1 | <?php |
||||
2 | |||||
3 | /* |
||||
4 | * simpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a simpleSAMLphp module |
||||
5 | * |
||||
6 | * Copyright (C) 2013 Bjorn R. Jensen |
||||
7 | * |
||||
8 | * This library is free software; you can redistribute it and/or |
||||
9 | * modify it under the terms of the GNU Lesser General Public |
||||
10 | * License as published by the Free Software Foundation; either |
||||
11 | * version 2.1 of the License, or (at your option) any later version. |
||||
12 | * |
||||
13 | * This library is distributed in the hope that it will be useful, |
||||
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
||||
16 | * Lesser General Public License for more details. |
||||
17 | * |
||||
18 | * You should have received a copy of the GNU Lesser General Public |
||||
19 | * License along with this library; if not, write to the Free Software |
||||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
||||
21 | * |
||||
22 | * Incoming parameters: |
||||
23 | * targetService |
||||
24 | * pgt |
||||
25 | * |
||||
26 | */ |
||||
27 | |||||
28 | require_once('utility/urlUtils.php'); |
||||
29 | |||||
30 | $casconfig = \SimpleSAML\Configuration::getConfig('module_casserver.php'); |
||||
31 | |||||
32 | /* Instantiate protocol handler */ |
||||
33 | $protocolClass = \SimpleSAML\Module::resolveClass('casserver:Cas20', 'Cas_Protocol'); |
||||
34 | /** @psalm-suppress InvalidStringClass */ |
||||
35 | $protocol = new $protocolClass($casconfig); |
||||
36 | |||||
37 | $legal_target_service_urls = $casconfig->getValue('legal_target_service_urls', []); |
||||
38 | |||||
39 | if ( |
||||
40 | array_key_exists('targetService', $_GET) && |
||||
41 | checkServiceURL(sanitize($_GET['targetService']), $legal_target_service_urls) && array_key_exists('pgt', $_GET) |
||||
0 ignored issues
–
show
Deprecated Code
introduced
by
Loading history...
|
|||||
42 | ) { |
||||
43 | $ticketStoreConfig = $casconfig->getValue('ticketstore', ['class' => 'casserver:FileSystemTicketStore']); |
||||
44 | $ticketStoreClass = \SimpleSAML\Module::resolveClass($ticketStoreConfig['class'], 'Cas_Ticket'); |
||||
45 | /** @psalm-suppress InvalidStringClass */ |
||||
46 | $ticketStore = new $ticketStoreClass($casconfig); |
||||
47 | |||||
48 | $ticketFactoryClass = \SimpleSAML\Module::resolveClass('casserver:TicketFactory', 'Cas_Ticket'); |
||||
49 | /** @psalm-suppress InvalidStringClass */ |
||||
50 | $ticketFactory = new $ticketFactoryClass($casconfig); |
||||
51 | |||||
52 | $proxyGrantingTicket = $ticketStore->getTicket($_GET['pgt']); |
||||
53 | |||||
54 | if (!is_null($proxyGrantingTicket) && $ticketFactory->isProxyGrantingTicket($proxyGrantingTicket)) { |
||||
55 | $sessionTicket = $ticketStore->getTicket($proxyGrantingTicket['sessionId']); |
||||
56 | |||||
57 | if ( |
||||
58 | !is_null($sessionTicket) && |
||||
59 | $ticketFactory->isSessionTicket($sessionTicket) && |
||||
60 | !$ticketFactory->isExpired($sessionTicket) |
||||
61 | ) { |
||||
62 | $proxyTicket = $ticketFactory->createProxyTicket( |
||||
63 | ['service' => $_GET['targetService'], |
||||
64 | 'forceAuthn' => $proxyGrantingTicket['forceAuthn'], |
||||
65 | 'attributes' => $proxyGrantingTicket['attributes'], |
||||
66 | 'proxies' => $proxyGrantingTicket['proxies'], |
||||
67 | 'sessionId' => $proxyGrantingTicket['sessionId'] |
||||
68 | ] |
||||
69 | ); |
||||
70 | |||||
71 | $ticketStore->addTicket($proxyTicket); |
||||
72 | |||||
73 | echo $protocol->getProxySuccessResponse($proxyTicket['id']); |
||||
74 | } else { |
||||
75 | $message = 'Ticket ' . var_export($_GET['pgt'], true) . ' has expired'; |
||||
76 | |||||
77 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||||
78 | |||||
79 | echo $protocol->getProxyFailureResponse('BAD_PGT', $message); |
||||
80 | } |
||||
81 | } elseif (!$ticketFactory->isProxyGrantingTicket($proxyGrantingTicket)) { |
||||
82 | $message = 'Not a valid proxy granting ticket id: ' . var_export($_GET['pgt'], true); |
||||
83 | |||||
84 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||||
85 | |||||
86 | echo $protocol->getProxyFailureResponse('BAD_PGT', $message); |
||||
87 | } else { |
||||
88 | $message = 'Ticket ' . var_export($_GET['pgt'], true) . ' not recognized'; |
||||
89 | |||||
90 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||||
91 | |||||
92 | echo $protocol->getProxyFailureResponse('BAD_PGT', $message); |
||||
93 | } |
||||
94 | } elseif (!array_key_exists('targetService', $_GET)) { |
||||
95 | $message = 'Missing target service parameter [targetService]'; |
||||
96 | |||||
97 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||||
98 | |||||
99 | echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message); |
||||
100 | } elseif (!checkServiceURL(sanitize($_GET['targetService']), $legal_target_service_urls)) { |
||||
0 ignored issues
–
show
The function
checkServiceURL() has been deprecated.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
101 | $message = 'Target service parameter not listed as a legal service: [targetService] = ' . |
||||
102 | var_export($_GET['targetService'], true); |
||||
103 | |||||
104 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||||
105 | |||||
106 | echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message); |
||||
107 | } else { |
||||
108 | $message = 'Missing proxy granting ticket parameter: [pgt]'; |
||||
109 | |||||
110 | \SimpleSAML\Logger::debug('casserver:' . $message); |
||||
111 | |||||
112 | echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message); |
||||
113 | } |
||||
114 |