[config.modules] added 'cas' permissions [module.cas] added PUT to really logout (from CAS server) but do not work (except from document.location)

This commit is contained in:
xdrm-brackets 2018-03-20 23:35:16 +01:00
parent 7db2a41027
commit 100b09c695
2 changed files with 79 additions and 38 deletions

View File

@ -20,7 +20,11 @@ class casController{
/* (1) Authentication callback
*
* @return professors<array> The professor(s) data
* GET arguments
*
* @ticket<String> CAS callback @ticket
*
* @return headers|body<array> The download content
*
---------------------------------------------------------*/
public static function get($args){
@ -85,14 +89,14 @@ class casController{
$validate_url = "https://sso.univ-pau.fr/cas/serviceValidate?ticket=$ticket&service=$service";
/* (2) Configure & Prepare CURL */
$ch = curl_init();
$ch = \curl_init();
curl_setopt($ch, CURLOPT_URL, $validate_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
\curl_setopt($ch, CURLOPT_URL, $validate_url);
\curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
/* (3) Execute CURL & Close it */
$output = curl_exec($ch);
curl_close($ch);
$output = \curl_exec($ch);
\curl_close($ch);
/* (4) Fail if not validated */
if( strpos($output, 'user') === false )
@ -167,8 +171,49 @@ class casController{
/* (2) Logout from CAS server
*
* @return logged_out<bool> Whether you have been logged out
*
---------------------------------------------------------*/
public function put(){
/* (1) Call logout script
---------------------------------------------------------*/
/* (1) Build useful variables */
$service = ($_SERVER['SERVER_NAME'] == 'ptut.com' ) ? 'http' : 'https';
$service .= '://'.$_SERVER['HTTP_HOST'].'/api/v/1.0/cas';
$logout_url = "https://sso.univ-pau.fr/cas/logout?service=$service";
/* (2) Configure & Prepare CURL */
$ch = \curl_init();
\curl_setopt($ch, CURLOPT_URL, $logout_url);
\curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
/* (3) Execute CURL & Close it */
$output = \curl_exec($ch);
\curl_close($ch);
/* (4) Error if no output */
if( strlen($output) < 1 )
return ['logged_out' => false, 'redirect_url' => $logout_url];
/* (4) Destroy session */
\session_destroy();
/* (5) Return if logged out */
return ['logged_out' => true, 'redirect_url' => $logout_url];
}
/* (3) Logout (not from CAS server)
*
* @return logged_out<bool> Whether you have been logged out
*
---------------------------------------------------------*/
public function delete(){
\session_destroy();

View File

@ -26,25 +26,21 @@
"GET": {
"des": "Authenticatation callback (used by third-party OAuth)",
"per": [],
"par": {},
"par": {
"URL0": { "des": "Whether to manage a popup", "typ": "boolean", "opt": true, "ren": "popup_mode", "def": false }
},
"opt": { "download": true }
},
"POST": {
"des": "Login if not already authenticated",
"per": [],
"par": {}
},
"PUT": {
"des": "Check if authenticated",
"per": [],
"des": "Real logout to change login",
"per": [["cas_user"]],
"par": {}
},
"DELETE": {
"des": "Logout",
"per": [],
"per": [["cas_user"]],
"par": {}
}
@ -67,7 +63,7 @@
"excel":{
"POST": {
"des": "Import data from an Excel file",
"per": [],
"per": [["cas_admin"]],
"par": {
}
}
@ -88,7 +84,7 @@
"PUT":{
"des": "Switch the user on another department database",
"per": [],
"per": [["cas_user"]],
"par": {
"URL0": {"des": "Department id", "typ": "id", "ren": "department" }
},
@ -100,7 +96,7 @@
"errors":{
"GET": {
"des": "Get the list of incoherence of the department",
"per": [],
"per": [["cas_admin"]],
"par": {
}
}
@ -108,7 +104,7 @@
"stats":{
"GET": {
"des": "Get the statistics about the department",
"per": [],
"per": [["cas_admin"]],
"par": {
}
}
@ -237,7 +233,7 @@
"POST": {
"des": "Creates a new UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"code": { "des": "UE code.", "typ": "varchar(4,20,alphanumeric)" },
"label": { "des": "UE label", "typ": "varchar(4,30,alphanumeric)" },
@ -255,7 +251,7 @@
"GET": {
"des": "Get one or all UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Optional UE code.", "typ": "varchar(4,20,alphanumeric)", "ren": "code", "opt": true }
},
@ -267,7 +263,7 @@
"DELETE": {
"des": "Deletes an existing UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "UE code.", "typ": "varchar(4,20,alphanumeric)", "ren": "code" }
},
@ -278,7 +274,7 @@
"PUT": {
"des": "Edits an existing UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "UE code.", "typ": "varchar(4,20,alphanumeric)", "ren": "code" },
"new_code": { "des": "UE new code", "typ": "varchar(4,20,alphanumeric)", "opt": true },
@ -299,7 +295,7 @@
"POST": {
"des" : "Creates a new Cours for an UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"code": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)" },
"idProf": { "des": "Id of the professor", "typ": "id", "opt": true },
@ -313,7 +309,7 @@
"GET": {
"des" : "Get all cours data about a given UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)", "ren": "code" }
}
@ -321,7 +317,7 @@
"PUT": {
"des" : "Updates an existing Cours",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Id of the Cours", "typ": "id", "ren": "idCours" },
"idProf": { "des": "Id of the professor (-1 to unset)", "typ": "int", "opt": true },
@ -336,7 +332,7 @@
"DELETE": {
"des" : "Deletes an existing Cours",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Id of the Cours", "typ": "id", "ren": "idCours" }
},
@ -351,7 +347,7 @@
"POST": {
"des" : "Creates a new TD for an UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"code": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)" },
"idProf": { "des": "Id of the professor", "typ": "id", "opt": true },
@ -365,7 +361,7 @@
"GET": {
"des" : "Get all TD data about a given UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)", "ren": "code" }
}
@ -373,7 +369,7 @@
"PUT": {
"des" : "Updates an existing TD",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Id of the TD", "typ": "id", "ren": "idTD" },
"idProf": { "des": "Id of the professor (-1 to unset)", "typ": "int", "opt": true },
@ -388,7 +384,7 @@
"DELETE": {
"des" : "Deletes an existing TD",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Id of the TD", "typ": "id", "ren": "idTD" }
},
@ -403,7 +399,7 @@
"POST": {
"des" : "Creates a new TP for an UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"code": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)" },
"idProf": { "des": "Id of the professor", "typ": "id", "opt": true },
@ -417,7 +413,7 @@
"GET": {
"des" : "Get all TP data about a given UE",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)", "ren": "code" }
}
@ -425,7 +421,7 @@
"PUT": {
"des" : "Updates an existing TP",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Id of the TP", "typ": "id", "ren": "idTP" },
"idProf": { "des": "Id of the professor (-1 to unset)", "typ": "int", "opt": true },
@ -440,7 +436,7 @@
"DELETE": {
"des" : "Deletes an existing TP",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Id of the TP", "typ": "id", "ren": "idTP" }
},
@ -456,7 +452,7 @@
"formation": {
"GET":{
"des": "Get all data about a formation",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0":{"des" : "Id of the formation", "typ": "id", "ren": "form_id", "opt" : true }
}
@ -466,7 +462,7 @@
"category": {
"GET": {
"des" : "Get all data about a given category | all",
"per": [],
"per": [["cas_admin"]],
"par": {
"URL0": { "des": "Id of the category", "typ": "id", "ren": "cat_id", "opt": true }
}