[api.core.authsystemdefault] removed CAS management [module.cas] implemented good CAS management with database + error management (edge cases)
This commit is contained in:
parent
60ceb9d2a8
commit
bef4dad5f7
|
@ -29,47 +29,7 @@
|
||||||
if( !isset($_SESSION['VERSION']) || !is_string($_SESSION['VERSION']) ) $_SESSION['VERSION'] = null;
|
if( !isset($_SESSION['VERSION']) || !is_string($_SESSION['VERSION']) ) $_SESSION['VERSION'] = null;
|
||||||
|
|
||||||
|
|
||||||
/* (2) Check CAS
|
/* (2) Process AUTH
|
||||||
---------------------------------------------------------*/
|
|
||||||
if( (!isset($_SESSION["isLogged"]) || !$_SESSION["isLogged"]) && isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){
|
|
||||||
|
|
||||||
/* (1) If the user is not logged we try to retrive the list of the linked department*/
|
|
||||||
/** @var professor $prof_repo */
|
|
||||||
$prof_repo = Repo::getRepo('professor');
|
|
||||||
|
|
||||||
/* (2) Get professor with this login */
|
|
||||||
$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);
|
|
||||||
if(is_array($deps)){
|
|
||||||
$_SESSION["AvailableDepartment"] = $deps;
|
|
||||||
$_SESSION['CurrentDatabase'] = $deps[0]["dbName"];
|
|
||||||
$_SESSION['CurrentDepartementId'] = $deps[0]["idDep"];
|
|
||||||
|
|
||||||
Repo::switchDatabase($_SESSION['CurrentDatabase']);
|
|
||||||
|
|
||||||
$by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']);
|
|
||||||
|
|
||||||
/* (3) If found -> store useful information */
|
|
||||||
if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){
|
|
||||||
|
|
||||||
//security
|
|
||||||
session_regenerate_id();
|
|
||||||
|
|
||||||
$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];
|
|
||||||
$_SESSION['CAS']['id'] = (int) $by_login['idProfesseur'];
|
|
||||||
$_SESSION["isLogged"] = true;
|
|
||||||
|
|
||||||
/* (4) If no login found -> remove CAS auth */
|
|
||||||
}else
|
|
||||||
$_SESSION['CAS'] = [];
|
|
||||||
}else{
|
|
||||||
$_SESSION['CAS'] = [];
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* (3) Process AUTH
|
|
||||||
---------------------------------------------------------*/
|
---------------------------------------------------------*/
|
||||||
/* (1) cas_admin | cas_user */
|
/* (1) cas_admin | cas_user */
|
||||||
if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){
|
if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){
|
||||||
|
@ -87,7 +47,7 @@
|
||||||
$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']);
|
$_SESSION['AUTH'] = \array_diff($_SESSION['AUTH'], ['cas_admin']);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* (2) Other permissions */
|
/* (3) Other permissions */
|
||||||
// TODO
|
// TODO
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -45,12 +45,17 @@ class casController{
|
||||||
// Launch PopUp
|
// Launch PopUp
|
||||||
// window.pop = window.open('https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas', '_blank', 'location=no,height=1024,width=1024,scrollbars=yes,status=no');
|
// window.pop = window.open('https://sso.univ-pau.fr/cas/login?service=http://ptut.com:8080/api/v/1.0/cas', '_blank', 'location=no,height=1024,width=1024,scrollbars=yes,status=no');
|
||||||
|
|
||||||
/* (0) Global DOWNLOAD data
|
/* (0) Initialize
|
||||||
---------------------------------------------------------*/
|
---------------------------------------------------------*/
|
||||||
|
/* (1) Global DOWNLOAD data */
|
||||||
$headers = ['Content-Type' => 'text/html; charset=UTF-8' ];
|
$headers = ['Content-Type' => 'text/html; charset=UTF-8' ];
|
||||||
