Cas.php 8.27 KB
Newer Older
Bertrand Gauthier's avatar
Bertrand Gauthier committed
1
<?php
2

Bertrand Gauthier's avatar
Bertrand Gauthier committed
3
4
namespace UnicaenAuth\Authentication\Adapter;

5
use phpCAS;
6
use UnicaenApp\Mapper\Ldap\People as LdapPeopleMapper;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
7
use UnicaenAuth\Options\ModuleOptions;
8
use UnicaenAuth\Service\User;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
9
10
use Zend\Authentication\Exception\UnexpectedValueException;
use Zend\Authentication\Result as AuthenticationResult;
11
use Zend\EventManager\Event;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
12
13
14
use Zend\EventManager\EventManager;
use Zend\EventManager\EventManagerAwareInterface;
use Zend\EventManager\EventManagerInterface;
15
use Zend\Router\Http\TreeRouteStack;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
16
17
18
use ZfcUser\Authentication\Adapter\AbstractAdapter;
use ZfcUser\Authentication\Adapter\AdapterChainEvent as AuthEvent;
use ZfcUser\Authentication\Adapter\ChainableAdapter;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
19
20
21
22
23
24

/**
 * CAS authentication adpater
 *
 * @author Bertrand GAUTHIER <bertrand.gauthier@unicaen.fr>
 */
25
class Cas extends AbstractAdapter implements EventManagerAwareInterface
Bertrand Gauthier's avatar
Bertrand Gauthier committed
26
{
Bertrand Gauthier's avatar
Bertrand Gauthier committed
27
28
29
30
    /**
     * @var EventManager
     */
    protected $eventManager;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
31

Bertrand Gauthier's avatar
Bertrand Gauthier committed
32
33
34
35
    /**
     * @var ModuleOptions
     */
    protected $options;
36
37
38
39
40
41
42
43
44
45

    /**
     * @var array
     */
    protected $casOptions;

    /**
     * @var phpCAS
     */
    protected $casClient;
46

47
48
49
50
51
    /**
     * @var LdapPeopleMapper
     */
    protected $ldapPeopleMapper;

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
    /**
     * @var User
     */
    private $userService;

    /**
     * @param User $userService
     */
    public function setUserService(User $userService)
    {
        $this->userService = $userService;
    }

    /**
     * @var TreeRouteStack
     */
    private $router;

    /**
     * @param TreeRouteStack $router
     */
    public function setRouter(TreeRouteStack $router)
    {
        $this->router = $router;
    }

Bertrand Gauthier's avatar
Bertrand Gauthier committed
78
    /**
79
     * Réalise l'authentification.
80
     *
81
     * @param Event $e
Bertrand Gauthier's avatar
Bertrand Gauthier committed
82
83
84
     * @throws UnexpectedValueException
     * @see ChainableAdapter
     */
85
    public function authenticate(Event $e)
Bertrand Gauthier's avatar
Bertrand Gauthier committed
86
    {
87
88
        $e = $e->getTarget();

89
90
91
92
93
94
95
96
//        if ($e->getIdentity()) {
//            return;
//        }
	/* DS : modification liée à une boucle infinie lors de l'authentification CAS */
	if ($this->isSatisfied()) {
            $storage = $this->getStorage()->read();
            $e->setIdentity($storage['identity'])
                    ->setCode(AuthenticationResult::SUCCESS)
97
                    ->setMessages(['Authentication successful.']);
98
99
            return;
        }
100

Bertrand Gauthier's avatar
Bertrand Gauthier committed
101
102
103
104
        $config = $this->getOptions()->getCas();
        if (!$config) {
            return; // NB: l'authentification CAS est désactivée ssi le tableau des options est vide
        }
105

Bertrand Gauthier's avatar
Bertrand Gauthier committed
106
107
        error_reporting($oldErrorReporting = error_reporting() & ~E_NOTICE);

108
        $this->getCasClient()->forceAuthentication();
Bertrand Gauthier's avatar
Bertrand Gauthier committed
109
110
111
112

        // at this step, the user has been authenticated by the CAS server
        // and the user's login name can be read with phpCAS::getUser().

113
        $identity = $this->getCasClient(false)->getUser();
114

Bertrand Gauthier's avatar
Bertrand Gauthier committed
115
        error_reporting($oldErrorReporting);
116

Bertrand Gauthier's avatar
Bertrand Gauthier committed
117
118
119
120
121
122
        $e->setIdentity($identity);
        $this->setSatisfied(true);
        $storage = $this->getStorage()->read();
        $storage['identity'] = $e->getIdentity();
        $this->getStorage()->write($storage);
        $e->setCode(AuthenticationResult::SUCCESS)
123
124
          ->setMessages(['Authentication successful.']);

125
126
127
128
        // recherche de l'individu dans l'annuaire LDAP (il existe forcément puisque l'auth CAS a réussi)
        $ldapPeople = $this->getLdapPeopleMapper()->findOneByUsername($identity);

        /* @var $userService User */
129
        $this->userService->userAuthenticated($ldapPeople);
Bertrand Gauthier's avatar
Bertrand Gauthier committed
130
    }
131

