode 100644 index 29aa638..0000000 --- a/phpCAS-1.6.1/source/CAS/GracefullTerminationException.php +++ /dev/null @@ -1,86 +0,0 @@ - - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * An exception for terminatinating execution or to throw for unit testing - * - * @class CAS_GracefullTerminationException.php - * @category Authentication - * @package PhpCAS - * @author Joachim Fritschi - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -class CAS_GracefullTerminationException -extends RuntimeException -implements CAS_Exception -{ - - /** - * Test if exceptions should be thrown or if we should just exit. - * In production usage we want to just exit cleanly when prompting the user - * for a redirect without filling the error logs with uncaught exceptions. - * In unit testing scenarios we cannot exit or we won't be able to continue - * with our tests. - * - * @param string $message Message Text - * @param int $code Error code - * - * @return self - */ - public function __construct ($message = 'Terminate Gracefully', $code = 0) - { - // Exit cleanly to avoid filling up the logs with uncaught exceptions. - if (self::$_exitWhenThrown) { - exit; - } else { - // Throw exceptions to allow unit testing to continue; - parent::__construct($message, $code); - } - } - - private static $_exitWhenThrown = true; - /** - * Force phpcas to thow Exceptions instead of calling exit() - * Needed for unit testing. Generally shouldn't be used in production due to - * an increase in Apache error logging if CAS_GracefulTerminiationExceptions - * are not caught and handled. - * - * @return void - */ - public static function throwInsteadOfExiting() - { - self::$_exitWhenThrown = false; - } - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/InvalidArgumentException.php b/phpCAS-1.6.1/source/CAS/InvalidArgumentException.php deleted file mode 100644 index 99be2ac..0000000 --- a/phpCAS-1.6.1/source/CAS/InvalidArgumentException.php +++ /dev/null @@ -1,46 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Exception that denotes invalid arguments were passed. - * - * @class CAS_InvalidArgumentException - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_InvalidArgumentException -extends InvalidArgumentException -implements CAS_Exception -{ - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/Languages/Catalan.php b/phpCAS-1.6.1/source/CAS/Languages/Catalan.php deleted file mode 100644 index 1ead905..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/Catalan.php +++ /dev/null @@ -1,114 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Catalan language class - * - * @class CAS_Languages_Catalan - * @category Authentication - * @package PhpCAS - * @author Iván-Benjamín García Torà - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ -class CAS_Languages_Catalan implements CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return 'usant servidor'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return 'Autentificació CAS necessària!'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return 'Sortida de CAS necessària!'; - } - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected() - { - return 'Ja hauria d\ haver estat redireccionat al servidor CAS. Feu click aquí per a continuar.'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'Autentificació CAS fallida!'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

No estàs autentificat.

Pots tornar a intentar-ho fent click aquí.

Si el problema persisteix hauría de contactar amb l\'administrador d\'aquest llocc.

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'El servei `%s\' no està disponible (%s).'; - } -} diff --git a/phpCAS-1.6.1/source/CAS/Languages/ChineseSimplified.php b/phpCAS-1.6.1/source/CAS/Languages/ChineseSimplified.php deleted file mode 100644 index 5e33cb6..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/ChineseSimplified.php +++ /dev/null @@ -1,114 +0,0 @@ -, Phy25 - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Chinese Simplified language class - * - * @class CAS_Languages_ChineseSimplified - * @category Authentication - * @package PhpCAS - * @author Pascal Aubry , Phy25 - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ -class CAS_Languages_ChineseSimplified implements CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return '连接的服务器'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return '请进行 CAS 认证!'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return '请进行 CAS 登出!'; - } - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected() - { - return '你正被重定向到 CAS 服务器。点击这里继续。'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'CAS 认证失败!'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

你没有成功登录。

你可以点击这里重新登录

如果问题依然存在,请联系本站管理员

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return '服务器 %s 不可用(%s)。'; - } -} diff --git a/phpCAS-1.6.1/source/CAS/Languages/English.php b/phpCAS-1.6.1/source/CAS/Languages/English.php deleted file mode 100644 index cb13bde..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/English.php +++ /dev/null @@ -1,114 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * English language class - * - * @class CAS_Languages_English - * @category Authentication - * @package PhpCAS - * @author Pascal Aubry - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ -class CAS_Languages_English implements CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return 'using server'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return 'CAS Authentication wanted!'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return 'CAS logout wanted!'; - } - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected() - { - return 'You should already have been redirected to the CAS server. Click here to continue.'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'CAS Authentication failed!'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

You were not authenticated.

You may submit your request again by clicking here.

If the problem persists, you may contact the administrator of this site.

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'The service `%s\' is not available (%s).'; - } -} diff --git a/phpCAS-1.6.1/source/CAS/Languages/French.php b/phpCAS-1.6.1/source/CAS/Languages/French.php deleted file mode 100644 index 14f65ab..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/French.php +++ /dev/null @@ -1,116 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * French language class - * - * @class CAS_Languages_French - * @category Authentication - * @package PhpCAS - * @author Pascal Aubry - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ -class CAS_Languages_French implements CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return 'utilisant le serveur'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return 'Authentication CAS nécessaire !'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return 'Déconnexion demandée !'; - } - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected() - { - return 'Vous auriez du etre redirigé(e) vers le serveur CAS. Cliquez ici pour continuer.'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'Authentification CAS infructueuse !'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

Vous n\'avez pas été authentifié(e).

Vous pouvez soumettre votre requete à nouveau en cliquant ici.

Si le problème persiste, vous pouvez contacter l\'administrateur de ce site.

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'Le service `%s\' est indisponible (%s)'; - } -} - -?> diff --git a/phpCAS-1.6.1/source/CAS/Languages/Galego.php b/phpCAS-1.6.1/source/CAS/Languages/Galego.php deleted file mode 100644 index d5bf404..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/Galego.php +++ /dev/null @@ -1,117 +0,0 @@ -aquí para continuar'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'Autenticación CAS errada!'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return ' -

Non estás autenticado

Podes volver tentalo facendo click aquí.

Se o problema persiste debería contactar con el administrador deste sitio.

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'O servizo `%s\' non está dispoñible (%s).'; - } -} -?> diff --git a/phpCAS-1.6.1/source/CAS/Languages/German.php b/phpCAS-1.6.1/source/CAS/Languages/German.php deleted file mode 100644 index b718b14..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/German.php +++ /dev/null @@ -1,116 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * German language class - * - * @class CAS_Languages_German - * @category Authentication - * @package PhpCAS - * @author Henrik Genssen - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ -class CAS_Languages_German implements CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return 'via Server'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return 'CAS Authentifizierung erforderlich!'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return 'CAS Abmeldung!'; - } - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected() - { - return 'eigentlich häten Sie zum CAS Server weitergeleitet werden sollen. Drücken Sie hier um fortzufahren.'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'CAS Anmeldung fehlgeschlagen!'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

Sie wurden nicht angemeldet.

Um es erneut zu versuchen klicken Sie hier.

Wenn das Problem bestehen bleibt, kontaktieren Sie den Administrator dieser Seite.

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'Der Dienst `%s\' ist nicht verfügbar (%s).'; - } -} - -?> diff --git a/phpCAS-1.6.1/source/CAS/Languages/Greek.php b/phpCAS-1.6.1/source/CAS/Languages/Greek.php deleted file mode 100644 index 1cfb107..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/Greek.php +++ /dev/null @@ -1,115 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Greek language class - * - * @class CAS_Languages_Greek - * @category Authentication - * @package PhpCAS - * @author Vangelis Haniotakis - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ -class CAS_Languages_Greek implements CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return 'χρησιμοποιείται ο εξυπηρετητής'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return 'Απαιτείται η ταυτοποίηση CAS!'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return 'Απαιτείται η αποσύνδεση από CAS!'; - } - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected() - { - return 'Θα έπρεπε να είχατε ανακατευθυνθεί στον εξυπηρετητή CAS. Κάντε κλίκ εδώ για να συνεχίσετε.'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'Η ταυτοποίηση CAS απέτυχε!'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

Δεν ταυτοποιηθήκατε.

Μπορείτε να ξαναπροσπαθήσετε, κάνοντας κλίκ εδώ.

Εαν το πρόβλημα επιμείνει, ελάτε σε επαφή με τον διαχειριστή.

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'Η υπηρεσία `%s\' δεν είναι διαθέσιμη (%s).'; - } -} -?> diff --git a/phpCAS-1.6.1/source/CAS/Languages/Japanese.php b/phpCAS-1.6.1/source/CAS/Languages/Japanese.php deleted file mode 100644 index 5681484..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/Japanese.php +++ /dev/null @@ -1,113 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Japanese language class. Now Encoding is UTF-8. - * - * @class CAS_Languages_Japanese - * @category Authentication - * @package PhpCAS - * @author fnorif - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - **/ -class CAS_Languages_Japanese implements CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return 'サーバーを使っています。'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return 'CASによる認証を行います。'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return 'CASからログアウトします!'; - } - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected() - { - return 'CASサーバに行く必要があります。自動的に転送されない場合は こちら をクリックして続行します。'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'CASによる認証に失敗しました。'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

認証できませんでした。

もう一度リクエストを送信する場合はこちらをクリック。

問題が解決しない場合は このサイトの管理者に問い合わせてください。

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'サービス `%s\' は利用できません (%s)。'; - } -} -?> diff --git a/phpCAS-1.6.1/source/CAS/Languages/LanguageInterface.php b/phpCAS-1.6.1/source/CAS/Languages/LanguageInterface.php deleted file mode 100644 index dfb0ac5..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/LanguageInterface.php +++ /dev/null @@ -1,96 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Language Interface class for all internationalization files - * - * @class CAS_Languages_LanguageInterface - * @category Authentication - * @package PhpCAS - * @author Joachim Fritschi - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ - -interface CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer(); - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted(); - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout(); - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected(); - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed(); - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated(); - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable(); - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/Languages/Portuguese.php b/phpCAS-1.6.1/source/CAS/Languages/Portuguese.php deleted file mode 100644 index a927cad..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/Portuguese.php +++ /dev/null @@ -1,114 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252517/phpCAS - */ - -/** - * Portuguese language class - * - * @class CAS_Languages_Portuguese - * @category Authentication - * @package PhpCAS - * @author Sherwin Harris - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252517/phpCAS - * - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ -class CAS_Languages_Portuguese implements CAS_Languages_LanguageInterface -{ - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return 'Usando o servidor'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return 'A autenticação do servidor CAS desejado!'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return 'Saida do servidor CAS desejado!'; - } - - /** - * Get the should have been redirected string - * - * @return string should have been redirected - */ - public function getShouldHaveBeenRedirected() - { - return 'Você já deve ter sido redirecionado para o servidor CAS. Clique aqui para continuar'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return 'A autenticação do servidor CAS falheu!'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

Você não foi autenticado.

Você pode enviar sua solicitação novamente clicando aqui.

Se o problema persistir, você pode entrar em contato com o administrador deste site.

