2018-03-02 08:27:58 +00:00
|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* Created by PhpStorm.
|
|
|
|
* User: lucas
|
|
|
|
* Date: 27/02/18
|
|
|
|
* Time: 16:19
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace api\module;
|
|
|
|
|
|
|
|
|
|
|
|
use database\core\Repo;
|
|
|
|
use database\repo\professor;
|
|
|
|
use error\core\Error;
|
|
|
|
use error\core\Err;
|
|
|
|
|
|
|
|
class casController{
|
|
|
|
|
|
|
|
|
|
|
|
/* (1) Authentication callback
|
|
|
|
*
|
|
|
|
* @return professors<array> The professor(s) data
|
|
|
|
*
|
|
|
|
---------------------------------------------------------*/
|
|
|
|
public static function get($args){
|
|
|
|
|
|
|
|
// login: https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas
|
|
|
|
// validate: https://sso.univ-pau.fr/cas/serviceValidate?ticket=***TICKET***&service=http://ptut.com:8080/api/v/1.0/cas
|
|
|
|
|
2018-03-03 13:57:43 +00:00
|
|
|
/* (1) Check if already connected
|
2018-03-02 08:27:58 +00:00
|
|
|
---------------------------------------------------------*/
|
2018-03-03 13:57:43 +00:00
|
|
|
/* (1) If already -> return @cas_login */
|
|
|
|
if( in_array('cas_user', $_SESSION['AUTH']) )
|
|
|
|
return ['cas_login' => $_SESSION['CAS']['login']];
|
2018-03-02 08:27:58 +00:00
|
|
|
|
|
|
|
/* (2) Fail if no ticket */
|
|
|
|
if( !isset($_GET['ticket']) || !is_string($_GET['ticket']) || strlen($_GET['ticket']) < 1 )
|
|
|
|
return ['error' => new Error(Err::PermissionError, 'missing ticket')];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* (2) Check ticket (validate)
|
|
|
|
---------------------------------------------------------*/
|
|
|
|
/* (1) Build useful variables */
|
|
|
|
$service = 'http://ptut.com:8080/api/v/1.0/cas';
|
|
|
|
$ticket = urlencode($_GET['ticket']);
|
|
|
|
$validate_url = "https://sso.univ-pau.fr/cas/serviceValidate?ticket=$ticket&service=$service";
|
|
|
|
|
|
|
|
/* (2) Configure & Prepare CURL */
|
|
|
|
$ch = curl_init();
|
|
|
|
|
|
|
|
curl_setopt($ch, CURLOPT_URL, $validate_url);
|
|
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
|
|
|
|
|
|
|
/* (3) Execute CURL & Close it */
|
|
|
|
$output = curl_exec($ch);
|
|
|
|
curl_close($ch);
|
|
|
|
|
|
|
|
/* (4) Fail if not validated */
|
|
|
|
if( strpos($output, 'user') === false )
|
|
|
|
return ['error' => new Error(Err::PermissionError, 'invalid ticket')];
|
|
|
|
|
|
|
|
/* (5) Extract cas_login */
|
|
|
|
$cas_login = trim(strip_tags($output));
|
|
|
|
|
|
|
|
/* (6) Check empty */
|
|
|
|
if( strlen($cas_login) < 1 )
|
|
|
|
return ['error' => new Error(Err::PermissionError, 'cannot find cas login')];
|
|
|
|
|
|
|
|
|
2018-03-03 13:57:43 +00:00
|
|
|
/* (3) Store data in session
|
|
|
|
---------------------------------------------------------*/
|
|
|
|
$_SESSION['CAS'] = [
|
|
|
|
'login' => $cas_login,
|
|
|
|
'ticket' => $ticket
|
|
|
|
];
|
|
|
|
|
|
|
|
|
2018-03-02 08:27:58 +00:00
|
|
|
|
|
|
|
return ['cas_login' => $cas_login ];
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|