Google Git
Sign in
apache / vcl / refs/heads/VCL-1087_VCL_CAS_SSO / . / web / .ht-inc / authmethods / casauth.php
blob: 9d54e3162e44a1acfb5743f70b85acda879e239d [file] [log] [blame]
<?php
/*
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/**
* \file
*/
require_once 'CAS.php';
// Enable debugging
phpCAS::setDebug();
// Enable verbose error messages. Disable in production!
phpCAS::setVerbose(FALSE);
////////////////////////////////////////////////////////////////////////////////
///
/// \fn validateCASUser($type, $loginid)
///
/// \param $type - an array from the $authMechs table
///
/// \return 1 user redirectied to CAS server, 0 if not, -1 on CAS error
///
/// \brief forces CAS authentication
///
////////////////////////////////////////////////////////////////////////////////
function validateCASUser($type) {
global $authMechs;
$auth = $authMechs[$type];
$callbackURL = BASEURL . "/casauth/index.php?authtype=" . $type;
$casversion = ($auth['version'] == 2 ? CAS_VERSION_2_0 : CAS_VERSION_3_0);
if($auth['cacertpath'] != null)
if(file_exists($auth['cacertpath']))
phpCAS::setCasServerCACert($auth['cacertpath']);
phpCAS::client($casversion, $auth['host'], $auth['port'], $auth['context']);
// Set the service URL to use custom casauth directly within the VCL website
phpCAS::setFixedServiceURL($callbackURL);
if($auth['validatecassslcerts'] != true)
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
# TODO - Check if server is available.
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn checkCASUserInDatabase($userid)
///
/// \param $type - an array from the $authMechs table
/// \param $userid - a userid without the affiliation part
///
/// \return true if the user exists in the database, else false
///
/// \brief looks up $userid in VCL database
///
////////////////////////////////////////////////////////////////////////////////
function checkCASUserInDatabase($type, $userid) {
global $authMechs, $mysqli_link_vcl;
$loweruserid = strtolower($userid);
$loweruserid = vcl_mysql_escape_string($loweruserid);
$query = "SELECT id "
. "FROM user "
. "WHERE unityid = '$userid' AND "
. "affiliationid = {$authMechs[$type]['affiliationid']}";
$qh = doQuery($query, 101);
if($row = mysqli_fetch_assoc($qh)) {
return TRUE;
}
return FALSE;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn addCASUser($authtype, $userid)
///
/// \param $userinfo - an array with user information
///
/// \return id from the user table or NULL on failure
///
/// \brief looks up $userid in CAS according to info in $authMechs array, adds
/// the user to the user table, and returns the new id from the table
///
////////////////////////////////////////////////////////////////////////////////
function addCASUser($userinfo) {
global $authMechs, $mysqli_link_vcl;
$now = unixToDatetime(time());
if(array_key_exists('firstname', $userinfo))
$esc_firstname = vcl_mysql_escape_string($userinfo['firstname']);
if(array_key_exists('lastname', $userinfo))
$esc_lastname = vcl_mysql_escape_string($userinfo['lastname']);
if(array_key_exists('preferredname', $userinfo))
$esc_preferredname = vcl_mysql_escape_string($userinfo['preferredname']);
$query = "INSERT INTO user (unityid, affiliationid";
if(array_key_exists('firstname', $userinfo))
$query .= ", firstname";
if(array_key_exists('lastname', $userinfo))
$query .= ", lastname";
if(array_key_exists('preferredname', $userinfo))
$query .= ", preferredname";
if(array_key_exists('email', $userinfo))
$query .= ", email";
$query .= ", lastupdated) VALUES ( '{$userinfo['unityid']}', {$userinfo['affiliationid']}";
if(array_key_exists('firstname', $userinfo))
$query .= ",'{$esc_firstname}'";
if(array_key_exists('lastname', $userinfo))
$query .= ",'{$esc_lastname}'";
if(array_key_exists('preferredname', $userinfo))
$query .= ",'{$esc_preferredname}'";
if(array_key_exists('email', $userinfo))
$query .= ",'{$userinfo['email']}'";
$query .= ",'{$now}')";
doQuery($query, 101, 'vcl', 1);
if(mysqli_affected_rows($mysqli_link_vcl)) {
$qh = doQuery("SELECT LAST_INSERT_ID() FROM user", 101);
if(! $row = mysqli_fetch_row($qh)) {
abort(101);
}
// Add to default group
if($userinfo['defaultgroup'] != null) {
$usergroups = array();
array_push($usergroups, getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid']));
updateGroups($usergroups, $row[0]);
}
return $row[0];
}
return NULL;
}
////////////////////////////////////////////////////////////////////////////////
///
/// \fn updateCASUser($authtype, $userid)
///
/// \param $userinfo - an array with user information
///
/// \return FALSE if update failed, else TRUE
///
/// \brief pulls the user's information from CAS, updates it in the db, and
/// returns an array of the information
///
////////////////////////////////////////////////////////////////////////////////
function updateCASUser($userinfo) {
global $mysqli_link_vcl;
$now = unixToDatetime(time());
$esc_userid = vcl_mysql_escape_string($userinfo['unityid']);
if(array_key_exists('firstname', $userinfo))
$esc_firstname = vcl_mysql_escape_string($userinfo['firstname']);
if(array_key_exists('lastname', $userinfo))
$esc_lastname = vcl_mysql_escape_string($userinfo['lastname']);
if(array_key_exists('preferredname', $userinfo))
$esc_preferredname = vcl_mysql_escape_string($userinfo['preferredname']);
$query = "UPDATE user SET unityid = '{$userinfo['unityid']}', lastupdated = '{$now}'";
if(array_key_exists('firstname', $userinfo))
$query .= ", firstname = '{$esc_firstname}' ";
if(array_key_exists('lastname', $userinfo))
$query .= ", lastname = '{$esc_lastname}' ";
if(array_key_exists('preferredname', $userinfo))
$query .= ", preferredname = '{$esc_preferredname}' ";
if(array_key_exists('email', $userinfo))
$query .= ", email = '{$userinfo['email']}' ";
$query .= "WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}";
doQuery($query, 256, 'vcl', 1);
if(mysqli_affected_rows($mysqli_link_vcl) == -1) {
error_log(mysqli_error($mysqli_link_vcl));
error_log($query);
return FALSE;
}
// get id of current user
$query = "SELECT id FROM user WHERE unityid = '{$esc_userid}' AND affiliationid = {$userinfo['affiliationid']}";
$qh = doQuery($query, 255);
if($user = mysqli_fetch_assoc($qh)) {
// Add to default group
if($userinfo['defaultgroup'] != null) {
$usergroups = array();
$newgroupid = getUserGroupID($userinfo['defaultgroup'], $userinfo['affiliationid']);
array_push($usergroups, $newgroupid);
$usergroups = array_unique($usergroups);
if(! empty($usergroups))
updateGroups($usergroups, $user["id"]);
}
}
return TRUE;
}
?>