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'O serviço `%s\' não está disponível (%s).'; - } -} diff --git a/phpCAS-1.6.1/source/CAS/Languages/Spanish.php b/phpCAS-1.6.1/source/CAS/Languages/Spanish.php deleted file mode 100644 index c6ea50e..0000000 --- a/phpCAS-1.6.1/source/CAS/Languages/Spanish.php +++ /dev/null @@ -1,117 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Spanish language class - * - * @class CAS_Languages_Spanish - * @category Authentication - * @package PhpCAS - * @author Iván-Benjamín García Torà - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - - * @sa @link internalLang Internationalization @endlink - * @ingroup internalLang - */ -class CAS_Languages_Spanish implements CAS_Languages_LanguageInterface -{ - - /** - * Get the using server string - * - * @return string using server - */ - public function getUsingServer() - { - return 'usando servidor'; - } - - /** - * Get authentication wanted string - * - * @return string authentication wanted - */ - public function getAuthenticationWanted() - { - return '¡Autentificación CAS necesaria!'; - } - - /** - * Get logout string - * - * @return string logout - */ - public function getLogout() - { - return '¡Salida CAS necesaria!'; - } - - /** - * Get the should have been redirected string - * - * @return string should habe been redirected - */ - public function getShouldHaveBeenRedirected() - { - return 'Ya debería haber sido redireccionado al servidor CAS. Haga click aquí para continuar.'; - } - - /** - * Get authentication failed string - * - * @return string authentication failed - */ - public function getAuthenticationFailed() - { - return '¡Autentificación CAS fallida!'; - } - - /** - * Get the your were not authenticated string - * - * @return string not authenticated - */ - public function getYouWereNotAuthenticated() - { - return '

No estás autentificado.

Puedes volver a intentarlo haciendo click aquí.

Si el problema persiste debería contactar con el administrador de este sitio.

