modules/uphpCAS - git.Jacekk.net

Remove HHVM from Travis test matrix due to lack of built-in webserver

Jacek Kowalski

2015-09-06 5f67901c1b85a7b230b803666eb494d138d908ba

commit \| author \| age
64d82d	1	<?php
JK	2	// Thrown when internal error occurs
	3	class JasigException extends Exception {}
2f13b1	4	// Thrown when CAS server returns authentication error
64d82d	5	class JasigAuthException extends JasigException {}
JK	6
	7	class JasigUser {
	8	public $user;
	9	public $attributes = array();
	10	}
	11
	12	class uphpCAS {
	13	const VERSION = '1.0';
	14	protected $serverUrl = '';
	15	protected $serviceUrl;
710793	16	protected $sessionName = 'uphpCAS-user';
8e8f55	17	protected $method = 'POST';
JK	18	protected $caFile = NULL;
64d82d	19
710793	20	function __construct($serverUrl = NULL, $serviceUrl = NULL, $sessionName = NULL) {
64d82d	21	if($serverUrl != NULL) {
JK	22	$this->serverUrl = rtrim($serverUrl, '/');
	23	}
	24
	25	if($serviceUrl != NULL) {
	26	$this->serviceUrl = $serviceUrl;
	27	} else {
8891c7	28	$this->serviceUrl = $this->getCurrentUrl();
64d82d	29	}
710793	30
JK	31	if($sessionName) {
	32	$this->sessionName = $sessionName;
8e8f55	33	}
JK	34
	35	if(version_compare(PHP_VERSION, '5.6', '<')) {
	36	$this->caFile = $this->findCaFile();
710793	37	}
64d82d	38	}
JK	39
8891c7	40	public function getCurrentUrl() {
JK	41	$url = 'http://';
	42	$port = 0;
	43	if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
	44	$url = 'https://';
	45	if(isset($_SERVER['SERVER_PORT'])
	46	&& $_SERVER['SERVER_PORT'] != '443') {
	47	$port = $_SERVER['SERVER_PORT'];
	48	}
	49	} elseif(isset($_SERVER['SERVER_PORT'])
	50	&& $_SERVER['SERVER_PORT'] != '80') {
	51	$port = $_SERVER['SERVER_PORT'];
	52	}
	53
	54	$url .= $_SERVER['SERVER_NAME'];
	55
	56	if($port != 0) {
	57	$url .= ':'.$port;
	58	}
44b838	59
8891c7	60	$url .= $_SERVER['REQUEST_URI'];
2b2985	61
44b838	62	if(isset($_GET['ticket'])) {
JK	63	$pos = max(
	64	strrpos($url, '?ticket='),
	65	strrpos($url, '&ticket=')
	66	);
	67	$url = substr($url, 0, $pos);
	68	}
	69
2b2985	70	return $url;
8891c7	71	}
JK	72
deadb1	73	public function getServerUrl() {
bae7f7	74	return $this->serverUrl;
JK	75	}
64d82d	76	public function setServerUrl($serverUrl) {
JK	77	$this->serverUrl = $serverUrl;
	78	}
	79
bae7f7	80	public function getServiceUrl() {
JK	81	return $this->serviceUrl;
	82	}
64d82d	83	public function setServiceUrl($serviceUrl) {
JK	84	$this->serviceUrl = $serviceUrl;
	85	}
	86
165b17	87	public function getSessionName() {
710793	88	return $this->sessionName;
JK	89	}
	90	public function setSessionName($sessionName) {
	91	$this->sessionName = $sessionName;
	92	}
	93
8e8f55	94	public function getMethod() {
JK	95	return $this->method;
	96	}
	97	public function setMethod($method) {
	98	if($method != 'GET' && $method != 'POST') {
	99	throw new DomainException('Unsupported CAS response'
	100	.' method: '.$method);
	101	}
	102	$this->method = $method;
	103	}
	104
	105	public function getCaFile() {
	106	return $this->caFile;
	107	}
	108	public function setCaFile($caFile) {
	109	if(!is_file($caFile)) {
	110	throw new DomainException('Invalid CA file: '.$caFile);
	111	}
	112	$this->caFile = $caFile;
	113	}
	114
64d82d	115	public function loginUrl() {
8e8f55	116	return $this->serverUrl.'/login?method='.$this->method
JK	117	.'&service='.urlencode($this->serviceUrl);
64d82d	118	}
JK	119
f124d4	120	public function logoutUrl($returnUrl = NULL) {
8e8f55	121	return $this->serverUrl.'/logout'
JK	122	.($returnUrl ? '?service='.urlencode($returnUrl) : '');
64d82d	123	}
JK	124
cc5e29	125	public function logout($returnUrl = NULL) {
041819	126	@session_start();
cc5e29	127	if($this->isAuthenticated()) {
710793	128	unset($_SESSION[$this->sessionName]);
cc5e29	129	header('Location: '.$this->logoutUrl($returnUrl));
JK	130	die();
	131	} elseif($returnUrl) {
	132	header('Location: '.$returnUrl);
	133	die();
64d82d	134	}
JK	135	}
	136
fc49b8	137	public function isAuthenticated() {
710793	138	return isset($_SESSION[$this->sessionName]);
fc49b8	139	}
JK	140
64d82d	141	public function authenticate() {
041819	142	@session_start();
fc49b8	143	if($this->isAuthenticated()) {
710793	144	return $_SESSION[$this->sessionName];
2092d3	145	} elseif(isset($_REQUEST['ticket'])) {
JK	146	$user = $this->verifyTicket($_REQUEST['ticket']);
710793	147	$_SESSION[$this->sessionName] = $user;
64d82d	148	return $user;
JK	149	} else {
