Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
SKZH
/
ITSSTOOLS
3
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Implemented two new options for CAS:
- logout_redirect_service
- memberOf

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@1362 a333f486-631f-4898-b8df-5754b55c2be0

dflaven 14 lat temu
rodzic
5df7c26185
commit
8f34f20549
1 zmienionych plików z 57 dodań i 4 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 57 4
      application/loginwebpage.class.inc.php

+ 57 - 4
application/loginwebpage.class.inc.php
Wyświetl plik 

@@ -251,10 +251,63 @@ EOF
 
 					// check CAS authentication

 					if (phpCAS::isAuthenticated())

 					{

-						$sAuthUser = phpCAS::getUser();

-						$sAuthPwd = '';

-						$sLoginMode = 'cas';

-						$sAuthentication = 'external';

+						// Check is a membership is required

+						$sCASMemberships = MetaModel::GetConfig()->Get('cas_memberof');

+						$bFound =  false;

+						if (!empty($sCASMemberships))

+						{

+							if (phpCAS::hasAttributes('memberOf'))

+							{

+								// A list of groups is specified, the user must a be member of (at least) one of them to pass

+								$aCASMemberships = array();

+								$aTmp = explode(',', $sCASMemberships);

+								foreach($aTmp as $sGroupName)

+								{

+									$aCASMemberships[] = trim($sGroupName); // Just in case remove spaces...

+								}

+	

+								$aMemberOf = phpCAS::getAttributes('memberOf');

+								if (!is_array($aMemberOf)) $aMemberOf = array($aMemberOf); // Just one entry, turn it into an array

+								

+								foreach($aCASMemberships as $sGroupName)

+								{

+									if (in_array($sGroupName, $aMemberOf))

+									{

+										$bFound = true;

+										break;

+									}	

+								}

+							}

+							else

+							{

+								// Too bad, the user is not part of any of the group => not allowed

+							}

+						}

+						else

+						{

+							// No membership required, anybody will pass

+							$bFound = true;

+						}

+						

+						if ($bFound)

+						{

+							$sAuthUser = phpCAS::getUser();

+							$sAuthPwd = '';

+							$sLoginMode = 'cas';

+							$sAuthentication = 'external';

+						}

+						else

+						{

+							// The user is not part of the allowed groups, => log out

+							$sUrl = utils::GetAbsoluteUrlAppRoot();

+							$sUrl .= 'pages/UI.php';

+							$sCASLogoutUrl = MetaModel::GetConfig()->Get('cas_logout_redirect_service');

+							if (empty($sCASLogoutUrl))

+							{

+								$sCASLogoutUrl = $sUrl;

+							}

+							phpCAS::logoutWithRedirectService($sCASLogoutUrl); // Redirects to the CAS logout page

+						}

 					}

 					break;