diff --git a/.gitattributes b/.gitattributes
index cb33ddffb08f4f9077435214631b6b16ab4695f3..bcec236feab0d4a8728742c44379d61981bb2e97 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -2545,6 +2545,7 @@ library/ZendAfi/Acl/AdminControllerRoles.php -text
library/ZendAfi/Auth.php -text
library/ZendAfi/Auth/Adapter/CommSigb.php -text
library/ZendAfi/Auth/Adapter/DbTable.php -text
+library/ZendAfi/Auth/Storage/Session.php -text
library/ZendAfi/Controller/Action.php -text
library/ZendAfi/Controller/Action/Helper/FlashMessenger.php -text
library/ZendAfi/Controller/Action/Helper/Notify.php -text
diff --git a/application/modules/opac/controllers/AuthController.php b/application/modules/opac/controllers/AuthController.php
index 7185667399dbc18fe721c0c844bba324dd9ee56e..4aa91ee91771ffaf6aeb91992855a227423c54d4 100644
--- a/application/modules/opac/controllers/AuthController.php
+++ b/application/modules/opac/controllers/AuthController.php
@@ -64,30 +64,6 @@ class AuthController extends Zend_Controller_Action
}
- public static function addURLparameter($url, $parameter) {
-
- assert('is_array($parameter)');
-
- $queryStart = strpos($url, '?');
- if($queryStart === FALSE) {
- $oldQuery = array();
- $url .= '?';
- } else {
- $oldQuery = substr($url, $queryStart + 1);
- if($oldQuery === FALSE) {
- $oldQuery = array();
- } else {
- $oldQuery = self::parseQueryString($oldQuery);
- }
- $url = substr($url, 0, $queryStart + 1);
- }
-
- $query = array_merge($oldQuery, $parameter);
- $url .= http_build_query($query, '', '&');
-
- return $url;
- }
-
//------------------------------------------------------------------------------------------------------
// Login normal
diff --git a/application/modules/opac/controllers/CasServerController.php b/application/modules/opac/controllers/CasServerController.php
index 5a737601036e4915d8121e92b58bc19862fc483f..c90725a78dc3aa436ab3ef092ac64e526556c2f0 100644
--- a/application/modules/opac/controllers/CasServerController.php
+++ b/application/modules/opac/controllers/CasServerController.php
@@ -34,42 +34,7 @@ class CasServerController extends Zend_Controller_Action {
function indexAction() {
}
-
- function loginAction() {
- $this->values=$this->_request->getParams();
-
- $service = $this->_request->getParam('service');
-
-/* if (isset($this->_request->getParam('renew')) && $this->_request->getParam('renew'))
- $forceAuthn=$this->_request->getParam('renew');
- if (isset($this->_request->getParam('gateway')) && $this->_request->getParam('gateway'))
- $isPassive = $this->_request->getParam('gateway');
-*/
- $username=$this->_request->getParam('username');
- $password = $this->_request->getParam('password');
-
- if ($username && $password)
- if (!ZendAfi_Auth::getInstance()->authenticateLoginPassword($username, $password))
- echo "identifiant incorrect";
- //return $this->view->_('Identifiant ou mot de passe incorrect.');
- else {
- $user = Class_Users::getIdentity();
- $this->_helper->trackEvent('authentification', 'login', $user->getId());
- }
- $ticket = Zend_Session::getId();
-
-
-
- $this->getResponse()->setBody($response);
-
-
-// $this->_redirect($this->addURLparameter($service,['ticket' => $ticket]));
- }
- public static function getTicket() {
- return Zend_Session::getId();
- }
-
public function returnValidTicketResponse($username,$ticket) {
$this->getResponse()->setHeader('Content-Type', 'application/xml;charset=utf-8');
@@ -97,29 +62,6 @@ class CasServerController extends Zend_Controller_Action {
