/[drupal]/contributions/modules/cas/cas_server.module
ViewVC logotype

Contents of /contributions/modules/cas/cas_server.module

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.4 - (show annotations) (download) (as text)
Tue Apr 14 15:03:17 2009 UTC (7 months, 2 weeks ago) by metzlerd
Branch: MAIN
CVS Tags: DRUPAL-6--2-0-BETA1, HEAD
Branch point for: DRUPAL-6--2, DRUPAL-5--4
Changes since 1.3: +21 -2 lines
File MIME type: text/x-php 
Latest working version.
1 <?php
2 // $Id: cas_server.module,v 1.44 2008/07/31 15:20:41 metzlerd Exp $
3
4 /**
5 * @file Provides a protocol compliant version of CAS server 2.x
6 */
7 define('CAS_LOGIN_COOKIE', 'cas_server_login');
8
9 /**
10 * Implementation of hook_menu
11 */
12 function cas_server_menu() {
13 $items = array();
14 $items['cas/login'] = array(
15 'page callback' => 'cas_server_login',
16 'title' => t('CAS Login'),
17 'access callback' => TRUE,
18 'type' => MENU_CALLBACK,
19 );
20
21 $items['cas/validate'] = array(
22 'page callback' => 'cas_server_validate',
23 'title' => t('CAS Validate'),
24 'access callback' => TRUE,
25 'type' => MENU_CALLBACK,
26 );
27
28 $items['cas/serviceValidate'] = array(
29 'page callback' => 'cas_server_service_validate',
30 'title' => t('CAS Service Validate'),
31 'access callback' => TRUE,
32 'type' => MENU_CALLBACK,
33 );
34
35 $items['cas/logout'] = array(
36 'page callback' => 'cas_server_logout',
37 'title' => t('CAS Logout'),
38 'access callback' => TRUE,
39 'type' => MENU_CALLBACK,
40 );
41 return $items;
42 }
43
44 function cas_server_service_return() {
45 global $user;
46 $service = $_COOKIE[CAS_LOGIN_COOKIE];
47 if ($service && $user->uid) {
48 $ticket = _cas_server_save_ticket($user->uid, $service);
49 setcookie(CAS_LOGIN_COOKIE, "", -3600);
50 drupal_goto($service, 'ticket='. urlencode($ticket));
51 }
52 }
53
54 /**
55 * Handle login
56 *
57 */
58 function cas_server_login() {
59 // Set login cookie so that we know we're in the process of logging in
60 global $user;
61 if ($user->uid) {
62 if ($_GET['service']) {
63 $_COOKIE[CAS_LOGIN_COOKIE] = $_REQUEST['service'];
64 }
65 $output=t('You have successfully logged into CAS');
66 cas_server_service_return();
67 }
68 else {
69 if ($_GET['gateway'] && $_GET['service']) {
70 drupal_goto($_GET['service']);
71 }
72 else {
73 // Redirect to user login
74 if ($_GET['service']) {
75 setcookie(CAS_LOGIN_COOKIE, $_REQUEST['service']);
76 }
77 $output .= l('Login', 'user', array('query' => 'destination=cas/login'));
78 drupal_goto('user', 'destination=cas/login');
79 }
80 }
81 return $output;
82 }
83
84 /**
85 * Validate the ticket using a CAS 1.x methodology
86 * This provides the simple non-xml based
87 */
88 function cas_server_validate() {
89 //Obtain the ticket from the url and validate it.
90 $ticket = $_GET['ticket'];
91 $service = $_GET['service'];
92 $user_name = _cas_server_validate($service, $ticket);
93 if ($user_name) {
94 print "yes\n";
95 print "$user_name\n";
96 }
97 else {
98 print "no\n";
99 print "\n";
100 }
101 }
102 /**
103 * serviceValidate method using cas 2.0
104 * Returns data in xml
105 */
106 function cas_server_service_validate() {
107 $ticket = $_GET['ticket'];
108 $service = $_GET['service'];
109 $user_name = _cas_server_validate($service, $ticket);
110 if (!$user_name ) $cas_error='INVALID_TICKET';
111 if (!$ticket || !$service) $cas_error='INVALID_REQUEST';
112
113 header('Content-type:', 'text/xml');
114 if ($user_name) {
115 //@TODO Generate proxy granting ticket
116 print "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\n".
117 " <cas:authenticationSuccess>\n".
118 " <cas:user>$user_name</cas:user>\n".
119 " </cas:authenticationSuccess>\n".
120 "</cas:serviceResponse>\n";
121 watchdog('cas', 'User '. $user_name .' CAS sucessully authenticated.');
122 }
123 else {
124 print "<cas:serviceReponse xmlns:cas='http://www.yale.edu/tp/cas'>\n".
125 " <cas:authenticationFailure code=\"$cas_error\">\n".
126 " Ticket $ticket not recognized.\n".
127 " </cas:authenticationFailure>".
128 "</cas:serviceResponse>";
129 watchdog('cas', 'User '. $user_name .' authentication failed!');
130 }
131 }
132
133 /**
134 * Test to see if a one time use ticket is valid
135 *
136 * @param unknown_type $ticket
137 * @return unknown
138 */
139 function _cas_server_validate($service, $ticket) {
140 // Look up the ticket
141 $user_name='';
142 $ticket_info=array($service, $ticket);
143 $result = db_query_range("SELECT u.name FROM {cas_server_tickets} t JOIN {users} u ON t.uid=u.uid WHERE t.service = '%s' and t.ticket = '%s'", $ticket_info, 0, 1);
144 if ($result !== FALSE) {
145 while ($ticket_data = db_fetch_object($result)) {
146 $user_name = $ticket_data->name;
147 }
148 }
149 db_query("DELETE FROM {cas_server_tickets} WHERE ticket='%s'", array($ticket));
150
151 return $user_name;
152 }
153
154 /**
155 * Generate a one time use login ticket for the user in question.
156 *
157 * @param int $uid
158 */
159 function _cas_server_save_ticket($uid, $service) {
160 // Generate the ticket
161 $time = time();
162 $ticket = 'ST-'. user_password();
163
164 $ticket_data = array($uid, $service, $ticket, $time);
165 // Save the ticket to the db
166 if ($uid && $service) {
167 db_query("INSERT INTO {cas_server_tickets} (uid, service, ticket, timestamp) VALUES (%d, '%s', '%s', %d)", $ticket_data);
168 }
169 return $ticket;
170 }
171 /**
172 * Cas Logout
173 * @TODO: Implement single sign out support
174 */
175 function cas_server_logout() {
176 // Destroy the current session:
177 session_destroy();
178 module_invoke_all('user', 'logout', NULL, $user);
179 $output = '<p>You have been logged out successfully</p>';
180 if ($_GET['url']) {
181 $output .= '<p>'. l('Continue', $_GET['url']) .'</p>';
182 }
183 }
  ViewVC Help
Powered by ViewVC 1.1.2