From 1d53eb07e4ee4d28807983e900d268f20fb71284 Mon Sep 17 00:00:00 2001 From: Roussel Xavier Date: Mon, 16 Feb 2015 12:29:12 +0100 Subject: [PATCH 01/10] updated composer for laravel 5 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 7b15239..f9d8b79 100644 --- a/composer.json +++ b/composer.json @@ -11,7 +11,7 @@ ], "require": { "php": ">=5.3.0", - "illuminate/support": "4.x", + "illuminate/support": "4.*|5.*", "jasig/phpcas": "1.3.3" }, "autoload": { From 6fc8e2775c95e655ff9730090c4e825b828fad20 Mon Sep 17 00:00:00 2001 From: Roussel Xavier Date: Mon, 16 Feb 2015 16:22:52 +0100 Subject: [PATCH 02/10] change config --- src/Xavrsl/Cas/CasManager.php | 51 ++--------- src/Xavrsl/Cas/CasServiceProvider.php | 13 ++- src/config/cas.php | 122 ++++++++++++++++++++++++++ src/config/config.php | 105 ---------------------- 4 files changed, 135 insertions(+), 156 deletions(-) create mode 100644 src/config/cas.php delete mode 100644 src/config/config.php diff --git a/src/Xavrsl/Cas/CasManager.php b/src/Xavrsl/Cas/CasManager.php index 7ad2986..5923935 100644 --- a/src/Xavrsl/Cas/CasManager.php +++ b/src/Xavrsl/Cas/CasManager.php @@ -13,7 +13,7 @@ class CasManager { * * @var array */ - protected $connections = array(); + protected $connection; /** * @var \Illuminate\Auth\AuthManager */ @@ -41,14 +41,14 @@ function __construct(Array $config, AuthManager $auth, SessionManager $session) * @param string $name * @return Xavrsl\Cas\Directory */ - public function connection($name = null) + public function connection() { - if ( ! isset($this->connections[$name])) + if ( empty($this->connection)) { - $this->connections[$name] = $this->createConnection($name); + $this->connection = $this->createConnection(); } - return $this->connections[$name]; + return $this->connection; } /** @@ -57,48 +57,13 @@ public function connection($name = null) * @param string $name * @return Xavrsl\Cas\Sso */ - protected function createConnection($name) + protected function createConnection() { - $config = $this->getConfig($name); - - $connection = new Sso($config, $this->auth, $this->session); + $connection = new Sso($this->config, $this->auth, $this->session); return $connection; } - /** - * Get the configuration for a connection. - * - * @param string $name - * @return array - */ - protected function getConfig($name) - { - $name = $name ?: $this->getDefaultConnection(); - - // To get the database connection configuration, we will just pull each of the - // connection configurations and get the configurations for the given name. - // If the configuration doesn't exist, we'll throw an exception and bail. - $connections = $this->config; - - if (is_null($config = array_get($connections, $name))) - { - throw new \InvalidArgumentException("Cas [$name] not configured."); - } - - return $config; - } - - /** - * Get the default connection name. - * - * @return string - */ - protected function getDefaultConnection() - { - return 'default'; - } - /** * Dynamically pass methods to the default connection. * @@ -111,4 +76,4 @@ public function __call($method, $parameters) return call_user_func_array(array($this->connection(), $method), $parameters); } -} \ No newline at end of file +} diff --git a/src/Xavrsl/Cas/CasServiceProvider.php b/src/Xavrsl/Cas/CasServiceProvider.php index d280a65..8351ca8 100644 --- a/src/Xavrsl/Cas/CasServiceProvider.php +++ b/src/Xavrsl/Cas/CasServiceProvider.php @@ -15,11 +15,6 @@ class CasServiceProvider extends ServiceProvider { */ protected $defer = false; -// function __construct(SessionManager $session) -// { -// $this->session = $session; -// } - /** * Bootstrap the application events. * @@ -27,7 +22,9 @@ class CasServiceProvider extends ServiceProvider { */ public function boot() { - $this->package('xavrsl/cas'); + $this->publishes([ + __DIR__.'