| public isAuthenticated ( boolean $renew = false ) : true | ||
| $renew | boolean | true to force the authentication with the CAS server |
| return | true | when the user is authenticated. Also may redirect to the same URL without the ticket. |
public function isAuthenticated($renew = false)
{
phpCAS::traceBegin();
$res = false;
$validate_url = '';
if ($this->_wasPreviouslyAuthenticated()) {
if ($this->hasTicket()) {
// User has a additional ticket but was already authenticated
phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()');
if ($this->_clearTicketsFromUrl) {
phpCAS::trace("Prepare redirect to : " . $this->getURL());
session_write_close();
header('Location: ' . $this->getURL());
flush();
phpCAS::traceExit();
throw new CAS_GracefullTerminationException();
} else {
phpCAS::trace('Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.');
$res = true;
}
} else {
// the user has already (previously during the session) been
// authenticated, nothing to be done.
phpCAS::trace('user was already authenticated, no need to look for tickets');
$res = true;
}
// Mark the auth-check as complete to allow post-authentication
// callbacks to make use of phpCAS::getUser() and similar methods
$this->markAuthenticationCall($res);
} else {
if ($this->hasTicket()) {
switch ($this->getServerVersion()) {
case CAS_VERSION_1_0:
// if a Service Ticket was given, validate it
phpCAS::trace('CAS 1.0 ticket `' . $this->getTicket() . '\' is present');
$this->validateCAS10($validate_url, $text_response, $tree_response, $renew);
// if it fails, it halts
phpCAS::trace('CAS 1.0 ticket `' . $this->getTicket() . '\' was validated');
$_SESSION['phpCAS']['user'] = $this->_getUser();
$res = true;
$logoutTicket = $this->getTicket();
break;
case CAS_VERSION_2_0:
case CAS_VERSION_3_0:
// if a Proxy Ticket was given, validate it
phpCAS::trace('CAS ' . $this->getServerVersion() . ' ticket `' . $this->getTicket() . '\' is present');
$this->validateCAS20($validate_url, $text_response, $tree_response, $renew);
// note: if it fails, it halts
phpCAS::trace('CAS ' . $this->getServerVersion() . ' ticket `' . $this->getTicket() . '\' was validated');
if ($this->isProxy()) {
$this->_validatePGT($validate_url, $text_response, $tree_response);
// idem
phpCAS::trace('PGT `' . $this->_getPGT() . '\' was validated');
$_SESSION['phpCAS']['pgt'] = $this->_getPGT();
}
$_SESSION['phpCAS']['user'] = $this->_getUser();
if (!empty($this->_attributes)) {
$_SESSION['phpCAS']['attributes'] = $this->_attributes;
}
$proxies = $this->getProxies();
if (!empty($proxies)) {
$_SESSION['phpCAS']['proxies'] = $this->getProxies();
}
$res = true;
$logoutTicket = $this->getTicket();
break;
case SAML_VERSION_1_1:
// if we have a SAML ticket, validate it.
phpCAS::trace('SAML 1.1 ticket `' . $this->getTicket() . '\' is present');
$this->validateSA($validate_url, $text_response, $tree_response, $renew);
// if it fails, it halts
phpCAS::trace('SAML 1.1 ticket `' . $this->getTicket() . '\' was validated');
$_SESSION['phpCAS']['user'] = $this->_getUser();
$_SESSION['phpCAS']['attributes'] = $this->_attributes;
$res = true;
$logoutTicket = $this->getTicket();
break;
default:
phpCAS::trace('Protocoll error');
break;
}
} else {
// no ticket given, not authenticated
phpCAS::trace('no ticket found');
}
// Mark the auth-check as complete to allow post-authentication
// callbacks to make use of phpCAS::getUser() and similar methods
$this->markAuthenticationCall($res);
if ($res) {
// call the post-authenticate callback if registered.
if ($this->_postAuthenticateCallbackFunction) {
$args = $this->_postAuthenticateCallbackArgs;
array_unshift($args, $logoutTicket);
call_user_func_array($this->_postAuthenticateCallbackFunction, $args);
}
// if called with a ticket parameter, we need to redirect to the
// app without the ticket so that CAS-ification is transparent
// to the browser (for later POSTS) most of the checks and
// errors should have been made now, so we're safe for redirect
// without masking error messages. remove the ticket as a
// security precaution to prevent a ticket in the HTTP_REFERRER
if ($this->_clearTicketsFromUrl) {
phpCAS::trace("Prepare redirect to : " . $this->getURL());
session_write_close();
header('Location: ' . $this->getURL());
flush();
phpCAS::traceExit();
throw new CAS_GracefullTerminationException();
}
}
}
phpCAS::traceEnd($res);
return $res;
} /**
* Verify that phpCAS will successfully fetch name-value-style attributes:
*
* @return void
*/
public function testNameValueAttributes()
{
// Set up our response.
$response = new CAS_TestHarness_BasicResponse('https', 'cas.example.edu', '/cas/serviceValidate');
$response->setResponseHeaders(array('HTTP/1.1 200 OK', 'Date: Wed, 29 Sep 2010 19:20:57 GMT', 'Server: Apache-Coyote/1.1', 'Pragma: no-cache', 'Expires: Thu, 01 Jan 1970 00:00:00 GMT', 'Cache-Control: no-cache, no-store', 'Content-Type: text/html;charset=UTF-8', 'Content-Language: en-US', 'Via: 1.1 cas.example.edu', 'Connection: close', 'Transfer-Encoding: chunked'));
$response->setResponseBody("<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\n <cas:authenticationSuccess>\n <cas:user>jsmith</cas:user>\n\n <cas:attribute name='attraStyle' value='Name-Value' />\n <cas:attribute name='surname' value='Smith' />\n <cas:attribute name='givenName' value='John' />\n <cas:attribute name='memberOf' value='CN=Staff,OU=Groups,DC=example,DC=edu' />\n <cas:attribute name='memberOf' value='CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu' />\n\n <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>\n </cas:authenticationSuccess>\n</cas:serviceResponse>\n");
CAS_TestHarness_DummyRequest::addResponse($response);
$this->object->setTicket('ST-123456-asdfasdfasgww2323radf3');
$this->object->isAuthenticated();
// Verify that we have attributes from this response
$attras = $this->object->getAttributes();
$this->assertTrue($this->object->hasAttribute('attraStyle'), "Should have an attraStyle attribute");
// direct access
$this->assertEquals('Name-Value', $this->object->getAttribute('attraStyle'));
// array access
$this->assertArrayHasKey('attraStyle', $attras);
$this->assertEquals('Name-Value', $attras['attraStyle']);
$this->validateUserAttributes();
}
