Club Drupal

<?php

/**

 * @file Provides a protocol compliant version of CAS server 2.x

 */

define('CAS_LOGIN_COOKIE', 'cas_server_login');

/**

 * Implementation of hook_menu

 */

function cas_server_menu() {

  $items = array();

  $items['cas/login'] = array(

    'page callback' => 'cas_server_login',

    'title' => 'CAS Login',

    'access callback' => TRUE,

    'type' => MENU_CALLBACK,

  );

  $items['cas/validate'] = array(

    'page callback' => 'cas_server_validate',

    'title' => 'CAS Validate',

    'access callback' => TRUE,

    'type' => MENU_CALLBACK,

  );

  $items['cas/serviceValidate'] = array(

    'page callback' => 'cas_server_service_validate',

    'title' => 'CAS Service Validate',

    'access callback' => TRUE,

    'type' => MENU_CALLBACK,

  );

  $items['cas/proxyValidate'] = array(

    'page callback' => 'cas_server_service_validate',

    'title' => 'CAS Proxy Ticket Validate',

    'access callback' => TRUE,

    'type' => MENU_CALLBACK,

  );

  $items['cas/logout'] = array(

    'page callback' => 'cas_server_logout',

    'title' => 'CAS Logout',

    'access callback' => TRUE,

    'type' => MENU_CALLBACK,

  );

  return $items;

}

/**

 * Implements hook_theme().

 */

function cas_server_theme() {

  return array(

    'cas_service_validate_success' => array(

      'variables' => array('name' => NULL, 'attributes' => NULL),

      'file' => 'cas_server.response.inc',

    ),

    'cas_service_validate_attributes' => array(

      'variables' => array('attributes' => NULL, 'style' => 'jasig'),

      'file' => 'cas_server.response.inc',

    ),

    'cas_service_validate_failure' => array(

      'variables' => array('ticket' => NULL, 'error_code' => NULL),

      'file' => 'cas_server.response.inc',

    ),

  );

}

/**

 * Implements hook_cas_server_user_attributes().

 *

 * Returns the user's roles.

 */

function cas_server_cas_server_user_attributes($account, $service) {

  return array(

    'uid'           => $account->uid,

    'mail'          => $account->mail,

    'created'       => $account->created,

    'timezone'      => $account->timezone,

    'language'      => $account->language,

    'drupal_roles'  => $account->roles,

  );

}

function cas_server_service_return() {

  global $user;

  $service = isset($_COOKIE[CAS_LOGIN_COOKIE]) ? $_COOKIE[CAS_LOGIN_COOKIE] : '';

  if ($service && $user->uid) {

    $ticket = _cas_server_save_ticket($user->uid, $service);

    setcookie(CAS_LOGIN_COOKIE, "", -3600);

    drupal_goto($service, array('query' => array('ticket' => $ticket)));

  }

}

/**

 * Handle login

 *

 */

function cas_server_login() {

  // Set login cookie so that we know we're in the process of logging in

  global $user;

  $output='';

  $service = isset($_REQUEST['service']) ? $_REQUEST['service'] : '';

  $gateway = isset($_REQUEST['gateway']);

  if ($user->uid) {

    if ($service) {

      $_COOKIE[CAS_LOGIN_COOKIE] = $service;

    }

    $output=t('You have successfully logged into CAS');

    cas_server_service_return();

  }

  else {

    if ($gateway && $service) {

      drupal_goto($service);

    }

    else {

      // Redirect to user login

      if ($service) {

        setcookie(CAS_LOGIN_COOKIE, $service);

      }

      $output .= l(t('Login'), 'user', array('query' => array('destination' => 'cas/login')));

      drupal_goto('user', array('query' => array('destination' => 'cas/login')));

    }

  }

  return $output;

}

/**

 * Validate the ticket using a CAS 1.x methodology

 * This provides the simple non-xml based

 */

function cas_server_validate() {

  //Obtain the ticket from the url and validate it.

  $ticket = isset($_REQUEST['ticket']) ? $_REQUEST['ticket'] : '';

  $service = isset($_REQUEST['service']) ? $_REQUEST['service'] : '';

  $user_name = _cas_server_validate($service, $ticket);

  if ($user_name) {

    print "yes\n";

    print "$user_name\n";

  }

  else {

    print "no\n";

    print "\n";

  }

}

/**

 * serviceValidate method using cas 2.0

 * Returns data in xml

 */

function cas_server_service_validate() {

  $ticket = isset($_REQUEST['ticket']) ? $_REQUEST['ticket'] : '';

  $service = isset($_REQUEST['service']) ? $_REQUEST['service'] : '';

  $user_name = _cas_server_validate($service, $ticket);

  if (!$user_name) $cas_error='INVALID_TICKET';

  if (!$ticket || !$service) $cas_error='INVALID_REQUEST';

  header('Content-type:', 'text/xml');

  if ($user_name) {

    //@TODO Generate proxy granting ticket

    $account = user_load_by_name($user_name);

    // Generate a list of attributes to return.

    $attributes = module_invoke_all('cas_server_user_attributes', $account, $service, $ticket);

    // Let other modules alter the list of attributes.

    $context = array(

      'service' => $service,

      'ticket' => $ticket,

    );

    drupal_alter('cas_server_user_attributes', $attributes, $account, $context);

    print theme('cas_service_validate_success', array('name' => $user_name, 'attributes' => $attributes));

    watchdog('cas', 'User %name CAS sucessully authenticated.', array('%name' => $user_name));

  }

  else {

    print theme('cas_service_validate_failure', array('ticket' => $ticket, 'error_code' => $cas_error));

    watchdog('cas', 'Ticket %ticket for service %service not recognized.', array('%ticket' => $ticket, '%service' => $service));

  }

}

/**

 * Test to see if a one time use ticket is valid

 *

 * @param unknown_type $ticket

 * @return unknown

 */

function _cas_server_validate($service, $ticket) {

  // Look up the ticket

  $user_name='';

  $ticket_info=array(':service' => $service, ':ticket' => $ticket);

  $result = db_query_range("SELECT u.name FROM {cas_server_tickets} t JOIN {users} u ON t.uid=u.uid  WHERE t.service = :service and t.ticket = :ticket", 0, 1, $ticket_info);

  if ($result !== FALSE) {

    foreach ($result as $ticket_data) {

      $user_name = $ticket_data->name;

    }

  }

  db_delete('cas_server_tickets')

    ->condition('ticket', $ticket)

    ->execute();

  return $user_name;

}

/**

 * Generate a one time use login ticket for the user in question.

 *

 * @param int $uid

 */

function _cas_server_save_ticket($uid, $service) {

  // Generate the ticket

  $time = REQUEST_TIME;

  $ticket = 'ST-' . user_password();

  $ticket_data = array('uid' => $uid, 'service' => $service, 'ticket' => $ticket, 'timestamp' => $time);

  // Save the ticket to the db

  if ($uid && $service) {

    db_insert('cas_server_tickets')->fields($ticket_data)->execute();

  }

  return $ticket;

}

/**

 * Menu callback; triggers a CAS logout.

 *

 * @TODO: Implement single sign out support

 */

function cas_server_logout() {

  global $user;

  watchdog('user', 'Session closed for %name.', array('%name' => $user->name));

  module_invoke_all('user_logout', $user);

  // Destroy the current session, and reset $user to the anonymous user.

  session_destroy();

  $output = '<p>' . t('You have been logged out successfully.') . '</p>';

  if (isset($_REQUEST['url'])) {

    $output .= '<p>' . l(t('Continue'), $_REQUEST['url']) . '</p>';

  }

  return $output;

}