diff --git a/VERSIONS b/VERSIONS
index ec09f754c6d7535d9f50813c246bf1e38a9941c9..47684950374aba520e1617b05b87937b6a78bd11 100644
--- a/VERSIONS
+++ b/VERSIONS
@@ -13,7 +13,9 @@
- ticket #13060 : Amélioration du paramétrage de l'écran d'inscription
- ticket #13776 : SIGB Aloès, web services: amélioration de la fermeture des sessions qui pouvait perturber le fonctionnement d'Aloès
-
+
+- ticket#12422 : les "service tickets" CAS sont préfixés par "ST-" conformément à la spécification CAS 3.0
+
04/06/2014 - v6.44.7
- ticket #14019 : Correction de l'export unimarc des listes de prêts
diff --git a/application/modules/opac/controllers/AuthController.php b/application/modules/opac/controllers/AuthController.php
index 2fb370c074e2187329a20eeb5c1e42e537e8056a..e233ecef37f0a530598de46bc8efce18d2e8da50 100644
--- a/application/modules/opac/controllers/AuthController.php
+++ b/application/modules/opac/controllers/AuthController.php
@@ -74,7 +74,13 @@ class AuthController extends ZendAfi_Controller_Action {
}
- public function loginAction() {
+ //see http://www.jasig.org/cas/protocol#cas-uris
+ function validateAction() {
+ $this->_forward('validate', 'cas-server');
+ }
+
+
+ function loginAction() {
$this->view->preferences = Class_Profil::getCurrentProfil()->getCfgModulesPreferences('auth','login');
$redirect = $this->_getParam('redirect', '/opac');
$this->view->redirect = $redirect;
@@ -361,7 +367,6 @@ class Auth_Strategy_Logged extends Auth_Strategy_Abstract{
class Auth_Strategy_Cas_Abstract extends Auth_Strategy_Abstract{
public function urlServiceCas(){
-
if ($url_musicme=$this->redirectMusicMe())
return $url_musicme;
$ticket = (new Class_CasTicket())->getTicketForCurrentUser();
diff --git a/library/Class/CasTicket.php b/library/Class/CasTicket.php
index 19e1bf9da615b9e679265890dfa7dc32fbdc7730..cdf8a1f37bb761dc1d1909bbcd1fafe5bb8e5bbf 100644
--- a/library/Class/CasTicket.php
+++ b/library/Class/CasTicket.php
@@ -19,6 +19,9 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
class Class_CasTicket {
+ //see http://www.jasig.org/cas/protocol#service-ticket-properties
+ const PREFIX = 'ST-';
+
public function getTicketForCurrentUser() {
if ($user = Class_Users::getIdentity())
return $this->getTicketForUser($user);
@@ -27,24 +30,29 @@ class Class_CasTicket {
public function getTicketForUser($user) {
- return md5(Zend_Session::getId() . $user->getId());
+ return self::PREFIX.md5(Zend_Session::getId() . $user->getId());
}
public function save() {
if ($user = Class_Users::getIdentity())
Zend_Registry::get('cache')->save((string)$user->getId(),
- $this->getTicketForCurrentUser());
+ $this->withoutPrefix($this->getTicketForCurrentUser()));
+ }
+
+
+ public function withoutPrefix($ticket) {
+ return str_replace(self::PREFIX, '', $ticket);
}
public function clear() {
if ($ticket = $this->getTicketForCurrentUser())
- Zend_Registry::get('cache')->remove($ticket);
+ Zend_Registry::get('cache')->remove($this->withoutPrefix($ticket));
}
public function userForTicket($ticket) {
- if ($id = (int)Zend_Registry::get('cache')->load($ticket))
+ if ($id = (int)Zend_Registry::get('cache')->load($this->withoutPrefix($ticket)))
return Class_Users::find($id);
return null;
}
diff --git a/tests/application/modules/opac/controllers/AuthControllerTest.php b/tests/application/modules/opac/controllers/AuthControllerTest.php