/../../config/cas.php' => config_path('cas.php'), + ]); } /** @@ -39,7 +36,7 @@ public function register() { $this->app['cas'] = $this->app->share(function() { - $config = Config::get('cas::config'); + $config = $this->app['config']->get('cas'); $auth = App::make('auth'); $session = App::make('session'); return new CasManager($config, $auth, $session); @@ -56,4 +53,4 @@ public function provides() return array('cas'); } -} \ No newline at end of file +} diff --git a/src/config/cas.php b/src/config/cas.php new file mode 100644 index 0000000..0c117b1 --- /dev/null +++ b/src/config/cas.php @@ -0,0 +1,122 @@ + env('CAS_HOSTNAME'), + + + /* + |-------------------------------------------------------------------------- + | Use as Cas proxy ? + |-------------------------------------------------------------------------- + */ + + 'cas_proxy' => env('CAS_PROXY', false), + + + /* + |-------------------------------------------------------------------------- + | Enable service to be proxied + |-------------------------------------------------------------------------- + | + | Example: + | phpCAS::allowProxyChain(new CAS_ProxyChain(array( + | '/^https:\/\/app[0-9]\.example\.com\/rest\//', + | 'http://client.example.com/' + | ))); + | For the exemple above: + | 'cas_service' => array('/^https:\/\/app[0-9]\.example\.com\/rest\//','http://client.example.com/'), + */ + + 'cas_service' => array(), + + + /* + |-------------------------------------------------------------------------- + | Cas Port + |-------------------------------------------------------------------------- + | + | Usually 443 is default + | + */ + + 'cas_port' => env('CAS_PORT', 443), + + + /* + |-------------------------------------------------------------------------- + | CAS URI + |-------------------------------------------------------------------------- + | + | Sometimes is /cas + | + */ + + 'cas_uri' => env('CAS_URI', ''), + + + /* + |-------------------------------------------------------------------------- + | CAS Validation + |-------------------------------------------------------------------------- + | + | CAS server SSL validation: 'self' for self-signed certificate, 'ca' for + | certificate from a CA, empty for no SSL validation. + | + */ + + 'cas_validation' => env('CAS_VALIDATION', ''), + + + /* + |-------------------------------------------------------------------------- + | CAS Certificate + |-------------------------------------------------------------------------- + | + | Path to the CAS certificate file + | + */ + + 'cas_cert' => env('CAS_CERT', ''), + + + /* + |-------------------------------------------------------------------------- + | CAS Login URL + |-------------------------------------------------------------------------- + | + | Empty is fine + | + */ + + 'cas_login_url' => env('CAS_LOGIN_URL', ''), + + + /* + |-------------------------------------------------------------------------- + | CAS Logout URL + |-------------------------------------------------------------------------- + */ + + 'cas_logout_url' => env('CAS_LOGOUT_URL', ''), + + /* + |-------------------------------------------------------------------------- + | Pretend to be a CAS user + |-------------------------------------------------------------------------- + | + | This is useful in development mode. CAS is not called at all, only user + | is set. + | + */ + + 'cas_pretend_user' => env('CAS_PRETEND_USER', '') +]; diff --git a/src/config/config.php b/src/config/config.php deleted file mode 100644 index 6d53a28..0000000 --- a/src/config/config.php +++ /dev/null @@ -1,105 +0,0 @@ - array( - - /* - |-------------------------------------------------------------------------- - | PHPCas Hostname - |-------------------------------------------------------------------------- - | - | Exemple: 'cas.myuniv.edu'. - | - */ - - 'cas_hostname' => 'cas.domain.fr', - - /* - |-------------------------------------------------------------------------- - | Use as Cas proxy ? - |-------------------------------------------------------------------------- - */ - - 'cas_proxy' => false, - - /* - |-------------------------------------------------------------------------- - | Enable service to be proxied - |-------------------------------------------------------------------------- - | - | Example: - | phpCAS::allowProxyChain(new