1 | <?php |
||
2 | |||
3 | /* |
||
4 | * simpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a simpleSAMLphp module |
||
5 | * |
||
6 | * Copyright (C) 2013 Bjorn R. Jensen |
||
7 | * |
||
8 | * This library is free software; you can redistribute it and/or |
||
9 | * modify it under the terms of the GNU Lesser General Public |
||
10 | * License as published by the Free Software Foundation; either |
||
11 | * version 2.1 of the License, or (at your option) any later version. |
||
12 | * |
||
13 | * This library is distributed in the hope that it will be useful, |
||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
||
16 | * Lesser General Public License for more details. |
||
17 | * |
||
18 | * You should have received a copy of the GNU Lesser General Public |
||
19 | * License along with this library; if not, write to the Free Software |
||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
||
21 | * |
||
22 | * Incoming parameters: |
||
23 | * targetService |
||
24 | * pgt |
||
25 | * |
||
26 | */ |
||
27 | |||
28 | require_once('utility/urlUtils.php'); |
||
29 | |||
30 | $casconfig = \SimpleSAML\Configuration::getConfig('module_casserver.php'); |
||
31 | |||
32 | /* Instantiate protocol handler */ |
||
33 | $protocolClass = \SimpleSAML\Module::resolveClass('casserver:Cas20', 'Cas_Protocol'); |
||
34 | /** @psalm-suppress InvalidStringClass */ |
||
35 | $protocol = new $protocolClass($casconfig); |
||
36 | |||
37 | $legal_target_service_urls = $casconfig->getValue('legal_target_service_urls', []); |
||
38 | |||
39 | if ( |
||
40 | array_key_exists('targetService', $_GET) && |
||
41 | checkServiceURL(sanitize($_GET['targetService']), $legal_target_service_urls) && array_key_exists('pgt', $_GET) |
||
0 ignored issues
–
show
Deprecated Code
introduced
by
Loading history...
|
|||
42 | ) { |
||
43 | $ticketStoreConfig = $casconfig->getValue('ticketstore', ['class' => 'casserver:FileSystemTicketStore']); |
||
44 | $ticketStoreClass = \SimpleSAML\Module::resolveClass($ticketStoreConfig['class'], 'Cas_Ticket'); |
||
45 | /** @psalm-suppress InvalidStringClass */ |
||
46 | $ticketStore = new $ticketStoreClass($casconfig); |
||
47 | |||
48 | $ticketFactoryClass = \SimpleSAML\Module::resolveClass('casserver:TicketFactory', 'Cas_Ticket'); |
||
49 | /** @psalm-suppress InvalidStringClass */ |
||
50 | $ticketFactory = new $ticketFactoryClass($casconfig); |
||
51 | |||
52 | $proxyGrantingTicket = $ticketStore->getTicket($_GET['pgt']); |
||
53 | |||
54 | if (!is_null($proxyGrantingTicket) && $ticketFactory->isProxyGrantingTicket($proxyGrantingTicket)) { |
||
55 | $sessionTicket = $ticketStore->getTicket($proxyGrantingTicket['sessionId']); |
||
56 | |||
57 | if ( |
||
58 | !is_null($sessionTicket) && |
||
59 | $ticketFactory->isSessionTicket($sessionTicket) && |
||
60 | !$ticketFactory->isExpired($sessionTicket) |
||
61 | ) { |
||
62 | $proxyTicket = $ticketFactory->createProxyTicket( |
||
63 | ['service' => $_GET['targetService'], |
||
64 | 'forceAuthn' => $proxyGrantingTicket['forceAuthn'], |
||
65 | 'attributes' => $proxyGrantingTicket['attributes'], |
||
66 | 'proxies' => $proxyGrantingTicket['proxies'], |
||
67 | 'sessionId' => $proxyGrantingTicket['sessionId'] |
||
68 | ] |
||
69 | ); |
||
70 | |||
71 | $ticketStore->addTicket($proxyTicket); |
||
72 | |||
73 | echo $protocol->getProxySuccessResponse($proxyTicket['id']); |
||
74 | } else { |
||
75 | $message = 'Ticket ' . var_export($_GET['pgt'], true) . ' has expired'; |
||
76 | |||
77 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||
78 | |||
79 | echo $protocol->getProxyFailureResponse('BAD_PGT', $message); |
||
80 | } |
||
81 | } elseif (!$ticketFactory->isProxyGrantingTicket($proxyGrantingTicket)) { |
||
82 | $message = 'Not a valid proxy granting ticket id: ' . var_export($_GET['pgt'], true); |
||
83 | |||
84 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||
85 | |||
86 | echo $protocol->getProxyFailureResponse('BAD_PGT', $message); |
||
87 | } else { |
||
88 | $message = 'Ticket ' . var_export($_GET['pgt'], true) . ' not recognized'; |
||
89 | |||
90 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||
91 | |||
92 | echo $protocol->getProxyFailureResponse('BAD_PGT', $message); |
||
93 | } |
||
94 | } elseif (!array_key_exists('targetService', $_GET)) { |
||
95 | $message = 'Missing target service parameter [targetService]'; |
||
96 | |||
97 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||
98 | |||
99 | echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message); |
||
100 | } elseif (!checkServiceURL(sanitize($_GET['targetService']), $legal_target_service_urls)) { |
||
101 | $message = 'Target service parameter not listed as a legal service: [targetService] = ' . |
||
102 | var_export($_GET['targetService'], true); |
||
103 | |||
104 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||
105 | |||
106 | echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message); |
||
107 | } else { |
||
108 | $message = 'Missing proxy granting ticket parameter: [pgt]'; |
||
109 | |||
110 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||
111 | |||
112 | echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message); |
||
113 | } |
||
114 |