From f85dfac36db8943277827b966cfb24637aeaf314 Mon Sep 17 00:00:00 2001 From: afornerot Date: Tue, 30 Mar 2021 11:30:37 +0200 Subject: [PATCH] CAS authentification method --- application/config/config.php | 7 + application/controllers/Connection.php | 44 +++- composer.json | 3 +- composer.lock | 277 ++++++++++--------------- 4 files changed, 159 insertions(+), 172 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index 156463101..4d36d53af 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -540,6 +540,13 @@ $config['oauth2_client_id'] = ''; $config['oauth2_client_secret'] = ''; +//____________________________________________________________________________ +//CAS configuration +$config['cas_enabled'] = FALSE; +$config['cas_host'] = ""; +$config['cas_port'] = 443; +$config['cas_folder'] = ""; + //____________________________________________________________________________ //SAML configuration $config['saml_enabled'] = FALSE; diff --git a/application/controllers/Connection.php b/application/controllers/Connection.php index f35617e55..bbeaf509a 100644 --- a/application/controllers/Connection.php +++ b/application/controllers/Connection.php @@ -78,6 +78,10 @@ public function login() { if ($this->config->item('saml_enabled') === TRUE) { redirect('api/sso'); } + //The login form is not used with CAS authentication mode + if ($this->config->item('cas_enabled') === TRUE) { + redirect('api/cas'); + } //If we are already connected (login bookmarked), then redirect to home if ($this->session->userdata('logged_in') === TRUE) { redirect('home'); @@ -184,7 +188,20 @@ public function login() { */ public function logout() { $this->session->sess_destroy(); - redirect('session/login'); + + if ($this->config->item('cas_enabled') === TRUE) { + // Init Client CAS + @\phpCAS::client("2.0", $this->config->item('cas_host'), $this->config->item('cas_port'), $this->config->item('cas_folder'), false); + @\phpCAS::setNoCasServerValidation(); + + + // Logout + $url=$this->config->item('base_url')."/session/login"; + @\phpCAS::logout(array("service"=>$url)); + } + else { + redirect('session/login'); + } } /** @@ -448,4 +465,29 @@ public function acs() { } } + /** + * CAS SSO endpoint that starts the login via SSO + * @author arnaud FORNEROT + */ + public function cas() { + // Init Client CAS + @\phpCAS::client("2.0", $this->config->item('cas_host'), $this->config->item('cas_port'), $this->config->item('cas_folder'), false); + @\phpCAS::setNoCasServerValidation(); + + // Authentification + @\phpCAS::forceAuthentication(); + + // Récupération UID + $user = @\phpCAS::getUser(); + + // Authentification dans Jorani + $this->load->model('users_model'); + $loggedin = $this->users_model->checkCredentialsLDAP($user); + if ($loggedin === TRUE) { + $this->redirectToLastPage(); + } + else { + echo "
Votre compte n'existe pas dans Jorani
Vous devez demander à un administrateur de créer votre compte si vous souhaitez y accèder.
"; + } + } } diff --git a/composer.json b/composer.json index 6ca9716f8..c0cab741e 100644 --- a/composer.json +++ b/composer.json @@ -23,7 +23,8 @@ "respect/validation": "^1.1.31", "onelogin/php-saml": "^3.4.1", "zircote/swagger-php": "^3.0.1", - "phpmailer/phpmailer": "^6.1.8" + "phpmailer/phpmailer": "^6.1.8", + "jasig/phpcas": "^1.3" }, "require-dev": { "guzzlehttp/guzzle": "^6.3.3", diff --git a/composer.lock b/composer.lock index fddfee502..d19c3041e 100644 --- a/composer.lock +++ b/composer.lock @@ -1,10 +1,10 @@ { "_readme": [ "This file locks the dependencies of your project to a known state", - "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "a2eaaf8487953815731c14317d1b841e", + "content-hash": "fd85fa41ead2e65712d0330f0c4de25e", "packages": [ { "name": "bshaffer/oauth2-server-php", @@ -194,20 +194,6 @@ "parser", "php" ], - "funding": [ - { - "url": "https://www.doctrine-project.org/sponsorship.html", - "type": "custom" - }, - { - "url": "https://www.patreon.com/phpdoctrine", - "type": "patreon" - }, - { - "url": "https://tidelift.com/funding/github/packagist/doctrine%2Flexer", - "type": "tidelift" - } - ], "time": "2020-05-25T17:44:05+00:00" }, { @@ -399,6 +385,63 @@ ], "time": "2020-09-30T07:37:11+00:00" }, + { + "name": "jasig/phpcas", + "version": "1.3.9", + "source": { + "type": "git", + "url": "https://github.com/apereo/phpCAS.git", + "reference": "7325865c4cfb5005ed4e4c5cf01823be1726a2a0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/apereo/phpCAS/zipball/7325865c4cfb5005ed4e4c5cf01823be1726a2a0", + "reference": "7325865c4cfb5005ed4e4c5cf01823be1726a2a0", + "shasum": "" + }, + "require": { + "ext-curl": "*", + "php": ">=5.4.0", + "psr/log": "^1.0.0" + }, + "require-dev": { + "monolog/monolog": "^1.0.0", + "phpunit/phpunit": ">=4.8.35 <8" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.3.x-dev" + } + }, + "autoload": { + "classmap": [ + "source/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "Apache-2.0" + ], + "authors": [ + { + "name": "Joachim Fritschi", + "homepage": "https://wiki.jasig.org/display/~fritschi" + }, + { + "name": "Adam Franco", + "homepage": "https://wiki.jasig.org/display/~adamfranco" + } + ], + "description": "Provides a simple API for authenticating users against a CAS server", + "homepage": "https://wiki.jasig.org/display/CASC/phpCAS", + "keywords": [ + "apereo", + "cas", + "jasig" + ], + "time": "2021-01-31T21:13:59+00:00" + }, { "name": "jpgraph/jpgraph", "version": "4.0.2", @@ -617,12 +660,6 @@ "stream", "zip" ], - "funding": [ - { - "url": "https://opencollective.com/zipstream", - "type": "open_collective" - } - ], "time": "2020-05-30T13:11:16+00:00" }, { @@ -992,12 +1029,6 @@ } ], "description": "PHPMailer is a full-featured email creation and transfer class for PHP", - "funding": [ - { - "url": "https://github.com/synchro", - "type": "github" - } - ], "time": "2020-10-09T14:55:58+00:00" }, { @@ -1185,20 +1216,6 @@ "x.509", "x509" ], - "funding": [ - { - "url": "https://github.com/terrafrost", - "type": "github" - }, - { - "url": "https://www.patreon.com/phpseclib", - "type": "patreon" - }, - { - "url": "https://tidelift.com/funding/github/packagist/phpseclib/phpseclib", - "type": "tidelift" - } - ], "time": "2020-09-08T04:24:43+00:00" }, { @@ -1352,6 +1369,53 @@ ], "time": "2016-08-06T14:39:51+00:00" }, + { + "name": "psr/log", + "version": "1.1.3", + "source": { + "type": "git", + "url": "https://github.com/php-fig/log.git", + "reference": "0f73288fd15629204f9d42b7055f72dacbe811fc" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/log/zipball/0f73288fd15629204f9d42b7055f72dacbe811fc", + "reference": "0f73288fd15629204f9d42b7055f72dacbe811fc", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.1.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Log\\": "Psr/Log/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "http://www.php-fig.org/" + } + ], + "description": "Common interface for logging libraries", + "homepage": "https://github.com/php-fig/log", + "keywords": [ + "log", + "psr", + "psr-3" + ], + "time": "2020-03-23T09:12:05+00:00" + }, { "name": "psr/simple-cache", "version": "1.0.1", @@ -1799,20 +1863,6 @@ ], "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-09-07T11:33:47+00:00" }, { @@ -1862,20 +1912,6 @@ ], "description": "Symfony Finder Component", "homepage": "https://symfony.com", - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-09-02T16:23:27+00:00" }, { @@ -1938,20 +1974,6 @@ "polyfill", "portable" ], - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-07-14T12:35:20+00:00" }, { @@ -2023,20 +2045,6 @@ "portable", "shim" ], - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-08-04T06:02:08+00:00" }, { @@ -2104,20 +2112,6 @@ "portable", "shim" ], - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-07-14T12:35:20+00:00" }, { @@ -2181,20 +2175,6 @@ "portable", "shim" ], - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-07-14T12:35:20+00:00" }, { @@ -2258,20 +2238,6 @@ "portable", "shim" ], - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-07-14T12:35:20+00:00" }, { @@ -2331,20 +2297,6 @@ "portable", "shim" ], - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-07-14T12:35:20+00:00" }, { @@ -2408,20 +2360,6 @@ ], "description": "Symfony Yaml Component", "homepage": "https://symfony.com", - "funding": [ - { - "url": "https://symfony.com/sponsor", - "type": "custom" - }, - { - "url": "https://github.com/fabpot", - "type": "github" - }, - { - "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", - "type": "tidelift" - } - ], "time": "2020-09-27T03:44:28+00:00" }, { @@ -2551,6 +2489,5 @@ "prefer-stable": false, "prefer-lowest": false, "platform": [], - "platform-dev": [], - "plugin-api-version": "1.1.0" + "platform-dev": [] }