Commit c5473a14 authored by efalcy's avatar efalcy
Browse files

Fix cas server v3 when login from service

parent 3f253f9e
Pipeline #14946 failed with stage
in 38 minutes and 9 seconds
......@@ -176,6 +176,7 @@ class AuthController extends ZendAfi_Controller_Action {
});
$service = $this->_getParam('service', '');
$cas = $this->_getParam('cas');
$url_action = $this->view->url(($form_action = $strategy->getFormAction($this->view->id_module))
? $form_action
......@@ -184,9 +185,10 @@ class AuthController extends ZendAfi_Controller_Action {
'id_module' => $this->view->id_module]);
$datas = $this->_getInspector()
->addToParams(['redirect_url' => $redirect,
'service' => $service,
'id_notice' => $this->view->id_notice]);
->addToParams(array_filter(['redirect_url' => $redirect,
'service' => $service,
'cas' => $cas,
'id_notice' => $this->view->id_notice]));
$settings = array_merge(['Preferences' => $preferences],
['FormOptions' => ['data' => array_merge($preferences, $datas),
......
......@@ -123,10 +123,16 @@ class CasServerController extends ZendAfi_Controller_Action {
public function loginAction() {
$this->_addParamsOnRequest();
$this->_forward('login', 'auth');
}
public function _addParamsOnRequest() {
return $this;
}
public function logoutAction() {
ZendAfi_Auth::getInstance()->clearIdentity();
if ($url_redirect = $this->_getParam('url'))
......
......@@ -45,5 +45,11 @@ class CasServerV3Controller extends CasServerController {
protected function _getCasTicket($service) {
return (new Class_CasTicketV3($service));
}
public function _addParamsOnRequest() {
$this->_request->setParam('cas','v3');
return $this;
}
}
?>
......@@ -50,6 +50,7 @@ trait Trait_Auth_CasAware {
return $url_musicme;
$ticket = $this->_getCasTicket()->getTicketForCurrentUser();
$queries = [];
$url_cas = array_merge(['query'=> '', 'path' => ''],
parse_url($this->_getServerUrl()));
......@@ -63,6 +64,21 @@ trait Trait_Auth_CasAware {
}
protected function _hasPermission() {
$service = $this->_getServerUrl();
if (!$user = Class_Users::getIdentity())
return false;
$digital_resource = Class_DigitalResource::getInstance();
return ($plugin = $digital_resource->getPluginsSSOActions()
->detect(function ($plugin) use ($service) {
return FALSE !== stristr($service, $plugin);
}))
? $digital_resource->hasPermissionOn($plugin, $user)
: true;
}
protected function _redirectMusicme() {
return (strpos($this->_getServerUrl(), 'musicme') !== false)
? Musicme_Config::getInstance()->getSsoUrl(Class_Users::getIdentity())
......@@ -77,6 +93,10 @@ class Class_Auth_CasLogged extends Class_Auth_Logged {
use Trait_Auth_CasAware;
public function prepareLogin() {
if (!$this->_hasPermission()) {
$this->controller->notify($this->_('Vous n\'avez pas les droits d\'accès à la ressource'));
return $this->redirect_url= '/opac';
}
$this->_getCasTicket()->save();
......@@ -93,6 +113,11 @@ class Class_Auth_CasNotLogged extends Class_Auth_NotLogged {
use Trait_Auth_CasAware;
protected function _doOnLoginSuccess() {
if (!$this->_hasPermission()) {
$this->controller->notify($this->_('Vous n\'avez pas les droits d\'accès à la ressource'));
return $this->redirect_url = '/opac';
}
$this->_getCasTicket()->save();
$this->redirect_url = $this->_urlServiceCas();
......
......@@ -28,7 +28,8 @@ class Class_CasTicket {
public static function newFor($request) {
return ($service = $request->getParam('service'))
&& ($request->getParam('controller') == 'cas-server-v3')
&& (($request->getParam('controller') == 'cas-server-v3')
|| $request->getParam('cas','') == 'v3')
? new Class_CasTicketV3($service)
: (new Class_CasTicket());
}
......@@ -89,8 +90,8 @@ class Class_CasTicket {
public function userForTicket($ticket) {
if (($id = (new Storm_Cache())->load($this->withoutPrefix($ticket)))
&& !is_array($id))
return Class_Users::find($id);
&& !is_object($id))
return Class_Users::find((int)$id);
$this->_setErrorCode(static::CODE_INVALID_TICKET);
return;
}
......
