mirror of https://github.com/jacekkow/uphpCAS-tests

Jacek Kowalski
2015-09-06 e48ca57b4b2e982b4d4495f58f51a2dfee0c6550
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<?php
# Mockup of a CAS server
 
session_start();
 
switch($_SERVER['PATH_INFO']) {
    case '/login':
        if($_SERVER['REQUEST_METHOD'] == 'POST') {
            $ticket = NULL;
            if($_POST['user']) {
                $ticket = $_POST;
            }
            $_SESSION['ticket'] = json_encode($ticket);
        }
        
        if(isset($_SESSION['ticket'])) {
            $url = $_GET['service'];
            $ticket = $_SESSION['ticket'];
            
            if(!isset($_GET['method']) OR $_GET['method'] != 'POST') {
                if(strpos($url, '?') === FALSE) {
                    $url .= '?';
                } else {
                    $url .= '&';
                }
                $url .= 'ticket='.$ticket;
                
                header('Location: '.$url);
                die();
            } else {
                include('cas_login_post.php');
                die();
            }
        } elseif($_SERVER['REQUEST_METHOD'] == 'GET') {
            include('cas_login_form.php');
            die();
        }
        break;
    
    case '/logout':
        unset($_SESSION['ticket']);
        if(isset($_GET['service'])) {
            header('Location: '.$_GET['service']);
        }
        die('Logged out');
        break;
    
    case '/serviceValidate':
        if(!isset($_GET['ticket'])) {
            readfile('cas_failure_noticket.xml');
            die();
        }
        if(!isset($_GET['service'])) {
            readfile('cas_failure_noservice.xml');
            die();
        }
        
        $ticket = json_decode($_GET['ticket'], TRUE);
        if(!is_array($ticket)) {
            readfile('cas_failure_malformatted.xml');
            die();
        }
        if(!isset($ticket['user'])) {
            readfile('cas_failue_nouser.xml');
            die();
        }
        if(!isset($ticket['service']) || $_GET['service'] != $ticket['service']) {
            readfile('cas_failure_wrongservice.xml');
            die();
        }
        
        $dom = new DOMDocument('1.0', 'utf-8');
        $root = $dom->createElementNS('http://www.yale.edu/tp/cas', 'cas:serviceResponse');
        $response = $dom->createElement('cas:authenticationSuccess');
        $user = $dom->createElement('cas:user', $ticket['user']);
        // TODO: attributes
        $response->appendChild($user);
        $root->appendChild($response);
        $dom->appendChild($root);
        echo $dom->saveXML();
        die();
        
        break;
}
 
header('HTTP/1.1 404 Not Found');
die('Invalid method');