Apache2-AuthCASSimple
view release on metacpan or search on metacpan
lib/Apache2/AuthCASSimple.pm view on Meta::CPAN
use Apache2::Connection;
use Apache2::RequestIO;
use URI::Escape;
use vars qw($VERSION);
$VERSION = '0.10';
#
# handler()
#
# Called by apache/mod_perl
#
sub handler ($) {
my $r = shift;
my $log = $r->log();
# does it need to do something ?
#return DECLINED unless($r->ap_auth_type() eq __PACKAGE__);
$log->info(__PACKAGE__.": == Entering into authentification process.:" );
$log->info(__PACKAGE__.": == ".$r->method.' '.$r->uri() .' '.$r->args() );
$log->info(__PACKAGE__.": == ".$r->connection->remote_ip() );
# Get module config (Apache Perl SetVAR values)
my $cas_session_timeout = $r->dir_config('CASSessionTimeout') || 60;
my $cas_ssl = $r->dir_config('CASServerNoSSL')?0:1;
my $cas_name = $r->dir_config('CASServerName') || 'my.casserver.com';
my $cas_port = $r->dir_config('CASServerPort') ? ':'.$r->dir_config('CASServerPort') : ':443' ;
$cas_port = '' if ( $cas_port eq ':443' && $cas_ssl );
my $cas_path = $r->dir_config('CASServerPath') || '/' ;
$cas_path = '' if ($cas_path eq '/');
my $mod_proxy = $r->dir_config('ModProxy');
# Check for internal session
my $user;
if($cas_session_timeout >= 0 && ($user = _get_user_from_session($r))) {
$log->info(__PACKAGE__.": Session found for user $user.");
$r->user($user);
return OK;
}
elsif($cas_session_timeout >= 0) {
$log->info(__PACKAGE__.": No session found.");
}
else {
$log->info(__PACKAGE__.": Session disabled.");
}
# instance CAS object
my ($cas, %options);
$options{casUrl} = ($cas_ssl ? 'https://' : 'http://').$cas_name.$cas_port.$cas_path;
# $log->info('==casUrl==='.$options{casUrl}.'____');
# $options{CAFile} = $cfg->{_ca_file} if ($cfg->{_cas_ssl});
unless($cas = Authen::CAS::Client->new($options{casUrl}, fatal => 1)) {
$log->error(__PACKAGE__.": Unable to create CAS instance.");
return SERVER_ERROR;
}
my $requested_url = _get_requested_url($r,$mod_proxy);
my $login_url = uri_escape $requested_url;
$login_url = $cas->login_url().$login_url;
#$log->info( '==login_url==='.$login_url.'____');
my %args = map { split '=', $_ } split '&', $r->args();
my $ticket = $args{'ticket'};
# redirect to CAS server unless ticket parameter
unless ($ticket) {
$log->info(__PACKAGE__.": No ticket, client redirected to CAS server. ".$login_url);
$r->headers_out->add("Location" => $login_url);
return REDIRECT;
}
# Validate the ticket we received
if ($ticket=~/^PT/) {
my $r = $cas->proxy_validate( $requested_url, $ticket );
if( $r->is_success() ) {
$user=$r->user();
$log->info(__PACKAGE__.": Validate PT on CAS Proxy server. ".join ",", $r->proxies());
};
}
else {
$log->info(__PACKAGE__.": Validate ST $ticket on CAS Proxy server : $requested_url");
my $r = $cas->service_validate( $requested_url, $ticket );
if ( $r->is_success() ) {
$user = $r->user();
}
}
unless ($user) {
$log->info(__PACKAGE__.": Unable to validate ticket ".$ticket." on CAS server.");
$r->err_headers_out->add("Location" => $r->uri._str_args($r)); # remove ticket
return REDIRECT;
}
$log->info(__PACKAGE__.": Ticket ".$ticket." succesfully validated for $user");
if ( $user ) {
$r->user($user);
my $str_args = _str_args($r); # remove ticket
$log->info(__PACKAGE__.": New session ".$r->uri() ."--".$r->args());
# if we are there (and timeout is set), we can create session data and cookie
_create_user_session($r) if($cas_session_timeout >= 0);
$log->debug("Location => ".$r->uri . ($str_args ? '?' . $str_args : ''));
$r->err_headers_out->add("Location" => $r->uri . ($str_args ? '?' . $str_args : '') );
# if session, redirect remove ticket in url
return ($cas_session_timeout >= 0)?REDIRECT:OK;
}
return DECLINED;
}
#
# _get_args
#
# Stringify args
( run in 2.873 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )