X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=C4%2FAuth_with_cas.pm;h=174933321e250fa7341a38505f8554b586f389af;hb=cdbb63f856b2f8dafe3fbc73e1de3bac86a7fc64;hp=b09623295c2511f903d95818cdcd2849a577e339;hpb=16f1fffdd1f5d1c97db0bf664f83496864b7e24d;p=koha.git diff --git a/C4/Auth_with_cas.pm b/C4/Auth_with_cas.pm index b09623295c..174933321e 100644 --- a/C4/Auth_with_cas.pm +++ b/C4/Auth_with_cas.pm @@ -4,35 +4,35 @@ package C4::Auth_with_cas; # # This file is part of Koha. # -# Koha is free software; you can redistribute it and/or modify it under the -# terms of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. +# Koha is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. # -# Koha is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR -# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# Koha is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along -# with Koha; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with Koha; if not, see . use strict; use warnings; use C4::Debug; use C4::Context; -use C4::Utils qw( :all ); use Authen::CAS::Client; -use CGI; +use CGI qw ( -utf8 ); use FindBin; +use YAML; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug); BEGIN { require Exporter; - $VERSION = 3.03; # set the version for version checking + $VERSION = 3.07.00.049; # set the version for version checking $debug = $ENV{DEBUG}; @ISA = qw(Exporter); @EXPORT = qw(check_api_auth_cas checkpw_cas login_cas logout_cas login_cas_url); @@ -40,12 +40,12 @@ BEGIN { my $context = C4::Context->new() or die 'C4::Context->new failed'; my $defaultcasserver; my $casservers; -my $yamlauthfile = "../C4/Auth_cas_servers.yaml"; +my $yamlauthfile = C4::Context->config('intranetdir') . "/C4/Auth_cas_servers.yaml"; # If there's a configuration for multiple cas servers, then we get it if (multipleAuth()) { - ($defaultcasserver, $casservers) = YAML::LoadFile(qq($FindBin::Bin/$yamlauthfile)); + ($defaultcasserver, $casservers) = YAML::LoadFile($yamlauthfile); $defaultcasserver = $defaultcasserver->{'default'}; } else { # Else, we fall back to casServerUrl syspref @@ -55,7 +55,7 @@ if (multipleAuth()) { # Is there a configuration file for multiple cas servers? sub multipleAuth { - return (-e qq($FindBin::Bin/$yamlauthfile)); + return (-e qq($yamlauthfile)); } # Returns configured CAS servers' list if multiple authentication is enabled @@ -65,39 +65,23 @@ sub getMultipleAuth { # Logout from CAS sub logout_cas { - my ($query) = @_; - my $uri = $ENV{'SCRIPT_URI'}; - my $casparam = $query->param('cas'); - # FIXME: This should be more generic and handle whatever parameters there might be - $uri .= "?cas=" . $casparam if (defined $casparam); - $casparam = $defaultcasserver if (not defined $casparam); - my $cas = Authen::CAS::Client->new($casservers->{$casparam}); + my ($query, $type) = @_; + my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type); print $query->redirect( $cas->logout_url($uri)); + print $query->redirect( $cas->logout_url(url => $uri)); } # Login to CAS sub login_cas { - my ($query) = @_; - my $uri = $ENV{'SCRIPT_URI'}; - my $casparam = $query->param('cas'); - # FIXME: This should be more generic and handle whatever parameters there might be - $uri .= "?cas=" . $casparam if (defined $casparam); - $casparam = $defaultcasserver if (not defined $casparam); - my $cas = Authen::CAS::Client->new($casservers->{$casparam}); + my ($query, $type) = @_; + my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type); print $query->redirect( $cas->login_url($uri)); } # Returns CAS login URL with callback to the requesting URL sub login_cas_url { - - my ($query, $key) = @_; - my $uri = $ENV{'SCRIPT_URI'}; - my $casparam = $query->param('cas'); - # FIXME: This should be more generic and handle whatever parameters there might be - $uri .