CAS_ProxyChain(array( - | '/^https:\/\/app[0-9]\.example\.com\/rest\//', - | 'http://client.example.com/' - | ))); - | For the exemple above: - | 'cas_service' => array('/^https:\/\/app[0-9]\.example\.com\/rest\//','http://client.example.com/'), - */ - - 'cas_service' => array(), - - /* - |-------------------------------------------------------------------------- - | Cas Port - |-------------------------------------------------------------------------- - | - | Usually 443 is default - | - */ - - 'cas_port' => 443, - - /* - |-------------------------------------------------------------------------- - | CAS URI - |-------------------------------------------------------------------------- - | - | Sometimes is /cas - | - */ - - 'cas_uri' => '', - - /* - |-------------------------------------------------------------------------- - | CAS Validation - |-------------------------------------------------------------------------- - | - | CAS server SSL validation: 'self' for self-signed certificate, 'ca' for - | certificate from a CA, empty for no SSL validation. - | - */ - - 'cas_validation' => '', - - /* - |-------------------------------------------------------------------------- - | CAS Certificate - |-------------------------------------------------------------------------- - | - | Path to the CAS certificate file - | - */ - - 'cas_cert' => '/path/to/cert/file', - - /* - |-------------------------------------------------------------------------- - | CAS Login URI - |-------------------------------------------------------------------------- - | - | Empty is fine - | - */ - - 'cas_login_url' => '', - - /* - |-------------------------------------------------------------------------- - | CAS Logout URI - |-------------------------------------------------------------------------- - */ - - 'cas_logout_url' => 'https://cas.domain.fr/logout?service=%s', - ) -); From f7ca6763c6169566e0919e89d85ca9e2e39a9bc0 Mon Sep 17 00:00:00 2001 From: Xavier Roussel Date: Tue, 17 Feb 2015 10:51:56 +0100 Subject: [PATCH 03/10] Laravel 5 working status - #14 --- src/Xavrsl/Cas/CasManager.php | 2 -- src/Xavrsl/Cas/Sso.php | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/src/Xavrsl/Cas/CasManager.php b/src/Xavrsl/Cas/CasManager.php index 5923935..8fc326c 100644 --- a/src/Xavrsl/Cas/CasManager.php +++ b/src/Xavrsl/Cas/CasManager.php @@ -38,7 +38,6 @@ function __construct(Array $config, AuthManager $auth, SessionManager $session) /** * Get a Cas connection instance. * - * @param string $name * @return Xavrsl\Cas\Directory */ public function connection() @@ -54,7 +53,6 @@ public function connection() /** * Create the given connection by name. * - * @param string $name * @return Xavrsl\Cas\Sso */ protected function createConnection() diff --git a/src/Xavrsl/Cas/Sso.php b/src/Xavrsl/Cas/Sso.php index 57b34a1..b663b7d 100644 --- a/src/Xavrsl/Cas/Sso.php +++ b/src/Xavrsl/Cas/Sso.php @@ -1,4 +1,5 @@ Date: Tue, 17 Feb 2015 11:34:42 +0100 Subject: [PATCH 04/10] Update composer json --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index f9d8b79..5fe3a2e 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,6 @@ { "name": "xavrsl/cas", - "description": "Add CAS server SSO authentication to laravel 4.x", + "description": "Add CAS server SSO authentication to Laravel 4 and 5", "keywords": ["CAS", "phpCAS", "SSO", "laravel"], "license": "MIT", "authors": [ From d7f09200d667dc87c7f326582a80767da0248084 Mon Sep 17 00:00:00 2001 From: Roussel Xavier Date: Tue, 17 Feb 2015 17:13:07 +0100 Subject: [PATCH 05/10] Cleaner, framework agnostic, no session, no auth --- src/Xavrsl/Cas/CasAuthenticationException.php | 5 + src/Xavrsl/Cas/CasManager.php | 16 +- src/Xavrsl/Cas/CasServiceProvider.php | 17 +- src/Xavrsl/Cas/Sso.php | 231 ++++++++---------- src/config/cas.php | 66 ++--- 5 files changed, 144 insertions(+), 191 deletions(-) create mode 100644 src/Xavrsl/Cas/CasAuthenticationException.php diff --git a/src/Xavrsl/Cas/CasAuthenticationException.php b/src/Xavrsl/Cas/CasAuthenticationException.php new file mode 100644 index 0000000..693203d --- /dev/null +++ b/src/Xavrsl/Cas/CasAuthenticationException.php @@ -0,0 +1,5 @@ +config = $config; - $this->auth = $auth; - $this->session = $session; } /** @@ -57,7 +45,7 @@ public function connection() */ protected function createConnection() { - $connection = new Sso($this->config, $this->auth, $this->session); + $connection = new Sso($this->config); return $connection; } diff --git a/src/Xavrsl/Cas/CasServiceProvider.php b/src/Xavrsl/Cas/CasServiceProvider.php index 8351ca8..5fbc64c 100644 --- a/src/Xavrsl/Cas/CasServiceProvider.php +++ b/src/Xavrsl/Cas/CasServiceProvider.php @@ -1,22 +1,11 @@ app['cas'] = $this->app->share(function() { $config = $this->app['config']->get('cas'); - $auth = App::make('auth'); - $session = App::make('session'); - return new CasManager($config, $auth, $session); + return new CasManager($config); }); } diff --git a/src/Xavrsl/Cas/Sso.php b/src/Xavrsl/Cas/Sso.php index b663b7d..5f8d269 100644 --- a/src/Xavrsl/Cas/Sso.php +++ b/src/Xavrsl/Cas/Sso.php @@ -1,7 +1,5 @@ config = $config; - $this->auth = $auth; - $this->session = $session; - $this->cas_init(); + $this->initializeCas(); } /** - * Authenticates the user based on the current request. + * Make PHPCAS Initialization * - * If authentication is successful, true must be returned. - * If authentication fails, an exception must be thrown. + * Initialize a PHPCAS token request * - * @return bool + * @return none */ - public function authenticate() + private function initializeCas() { - // attempt to authenticate with CAS server - if (phpCAS::forceAuthentication()) { - // retrieve authenticated credentials - $this->setRemoteUser(); - return true; - } else return false; + $this->configureDebug(); + // initialize CAS client + $this->configureCasClient(); + + $this->configureSslValidation(); + phpCAS::handleLogoutRequests(); + + $this->configureProxyChain(); } /** - * Checks to see is user is authenticated - * - * @return bool + * Configure CAS debug */ - public function isAuthenticated(){ - return $this->isAuthenticated; + private function configureDebug() + { + if($debug = $this->config['cas_debug']) + { + $path = (gettype($debug) == 'string') ? $debug : false; + phpCAS::setDebug($path); + } } - /** - * Returns information about the currently logged in user. - * - * If nobody is currently logged in, this method should return null. + * Configure CAS Client * - * @return array|null */ - public function getCurrentUser() { - return $this->remoteUser; + private function configureCasClient() + { + $method = !$this->config['cas_proxy'] ? 'client' : 'proxy'; + // Last argument of method (proxy or client) is $changeSessionID. It is true by default. It means it will + // override the framework's session_id. This allows for Single Sign Out. And it means that there is no point + // in using the framework's session and authentication objects. If CAS destroys the session, it will destroy it + // for everyone and you only need to deal with one session. + phpCAS::$method( + !$this->config['cas_saml'] ? CAS_VERSION_2_0 : SAML_VERSION_1_1, + $this->config['cas_hostname'], + $this->config['cas_port'], + $this->config['cas_uri'] + ); } /** - * getCurrentUser Alias + * Configure SSL Validation * - * @return array|null + * Having some kind of server cert validation in production + * is highly recommended. */ - public function user(){ - return $this->getCurrentUser(); + private function configureSslValidation() + { + // set SSL validation for the CAS server + if ($this->config['cas_validation'] == 'self') + { + phpCAS::setCasServerCert($this->config['cas_cert']); + } + else if ($this->config['cas_validation'] == 'ca') + { + phpCAS::setCasServerCACert($this->config['cas_cert']); + } + else + { + phpCAS::setNoCasServerValidation(); + } } /** - * This method is used to logout from CAS - * - * @param string $service a URL that will be transmitted to the CAS server to do a redirect after logout * - * @return none */ - public function logout($service = "") + private function configureProxyChain() { - if(phpCAS::isSessionAuthenticated()) { - if ($this->auth->check()) - { - $this->auth->logout(); - } - $this->session->flush(); - if($service != "") - { - phpCAS::logoutWithRedirectService($service); - } - else - { - phpCAS::logout(); - } - exit; + if (is_array($this->config['cas_proxied_services']) && !empty($this->config['cas_proxied_services'])) + { + phpCAS::allowProxyChain(new \CAS_ProxyChain($this->config['cas_proxied_services'])); } } - /** - * Make PHPCAS Initialization + * Authenticates the user based on the current request. * - * Initialize a PHPCAS token request + * If authentication fails, an exception must be thrown. * - * @return none + * @throws CasAuthenticationException */ - private function cas_init() { - // initialize CAS client - if($this->config['cas_proxy']) + public function authenticate() + { + try { - $this->configureCasProxy(); - $this->configureSslValidation(); + phpCAS::forceAuthentication(); } - else + catch(\Exception $e) { - $this->configureCasClient(); - $this->configureSslValidation(); - $this->detect_authentication(); - } - - // set service URL for authorization with CAS server - //\phpCAS::setFixedServiceURL(); - - if (!empty($this->config['cas_service'])) { - phpCAS::allowProxyChain(new \CAS_ProxyChain_Any); + throw new CasAuthenticationException; } - - // set login and logout URLs of the CAS server - phpCAS::setServerLoginURL($this->config['cas_login_url']); - phpCAS::setServerLogoutURL($this->config['cas_logout_url']); - - } /** - * Configure CAS Proxy + * Checks to see is user is authenticated + * + * @return bool */ - private function configureCasProxy() + public function isAuthenticated() { - phpCAS::proxy(CAS_VERSION_2_0, $this->config['cas_hostname'], $this->config['cas_port'], $this->config['cas_uri'], false); - - // set URL for PGT callback - phpCAS::setFixedCallbackURL($this->generate_url(array('action' => 'pgtcallback'))); - - // set PGT storage - phpCAS::setPGTStorageFile('xml', $this->config['cas_pgt_dir']); + return phpCAS::isAuthenticated(); } + /** - * Configure CAS Client + * Returns information about the currently logged in user. * + * If nobody is currently logged in, this method should return null. + * + * @return array|null */ - private function configureCasClient() + public function getCurrentUser() { - phpCAS::client(CAS_VERSION_2_0, $this->config['cas_hostname'], $this->config['cas_port'], $this->config['cas_uri'], false); + return phpCAS::getUser(); } - private function configureSslValidation() + /** + * getCurrentUser Alias + * + * @return array|null + */ + public function user() { - // set SSL validation for the CAS server - if ($this->config['cas_validation'] == 'self') { - phpCAS::setCasServerCert($this->config['cas_cert']); - } else if ($this->config['cas_validation'] == 'ca') { - phpCAS::setCasServerCACert($this->config['cas_cert']); - } else { - phpCAS::setNoCasServerValidation(); - } + return phpCAS::getUser(); } - /** - * Set Remote User + * This method is used to logout from CAS + * + * @param array ['url' => 'http://...'] || ['service' => ...] + * + * @return none */ - private function setRemoteUser(){ - $this->remoteUser = phpCAS::getUser(); - } - - private function detect_authentication() + public function logout($params = array()) { - $this->isAuthenticated = phpCAS::isAuthenticated(); - - if ($this->isAuthenticated) { - $this->setRemoteUser(); + if(phpCAS::isAuthenticated()) + { + $this->initializeCas(); } + phpCAS::logout($params); + exit; } + } diff --git a/src/config/cas.php b/src/config/cas.php index 0c117b1..9c39242 100644 --- a/src/config/cas.php +++ b/src/config/cas.php @@ -3,40 +3,27 @@ return [ /* |-------------------------------------------------------------------------- - | PHPCas Hostname + | PHPCas Debug |-------------------------------------------------------------------------- | - | Exemple: 'cas.myuniv.edu'. + | Example : '/var/log/phpCas.log' + | or true for default location (/tmp/phpCAS.log) | */ - 'cas_hostname' => env('CAS_HOSTNAME'), - - - /* - |-------------------------------------------------------------------------- - | Use as Cas proxy ? - |-------------------------------------------------------------------------- - */ - - 'cas_proxy' => env('CAS_PROXY', false), + 'cas_debug' => env('CAS_DEBUG', false), /* |-------------------------------------------------------------------------- - | Enable service to be proxied + | PHPCas Hostname |-------------------------------------------------------------------------- | - | Example: - | phpCAS::allowProxyChain(new CAS_ProxyChain(array( - | '/^https:\/\/app[0-9]\.example\.com\/rest\//', - | 'http://client.example.com/' - | ))); - | For the exemple above: - | 'cas_service' => array('/^https:\/\/app[0-9]\.example\.com\/rest\//','http://client.example.com/'), + | Exemple: 'cas.myuniv.edu'. + | */ - 'cas_service' => array(), + 'cas_hostname' => env('CAS_HOSTNAME'), /* @@ -90,33 +77,52 @@ /* |-------------------------------------------------------------------------- - | CAS Login URL + | Pretend to be a CAS user |-------------------------------------------------------------------------- | - | Empty is fine + | This is useful in development mode. CAS is not called at all, only user + | is set. | */ - 'cas_login_url' => env('CAS_LOGIN_URL', ''), + 'cas_pretend_user' => env('CAS_PRETEND_USER', ''), + + /* + |-------------------------------------------------------------------------- + | Use as Cas proxy ? + |-------------------------------------------------------------------------- + */ + + 'cas_proxy' => env('CAS_PROXY', false), /* |-------------------------------------------------------------------------- - | CAS Logout URL + | Enable service to be proxied |-------------------------------------------------------------------------- + | + | Example: + | phpCAS::allowProxyChain(new CAS_ProxyChain(array( + | '/^https:\/\/app[0-9]\.example\.com\/rest\//', + | 'http://client.example.com/' + | ))); + | For the exemple above: + | 'cas_proxied_services' => array('/^https:\/\/app[0-9]\.example\.com\/rest\//','http://client.example.com/'), */ - 'cas_logout_url' => env('CAS_LOGOUT_URL', ''), + 'cas_proxied_services' => array(), /* |-------------------------------------------------------------------------- - | Pretend to be a CAS user + | Use SAML to retrieve user attributes |-------------------------------------------------------------------------- | - | This is useful in development mode. CAS is not called at all, only user - | is set. + | Cas can be configured to return more than just the username to a given + | service. It could for example use an LDAP backend to return the first name, + | last name, and email of the user. This can be activated on the client side + | by setting 'cas_saml' to true. | */ - 'cas_pretend_user' => env('CAS_PRETEND_USER', '') + 'cas_saml' => env('CAS_SAML', false) ]; From ddfacb34860e6393994279dc25ee12ef21c3032f Mon Sep 17 00:00:00 2001 From: Roussel Xavier Date: Tue, 17 Feb 2015 17:24:43 +0100 Subject: [PATCH 06/10] Typo and code cleanup --- src/Xavrsl/Cas/Sso.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Xavrsl/Cas/Sso.php b/src/Xavrsl/Cas/Sso.php index 5f8d269..42286b5 100644 --- a/src/Xavrsl/Cas/Sso.php +++ b/src/Xavrsl/Cas/Sso.php @@ -29,7 +29,7 @@ function __construct($config) /** * Make PHPCAS Initialization * - * Initialize a PHPCAS token request + * Initialize phpCAS before authentication * * @return none */ @@ -99,9 +99,10 @@ private function configureSslValidation() } } - /** + * Configure Cas Proxy Chain * + * Cas can proxy services. Here you can specify which ones are allowed. */ private function configureProxyChain() { @@ -172,7 +173,7 @@ public function user() */ public function logout($params = array()) { - if(phpCAS::isAuthenticated()) + if(!phpCAS::isAuthenticated()) { $this->initializeCas(); } From 234d3986075696142ba490ba45a4bc23115d1145 Mon Sep 17 00:00:00 2001 From: Roussel Xavier Date: Tue, 17 Feb 2015 17:40:59 +0100 Subject: [PATCH 07/10] get Debug working --- src/Xavrsl/Cas/Sso.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/Xavrsl/Cas/Sso.php b/src/Xavrsl/Cas/Sso.php index 42286b5..870cd61 100644 --- a/src/Xavrsl/Cas/Sso.php +++ b/src/Xavrsl/Cas/Sso.php @@ -52,7 +52,7 @@ private function configureDebug() { if($debug = $this->config['cas_debug']) { - $path = (gettype($debug) == 'string') ? $debug : false; + $path = (gettype($debug) == 'string') ? $debug : ''; phpCAS::setDebug($path); } } @@ -164,6 +164,16 @@ public function user() return phpCAS::getUser(); } + /** + * getAttributes' simple wrapper + * + * @return array|null + */ + public function getAttributes() + { + return phpCAS::getAttributes(); + } + /** * This method is used to logout from CAS * From ebc8631658dbc725cb7af52a211ab44e3bd5eafa Mon Sep 17 00:00:00 2001 From: Roussel Xavier Date: Tue, 17 Feb 2015 17:42:41 +0100 Subject: [PATCH 08/10] CAS_PRETEND_USER not yet implemented --- src/config/cas.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/config/cas.php b/src/config/cas.php index 9c39242..11d9d28 100644 --- a/src/config/cas.php +++ b/src/config/cas.php @@ -82,6 +82,7 @@ | | This is useful in development mode. CAS is not called at all, only user | is set. + | (NOT YET IMPLEMENTED !!) | */ From 9328edd9a1dd16eaab320b459453c446cd92a1ce Mon Sep 17 00:00:00 2001 From: XavRsl Date: Tue, 3 Mar 2015 06:51:58 +0100 Subject: [PATCH 09/10] Add Laravel 5 installation notes --- README.md | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index ff0ce87..3eae0ca 100644 --- a/README.md +++ b/README.md @@ -1,30 +1,44 @@ -cas +CAS === -CAS server SSO authentication in laravel 4.x +CAS server SSO authentication in Laravel 4.x & 5.x ## Installation -Require this package in your composer.json and run composer update (or run `composer require xavrsl/cas:dev-master` directly): +Require this package in your composer.json and run composer update. - "xavrsl/cas": "dev-master" +For Laravel 4 use v1.1.* : -After updating composer, add the ServiceProvider to the providers array in app/config/app.php + "xavrsl/cas": "1.1.*" - 'Xavrsl\Cas\CasServiceProvider', +For Laravel 5 use v1.2.* : -As well as the Facade : + "xavrsl/cas": "1.2.*" +After updating composer, add the ServiceProvider to the providers array in app/config/app.php +```php + 'Xavrsl\Cas\CasServiceProvider', +``` +As well as the Facade : +```php 'Cas' => 'Xavrsl\Cas\Facades\Cas', +``` +Then publish the package's config using one of those methods : -You need to publish the conf so you will ffind it in app/config/packages/xavrsl/cas/ - +For Laravel 4 : +``` $ php artisan config:publish xavrsl/cas +``` + +For Laravel 5 : +``` + $ php artisan vendor:publish +``` Configuration == -Configuration should be pretty straightforward for anyone who's ever used the PHPCas client. However, I've added the possibility to easily turn your application into a CAS Proxy, a CAS Service or both. You only need to set the cas_proxy setting to true (if you need to proxy services) and set the cas_service to whatever proxy you want to allow (this is all explained in the config file). +Configuration should be pretty straightforward for anyone who's ever used the phpCAS client. However, I've added the possibility to easily turn your application into a CAS Proxy, a CAS Service or both. You only need to set the cas_proxy setting to true (if you need to proxy services) and set the cas_service to whatever proxy you want to allow (this is all explained in the config file). Usage == From b54f320a13a6d450cbb8f1e9b231593522c15efe Mon Sep 17 00:00:00 2001 From: Roussel Xavier Date: Mon, 4 May 2015 12:14:41 +0200 Subject: [PATCH 10/10] Add cas_pretend_user variable --- README.md | 31 +++++++++++++------------------ src/Xavrsl/Cas/Sso.php | 30 +++++++++++++++++++++++++++++- 2 files changed, 42 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 3eae0ca..f87938e 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ CAS server SSO authentication in Laravel 4.x & 5.x ## Installation -Require this package in your composer.json and run composer update. +Require this package in your composer.json and run composer update. For Laravel 4 use v1.1.