Cas server : store session in zend cache

4f4062c5 · efalcy · 0cfd8c87 · 4f4062c5 · 4f4062c5 · 4f4062c5
Commit 4f4062c5 authored 11 years ago by efalcy
--- a/.gitattributes
+++ b/.gitattributes
@@ -2545,6 +2545,7 @@ library/ZendAfi/Acl/AdminControllerRoles.php -text
 library/ZendAfi/Auth.php -text
 library/ZendAfi/Auth/Adapter/CommSigb.php -text
 library/ZendAfi/Auth/Adapter/DbTable.php -text
+library/ZendAfi/Auth/Storage/Session.php -text
 library/ZendAfi/Controller/Action.php -text
 library/ZendAfi/Controller/Action/Helper/FlashMessenger.php -text
 library/ZendAfi/Controller/Action/Helper/Notify.php -text

--- a/application/modules/opac/controllers/AuthController.php
+++ b/application/modules/opac/controllers/AuthController.php
@@ -64,30 +64,6 @@ class AuthController extends Zend_Controller_Action
 	}
-	public static function addURLparameter($url, $parameter) {
-		assert('is_array($parameter)');
-		$queryStart = strpos($url, '?');
-		if($queryStart === FALSE) {
-			$oldQuery = array();
-			$url .= '?';
-		} else {
-			$oldQuery = substr($url, $queryStart + 1);
-			if($oldQuery === FALSE) {
-				$oldQuery = array();
-			} else {
-				$oldQuery = self::parseQueryString($oldQuery);
-			}
-			$url = substr($url, 0, $queryStart + 1);
-		}
-		$query = array_merge($oldQuery, $parameter);
-		$url .= http_build_query($query, '', '&');
-		return $url;
-	}
 //------------------------------------------------------------------------------------------------------
 // Login normal

--- a/application/modules/opac/controllers/CasServerController.php
+++ b/application/modules/opac/controllers/CasServerController.php
@@ -34,42 +34,7 @@ class CasServerController extends Zend_Controller_Action {
 	function indexAction() {
 	}
-	function loginAction() {
-		$this->values=$this->_request->getParams();
-		$service = $this->_request->getParam('service');
-/*		if (isset($this->_request->getParam('renew')) && $this->_request->getParam('renew')) 
-			$forceAuthn=$this->_request->getParam('renew');
-		if (isset($this->_request->getParam('gateway')) && $this->_request->getParam('gateway'))
-			$isPassive = $this->_request->getParam('gateway');
-*/	
-		$username=$this->_request->getParam('username');
-		$password = $this->_request->getParam('password');	
-		if ($username && $password)
-			if (!ZendAfi_Auth::getInstance()->authenticateLoginPassword($username, $password))
-				echo "identifiant incorrect";
-				//return $this->view->_('Identifiant ou mot de passe incorrect.');
-			else {
-				$user = Class_Users::getIdentity();
-				$this->_helper->trackEvent('authentification', 'login', $user->getId());
-			}
-		$ticket = Zend_Session::getId();
-		$this->getResponse()->setBody($response);
-//		$this->_redirect($this->addURLparameter($service,['ticket' => $ticket]));
-	}
-	public static function getTicket() {
-		return Zend_Session::getId();
-	}
 	public function returnValidTicketResponse($username,$ticket) {
 		$this->getResponse()->setHeader('Content-Type', 'application/xml;charset=utf-8');
@@ -97,29 +62,6 @@ class CasServerController extends Zend_Controller_Action {
 	}
-	public static function addURLparameter($url, $parameter) {
-		assert('is_array($parameter)');
-		$queryStart = strpos($url, '?');
-		if($queryStart === FALSE) {