}
- public static function addURLparameter($url, $parameter) {
-
- assert('is_array($parameter)');
-
- $queryStart = strpos($url, '?');
- if($queryStart === FALSE) {
- $oldQuery = array();
- $url .= '?';
- } else {
- $oldQuery = substr($url, $queryStart + 1);
- if($oldQuery === FALSE) {
- $oldQuery = array();
- } else {
- $oldQuery = self::parseQueryString($oldQuery);
- }
- $url = substr($url, 0, $queryStart + 1);
- }
-
- $query = array_merge($oldQuery, $parameter);
- $url .= http_build_query($query, '', '&');
-
- return $url;
- }
function serviceValidateAction() {
$this->getResponse()->setHeader('Content-Type', 'application/xml;charset=utf-8');
@@ -138,47 +80,21 @@ class CasServerController extends Zend_Controller_Action {
return $this->returnFailureTicketResponse('INVALID_REQUEST');
}
- $session_exists=self::getFileWriter()->fileExists(session_save_path().'/sess_'.$ticket);
- if ($session_exists) {
- $username=$this->_request->getParam('identifiant');
- return $this->returnValidTicketResponse($username,$ticket);
+ $serialized_session=Zend_Registry::get('cache')->load($ticket);
+ if ($serialized_session) {
+ $session = unserialize($serialized_session);
+ $userid=$this->_request->getParam('identifiant');
+ if ($session->ID_USER == $userid)
+ return $this->returnValidTicketResponse($userid,$ticket);
}
return $this->returnFailureTicketResponse('INVALID_TICKET',$ticket);
-
+
$username=ZendAfi_Auth::getInstance();
return $this->returnValidTicketResponse($username,$ticket);
}
- function unserializeSessionFile() {
- // le truc qui ne fonctionne pas sur serveur de prod
- //file_get_contents(): open_basedir restriction in effect. File(/var/lib/php/session/sess_265e289842193853a77a40657418f752) is not within the allowed path(s): (/var/www/html/vhosts/opac2/www) in /var/www/html/vhosts/opac2/www/php/afi-opacce/library/Class/FileWriter.php on line 38
- $session_contents=self::getFileWriter()->getContents(session_save_path().'/sess_'.$ticket);
- $datas=explode('|',$session_contents);
- foreach ($datas as $data) {
- try {
- $my_unserialize_data=unserialize($data);
- } catch (exception $e) {
- continue;
- }
- if (is_array($my_unserialize_data) && isset($my_unserialize_data['storage'])) {
- $storage=$my_unserialize_data['storage'];
-
- if (isset($storage->LOGIN)) {
- $username=$storage->LOGIN;
- return $this->returnValidTicketResponse($username,$ticket);
- }
- if (isset($storage->login)) {
- $username=$storage->login;
- return $this->returnValidTicketResponse($username,$ticket);
- }
-
- }
- }
-
- }
-
function proxyAction() {
}
diff --git a/library/ZendAfi/Auth.php b/library/ZendAfi/Auth.php
index 12a03a66a4f6ea2aa4a583b8804f7b8ad9a8a7be..ff0290b4eacf984bfda8852e485c119ed4222a64 100644
--- a/library/ZendAfi/Auth.php
+++ b/library/ZendAfi/Auth.php
@@ -24,7 +24,7 @@ class ZendAfi_Auth extends Zend_Auth {
if (null === self::$_instance) {
$instance = new self();
$instance->setStorage(
- new Zend_Auth_Storage_Session(Zend_Auth_Storage_Session::NAMESPACE_DEFAULT
+ new ZendAfi_Auth_Storage_Session(ZendAfi_Auth_Storage_Session::NAMESPACE_DEFAULT
. md5(BASE_URL)));
self::$_instance = $instance;
}
@@ -58,6 +58,7 @@ class ZendAfi_Auth extends Zend_Auth {
}
+
public function authenticateLoginPassword($login, $password, $adapters = null) {
if (!$adapters)
$adapters = $this->getOrderedAdaptersForLoginPassword($login, $password);
diff --git a/library/ZendAfi/Auth/Storage/Session.php b/library/ZendAfi/Auth/Storage/Session.php
