From 2b2985012334af54a3ae9cdd684db32087c41d0d Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <jkowalsk@student.agh.edu.pl> Date: Fri, 04 Sep 2015 22:34:31 +0000 Subject: [PATCH] Add missing return statement in getCurrentUrl() method --- uphpCAS.php | 160 ++++++++++++++++++++++++++++++++-------------------- 1 files changed, 98 insertions(+), 62 deletions(-) diff --git a/uphpCAS.php b/uphpCAS.php index 2b734f4..b0d510b 100644 --- a/uphpCAS.php +++ b/uphpCAS.php @@ -1,7 +1,7 @@ <?php // Thrown when internal error occurs class JasigException extends Exception {} -// Thrown when CAS server return authentication error +// Thrown when CAS server returns authentication error class JasigAuthException extends JasigException {} class JasigUser { @@ -13,8 +13,9 @@ const VERSION = '1.0'; protected $serverUrl = ''; protected $serviceUrl; + protected $sessionName = 'uphpCAS-user'; - function __construct($serverUrl = NULL, $serviceUrl = NULL) { + function __construct($serverUrl = NULL, $serviceUrl = NULL, $sessionName = NULL) { if($serverUrl != NULL) { $this->serverUrl = rtrim($serverUrl, '/'); } @@ -22,66 +23,90 @@ if($serviceUrl != NULL) { $this->serviceUrl = $serviceUrl; } else { - $url = 'http://'; - $port = 0; - if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { - $url = 'https://'; - if(isset($_SERVER['SERVER_PORT']) - && $_SERVER['SERVER_PORT'] != '443') { - $port = $_SERVER['SERVER_PORT']; - } - } elseif(isset($_SERVER['SERVER_PORT']) - && $_SERVER['SERVER_PORT'] != '80') { - $port = $_SERVER['SERVER_PORT']; - } - - $url .= $_SERVER['SERVER_NAME']; - - if($port != 0) { - $url .= ':'.$port; - } - $url .= $_SERVER['REQUEST_URI']; - - $this->serviceUrl = $url; + $this->serviceUrl = $this->getCurrentUrl(); + } + + if($sessionName) { + $this->sessionName = $sessionName; } } + public function getCurrentUrl() { + $url = 'http://'; + $port = 0; + if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { + $url = 'https://'; + if(isset($_SERVER['SERVER_PORT']) + && $_SERVER['SERVER_PORT'] != '443') { + $port = $_SERVER['SERVER_PORT']; + } + } elseif(isset($_SERVER['SERVER_PORT']) + && $_SERVER['SERVER_PORT'] != '80') { + $port = $_SERVER['SERVER_PORT']; + } + + $url .= $_SERVER['SERVER_NAME']; + + if($port != 0) { + $url .= ':'.$port; + } + $url .= $_SERVER['REQUEST_URI']; + + return $url; + } + + public function getServerUrl() { + return $this->serverUrl; + } public function setServerUrl($serverUrl) { $this->serverUrl = $serverUrl; } + public function getServiceUrl() { + return $this->serviceUrl; + } public function setServiceUrl($serviceUrl) { $this->serviceUrl = $serviceUrl; + } + + public function getSessionName() { + return $this->sessionName; + } + public function setSessionName($sessionName) { + $this->sessionName = $sessionName; } public function loginUrl() { return $this->serverUrl.'/login?method=POST&service='.urlencode($this->serviceUrl); } - public function logoutUrl() { - return $this->serverUrl.'/logout'; + public function logoutUrl($returnUrl = NULL) { + return $this->serverUrl.'/logout'.($returnUrl ? '?service='.urlencode($returnUrl) : ''); } - public function logout() { + public function logout($returnUrl = NULL) { session_start(); - if(isset($_SESSION['uphpCAS-user'])) { - unset($_SESSION['uphpCAS-user']); + if($this->isAuthenticated()) { + unset($_SESSION[$this->sessionName]); + header('Location: '.$this->logoutUrl($returnUrl)); + die(); + } elseif($returnUrl) { + header('Location: '.$returnUrl); + die(); } - header('Location: '.$this->logoutUrl()); - die(); } public function isAuthenticated() { - return isset($_SESSION['uphpCAS-user']); + return isset($_SESSION[$this->sessionName]); } public function authenticate() { session_start(); if($this->isAuthenticated()) { - return $_SESSION['uphpCAS-user']; + return $_SESSION[$this->sessionName]; } elseif(isset($_REQUEST['ticket'])) { $user = $this->verifyTicket($_REQUEST['ticket']); - $_SESSION['uphpCAS-user'] = $user; + $_SESSION[$this->sessionName] = $user; return $user; } else { header('Location: '.$this->loginUrl()); @@ -89,8 +114,26 @@ } } - public function verifyTicket($ticket) { - $context = array( + protected function findCaFile() { + $cafiles = array( + '/etc/ssl/certs/ca-certificates.crt', + '/etc/ssl/certs/ca-bundle.crt', + '/etc/pki/tls/certs/ca-bundle.crt', + ); + + $cafile = NULL; + foreach($cafiles as $file) { + if(is_file($file)) { + $cafile = $file; + break; + } + } + + return $cafile; + } + + protected function createStreamContext($hostname) { + $context = stream_context_create(array( 'http' => array( 'method' => 'GET', 'user_agent' => 'uphpCAS/'.self::VERSION, @@ -103,33 +146,29 @@ 'allow_self_signed' => FALSE, 'disable_compression' => TRUE, ), - ); + )); if(version_compare(PHP_VERSION, '5.6', '<')) { - $cafiles = array( - '/etc/ssl/certs/ca-certificates.crt', - '/etc/ssl/certs/ca-bundle.crt', - '/etc/pki/tls/certs/ca-bundle.crt', - ); - $cafile = NULL; - foreach($cafiles as $file) { - if(is_file($file)) { - $cafile = $file; - break; - } - } - - $url = parse_url($this->serverUrl); - $context['ssl']['cafile'] = $cafile; - $context['ssl']['ciphers'] = 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL' - .':!eNULL:!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP'; - $context['ssl']['CN_match'] = $url['host']; + stream_context_set_option($context, array( + 'ssl' => array( + 'cafile' => $this->findCaFile(), + 'ciphers' => 'ECDH:DH:AES:CAMELLIA:!SSLv2:!aNULL:!eNULL' + .':!EXPORT:!DES:!3DES:!MD5:!RC4:!ADH:!PSK:!SRP', + 'CN_match' => $hostname, + ), + )); } + + return $context; + } + + public function verifyTicket($ticket) { + $url = parse_url($this->serverUrl); + $context = $this->createStreamContext($url['host']); $data = file_get_contents($this->serverUrl .'/serviceValidate?service='.urlencode($this->serviceUrl) - .'&ticket='.urlencode($ticket), - FALSE, stream_context_create($context)); + .'&ticket='.urlencode($ticket), FALSE, $context); if($data === FALSE) { throw new JasigException('Authentication error: CAS server is unavailable'); } @@ -151,8 +190,7 @@ break; } } - } - catch(Exception $e) { + } catch(Exception $e) { throw new JasigException('Authentication error: CAS server' .' response invalid - parse error', 0, $e); } finally { @@ -186,7 +224,7 @@ } $user = trim($user->item(0)->textContent); - if(strlen($user)<1) { + if(strlen($user) < 1) { throw new JasigException('Authentication error: CAS server' .' response invalid - user value'); } @@ -203,9 +241,7 @@ } return $jusr; - } - else - { + } else { throw new JasigException('Authentication error: CAS server' .' response invalid - required tag not found'); } -- Gitblit v1.9.1