Cas.php 8.27 KB
Newer Older
Bertrand Gauthier's avatar
Bertrand Gauthier committed
1
<?php
2

Bertrand Gauthier's avatar
Bertrand Gauthier committed
3
4
namespace UnicaenAuth\Authentication\Adapter;

5
use phpCAS;
6
use UnicaenApp\Mapper\Ldap\People as LdapPeopleMapper;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
7
use UnicaenAuth\Options\ModuleOptions;
8
use UnicaenAuth\Service\User;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
9
10
use Zend\Authentication\Exception\UnexpectedValueException;
use Zend\Authentication\Result as AuthenticationResult;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
11
12
13
use Zend\EventManager\EventManager;
use Zend\EventManager\EventManagerAwareInterface;
use Zend\EventManager\EventManagerInterface;
14
use Zend\Router\Http\TreeRouteStack;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
15
16
17
use ZfcUser\Authentication\Adapter\AbstractAdapter;
use ZfcUser\Authentication\Adapter\AdapterChainEvent as AuthEvent;
use ZfcUser\Authentication\Adapter\ChainableAdapter;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
18
19
20
21
22
23

/**
 * CAS authentication adpater
 *
 * @author Bertrand GAUTHIER <bertrand.gauthier@unicaen.fr>
 */
24
class Cas extends AbstractAdapter implements EventManagerAwareInterface
Bertrand Gauthier's avatar
Bertrand Gauthier committed
25
{
Bertrand Gauthier's avatar
Bertrand Gauthier committed
26
27
28
29
    /**
     * @var EventManager
     */
    protected $eventManager;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
30

Bertrand Gauthier's avatar
Bertrand Gauthier committed
31
32
33
34
    /**
     * @var ModuleOptions
     */
    protected $options;
35
36
37
38
39
40
41
42
43
44

    /**
     * @var array
     */
    protected $casOptions;

    /**
     * @var phpCAS
     */
    protected $casClient;
45

46
47
48
49
50
    /**
     * @var LdapPeopleMapper
     */
    protected $ldapPeopleMapper;

51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
    /**
     * @var User
     */
    private $userService;

    /**
     * @param User $userService
     */
    public function setUserService(User $userService)
    {
        $this->userService = $userService;
    }

    /**
     * @var TreeRouteStack
     */
    private $router;

    /**
     * @param TreeRouteStack $router
     */
    public function setRouter(TreeRouteStack $router)
    {
        $this->router = $router;
    }

Bertrand Gauthier's avatar
Bertrand Gauthier committed
77
    /**
78
     * Réalise l'authentification.
79
     *
80
     * @param \Zend\EventManager\Event|AuthEvent $e
Bertrand Gauthier's avatar
Bertrand Gauthier committed
81
82
83
     * @throws UnexpectedValueException
     * @see ChainableAdapter
     */
84
    public function authenticate(\Zend\EventManager\Event $e)
Bertrand Gauthier's avatar
Bertrand Gauthier committed
85
    {
86
87
88
89
90
91
92
93
//        if ($e->getIdentity()) {
//            return;
//        }
	/* DS : modification liée à une boucle infinie lors de l'authentification CAS */
	if ($this->isSatisfied()) {
            $storage = $this->getStorage()->read();
            $e->setIdentity($storage['identity'])
                    ->setCode(AuthenticationResult::SUCCESS)
94
                    ->setMessages(['Authentication successful.']);
95
96
            return;
        }
97

Bertrand Gauthier's avatar
Bertrand Gauthier committed
98
99
100
101
        $config = $this->getOptions()->getCas();
        if (!$config) {
            return; // NB: l'authentification CAS est désactivée ssi le tableau des options est vide
        }
102

Bertrand Gauthier's avatar
Bertrand Gauthier committed
103
104
        error_reporting($oldErrorReporting = error_reporting() & ~E_NOTICE);

105
        $this->getCasClient()->forceAuthentication();
Bertrand Gauthier's avatar
Bertrand Gauthier committed
106
107
108
109

        // at this step, the user has been authenticated by the CAS server
        // and the user's login name can be read with phpCAS::getUser().

110
        $identity = $this->getCasClient(false)->getUser();
111

Bertrand Gauthier's avatar
Bertrand Gauthier committed
112
        error_reporting($oldErrorReporting);
113

Bertrand Gauthier's avatar
Bertrand Gauthier committed
114
115
116
117
118
119
        $e->setIdentity($identity);
        $this->setSatisfied(true);
        $storage = $this->getStorage()->read();
        $storage['identity'] = $e->getIdentity();
        $this->getStorage()->write($storage);
        $e->setCode(AuthenticationResult::SUCCESS)
120
121
          ->setMessages(['Authentication successful.']);

122
123
124
125
        // recherche de l'individu dans l'annuaire LDAP (il existe forcément puisque l'auth CAS a réussi)
        $ldapPeople = $this->getLdapPeopleMapper()->findOneByUsername($identity);

        /* @var $userService User */
126
        $this->userService->userAuthenticated($ldapPeople);
Bertrand Gauthier's avatar
Bertrand Gauthier committed
127
    }
128