-			$oldQuery = array();
-			$url .= '?';
-		} else {
-			$oldQuery = substr($url, $queryStart + 1);
-			if($oldQuery === FALSE) {
-				$oldQuery = array();
-			} else {
-				$oldQuery = self::parseQueryString($oldQuery);
-			}
-			$url = substr($url, 0, $queryStart + 1);
-		}
-		$query = array_merge($oldQuery, $parameter);
-		$url .= http_build_query($query, '', '&');
-		return $url;
-	}
 	function serviceValidateAction() {
 		$this->getResponse()->setHeader('Content-Type', 'application/xml;charset=utf-8');
@@ -138,47 +80,21 @@ class CasServerController extends Zend_Controller_Action {
 			return $this->returnFailureTicketResponse('INVALID_REQUEST');
 			}
-		$session_exists=self::getFileWriter()->fileExists(session_save_path().'/sess_'.$ticket);
+		$serialized_session=Zend_Registry::get('cache')->load($ticket);
-		if ($session_exists) {
+		if ($serialized_session) {
-			$username=$this->_request->getParam('identifiant');
+			$session = unserialize($serialized_session);
-			return $this->returnValidTicketResponse($username,$ticket);
+			$userid=$this->_request->getParam('identifiant');
+			if ($session->ID_USER == $userid)
+				return $this->returnValidTicketResponse($userid,$ticket);
 		}
 		return $this->returnFailureTicketResponse('INVALID_TICKET',$ticket);
 		$username=ZendAfi_Auth::getInstance();
 		return $this->returnValidTicketResponse($username,$ticket);
 	}
-	function unserializeSessionFile() {
-		// le truc qui ne fonctionne pas sur serveur de prod
-    //file_get_contents(): open_basedir restriction in effect. File(/var/lib/php/session/sess_265e289842193853a77a40657418f752) is not within the allowed path(s): (/var/www/html/vhosts/opac2/www) in /var/www/html/vhosts/opac2/www/php/afi-opacce/library/Class/FileWriter.php on line 38
-	$session_contents=self::getFileWriter()->getContents(session_save_path().'/sess_'.$ticket);
-		$datas=explode('|',$session_contents);
-		foreach ($datas as $data) {
-			try {
-			$my_unserialize_data=unserialize($data);
-			} catch (exception $e) {
-				continue;
-			}
-			if (is_array($my_unserialize_data) && isset($my_unserialize_data['storage'])) {
-				$storage=$my_unserialize_data['storage'];
-				if (isset($storage->LOGIN)) {
-					$username=$storage->LOGIN;
-					return $this->returnValidTicketResponse($username,$ticket);
-				}
-				if (isset($storage->login)) {
-					$username=$storage->login;
-					return $this->returnValidTicketResponse($username,$ticket);
-				}
-			}
-		}
-	}
 	function proxyAction() {
 	}

--- a/library/ZendAfi/Auth.php
+++ b/library/ZendAfi/Auth.php
@@ -24,7 +24,7 @@ class ZendAfi_Auth extends Zend_Auth {
 		if (null === self::$_instance) {
 			$instance = new self();
 			$instance->setStorage(
-				new Zend_Auth_Storage_Session(Zend_Auth_Storage_Session::NAMESPACE_DEFAULT
+				new ZendAfi_Auth_Storage_Session(ZendAfi_Auth_Storage_Session::NAMESPACE_DEFAULT
 					                            . md5(BASE_URL)));
 			self::$_instance = $instance;
 		}
@@ -58,6 +58,7 @@ class ZendAfi_Auth extends Zend_Auth {
 	}
 	public function authenticateLoginPassword($login, $password, $adapters = null) {
 		if (!$adapters)
 			$adapters = $this->getOrderedAdaptersForLoginPassword($login, $password);

