* @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html * @link https://github.com/l3-team/dokuwiki-extensions-authcas */ /** * Inspired from * http://www.esup-portail.org/display/PROJDOCUWIKICAS/CASification+de+Docuwiki;jsessionid=58187C0F5A8834D07E6D7F1EB30744C2 */ /** * Adapted by Benjamin BERNARD (Maison du libre Brest) , http://mdl29.net/ * Adapted by David Darras (Université Lille 1) * Adapted by Mathieu Hétru (Université Lille) * * In this implementation : * - some bots/crawlers/readers can fetch dokuwiki pages without being redirected the CAS * Thanks for adding user-agents to the pattern and reporting it to me and/or to http://www.dokuwiki.org/auth:cas * - debugging mode, simply put the log file location ($conf['plugin']['authcas']['logFile']) to enable logs, check acces rights * - Trusted CAS hosts : to handle CAS logout request you need to precis a list of trusted cas hosts like this : * $conf['plugin']['authcas']['handlelogoutrequestTrustedHosts'] = Array("cas.mdl29.net", "cas2.mdl29.net"); */ //require_once(DOKU_INC . 'lib/plugins/authldap/auth.php'); //include_once(DOKU_INC . 'lib/plugins/authcas/CAS-1.3.4/CAS.php'); //include_once(DOKU_INC . 'lib/plugins/authcas/CAS-1.3.8/CAS.php'); include_once(DOKU_INC . 'lib/plugins/authcas/vendor/autoload.php'); class auth_plugin_authcas extends DokuWiki_Auth_Plugin { function __construct() { parent::__construct(); $this->cando['external'] = (preg_match("#(bot)|(slurp)|(netvibes)#i", $_SERVER['HTTP_USER_AGENT'])) ? false : true; //Disable CAS redirection for bots/crawlers/readers $this->cando['login'] = true; $this->cando['logout'] = true; $logfile = $this->getConf("logFile"); if (!empty($logfile)) { // phpCAS::setDebug($this->getConf("logFile")); \phpCAS::setLogger($this->getConf("logFile")); } //If $conf['plugin']['authcas']['logFile'] exist we start phpCAS in debug mode else \phpCAS::setLogger(); \phpCAS::setVerbose(false); //Note the last argument true, to allow phpCAS to change the session_id so he will be able to destroy the session after a CAS logout request - Enable Single Sign Out // curl extension is needed \phpCAS::client(CAS_VERSION_2_0, $this->getConf('server'), (int) $this->getConf('port'), $this->getConf('rootcas'), $this->getConf('hostURL'), true); if (!function_exists('curl_init')) { if ($this->getConf('debug')) msg("CAS err: CURL extension not found.", -1, __LINE__, __FILE__); $this->success = false; return; } // automatically log the user when there is a cas session opened if ($this->getConf('autologin')) { \phpCAS::setCacheTimesForAuthRecheck(1); } else { \phpCAS::setCacheTimesForAuthRecheck(-1); } if ($this->getConf('cert')) { \phpCAS::setCasServerCert($this->getConf('cert')); } elseif ($this->getConf('cacert')) { \phpCAS::setCasServerCACert($this->getConf('cacert')); } else { \phpCAS::setNoCasServerValidation(); } if ($this->getConf('handlelogoutrequest')) { \phpCAS::handleLogoutRequests(true, $this->getConf('handlelogoutrequestTrustedHosts')); } else { \phpCAS::handleLogoutRequests(false); } } public function autoLogin() { } public function trustExternal($user, $pass, $sticky = false) { global $conf; //modif global $ACT; $sticky ? $sticky = true : $sticky = false; //sanity check /* if ($ACT == 'logout') $this->logOff(); */ if ($this->getUserData($user)) { return true; } if ($this->getConf('forceauthentication') == 'true') { $this->logIn(); } return false; } public function getUserData($user, $requireGroups = true) { //global $USERINFO; global $conf; $session = $_SESSION[$conf['title']]['auth']; if (\phpCAS::checkAuthentication()) { $user = \phpCAS::getUser(); if (isset($session)) { $_SERVER['REMOTE_USER'] = $user; $userinfo = $session['info']; $_SESSION[$conf['title']]['auth']['user'] = $user; $_SESSION[$conf['title']]['auth']['pass'] = $session['pass']; $_SESSION[$conf['title']]['auth']['info'] = $userinfo; $_SESSION[$conf['title']]['auth']['buid'] = $session['buid']; } else { $_SERVER['REMOTE_USER'] = $user; $_SESSION[$conf['title']]['auth']['user'] = $user; $_SESSION[$conf['title']]['auth']['pass'] = $pass; //$_SESSION[$conf['title']]['auth']['info'] = $USERINFO; $_SESSION[$conf['title']]['auth']['buid'] = auth_browseruid(); } $attributes = \phpCAS::getAttributes(); foreach($attributes as $key=>$val) { $userinfo[$key] = \phpCAS::getAttribute($key); } return $userinfo; } return false; } public function logIn() { global $QUERY; //$login_url = DOKU_URL . 'doku.php?id=' . $QUERY; $login_url = $this->getCurrentPageURL(); // \phpCAS::setFixedServiceURL($login_url); \phpCAS::forceAuthentication(); } public function logOff() { global $QUERY; if ($this->getConf('caslogout')) { // dokuwiki + cas logout dbglog(session_id()); @session_start(); //session_destroy(); $logout_url = DOKU_URL; //$logout_url = DOKU_URL . 'doku.php?id=' . $QUERY; \phpCAS::logoutWithRedirectService($logout_url); } else { // dokuwiki logout only @session_start(); session_destroy(); } } public function getLoginURL() { return \phpCAS::getServerLoginURL(); } public function getCurrentPageURL() { $pageURL = 'http'; if ($_SERVER["HTTP_HTTPS"] == "on") { $pageURL .= "s"; } $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80" && $_SERVER["SERVER_PORT"] != "443") { $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]; } return $pageURL; } }