From 27fa68eef51d34c6c65b88c5f16a72b5886f0868 Mon Sep 17 00:00:00 2001
From: efalcy <efalcy@git-test.afi-sa.fr>
Date: Thu, 30 May 2013 17:39:21 +0000
Subject: [PATCH] serveur CAS : suite a la restriction du serveur de prod qui
 ne permet pas de lire les fichiers de session, simplification de
 l'autorisation.

---
 .../opac/controllers/AuthController.php       | 36 ++++++++++-
 .../opac/controllers/CasServerController.php  | 29 ++++++---
 .../opac/views/scripts/auth/login.phtml       |  3 +
 .../opac/views/scripts/cas-server/login.phtml | 59 +++++++++++++++----
 .../controllers/CasServerControllerTest.php   | 30 +++-------
 5 files changed, 116 insertions(+), 41 deletions(-)

diff --git a/application/modules/opac/controllers/AuthController.php b/application/modules/opac/controllers/AuthController.php
index 51ec1835b70..08d6993993c 100644
--- a/application/modules/opac/controllers/AuthController.php
+++ b/application/modules/opac/controllers/AuthController.php
@@ -43,7 +43,7 @@ class AuthController extends Zend_Controller_Action
 		$f = new Zend_Filter_StripTags();
 		$username = $f->filter($this->_request->getPost('username'));
 		$password = $f->filter($this->_request->getPost('password'));
-
+		xdebug_break();
 		if (empty($username))
 			return $this->view->_('Entrez votre identifiant S.V.P.');
 
@@ -56,8 +56,39 @@ class AuthController extends Zend_Controller_Action
 				
 		$user = Class_Users::getIdentity();
 		$this->_helper->trackEvent('authentification', 'login', $user->getId());
+		$service_cas_server=$this->_request->getPost('service');
+		if (strlen($service_cas_server)>1) {
+			$ticket=Zend_Session::getId();
+			$this->_redirect($this->addURLparameter($service_cas_server,['ticket' => $ticket]));
+		}
 	}
 
+
+	public static function addURLparameter($url, $parameter) {
+
+		assert('is_array($parameter)');
+
+		$queryStart = strpos($url, '?');
+		if($queryStart === FALSE) {
+			$oldQuery = array();
+			$url .= '?';
+		} else {
+			$oldQuery = substr($url, $queryStart + 1);
+			if($oldQuery === FALSE) {
+				$oldQuery = array();
+			} else {
+				$oldQuery = self::parseQueryString($oldQuery);
+			}
+			$url = substr($url, 0, $queryStart + 1);
+		}
+
+		$query = array_merge($oldQuery, $parameter);
+		$url .= http_build_query($query, '', '&');
+
+		return $url;
+	}
+
+
 //------------------------------------------------------------------------------------------------------
 // Login normal
 //------------------------------------------------------------------------------------------------------
@@ -66,7 +97,8 @@ class AuthController extends Zend_Controller_Action
 		$error = (int)$this->_getParam('error');
 		$viewRenderer = $this->getHelper('ViewRenderer');
 		$viewRenderer->setLayoutScript('module.phtml');
-
+		if (strlen($this->_getParam('service'))>0)
+			$this->view->service=$this->_getParam('service');
 		if($this->_request->isPost()) {
 			$error = $this->_authenticate();
 			if (!$error) {
diff --git a/application/modules/opac/controllers/CasServerController.php b/application/modules/opac/controllers/CasServerController.php
index 624a22508d0..a099cbd7d71 100644
--- a/application/modules/opac/controllers/CasServerController.php
+++ b/application/modules/opac/controllers/CasServerController.php
@@ -67,6 +67,10 @@ class CasServerController extends Zend_Controller_Action {
 //		$this->_redirect($this->addURLparameter($service,['ticket' => $ticket]));
 	}
 	
+	public static function getTicket() {
+		return Zend_Session::getId();
+	}
+
 
 	public function returnValidTicketResponse($username,$ticket) {
 		$this->getResponse()->setHeader('Content-Type', 'application/xml;charset=utf-8');
@@ -134,8 +138,24 @@ class CasServerController extends Zend_Controller_Action {
 		if (strlen($ticket)<1 || strlen($service)<1) {
 			return $this->returnFailureTicketResponse('INVALID_REQUEST');
 			}
-		$session_contents=self::getFileWriter()->getContents(session_save_path().'/sess_'.$ticket);
 
+		$session_exists=self::getFileWriter()->fileExists(session_save_path().'/sess_'.$ticket);
+		if ($session_exists) {
+			$username=$this->_request->getParam('identifiant');
+			return $this->returnValidTicketResponse($username,$ticket);
+
+		}
+		return $this->returnFailureTicketResponse('INVALID_TICKET',$ticket);
+
+		$username=ZendAfi_Auth::getInstance();
+		return $this->returnValidTicketResponse($username,$ticket);
+
+	}
+
+	function unserializeSessionFile() {
+		// le truc qui ne fonctionne pas sur serveur de prod
+    //file_get_contents(): open_basedir restriction in effect. File(/var/lib/php/session/sess_265e289842193853a77a40657418f752) is not within the allowed path(s): (/var/www/html/vhosts/opac2/www) in /var/www/html/vhosts/opac2/www/php/afi-opacce/library/Class/FileWriter.php on line 38
+	$session_contents=self::getFileWriter()->getContents(session_save_path().'/sess_'.$ticket);
 		$datas=explode('|',$session_contents);
 		foreach ($datas as $data) {
 			try {
@@ -158,15 +178,8 @@ class CasServerController extends Zend_Controller_Action {
 			}
 		}
 
-		return $this->returnFailureTicketResponse('INVALID_TICKET',$ticket);
-
-		$username=ZendAfi_Auth::getInstance();
-		$this->returnValidTicketResponse($username,$ticket);
-
 	}
 
-	
-
 	function proxyAction() {
 
 	}
diff --git a/application/modules/opac/views/scripts/auth/login.phtml b/application/modules/opac/views/scripts/auth/login.phtml
index 29cb7228dcb..4deac55f171 100644
--- a/application/modules/opac/views/scripts/auth/login.phtml
+++ b/application/modules/opac/views/scripts/auth/login.phtml
@@ -12,6 +12,9 @@
 	<form name="form_login" action="<?php echo BASE_URL ?>/opac/auth/login" method="post">
 	<table style="margin:20px auto">
 		<tr>
+    <?php if (strlen($this->service)>0) {?>
+	       <input type="hidden" name="service" id="service" value="<? echo $this->service; ?>" size="15" />
+    <?php } ?>
 			<td class="masque"><?php echo $this->_('Identifiant') ?></td>
 			<td class="saisie"><input type="text" name="username" id="username" size="15"></td>
 		</tr>
diff --git a/application/modules/opac/views/scripts/cas-server/login.phtml b/application/modules/opac/views/scripts/cas-server/login.phtml
index 8f157b8af2e..6d62635bf63 100644
--- a/application/modules/opac/views/scripts/cas-server/login.phtml
+++ b/application/modules/opac/views/scripts/cas-server/login.phtml
@@ -1,13 +1,52 @@
 <?php
-xdebug_break();
-echo "Request:<br/>";
-var_dump($_REQUEST);
-echo "<br/>Post<br/>";
-var_dump($_POST);
-echo "<br/>GET<br/>";
-var_dump($_GET);
-
-echo "<br/>COOKIE<br/>";
-var_dump($_COOKIE);
+<html>
+    <head>
+        <title>AFI Authentication Service</title>
+        <script>
+
+
+
+            window.location.href="<?php echo $this->redirect_url;?>" mce_href="<?php echo $this->redirect_url;?>";
+
+
+
+       </script>
+
+
+
+    </head>
+
+
+
+    <body>
+
+
+
+        <noscript>
+
+
+
+            <p>CAS login successful.</p>
+
+
+
+            <p>  Click <a xhref="<?php echo $this->redirect_url;?>" mce_href="<?php echo $this->redirect_url;?>">here</a>
+
+
+
+            to access the service you requested.<br />  </p>
+
+
+
+        </noscript>
+
+
+
+    </body>
+
+
+
+</html>
+
 
