From b5376442580cd1f323a4ad0b1acb42b3e1c01cde Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Sat, 3 Mar 2018 15:50:11 +0100
Subject: [PATCH] [module.cas] DELETE for logout | GET for callback now works
 with tested system for pop-up

---
 build/api/module/casController.php | 66 ++++++++++++++++++++++++++----
 config/modules.json                |  3 +-
 2 files changed, 61 insertions(+), 8 deletions(-)

diff --git a/build/api/module/casController.php b/build/api/module/casController.php
index da64137..7ce21fa 100644
--- a/build/api/module/casController.php
+++ b/build/api/module/casController.php
@@ -25,17 +25,48 @@ class casController{
 	public static function get($args){
 
 		// login:    https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas
-		// validate: https://sso.univ-pau.fr/cas/serviceValidate?ticket=***TICKET***&service=http://ptut.com:8080/api/v/1.0/cas
+
+
+		// Communicate over popups
+		// ----------------------------
+		// window.pop          = { closed: false };
+		//
+		// window.cas_callback = function(cas_login){
+		//
+		// 		setTimeout( function(){
+		//
+		// 			if( window.pop.closed )
+		// 				console.log('CAS login (null means error): '+cas_login);
+		//
+		// 		}, 1);
+		//
+		// };
+
+		// Launch PopUp
+		// window.pop = window.open('https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas', '_blank', 'location=no,height=1024,width=1024,scrollbars=yes,status=no');
+
+		/* (0) Global DOWNLOAD data
+		---------------------------------------------------------*/
+		$headers = ['Content-Type' => 'text/html; charset=UTF-8' ];
+		$body_start = "Veuillez patienter...<br>Vous allez être redirigés<script type='text/javascript'>window.opener.cas_callback(";
+		$body_end = ");window.close();</script>";
+
 
 		/* (1) Check if already connected
 		---------------------------------------------------------*/
 		/* (1) If already -> return @cas_login */
-		if( in_array('cas_user', $_SESSION['AUTH']) )
-			return ['cas_login' => $_SESSION['CAS']['login']];
+		if( in_array('cas_user', $_SESSION['AUTH']) ){
+
+			return [
+				'headers' => $headers,
+				'body'    => $body_start."'".$_SESSION['CAS']['login']."'".$body_end
+			];
+
+		}
 
 		/* (2) Fail if no ticket */
 		if( !isset($_GET['ticket']) || !is_string($_GET['ticket']) || strlen($_GET['ticket']) < 1 )
-			return ['error' => new Error(Err::PermissionError, 'missing ticket')];
+			return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
 
 
 
@@ -58,14 +89,14 @@ class casController{
 
 		/* (4) Fail if not validated */
 		if( strpos($output, 'user') === false )
-			return ['error' => new Error(Err::PermissionError, 'invalid ticket')];
+			return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
 
 		/* (5) Extract cas_login */
 		$cas_login = trim(strip_tags($output));
 
 		/* (6) Check empty */
 		if( strlen($cas_login) < 1 )
-			return ['error' => new Error(Err::PermissionError, 'cannot find cas login')];
+			return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
 
 
 		/* (3) Store data in session
@@ -76,8 +107,29 @@ class casController{
 		];
 
 
+		/* (2) Success CAS login */
+		return [
+			'headers' => $headers,
+			'body'    => $body_start."'".$_SESSION['CAS']['login']."'".$body_end
+		];
+
+	}
+
+
+
+
+
+	public function delete(){
+
+		/* (1) Remove CAS credentials */
+		$_SESSION['CAS'] = [];
+
+		/* (2) Re-process AuthSystemDefault */
+		new \api\core\AuthSystemDefault();
+
+		/* (3) Return if logged out */
+		return ['logged_out' => in_array('cas_user', $_SESSION['AUTH'])];
 
-		return ['cas_login' => $cas_login ];
 
 	}
 
diff --git a/config/modules.json b/config/modules.json
index 7af412f..ab7cdc5 100644
--- a/config/modules.json
+++ b/config/modules.json
@@ -12,7 +12,8 @@
 		"GET": {
 			"des": "Authenticatation callback (used by third-party OAuth)",
 			"per": [],
-			"par": {}
+			"par": {},
+			"opt": { "download": true }
 		},
 
 		"POST": {