1<?php
2
3/**
4 * DokuWiki Plugin authcas (Auth Component)
5 *
6 * Intercepts the 'login' action and redirects the user to the Cas server login page
7 * instead of showing the login form.
8 *
9 * @author  Mathieu Hetru <mathieu.hetru@univ-lille.fr>
10 * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
11 * @link https://github.com/l3-team/dokuwiki-extensions-authcas
12 */
13
14/**
15 * Inspired from
16 * http://www.esup-portail.org/display/PROJDOCUWIKICAS/CASification+de+Docuwiki;jsessionid=58187C0F5A8834D07E6D7F1EB30744C2
17 */
18/**
19 * Adapted by Benjamin BERNARD (Maison du libre Brest) <benvii at mdl29.net>, http://mdl29.net/
20 * Adapted by David Darras (Université Lille 1) <david.darras at univ-lille1.fr>
21 * Adapted by Mathieu Hétru (Université Lille) <mathieu.hetru at univ-lille.fr>
22 *
23 * In this implementation :
24 * - some bots/crawlers/readers can fetch dokuwiki pages without being redirected the CAS
25 *     Thanks for adding user-agents to the pattern and reporting it to me <benvii at mdl29.net> and/or to http://www.dokuwiki.org/auth:cas
26 * - debugging mode, simply put the log file location ($conf['plugin']['authcas']['logFile']) to enable logs, check acces rights
27 * - Trusted CAS hosts : to handle CAS logout request you need to precis a list of trusted cas hosts like this :
28 *     $conf['plugin']['authcas']['handlelogoutrequestTrustedHosts'] = Array("cas.mdl29.net", "cas2.mdl29.net");
29 */
30//require_once(DOKU_INC . 'lib/plugins/authldap/auth.php');
31//include_once(DOKU_INC . 'lib/plugins/authcas/CAS-1.3.4/CAS.php');
32//include_once(DOKU_INC . 'lib/plugins/authcas/CAS-1.3.8/CAS.php');
33include_once(DOKU_INC . 'lib/plugins/authcas/vendor/autoload.php');
34
35class auth_plugin_authcas extends DokuWiki_Auth_Plugin {
36
37    function __construct() {
38        parent::__construct();
39
40        $this->cando['external'] = (preg_match("#(bot)|(slurp)|(netvibes)#i", $_SERVER['HTTP_USER_AGENT'])) ? false : true; //Disable CAS redirection for bots/crawlers/readers
41        $this->cando['login'] = true;
42        $this->cando['logout'] = true;
43
44        $logfile = $this->getConf("logFile");
45        if (!empty($logfile)) {
46            // phpCAS::setDebug($this->getConf("logFile"));
47            \phpCAS::setLogger($this->getConf("logFile"));
48        } //If $conf['plugin']['authcas']['logFile'] exist we start phpCAS in debug mode
49        else \phpCAS::setLogger();
50
51        \phpCAS::setVerbose(false);
52
53        //Note the last argument true, to allow phpCAS to change the session_id so he will be able to destroy the session after a CAS logout request - Enable Single Sign Out
54        // curl extension is needed
55        \phpCAS::client(CAS_VERSION_2_0, $this->getConf('server'), (int) $this->getConf('port'), $this->getConf('rootcas'), $this->getConf('hostURL'), true);
56
57        if (!function_exists('curl_init')) {
58            if ($this->getConf('debug'))
59                msg("CAS err: CURL extension not found.", -1, __LINE__, __FILE__);
60            $this->success = false;
61            return;
62        }
63
64        // automatically log the user when there is a cas session opened
65        if ($this->getConf('autologin')) {
66            \phpCAS::setCacheTimesForAuthRecheck(1);
67        } else {
68            \phpCAS::setCacheTimesForAuthRecheck(-1);
69        }
70
71        if ($this->getConf('cert')) {
72            \phpCAS::setCasServerCert($this->getConf('cert'));
73        } elseif ($this->getConf('cacert')) {
74            \phpCAS::setCasServerCACert($this->getConf('cacert'));
75        } else {
76            \phpCAS::setNoCasServerValidation();
77        }
78
79        if ($this->getConf('handlelogoutrequest')) {
80            \phpCAS::handleLogoutRequests(true, $this->getConf('handlelogoutrequestTrustedHosts'));
81        } else {
82            \phpCAS::handleLogoutRequests(false);
83        }
84    }
85
86    public function autoLogin() {
87
88    }
89
90    public function trustExternal($user, $pass, $sticky = false) {
91        global $conf;
92        //modif
93        global $ACT;
94
95        $sticky ? $sticky = true : $sticky = false; //sanity check
96/*
97        if ($ACT == 'logout')
98                $this->logOff();
99        */
100
101        if ($this->getUserData($user)) {
102            return true;
103        }
104
105        if ($this->getConf('forceauthentication') == 'true') {
106           $this->logIn();
107        }
108
109        return false;
110    }
111
112
113    public function getUserData($user, $requireGroups = true) {
114        //global $USERINFO;
115        global $conf;
116
117        $session = $_SESSION[$conf['title']]['auth'];
118        if (\phpCAS::checkAuthentication()) {
119            $user = \phpCAS::getUser();
120
121            if (isset($session)) {
122                $_SERVER['REMOTE_USER'] = $user;
123                $userinfo = $session['info'];
124                $_SESSION[$conf['title']]['auth']['user'] = $user;
125                $_SESSION[$conf['title']]['auth']['pass'] = $session['pass'];
126                $_SESSION[$conf['title']]['auth']['info'] = $userinfo;
127                $_SESSION[$conf['title']]['auth']['buid'] = $session['buid'];
128            } else {
129                $_SERVER['REMOTE_USER'] = $user;
130                $_SESSION[$conf['title']]['auth']['user'] = $user;
131                $_SESSION[$conf['title']]['auth']['pass'] = $pass;
132                //$_SESSION[$conf['title']]['auth']['info'] = $USERINFO;
133                $_SESSION[$conf['title']]['auth']['buid'] = auth_browseruid();
134            }
135
136            $attributes = \phpCAS::getAttributes();
137            foreach($attributes as $key=>$val) {
138                $userinfo[$key] = \phpCAS::getAttribute($key);
139            }
140
141            return $userinfo;
142        }
143        return false;
144    }
145
146    public function logIn() {
147        global $QUERY;
148        //$login_url = DOKU_URL . 'doku.php?id=' . $QUERY;
149        $login_url = $this->getCurrentPageURL();
150        // \phpCAS::setFixedServiceURL($login_url);
151        \phpCAS::forceAuthentication();
152    }
153
154    public function logOff() {
155        global $QUERY;
156        if ($this->getConf('caslogout')) { // dokuwiki + cas logout
157            dbglog(session_id());
158
159            @session_start();
160            //session_destroy();
161            $logout_url = DOKU_URL;
162            //$logout_url = DOKU_URL . 'doku.php?id=' . $QUERY;
163            \phpCAS::logoutWithRedirectService($logout_url);
164        } else { // dokuwiki logout only
165            @session_start();
166            session_destroy();
167        }
168    }
169
170    public function getLoginURL() {
171        return \phpCAS::getServerLoginURL();
172    }
173
174    public function getCurrentPageURL() {
175        $pageURL = 'http';
176        if ($_SERVER["HTTP_HTTPS"] == "on") {
177            $pageURL .= "s";
178        }
179        $pageURL .= "://";
180        if ($_SERVER["SERVER_PORT"] != "80" && $_SERVER["SERVER_PORT"] != "443") {
181            $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
182        } else {
183            $pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
184        }
185        return $pageURL;
186    }
187
188}
189