// hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI']
// in IIS
//
-if (php_sapi_name() != 'cli') {
- if (!isset($_SERVER['REQUEST_URI'])) {
- $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
- }
+if (!isset($_SERVER['REQUEST_URI']) && isset($_SERVER['SCRIPT_NAME']) && isset($_SERVER['QUERY_STRING'])) {
+ $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
}
// Add a E_USER_DEPRECATED for php versions <= 5.2
/**
* phpCAS version. accessible for the user by phpCAS::getVersion().
*/
-define('PHPCAS_VERSION', '1.3.4');
+define('PHPCAS_VERSION', '1.3.5+');
/**
* @addtogroup public
*/
define("SAML_ATTRIBUTES", 'SAMLATTRIBS');
-/**\r
- * SAML Attributes\r
- */\r
+/**
+ * SAML Attributes
+ */
define("DEFAULT_ERROR", 'Internal script failure');
/** @} */
define("PHPCAS_LANG_JAPANESE", 'CAS_Languages_Japanese');
define("PHPCAS_LANG_SPANISH", 'CAS_Languages_Spanish');
define("PHPCAS_LANG_CATALAN", 'CAS_Languages_Catalan');
+define("PHPCAS_LANG_CHINESE_SIMPLIFIED", 'CAS_Languages_ChineseSimplified');
/** @} */
*/
private static $_PHPCAS_DEBUG;
- /**\r
+ /**
* This variable is used to enable verbose mode
* This pevents debug info to be show to the user. Since it's a security
* feature the default is false
- *\r
- * @hideinitializer\r
- */\r
+ *
+ * @hideinitializer
+ */
private static $_PHPCAS_VERBOSE = false;
}
}
- /**\r
+ /**
* Enable verbose errors messages in the website output
* This is a security relevant since internal status info may leak an may
- * help an attacker. Default is therefore false\r
- *\r
- * @param bool $verbose enable verbose output\r
- *\r
- * @return void\r
- */\r
+ * help an attacker. Default is therefore false
+ *
+ * @param bool $verbose enable verbose output
+ *
+ * @return void
+ */
public static function setVerbose($verbose)
{
- if ($verbose === true) {\r
- self::$_PHPCAS_VERBOSE = true;\r
+ if ($verbose === true) {
+ self::$_PHPCAS_VERBOSE = true;
} else {
self::$_PHPCAS_VERBOSE = false;
}
/**
- * Show is verbose mode is on\r
- *\r
- * @return boot verbose\r
- */\r
- public static function getVerbose()\r
- {\r
- return self::$_PHPCAS_VERBOSE;\r
+ * Show is verbose mode is on
+ *
+ * @return boot verbose
+ */
+ public static function getVerbose()
+ {
+ return self::$_PHPCAS_VERBOSE;
}
/**
}
}
+
+ /**
+ * Set a callback function to be run when receiving CAS attributes
+ *
+ * The callback function will be passed an $success_elements
+ * payload of the response (\DOMElement) as its first parameter.
+ *
+ * @param string $function Callback function
+ * @param array $additionalArgs optional array of arguments
+ *
+ * @return void
+ */
+ public static function setCasAttributeParserCallback($function, array $additionalArgs = array())
+ {
+ phpCAS::_validateClientExists();
+
+ self::$_PHPCAS_CLIENT->setCasAttributeParserCallback($function, $additionalArgs);
+ }
+
/**
* Set a callback function to be run when a user authenticates.
*
/**
* Set the serviceValidate URL of the CAS server.
- * Used only in CAS 1.0 validations
+ * Used for all CAS versions of URL validations.
+ * Examples:
+ * CAS 1.0 http://www.exemple.com/validate
+ * CAS 2.0 http://www.exemple.com/validateURL
+ * CAS 3.0 http://www.exemple.com/p3/serviceValidate
*
* @param string $url the serviceValidate URL
*
/**
* Set the proxyValidate URL of the CAS server.