index f63b58d32d8684f2c22d662c84a128691349928b..f9db26f023696fe399c4aaeb21d046fcee64d55f 100644
--- a/tests/application/modules/opac/controllers/AuthControllerTest.php
+++ b/tests/application/modules/opac/controllers/AuthControllerTest.php
@@ -863,7 +863,7 @@ class AuthControllerPostSuccessfulFromCASClientTest extends AuthControllerPostSi
/** @test */
public function responseShouldRedirectToCasClientWithTicket() {
- $this->assertRedirectTo('http://www.numilog.com/view?book=bilbo&ticket='.md5(Zend_Session::getId().'2'));
+ $this->assertRedirectTo('http://www.numilog.com/view?book=bilbo&ticket=ST-'.md5(Zend_Session::getId().'2'));
}
/** @test */
@@ -887,7 +887,7 @@ class AuthControllerPostSuccessfulFromMusicMeCASClientTest extends AuthControlle
/** @test */
public function responseShouldRedirectToMusicMeCasClientWithTicketAndBibId() {
- $ticket=md5(Zend_Session::getId(). '2');
+ $ticket='ST-'.md5(Zend_Session::getId(). '2');
$this->assertRedirectTo('http://musicmeurl/?iduser=foo&ticket='.$ticket.'&MediaLibraryID=888&service=http%3A%2F%2Fmusicmeurl%2F%3Fiduser%3Dfoo%26ticket%3D'.$ticket.'%26MediaLibraryID%3D888');
}
@@ -910,7 +910,7 @@ class AuthControllerFromCASClientUserConnectedTest extends AuthControllerNobodyL
/** @test */
public function responseShouldRedirectToCasClientServiceWithTicket() {
- $this->assertRedirectTo('http://numilog.com/actionredirected?ticket='.md5(Zend_Session::getId().'22'));
+ $this->assertRedirectTo('http://numilog.com/actionredirected?ticket=ST-'.md5(Zend_Session::getId().'22'));
}
/** @test */
diff --git a/tests/application/modules/opac/controllers/CasServerControllerTest.php b/tests/application/modules/opac/controllers/CasServerControllerTest.php
index e0b6fb69c6adea0d92f39183d5dc8b262529424c..5aaa827bbed24d6bc8274664a49f06d9839dc9ac 100644
--- a/tests/application/modules/opac/controllers/CasServerControllerTest.php
+++ b/tests/application/modules/opac/controllers/CasServerControllerTest.php
@@ -49,17 +49,39 @@ class CasServerControllerValidateActionTest extends AbstractControllerTestCase {
}
+ /** @test */
+ public function requestWithInvalidTicketOnAuthShouldRespondInvalidTicketFailureXML() {
+ $this->dispatch('/opac/auth/validate?ticket=STmarchepo&service=http://test.com',true);
+ $this->assertContains('<cas:authenticationFailure code="INVALID_TICKET"> Ticket STmarchepo not recognized</cas:authenticationFailure>',$this->_response->getBody());
+ }
+
+
/** @test */
public function requestWithValidTicketShouldRespondValidXML() {
-
$this->dispatch('/opac/cas-server/validate?ticket='.md5(Zend_Session::getId().'300').'&service=http://test.com');
$this->assertContains('<cas:user>300</cas:user>',$this->_response->getBody());
$this->assertContains('<cas:proxyGrantingTicket>',$this->_response->getBody());
}
+ /** @test */
+ public function requestWithValidTicketPrefixedBySTShouldRespondValidXML() {
+ $this->dispatch('/opac/cas-server/validate?ticket=ST-'.md5(Zend_Session::getId().'300').'&service=http://test.com');
+ $this->assertContains('<cas:user>300</cas:user>',$this->_response->getBody());
+ $this->assertContains('<cas:proxyGrantingTicket>',$this->_response->getBody());
+ }
+
+
+ /** @test */
+ public function requestWithValidTicketPrefixedBySTOnAuthenticateControllerShouldRespondValidXML() {