'; - } - - /** - * Get the service unavailable string - * - * @return string service unavailable - */ - public function getServiceUnavailable() - { - return 'El servicio `%s\' no está disponible (%s).'; - } -} -?> diff --git a/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeAuthenticationCallException.php b/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeAuthenticationCallException.php deleted file mode 100644 index d4d7680..0000000 --- a/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeAuthenticationCallException.php +++ /dev/null @@ -1,56 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class defines Exceptions that should be thrown when the sequence of - * operations is invalid. In this case it should be thrown when an - * authentication call has not yet happened. - * - * @class CAS_OutOfSequenceBeforeAuthenticationCallException - * @category Authentication - * @package PhpCAS - * @author Joachim Fritschi - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_OutOfSequenceBeforeAuthenticationCallException -extends CAS_OutOfSequenceException -implements CAS_Exception -{ - /** - * Return standard error meessage - * - * @return void - */ - public function __construct () - { - parent::__construct('An authentication call hasn\'t happened yet.'); - } -} diff --git a/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeClientException.php b/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeClientException.php deleted file mode 100644 index 6c2c39c..0000000 --- a/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeClientException.php +++ /dev/null @@ -1,58 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class defines Exceptions that should be thrown when the sequence of - * operations is invalid. In this case it should be thrown when the client() or - * proxy() call has not yet happened and no client or proxy object exists. - * - * @class CAS_OutOfSequenceBeforeClientException - * @category Authentication - * @package PhpCAS - * @author Joachim Fritschi - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_OutOfSequenceBeforeClientException -extends CAS_OutOfSequenceException -implements CAS_Exception -{ - /** - * Return standard error message - * - * @return void - */ - public function __construct () - { - parent::__construct( - 'this method cannot be called before phpCAS::client() or phpCAS::proxy()' - ); - } -} diff --git a/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeProxyException.php b/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeProxyException.php deleted file mode 100644 index 7991555..0000000 --- a/phpCAS-1.6.1/source/CAS/OutOfSequenceBeforeProxyException.php +++ /dev/null @@ -1,59 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class defines Exceptions that should be thrown when the sequence of - * operations is invalid. In this case it should be thrown when the proxy() call - * has not yet happened and no proxy object exists. - * - * @class CAS_OutOfSequenceBeforeProxyException - * @category Authentication - * @package PhpCAS - * @author Joachim Fritschi - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_OutOfSequenceBeforeProxyException -extends CAS_OutOfSequenceException -implements CAS_Exception -{ - - /** - * Return standard error message - * - * @return void - */ - public function __construct () - { - parent::__construct( - 'this method cannot be called before phpCAS::proxy()' - ); - } -} diff --git a/phpCAS-1.6.1/source/CAS/OutOfSequenceException.php b/phpCAS-1.6.1/source/CAS/OutOfSequenceException.php deleted file mode 100644 index d6f7d88..0000000 --- a/phpCAS-1.6.1/source/CAS/OutOfSequenceException.php +++ /dev/null @@ -1,49 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class defines Exceptions that should be thrown when the sequence of - * operations is invalid. Examples are: - * - Requesting the response before executing a request. - * - Changing the URL of a request after executing the request. - * - * @class CAS_OutOfSequenceException - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_OutOfSequenceException -extends BadMethodCallException -implements CAS_Exception -{ - -} diff --git a/phpCAS-1.6.1/source/CAS/PGTStorage/AbstractStorage.php b/phpCAS-1.6.1/source/CAS/PGTStorage/AbstractStorage.php deleted file mode 100644 index a93568d..0000000 --- a/phpCAS-1.6.1/source/CAS/PGTStorage/AbstractStorage.php +++ /dev/null @@ -1,222 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Basic class for PGT storage - * The CAS_PGTStorage_AbstractStorage class is a generic class for PGT storage. - * This class should not be instanciated itself but inherited by specific PGT - * storage classes. - * - * @class CAS_PGTStorage_AbstractStorage - * @category Authentication - * @package PhpCAS - * @author Pascal Aubry - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @ingroup internalPGTStorage - */ - -abstract class CAS_PGTStorage_AbstractStorage -{ - /** - * @addtogroup internalPGTStorage - * @{ - */ - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The constructor of the class, should be called only by inherited classes. - * - * @param CAS_Client $cas_parent the CAS _client instance that creates the - * current object. - * - * @return void - * - * @protected - */ - function __construct($cas_parent) - { - phpCAS::traceBegin(); - if ( !$cas_parent->isProxy() ) { - phpCAS::error( - 'defining PGT storage makes no sense when not using a CAS proxy' - ); - } - phpCAS::traceEnd(); - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This virtual method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @return string - * - * @public - */ - function getStorageType() - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** - * This virtual method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @return string - * - * @public - */ - function getStorageInfo() - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - // ######################################################################## - // ERROR HANDLING - // ######################################################################## - - /** - * string used to store an error message. Written by - * PGTStorage::setErrorMessage(), read by PGTStorage::getErrorMessage(). - * - * @hideinitializer - * @deprecated not used. - */ - var $_error_message=false; - - /** - * This method sets en error message, which can be read later by - * PGTStorage::getErrorMessage(). - * - * @param string $error_message an error message - * - * @return void - * - * @deprecated not used. - */ - function setErrorMessage($error_message) - { - $this->_error_message = $error_message; - } - - /** - * This method returns an error message set by PGTStorage::setErrorMessage(). - * - * @return string an error message when set by PGTStorage::setErrorMessage(), FALSE - * otherwise. - * - * @deprecated not used. - */ - function getErrorMessage() - { - return $this->_error_message; - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * a boolean telling if the storage has already been initialized. Written by - * PGTStorage::init(), read by PGTStorage::isInitialized(). - * - * @hideinitializer - */ - var $_initialized = false; - - /** - * This method tells if the storage has already been intialized. - * - * @return bool - * - * @protected - */ - function isInitialized() - { - return $this->_initialized; - } - - /** - * This virtual method initializes the object. - * - * @return void - */ - function init() - { - $this->_initialized = true; - } - - // ######################################################################## - // PGT I/O - // ######################################################################## - - /** - * This virtual method stores a PGT and its corresponding PGT Iuo. - * - * @param string $pgt the PGT - * @param string $pgt_iou the PGT iou - * - * @return void - * - * @note Should never be called. - * - */ - function write($pgt,$pgt_iou) - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** - * This virtual method reads a PGT corresponding to a PGT Iou and deletes - * the corresponding storage entry. - * - * @param string $pgt_iou the PGT iou - * - * @return string - * - * @note Should never be called. - */ - function read($pgt_iou) - { - phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called'); - } - - /** @} */ - -} - -?> diff --git a/phpCAS-1.6.1/source/CAS/PGTStorage/Db.php b/phpCAS-1.6.1/source/CAS/PGTStorage/Db.php deleted file mode 100644 index 2efe5a3..0000000 --- a/phpCAS-1.6.1/source/CAS/PGTStorage/Db.php +++ /dev/null @@ -1,440 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -define('CAS_PGT_STORAGE_DB_DEFAULT_TABLE', 'cas_pgts'); - -/** - * Basic class for PGT database storage - * The CAS_PGTStorage_Db class is a class for PGT database storage. - * - * @class CAS_PGTStorage_Db - * @category Authentication - * @package PhpCAS - * @author Daniel Frett - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * @ingroup internalPGTStorageDb - */ - -class CAS_PGTStorage_Db extends CAS_PGTStorage_AbstractStorage -{ - /** - * @addtogroup internalCAS_PGTStorageDb - * @{ - */ - - /** - * the PDO object to use for database interactions - */ - private $_pdo; - - /** - * This method returns the PDO object to use for database interactions. - * - * @return PDO object - */ - private function _getPdo() - { - return $this->_pdo; - } - - /** - * database connection options to use when creating a new PDO object - */ - private $_dsn; - private $_username; - private $_password; - private $_driver_options; - - /** - * @var string the table to use for storing/retrieving pgt's - */ - private $_table; - - /** - * This method returns the table to use when storing/retrieving PGT's - * - * @return string the name of the pgt storage table. - */ - private function _getTable() - { - return $this->_table; - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @return string an informational string. - */ - public function getStorageType() - { - return "db"; - } - - /** - * This method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @return string an informational string. - * @public - */ - public function getStorageInfo() - { - return 'table=`'.$this->_getTable().'\''; - } - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The class constructor. - * - * @param CAS_Client $cas_parent the CAS_Client instance that creates - * the object. - * @param string $dsn_or_pdo a dsn string to use for creating a PDO - * object or a PDO object - * @param string $username the username to use when connecting to - * the database - * @param string $password the password to use when connecting to - * the database - * @param string $table the table to use for storing and - * retrieving PGT's - * @param string $driver_options any driver options to use when - * connecting to the database - */ - public function __construct( - $cas_parent, $dsn_or_pdo, $username='', $password='', $table='', - $driver_options=null - ) { - phpCAS::traceBegin(); - // call the ancestor's constructor - parent::__construct($cas_parent); - - // set default values - if ( empty($table) ) { - $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE; - } - if ( !is_array($driver_options) ) { - $driver_options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION); - } - - // store the specified parameters - if ($dsn_or_pdo instanceof PDO) { - $this->_pdo = $dsn_or_pdo; - } else { - $this->_dsn = $dsn_or_pdo; - $this->_username = $username; - $this->_password = $password; - $this->_driver_options = $driver_options; - } - - // store the table name - $this->_table = $table; - - phpCAS::traceEnd(); - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * This method is used to initialize the storage. Halts on error. - * - * @return void - */ - public function init() - { - phpCAS::traceBegin(); - // if the storage has already been initialized, return immediatly - if ($this->isInitialized()) { - return; - } - - // initialize the base object - parent::init(); - - // create the PDO object if it doesn't exist already - if (!($this->_pdo instanceof PDO)) { - try { - $this->_pdo = new PDO( - $this->_dsn, $this->_username, $this->_password, - $this->_driver_options - ); - } - catch(PDOException $e) { - phpCAS::error('Database connection error: ' . $e->getMessage()); - } - } - - phpCAS::traceEnd(); - } - - // ######################################################################## - // PDO database interaction - // ######################################################################## - - /** - * attribute that stores the previous error mode for the PDO handle while - * processing a transaction - */ - private $_errMode; - - /** - * This method will enable the Exception error mode on the PDO object - * - * @return void - */ - private function _setErrorMode() - { - // get PDO object and enable exception error mode - $pdo = $this->_getPdo(); - $this->_errMode = $pdo->getAttribute(PDO::ATTR_ERRMODE); - $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - } - - /** - * this method will reset the error mode on the PDO object - * - * @return void - */ - private function _resetErrorMode() - { - // get PDO object and reset the error mode to what it was originally - $pdo = $this->_getPdo(); - $pdo->setAttribute(PDO::ATTR_ERRMODE, $this->_errMode); - } - - // ######################################################################## - // database queries - // ######################################################################## - // these queries are potentially unsafe because the person using this library - // can set the table to use, but there is no reliable way to escape SQL - // fieldnames in PDO yet - - /** - * This method returns the query used to create a pgt storage table - * - * @return string the create table SQL, no bind params in query - */ - protected function createTableSql() - { - return 'CREATE TABLE ' . $this->_getTable() - . ' (pgt_iou VARCHAR(255) NOT NULL PRIMARY KEY, pgt VARCHAR(255) NOT NULL)'; - } - - /** - * This method returns the query used to store a pgt - * - * @return string the store PGT SQL, :pgt and :pgt_iou are the bind params contained - * in the query - */ - protected function storePgtSql() - { - return 'INSERT INTO ' . $this->_getTable() - . ' (pgt_iou, pgt) VALUES (:pgt_iou, :pgt)'; - } - - /** - * This method returns the query used to retrieve a pgt. the first column - * of the first row should contain the pgt - * - * @return string the retrieve PGT SQL, :pgt_iou is the only bind param contained - * in the query - */ - protected function retrievePgtSql() - { - return 'SELECT pgt FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou'; - } - - /** - * This method returns the query used to delete a pgt. - * - * @return string the delete PGT SQL, :pgt_iou is the only bind param contained in - * the query - */ - protected function deletePgtSql() - { - return 'DELETE FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou'; - } - - // ######################################################################## - // PGT I/O - // ######################################################################## - - /** - * This method creates the database table used to store pgt's and pgtiou's - * - * @return void - */ - public function createTable() - { - phpCAS::traceBegin(); - - // initialize this PGTStorage object if it hasn't been initialized yet - if ( !