- * Used for all CAS 2.0 validations
+ * Used for all CAS versions of proxy URL validations
+ * Examples:
+ * CAS 1.0 http://www.exemple.com/
+ * CAS 2.0 http://www.exemple.com/proxyValidate
+ * CAS 3.0 http://www.exemple.com/p3/proxyValidate
*
* @param string $url the proxyValidate URL
*
throw new CAS_OutOfSequenceBeforeProxyException();
}
}
+
+ /**
+ * For testing purposes, use this method to set the client to a test double
+ *
+ * @return void
+ */
+ public static function setCasClient(\CAS_Client $client)
+ {
+ self::$_PHPCAS_CLIENT = $client;
+ }
}
// ########################################################################
// DOCUMENTATION
public function __construct($client,$failure,$cas_url,$no_response,
$bad_response='',$cas_response='',$err_code='',$err_msg=''
) {
+ $messages = array();
phpCAS::traceBegin();
$lang = $client->getLangObj();
$client->printHTMLHeader($lang->getAuthenticationFailed());
htmlentities($client->getURL()),
isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN']:''
);
- phpCAS::trace('CAS URL: '.$cas_url);
- phpCAS::trace('Authentication failure: '.$failure);
+ phpCAS::trace($messages[] = 'CAS URL: '.$cas_url);
+ phpCAS::trace($messages[] = 'Authentication failure: '.$failure);
if ( $no_response ) {
- phpCAS::trace('Reason: no response from the CAS server');
+ phpCAS::trace($messages[] = 'Reason: no response from the CAS server');
} else {
if ( $bad_response ) {
- phpCAS::trace('Reason: bad response from the CAS server');
+ phpCAS::trace($messages[] = 'Reason: bad response from the CAS server');
} else {
switch ($client->getServerVersion()) {
case CAS_VERSION_1_0:
- phpCAS::trace('Reason: CAS error');
+ phpCAS::trace($messages[] = 'Reason: CAS error');
break;
case CAS_VERSION_2_0:
case CAS_VERSION_3_0:
if ( empty($err_code) ) {
- phpCAS::trace('Reason: no CAS error');
+ phpCAS::trace($messages[] = 'Reason: no CAS error');
} else {
- phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg);
+ phpCAS::trace($messages[] = 'Reason: ['.$err_code.'] CAS error: '.$err_msg);
}
break;
}
}
- phpCAS::trace('CAS response: '.$cas_response);
+ phpCAS::trace($messages[] = 'CAS response: '.$cas_response);
}
$client->printHTMLFooter();
phpCAS::traceExit();
+
+ parent::__construct(implode("\n", $messages));
}
}
}
/**
- * @var callback $_postAuthenticateCallbackFunction;
+ * @var callback $_attributeParserCallbackFunction;
+ */
+ private $_casAttributeParserCallbackFunction = null;
+
+ /**
+ * @var array $_attributeParserCallbackArgs;
+ */
+ private $_casAttributeParserCallbackArgs = array();
+
+ /**
+ * Set a callback function to be run when parsing CAS attributes
+ *
+ * The callback function will be passed a XMLNode as its first parameter,
+ * followed by any $additionalArgs you pass.
+ *
+ * @param string $function callback function to call
+ * @param array $additionalArgs optional array of arguments
+ *
+ * @return void
+ */
+ public function setCasAttributeParserCallback($function, array $additionalArgs = array())
+ {
+ $this->_casAttributeParserCallbackFunction = $function;
+ $this->_casAttributeParserCallbackArgs = $additionalArgs;
+ }
+
+ /** @var callback $_postAuthenticateCallbackFunction;
*/
private $_postAuthenticateCallbackFunction = null;
session_start();
phpCAS :: trace("Starting a new session " . session_id());
}
-
+ // Only for debug purposes
+ if ($this->isSessionAuthenticated()){
+ phpCAS :: trace("Session is authenticated as: " . $_SESSION['phpCAS']['user']);
+ } else {
+ phpCAS :: trace("Session is not authenticated");
+ }
// are we in proxy mode ?