* : @@ -38,33 +38,28 @@ For Laravel 5 : Configuration == -Configuration should be pretty straightforward for anyone who's ever used the phpCAS client. However, I've added the possibility to easily turn your application into a CAS Proxy, a CAS Service or both. You only need to set the cas_proxy setting to true (if you need to proxy services) and set the cas_service to whatever proxy you want to allow (this is all explained in the config file). +Configuration should be pretty straightforward for anyone who's ever used the phpCAS client. Using the .env file will allow you to have different environments without even touching the cas.php config file. I've added the possibility to easily turn your application into a CAS Proxy, a CAS Service or both. You only need to set the cas_proxy setting to true (if you need to proxy services) and set the cas_service to whatever proxy you want to allow (this is all explained in the config file). + +A new config variable (cas_pretend_user) available in the 1.2 release allows you to pretend to be a selected CAS user. The idea came with the usage of laravel homestead. My application was running on a private network, on a fake domain. The CAS server was not able to redirect to that application. So activating the CAS plugin on that application was not possible, but I needed a user id to query my LDAP and allow/disallow the user in my application. You only need to give it a user id and the application will act just as if you ware logged in with that CAS user. Usage == -Authenticate against the CAS server +Authenticate against the CAS server. This should be called before trying to retrieve the CAS user id. +```php Cas::authenticate(); +``` -Exemple of Cas authentication in a route filter : +Then get the current user id this way : ```php -Route::group(array('https', 'before' => 'cas'), function() -{ - Route::controller('toolbar', 'ToolbarController'); - - Route::controller('bibsearch', 'BibsearchController'); -}); + Cas::getCurrentUser(); +``` -Route::controller('bibimages', 'BibimagesController'); +OR -Route::filter('cas', function() -{ - Cas::authenticate(); -}); +```php + Cas::user(); ``` -Then get the current user id this way : - - Cas::getCurrentUser(); diff --git a/src/Xavrsl/Cas/Sso.php b/src/Xavrsl/Cas/Sso.php index 870cd61..9627e9d 100644 --- a/src/Xavrsl/Cas/Sso.php +++ b/src/Xavrsl/Cas/Sso.php @@ -106,12 +106,30 @@ private function configureSslValidation() */ private function configureProxyChain() { - if (is_array($this->config['cas_proxied_services']) && !empty($this->config['cas_proxied_services'])) + if (is_array($this->config['cas_proxied_services']) + && !empty($this->config['cas_proxied_services'])) { phpCAS::allowProxyChain(new \CAS_ProxyChain($this->config['cas_proxied_services'])); } } + /** + * isPretending + * + * When on dev environment, you can sometimes be on a private network that can't access to the CAS + * server. Sometimes, you may also want to check the application as if you where one user or + * another. This is why you may specify a CAS_PRETEND_USER config variable. + */ + private function isPretending() + { + if (isset($this->config['cas_pretend_user']) + && !empty($this->config['cas_pretend_user'])) + { + return true; + } + return false; + } + /** * Authenticates the user based on the current request. * @@ -121,6 +139,8 @@ private function configureProxyChain() */ public function authenticate() { + if($this->isPretending()) return true; + try { phpCAS::forceAuthentication(); @@ -138,6 +158,8 @@ public function authenticate() */ public function isAuthenticated() { + if($this->isPretending()) return true; + return phpCAS::isAuthenticated(); } @@ -151,6 +173,8 @@ public function isAuthenticated() */ public function getCurrentUser() { + if($this->isPretending()) return $this->config['cas_pretend_user']; + return phpCAS::getUser(); } @@ -161,6 +185,8 @@ public function getCurrentUser() */ public function user() { + if($this->isPretending()) return $this->config['cas_pretend_user']; + return phpCAS::getUser(); } @@ -183,6 +209,8 @@ public function getAttributes() */ public function logout($params = array()) { + if($this->isPretending()) return true; + if(!phpCAS::isAuthenticated()) { $this->initializeCas();