From 100b09c695bcad3fd3e67a73acda5dade96ee9f5 Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Tue, 20 Mar 2018 23:35:16 +0100
Subject: [PATCH] [config.modules] added 'cas' permissions [module.cas] added
 PUT to really logout (from CAS server) but do not work (except from
 document.location)

---
 build/api/module/casController.php | 57 +++++++++++++++++++++++++---
 config/modules.json                | 60 ++++++++++++++----------------
 2 files changed, 79 insertions(+), 38 deletions(-)

diff --git a/build/api/module/casController.php b/build/api/module/casController.php
index 5ceb96b..9f999bd 100644
--- a/build/api/module/casController.php
+++ b/build/api/module/casController.php
@@ -20,7 +20,11 @@ class casController{
 
 	/* (1) Authentication callback
 	*
-	* @return professors<array>			The professor(s) data
+	* GET arguments
+	*
+	* @ticket<String>					CAS callback @ticket
+	*
+	* @return headers|body<array>		The download content
 	*
 	---------------------------------------------------------*/
 	public static function get($args){
@@ -85,14 +89,14 @@ class casController{
 		$validate_url = "https://sso.univ-pau.fr/cas/serviceValidate?ticket=$ticket&service=$service";
 
 		/* (2) Configure & Prepare CURL */
-		$ch = curl_init();
+		$ch = \curl_init();
 
-		curl_setopt($ch, CURLOPT_URL, $validate_url);
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		\curl_setopt($ch, CURLOPT_URL, $validate_url);
+		\curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 
 		/* (3) Execute CURL & Close it */
-		$output    = curl_exec($ch);
-		curl_close($ch);
+		$output    = \curl_exec($ch);
+		\curl_close($ch);
 
 		/* (4) Fail if not validated */
 		if( strpos($output, 'user') === false )
@@ -167,8 +171,49 @@ class casController{
 
 
 
+	/* (2) Logout from CAS server
+	*
+	* @return logged_out<bool>			Whether you have been logged out
+	*
+	---------------------------------------------------------*/
+	public function put(){
+
+		/* (1) Call logout script
+		---------------------------------------------------------*/
+		/* (1) Build useful variables */
+		$service      = ($_SERVER['SERVER_NAME'] == 'ptut.com' ) ? 'http' : 'https';
+		$service     .= '://'.$_SERVER['HTTP_HOST'].'/api/v/1.0/cas';
+		$logout_url = "https://sso.univ-pau.fr/cas/logout?service=$service";
+
+		/* (2) Configure & Prepare CURL */
+		$ch = \curl_init();
+
+		\curl_setopt($ch, CURLOPT_URL, $logout_url);
+		\curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+		/* (3) Execute CURL & Close it */
+		$output = \curl_exec($ch);
+		\curl_close($ch);
+
+		/* (4) Error if no output */
+		if( strlen($output) < 1 )
+			return ['logged_out' => false, 'redirect_url' => $logout_url];
+
+		/* (4) Destroy session */
+		\session_destroy();
+
+		/* (5) Return if logged out */
+		return ['logged_out' => true, 'redirect_url' => $logout_url];
+
+	}
 
 
+
+	/* (3) Logout (not from CAS server)
+	*
+	* @return logged_out<bool>			Whether you have been logged out
+	*
+	---------------------------------------------------------*/
 	public function delete(){
 
 		\session_destroy();
diff --git a/config/modules.json b/config/modules.json
index c559e16..af5b438 100644
--- a/config/modules.json
+++ b/config/modules.json
@@ -26,25 +26,21 @@
 		"GET": {
 			"des": "Authenticatation callback (used by third-party OAuth)",
 			"per": [],
-			"par": {},
+			"par": {
+				"URL0": { "des": "Whether to manage a popup", "typ": "boolean", "opt": true, "ren": "popup_mode", "def": false }
+			},
 			"opt": { "download": true }
 		},
 
-		"POST": {
-			"des": "Login if not already authenticated",
-			"per": [],
-			"par": {}
-		},
-
 		"PUT": {
-			"des": "Check if authenticated",
-			"per": [],
+			"des": "Real logout to change login",
+			"per": [["cas_user"]],
 			"par": {}
 		},
 
 		"DELETE": {
 			"des": "Logout",
-			"per": [],
+			"per": [["cas_user"]],
 			"par": {}
 		}
 
@@ -67,7 +63,7 @@
 	"excel":{
 		"POST": {
 			"des": "Import data from an Excel file",
-			"per": [],
+			"per": [["cas_admin"]],
 			"par": {
 			}
 		}
@@ -88,7 +84,7 @@
 
 		"PUT":{
 			"des": "Switch the user on another department database",
-			"per": [],
+			"per": [["cas_user"]],
 			"par": {
 				"URL0": {"des": "Department id", "typ": "id", "ren": "department" }
 			},
@@ -100,7 +96,7 @@
 		"errors":{
 			"GET": {
 				"des": "Get the list of incoherence of the department",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 				}
 			}
@@ -108,7 +104,7 @@
 		"stats":{
 			"GET": {
 				"des": "Get the statistics about the department",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 				}
 			}
@@ -237,7 +233,7 @@
 