$this->_proxy = $proxy;
$res = true;
} else {
$this->redirectToCas(false, true);
- // never reached\r
+ // never reached
$res = false;
}
phpCAS::traceEnd();
header('Location: '.$cas_url);
phpCAS::trace("Prepare redirect to : ".$cas_url);
+ phpCAS::trace("Destroying session : ".session_id());
session_unset();
session_destroy();
+ if (session_status() === PHP_SESSION_NONE) {
+ phpCAS::trace("Session terminated");
+ } else {
+ phpCAS::error("Session was not terminated");
+ phpCAS::trace("Session was not terminated");
+ }
$lang = $this->getLangObj();
$this->printHTMLHeader($lang->getLogout());
printf('<p>'.$lang->getShouldHaveBeenRedirected(). '</p>', $cas_url);
*/
public function setCasServerCACert($cert, $validate_cn)
{
- // Argument validation
- if (gettype($cert) != 'string')
- throw new CAS_TypeMismatchException($cert, '$cert', 'string');
- if (gettype($validate_cn) != 'boolean')
- throw new CAS_TypeMismatchException($validate_cn, '$validate_cn', 'boolean');
-
+ // Argument validation
+ if (gettype($cert) != 'string') {
+ throw new CAS_TypeMismatchException($cert, '$cert', 'string');
+ }
+ if (gettype($validate_cn) != 'boolean') {
+ throw new CAS_TypeMismatchException($validate_cn, '$validate_cn', 'boolean');
+ }
+ if ( !file_exists($cert) && $this->_requestImplementation !== 'CAS_TestHarness_DummyRequest'){
+ throw new CAS_InvalidArgumentException("Certificate file does not exist " . $this->_requestImplementation);
+ }
$this->_cas_server_ca_cert = $cert;
$this->_cas_server_cn_validate = $validate_cn;
}
$validate_url = $this->getServerServiceValidateURL()
.'&ticket='.urlencode($this->getTicket());
- if ( $renew ) {\r
- // pass the renew\r
- $validate_url .= '&renew=true';\r
+ if ( $renew ) {
+ // pass the renew
+ $validate_url .= '&renew=true';
}
// open and read the URL
// build the URL to validate the ticket
$validate_url = $this->getServerSamlValidateURL();
- if ( $renew ) {\r
- // pass the renew\r
- $validate_url .= '&renew=true';\r
+ if ( $renew ) {
+ // pass the renew
+ $validate_url .= '&renew=true';
}
// open and read the URL
$validate_url .= '&pgtUrl='.urlencode($this->_getCallbackURL());
}
- if ( $renew ) {\r
- // pass the renew\r
- $validate_url .= '&renew=true';\r
+ if ( $renew ) {
+ // pass the renew
+ $validate_url .= '&renew=true';
}
// open and read the URL
false/*$no_response*/, true/*$bad_response*/, $text_response
);
$result = false;
- } else if ( $tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
+ } else if ( $tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
// authentication failed, extract the error code and message and throw exception
$auth_fail_list = $tree_response
->getElementsByTagName("authenticationFailure");
// </cas:authenticationSuccess>
// </cas:serviceResponse>
//
- if ( $success_elements->item(0)->getElementsByTagName("attributes")->length != 0) {
+ if ($this->_casAttributeParserCallbackFunction !== null
+ && is_callable($this->_casAttributeParserCallbackFunction)
+ ) {
+ array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
+ phpCas :: trace("Calling attritubeParser callback");
+ $extra_attributes = call_user_func_array(
+ $this->_casAttributeParserCallbackFunction,
+ $this->_casAttributeParserCallbackArgs
+ );
+ } elseif ( $success_elements->item(0)->getElementsByTagName("attributes")->length != 0) {
$attr_nodes = $success_elements->item(0)
->getElementsByTagName("attributes");
phpCas :: trace("Found nested jasig style attributes");
return $this->_url;
}
+ /**
+ * This method sets the base URL of the CAS server.
+ *
+ * @param string $url the base URL
+ *
+ * @return string base url
+ */
+ public function setBaseURL($url)
+ {
+ // Argument Validation
+ if (gettype($url) != 'string')
+ throw new CAS_TypeMismatchException($url, '$url', 'string');
+
+ return $this->_server['base_url'] = $url;
+ }
+
/**
* Try to figure out the phpCas client URL with possible Proxys / Ports etc.