new file mode 100644
index 0000000000000000000000000000000000000000..43c5443c3012a9bd64105b94568df278520976aa
--- /dev/null
+++ b/library/ZendAfi/Auth/Storage/Session.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * Copyright (c) 2012, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * AFI-OPAC 2.0 is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * AFI-OPAC 2.0 is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with AFI-OPAC 2.0; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+class ZendAfi_Auth_Storage_Session extends Zend_Auth_Storage_Session {
+
+ public function write($contents) {
+ xdebug_break();
+ parent::write($contents);
+ Zend_Registry::get('cache')->save(serialize($contents),md5(Zend_Session::getId()));
+ }
+
+
+}
+?>
\ No newline at end of file
diff --git a/tests/application/modules/opac/controllers/CasServerControllerTest.php b/tests/application/modules/opac/controllers/CasServerControllerTest.php
index 2e299fa9aa743d30372130fbff53606d48688ae8..88d07ff3e50cda2fadce52e5f2ad94d9422fea54 100644
--- a/tests/application/modules/opac/controllers/CasServerControllerTest.php
+++ b/tests/application/modules/opac/controllers/CasServerControllerTest.php
@@ -27,24 +27,9 @@ class CasServerControllerValidateActionTest extends AbstractControllerTestCase {
public function setUp() {
parent::setUp();
-
- $this->session_file_contents_nologin = Storm_Test_ObjectWrapper::mock();
- $this->session_file_contents_nologin
- ->whenCalled('fileExists')
- ->answers(false)
- ->whenCalled('getContents')
- ->answers('8801b6c24c4d369a55a96252ed121d5c|a:2:{s:9:"id_profil";i:2;s:18:"previous_id_profil";i:2;}selection_bib|a:4:{s:7:"message";s:19:"selection bib sucks";s:10:"nb_notices";i:12
-345;s:4:"html";s:151:"<div style="width:100%"><h2>selection bib sucks</h2><a href="/afi-opac3/bib/selection" >Chercher dans les bibliothèques de votre choix</a></di
-v>";s:7:"id_bibs";s:0:"";}Zend_Auth8801b6c24c4d369a55a96252ed121d5c|a:1:{s:7:"storage";O:8:"stdClass":8:{s:8:"username";s:18:"AutoTest1369920419";s:8:"password";s:32:"5f4d
-cc3b5aa765d61d8327deb882cf99";s:7:"ID_USER";i:666;s:10:"ROLE_LEVEL";i:6;s:4:"ROLE";s:13:"admin_portail";s:7:"ID_SITE";i:1;s:9:"confirmed";b:1;s:7:"enabled";b:1;}}');
- $this->session_file_contents_logged = Storm_Test_ObjectWrapper::mock();
- $this->session_file_contents_logged
- ->whenCalled('fileExists')
- ->answers(true)
- ->whenCalled('getContents')
- ->answers('8801b6c24c4d369a55a96252ed121d5c|a:4:{s:11:"initialized";b:1;s:7:"baseUrl";s:10:"/afi-opac3";s:18:"previous_id_profil";i:1;s:9:"id_profil";i:1;}nombre_geo|a:1:{s:3:"all";s:6:"529508";}selection_bib|a:3:{s:7:"message";s:78:"La recherche s effectue dans toutes les bibliothèques du réseau.";s:10:"nb_notices";s:7:"529 508";s:4:"html";s:210:"<div style="width:100%"><h2>La recherche s effectue dans toutes les bibliothèques du réseau.</h2><a href="/afi-opac3/bib/selection" >Chercher dans les bibliothèques de votre choix</a></div>";}admin|a:1:{s:19:"filtre_localisation";a:2:{s:7:"id_zone";s:3:"ALL";s:6:"id_bib";s:3:"ALL";}}Zend_Auth8801b6c24c4d369a55a96252ed121d5c|a:1:{s:7:"storage";O:8:"stdClass":24:{s:7:"ID_USER";i:1;s:3:"NOM";s:0:"";s:6:"PRENOM";s:0:"";s:9:"NAISSANCE";s:0:"";s:7:"ID_SITE";i:0;s:5:"login";s:7:"marteau";s:8:"PASSWORD";s:4:"bang";s:4:"ROLE";s:11:"super_admin";s:10:"ROLE_LEVEL";i:7;s:6:"IDABON";s:1:"0";s:9:"ORDREABON";i:0;s:6:"PSEUDO";s:6:"sysadm";s:4:"MAIL";s:0:"";s:6:"STATUT";i:1;s:3:"CLE";s:0:"";s:10:"DATE_DEBUT";s:0:"";s:8:"DATE_FIN";s:0:"";s:7:"ID_SIGB";N;s:9:"TELEPHONE";s:0:"";s:7:"ADRESSE";N;s:11:"CODE_POSTAL";N;s:5:"VILLE";N;s:14:"IS_CONTACT_SMS";i:0;s:15:"IS_CONTACT_MAIL";i:0;}}');