= "?cas=" . $casparam if (defined $casparam); - $casparam = $defaultcasserver if (not defined $casparam); - $casparam = $key if (defined $key); - my $cas = Authen::CAS::Client->new($casservers->{$casparam}); + my ( $query, $key, $type ) = @_; + my ( $cas, $uri ) = _get_cas_and_service( $query, $key, $type ); return $cas->login_url($uri); } @@ -105,14 +89,9 @@ sub login_cas_url { # In our case : is there a ticket, is it valid and does it match one of our users ? sub checkpw_cas { $debug and warn "checkpw_cas"; - my ($dbh, $ticket, $query) = @_; + my ($dbh, $ticket, $query, $type) = @_; my $retnumber; - my $uri = $ENV{'SCRIPT_URI'}; - my $casparam = $query->param('cas'); - # FIXME: This should be more generic and handle whatever parameters there might be - $uri .= "?cas=" . $casparam if (defined $casparam); - $casparam = $defaultcasserver if (not defined $casparam); - my $cas = Authen::CAS::Client->new($casservers->{$casparam}); + my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type); # If we got a ticket if ($ticket) { @@ -145,7 +124,10 @@ sub checkpw_cas { $debug and warn "User $userid is not a valid Koha user"; } else { - $debug and warn "Invalid session ticket : $ticket"; + $debug and warn "Problem when validating ticket : $ticket"; + $debug and warn "Authen::CAS::Client::Response::Error: " . $val->error() if $val->is_error(); + $debug and warn "Authen::CAS::Client::Response::Failure: " . $val->message() if $val->is_failure(); + $debug and warn Data::Dumper::Dumper($@) if $val->is_error() or $val->is_failure(); return 0; } } @@ -155,17 +137,13 @@ sub checkpw_cas { # Proxy CAS auth sub check_api_auth_cas { $debug and warn "check_api_auth_cas"; - my ($dbh, $PT, $query) = @_; + my ($dbh, $PT, $query, $type) = @_; my $retnumber; - my $url = $query->url(); - - my $casparam = $query->param('cas'); - $casparam = $defaultcasserver if (not defined $casparam); - my $cas = Authen::CAS::Client->new($casservers->{$casparam}); + my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type); # If we have a Proxy Ticket if ($PT) { - my $r = $cas->proxy_validate( $url, $PT ); + my $r = $cas->proxy_validate( $uri, $PT ); # If the PT is valid if ( $r->is_success ) { @@ -203,6 +181,47 @@ sub check_api_auth_cas { return 0; } +# Get CAS handler and service URI +sub _get_cas_and_service { + my $query = shift; + my $key = shift; # optional + my $type = shift; + + my $uri = _url_with_get_params($query, $type); + + my $casparam = $defaultcasserver; + $casparam = $query->param('cas') if defined $query->param('cas'); + $casparam = $key if defined $key; + my $cas = Authen::CAS::Client->new( $casservers->{$casparam} ); + + return ( $cas, $uri ); +} + +# Get the current URL with parameters contained directly into URL (GET params) +# This method replaces $query->url() which will give both GET and POST params +sub _url_with_get_params { + my $query = shift; + my $type = shift; + + my $uri_base_part = ($type eq 'opac') ? + C4::Context->preference('OPACBaseURL') . $query->script_name(): + C4::Context->preference('staffClientBaseURL'); + + my $uri_params_part = ''; + foreach my $param ( $query->url_param() ) { + # url_param() always returns parameters that were deleted by delete() + # This additional check ensure that parameter was not deleted. + my $uriPiece = $query->param($param); + if ($uriPiece) { + $uri_params_part .= '&' if $uri_params_part; + $uri_params_part .= $param . '='; + $uri_params_part .= URI::Escape::uri_escape( $uriPiece ); + } + } + $uri_base_part .= '?' if $uri_params_part; + + return $uri_base_part . $uri_params_part; +} 1; __END__