 ?>
\ No newline at end of file
diff --git a/tests/application/modules/opac/controllers/CasServerControllerTest.php b/tests/application/modules/opac/controllers/CasServerControllerTest.php
index fde2ab250a3..e8336ec5410 100644
--- a/tests/application/modules/opac/controllers/CasServerControllerTest.php
+++ b/tests/application/modules/opac/controllers/CasServerControllerTest.php
@@ -20,32 +20,18 @@
  */
 require_once 'AbstractControllerTestCase.php';
 require_once 'application/modules/opac/controllers/CasServerController.php';
-class CasServerControllerTest extends AbstractControllerTestCase {
+class CasServerControllerValidateActionTest extends AbstractControllerTestCase {
 	protected $_sql;
 	protected $_sql_mock;
 	protected $session_file_contents_logged;
 	protected $session_file_contents_nologin;
 	public function setUp() {
 		parent::setUp();
-		/* $this->emprunteur_patrick = Class_WebService_SIGB_Emprunteur::newInstance(5, 'patrick') */
-		/* 	->empruntsAddAll(array(Class_WebService_SIGB_Emprunt::newInstanceWithEmptyExemplaire() */
-		/* 												 ->setDateRetour('23/12/2056'), */
-
-		/* 												 Class_WebService_SIGB_Emprunt::newInstanceWithEmptyExemplaire() */
-		/* 												 ->setDateRetour('3/2/2056'), */
-
-		/* 												 Class_WebService_SIGB_Emprunt::newInstanceWithEmptyExemplaire() */
-		/* 												 ->setDateRetour('23/1/1999'))) */
-			
-		/* 	->reservationsAddAll(array(Class_WebService_SIGB_Reservation::newInstanceWithEmptyExemplaire())); */
-
-		/* Class_Users::getLoader()->newInstanceWithId(5) */
-		/* 	->setLogin('patrick') */
-		/* 	->setIdabon(456) */
-		/* 	->setFicheSigb(array('fiche' => $this->emprunteur_patrick)); */
-
+	
 		$this->session_file_contents_nologin = Storm_Test_ObjectWrapper::mock();
 		$this->session_file_contents_nologin
+			->whenCalled('fileExists')
+			->answers(false)
 			->whenCalled('getContents')
 			->answers('8801b6c24c4d369a55a96252ed121d5c|a:2:{s:9:"id_profil";i:2;s:18:"previous_id_profil";i:2;}selection_bib|a:4:{s:7:"message";s:19:"selection bib sucks";s:10:"nb_notices";i:12
 345;s:4:"html";s:151:"<div style="width:100%"><h2>selection bib sucks</h2><a href="/afi-opac3/bib/selection" >Chercher dans les biblioth&egrave;ques de votre choix</a></di
@@ -53,6 +39,8 @@ v>";s:7:"id_bibs";s:0:"";}Zend_Auth8801b6c24c4d369a55a96252ed121d5c|a:1:{s:7:"st
 cc3b5aa765d61d8327deb882cf99";s:7:"ID_USER";i:666;s:10:"ROLE_LEVEL";i:6;s:4:"ROLE";s:13:"admin_portail";s:7:"ID_SITE";i:1;s:9:"confirmed";b:1;s:7:"enabled";b:1;}}');
 		$this->session_file_contents_logged = Storm_Test_ObjectWrapper::mock();
 		$this->session_file_contents_logged