+ $this->dispatch('/opac/auth/validate?ticket=ST-'.md5(Zend_Session::getId().'300').'&service=http://test.com');
+ $this->assertContains('<cas:user>300</cas:user>',$this->_response->getBody());
+ $this->assertContains('<cas:proxyGrantingTicket>',$this->_response->getBody());
+ }
}
+
+
class CasServerControllerMusicMeValidateActionTest extends AbstractControllerTestCase {
protected $session_file_contents_logged;
protected $session_file_contents_nologin;
@@ -75,21 +97,21 @@ class CasServerControllerMusicMeValidateActionTest extends AbstractControllerTes
/** @test */
public function requestMusicMeWithNoTicketShouldRespondAccountDisabledXML() {
- $this->dispatch('/opac/cas-server/validate-musicme?MediaLibraryID=150&ticket=0a1b2c3d');
+ $this->dispatch('/opac/cas-server/validate-musicme?MediaLibraryID=150&ticket=ST-0a1b2c3d');
$this->assertContains('<User />',$this->_response->getBody());
}
/** @test */
public function requestMusicMeWithValidTicketShouldRespondValidXML() {
- $this->dispatch('/opac/cas-server/validate-musicme?ticket='.md5(Zend_Session::getId().'300').'&MediaLibraryID=http://test.com');
+ $this->dispatch('/opac/cas-server/validate-musicme?ticket=ST-'.md5(Zend_Session::getId().'300').'&MediaLibraryID=http://test.com');
$this->assertContains('<ID>300</ID>',$this->_response->getBody());
}
/** @test */
public function musicmeUrlShouldContainsTicket0a1b2c3d() {
- $expected_ticket = md5(Zend_Session::getId().'300');
+ $expected_ticket = 'ST-'.md5(Zend_Session::getId().'300');
$this->assertContains('ticket='.$expected_ticket.'&', Class_MusicMeLink::forUser(Class_Users::find(300))->url());
}
diff --git a/tests/library/Class/MusicMeLinkTest.php b/tests/library/Class/MusicMeLinkTest.php
index b9cd713887c52c8513beb6659cb44ac9e2e940b8..7e6912a3e9e9d736391180cb81d44396ec798017 100644
--- a/tests/library/Class/MusicMeLinkTest.php
+++ b/tests/library/Class/MusicMeLinkTest.php
@@ -57,7 +57,7 @@ class MusicMeLinkWithAbonTest extends MusicMeLinkTestCase {
/** @test */
public function musicMeUrlShouldExtractUrlFromResponse() {
- $ticket=md5( Zend_Session::getId() . '4');
+ $ticket='ST-'.md5( Zend_Session::getId() . '4');
$this->assertEquals('http://musicmeurl/?iduser=34&ticket='.$ticket.
'&MediaLibraryID=888&service=http%3A%2F%2Fmusicmeurl%2F%3Fiduser%3D34%26ticket%3D'.$ticket.'%26MediaLibraryID%3D888',
$this->_musicme->url());
diff --git a/tests/library/Class/NumilogLinkTest.php b/tests/library/Class/NumilogLinkTest.php
index e9e506002355fe4e9c2d3be4f39a458ba7578eea..1e8e705062cf1000b3fe257432c43babb600b17b 100644
--- a/tests/library/Class/NumilogLinkTest.php
+++ b/tests/library/Class/NumilogLinkTest.php
@@ -63,14 +63,14 @@ abstract class NumilogLinkTestCase extends Storm_Test_ModelTestCase {
/** @test */
public function numilogUrlShouldReturnUrlWithTicket() {
- $this->assertEquals('http://urlnumilog/action?ticket='.md5( Zend_Session::getId() . '4'),
+ $this->assertEquals('http://urlnumilog/action?ticket=ST-'.md5( Zend_Session::getId() . '4'),
$this->_numilog->url());
}
/** @test */
public function numilogUrlExternalShouldReturnUrlWithTicket() {
- $this->assertEquals('http://url-given-bynumilog?withparam=2&ticket='.md5( Zend_Session::getId() . '4'),
+ $this->assertEquals('http://url-given-bynumilog?withparam=2&ticket=ST-'.md5( Zend_Session::getId() . '4'),
$this->_numilog->urlExternal('http://url-given-bynumilog?withparam=2'));
}