132
    /**
133
     *
134
     * @param Event $e
135
136
     * @see ChainableAdapter
     */
137
    public function logout(Event $e)
138
139
140
141
    {
        if (!$this->getOptions()->getCas()) {
            return; // NB: l'authentification CAS est désactivée ssi le tableau des options est vide
        }
142

143
        $returnUrl = $this->router->getRequestUri()->setPath($this->router->getBaseUrl())->toString();
144
        $this->getCasClient()->logoutWithRedirectService($returnUrl);
145
    }
146

147
    /**
148
     * Retourne le client CAS.
149
     *
150
151
152
     * @param boolean $initClient
     * @return phpCAS
     * @throws Exception
153
     */
154
    public function getCasClient($initClient = true)
155
    {
156
157
        if (null === $this->casClient) {
            $this->casClient = new phpCAS();
158
        }
159

160
161
162
        if (!$initClient) {
            return $this->casClient;
        }
163

164
165
166
167
168
169
170
        if (null === $this->casOptions) {
            $config = $this->getOptions()->getCas();
            if (!isset($config['connection']['default']['params']) || !$config['connection']['default']['params']) {
                throw new Exception("Les paramètres de connexion au serveur CAS sont invalides.");
            }
            $this->casOptions = $config['connection']['default']['params'];
        }
171

172
        $options = $this->casOptions;
173

174
        if (array_key_exists('debug', $options) && (bool) $options['debug']) {
175
            $this->casClient->setDebug();
176
        }
177

178
        // initialize phpCAS
179
        $this->casClient->client($options['version'], $options['hostname'], $options['port'], $options['uri'], true);
180
        // no SSL validation for the CAS server
181
        $this->casClient->setNoCasServerValidation();
182

183
184
        return $this->casClient;
    }
185

186
187
    /**
     * Spécifie le client CAS.
188
     *
189
190
191
192
193
194
195
     * @param phpCAS $casClient
     * @return self
     */
    public function setCasClient(phpCAS $casClient)
    {
        $this->casClient = $casClient;
        return $this;
196
    }
197

Bertrand Gauthier's avatar
Bertrand Gauthier committed
198
199
200
201
202
203
204
205
206
207
208
209
210
    /**
     * @param ModuleOptions $options
     */
    public function setOptions(ModuleOptions $options)
    {
        $this->options = $options;
    }

    /**
     * @return ModuleOptions
     */
    public function getOptions()
    {
211
212
213
214
215
216
//        if (!$this->options instanceof ModuleOptions) {
//            $options = array_merge(
//                    $this->serviceLocator->get('zfcuser_module_options')->toArray(),
//                    $this->serviceLocator->get('unicaen-auth_module_options')->toArray());
//            $this->setOptions(new ModuleOptions($options));
//        }
Bertrand Gauthier's avatar
Bertrand Gauthier committed
217
218
219
        return $this->options;
    }

220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
    /**
     * get ldap people mapper
     *
     * @return LdapPeopleMapper
     */
    public function getLdapPeopleMapper()
    {
        return $this->ldapPeopleMapper;
    }

    /**
     * set ldap people mapper
     *
     * @param LdapPeopleMapper $mapper
     * @return self
     */
    public function setLdapPeopleMapper(LdapPeopleMapper $mapper)
    {
        $this->ldapPeopleMapper = $mapper;
239

240
241
242
        return $this;
    }

Bertrand Gauthier's avatar
Bertrand Gauthier committed
243
244
245
246
247
248
249
250
251
    /**
     * Retrieve EventManager instance
     *
     * @return EventManagerInterface
     */
    public function getEventManager()
    {
        return $this->eventManager;
    }
252

Bertrand Gauthier's avatar
Bertrand Gauthier committed
253
    /**
254
     * {@inheritdoc}
Bertrand Gauthier's avatar
Bertrand Gauthier committed
255
256
257
258
259
260
     */
    public function setEventManager(EventManagerInterface $eventManager)
    {
        $this->eventManager = $eventManager;
        return $this;
    }
Bertrand Gauthier's avatar
Bertrand Gauthier committed
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304

    /**
     * @param TreeRouteStack $router
     */
    public function reconfigureRoutesForCasAuth(TreeRouteStack $router)
    {
        $router->addRoutes([
            // remplace les routes existantes (cf. config du module)
            'zfcuser' => [
                'type'          => 'Literal',
                'priority'      => 1000,
                'options'       => [
                    'route'    => '/auth',
                    'defaults' => [
                        'controller' => 'zfcuser',
                        'action'     => 'index',
                    ],
                ],
                'may_terminate' => true,
                'child_routes'  => [
                    'login'  => [
                        'type'    => 'Literal',
                        'options' => [
                            'route'    => '/connexion',
                            'defaults' => [
                                'controller' => 'zfcuser',
                                'action'     => 'authenticate', // zappe l'action 'login'
                            ],
                        ],
                    ],
                    'logout' => [
                        'type'    => 'Literal',
                        'options' => [
                            'route'    => '/deconnexion',
                            'defaults' => [
                                'controller' => 'zfcuser',
                                'action'     => 'logout',
                            ],
                        ],
                    ],
                ],
            ],
        ]);
    }
Bertrand Gauthier's avatar
Bertrand Gauthier committed
305
}