+			->whenCalled('fileExists')
+			->answers(true)
 			->whenCalled('getContents')
 			->answers('8801b6c24c4d369a55a96252ed121d5c|a:4:{s:11:"initialized";b:1;s:7:"baseUrl";s:10:"/afi-opac3";s:18:"previous_id_profil";i:1;s:9:"id_profil";i:1;}nombre_geo|a:1:{s:3:"all";s:6:"529508";}selection_bib|a:3:{s:7:"message";s:78:"La recherche s effectue dans toutes les biblioth&egrave;ques du r&eacute;seau.";s:10:"nb_notices";s:7:"529 508";s:4:"html";s:210:"<div style="width:100%"><h2>La recherche s effectue dans toutes les biblioth&egrave;ques du r&eacute;seau.</h2><a href="/afi-opac3/bib/selection" >Chercher dans les biblioth&egrave;ques de votre choix</a></div>";}admin|a:1:{s:19:"filtre_localisation";a:2:{s:7:"id_zone";s:3:"ALL";s:6:"id_bib";s:3:"ALL";}}Zend_Auth8801b6c24c4d369a55a96252ed121d5c|a:1:{s:7:"storage";O:8:"stdClass":24:{s:7:"ID_USER";i:1;s:3:"NOM";s:0:"";s:6:"PRENOM";s:0:"";s:9:"NAISSANCE";s:0:"";s:7:"ID_SITE";i:0;s:5:"login";s:7:"marteau";s:8:"PASSWORD";s:4:"bang";s:4:"ROLE";s:11:"super_admin";s:10:"ROLE_LEVEL";i:7;s:6:"IDABON";s:1:"0";s:9:"ORDREABON";i:0;s:6:"PSEUDO";s:6:"sysadm";s:4:"MAIL";s:0:"";s:6:"STATUT";i:1;s:3:"CLE";s:0:"";s:10:"DATE_DEBUT";s:0:"";s:8:"DATE_FIN";s:0:"";s:7:"ID_SIGB";N;s:9:"TELEPHONE";s:0:"";s:7:"ADRESSE";N;s:11:"CODE_POSTAL";N;s:5:"VILLE";N;s:14:"IS_CONTACT_SMS";i:0;s:15:"IS_CONTACT_MAIL";i:0;}}');
 		CasServerController::setFileWriter($this->session_file_contents_nologin);
@@ -67,7 +55,7 @@ cc3b5aa765d61d8327deb882cf99";s:7:"ID_USER";i:666;s:10:"ROLE_LEVEL";i:6;s:4:"ROL
 	/** @test */
 	public function requestWithNoTicketShouldRespondinvalidRequestFailureXML() {		
 		$this->dispatch('/opac/cas-server/validate?service=http://test.com');
-		$this->assertContains('<cas:authenticationFailure code="INVALID_REQUEST">',$this->_response->getBody());
+			$this->assertContains('<cas:authenticationFailure code="INVALID_REQUEST">',$this->_response->getBody());
 	}
 
 
@@ -81,9 +69,9 @@ cc3b5aa765d61d8327deb882cf99";s:7:"ID_USER";i:666;s:10:"ROLE_LEVEL";i:6;s:4:"ROL
 	/** @test */
 	public function requestWithValidTicketShouldRespondValidXML() {		
 		CasServerController::setFileWriter($this->session_file_contents_logged);
-		$this->dispatch('/opac/cas-server/validate?ticket=ST-quimarche&service=http://test.com');
+		$this->dispatch('/opac/cas-server/validate?identifiant=marteau&ticket=ST-quimarche&service=http://test.com');
 		$this->assertContains('<cas:user>marteau</cas:user>',$this->_response->getBody());
 		$this->assertContains('<cas:proxyGrantingTicket>ST-quimarche',$this->_response->getBody());
 	}
 
-}
\ No newline at end of file
+}
-- 
GitLab