$this->isInitialized() ) { - $this->init(); - } - - // initialize the PDO object for this method - $pdo = $this->_getPdo(); - $this->_setErrorMode(); - - try { - $pdo->beginTransaction(); - - $query = $pdo->query($this->createTableSQL()); - $query->closeCursor(); - - $pdo->commit(); - } - catch(PDOException $e) { - // attempt rolling back the transaction before throwing a phpCAS error - try { - $pdo->rollBack(); - } - catch(PDOException $e) { - } - phpCAS::error('error creating PGT storage table: ' . $e->getMessage()); - } - - // reset the PDO object - $this->_resetErrorMode(); - - phpCAS::traceEnd(); - } - - /** - * This method stores a PGT and its corresponding PGT Iou in the database. - * Echoes a warning on error. - * - * @param string $pgt the PGT - * @param string $pgt_iou the PGT iou - * - * @return void - */ - public function write($pgt, $pgt_iou) - { - phpCAS::traceBegin(); - - // initialize the PDO object for this method - $pdo = $this->_getPdo(); - $this->_setErrorMode(); - - try { - $pdo->beginTransaction(); - - $query = $pdo->prepare($this->storePgtSql()); - $query->bindValue(':pgt', $pgt, PDO::PARAM_STR); - $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR); - $query->execute(); - $query->closeCursor(); - - $pdo->commit(); - } - catch(PDOException $e) { - // attempt rolling back the transaction before throwing a phpCAS error - try { - $pdo->rollBack(); - } - catch(PDOException $e) { - } - phpCAS::error('error writing PGT to database: ' . $e->getMessage()); - } - - // reset the PDO object - $this->_resetErrorMode(); - - phpCAS::traceEnd(); - } - - /** - * This method reads a PGT corresponding to a PGT Iou and deletes the - * corresponding db entry. - * - * @param string $pgt_iou the PGT iou - * - * @return string|false the corresponding PGT, or FALSE on error - */ - public function read($pgt_iou) - { - phpCAS::traceBegin(); - $pgt = false; - - // initialize the PDO object for this method - $pdo = $this->_getPdo(); - $this->_setErrorMode(); - - try { - $pdo->beginTransaction(); - - // fetch the pgt for the specified pgt_iou - $query = $pdo->prepare($this->retrievePgtSql()); - $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR); - $query->execute(); - $pgt = $query->fetchColumn(0); - $query->closeCursor(); - - // delete the specified pgt_iou from the database - $query = $pdo->prepare($this->deletePgtSql()); - $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR); - $query->execute(); - $query->closeCursor(); - - $pdo->commit(); - } - catch(PDOException $e) { - // attempt rolling back the transaction before throwing a phpCAS error - try { - $pdo->rollBack(); - } - catch(PDOException $e) { - } - phpCAS::trace('error reading PGT from database: ' . $e->getMessage()); - } - - // reset the PDO object - $this->_resetErrorMode(); - - phpCAS::traceEnd(); - return $pgt; - } - - /** @} */ - -} - -?> diff --git a/phpCAS-1.6.1/source/CAS/PGTStorage/File.php b/phpCAS-1.6.1/source/CAS/PGTStorage/File.php deleted file mode 100644 index fbacd3b..0000000 --- a/phpCAS-1.6.1/source/CAS/PGTStorage/File.php +++ /dev/null @@ -1,261 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * The CAS_PGTStorage_File class is a class for PGT file storage. An instance of - * this class is returned by CAS_Client::SetPGTStorageFile(). - * - * @class CAS_PGTStorage_File - * @category Authentication - * @package PhpCAS - * @author Pascal Aubry - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - * - * @ingroup internalPGTStorageFile - */ - -class CAS_PGTStorage_File extends CAS_PGTStorage_AbstractStorage -{ - /** - * @addtogroup internalPGTStorageFile - * @{ - */ - - /** - * a string telling where PGT's should be stored on the filesystem. Written by - * PGTStorageFile::PGTStorageFile(), read by getPath(). - * - * @private - */ - var $_path; - - /** - * This method returns the name of the directory where PGT's should be stored - * on the filesystem. - * - * @return string the name of a directory (with leading and trailing '/') - * - * @private - */ - function getPath() - { - return $this->_path; - } - - // ######################################################################## - // DEBUGGING - // ######################################################################## - - /** - * This method returns an informational string giving the type of storage - * used by the object (used for debugging purposes). - * - * @return string an informational string. - * @public - */ - function getStorageType() - { - return "file"; - } - - /** - * This method returns an informational string giving informations on the - * parameters of the storage.(used for debugging purposes). - * - * @return string an informational string. - * @public - */ - function getStorageInfo() - { - return 'path=`'.$this->getPath().'\''; - } - - // ######################################################################## - // CONSTRUCTOR - // ######################################################################## - - /** - * The class constructor, called by CAS_Client::SetPGTStorageFile(). - * - * @param CAS_Client $cas_parent the CAS_Client instance that creates the object. - * @param string $path the path where the PGT's should be stored - * - * @return void - * - * @public - */ - function __construct($cas_parent,$path) - { - phpCAS::traceBegin(); - // call the ancestor's constructor - parent::__construct($cas_parent); - - if (empty($path)) { - $path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH; - } - // check that the path is an absolute path - if (getenv("OS")=="Windows_NT" || strtoupper(substr(PHP_OS,0,3)) == 'WIN') { - - if (!preg_match('`^[a-zA-Z]:`', $path)) { - phpCAS::error('an absolute path is needed for PGT storage to file'); - } - - } else { - - if ( $path[0] != '/' ) { - phpCAS::error('an absolute path is needed for PGT storage to file'); - } - - // store the path (with a leading and trailing '/') - $path = preg_replace('|[/]*$|', '/', $path); - $path = preg_replace('|^[/]*|', '/', $path); - } - - $this->_path = $path; - phpCAS::traceEnd(); - } - - // ######################################################################## - // INITIALIZATION - // ######################################################################## - - /** - * This method is used to initialize the storage. Halts on error. - * - * @return void - * @public - */ - function init() - { - phpCAS::traceBegin(); - // if the storage has already been initialized, return immediatly - if ($this->isInitialized()) { - return; - } - // call the ancestor's method (mark as initialized) - parent::init(); - phpCAS::traceEnd(); - } - - // ######################################################################## - // PGT I/O - // ######################################################################## - - /** - * This method returns the filename corresponding to a PGT Iou. - * - * @param string $pgt_iou the PGT iou. - * - * @return string a filename - * @private - */ - function getPGTIouFilename($pgt_iou) - { - phpCAS::traceBegin(); - $filename = $this->getPath()."phpcas-".hash("sha256", $pgt_iou); -// $filename = $this->getPath().$pgt_iou.'.plain'; - phpCAS::trace("Sha256 filename:" . $filename); - phpCAS::traceEnd(); - return $filename; - } - - /** - * This method stores a PGT and its corresponding PGT Iou into a file. Echoes a - * warning on error. - * - * @param string $pgt the PGT - * @param string $pgt_iou the PGT iou - * - * @return void - * - * @public - */ - function write($pgt,$pgt_iou) - { - phpCAS::traceBegin(); - $fname = $this->getPGTIouFilename($pgt_iou); - if (!file_exists($fname)) { - touch($fname); - // Chmod will fail on windows - @chmod($fname, 0600); - if ($f=fopen($fname, "w")) { - if (fputs($f, $pgt) === false) { - phpCAS::error('could not write PGT to `'.$fname.'\''); - } - phpCAS::trace('Successful write of PGT to `'.$fname.'\''); - fclose($f); - } else { - phpCAS::error('could not open `'.$fname.'\''); - } - } else { - phpCAS::error('File exists: `'.$fname.'\''); - } - phpCAS::traceEnd(); - } - - /** - * This method reads a PGT corresponding to a PGT Iou and deletes the - * corresponding file. - * - * @param string $pgt_iou the PGT iou - * - * @return string|false the corresponding PGT, or FALSE on error - * - * @public - */ - function read($pgt_iou) - { - phpCAS::traceBegin(); - $pgt = false; - $fname = $this->getPGTIouFilename($pgt_iou); - if (file_exists($fname)) { - if (!($f=fopen($fname, "r"))) { - phpCAS::error('could not open `'.$fname.'\''); - } else { - if (($pgt=fgets($f)) === false) { - phpCAS::error('could not read PGT from `'.$fname.'\''); - } - phpCAS::trace('Successful read of PGT to `'.$fname.'\''); - fclose($f); - } - // delete the PGT file - @unlink($fname); - } else { - phpCAS::error('No such file `'.$fname.'\''); - } - phpCAS::traceEnd($pgt); - return $pgt; - } - - /** @} */ - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService.php b/phpCAS-1.6.1/source/CAS/ProxiedService.php deleted file mode 100644 index 2673ee9..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService.php +++ /dev/null @@ -1,72 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This interface defines methods that allow proxy-authenticated service handlers - * to interact with phpCAS. - * - * Proxy service handlers must implement this interface as well as call - * phpCAS::initializeProxiedService($this) at some point in their implementation. - * - * While not required, proxy-authenticated service handlers are encouraged to - * implement the CAS_ProxiedService_Testable interface to facilitate unit testing. - * - * @class CAS_ProxiedService - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -interface CAS_ProxiedService -{ - - /** - * Answer a service identifier (URL) for whom we should fetch a proxy ticket. - * - * @return string - * @throws Exception If no service url is available. - */ - public function getServiceUrl (); - - /** - * Register a proxy ticket with the ProxiedService that it can use when - * making requests. - * - * @param string $proxyTicket Proxy ticket string - * - * @return void - * @throws InvalidArgumentException If the $proxyTicket is invalid. - * @throws CAS_OutOfSequenceException If called after a proxy ticket has - * already been initialized/set. - */ - public function setProxyTicket ($proxyTicket); - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService/Abstract.php b/phpCAS-1.6.1/source/CAS/ProxiedService/Abstract.php deleted file mode 100644 index 0801c72..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService/Abstract.php +++ /dev/null @@ -1,149 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class implements common methods for ProxiedService implementations included - * with phpCAS. - * - * @class CAS_ProxiedService_Abstract - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -abstract class CAS_ProxiedService_Abstract -implements CAS_ProxiedService, CAS_ProxiedService_Testable -{ - - /** - * The proxy ticket that can be used when making service requests. - * @var string $_proxyTicket; - */ - private $_proxyTicket; - - /** - * Register a proxy ticket with the Proxy that it can use when making requests. - * - * @param string $proxyTicket proxy ticket - * - * @return void - * @throws InvalidArgumentException If the $proxyTicket is invalid. - * @throws CAS_OutOfSequenceException If called after a proxy ticket has - * already been initialized/set. - */ - public function setProxyTicket ($proxyTicket) - { - if (empty($proxyTicket)) { - throw new CAS_InvalidArgumentException( - 'Trying to initialize with an empty proxy ticket.' - ); - } - if (!empty($this->_proxyTicket)) { - throw new CAS_OutOfSequenceException( - 'Already initialized, cannot change the proxy ticket.' - ); - } - $this->_proxyTicket = $proxyTicket; - } - - /** - * Answer the proxy ticket to be used when making requests. - * - * @return string - * @throws CAS_OutOfSequenceException If called before a proxy ticket has - * already been initialized/set. - */ - protected function getProxyTicket () - { - if (empty($this->_proxyTicket)) { - throw new CAS_OutOfSequenceException( - 'No proxy ticket yet. Call $this->initializeProxyTicket() to aquire the proxy ticket.' - ); - } - - return $this->_proxyTicket; - } - - /** - * @var CAS_Client $_casClient; - */ - private $_casClient; - - /** - * Use a particular CAS_Client->initializeProxiedService() rather than the - * static phpCAS::initializeProxiedService(). - * - * This method should not be called in standard operation, but is needed for unit - * testing. - * - * @param CAS_Client $casClient cas client - * - * @return void - * @throws CAS_OutOfSequenceException If called after a proxy ticket has - * already been initialized/set. - */ - public function setCasClient (CAS_Client $casClient) - { - if (!empty($this->_proxyTicket)) { - throw new CAS_OutOfSequenceException( - 'Already initialized, cannot change the CAS_Client.' - ); - } - - $this->_casClient = $casClient; - } - - /** - * Fetch our proxy ticket. - * - * Descendent classes should call this method once their service URL is available - * to initialize their proxy ticket. - * - * @return void - * @throws CAS_OutOfSequenceException If called after a proxy ticket has - * already been initialized. - */ - protected function initializeProxyTicket() - { - if (!empty($this->_proxyTicket)) { - throw new CAS_OutOfSequenceException( - 'Already initialized, cannot initialize again.' - ); - } - // Allow usage of a particular CAS_Client for unit testing. - if (empty($this->_casClient)) { - phpCAS::initializeProxiedService($this); - } else { - $this->_casClient->initializeProxiedService($this); - } - } - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService/Exception.php b/phpCAS-1.6.1/source/CAS/ProxiedService/Exception.php deleted file mode 100644 index 0f87413..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService/Exception.php +++ /dev/null @@ -1,46 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * An Exception for problems communicating with a proxied service. - * - * @class CAS_ProxiedService_Exception - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_ProxiedService_Exception -extends Exception -implements CAS_Exception -{ - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService/Http.php b/phpCAS-1.6.1/source/CAS/ProxiedService/Http.php deleted file mode 100644 index 4240b06..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService/Http.php +++ /dev/null @@ -1,91 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This interface defines methods that clients should use for configuring, sending, - * and receiving proxied HTTP requests. - * - * @class CAS_ProxiedService_Http - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -interface CAS_ProxiedService_Http -{ - - /********************************************************* - * Configure the Request - *********************************************************/ - - /** - * Set the URL of the Request - * - * @param string $url Url to set - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setUrl ($url); - - /********************************************************* - * 2. Send the Request - *********************************************************/ - - /** - * Perform the request. - * - * @return bool TRUE on success, FALSE on failure. - * @throws CAS_OutOfSequenceException If called multiple times. - */ - public function send (); - - /********************************************************* - * 3. Access the response - *********************************************************/ - - /** - * Answer the headers of the response. - * - * @return array An array of header strings. - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseHeaders (); - - /** - * Answer the body of response. - * - * @return string - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseBody (); - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Abstract.php b/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Abstract.php deleted file mode 100644 index 8d55edd..