{
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
return ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https');
- }
- if ( isset($_SERVER['HTTPS'])
+ } elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) {
+ return ($_SERVER['HTTP_X_FORWARDED_PROTOCOL'] === 'https');
+ } elseif ( isset($_SERVER['HTTPS'])
&& !empty($_SERVER['HTTPS'])
&& strcasecmp($_SERVER['HTTPS'], 'off') !== 0
) {
return true;
- } else {
- return false;
}
+ return false;
+
}
/**
--- /dev/null
+<?php
+
+/**
+ * Licensed to Jasig under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * Jasig licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * PHP Version 5
+ *
+ * @file CAS/Language/ChineseSimplified.php
+ * @category Authentication
+ * @package PhpCAS
+ * @author Pascal Aubry <pascal.aubry@univ-rennes1.fr>, Phy25 <caslang@phy25.com>
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
+ * @link https://wiki.jasig.org/display/CASC/phpCAS
+ */
+
+/**
+ * Chinese Simplified language class
+ *
+ * @class CAS_Languages_ChineseSimplified
+ * @category Authentication
+ * @package PhpCAS
+ * @author Pascal Aubry <pascal.aubry@univ-rennes1.fr>, Phy25 <caslang@phy25.com>
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
+ * @link https://wiki.jasig.org/display/CASC/phpCAS
+ *
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+class CAS_Languages_ChineseSimplified implements CAS_Languages_LanguageInterface
+{
+ /**
+ * Get the using server string
+ *
+ * @return string using server
+ */
+ public function getUsingServer()
+ {
+ return '连接的服务器';
+ }
+
+ /**
+ * Get authentication wanted string
+ *
+ * @return string authentication wanted
+ */
+ public function getAuthenticationWanted()
+ {
+ return '请进行 CAS 认证!';
+ }
+
+ /**
+ * Get logout string
+ *
+ * @return string logout
+ */
+ public function getLogout()
+ {
+ return '请进行 CAS 登出!';
+ }
+
+ /**
+ * Get the should have been redirected string
+ *
+ * @return string should habe been redirected
+ */
+ public function getShouldHaveBeenRedirected()
+ {
+ return '你正被重定向到 CAS 服务器。<a href="%s">点击这里</a>继续。';
+ }
+
+ /**
+ * Get authentication failed string
+ *
+ * @return string authentication failed
+ */
+ public function getAuthenticationFailed()
+ {
+ return 'CAS 认证失败!';
+ }
+
+ /**
+ * Get the your were not authenticated string
+ *
+ * @return string not authenticated
+ */
+ public function getYouWereNotAuthenticated()
+ {
+ return '<p>你没有成功登录。</p><p>你可以<a href="%s">点击这里重新登录</a>。</p><p>如果问题依然存在,请<a href="mailto:%s">联系本站管理员</a>。</p>';
+ }
+
+ /**
+ * Get the service unavailable string
+ *
+ * @return string service unavailable
+ */
+ public function getServiceUnavailable()
+ {
+ return '服务器 <b>%s</b> 不可用(<b>%s</b>)。';
+ }
+}
\ No newline at end of file
*/
public function getUsingServer()
{
- return '÷ñçóéìïðïéåßôáé ï åîõðçñåôçôÞò';
+ return 'χρησιμοποιείται ο εξυπηρετητής';
}
/**
*/
public function getAuthenticationWanted()
{
- return 'Áðáéôåßôáé ç ôáõôïðïßçóç CAS!';
+ return 'Απαιτείται η ταυτοποίηση CAS!';
}
/**
*/
public function getLogout()
{
- return 'Áðáéôåßôáé ç áðïóýíäåóç áðü CAS!';
+ return 'Απαιτείται η αποσύνδεση από CAS!';
}
/**
*/
public function getShouldHaveBeenRedirected()
{
- return 'Èá Ýðñåðå íá åß÷áôå áíáêáôåõèõíèåß óôïí åîõðçñåôçôÞ CAS. ÊÜíôå êëßê <a href="%s">åäþ</a> ãéá íá óõíå÷ßóåôå.';
+ return 'Θα έπρεπε να είχατε ανακατευθυνθεί στον εξυπηρετητή CAS. Κάντε κλίκ <a href="%s">εδώ</a> για να συνεχίσετε.';
}
/**
*/
public function getAuthenticationFailed()
{
- return 'Ç ôáõôïðïßçóç CAS áðÝôõ÷å!';
+ return 'Η ταυτοποίηση CAS απέτυχε!';
}
/**
*/
public function getYouWereNotAuthenticated()
{
- return '<p>Äåí ôáõôïðïéçèÞêáôå.</p><p>Ìðïñåßôå íá îáíáðñïóðáèÞóåôå, êÜíïíôáò êëßê <a href="%s">åäþ</a>.</p><p>Åáí ôï ðñüâëçìá åðéìåßíåé, åëÜôå óå åðáöÞ ìå ôïí <a href="mailto:%s">äéá÷åéñéóôÞ</a>.</p>';
+ return '<p>Δεν ταυτοποιηθήκατε.</p><p>Μπορείτε να ξαναπροσπαθήσετε, κάνοντας κλίκ <a href="%s">εδώ</a>.</p><p>Εαν το πρόβλημα επιμείνει, ελάτε σε επαφή με τον <a href="mailto:%s">διαχειριστή</a>.</p>';
}
/**
*/
public function getServiceUnavailable()
{
- return 'Ç õðçñåóßá `<b>%s</b>\' äåí åßíáé äéáèÝóéìç (<b>%s</b>).';
+ return 'Η υπηρεσία `<b>%s</b>\' δεν είναι διαθέσιμη (<b>%s</b>).';
}
}
-?>
\ No newline at end of file
+?>
*/
/**
- * Japanese language class. Now Encoding is EUC-JP and LF
+ * Japanese language class. Now Encoding is UTF-8.