 		"POST": {
 			"des": "Creates a new UE",
-			"per": [],
+			"per": [["cas_admin"]],
 			"par": {
 				"code":             { "des": "UE code.",                                        "typ": "varchar(4,20,alphanumeric)"  },
 				"label":            { "des": "UE label",                                        "typ": "varchar(4,30,alphanumeric)"  },
@@ -255,7 +251,7 @@
 
 		"GET": {
 			"des": "Get one or all UE",
-			"per": [],
+			"per": [["cas_admin"]],
 			"par": {
 				"URL0": { "des": "Optional UE code.", "typ": "varchar(4,20,alphanumeric)", "ren": "code", "opt": true }
 			},
@@ -267,7 +263,7 @@
 
 		"DELETE": {
 			"des": "Deletes an existing UE",
-			"per": [],
+			"per": [["cas_admin"]],
 			"par": {
 				"URL0": { "des": "UE code.", "typ": "varchar(4,20,alphanumeric)", "ren": "code" }
 			},
@@ -278,7 +274,7 @@
 
 		"PUT": {
 			"des": "Edits an existing UE",
-			"per": [],
+			"per": [["cas_admin"]],
 			"par": {
 				"URL0":             { "des": "UE code.",                                         "typ": "varchar(4,20,alphanumeric)", "ren": "code" },
 				"new_code":         { "des": "UE new code",                                      "typ": "varchar(4,20,alphanumeric)", "opt": true   },
@@ -299,7 +295,7 @@
 
 			"POST": {
 				"des" : "Creates a new Cours for an UE",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"code":       { "des": "Code of the UE",            "typ": "varchar(4,20,alphanumeric)"        },
 					"idProf":     { "des": "Id of the professor",       "typ": "id",        "opt": true            },
@@ -313,7 +309,7 @@
 
 			"GET": {
 				"des" : "Get all cours data about a given UE",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)", "ren": "code" }
 				}
@@ -321,7 +317,7 @@
 
 			"PUT": {
 				"des" : "Updates an existing Cours",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0":     { "des": "Id of the Cours",                   "typ": "id",        "ren": "idCours"       },
 					"idProf":   { "des": "Id of the professor (-1 to unset)", "typ": "int",       "opt": true            },
@@ -336,7 +332,7 @@
 
 			"DELETE": {
 				"des" : "Deletes an existing Cours",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0": { "des": "Id of the Cours", "typ": "id", "ren": "idCours" }
 				},
@@ -351,7 +347,7 @@
 
 			"POST": {
 				"des" : "Creates a new TD for an UE",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"code":       { "des": "Code of the UE",            "typ": "varchar(4,20,alphanumeric)"        },
 					"idProf":     { "des": "Id of the professor",       "typ": "id",        "opt": true            },
@@ -365,7 +361,7 @@
 
 			"GET": {
 				"des" : "Get all TD data about a given UE",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)", "ren": "code" }
 				}
@@ -373,7 +369,7 @@
 
 			"PUT": {
 				"des" : "Updates an existing TD",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0":     { "des": "Id of the TD",                      "typ": "id",        "ren": "idTD"          },
 					"idProf":   { "des": "Id of the professor (-1 to unset)", "typ": "int",       "opt": true            },
@@ -388,7 +384,7 @@
 
 			"DELETE": {
 				"des" : "Deletes an existing TD",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0": { "des": "Id of the TD", "typ": "id", "ren": "idTD" }
 				},
@@ -403,7 +399,7 @@
 
 			"POST": {
 				"des" : "Creates a new TP for an UE",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"code":       { "des": "Code of the UE",            "typ": "varchar(4,20,alphanumeric)"        },
 					"idProf":     { "des": "Id of the professor",       "typ": "id",        "opt": true            },
@@ -417,7 +413,7 @@
 
 			"GET": {
 				"des" : "Get all TP data about a given UE",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0": { "des": "Code of the UE", "typ": "varchar(4,20,alphanumeric)", "ren": "code" }
 				}
@@ -425,7 +421,7 @@
 
 			"PUT": {
 				"des" : "Updates an existing TP",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0":     { "des": "Id of the TP",                      "typ": "id",        "ren": "idTP"          },
 					"idProf":   { "des": "Id of the professor (-1 to unset)", "typ": "int",       "opt": true            },
@@ -440,7 +436,7 @@
 
 			"DELETE": {
 				"des" : "Deletes an existing TP",
-				"per": [],
+				"per": [["cas_admin"]],
 				"par": {
 					"URL0": { "des": "Id of the TP", "typ": "id", "ren": "idTP" }
 				},
@@ -456,7 +452,7 @@
 	"formation": {
 		"GET":{
 			"des": "Get all data about a formation",
-			"per": [],
+			"per": [["cas_admin"]],
 			"par": {
 				"URL0":{"des" : "Id of the formation", "typ": "id", "ren": "form_id", "opt" : true }
 			}
@@ -466,7 +462,7 @@
 	"category": {
 		"GET": {
 			"des" : "Get all data about a given category | all",
-			"per": [],
+			"per": [["cas_admin"]],
 			"par": {
 				"URL0": { "des": "Id of the category", "typ": "id", "ren": "cat_id", "opt": true }
 			}