[api.core.authsystemdefault] removed CAS management [module.cas] implemented good CAS management with database + error management (edge cases)

This commit is contained in:
xdrm-brackets 2018-03-19 19:06:00 +01:00
parent 60ceb9d2a8
commit bef4dad5f7
2 changed files with 53 additions and 47 deletions

View File

@ -29,47 +29,7 @@
if( !isset($_SESSION['VERSION']) || !is_string($_SESSION['VERSION']) ) $_SESSION['VERSION'] = null; if( !isset($_SESSION['VERSION']) || !is_string($_SESSION['VERSION']) ) $_SESSION['VERSION'] = null;
/* (2) Check CAS /* (2) Process AUTH
---------------------------------------------------------*/
if( (!isset($_SESSION["isLogged"]) || !$_SESSION["isLogged"]) && isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){
/* (1) If the user is not logged we try to retrive the list of the linked department*/
/** @var professor $prof_repo */
$prof_repo = Repo::getRepo('professor');
/* (2) Get professor with this login */
$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);
if(is_array($deps)){
$_SESSION["AvailableDepartment"] = $deps;
$_SESSION['CurrentDatabase'] = $deps[0]["dbName"];
$_SESSION['CurrentDepartementId'] = $deps[0]["idDep"];
Repo::switchDatabase($_SESSION['CurrentDatabase']);
$by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']);
/* (3) If found -> store useful information */
if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){
//security
session_regenerate_id();
$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];
$_SESSION['CAS']['id'] = (int) $by_login['idProfesseur'];
$_SESSION["isLogged"] = true;
/* (4) If no login found -> remove CAS auth */
}else
$_SESSION['CAS'] = [];
}else{
$_SESSION['CAS'] = [];
}
}
/* (3) Process AUTH
---------------------------------------------------------*/ ---------------------------------------------------------*/
/* (1) cas_admin | cas_user */ /* (1) cas_admin | cas_user */
if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){ if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){
@ -87,7 +47,7 @@
$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']); $_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']);
} }
/* (2) Other permissions */ /* (3) Other permissions */
// TODO // TODO
} }

View File

@ -45,12 +45,17 @@ class casController{
// Launch PopUp // Launch PopUp
// window.pop = window.open('https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas', '_blank', 'location=no,height=1024,width=1024,scrollbars=yes,status=no'); // window.pop = window.open('https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas', '_blank', 'location=no,height=1024,width=1024,scrollbars=yes,status=no');
/* (0) Global DOWNLOAD data /* (0) Initialize
---------------------------------------------------------*/ ---------------------------------------------------------*/
/* (1) Global DOWNLOAD data */
$headers = ['Content-Type' => 'text/html; charset=UTF-8' ]; $headers = ['Content-Type' => 'text/html; charset=UTF-8' ];
$body_start = "Veuillez patienter...<br>Vous allez être redirigés<script type='text/javascript'>( typeof window.opener.cas_callback === 'function' ) && window.opener.cas_callback("; $body_start = "Veuillez patienter...<br>Vous allez être redirigés<script type='text/javascript'>( typeof window.opener.cas_callback === 'function' ) && window.opener.cas_callback(";
$body_end = ");window.close();</script>"; $body_end = ");window.close();</script>";
/* (2) Reset SESSION */
$_SESSION['CAS'] = [];
/* (1) Check if already connected /* (1) Check if already connected
---------------------------------------------------------*/ ---------------------------------------------------------*/
@ -100,15 +105,56 @@ class casController{
return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ]; return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
/* (3) Store data in session
/* (3) Meta database: check if @cas_login referenced
---------------------------------------------------------*/ ---------------------------------------------------------*/
/** @var professor $prof_repo */
$prof_repo = Repo::getRepo('professor');
/* (1) Get the list of linked departments for this @cas_login */
$departments = $prof_repo->getLinkedDepartments($cas_login);
/* (2) Failure: if no department for @cas_login */
if( count($departments) === 0 )
return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
/* (3) Set departments data */
$_SESSION['AvailableDepartment'] = $departments;
/* (4) Choose first department by default */
$_SESSION['CurrentDatabase'] = $departments[0]['dbName'];
$_SESSION['CurrentDepartmentId'] = $departments[0]['idDep'];
/* (5) Use this department's database */
Repo::switchDatabase($_SESSION['CurrentDatabase']);
/* (4) Fetch @cas_login professor data
---------------------------------------------------------*/
/* (1) Try to fetch professor */
$by_login = $prof_repo->getByLogin($cas_login);
/* (2) If not found -> reset SESSION */
if( !is_array($by_login) || !isset($by_login['idProfesseur']) || !isset($by_login['admin']) )
return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
/* (5) Store data in session
---------------------------------------------------------*/
/* (1) Security */
\session_regenerate_id();
/* (2) Store CAS user data in SESSION */
$_SESSION['CAS'] = [ $_SESSION['CAS'] = [
'login' => $cas_login, 'login' => $cas_login,
'ticket' => $ticket 'ticket' => $ticket,
'id' => (int) $by_login['idProfesseur'],
'admin' => (bool) $by_login['admin']
]; ];
/* (3) Success CAS login */
/* (2) Success CAS login */
return [ return [
'headers' => $headers, 'headers' => $headers,
'body' => $body_start."'".$_SESSION['CAS']['login']."'".$body_end 'body' => $body_start."'".$_SESSION['CAS']['login']."'".$body_end