Apache2-AuthCAS
view release on metacpan or search on metacpan
lib/Apache2/AuthCAS.pm view on Meta::CPAN
else
{
$self->logMsg("session '$sid' is invalid", $LOG_DEBUG);
}
return undef;
}
sub cleanup()
{
my($self) = @_;
$SESSION_CLEANUP_COUNTER++;
$self->logMsg("counter=$SESSION_CLEANUP_COUNTER", $LOG_DEBUG);
# perform session cleanup
if ($SESSION_CLEANUP_COUNTER == 1)
{
$self->delete_expired_sessions();
}
# reset counter if we have reached our threshold
$SESSION_CLEANUP_COUNTER = 0
if ($SESSION_CLEANUP_COUNTER >= $self->casConfig("SessionCleanupThreshold"));
}
sub add_basic_auth($$)
{
my($self, $user) = @_;
if ($self->casConfig("PretendBasicAuth"))
{
# setup this up for underlying authz modules that rely
# on Basic auth having been performed
$self->setHeader(1, 'Authorization'
, "Basic " . encode_base64($user . ":DUMMYPASS"));
$self->{'request'}->ap_auth_type("Basic");
$self->{'request'}->user($user);
}
}
sub redirect_without_ticket($)
{
my($self) = @_;
$self->logMsg("redirecting to remove service ticket from service string", $LOG_INFO);
$self->setHeader(0, 'Location', $self->this_url());
return (Apache2::Const::HTTP_MOVED_TEMPORARILY);
}
sub redirect_login($)
{
my($self) = @_;
$self->logMsg("start", $LOG_DEBUG);
my $service = $self->this_url(1);
$self->logMsg("redirecting to CAS for service: '$service'", $LOG_INFO);
$service = uri_escape($service);
$self->setHeader(0, 'Location', "https://"
. $self->casConfig("Host") . ":" . $self->casConfig("Port")
. $self->casConfig("LoginUri") . "?service=$service");
return (Apache2::Const::HTTP_MOVED_TEMPORARILY);
}
sub redirect($;$$)
{
my($self, $url, $errcode) = @_;
if ($url)
{
my $service = $self->this_url(1);
$self->logMsg("redirecting to url: '$url' service: '$service'", $LOG_INFO);
$self->setHeader(0, 'CAS_FILTER_CAS_HOST', $self->casConfig("Host"));
$self->setHeader(0, 'CAS_FILTER_CAS_PORT', $self->casConfig("Port"));
$self->setHeader(0, 'CAS_FILTER_CAS_LOGIN_URI', $self->casConfig("LoginUri"));
$self->setHeader(0, 'CAS_FILTER_SERVICE', $service);
$self->logMsg("redirecting to error page") if ($errcode);
$errcode = "" if (!$errcode);
$service = uri_escape($service);
$self->setHeader(0, 'Location'
, "$url?login_url=https://" . $self->casConfig("Host")
. ":" . $self->casConfig("Port") . $self->casConfig("LoginUri")
. "?service=$service&errcode=$errcode");
return (Apache2::Const::HTTP_MOVED_TEMPORARILY);
}
else
{
$self->logMsg("no redirect URL, displaying message", $LOG_INFO);
$self->{'request'}->content_type('text/html');
$self->{'request'}->print("<html><body>service misconfigured</body></html>");
$self->{'request'}->rflush();
return (Apache2::Const::HTTP_OK);
}
}
# params
# apache request object
# ticket to be validated
# returns a hash with keys on success
# 'user', 'pgtiou'
# NULL on failure
sub validate_service_ticket($$$)
{
my($self, $ticket) = @_;
my $proxy = $self->casConfig("ProxyService") ? "1" : "0";
my $service = $self->this_url(1);
$self->logMsg("Validating service ticket '$ticket' for service '$service'", $LOG_DEBUG);
my $url;
if ($proxy)
{
my $pgtUrl = $self->{'request'}->construct_url();
$url = $self->casConfig("ProxyValidateUri") . "?pgtUrl=$pgtUrl&";
}
else
{
$url = $self->casConfig("ServiceValidateUri") . "?";
}
$service = uri_escape($service);
$url .= "service=$service&ticket=$ticket";
$self->logMsg("request URL: '$url'", $LOG_DEBUG);
# Net::SSLeay::trace options
# 0=no debugging, 1=ciphers, 2=trace, 3=dump data
$Net::SSLeay::trace = ($self->casConfig("LogLevel") >= $LOG_EMERG) ? 3 : 0;
my($page) = Net::SSLeay::get_https(
$self->casConfig("Host"), $self->casConfig("Port"), $url);
$self->logMsg("response page: $page", $LOG_EMERG);
# if we had some type of connection problem
if (!defined($page))
{
$self->logMsg("error validating service");
return ($ERROR_CODES{"CAS_CONNECT"});
}
my $casResponse = eval { XMLin($page); } || {};
my($errorMsg, $user, $pgtiou);
if (my $successBlock = $casResponse->{"cas:authenticationSuccess"})
{
$user = $successBlock->{"cas:user"};
$self->logMsg("valid service ticket, user='$user'", $LOG_DEBUG);
# only try to get PGTIOU if we are doing proxy stuff
if ($proxy)
{
if ($pgtiou = $successBlock->{"cas:proxyGrantingTicket"})
{
$self->logMsg("proxying - pgtiou='$pgtiou'", $LOG_DEBUG);
}
else
{
$self->logMsg("proxying and no pgtiou in response from CAS", $LOG_ERROR);
$errorMsg = $ERROR_CODES{"PGT"};
}
}
}
elsif (my $failBlock = $casResponse->{"cas:authenticationFailure"})
{
$errorMsg = $failBlock->{"code"} . " " . $failBlock->{"content"};
$self->logMsg("authentication failure, access denied ($errorMsg)" , $LOG_DEBUG);
}
else
{
$self->logMsg("invalid service response", $LOG_DEBUG);
$errorMsg = $ERROR_CODES{"INVALID_RESPONSE"};
}
return ($errorMsg, $user, $pgtiou);
}
sub proxy_receptor($$$)
{
my($self, $pgtiou, $pgt) = @_;
# This is the proxy receptor.
( run in 0.882 second using v1.01-cache-2.11-cpan-39bf76dae61 )