129
    /**
130
     *
131
132
133
134
135
136
137
138
     * @param AuthEvent $e
     * @see ChainableAdapter
     */
    public function logout(AuthEvent $e)
    {
        if (!$this->getOptions()->getCas()) {
            return; // NB: l'authentification CAS est désactivée ssi le tableau des options est vide
        }
139

140
        $returnUrl = $this->router->getRequestUri()->setPath($this->router->getBaseUrl())->toString();
141
        $this->getCasClient()->logoutWithRedirectService($returnUrl);
142
    }
143

144
    /**
145
     * Retourne le client CAS.
146
     *
147
148
149
     * @param boolean $initClient
     * @return phpCAS
     * @throws Exception
150
     */
151
    public function getCasClient($initClient = true)
152
    {
153
154
        if (null === $this->casClient) {
            $this->casClient = new phpCAS();
155
        }
156

157
158
159
        if (!$initClient) {
            return $this->casClient;
        }
160

161
162
163
164
165
166
167
        if (null === $this->casOptions) {
            $config = $this->getOptions()->getCas();
            if (!isset($config['connection']['default']['params']) || !$config['connection']['default']['params']) {
                throw new Exception("Les paramètres de connexion au serveur CAS sont invalides.");
            }
            $this->casOptions = $config['connection']['default']['params'];
        }
168

169
        $options = $this->casOptions;
170

171
        if (array_key_exists('debug', $options) && (bool) $options['debug']) {
172
            $this->casClient->setDebug();
173
        }
174

175
        // initialize phpCAS
176
        $this->casClient->client($options['version'], $options['hostname'], $options['port'], $options['uri'], true);
177
        // no SSL validation for the CAS server
178
        $this->casClient->setNoCasServerValidation();
179

180
181
        return $this->casClient;
    }
182

183
184
    /**
     * Spécifie le client CAS.
185
     *
186
187
188
189
190
191
192
     * @param phpCAS $casClient
     * @return self
     */
    public function setCasClient(phpCAS $casClient)
    {
        $this->casClient = $casClient;
        return $this;
193
    }
194

Bertrand Gauthier's avatar
Bertrand Gauthier committed
195
196
197
198
199
200
201
202
203
204
205
206
207
    /**
     * @param ModuleOptions $options
     */
    public function setOptions(ModuleOptions $options)
    {
        $this->options = $options;
    }

    /**
     * @return ModuleOptions
     */
    public function getOptions()
    {
208
209
210
211
212
213
//        if (!$this->options instanceof ModuleOptions) {
//            $options = array_merge(
//                    $this->serviceLocator->get('zfcuser_module_options')->toArray(),
//                    $this->serviceLocator->get('unicaen-auth_module_options')->toArray());
//            $this->setOptions(new ModuleOptions($options));
//        }
Bertrand Gauthier's avatar
Bertrand Gauthier committed
214
215
216
        return $this->options;
    }

217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
    /**
     * get ldap people mapper
     *
     * @return LdapPeopleMapper
     */
    public function getLdapPeopleMapper()
    {
        return $this->ldapPeopleMapper;
    }

    /**
     * set ldap people mapper
     *
     * @param LdapPeopleMapper $mapper
     * @return self
     */
    public function setLdapPeopleMapper(LdapPeopleMapper $mapper)
    {
        $this->ldapPeopleMapper = $mapper;
236

237
238
239
        return $this;
    }

Bertrand Gauthier's avatar
Bertrand Gauthier committed
240
241
242
243
244
245
246
247
248
    /**
     * Retrieve EventManager instance
     *
     * @return EventManagerInterface
     */
    public function getEventManager()
    {
        return $this->eventManager;
    }
249

Bertrand Gauthier's avatar
Bertrand Gauthier committed
250
    /**
251
     * {@inheritdoc}
Bertrand Gauthier's avatar
Bertrand Gauthier committed
252
253
254
255
256
257
     */
    public function setEventManager(EventManagerInterface $eventManager)
    {
        $this->eventManager = $eventManager;
        return $this;
    }
Bertrand Gauthier's avatar
Bertrand Gauthier committed
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

    /**
     * @param TreeRouteStack $router
     */
    public function reconfigureRoutesForCasAuth(TreeRouteStack $router)
    {
        $router->addRoutes([
            // remplace les routes existantes (cf. config du module)
            'zfcuser' => [
                'type'          => 'Literal',
                'priority'      => 1000,
                'options'       => [
                    'route'    => '/auth',
                    'defaults' => [
                        'controller' => 'zfcuser',
                        'action'     => 'index',
                    ],
                ],
                'may_terminate' => true,
                'child_routes'  => [
                    'login'  => [
                        'type'    => 'Literal',
                        'options' => [
                            'route'    => '/connexion',
                            'defaults' => [
                                'controller' => 'zfcuser',
                                'action'     => 'authenticate', // zappe l'action 'login'
                            ],
                        ],
                    ],
                    'logout' => [
                        'type'    => 'Literal',
                        'options' => [
                            'route'    => '/deconnexion',
                            'defaults' => [
                                'controller' => 'zfcuser',
                                'action'     => 'logout',
                            ],
                        ],
                    ],
                ],
            ],
        ]);
    }
Bertrand Gauthier's avatar
Bertrand Gauthier committed
302
}