	150	header('Location: '.$this->loginUrl());
	151	die();
	152	}
	153	}
	154
501c90	155	protected function findCaFile() {
JK	156	$cafiles = array(
	157	'/etc/ssl/certs/ca-certificates.crt',
	158	'/etc/ssl/certs/ca-bundle.crt',
	159	'/etc/pki/tls/certs/ca-bundle.crt',
	160	);
	161
	162	$cafile = NULL;
	163	foreach($cafiles as $file) {
	164	if(is_file($file)) {
	165	$cafile = $file;
	166	break;
	167	}
	168	}
	169
	170	return $cafile;
	171	}
	172
fa3e92	173	protected function createStreamContext($hostname) {
8e8f55	174	$context = array(
64d82d	175	'http' => array(
JK	176	'method' => 'GET',
	177	'user_agent' => 'uphpCAS/'.self::VERSION,
	178	'max_redirects' => 3,
	179	),
	180	'ssl' => array(
	181	'verify_peer' => TRUE,
90ae5b	182	'verify_peer_name' => TRUE,
64d82d	183	'verify_depth' => 5,
90ae5b	184	'allow_self_signed' => FALSE,
JK	185	'disable_compression' => TRUE,
64d82d	186	),
8e8f55	187	);
64d82d	188
8e8f55	189	if($this->caFile) {
JK	190	$context['ssl']['cafile'] = $this->caFile;
d35cf4	191	}
fa3e92	192
8e8f55	193	if(version_compare(PHP_VERSION, '5.6', '<')) {
JK	194	$context['ssl']['ciphers'] = 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL'
	195	.':!eNULL:!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP';
	196	$context['ssl']['CN_match'] = $hostname;
	197	}
	198
	199	return stream_context_create($context);
fa3e92	200	}
JK	201
	202	public function verifyTicket($ticket) {
	203	$url = parse_url($this->serverUrl);
	204	$context = $this->createStreamContext($url['host']);
d35cf4	205
90ae5b	206	$data = file_get_contents($this->serverUrl
JK	207	.'/serviceValidate?service='.urlencode($this->serviceUrl)
fa3e92	208	.'&ticket='.urlencode($ticket), FALSE, $context);
64d82d	209	if($data === FALSE) {
JK	210	throw new JasigException('Authentication error: CAS server is unavailable');
	211	}
	212
	213	$xmlEntityLoader = libxml_disable_entity_loader(TRUE);
	214	$xmlInternalErrors = libxml_use_internal_errors(TRUE);
	215	try {
	216	$xml = new DOMDocument();
	217	$xml->loadXML($data);
	218
	219	foreach(libxml_get_errors() as $error) {
90ae5b	220	$e = new ErrorException($error->message, $error->code, 1,
JK	221	$error->file, $error->line);
64d82d	222	switch ($error->level) {
JK	223	case LIBXML_ERR_ERROR:
	224	case LIBXML_ERR_FATAL:
90ae5b	225	throw new Exception('Fatal error during XML parsing',
JK	226	0, $e);
64d82d	227	break;
JK	228	}
	229	}
2f13b1	230	} catch(Exception $e) {
90ae5b	231	throw new JasigException('Authentication error: CAS server'
JK	232	.' response invalid - parse error', 0, $e);
64d82d	233	} finally {
JK	234	libxml_clear_errors();
	235	libxml_disable_entity_loader($xmlEntityLoader);
	236	libxml_use_internal_errors($xmlInternalErrors);
	237	}
	238
	239	$failure = $xml->getElementsByTagName('authenticationFailure');
	240	$success = $xml->getElementsByTagName('authenticationSuccess');
	241
	242	if($failure->length > 0) {
	243	$failure = $failure->item(0);
	244	if(!($failure instanceof DOMElement)) {
90ae5b	245	throw new JasigException('Authentication error: CAS server'
JK	246	.' response invalid - authenticationFailure');
64d82d	247	}
90ae5b	248	throw new JasigAuthException('Authentication error: '
JK	249	.$failure->textContent);
64d82d	250	} elseif($success->length > 0) {
JK	251	$success = $success->item(0);
	252	if(!($success instanceof DOMElement)) {
90ae5b	253	throw new JasigException('Authentication error: CAS server'
JK	254	.' response invalid - authenticationSuccess');
64d82d	255	}
JK	256
	257	$user = $success->getElementsByTagName('user');
	258	if($user->length == 0) {
90ae5b	259	throw new JasigException('Authentication error: CAS server'
JK	260	.' response invalid - user');
64d82d	261	}
JK	262
	263	$user = trim($user->item(0)->textContent);
2f13b1	264	if(strlen($user) < 1) {
90ae5b	265	throw new JasigException('Authentication error: CAS server'
JK	266	.' response invalid - user value');
64d82d	267	}
JK	268
	269	$jusr = new JasigUser();
	270	$jusr->user = $user;
	271
	272	$attrs = $success->getElementsByTagName('attributes');
	273	if($attrs->length > 0) {
	274	$attrs = $attrs->item(0);
	275	foreach($attrs->childNodes as $node) {
	276	$jusr->attributes[$node->localName] = $node->textContent;
	277	}
	278	}
	279
	280	return $jusr;
2f13b1	281	} else {
90ae5b	282	throw new JasigException('Authentication error: CAS server'
JK	283	.' response invalid - required tag not found');
64d82d	284	}
JK	285	}
	286	}