首页 发现 帮助
注册 登录
SKZH
/
ITSSTOOLS
3
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

Implemented two new options for CAS:
- logout_redirect_service
- memberOf

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@1362 a333f486-631f-4898-b8df-5754b55c2be0

dflaven 14 年之前
父节点
5df7c26185
当前提交
8f34f20549
共有 1 个文件被更改,包括 57 次插入4 次删除
分列视图 显示文件统计
  1. 57 4
      application/loginwebpage.class.inc.php

+ 57 - 4
application/loginwebpage.class.inc.php
查看文件 

@@ -251,10 +251,63 @@ EOF
 
 					// check CAS authentication

 					if (phpCAS::isAuthenticated())

 					{

-						$sAuthUser = phpCAS::getUser();

-						$sAuthPwd = '';

-						$sLoginMode = 'cas';

-						$sAuthentication = 'external';

+						// Check is a membership is required

+						$sCASMemberships = MetaModel::GetConfig()->Get('cas_memberof');

+						$bFound =  false;

+						if (!empty($sCASMemberships))

+						{

+							if (phpCAS::hasAttributes('memberOf'))

+							{

+								// A list of groups is specified, the user must a be member of (at least) one of them to pass

+								$aCASMemberships = array();

+								$aTmp = explode(',', $sCASMemberships);

+								foreach($aTmp as $sGroupName)

+								{

+									$aCASMemberships[] = trim($sGroupName); // Just in case remove spaces...

+								}

+	

+								$aMemberOf = phpCAS::getAttributes('memberOf');

+								if (!is_array($aMemberOf)) $aMemberOf = array($aMemberOf); // Just one entry, turn it into an array

+								

+								foreach($aCASMemberships as $sGroupName)

+								{

+									if (in_array($sGroupName, $aMemberOf))

+									{

+										$bFound = true;

+										break;

+									}	

+								}

+							}

+							else

+							{

+								// Too bad, the user is not part of any of the group => not allowed

+							}

+						}

+						else

+						{

+							// No membership required, anybody will pass

+							$bFound = true;

+						}

+						

+						if ($bFound)

+						{

+							$sAuthUser = phpCAS::getUser();

+							$sAuthPwd = '';

+							$sLoginMode = 'cas';

+							$sAuthentication = 'external';

+						}

+						else

+						{

+							// The user is not part of the allowed groups, => log out

+							$sUrl = utils::GetAbsoluteUrlAppRoot();

+							$sUrl .= 'pages/UI.php';

+							$sCASLogoutUrl = MetaModel::GetConfig()->Get('cas_logout_redirect_service');

+							if (empty($sCASLogoutUrl))

+							{

+								$sCASLogoutUrl = $sUrl;

+							}

+							phpCAS::logoutWithRedirectService($sCASLogoutUrl); // Redirects to the CAS logout page

+						}

 					}

 					break;