From bef4dad5f7c78e0286c61471db5b991553e70fe6 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Mon, 19 Mar 2018 19:06:00 +0100 Subject: [PATCH] [api.core.authsystemdefault] removed CAS management [module.cas] implemented good CAS management with database + error management (edge cases) --- build/api/core/AuthSystemDefault.php | 44 +--------------------- build/api/module/casController.php | 56 +++++++++++++++++++++++++--- 2 files changed, 53 insertions(+), 47 deletions(-) diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php index a7d563b..9c24b07 100644 --- a/build/api/core/AuthSystemDefault.php +++ b/build/api/core/AuthSystemDefault.php @@ -29,47 +29,7 @@ if( !isset($_SESSION['VERSION']) || !is_string($_SESSION['VERSION']) ) $_SESSION['VERSION'] = null; - /* (2) Check CAS - ---------------------------------------------------------*/ - if( (!isset($_SESSION["isLogged"]) || !$_SESSION["isLogged"]) && isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){ - - /* (1) If the user is not logged we try to retrive the list of the linked department*/ - /** @var professor $prof_repo */ - $prof_repo = Repo::getRepo('professor'); - - /* (2) Get professor with this login */ - $deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']); - if(is_array($deps)){ - $_SESSION["AvailableDepartment"] = $deps; - $_SESSION['CurrentDatabase'] = $deps[0]["dbName"]; - $_SESSION['CurrentDepartementId'] = $deps[0]["idDep"]; - - Repo::switchDatabase($_SESSION['CurrentDatabase']); - - $by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']); - - /* (3) If found -> store useful information */ - if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){ - - //security - session_regenerate_id(); - - $_SESSION['CAS']['admin'] = (bool) $by_login['admin']; - $_SESSION['CAS']['id'] = (int) $by_login['idProfesseur']; - $_SESSION["isLogged"] = true; - - /* (4) If no login found -> remove CAS auth */ - }else - $_SESSION['CAS'] = []; - }else{ - $_SESSION['CAS'] = []; - } - - - } - - - /* (3) Process AUTH + /* (2) Process AUTH ---------------------------------------------------------*/ /* (1) cas_admin | cas_user */ if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){ @@ -87,7 +47,7 @@ $_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']); } - /* (2) Other permissions */ + /* (3) Other permissions */ // TODO } diff --git a/build/api/module/casController.php b/build/api/module/casController.php index 2667d27..b18223a 100644 --- a/build/api/module/casController.php +++ b/build/api/module/casController.php @@ -45,12 +45,17 @@ class casController{ // Launch PopUp // window.pop = window.open('https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas', '_blank', 'location=no,height=1024,width=1024,scrollbars=yes,status=no'); - /* (0) Global DOWNLOAD data + /* (0) Initialize ---------------------------------------------------------*/ + /* (1) Global DOWNLOAD data */ $headers = ['Content-Type' => 'text/html; charset=UTF-8' ]; $body_start = "Veuillez patienter...
Vous allez ĂȘtre redirigĂ©s"; + /* (2) Reset SESSION */ + $_SESSION['CAS'] = []; + + /* (1) Check if already connected ---------------------------------------------------------*/ @@ -100,15 +105,56 @@ class casController{ return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ]; - /* (3) Store data in session + + /* (3) Meta database: check if @cas_login referenced ---------------------------------------------------------*/ + /** @var professor $prof_repo */ + $prof_repo = Repo::getRepo('professor'); + + /* (1) Get the list of linked departments for this @cas_login */ + $departments = $prof_repo->getLinkedDepartments($cas_login); + + /* (2) Failure: if no department for @cas_login */ + if( count($departments) === 0 ) + return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ]; + + /* (3) Set departments data */ + $_SESSION['AvailableDepartment'] = $departments; + + /* (4) Choose first department by default */ + $_SESSION['CurrentDatabase'] = $departments[0]['dbName']; + $_SESSION['CurrentDepartmentId'] = $departments[0]['idDep']; + + /* (5) Use this department's database */ + Repo::switchDatabase($_SESSION['CurrentDatabase']); + + + + /* (4) Fetch @cas_login professor data + ---------------------------------------------------------*/ + /* (1) Try to fetch professor */ + $by_login = $prof_repo->getByLogin($cas_login); + + /* (2) If not found -> reset SESSION */ + if( !is_array($by_login) || !isset($by_login['idProfesseur']) || !isset($by_login['admin']) ) + return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ]; + + + + /* (5) Store data in session + ---------------------------------------------------------*/ + /* (1) Security */ + \session_regenerate_id(); + + /* (2) Store CAS user data in SESSION */ $_SESSION['CAS'] = [ 'login' => $cas_login, - 'ticket' => $ticket + 'ticket' => $ticket, + 'id' => (int) $by_login['idProfesseur'], + 'admin' => (bool) $by_login['admin'] ]; - - /* (2) Success CAS login */ + /* (3) Success CAS login */ return [ 'headers' => $headers, 'body' => $body_start."'".$_SESSION['CAS']['login']."'".$body_end