From bef4dad5f7c78e0286c61471db5b991553e70fe6 Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Mon, 19 Mar 2018 19:06:00 +0100
Subject: [PATCH] [api.core.authsystemdefault] removed CAS management
 [module.cas] implemented good CAS management with database + error management
 (edge cases)

---
 build/api/core/AuthSystemDefault.php | 44 +---------------------
 build/api/module/casController.php   | 56 +++++++++++++++++++++++++---
 2 files changed, 53 insertions(+), 47 deletions(-)

diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php
index a7d563b..9c24b07 100644
--- a/build/api/core/AuthSystemDefault.php
+++ b/build/api/core/AuthSystemDefault.php
@@ -29,47 +29,7 @@
 			if( !isset($_SESSION['VERSION'])             || !is_string($_SESSION['VERSION'])            ) $_SESSION['VERSION']             = null;
 
 
-			/* (2) Check CAS
-			---------------------------------------------------------*/
-			if( (!isset($_SESSION["isLogged"]) || !$_SESSION["isLogged"]) && isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){
-
-				/* (1) If the user is not logged we try to retrive the list of the linked department*/
-				/** @var professor $prof_repo */
-				$prof_repo = Repo::getRepo('professor');
-
-				/* (2) Get professor with this login */
-				$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);
-				if(is_array($deps)){
-					$_SESSION["AvailableDepartment"]  = $deps;
-					$_SESSION['CurrentDatabase']      = $deps[0]["dbName"];
-					$_SESSION['CurrentDepartementId'] = $deps[0]["idDep"];
-
-					Repo::switchDatabase($_SESSION['CurrentDatabase']);
-
-					$by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']);
-
-					/* (3) If found -> store useful information */
-					if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){
-
-						//security
-						session_regenerate_id();
-
-						$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];
-						$_SESSION['CAS']['id']    = (int)  $by_login['idProfesseur'];
-						$_SESSION["isLogged"] 	  = true;
-
-						/* (4) If no login found -> remove CAS auth */
-					}else
-						$_SESSION['CAS'] = [];
-				}else{
-					$_SESSION['CAS'] = [];
-				}
-
-
-			}
-
-
-			/* (3) Process AUTH
+			/* (2) Process AUTH
 			---------------------------------------------------------*/
 			/* (1) cas_admin | cas_user */
 			if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){
@@ -87,7 +47,7 @@
 				$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']);
 			}
 
-			/* (2) Other permissions */
+			/* (3) Other permissions */
 			// TODO
 		}
 
diff --git a/build/api/module/casController.php b/build/api/module/casController.php
index 2667d27..b18223a 100644
--- a/build/api/module/casController.php
+++ b/build/api/module/casController.php
@@ -45,12 +45,17 @@ class casController{
 		// Launch PopUp
 		// window.pop = window.open('https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas', '_blank', 'location=no,height=1024,width=1024,scrollbars=yes,status=no');
 
-		/* (0) Global DOWNLOAD data
+		/* (0) Initialize
 		---------------------------------------------------------*/
+		/* (1) Global DOWNLOAD data */
 		$headers = ['Content-Type' => 'text/html; charset=UTF-8' ];
 		$body_start = "Veuillez patienter...<br>Vous allez être redirigés<script type='text/javascript'>( typeof window.opener.cas_callback === 'function' ) && window.opener.cas_callback(";
 		$body_end = ");window.close();</script>";
 
+		/* (2) Reset SESSION */
+		$_SESSION['CAS'] = [];
+
+
 
 		/* (1) Check if already connected
 		---------------------------------------------------------*/
@@ -100,15 +105,56 @@ class casController{
 			return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
 
 
-		/* (3) Store data in session
+
+		/* (3) Meta database: check if @cas_login referenced
 		---------------------------------------------------------*/
+		/** @var professor $prof_repo */
+		$prof_repo = Repo::getRepo('professor');
+
+		/* (1) Get the list of linked departments for this @cas_login */
+		$departments = $prof_repo->getLinkedDepartments($cas_login);
+
+		/* (2) Failure: if no department for @cas_login */
+		if( count($departments) === 0 )
+			return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
+
+		/* (3) Set departments data */
+		$_SESSION['AvailableDepartment'] = $departments;
+
+		/* (4) Choose first department by default */
+		$_SESSION['CurrentDatabase']     = $departments[0]['dbName'];
+		$_SESSION['CurrentDepartmentId'] = $departments[0]['idDep'];
+
+		/* (5) Use this department's database */
+		Repo::switchDatabase($_SESSION['CurrentDatabase']);
+
+
+
+		/* (4) Fetch @cas_login professor data
+		---------------------------------------------------------*/
+		/* (1) Try to fetch professor */
+		$by_login = $prof_repo->getByLogin($cas_login);
+
+		/* (2) If not found -> reset SESSION */
+		if( !is_array($by_login) || !isset($by_login['idProfesseur']) || !isset($by_login['admin']) )
+			return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
+
+
+
+		/* (5) Store data in session
+		---------------------------------------------------------*/
+		/* (1) Security */
+		\session_regenerate_id();
+
+		/* (2) Store CAS user data in SESSION */
 		$_SESSION['CAS'] = [
 			'login'  => $cas_login,
-			'ticket' => $ticket
+			'ticket' => $ticket,
+			'id'     => (int) $by_login['idProfesseur'],
+			'admin'  => (bool) $by_login['admin']
 		];
 
-
-		/* (2) Success CAS login */
+		/* (3) Success CAS login */
 		return [
 			'headers' => $headers,
 			'body'    => $body_start."'".$_SESSION['CAS']['login']."'".$body_end