public function isAuthenticated($renew = false)
{
phpCAS::traceBegin();
$res = false;
$validate_url = '';
if ($this->_wasPreviouslyAuthenticated()) {
if ($this->hasTicket()) {
// User has a additional ticket but was already authenticated
phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()');
if ($this->_clearTicketsFromUrl) {
phpCAS::trace("Prepare redirect to : " . $this->getURL());
session_write_close();
header('Location: ' . $this->getURL());
flush();
phpCAS::traceExit();
throw new CAS_GracefullTerminationException();
} else {
phpCAS::trace('Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.');
$res = true;
}
} else {
// the user has already (previously during the session) been
// authenticated, nothing to be done.
phpCAS::trace('user was already authenticated, no need to look for tickets');
$res = true;
}
// Mark the auth-check as complete to allow post-authentication
// callbacks to make use of phpCAS::getUser() and similar methods
$this->markAuthenticationCall($res);
} else {
if ($this->hasTicket()) {
switch ($this->getServerVersion()) {
case CAS_VERSION_1_0:
// if a Service Ticket was given, validate it
phpCAS::trace('CAS 1.0 ticket `' . $this->getTicket() . '\' is present');
$this->validateCAS10($validate_url, $text_response, $tree_response, $renew);
// if it fails, it halts
phpCAS::trace('CAS 1.0 ticket `' . $this->getTicket() . '\' was validated');
$_SESSION['phpCAS']['user'] = $this->_getUser();
$res = true;
$logoutTicket = $this->getTicket();
break;
case CAS_VERSION_2_0:
case CAS_VERSION_3_0:
// if a Proxy Ticket was given, validate it
phpCAS::trace('CAS ' . $this->getServerVersion() . ' ticket `' . $this->getTicket() . '\' is present');
$this->validateCAS20($validate_url, $text_response, $tree_response, $renew);
// note: if it fails, it halts
phpCAS::trace('CAS ' . $this->getServerVersion() . ' ticket `' . $this->getTicket() . '\' was validated');
if ($this->isProxy()) {
$this->_validatePGT($validate_url, $text_response, $tree_response);
// idem
phpCAS::trace('PGT `' . $this->_getPGT() . '\' was validated');
$_SESSION['phpCAS']['pgt'] = $this->_getPGT();
}
$_SESSION['phpCAS']['user'] = $this->_getUser();
if (!empty($this->_attributes)) {
$_SESSION['phpCAS']['attributes'] = $this->_attributes;
}
$proxies = $this->getProxies();
if (!empty($proxies)) {
$_SESSION['phpCAS']['proxies'] = $this->getProxies();
}
$res = true;
$logoutTicket = $this->getTicket();
break;
case SAML_VERSION_1_1:
// if we have a SAML ticket, validate it.
phpCAS::trace('SAML 1.1 ticket `' . $this->getTicket() . '\' is present');
$this->validateSA($validate_url, $text_response, $tree_response, $renew);
// if it fails, it halts
phpCAS::trace('SAML 1.1 ticket `' . $this->getTicket() . '\' was validated');
$_SESSION['phpCAS']['user'] = $this->_getUser();
$_SESSION['phpCAS']['attributes'] = $this->_attributes;
$res = true;
$logoutTicket = $this->getTicket();
break;
default:
phpCAS::trace('Protocoll error');
break;
}
} else {
// no ticket given, not authenticated
phpCAS::trace('no ticket found');
}
// Mark the auth-check as complete to allow post-authentication
// callbacks to make use of phpCAS::getUser() and similar methods
$this->markAuthenticationCall($res);
if ($res) {
// call the post-authenticate callback if registered.
if ($this->_postAuthenticateCallbackFunction) {
$args = $this->_postAuthenticateCallbackArgs;
array_unshift($args, $logoutTicket);
call_user_func_array($this->_postAuthenticateCallbackFunction, $args);
}
// if called with a ticket parameter, we need to redirect to the
// app without the ticket so that CAS-ification is transparent
// to the browser (for later POSTS) most of the checks and
// errors should have been made now, so we're safe for redirect
// without masking error messages. remove the ticket as a
// security precaution to prevent a ticket in the HTTP_REFERRER
if ($this->_clearTicketsFromUrl) {
phpCAS::trace("Prepare redirect to : " . $this->getURL());
session_write_close();
header('Location: ' . $this->getURL());
flush();
phpCAS::traceExit();
throw new CAS_GracefullTerminationException();
}
}
}
phpCAS::traceEnd($res);
return $res;
}