--- a/library/ZendAfi/Auth/Storage/Session.php
+++ b/library/ZendAfi/Auth/Storage/Session.php
+<?php
+/**
+ * Copyright (c) 2012, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * AFI-OPAC 2.0 is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * AFI-OPAC 2.0 is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with AFI-OPAC 2.0; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA 
+ */
+class ZendAfi_Auth_Storage_Session extends Zend_Auth_Storage_Session {
+	public function write($contents) {
+		xdebug_break();
+		parent::write($contents);
+		Zend_Registry::get('cache')->save(serialize($contents),md5(Zend_Session::getId()));
+	}
+}
+?>
\ No newline at end of file
--- a/tests/application/modules/opac/controllers/CasServerControllerTest.php
+++ b/tests/application/modules/opac/controllers/CasServerControllerTest.php
@@ -27,24 +27,9 @@ class CasServerControllerValidateActionTest extends AbstractControllerTestCase {
 	public function setUp() {
 		parent::setUp();
+		$user = new StdClass();
-		$this->session_file_contents_nologin = Storm_Test_ObjectWrapper::mock();
+		$user->ID_USER=300;
-		$this->session_file_contents_nologin
+		Zend_Registry::get('cache')->save(serialize($user),md5(Zend_Session::getId()));
-			->whenCalled('fileExists')
-			->answers(false)
-			->whenCalled('getContents')
-			->answers('8801b6c24c4d369a55a96252ed121d5c|a:2:{s:9:"id_profil";i:2;s:18:"previous_id_profil";i:2;}selection_bib|a:4:{s:7:"message";s:19:"selection bib sucks";s:10:"nb_notices";i:12
-345;s:4:"html";s:151:"<div style="width:100%"><h2>selection bib sucks</h2><a href="/afi-opac3/bib/selection" >Chercher dans les biblioth&egrave;ques de votre choix</a></di
-v>";s:7:"id_bibs";s:0:"";}Zend_Auth8801b6c24c4d369a55a96252ed121d5c|a:1:{s:7:"storage";O:8:"stdClass":8:{s:8:"username";s:18:"AutoTest1369920419";s:8:"password";s:32:"5f4d
-cc3b5aa765d61d8327deb882cf99";s:7:"ID_USER";i:666;s:10:"ROLE_LEVEL";i:6;s:4:"ROLE";s:13:"admin_portail";s:7:"ID_SITE";i:1;s:9:"confirmed";b:1;s:7:"enabled";b:1;}}');
-		$this->session_file_contents_logged = Storm_Test_ObjectWrapper::mock();
-		$this->session_file_contents_logged
-			->whenCalled('fileExists')
-			->answers(true)
-			->whenCalled('getContents')
-			->answers('8801b6c24c4d369a55a96252ed121d5c|a:4:{s:11:"initialized";b:1;s:7:"baseUrl";s:10:"/afi-opac3";s:18:"previous_id_profil";i:1;s:9:"id_profil";i:1;}nombre_geo|a:1:{s:3:"all";s:6:"529508";}selection_bib|a:3:{s:7:"message";s:78:"La recherche s effectue dans toutes les biblioth&egrave;ques du r&eacute;seau.";s:10:"nb_notices";s:7:"529 508";s:4:"html";s:210:"<div style="width:100%"><h2>La recherche s effectue dans toutes les biblioth&egrave;ques du r&eacute;seau.</h2><a href="/afi-opac3/bib/selection" >Chercher dans les biblioth&egrave;ques de votre choix</a></div>";}admin|a:1:{s:19:"filtre_localisation";a:2:{s:7:"id_zone";s:3:"ALL";s:6:"id_bib";s:3:"ALL";}}Zend_Auth8801b6c24c4d369a55a96252ed121d5c|a:1:{s:7:"storage";O:8:"stdClass":24:{s:7:"ID_USER";i:1;s:3:"NOM";s:0:"";s:6:"PRENOM";s:0:"";s:9:"NAISSANCE";s:0:"";s:7:"ID_SITE";i:0;s:5:"login";s:7:"marteau";s:8:"PASSWORD";s:4:"bang";s:4:"ROLE";s:11:"super_admin";s:10:"ROLE_LEVEL";i:7;s:6:"IDABON";s:1:"0";s:9:"ORDREABON";i:0;s:6:"PSEUDO";s:6:"sysadm";s:4:"MAIL";s:0:"";s:6:"STATUT";i:1;s:3:"CLE";s:0:"";s:10:"DATE_DEBUT";s:0:"";s:8:"DATE_FIN";s:0:"";s:7:"ID_SIGB";N;s:9:"TELEPHONE";s:0:"";s:7:"ADRESSE";N;s:11:"CODE_POSTAL";N;s:5:"VILLE";N;s:14:"IS_CONTACT_SMS";i:0;s:15:"IS_CONTACT_MAIL";i:0;}}');
