Apache2-AuthCAS
view release on metacpan or search on metacpan
lib/Apache2/AuthCAS.pm view on Meta::CPAN
# default to 0
$SESSION_CLEANUP_COUNTER = 0 if (!defined($SESSION_CLEANUP_COUNTER));
sub dbConnect($)
{
my($self) = @_;
my $dbh = DBI->connect(
"dbi:" . $self->casConfig("DbDriver")
. ":" . $self->casConfig("DbDataSource"),
$self->casConfig("DbUser"), $self->casConfig("DbPass"),
{ AutoCommit => 1 }
);
if (!defined($dbh))
{
$self->logMsg("db connect error: $DBI::errstr");
return undef;
}
return $dbh;
}
sub getApacheConfig($)
{
my($self) = @_;
$self->{'casConfig'} = Apache2::Module::get_config('Apache2::AuthCAS::Configuration'
, $self->{'request'}->server
, $self->{'request'}->per_dir_config);
# Now add in our defaults
foreach my $key (keys(%DEFAULTS))
{
$self->{'casConfig'}->{$key} = $DEFAULTS{$key}
if !exists($self->{'casConfig'}->{$key});
}
$self->logMsg("Apache Config:", $LOG_DEBUG);
foreach my $key (sort(keys(%{$self->{'casConfig'}})))
{
my $val = $self->casConfig($key) || 'undef';
$self->logMsg(" $key => $val", $LOG_DEBUG);
}
}
sub casConfig($$)
{
my($self, $var) = @_;
return $self->{'casConfig'}->{$var};
}
sub logMsg($$;$)
{
my($self, $msg, $logLevel) = @_;
$logLevel = $LOG_ERROR if (!$logLevel);
if ($self->casConfig("LogLevel") >= $logLevel)
{
my $sub = (caller(1))[3];
$sub =~ /(\w+)$/;
$self->{'request'}->log->alert("CAS($$): $1: $msg");
}
}
# used for underlying services that need proxy tickets (PTs)
sub authenticate($$)
{
my($class, $r) = @_;
# Only authenticate the first internal request
return (Apache2::Const::OK) unless $r->is_initial_req;
# Let's make this easy on ourselves and pass an object around
# for reading config variables and the request object
my $self = {};
bless($self, ref $class || $class);
$self->{'request'} = $r;
$self->getApacheConfig();
# grab the uri that was requested
my $uri = $r->parsed_uri;
# Check for a logout request (CAS 3 single sign-off)
my $query = $uri->query() || "";
$query =~ /logoutRequest=(.*?)[&;]/;
my $logoutRequest = $1;
if ($logoutRequest)
{
$logoutRequest =~ /<samlp:SessionIndex>(ST-[0-9]+-[^<]+)<\/samlp:SessionIndex>/;
my $delete_service_ticket = $1;
$self->logMsg("deleting session mapping for service_ticket='$delete_service_ticket'", $LOG_DEBUG);
my $dbh = $self->dbConnect() or return 0;
$dbh->do("DELETE FROM " . $self->casConfig("DbSessionTable")
. " WHERE service_ticket= ?", undef, $delete_service_ticket
);
if ($dbh->err)
{
$self->logMsg("error deleting session mapping for service_ticket='$delete_service_ticket' ($DBI::errstr)", $LOG_DEBUG);
}
}
# perform any cleanup that is needed
$self->cleanup();
# see if any of our other handlers have specified that they have already
# sufficiently checked the authenticating user
my $authenticated = $r->subprocess_env->{'AUTHENTICATED'} || "";
$self->logMsg("authenticated='$authenticated'", $LOG_DEBUG);
return (Apache2::Const::OK) if ($authenticated eq "true");
# Parse the query string to get the ticket, plus any GET variables
# to rebuild our service string (which is needed for CAS to send the
# client back to the originating service).
my %params = $self->parse_query_parameters($uri->query);
( run in 0.943 second using v1.01-cache-2.11-cpan-5837b0d9d2c )