*
* @class CAS_Languages_Japanese
* @category Authentication
*/
public function getUsingServer()
{
- return 'using server';
+ return 'サーバーを使っています。';
}
/**
*/
public function getAuthenticationWanted()
{
- return 'CAS�ˤ��ǧ�ڤ�Ԥ��ޤ�';
+ return 'CASによる認証を行います。';
}
/**
*/
public function getLogout()
{
- return 'CAS����?�����Ȥ��ޤ�!';
+ return 'CASからログアウトします!';
}
/**
*/
public function getShouldHaveBeenRedirected()
{
- return 'CAS�����Ф˹Ԥ�ɬ�פ�����ޤ�����ưŪ��ž������ʤ����� <a href="%s">������</a> ��å�����³�Ԥ��ޤ��';
+ return 'CASサーバに行く必要があります。自動的に転送されない場合は <a href="%s">こちら</a> をクリックして続行します。';
}
/**
*/
public function getAuthenticationFailed()
{
- return 'CAS�ˤ��ǧ�ڤ˼��Ԥ��ޤ���';
+ return 'CASによる認証に失敗しました。';
}
/**
*/
public function getYouWereNotAuthenticated()
{
- return '<p>ǧ�ڤǤ��ޤ���Ǥ���.</p><p>�⤦���٥ꥯ�����Ȥ������������<a href="%s">������</a>��å�.</p><p>���꤬��褷�ʤ����� <a href="mailto:%s">���Υ����Ȥδ����</a>���䤤��碌�Ƥ�������.</p>';
+ return '<p>認証できませんでした。</p><p>もう一度リクエストを送信する場合は<a href="%s">こちら</a>をクリック。</p><p>問題が解決しない場合は <a href="mailto:%s">このサイトの管理者</a>に問い合わせてください。</p>';
}
/**
*/
public function getServiceUnavailable()
{
- return '�����ӥ� `<b>%s</b>\' �����ѤǤ��ޤ��� (<b>%s</b>).';
+ return 'サービス `<b>%s</b>\' は利用できません (<b>%s</b>)。';
}
}
-?>
\ No newline at end of file
+?>
function getPGTIouFilename($pgt_iou)
{
phpCAS::traceBegin();
- $filename = $this->getPath().$pgt_iou.'.plain';
- phpCAS::traceEnd($filename);
+ $filename = $this->getPath()."phpcas-".hash("sha256", $pgt_iou);
+// $filename = $this->getPath().$pgt_iou.'.plain';
+ phpCAS::trace("Sha256 filename:" . $filename);
+ phpCAS::traceEnd();
return $filename;
}
$handles = array();
$multiHandle = curl_multi_init();
foreach ($this->_requests as $i => $request) {
- $handle = $request->_initAndConfigure();
+ $handle = $request->initAndConfigure();
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
$handles[$i] = $handle;
curl_multi_add_handle($multiHandle, $handle);
/*********************************************************
* initialize the CURL session
*********************************************************/
- $ch = $this->_initAndConfigure();
+ $ch = $this->initAndConfigure();
/*********************************************************
* Perform the query
*
* @return resource The cURL handle on success, false on failure
*/
- private function _initAndConfigure()
+ public function initAndConfigure()
{
/*********************************************************
* initialize the CURL session
-Description of phpCAS 1.3.4 library import
+Description of phpCAS 1.3.5 library import
* downloaded from http://downloads.jasig.org/cas-clients/php/current/
-
-* MDL-59456 phpCAS library has been patched because of an authentication bypass security vulnerability.
\ No newline at end of file
<location>CAS</location>
<name>CAS</name>
<license>Apache</license>
- <version>1.3.4</version>
+ <version>1.3.5</version>
<licenseversion>2.0</licenseversion>
</library>
</libraries>
