lib/classes/auth_plugins/StudipAuthCAS.class.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

<?php
/**
 * Stud.IP authentication against CAS Server
 *
 * @access   public
 * @author   Dennis Reil <dennis.reil@offis.de>
 * @package
 */

require_once 'lib/classes/cas/CAS_PGTStorage_Cache.php';

class StudipAuthCAS extends StudipAuthSSO
{
    public $host;
    public $port;
    public $uri;
    public $cacert;

    public $userdata;

    private $initialized = false;

    /**
     * Constructor
     */
    public function __construct($config = [])
    {
        parent::__construct($config);

        if (!isset($this->plugin_fullname)) {
            $this->plugin_fullname = _('CAS');
        }
        if (!isset($this->login_description)) {
            $this->login_description = _('für Single Sign On mit CAS');
        }
    }

    private function initializeClient(): void
    {
        if ($this->initialized) {
            return;
        }

        if ($this->proxy) {
            URLHelper::setBaseUrl($GLOBALS['ABSOLUTE_URI_STUDIP']);
            phpCAS::proxy(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, false);
            phpCAS::setPGTStorage(new CAS_PGTStorage_Cache(phpCAS::getCasClient()));
            phpCAS::setFixedCallbackURL(URLHelper::getURL('dispatch.php/cas/proxy'));
        } else {
            phpCAS::client(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, false);
        }

        if (isset($this->cacert)) {
            phpCAS::setCasServerCACert($this->cacert);
        } else {
            phpCAS::setNoCasServerValidation();
        }

        $this->initialized = true;
    }

    /**
     * Return the current username.
     */
    public function getUser()
    {
        $this->initializeClient();
        return phpCAS::getUser();
    }

    /**
     * Validate the username passed to the auth plugin.
     * Note: This triggers authentication if needed.
     */
    public function verifyUsername($username)
    {
        $this->initializeClient();
        phpCAS::forceAuthentication();
        return $this->getUser();
    }

    public function getUserData($key)
    {
        $userdataclassname = $this->user_data_mapping_class;
        if (!class_exists($userdataclassname)) {
            Log::error($this->plugin_name . ': no userdataclassname specified or found.');
            return;
        }

        $this->initializeClient();

        // get the userdata
        if (empty($this->userdata)) {
            $this->userdata = new $userdataclassname();
        }
        return $this->userdata->getUserData($key, phpCAS::getUser());
    }

    public function logout(): void
    {
        $this->initializeClient();

        // do a global cas logout
        phpCAS::client(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, false);
        phpCAS::logout();
    }
}