-		CasServerController::setFileWriter($this->session_file_contents_nologin);
 	}
@@ -57,17 +42,17 @@ cc3b5aa765d61d8327deb882cf99";s:7:"ID_USER";i:666;s:10:"ROLE_LEVEL";i:6;s:4:"ROL
 	/** @test */
 	public function requestWithInvalidTicketShouldRespondInvalidTicketFailureXML() {		
-		$this->dispatch('/opac/cas-server/validate?ticket=ST-marchepo&service=http://test.com');
+		$this->dispatch('/opac/cas-server/validate?ticket=STmarchepo&service=http://test.com',true);
-		$this->assertContains('<cas:authenticationFailure code="INVALID_TICKET"> Ticket ST-marchepo not recognized</cas:authenticationFailure>',$this->_response->getBody());
+		$this->assertContains('<cas:authenticationFailure code="INVALID_TICKET"> Ticket STmarchepo not recognized</cas:authenticationFailure>',$this->_response->getBody());
 	}
 	/** @test */
 	public function requestWithValidTicketShouldRespondValidXML() {		
-		CasServerController::setFileWriter($this->session_file_contents_logged);
-		$this->dispatch('/opac/cas-server/validate?identifiant=marteau&ticket=ST-quimarche&service=http://test.com');
+		$this->dispatch('/opac/cas-server/validate?identifiant=300&ticket='.md5(Zend_Session::getId()).'&service=http://test.com');
-		$this->assertContains('<cas:user>marteau</cas:user>',$this->_response->getBody());
+		$this->assertContains('<cas:user>300</cas:user>',$this->_response->getBody());
-		$this->assertContains('<cas:proxyGrantingTicket>ST-quimarche',$this->_response->getBody());
+		$this->assertContains('<cas:proxyGrantingTicket>',$this->_response->getBody());
 	}
 }
--- a/tests/library/ZendAfi/AuthTest.php
+++ b/tests/library/ZendAfi/AuthTest.php
@@ -20,10 +20,32 @@
 */
 class AuthSessionNamespaceTest extends PHPUnit_Framework_TestCase {
+	public function setUp() {
+		$this->old_cache=Zend_Registry::get('cache');
+		$this->cache_mock=Storm_Test_ObjectWrapper::mock();
+		$this->cache_mock->whenCalled('save')
+			->answers(true);
+		Zend_Registry::set('cache',$this->cache_mock);
+		$zendAuth = ZendAfi_Auth::getInstance();
+		$this->islogged=$zendAuth->authenticateLoginPassword('sysadm','adminPassword',[new Mock_ZendAfi_Auth_MD5_Adapter()]);
+	}
+	public function tearDown()  {
+		Zend_Registry::set('cache',$this->old_cache);
+	}
 	/** @test */
 	public function sessionStorageNamespaceShouldVaryOnBaseUrl() {
 		$this->assertEquals('Zend_Auth' . md5(BASE_URL),
 			                  ZendAfi_Auth::getInstance()->getStorage()->getNamespace());
 	}
@@ -31,8 +53,12 @@ class AuthSessionNamespaceTest extends PHPUnit_Framework_TestCase {
 	 * @test 
 	 */
 	public function validAuthenticationInMd5ShouldRedirect()	{
-		$zendAuth = ZendAfi_Auth::getInstance();
+		$this->assertTrue($this->islogged);
-		$this->assertTrue($zendAuth->authenticateLoginPassword('sysadm','adminPassword',[new Mock_ZendAfi_Auth_MD5_Adapter()]));
+	}
+/** @test */
+	public function validAuthenticationShouldBeStoredInCache() {
+		$this->assertEquals('sysadm',unserialize($this->cache_mock->getFirstAttributeForLastCallOn('save'))->LOGIN);
 	}
 }