$body_start = "Veuillez patienter...<br>Vous allez être redirigés<script type='text/javascript'>( typeof window.opener.cas_callback === 'function' ) && window.opener.cas_callback(";
|
$body_start = "Veuillez patienter...<br>Vous allez être redirigés<script type='text/javascript'>( typeof window.opener.cas_callback === 'function' ) && window.opener.cas_callback(";
|
||||||
$body_end = ");window.close();</script>";
|
$body_end = ");window.close();</script>";
|
||||||
|
|
||||||
|
/* (2) Reset SESSION */
|
||||||
|
$_SESSION['CAS'] = [];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* (1) Check if already connected
|
/* (1) Check if already connected
|
||||||
---------------------------------------------------------*/
|
---------------------------------------------------------*/
|
||||||
|
@ -100,15 +105,56 @@ class casController{
|
||||||
return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
|
return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
|
||||||
|
|
||||||
|
|
||||||
/* (3) Store data in session
|
|
||||||
|
/* (3) Meta database: check if @cas_login referenced
|
||||||
---------------------------------------------------------*/
|
---------------------------------------------------------*/
|
||||||
|
/** @var professor $prof_repo */
|
||||||
|
$prof_repo = Repo::getRepo('professor');
|
||||||
|
|
||||||
|
/* (1) Get the list of linked departments for this @cas_login */
|
||||||
|
$departments = $prof_repo->getLinkedDepartments($cas_login);
|
||||||
|
|
||||||
|
/* (2) Failure: if no department for @cas_login */
|
||||||
|
if( count($departments) === 0 )
|
||||||
|
return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
|
||||||
|
|
||||||
|
/* (3) Set departments data */
|
||||||
|
$_SESSION['AvailableDepartment'] = $departments;
|
||||||
|
|
||||||
|
/* (4) Choose first department by default */
|
||||||
|
$_SESSION['CurrentDatabase'] = $departments[0]['dbName'];
|
||||||
|
$_SESSION['CurrentDepartmentId'] = $departments[0]['idDep'];
|
||||||
|
|
||||||
|
/* (5) Use this department's database */
|
||||||
|
Repo::switchDatabase($_SESSION['CurrentDatabase']);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* (4) Fetch @cas_login professor data
|
||||||
|
---------------------------------------------------------*/
|
||||||
|
/* (1) Try to fetch professor */
|
||||||
|
$by_login = $prof_repo->getByLogin($cas_login);
|
||||||
|
|
||||||
|
/* (2) If not found -> reset SESSION */
|
||||||
|
if( !is_array($by_login) || !isset($by_login['idProfesseur']) || !isset($by_login['admin']) )
|
||||||
|
return [ 'headers' => $headers, 'body' => $body_start.'null'.$body_end ];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* (5) Store data in session
|
||||||
|
---------------------------------------------------------*/
|
||||||
|
/* (1) Security */
|
||||||
|
\session_regenerate_id();
|
||||||
|
|
||||||
|
/* (2) Store CAS user data in SESSION */
|
||||||
$_SESSION['CAS'] = [
|
$_SESSION['CAS'] = [
|
||||||
'login' => $cas_login,
|
'login' => $cas_login,
|
||||||
'ticket' => $ticket
|
'ticket' => $ticket,
|
||||||
|
'id' => (int) $by_login['idProfesseur'],
|
||||||
|
'admin' => (bool) $by_login['admin']
|
||||||
];
|
];
|
||||||
|
|
||||||
|
/* (3) Success CAS login */
|
||||||
/* (2) Success CAS login */
|
|
||||||
return [
|
return [
|
||||||
'headers' => $headers,
|
'headers' => $headers,
|
||||||
'body' => $body_start."'".$_SESSION['CAS']['login']."'".$body_end
|
'body' => $body_start."'".$_SESSION['CAS']['login']."'".$body_end
|
||||||
|
|
Loading…
Reference in New Issue