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Abstract.php +++ /dev/null @@ -1,360 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class implements common methods for ProxiedService implementations included - * with phpCAS. - * - * @class CAS_ProxiedService_Http_Abstract - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -abstract class CAS_ProxiedService_Http_Abstract extends -CAS_ProxiedService_Abstract implements CAS_ProxiedService_Http -{ - /** - * The HTTP request mechanism talking to the target service. - * - * @var CAS_Request_RequestInterface $requestHandler - */ - protected $requestHandler; - - /** - * The storage mechanism for cookies set by the target service. - * - * @var CAS_CookieJar $_cookieJar - */ - private $_cookieJar; - - /** - * Constructor. - * - * @param CAS_Request_RequestInterface $requestHandler request handler object - * @param CAS_CookieJar $cookieJar cookieJar object - * - * @return void - */ - public function __construct(CAS_Request_RequestInterface $requestHandler, - CAS_CookieJar $cookieJar - ) { - $this->requestHandler = $requestHandler; - $this->_cookieJar = $cookieJar; - } - - /** - * The target service url. - * @var string $_url; - */ - private $_url; - - /** - * Answer a service identifier (URL) for whom we should fetch a proxy ticket. - * - * @return string - * @throws Exception If no service url is available. - */ - public function getServiceUrl() - { - if (empty($this->_url)) { - throw new CAS_ProxiedService_Exception( - 'No URL set via ' . get_class($this) . '->setUrl($url).' - ); - } - - return $this->_url; - } - - /********************************************************* - * Configure the Request - *********************************************************/ - - /** - * Set the URL of the Request - * - * @param string $url url to set - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setUrl($url) - { - if ($this->hasBeenSent()) { - throw new CAS_OutOfSequenceException( - 'Cannot set the URL, request already sent.' - ); - } - if (!is_string($url)) { - throw new CAS_InvalidArgumentException('$url must be a string.'); - } - - $this->_url = $url; - } - - /********************************************************* - * 2. Send the Request - *********************************************************/ - - /** - * Perform the request. - * - * @return void - * @throws CAS_OutOfSequenceException If called multiple times. - * @throws CAS_ProxyTicketException If there is a proxy-ticket failure. - * The code of the Exception will be one of: - * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_FAILURE - * @throws CAS_ProxiedService_Exception If there is a failure sending the - * request to the target service. - */ - public function send() - { - if ($this->hasBeenSent()) { - throw new CAS_OutOfSequenceException( - 'Cannot send, request already sent.' - ); - } - - phpCAS::traceBegin(); - - // Get our proxy ticket and append it to our URL. - $this->initializeProxyTicket(); - $url = $this->getServiceUrl(); - if (strstr($url, '?') === false) { - $url = $url . '?ticket=' . $this->getProxyTicket(); - } else { - $url = $url . '&ticket=' . $this->getProxyTicket(); - } - - try { - $this->makeRequest($url); - } catch (Exception $e) { - phpCAS::traceEnd(); - throw $e; - } - } - - /** - * Indicator of the number of requests (including redirects performed. - * - * @var int $_numRequests; - */ - private $_numRequests = 0; - - /** - * The response headers. - * - * @var array $_responseHeaders; - */ - private $_responseHeaders = array(); - - /** - * The response status code. - * - * @var int $_responseStatusCode; - */ - private $_responseStatusCode = ''; - - /** - * The response headers. - * - * @var string $_responseBody; - */ - private $_responseBody = ''; - - /** - * Build and perform a request, following redirects - * - * @param string $url url for the request - * - * @return void - * @throws CAS_ProxyTicketException If there is a proxy-ticket failure. - * The code of the Exception will be one of: - * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_FAILURE - * @throws CAS_ProxiedService_Exception If there is a failure sending the - * request to the target service. - */ - protected function makeRequest($url) - { - // Verify that we are not in a redirect loop - $this->_numRequests++; - if ($this->_numRequests > 4) { - $message = 'Exceeded the maximum number of redirects (3) in proxied service request.'; - phpCAS::trace($message); - throw new CAS_ProxiedService_Exception($message); - } - - // Create a new request. - $request = clone $this->requestHandler; - $request->setUrl($url); - - // Add any cookies to the request. - $request->addCookies($this->_cookieJar->getCookies($url)); - - // Add any other parts of the request needed by concrete classes - $this->populateRequest($request); - - // Perform the request. - phpCAS::trace('Performing proxied service request to \'' . $url . '\''); - if (!$request->send()) { - $message = 'Could not perform proxied service request to URL`' - . $url . '\'. ' . $request->getErrorMessage(); - phpCAS::trace($message); - throw new CAS_ProxiedService_Exception($message); - } - - // Store any cookies from the response; - $this->_cookieJar->storeCookies($url, $request->getResponseHeaders()); - - // Follow any redirects - if ($redirectUrl = $this->getRedirectUrl($request->getResponseHeaders()) - ) { - phpCAS::trace('Found redirect:' . $redirectUrl); - $this->makeRequest($redirectUrl); - } else { - - $this->_responseHeaders = $request->getResponseHeaders(); - $this->_responseBody = $request->getResponseBody(); - $this->_responseStatusCode = $request->getResponseStatusCode(); - } - } - - /** - * Add any other parts of the request needed by concrete classes - * - * @param CAS_Request_RequestInterface $request request interface object - * - * @return void - */ - abstract protected function populateRequest( - CAS_Request_RequestInterface $request - ); - - /** - * Answer a redirect URL if a redirect header is found, otherwise null. - * - * @param array $responseHeaders response header to extract a redirect from - * - * @return string|null - */ - protected function getRedirectUrl(array $responseHeaders) - { - // Check for the redirect after authentication - foreach ($responseHeaders as $header) { - if ( preg_match('/^(Location:|URI:)\s*([^\s]+.*)$/', $header, $matches) - ) { - return trim(array_pop($matches)); - } - } - return null; - } - - /********************************************************* - * 3. Access the response - *********************************************************/ - - /** - * Answer true if our request has been sent yet. - * - * @return bool - */ - protected function hasBeenSent() - { - return ($this->_numRequests > 0); - } - - /** - * Answer the headers of the response. - * - * @return array An array of header strings. - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseHeaders() - { - if (!$this->hasBeenSent()) { - throw new CAS_OutOfSequenceException( - 'Cannot access response, request not sent yet.' - ); - } - - return $this->_responseHeaders; - } - - /** - * Answer HTTP status code of the response - * - * @return int - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseStatusCode() - { - if (!$this->hasBeenSent()) { - throw new CAS_OutOfSequenceException( - 'Cannot access response, request not sent yet.' - ); - } - - return $this->_responseStatusCode; - } - - /** - * Answer the body of response. - * - * @return string - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseBody() - { - if (!$this->hasBeenSent()) { - throw new CAS_OutOfSequenceException( - 'Cannot access response, request not sent yet.' - ); - } - - return $this->_responseBody; - } - - /** - * Answer the cookies from the response. This may include cookies set during - * redirect responses. - * - * @return array An array containing cookies. E.g. array('name' => 'val'); - */ - public function getCookies() - { - return $this->_cookieJar->getCookies($this->getServiceUrl()); - } - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Get.php b/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Get.php deleted file mode 100644 index a459d55..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Get.php +++ /dev/null @@ -1,85 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class is used to make proxied service requests via the HTTP GET method. - * - * Usage Example: - * - * try { - * $service = phpCAS::getProxiedService(PHPCAS_PROXIED_SERVICE_HTTP_GET); - * $service->setUrl('http://www.example.com/path/'); - * $service->send(); - * if ($service->getResponseStatusCode() == 200) - * return $service->getResponseBody(); - * else - * // The service responded with an error code 404, 500, etc. - * throw new Exception('The service responded with an error.'); - * - * } catch (CAS_ProxyTicketException $e) { - * if ($e->getCode() == PHPCAS_SERVICE_PT_FAILURE) - * return "Your login has timed out. You need to log in again."; - * else - * // Other proxy ticket errors are from bad request format - * // (shouldn't happen) or CAS server failure (unlikely) - * // so lets just stop if we hit those. - * throw $e; - * } catch (CAS_ProxiedService_Exception $e) { - * // Something prevented the service request from being sent or received. - * // We didn't even get a valid error response (404, 500, etc), so this - * // might be caused by a network error or a DNS resolution failure. - * // We could handle it in some way, but for now we will just stop. - * throw $e; - * } - * - * @class CAS_ProxiedService_Http_Get - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_ProxiedService_Http_Get -extends CAS_ProxiedService_Http_Abstract -{ - - /** - * Add any other parts of the request needed by concrete classes - * - * @param CAS_Request_RequestInterface $request request interface - * - * @return void - */ - protected function populateRequest (CAS_Request_RequestInterface $request) - { - // do nothing, since the URL has already been sent and that is our - // only data. - } -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Post.php b/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Post.php deleted file mode 100644 index 344c439..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService/Http/Post.php +++ /dev/null @@ -1,152 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This class is used to make proxied service requests via the HTTP POST method. - * - * Usage Example: - * - * try { - * $service = phpCAS::getProxiedService(PHPCAS_PROXIED_SERVICE_HTTP_POST); - * $service->setUrl('http://www.example.com/path/'); - * $service->setContentType('text/xml'); - * $service->setBody('example.search'); - * $service->send(); - * if ($service->getResponseStatusCode() == 200) - * return $service->getResponseBody(); - * else - * // The service responded with an error code 404, 500, etc. - * throw new Exception('The service responded with an error.'); - * - * } catch (CAS_ProxyTicketException $e) { - * if ($e->getCode() == PHPCAS_SERVICE_PT_FAILURE) - * return "Your login has timed out. You need to log in again."; - * else - * // Other proxy ticket errors are from bad request format - * // (shouldn't happen) or CAS server failure (unlikely) so lets just - * // stop if we hit those. - * throw $e; - * } catch (CAS_ProxiedService_Exception $e) { - * // Something prevented the service request from being sent or received. - * // We didn't even get a valid error response (404, 500, etc), so this - * // might be caused by a network error or a DNS resolution failure. - * // We could handle it in some way, but for now we will just stop. - * throw $e; - * } - * - * @class CAS_ProxiedService_Http_Post - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_ProxiedService_Http_Post -extends CAS_ProxiedService_Http_Abstract -{ - - /** - * The content-type of this request - * - * @var string $_contentType - */ - private $_contentType; - - /** - * The body of the this request - * - * @var string $_body - */ - private $_body; - - /** - * Set the content type of this POST request. - * - * @param string $contentType content type - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setContentType ($contentType) - { - if ($this->hasBeenSent()) { - throw new CAS_OutOfSequenceException( - 'Cannot set the content type, request already sent.' - ); - } - - $this->_contentType = $contentType; - } - - /** - * Set the body of this POST request. - * - * @param string $body body to set - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setBody ($body) - { - if ($this->hasBeenSent()) { - throw new CAS_OutOfSequenceException( - 'Cannot set the body, request already sent.' - ); - } - - $this->_body = $body; - } - - /** - * Add any other parts of the request needed by concrete classes - * - * @param CAS_Request_RequestInterface $request request interface class - * - * @return void - */ - protected function populateRequest (CAS_Request_RequestInterface $request) - { - if (empty($this->_contentType) && !empty($this->_body)) { - throw new CAS_ProxiedService_Exception( - "If you pass a POST body, you must specify a content type via " - .get_class($this).'->setContentType($contentType).' - ); - } - - $request->makePost(); - if (!empty($this->_body)) { - $request->addHeader('Content-Type: '.$this->_contentType); - $request->addHeader('Content-Length: '.strlen($this->_body)); - $request->setPostBody($this->_body); - } - } - - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService/Imap.php b/phpCAS-1.6.1/source/CAS/ProxiedService/Imap.php deleted file mode 100644 index c4b4740..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService/Imap.php +++ /dev/null @@ -1,281 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Provides access to a proxy-authenticated IMAP stream - * - * @class CAS_ProxiedService_Imap - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_ProxiedService_Imap -extends CAS_ProxiedService_Abstract -{ - - /** - * The username to send via imap_open. - * - * @var string $_username; - */ - private $_username; - - /** - * Constructor. - * - * @param string $username Username - * - * @return void - */ - public function __construct ($username) - { - if (!is_string($username) || !strlen($username)) { - throw new CAS_InvalidArgumentException('Invalid username.'); - } - - $this->_username = $username; - } - - /** - * The target service url. - * @var string $_url; - */ - private $_url; - - /** - * Answer a service identifier (URL) for whom we should fetch a proxy ticket. - * - * @return string - * @throws Exception If no service url is available. - */ - public function getServiceUrl () - { - if (empty($this->_url)) { - throw new CAS_ProxiedService_Exception( - 'No URL set via '.get_class($this).'