- CasServerController::setFileWriter($this->session_file_contents_nologin);
-
+ $user = new StdClass();
+ $user->ID_USER=300;
+ Zend_Registry::get('cache')->save(serialize($user),md5(Zend_Session::getId()));
}
@@ -57,17 +42,17 @@ cc3b5aa765d61d8327deb882cf99";s:7:"ID_USER";i:666;s:10:"ROLE_LEVEL";i:6;s:4:"ROL
/** @test */
public function requestWithInvalidTicketShouldRespondInvalidTicketFailureXML() {
- $this->dispatch('/opac/cas-server/validate?ticket=ST-marchepo&service=http://test.com');
- $this->assertContains('<cas:authenticationFailure code="INVALID_TICKET"> Ticket ST-marchepo not recognized</cas:authenticationFailure>',$this->_response->getBody());
+ $this->dispatch('/opac/cas-server/validate?ticket=STmarchepo&service=http://test.com',true);
+ $this->assertContains('<cas:authenticationFailure code="INVALID_TICKET"> Ticket STmarchepo not recognized</cas:authenticationFailure>',$this->_response->getBody());
}
/** @test */
public function requestWithValidTicketShouldRespondValidXML() {
- CasServerController::setFileWriter($this->session_file_contents_logged);
- $this->dispatch('/opac/cas-server/validate?identifiant=marteau&ticket=ST-quimarche&service=http://test.com');
- $this->assertContains('<cas:user>marteau</cas:user>',$this->_response->getBody());
- $this->assertContains('<cas:proxyGrantingTicket>ST-quimarche',$this->_response->getBody());
+
+ $this->dispatch('/opac/cas-server/validate?identifiant=300&ticket='.md5(Zend_Session::getId()).'&service=http://test.com');
+ $this->assertContains('<cas:user>300</cas:user>',$this->_response->getBody());
+ $this->assertContains('<cas:proxyGrantingTicket>',$this->_response->getBody());
}
}
diff --git a/tests/library/ZendAfi/AuthTest.php b/tests/library/ZendAfi/AuthTest.php
index 5426647692c42ff3a03ad8b6e70f4d9261b62fbc..5759124a88b4c132829003aa7cf5b749ebf8a8e4 100644
--- a/tests/library/ZendAfi/AuthTest.php
+++ b/tests/library/ZendAfi/AuthTest.php
@@ -20,10 +20,32 @@
*/
class AuthSessionNamespaceTest extends PHPUnit_Framework_TestCase {
+
+ public function setUp() {
+ $this->old_cache=Zend_Registry::get('cache');
+ $this->cache_mock=Storm_Test_ObjectWrapper::mock();
+ $this->cache_mock->whenCalled('save')
+ ->answers(true);
+
+
+ Zend_Registry::set('cache',$this->cache_mock);
+
+ $zendAuth = ZendAfi_Auth::getInstance();
+ $this->islogged=$zendAuth->authenticateLoginPassword('sysadm','adminPassword',[new Mock_ZendAfi_Auth_MD5_Adapter()]);
+
+ }
+
+
+ public function tearDown() {
+ Zend_Registry::set('cache',$this->old_cache);
+ }
+
+
/** @test */
public function sessionStorageNamespaceShouldVaryOnBaseUrl() {
$this->assertEquals('Zend_Auth' . md5(BASE_URL),
ZendAfi_Auth::getInstance()->getStorage()->getNamespace());
+
}
@@ -31,8 +53,12 @@ class AuthSessionNamespaceTest extends PHPUnit_Framework_TestCase {
* @test
*/
public function validAuthenticationInMd5ShouldRedirect() {
- $zendAuth = ZendAfi_Auth::getInstance();
- $this->assertTrue($zendAuth->authenticateLoginPassword('sysadm','adminPassword',[new Mock_ZendAfi_Auth_MD5_Adapter()]));
+ $this->assertTrue($this->islogged);
+ }
+
+/** @test */
+ public function validAuthenticationShouldBeStoredInCache() {
+ $this->assertEquals('sysadm',unserialize($this->cache_mock->getFirstAttributeForLastCallOn('save'))->LOGIN);
}
}