view release on metacpan or  search on metacpan

lib/Apache2/AuthCASSimple.pm  view on Meta::CPAN

  # does it need to do something ?
  #return DECLINED unless($r->ap_auth_type() eq __PACKAGE__);

  $log->info(__PACKAGE__.": == Entering into authentification process.:" );
  $log->info(__PACKAGE__.": == ".$r->method.' '.$r->uri() .' '.$r->args() );
  $log->info(__PACKAGE__.": == ".$r->connection->remote_ip() );

  # Get module config (Apache Perl SetVAR values)
  my $cas_session_timeout = $r->dir_config('CASSessionTimeout') || 60;
  my $cas_ssl = $r->dir_config('CASServerNoSSL')?0:1;
  my $cas_name = $r->dir_config('CASServerName') || 'my.casserver.com';
  my $cas_port = $r->dir_config('CASServerPort') ? ':'.$r->dir_config('CASServerPort') : ':443' ;
  $cas_port = '' if ( $cas_port eq ':443' && $cas_ssl );
  my $cas_path = $r->dir_config('CASServerPath') || '/' ;
  $cas_path = '' if ($cas_path eq '/');
  my $mod_proxy = $r->dir_config('ModProxy');

  # Check for internal session
  my $user;
  if($cas_session_timeout >= 0 && ($user = _get_user_from_session($r))) {
    $log->info(__PACKAGE__.": Session found for user $user.");
    $r->user($user);
    return OK;
  }
  elsif($cas_session_timeout >= 0) {
    $log->info(__PACKAGE__.": No session found.");
  }
  else {
    $log->info(__PACKAGE__.": Session disabled.");
  }

  # instance CAS object
  my ($cas, %options);
  $options{casUrl} = ($cas_ssl ? 'https://' : 'http://').$cas_name.$cas_port.$cas_path;
 # $log->info('==casUrl==='.$options{casUrl}.'____');
 # $options{CAFile} = $cfg->{_ca_file} if ($cfg->{_cas_ssl});

  unless($cas = Authen::CAS::Client->new($options{casUrl}, fatal => 1)) {
    $log->error(__PACKAGE__.": Unable to create CAS instance.");
    return SERVER_ERROR;
  }

  my $requested_url = _get_requested_url($r,$mod_proxy);
  my $login_url = uri_escape $requested_url;
  $login_url = $cas->login_url().$login_url;
  #$log->info( '==login_url==='.$login_url.'____');

  my %args = map { split '=', $_ }  split '&', $r->args();
  my $ticket = $args{'ticket'};
  # redirect to CAS server unless ticket parameter
  unless ($ticket) {
    $log->info(__PACKAGE__.": No ticket, client redirected to CAS server. ".$login_url);
    $r->headers_out->add("Location" => $login_url);
    return REDIRECT;
  }


  # Validate the ticket we received
  if ($ticket=~/^PT/) {
      my $r = $cas->proxy_validate( $requested_url, $ticket );
        if( $r->is_success() ) {
            $user=$r->user();
            $log->info(__PACKAGE__.": Validate PT on CAS Proxy server. ".join ",", $r->proxies());
        };
  }
  else {
      $log->info(__PACKAGE__.": Validate ST $ticket on CAS Proxy server : $requested_url");
      my $r = $cas->service_validate( $requested_url, $ticket );
      if ( $r->is_success() ) {
        $user = $r->user();
      }
  }

  unless ($user) {
    $log->info(__PACKAGE__.": Unable to validate ticket ".$ticket." on CAS server.");
    $r->err_headers_out->add("Location" => $r->uri._str_args($r)); # remove ticket
    return REDIRECT;
  }

  $log->info(__PACKAGE__.": Ticket ".$ticket." succesfully validated for $user");

  if ( $user ) {
   $r->user($user);
   my $str_args = _str_args($r); # remove ticket

   $log->info(__PACKAGE__.": New session ".$r->uri() ."--".$r->args());

   # if we are there (and timeout is set), we can create session data and cookie
   _create_user_session($r) if($cas_session_timeout >= 0);
   $log->debug("Location => ".$r->uri . ($str_args ? '?' . $str_args : ''));
   $r->err_headers_out->add("Location" => $r->uri . ($str_args ? '?' . $str_args : '') );

   # if session, redirect remove ticket in url
   return ($cas_session_timeout >= 0)?REDIRECT:OK;
  }

  return DECLINED;

}

#
# _get_args
#
# Stringify args
#

sub _str_args ($;$) {
  my $r = shift;
  my $keep_ticket = shift;

  my %args = map { split '=', $_ }  split '&', $r->args();
  my @qs = ();

  foreach (sort {$a cmp $b} keys(%args)) {
    next if ($_ eq 'ticket' && !$keep_ticket);
    my $str = $args{$_};
    push(@qs, $_."=".$str);
  }

  my $str_args = join("\&", @qs);
  return $str_args;
}


#
# _get_requested_url()
#
# Return the URL requested by client (with args)
#
sub _get_requested_url ($$) {
  my $r = shift;
  my $mod_proxy = shift;
  my $is_https = $r->dir_config('HTTPSServer') || 0;

  my $port = $r->get_server_port();

  my $url = $is_https ? 'https://' : 'http://';
  $url .= $r->hostname();
  $url .= ':'.$port if (!$mod_proxy && ( ($is_https && $port != 443) || (!$is_https && $port != 80) ));
  $url .= $r->uri()._get_query_string($r);