->getServiceUrl($url).' - ); - } - - return $this->_url; - } - - /********************************************************* - * Configure the Stream - *********************************************************/ - - /** - * Set the URL of the service to pass to CAS for proxy-ticket retrieval. - * - * @param string $url Url to set - * - * @return void - * @throws CAS_OutOfSequenceException If called after the stream has been opened. - */ - public function setServiceUrl ($url) - { - if ($this->hasBeenOpened()) { - throw new CAS_OutOfSequenceException( - 'Cannot set the URL, stream already opened.' - ); - } - if (!is_string($url) || !strlen($url)) { - throw new CAS_InvalidArgumentException('Invalid url.'); - } - - $this->_url = $url; - } - - /** - * The mailbox to open. See the $mailbox parameter of imap_open(). - * - * @var string $_mailbox - */ - private $_mailbox; - - /** - * Set the mailbox to open. See the $mailbox parameter of imap_open(). - * - * @param string $mailbox Mailbox to set - * - * @return void - * @throws CAS_OutOfSequenceException If called after the stream has been opened. - */ - public function setMailbox ($mailbox) - { - if ($this->hasBeenOpened()) { - throw new CAS_OutOfSequenceException( - 'Cannot set the mailbox, stream already opened.' - ); - } - if (!is_string($mailbox) || !strlen($mailbox)) { - throw new CAS_InvalidArgumentException('Invalid mailbox.'); - } - - $this->_mailbox = $mailbox; - } - - /** - * A bit mask of options to pass to imap_open() as the $options parameter. - * - * @var int $_options - */ - private $_options = null; - - /** - * Set the options for opening the stream. See the $options parameter of - * imap_open(). - * - * @param int $options Options for the stream - * - * @return void - * @throws CAS_OutOfSequenceException If called after the stream has been opened. - */ - public function setOptions ($options) - { - if ($this->hasBeenOpened()) { - throw new CAS_OutOfSequenceException( - 'Cannot set options, stream already opened.' - ); - } - if (!is_int($options)) { - throw new CAS_InvalidArgumentException('Invalid options.'); - } - - $this->_options = $options; - } - - /********************************************************* - * 2. Open the stream - *********************************************************/ - - /** - * Open the IMAP stream (similar to imap_open()). - * - * @return resource Returns an IMAP stream on success - * @throws CAS_OutOfSequenceException If called multiple times. - * @throws CAS_ProxyTicketException If there is a proxy-ticket failure. - * The code of the Exception will be one of: - * PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE - * PHPCAS_SERVICE_PT_FAILURE - * @throws CAS_ProxiedService_Exception If there is a failure sending the - * request to the target service. - */ - public function open () - { - if ($this->hasBeenOpened()) { - throw new CAS_OutOfSequenceException('Stream already opened.'); - } - if (empty($this->_mailbox)) { - throw new CAS_ProxiedService_Exception( - 'You must specify a mailbox via '.get_class($this) - .'->setMailbox($mailbox)' - ); - } - - phpCAS::traceBegin(); - - // Get our proxy ticket and append it to our URL. - $this->initializeProxyTicket(); - phpCAS::trace('opening IMAP mailbox `'.$this->_mailbox.'\'...'); - $this->_stream = @imap_open( - $this->_mailbox, $this->_username, $this->getProxyTicket(), - $this->_options - ); - if ($this->_stream) { - phpCAS::trace('ok'); - } else { - phpCAS::trace('could not open mailbox'); - // @todo add localization integration. - $message = 'IMAP Error: '.$this->_url.' '. var_export(imap_errors(), true); - phpCAS::trace($message); - throw new CAS_ProxiedService_Exception($message); - } - - phpCAS::traceEnd(); - return $this->_stream; - } - - /** - * Answer true if our request has been sent yet. - * - * @return bool - */ - protected function hasBeenOpened () - { - return !empty($this->_stream); - } - - /********************************************************* - * 3. Access the result - *********************************************************/ - /** - * The IMAP stream - * - * @var resource $_stream - */ - private $_stream; - - /** - * Answer the IMAP stream - * - * @return resource - * @throws CAS_OutOfSequenceException if stream is not opened yet - */ - public function getStream () - { - if (!$this->hasBeenOpened()) { - throw new CAS_OutOfSequenceException( - 'Cannot access stream, not opened yet.' - ); - } - return $this->_stream; - } - - /** - * CAS_Client::serviceMail() needs to return the proxy ticket for some reason, - * so this method provides access to it. - * - * @return string - * @throws CAS_OutOfSequenceException If called before the stream has been - * opened. - */ - public function getImapProxyTicket () - { - if (!$this->hasBeenOpened()) { - throw new CAS_OutOfSequenceException( - 'Cannot access errors, stream not opened yet.' - ); - } - return $this->getProxyTicket(); - } -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxiedService/Testable.php b/phpCAS-1.6.1/source/CAS/ProxiedService/Testable.php deleted file mode 100644 index 3ce44fd..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxiedService/Testable.php +++ /dev/null @@ -1,75 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This interface defines methods that allow proxy-authenticated service handlers - * to be tested in unit tests. - * - * Classes implementing this interface SHOULD store the CAS_Client passed and - * initialize themselves with that client rather than via the static phpCAS - * method. For example: - * - * / ** - * * Fetch our proxy ticket. - * * / - * protected function initializeProxyTicket() { - * // Allow usage of a particular CAS_Client for unit testing. - * if (is_null($this->casClient)) - * phpCAS::initializeProxiedService($this); - * else - * $this->casClient->initializeProxiedService($this); - * } - * - * @class CAS_ProxiedService_Testabel - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -interface CAS_ProxiedService_Testable -{ - - /** - * Use a particular CAS_Client->initializeProxiedService() rather than the - * static phpCAS::initializeProxiedService(). - * - * This method should not be called in standard operation, but is needed for unit - * testing. - * - * @param CAS_Client $casClient Cas client object - * - * @return void - * @throws CAS_OutOfSequenceException If called after a proxy ticket has - * already been initialized/set. - */ - public function setCasClient (CAS_Client $casClient); - -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxyChain.php b/phpCAS-1.6.1/source/CAS/ProxyChain.php deleted file mode 100644 index e200724..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxyChain.php +++ /dev/null @@ -1,127 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * A normal proxy-chain definition that lists each level of the chain as either - * a string or regular expression. - * - * @class CAS_ProxyChain - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -class CAS_ProxyChain -implements CAS_ProxyChain_Interface -{ - - protected $chain = array(); - - /** - * A chain is an array of strings or regexp strings that will be matched - * against. Regexp will be matched with preg_match and strings will be - * matched from the beginning. A string must fully match the beginning of - * an proxy url. So you can define a full domain as acceptable or go further - * down. - * Proxies have to be defined in reverse from the service to the user. If a - * user hits service A get proxied via B to service C the list of acceptable - * proxies on C would be array(B,A); - * - * @param array $chain A chain of proxies - */ - public function __construct(array $chain) - { - // Ensure that we have an indexed array - $this->chain = array_values($chain); - } - - /** - * Match a list of proxies. - * - * @param array $list The list of proxies in front of this service. - * - * @return bool - */ - public function matches(array $list) - { - $list = array_values($list); // Ensure that we have an indexed array - if ($this->isSizeValid($list)) { - $mismatch = false; - foreach ($this->chain as $i => $search) { - $proxy_url = $list[$i]; - if (preg_match('/^\/.*\/[ixASUXu]*$/s', $search)) { - if (preg_match($search, $proxy_url)) { - phpCAS::trace( - "Found regexp " . $search . " matching " . $proxy_url - ); - } else { - phpCAS::trace( - "No regexp match " . $search . " != " . $proxy_url - ); - $mismatch = true; - break; - } - } else { - if (strncasecmp($search, $proxy_url, strlen($search)) == 0) { - phpCAS::trace( - "Found string " . $search . " matching " . $proxy_url - ); - } else { - phpCAS::trace( - "No match " . $search . " != " . $proxy_url - ); - $mismatch = true; - break; - } - } - } - if (!$mismatch) { - phpCAS::trace("Proxy chain matches"); - return true; - } - } else { - phpCAS::trace("Proxy chain skipped: size mismatch"); - } - return false; - } - - /** - * Validate the size of the the list as compared to our chain. - * - * @param array $list List of proxies - * - * @return bool - */ - protected function isSizeValid (array $list) - { - return (sizeof($this->chain) == sizeof($list)); - } -} diff --git a/phpCAS-1.6.1/source/CAS/ProxyChain/AllowedList.php b/phpCAS-1.6.1/source/CAS/ProxyChain/AllowedList.php deleted file mode 100644 index 988ddbb..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxyChain/AllowedList.php +++ /dev/null @@ -1,119 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - - -/** - * ProxyChain is a container for storing chains of valid proxies that can - * be used to validate proxied requests to a service - * - * @class CAS_ProxyChain_AllowedList - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -class CAS_ProxyChain_AllowedList -{ - - private $_chains = array(); - - /** - * Check whether proxies are allowed by configuration - * - * @return bool - */ - public function isProxyingAllowed() - { - return (count($this->_chains) > 0); - } - - /** - * Add a chain of proxies to the list of possible chains - * - * @param CAS_ProxyChain_Interface $chain A chain of proxies - * - * @return void - */ - public function allowProxyChain(CAS_ProxyChain_Interface $chain) - { - $this->_chains[] = $chain; - } - - /** - * Check if the proxies found in the response match the allowed proxies - * - * @param array $proxies list of proxies to check - * - * @return bool whether the proxies match the allowed proxies - */ - public function isProxyListAllowed(array $proxies) - { - phpCAS::traceBegin(); - if (empty($proxies)) { - phpCAS::trace("No proxies were found in the response"); - phpCAS::traceEnd(true); - return true; - } elseif (!$this->isProxyingAllowed()) { - phpCAS::trace("Proxies are not allowed"); - phpCAS::traceEnd(false); - return false; - } else { - $res = $this->contains($proxies); - phpCAS::traceEnd($res); - return $res; - } - } - - /** - * Validate the proxies from the proxy ticket validation against the - * chains that were definded. - * - * @param array $list List of proxies from the proxy ticket validation. - * - * @return bool if any chain fully matches the supplied list - */ - public function contains(array $list) - { - phpCAS::traceBegin(); - $count = 0; - foreach ($this->_chains as $chain) { - phpCAS::trace("Checking chain ". $count++); - if ($chain->matches($list)) { - phpCAS::traceEnd(true); - return true; - } - } - phpCAS::trace("No proxy chain matches."); - phpCAS::traceEnd(false); - return false; - } -} -?> diff --git a/phpCAS-1.6.1/source/CAS/ProxyChain/Any.php b/phpCAS-1.6.1/source/CAS/ProxyChain/Any.php deleted file mode 100644 index fe18c5f..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxyChain/Any.php +++ /dev/null @@ -1,64 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * A proxy-chain definition that will match any list of proxies. - * - * Use this class for quick testing or in certain production screnarios you - * might want to allow allow any other valid service to proxy your service. - * - * THIS CLASS IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY - * IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER - * ON THIS SERVICE. - * - * @class CAS_ProxyChain_Any - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_ProxyChain_Any -implements CAS_ProxyChain_Interface -{ - - /** - * Match a list of proxies. - * - * @param array $list The list of proxies in front of this service. - * - * @return bool - */ - public function matches(array $list) - { - phpCAS::trace("Using CAS_ProxyChain_Any. No proxy validation is performed."); - return true; - } - -} diff --git a/phpCAS-1.6.1/source/CAS/ProxyChain/Interface.php b/phpCAS-1.6.1/source/CAS/ProxyChain/Interface.php deleted file mode 100644 index b1d6881..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxyChain/Interface.php +++ /dev/null @@ -1,53 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * An interface for classes that define a list of allowed proxies in front of - * the current application. - * - * @class CAS_ProxyChain_Interface - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -interface CAS_ProxyChain_Interface -{ - - /** - * Match a list of proxies. - * - * @param array $list The list of proxies in front of this service. - * - * @return bool - */ - public function matches(array $list); - -} diff --git a/phpCAS-1.6.1/source/CAS/ProxyChain/Trusted.php b/phpCAS-1.6.1/source/CAS/ProxyChain/Trusted.php deleted file mode 100644 index e67d708..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxyChain/Trusted.php +++ /dev/null @@ -1,59 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * A proxy-chain definition that defines a chain up to a trusted proxy and - * delegates the resposibility of validating the rest of the chain to that - * trusted proxy. - * - * @class CAS_ProxyChain_Trusted - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_ProxyChain_Trusted -extends CAS_ProxyChain -implements CAS_ProxyChain_Interface -{ - - /** - * Validate the size of the the list as compared to our chain. - * - * @param array $list list of proxies - * - * @return bool - */ - protected function isSizeValid (array $list) - { - return (sizeof($this->chain) <= sizeof($list)); - } - -} diff --git a/phpCAS-1.6.1/source/CAS/ProxyTicketException.php b/phpCAS-1.6.1/source/CAS/ProxyTicketException.php deleted file mode 100644 index 2f825b4..0000000 --- a/phpCAS-1.6.1/source/CAS/ProxyTicketException.php +++ /dev/null @@ -1,71 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - * - */ - -/** - * An Exception for errors related to fetching or validating proxy tickets. - * - * @class CAS_ProxyTicketException - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_ProxyTicketException -extends BadMethodCallException -implements CAS_Exception -{ - - /** - * Constructor - * - * @param string $message Message text - * @param int $code Error code - * - * @return void - */ - public function __construct ($message, $code = PHPCAS_SERVICE_PT_FAILURE) - { - // Warn if the code is not in our allowed list - $ptCodes = array( - PHPCAS_SERVICE_PT_FAILURE, - PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, - PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE, - ); - if (!in_array($code, $ptCodes)) { - trigger_error( - 'Invalid code '.$code - .' passed. Must be one of PHPCAS_SERVICE_PT_FAILURE, PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE, or PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE.' - ); - } - - parent::__construct($message, $code); - } -} diff --git a/phpCAS-1.6.1/source/CAS/Request/AbstractRequest.php b/phpCAS-1.6.1/source/CAS/Request/AbstractRequest.php deleted file mode 100644 index 4f9013e..0000000 --- a/phpCAS-1.6.1/source/CAS/Request/AbstractRequest.php +++ /dev/null @@ -1,380 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Provides support for performing web-requests via curl - * - * @class CAS_Request_AbstractRequest - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -abstract class CAS_Request_AbstractRequest -implements CAS_Request_RequestInterface -{ - - protected $url = null; - protected $cookies = array(); - protected $headers = array(); - protected $isPost = false; - protected $postBody = null; - protected $caCertPath = null; - protected $validateCN = true; - private $_sent = false; - private $_responseHeaders = array(); - private $_responseBody = null; - private $_errorMessage = ''; - - /********************************************************* - * Configure the Request - *********************************************************/ - - /** - * Set the URL of the Request - * - * @param string $url Url to set - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setUrl ($url) - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - - $this->url = $url; - } - - /** - * Add a cookie to the request. - * - * @param string $name Name of entry - * @param string $value value of entry - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function addCookie ($name, $value) - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - - $this->cookies[$name] = $value; - } - - /** - * Add an array of cookies to the request. - * The cookie array is of the form - * array('cookie_name' => 'cookie_value', 'cookie_name2' => cookie_value2') - * - * @param array $cookies cookies to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function addCookies (array $cookies) - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - - $this->cookies = array_merge($this->cookies, $cookies); - } - - /** - * Add a header string to the request. - * - * @param string $header Header to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function addHeader ($header) - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - - $this->headers[] = $header; - } - - /** - * Add an array of header strings to the request. - * - * @param array $headers headers to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function addHeaders (array $headers) - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - - $this->headers = array_merge($this->headers, $headers); - } - - /** - * Make the request a POST request rather than the default GET request. - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function makePost () - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - - $this->isPost = true; - } - - /** - * Add a POST body to the request - * - * @param string $body body to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setPostBody ($body) - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - if (!$this->isPost) { - throw new CAS_OutOfSequenceException( - 'Cannot add a POST body to a GET request, use makePost() first.' - ); - } - - $this->postBody = $body; - } - - /** - * Specify the path to an SSL CA certificate to validate the server with. - * - * @param string $caCertPath path to cert - * @param bool $validate_cn valdiate CN of certificate - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setSslCaCert ($caCertPath,$validate_cn=true) - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - $this->caCertPath = $caCertPath; - $this->validateCN = $validate_cn; - } - - /********************************************************* - * 2. Send the Request - *********************************************************/ - - /** - * Perform the request. - * - * @return bool TRUE on success, FALSE on failure. - * @throws CAS_OutOfSequenceException If called multiple times. - */ - public function send () - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot send again.' - ); - } - if (is_null($this->url) || !$this->url) { - throw new CAS_OutOfSequenceException( - 'A url must be specified via setUrl() before the request can be sent.' - ); - } - $this->_sent = true; - return $this->sendRequest(); - } - - /** - * Send the request and store the results. - * - * @return bool TRUE on success, FALSE on failure. - */ - abstract protected function sendRequest (); - - /** - * Store the response headers. - * - * @param array $headers headers to store - * - * @return void - */ - protected function storeResponseHeaders (array $headers) - { - $this->_responseHeaders = array_merge($this->_responseHeaders, $headers); - } - - /** - * Store a single response header to our array. - * - * @param string $header header to store - * - * @return void - */ - protected function storeResponseHeader ($header) - { - $this->_responseHeaders[] = $header; - } - - /** - * Store the response body. - * - * @param string $body body to store - * - * @return void - */ - protected function storeResponseBody ($body) - { - $this->_responseBody = $body; - } - - /** - * Add a string to our error message. - * - * @param string $message message to add - * - * @return void - */ - protected function storeErrorMessage ($message) - { - $this->_errorMessage .= $message; - } - - /********************************************************* - * 3. Access the response - *********************************************************/ - - /** - * Answer the headers of the response. - * - * @return array An array of header strings. - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseHeaders () - { - if (!$this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has not been sent yet. Cannot '.__METHOD__ - ); - } - return $this->_responseHeaders; - } - - /** - * Answer HTTP status code of the response - * - * @return int - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - * @throws CAS_Request_Exception if the response did not contain a status code - */ - public function getResponseStatusCode () - { - if (!$this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has not been sent yet. Cannot '.__METHOD__ - ); - } - - if (!preg_match( - '/HTTP\/[0-9.]+\s+([0-9]+)\s*(.*)/', - $this->_responseHeaders[0], $matches - ) - ) { - throw new CAS_Request_Exception( - 'Bad response, no status code was found in the first line.' - ); - } - - return intval($matches[1]); - } - - /** - * Answer the body of response. - * - * @return string - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseBody () - { - if (!$this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has not been sent yet. Cannot '.__METHOD__ - ); - } - - return $this->_responseBody; - } - - /** - * Answer a message describing any errors if the request failed. - * - * @return string - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getErrorMessage () - { - if (!$this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has not been sent yet. Cannot '.__METHOD__ - ); - } - return $this->_errorMessage; - } -} diff --git a/phpCAS-1.6.1/source/CAS/Request/CurlMultiRequest.php b/phpCAS-1.6.1/source/CAS/Request/CurlMultiRequest.php deleted file mode 100644 index 850f6f0..0000000 --- a/phpCAS-1.6.1/source/CAS/Request/CurlMultiRequest.php +++ /dev/null @@ -1,147 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This interface defines a class library for performing multiple web requests - * in batches. Implementations of this interface may perform requests serially - * or in parallel. - * - * @class CAS_Request_CurlMultiRequest - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_Request_CurlMultiRequest -implements CAS_Request_MultiRequestInterface -{ - private $_requests = array(); - private $_sent = false; - - /********************************************************* - * Add Requests - *********************************************************/ - - /** - * Add a new Request to this batch. - * Note, implementations will likely restrict requests to their own concrete - * class hierarchy. - * - * @param CAS_Request_RequestInterface $request reqest to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - * @throws CAS_InvalidArgumentException If passed a Request of the wrong - * implmentation. - */ - public function addRequest (CAS_Request_RequestInterface $request) - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - if (!$request instanceof CAS_Request_CurlRequest) { - throw new CAS_InvalidArgumentException( - 'As a CAS_Request_CurlMultiRequest, I can only work with CAS_Request_CurlRequest objects.' - ); - } - - $this->_requests[] = $request; - } - - /** - * Retrieve the number of requests added to this batch. - * - * @return int number of request elements - * @throws CAS_OutOfSequenceException if the request has already been sent - */ - public function getNumRequests() - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot '.__METHOD__ - ); - } - return count($this->_requests); - } - - /********************************************************* - * 2. Send the Request - *********************************************************/ - - /** - * Perform the request. After sending, all requests will have their - * responses poulated. - * - * @return bool TRUE on success, FALSE on failure. - * @throws CAS_OutOfSequenceException If called multiple times. - */ - public function send () - { - if ($this->_sent) { - throw new CAS_OutOfSequenceException( - 'Request has already been sent cannot send again.' - ); - } - if (!count($this->_requests)) { - throw new CAS_OutOfSequenceException( - 'At least one request must be added via addRequest() before the multi-request can be sent.' - ); - } - - $this->_sent = true; - - // Initialize our handles and configure all requests. - $handles = array(); - $multiHandle = curl_multi_init(); - foreach ($this->_requests as $i => $request) { - $handle = $request->initAndConfigure(); - curl_setopt($handle, CURLOPT_RETURNTRANSFER, true); - $handles[$i] = $handle; - curl_multi_add_handle($multiHandle, $handle); - } - - // Execute the requests in parallel. - do { - curl_multi_exec($multiHandle, $running); - } while ($running > 0); - - // Populate all of the responses or errors back into the request objects. - foreach ($this->_requests as $i => $request) { - $buf = curl_multi_getcontent($handles[$i]); - $request->_storeResponseBody($buf); - curl_multi_remove_handle($multiHandle, $handles[$i]); - curl_close($handles[$i]); - } - - curl_multi_close($multiHandle); - } -} diff --git a/phpCAS-1.6.1/source/CAS/Request/CurlRequest.php b/phpCAS-1.6.1/source/CAS/Request/CurlRequest.php deleted file mode 100644 index e30dd0d..0000000 --- a/phpCAS-1.6.1/source/CAS/Request/CurlRequest.php +++ /dev/null @@ -1,198 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Provides support for performing web-requests via curl - * - * @class CAS_Request_CurlRequest - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_Request_CurlRequest -extends CAS_Request_AbstractRequest -implements CAS_Request_RequestInterface -{ - - /** - * Set additional curl options - * - * @param array $options option to set - * - * @return void - */ - public function setCurlOptions (array $options) - { - $this->_curlOptions = $options; - } - private $_curlOptions = array(); - - /** - * Send the request and store the results. - * - * @return bool true on success, false on failure. - */ - protected function sendRequest () - { - phpCAS::traceBegin(); - - /********************************************************* - * initialize the CURL session - *********************************************************/ - $ch = $this->initAndConfigure(); - - /********************************************************* - * Perform the query - *********************************************************/ - $buf = curl_exec($ch); - if ( $buf === false ) { - phpCAS::trace('curl_exec() failed'); - $this->storeErrorMessage( - 'CURL error #'.curl_errno($ch).': '.curl_error($ch) - ); - $res = false; - } else { - $this->storeResponseBody($buf); - phpCAS::trace("Response Body: \n".$buf."\n"); - $res = true; - - } - // close the CURL session - curl_close($ch); - - phpCAS::traceEnd($res); - return $res; - } - - /** - * Internal method to initialize our cURL handle and configure the request. - * This method should NOT be used outside of the CurlRequest or the - * CurlMultiRequest. - * - * @return resource|false The cURL handle on success, false on failure - */ - public function initAndConfigure() - { - /********************************************************* - * initialize the CURL session - *********************************************************/ - $ch = curl_init($this->url); - - curl_setopt_array($ch, $this->_curlOptions); - - /********************************************************* - * Set SSL configuration - *********************************************************/ - if ($this->caCertPath) { - if ($this->validateCN) { - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); - } else { - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); - } - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); - curl_setopt($ch, CURLOPT_CAINFO, $this->caCertPath); - phpCAS::trace('CURL: Set CURLOPT_CAINFO ' . $this->caCertPath); - } else { - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); - } - - /********************************************************* - * Configure curl to capture our output. - *********************************************************/ - // return the CURL output into a variable - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - - // get the HTTP header with a callback - curl_setopt($ch, CURLOPT_HEADERFUNCTION, array($this, '_curlReadHeaders')); - - /********************************************************* - * Add cookie headers to our request. - *********************************************************/ - if (count($this->cookies)) { - $cookieStrings = array(); - foreach ($this->cookies as $name => $val) { - $cookieStrings[] = $name.'='.$val; - } - curl_setopt($ch, CURLOPT_COOKIE, implode(';', $cookieStrings)); - } - - /********************************************************* - * Add any additional headers - *********************************************************/ - if (count($this->headers)) { - curl_setopt($ch, CURLOPT_HTTPHEADER, $this->headers); - } - - /********************************************************* - * Flag and Body for POST requests - *********************************************************/ - if ($this->isPost) { - curl_setopt($ch, CURLOPT_POST, 1); - curl_setopt($ch, CURLOPT_POSTFIELDS, $this->postBody); - } - - /********************************************************* - * Set User Agent - *********************************************************/ - curl_setopt($ch, CURLOPT_USERAGENT, 'phpCAS/' . phpCAS::getVersion()); - - return $ch; - } - - /** - * Store the response body. - * This method should NOT be used outside of the CurlRequest or the - * CurlMultiRequest. - * - * @param string $body body to stor - * - * @return void - */ - public function _storeResponseBody ($body) - { - $this->storeResponseBody($body); - } - - /** - * Internal method for capturing the headers from a curl request. - * - * @param resource $ch handle of curl - * @param string $header header - * - * @return int - */ - public function _curlReadHeaders ($ch, $header) - { - $this->storeResponseHeader($header); - return strlen($header); - } -} diff --git a/phpCAS-1.6.1/source/CAS/Request/Exception.php b/phpCAS-1.6.1/source/CAS/Request/Exception.php deleted file mode 100644 index dd5a2a5..0000000 --- a/phpCAS-1.6.1/source/CAS/Request/Exception.php +++ /dev/null @@ -1,45 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * An Exception for problems performing requests - * - * @class CAS_Request_Exception - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_Request_Exception -extends Exception -implements CAS_Exception -{ - -} diff --git a/phpCAS-1.6.1/source/CAS/Request/MultiRequestInterface.php b/phpCAS-1.6.1/source/CAS/Request/MultiRequestInterface.php deleted file mode 100644 index 41002c7..0000000 --- a/phpCAS-1.6.1/source/CAS/Request/MultiRequestInterface.php +++ /dev/null @@ -1,83 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This interface defines a class library for performing multiple web requests - * in batches. Implementations of this interface may perform requests serially - * or in parallel. - * - * @class CAS_Request_MultiRequestInterface - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -interface CAS_Request_MultiRequestInterface -{ - - /********************************************************* - * Add Requests - *********************************************************/ - - /** - * Add a new Request to this batch. - * Note, implementations will likely restrict requests to their own concrete - * class hierarchy. - * - * @param CAS_Request_RequestInterface $request request interface - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been - * sent. - * @throws CAS_InvalidArgumentException If passed a Request of the wrong - * implmentation. - */ - public function addRequest (CAS_Request_RequestInterface $request); - - /** - * Retrieve the number of requests added to this batch. - * - * @return int number of request elements - */ - public function getNumRequests (); - - /********************************************************* - * 2. Send the Request - *********************************************************/ - - /** - * Perform the request. After sending, all requests will have their - * responses poulated. - * - * @return bool TRUE on success, FALSE on failure. - * @throws CAS_OutOfSequenceException If called multiple times. - */ - public function send (); -} diff --git a/phpCAS-1.6.1/source/CAS/Request/RequestInterface.php b/phpCAS-1.6.1/source/CAS/Request/RequestInterface.php deleted file mode 100644 index b8e8772..0000000 --- a/phpCAS-1.6.1/source/CAS/Request/RequestInterface.php +++ /dev/null @@ -1,179 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * This interface defines a class library for performing web requests. - * - * @class CAS_Request_RequestInterface - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -interface CAS_Request_RequestInterface -{ - - /********************************************************* - * Configure the Request - *********************************************************/ - - /** - * Set the URL of the Request - * - * @param string $url url to set - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setUrl ($url); - - /** - * Add a cookie to the request. - * - * @param string $name name of cookie - * @param string $value value of cookie - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function addCookie ($name, $value); - - /** - * Add an array of cookies to the request. - * The cookie array is of the form - * array('cookie_name' => 'cookie_value', 'cookie_name2' => cookie_value2') - * - * @param array $cookies cookies to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function addCookies (array $cookies); - - /** - * Add a header string to the request. - * - * @param string $header header to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function addHeader ($header); - - /** - * Add an array of header strings to the request. - * - * @param array $headers headers to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function addHeaders (array $headers); - - /** - * Make the request a POST request rather than the default GET request. - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function makePost (); - - /** - * Add a POST body to the request - * - * @param string $body body to add - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setPostBody ($body); - - - /** - * Specify the path to an SSL CA certificate to validate the server with. - * - * @param string $caCertPath path to cert file - * @param boolean $validate_cn validate CN of SSL certificate - * - * @return void - * @throws CAS_OutOfSequenceException If called after the Request has been sent. - */ - public function setSslCaCert ($caCertPath, $validate_cn = true); - - - - /********************************************************* - * 2. Send the Request - *********************************************************/ - - /** - * Perform the request. - * - * @return bool TRUE on success, FALSE on failure. - * @throws CAS_OutOfSequenceException If called multiple times. - */ - public function send (); - - /********************************************************* - * 3. Access the response - *********************************************************/ - - /** - * Answer the headers of the response. - * - * @return array An array of header strings. - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseHeaders (); - - /** - * Answer HTTP status code of the response - * - * @return int - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseStatusCode (); - - /** - * Answer the body of response. - * - * @return string - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getResponseBody (); - - /** - * Answer a message describing any errors if the request failed. - * - * @return string - * @throws CAS_OutOfSequenceException If called before the Request has been sent. - */ - public function getErrorMessage (); -} diff --git a/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/AllowedListDiscovery.php b/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/AllowedListDiscovery.php deleted file mode 100644 index 39d269c..0000000 --- a/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/AllowedListDiscovery.php +++ /dev/null @@ -1,152 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - - -/** - * Class that gets the service base URL of the PHP server by HTTP header - * discovery and allowlist check. This is used to generate service URL - * and PGT callback URL. - * - * @class CAS_ServiceBaseUrl_AllowedListDiscovery - * @category Authentication - * @package PhpCAS - * @author Henry Pan - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -class CAS_ServiceBaseUrl_AllowedListDiscovery -extends CAS_ServiceBaseUrl_Base -{ - private $_list = array(); - - public function __construct($list) { - if (is_array($list)) { - if (count($list) === 0) { - throw new CAS_InvalidArgumentException('$list should not be empty'); - } - foreach ($list as $value) { - $this->allow($value); - } - } else { - throw new CAS_TypeMismatchException($list, '$list', 'array'); - } - } - - /** - * Add a base URL to the allowed list. - * - * @param $url protocol, host name and port to add to the allowed list - * - * @return void - */ - public function allow($url) - { - $this->_list[] = $this->removeStandardPort($url); - } - - /** - * Check if the server name is allowed by configuration. - * - * @param $name server name to check - * - * @return bool whether the allowed list contains the server name - */ - protected function isAllowed($name) - { - return in_array($name, $this->_list); - } - - /** - * Discover the server name through HTTP headers. - * - * We read: - * - HTTP header X-Forwarded-Host - * - HTTP header X-Forwarded-Server and X-Forwarded-Port - * - HTTP header Host and SERVER_PORT - * - PHP SERVER_NAME (which can change based on the HTTP server used) - * - * The standard port will be omitted (80 for HTTP, 443 for HTTPS). - * - * @return string the discovered, unsanitized server protocol, hostname and port - */ - protected function discover() - { - $isHttps = $this->isHttps(); - $protocol = $isHttps ? 'https' : 'http'; - $protocol .= '://'; - if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) { - // explode the host list separated by comma and use the first host - $hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST']); - // see rfc7239#5.3 and rfc7230#2.7.1: port is in HTTP_X_FORWARDED_HOST if non default - return $protocol . $hosts[0]; - } else if (!empty($_SERVER['HTTP_X_FORWARDED_SERVER'])) { - $server_url = $_SERVER['HTTP_X_FORWARDED_SERVER']; - } else { - if (empty($_SERVER['SERVER_NAME'])) { - $server_url = $_SERVER['HTTP_HOST']; - } else { - $server_url = $_SERVER['SERVER_NAME']; - } - } - if (!strpos($server_url, ':')) { - if (empty($_SERVER['HTTP_X_FORWARDED_PORT'])) { - $server_port = $_SERVER['SERVER_PORT']; - } else { - $ports = explode(',', $_SERVER['HTTP_X_FORWARDED_PORT']); - $server_port = $ports[0]; - } - - $server_url .= ':'; - $server_url .= $server_port; - } - return $protocol . $server_url; - } - - /** - * Get PHP server base URL. - * - * @return string the server protocol, hostname and port - */ - public function get() - { - phpCAS::traceBegin(); - $result = $this->removeStandardPort($this->discover()); - phpCAS::trace("Discovered server base URL: " . $result); - if ($this->isAllowed($result)) { - phpCAS::trace("Server base URL is allowed"); - phpCAS::traceEnd(true); - } else { - $result = $this->_list[0]; - phpCAS::trace("Server base URL is not allowed, using default: " . $result); - phpCAS::traceEnd(false); - } - return $result; - } -} diff --git a/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Base.php b/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Base.php deleted file mode 100644 index 6b4d3f3..0000000 --- a/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Base.php +++ /dev/null @@ -1,98 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Base class of CAS/ServiceBaseUrl that implements isHTTPS method. - * - * @class CAS_ServiceBaseUrl_Base - * @category Authentication - * @package PhpCAS - * @author Henry Pan - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -abstract class CAS_ServiceBaseUrl_Base -implements CAS_ServiceBaseUrl_Interface -{ - - /** - * Get PHP server name. - * - * @return string the server hostname and port of the server - */ - abstract public function get(); - - /** - * Check whether HTTPS is used. - * - * This is used to construct the protocol in the URL. - * - * @return bool true if HTTPS is used - */ - public function isHttps() { - if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) { - return ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https'); - } elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) { - return ($_SERVER['HTTP_X_FORWARDED_PROTOCOL'] === 'https'); - } elseif ( isset($_SERVER['HTTPS']) - && !empty($_SERVER['HTTPS']) - && strcasecmp($_SERVER['HTTPS'], 'off') !== 0 - ) { - return true; - } - return false; - } - - /** - * Remove standard HTTP and HTTPS port for discovery and allowlist input. - * - * @param $url URL as https://domain:port without trailing slash - * @return standardized URL, or the original URL - * @throws CAS_InvalidArgumentException if the URL does not include the protocol - */ - protected function removeStandardPort($url) { - if (strpos($url, "://") === false) { - throw new CAS_InvalidArgumentException( - "Configured base URL should include the protocol string: " . $url); - } - - $url = rtrim($url, '/'); - - if (strpos($url, "https://") === 0 && substr_compare($url, ':443', -4) === 0) { - return substr($url, 0, -4); - } - - if (strpos($url, "http://") === 0 && substr_compare($url, ':80', -3) === 0) { - return substr($url, 0, -3); - } - - return $url; - } - -} diff --git a/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Interface.php b/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Interface.php deleted file mode 100644 index 77cb2bd..0000000 --- a/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Interface.php +++ /dev/null @@ -1,61 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * An interface for classes that gets the server name of the PHP server. - * This is used to generate service URL and PGT callback URL. - * - * @class CAS_ServiceBaseUrl_Interface - * @category Authentication - * @package PhpCAS - * @author Henry Pan - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -interface CAS_ServiceBaseUrl_Interface -{ - - /** - * Get PHP HTTP protocol and server name. - * - * @return string protocol, server hostname, and optionally port, - * without trailing slash (https://localhost:8443) - */ - public function get(); - - /** - * Check whether HTTPS is used. - * - * This is used to construct the protocol in the URL. - * - * @return bool true if HTTPS is used - */ - public function isHttps(); - -} diff --git a/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Static.php b/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Static.php deleted file mode 100644 index 577ecb9..0000000 --- a/phpCAS-1.6.1/source/CAS/ServiceBaseUrl/Static.php +++ /dev/null @@ -1,69 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - - -/** - * Class that gets the server name of the PHP server by statically set - * hostname and port. This is used to generate service URL and PGT - * callback URL. - * - * @class CAS_ServiceBaseUrl_Static - * @category Authentication - * @package PhpCAS - * @author Henry Pan - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -class CAS_ServiceBaseUrl_Static -extends CAS_ServiceBaseUrl_Base -{ - private $_name = null; - - public function __construct($name) { - if (is_string($name)) { - $this->_name = $this->removeStandardPort($name); - } else { - throw new CAS_TypeMismatchException($name, '$name', 'string'); - } - } - - /** - * Get the server name through static config. - * - * @return string the server hostname and port of the server configured - */ - public function get() - { - phpCAS::traceBegin(); - phpCAS::trace("Returning static server name: " . $this->_name); - phpCAS::traceEnd(true); - return $this->_name; - } -} \ No newline at end of file diff --git a/phpCAS-1.6.1/source/CAS/Session/PhpSession.php b/phpCAS-1.6.1/source/CAS/Session/PhpSession.php deleted file mode 100644 index 031cbbc..0000000 --- a/phpCAS-1.6.1/source/CAS/Session/PhpSession.php +++ /dev/null @@ -1,45 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Empty class used as a default implementation for phpCAS. - * - * Implements the standard PHP session handler without no alterations. - * - * @class CAS_Session_PhpSession - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_Session_PhpSession extends SessionHandler implements SessionHandlerInterface -{ -} diff --git a/phpCAS-1.6.1/source/CAS/TypeMismatchException.php b/phpCAS-1.6.1/source/CAS/TypeMismatchException.php deleted file mode 100644 index 72bdc87..0000000 --- a/phpCAS-1.6.1/source/CAS/TypeMismatchException.php +++ /dev/null @@ -1,70 +0,0 @@ - - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ - -/** - * Exception that denotes invalid arguments were passed. - * - * @class CAS_InvalidArgumentException - * @category Authentication - * @package PhpCAS - * @author Adam Franco - * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 - * @link https://wiki.jasig.org/display/CASC/phpCAS - */ -class CAS_TypeMismatchException -extends CAS_InvalidArgumentException -{ - /** - * Constructor, provides a nice message. - * - * @param mixed $argument Argument - * @param string $argumentName Argument Name - * @param string $type Type - * @param string $message Error Message - * @param integer $code Code - * - * @return void - */ - public function __construct ( - $argument, $argumentName, $type, $message = '', $code = 0 - ) { - if (is_object($argument)) { - $foundType = get_class($argument).' object'; - } else { - $foundType = gettype($argument); - } - - parent::__construct( - 'type mismatched for parameter ' - . $argumentName . ' (should be \'' . $type .' \'), ' - . $foundType . ' given. ' . $message, $code - ); - } -} -?> diff --git a/session_verif.php b/session_verif.php deleted file mode 100644 index f1f83f6..0000000 --- a/session_verif.php +++ /dev/null @@ -1,58 +0,0 @@ -1,"msg"=>"Bonjour ".phpCAS::getUser()." !"]); - //return json_encode(["status"=>1,"msg"=>"Bonjour !"]); - -} - - -// fermez les yeux ici, j'ai pas la foi de faire un admin panel en entier -$ADMINS = array("mougnibas","rebillar"); - -function admin_seulement(){ - global $ADMINS; - if(!in_array(phpCAS::getUser(), $ADMINS)) { - header("Location: /index.php"); - } -} - - -?> \ No newline at end of file diff --git a/utilisateurs.php b/utilisateurs.php new file mode 100644 index 0000000..622e0be --- /dev/null +++ b/utilisateurs.php @@ -0,0 +1,93 @@ +connect_error) { + die("Connection failed: " . $conn->connect_error); +} + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + if (isset($_POST['delete'])) { + $id = $_POST['id']; + $stmt = $conn->prepare("DELETE FROM users WHERE id = ?"); + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt->close(); + } + + if (isset($_POST['update'])) { + $id = $_POST['id']; + $username = $_POST['username']; + $admin = isset($_POST['admin']) ? 1 : 0; + $stmt = $conn->prepare("UPDATE users SET username = ?, admin = ? WHERE id = ?"); + $stmt->bind_param("sii", $username, $admin, $id); + $stmt->execute(); + $stmt->close(); + } +} + +$result = $conn->query("SELECT id, username, admin FROM users"); +?> + + + + + + Admin Page + + + +

Admin Page

+ + + + + + + + fetch_assoc()): ?> + + + + + + + + + +
IDUsernameAdminActions
> + + + +
+ + + +close(); +?>