......@@ -64,6 +64,12 @@ class Class_CasTicketV3 extends Class_CasTicket{
return;
}
if (!$cas_cache instanceof CasTicketV3Cache) {
$this->_setErrorCode(static::CODE_INVALID_SERVICE);
$this->clear($ticket);
return;
}
if ($cas_cache->getService() != $this->_service) {
$this->_setErrorCode(static::CODE_INVALID_SERVICE);
$this->clear($ticket);
......@@ -113,7 +119,6 @@ class CasTicketV3Cache {
public function isExpired($date) {
xdebug_break();
return $this->_expired_at < $date;
}
}
......@@ -120,12 +120,19 @@ class ZendAfi_Form_Login extends ZendAfi_Form {
}
if(strlen($this->_service)>1){
$this->addElement('hidden',
'service',
['value' => $this->_service]);
array_push($group, 'redirect');
array_push($group, 'service');
}
if (isset($this->_data['cas']) && $this->_data['cas'] == 'v3') {
$this->addElement('hidden',
'cas',
['value' => 'v3']);
array_push($group, 'cas');
}
......@@ -159,4 +166,4 @@ class ZendAfi_Form_Login extends ZendAfi_Form {
$title = $element->placeholder ? $element->placeholder : $default;
$element->setAttrib('title', $title);
}
}
\ No newline at end of file
}
......@@ -156,6 +156,20 @@ class ArtipsSsoTest extends ArtipsActivatedTestCase {
$this->dispatch('/opac/modules/artips/album_id/2');
$this->assertXPathContentContains('//script' , 'document.location.href="http://www.artipslink.com/login?redirect=myredirect');
}
/** @test */
public function whenLogginCasTicketShouldBeCasV3() {
$this->_user->beAbonneSIGB()->save();
$this->postDispatch('/opac/auth/login/redirect/%F',
['login' => $this->_user->getLogin(),
'password' => 'pwd',
'service' => 'http://arTips.com',
'cas' => 'v3']);
$cas = new Class_CasTicketV3('http://arTips.com');
$cas_ticket = $cas->getTicketForUser($this->_user);
$this->assertRedirectTo('http://arTips.com?ticket='.$cas_ticket);
}
}
......@@ -176,11 +190,24 @@ class ArtipsSsoUserNotInGroupTest extends ArtipsActivatedTestCase {
$this->assertFlashMessengerContentContains('Votre compte n\'est pas autorisé à accéder à cette ressource');
}
/** @test */
public function ssoWithAlbumShouldDisplayMessage() {
$this->dispatch('/opac/modules/artips/album_id/2');
$this->assertFlashMessengerContentContains('Votre compte n\'est pas autorisé à accéder à cette ressource');
}
/** @test */
public function whenLogginShouldReturnNotifyNotAccessAndRedirectToIndex() {
$this->postDispatch('/opac/auth/login/redirect/%F',
['login' => $this->_user->getLogin(),
'password' => 'pwd',
'service' => 'http://arTips.com',
'cas' => 'v3']);
$this->assertRedirectTo('/opac');
$this->assertFlashMessengerContentContains('Vous n\'avez pas les droits d\'accès à la ressource');
}
}
......
......@@ -34,6 +34,7 @@ class CasServerControllerV3ValidateActionTest extends AbstractControllerTestCase
Class_CasTicketV3::setTimeSource($time_source);
$user = Class_Users::newInstanceWithId(300,
['login' => '87364',
'password' => 'test',
'pseudo' => 'georges']);
$cas = (new Class_CasTicketV3('http://test.com'));
......@@ -106,6 +107,27 @@ class CasServerControllerV3ValidateActionTest extends AbstractControllerTestCase
}
/** @test */
public function whenLogginCasTicketShouldBeCasV3() {
$this->postDispatch('/opac/auth/login/redirect/%F',
['login' => '87364',
'password' => 'test',
'service' => 'http://test.com',
'cas' => 'v3']);
$cas = new Class_CasTicketV3('http://test.com');
$cas_ticket = $cas->getTicketForUser(Class_Users::getIdentity());
$this->assertRedirectTo('http://test.com?ticket='.$cas_ticket);
}
/** @test */
public function whenLogginFromCasV3ParamCasShouldBeInLogginForm() {
ZendAfi_Auth::getInstance()->clearIdentity();
$this->dispatch('/cas-server-v3/login?service='.urlencode('http://test.com'));
$this->assertXPath('//form//input[@name="cas"][@value="v3"][@type="hidden"]');
}
/** @test */
public function loginShouldRedirectToServiceWithTicket() {
ZendAfi_Auth::getInstance()->logUser(Class_Users::find(300));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment