Changeset 2287310
- Timestamp:
- 04/20/2020 10:34:51 AM (6 years ago)
- Location:
- wp-cassify/trunk
- Files:
-
- 6 edited
-
admin/admin-menu.php (modified) (4 diffs)
-
classes/wp_cassify_plugin.php (modified) (24 diffs)
-
classes/wp_cassify_rule_solver.php (modified) (1 diff)
-
config.php (modified) (1 diff)
-
readme.txt (modified) (5 diffs)
-
wp-cassify.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
wp-cassify/trunk/admin/admin-menu.php
r2248092 r2287310 364 364 365 365 $is_disabled = FALSE; 366 367 366 if ( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_disable_authentication' ) == 'disabled' ) { 368 367 $is_disabled = TRUE; 369 368 } 370 else {371 $is_disabled = FALSE;372 }373 369 374 370 $create_user_if_not_exist = FALSE; 375 376 371 if ( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_create_user_if_not_exist' ) == 'create_user_if_not_exist' ) { 377 372 $create_user_if_not_exist = TRUE; 378 373 } 379 else { 380 $create_user_if_not_exist = FALSE; 374 375 $log_out_on_errors = FALSE; 376 if ( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_log_out_on_errors' ) == 'log_out_on_errors' ) { 377 $log_out_on_errors = TRUE; 378 } 379 380 $enable_gateway_mode = FALSE; 381 if ( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_enable_gateway_mode' ) == 'enable_gateway_mode' ) { 382 $enable_gateway_mode = TRUE; 383 } 384 385 $enable_slo = FALSE; 386 if ( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_enable_slo' ) == 'enable_slo' ) { 387 $enable_slo = TRUE; 381 388 } 382 389 … … 443 450 <?php endif; ?> 444 451 </tr> 452 <tr valign="top"> 453 <th scope="row">Log out on errors</th> 454 <?php if ( $log_out_on_errors ) : ?> 455 <td><input type="checkbox" id="wp_cassify_log_out_on_errors" name="wp_cassify_log_out_on_errors" class="post_form" value="log_out_on_errors" checked /><br /><span class="description">Disconnect cas user session on authentication errors without displaying any error message (silent mode).</span></td> 456 <?php else : ?> 457 <td><input type="checkbox" id="wp_cassify_log_out_on_errors " name="wp_cassify_log_out_on_errors" class="post_form" value="log_out_on_errors" /><br /><span class="description">Disconnect cas user session on authentication errors without displaying any error message (silent mode).</span></td> 458 <?php endif; ?> 459 </tr> 460 <tr valign="top"> 461 <th scope="row">Enable Gateway Mode</th> 462 <?php if ( $enable_gateway_mode ) : ?> 463 <td><input type="checkbox" id="wp_cassify_enable_gateway_mode" name="wp_cassify_enable_gateway_mode" class="post_form" value="enable_gateway_mode" checked /><br /><span class="description">Enable support for auto-login (Gateway Mode).</span></td> 464 <?php else : ?> 465 <td><input type="checkbox" id="wp_cassify_enable_gateway_mode" name="wp_cassify_enable_gateway_mode" class="post_form" value="enable_gateway_mode" /><br /><span class="description">Enable support for auto-login (Gateway Mode).</span></td> 466 <?php endif; ?> 467 </tr> 468 <tr valign="top"> 469 <th scope="row">Enable SLO (Single Log Out)</th> 470 <?php if ( $enable_slo ) : ?> 471 <td><input type="checkbox" id="wp_cassify_enable_slo" name="wp_cassify_enable_slo" class="post_form" value="enable_slo" checked /><br /><span class="description">Enable support for central logout (Single Sign Out).</span></td> 472 <?php else : ?> 473 <td><input type="checkbox" id="wp_cassify_enable_slo" name="wp_cassify_enable_slo" class="post_form" value="enable_slo" /><br /><span class="description">Enable support for central logout (Single Sign Out).</span></td> 474 <?php endif; ?> 475 </tr> 445 476 <tr valign="top"> 446 477 <th scope="row">SSL Cipher used for query CAS Server with HTTPS Webrequest to validate service ticket</th> … … 1199 1230 WP_Cassify_Utils::wp_cassify_update_checkbox( $_POST, 'wp_cassify_disable_authentication', 'disabled', $this->wp_cassify_network_activated ); 1200 1231 WP_Cassify_Utils::wp_cassify_update_checkbox( $_POST, 'wp_cassify_create_user_if_not_exist', 'create_user_if_not_exist', $this->wp_cassify_network_activated ); 1232 WP_Cassify_Utils::wp_cassify_update_checkbox( $_POST, 'wp_cassify_log_out_on_errors', 'log_out_on_errors', $this->wp_cassify_network_activated ); 1233 WP_Cassify_Utils::wp_cassify_update_checkbox( $_POST, 'wp_cassify_enable_gateway_mode', 'enable_gateway_mode', $this->wp_cassify_network_activated ); 1234 WP_Cassify_Utils::wp_cassify_update_checkbox( $_POST, 'wp_cassify_enable_slo', 'enable_slo', $this->wp_cassify_network_activated ); 1235 1201 1236 WP_Cassify_Utils::wp_cassify_update_textfield( $_POST, 'wp_cassify_ssl_cipher', TRUE, $this->wp_cassify_network_activated ); 1202 1237 WP_Cassify_Utils::wp_cassify_update_checkbox( $_POST, 'wp_cassify_ssl_check_certificate', 'enabled', $this->wp_cassify_network_activated ); … … 1373 1408 ?> 1374 1409 <div class="wrap" id="wp-cassify"> 1375 <h2><?php screen_icon('options-general'); ?><?phpecho $this->wp_cassify_plugin_datas[ 'Name' ] ?></h2>1410 <h2><?php echo $this->wp_cassify_plugin_datas[ 'Name' ] ?></h2> 1376 1411 1377 1412 <?php if ( $this->wp_cassify_is_options_updated() ) { ?> -
wp-cassify/trunk/classes/wp_cassify_plugin.php
r2248092 r2287310 40 40 41 41 private $wp_cassify_current_blog_id; 42 43 private $wp_cassify_service_ticket_salt; 42 44 43 45 /** … … 50 52 * Initialize the plugin with parameters 51 53 * 52 * param string $wp_cassify_network_activated 53 * param string $wp_cassify_default_xpath_query_to_extact_cas_user 54 * param string $wp_cassify_default_xpath_query_to_extact_cas_attributes 55 * param string $wp_cassify_default_redirect_parameter_name 56 * param string $wp_cassify_default_service_ticket_parameter_name 57 * param string $wp_cassify_default_service_service_parameter_name 58 * param string $wp_cassify_default_gateway_parameter_name 59 * param string $wp_cassify_default_bypass_parameter_name 60 * param int $wp_cassify_default_cachetimes_for_authrecheck 61 * param string $wp_cassify_default_wordpress_blog_http_port 62 * param string $wp_cassify_default_wordpress_blog_https_port 63 * param string $wp_cassify_default_ssl_check_certificate 64 * param string $wp_cassify_default_login_servlet 65 * param string $wp_cassify_default_logout_servlet 66 * param string $wp_cassify_default_service_validate_servlet 67 * param string $wp_cassify_default_allow_deny_order 68 * param string $wp_cassify_match_first_level_parenthesis_group_pattern 69 * param string $wp_cassify_match_second_level_parenthesis_group_pattern 70 * param string $wp_cassify_match_cas_variable_pattern 71 * param string $wp_cassify_allowed_operators 72 * param string $wp_cassify_operator_prefix 73 * param string $wp_cassify_allowed_parenthesis 74 * param array $wp_cassify_allowed_get_parameters 75 * param array $wp_cassify_error_messages 76 * param array $wp_cassify_user_error_codes 54 * @param string $wp_cassify_network_activated 55 * @param string $wp_cassify_default_xpath_query_to_extact_cas_user 56 * @param string $wp_cassify_default_xpath_query_to_extact_cas_attributes 57 * @param string $wp_cassify_default_redirect_parameter_name 58 * @param string $wp_cassify_default_service_ticket_parameter_name 59 * @param string $wp_cassify_default_service_service_parameter_name 60 * @param string $wp_cassify_default_gateway_parameter_name 61 * @param string $wp_cassify_default_bypass_parameter_name 62 * @param int $wp_cassify_default_cachetimes_for_authrecheck 63 * @param string $wp_cassify_default_wordpress_blog_http_port 64 * @param string $wp_cassify_default_wordpress_blog_https_port 65 * @param string $wp_cassify_default_ssl_check_certificate 66 * @param string $wp_cassify_default_login_servlet 67 * @param string $wp_cassify_default_logout_servlet 68 * @param string $wp_cassify_default_service_validate_servlet 69 * @param string $wp_cassify_default_allow_deny_order 70 * @param string $wp_cassify_match_first_level_parenthesis_group_pattern 71 * @param string $wp_cassify_match_second_level_parenthesis_group_pattern 72 * @param string $wp_cassify_match_cas_variable_pattern 73 * @param string $wp_cassify_allowed_operators 74 * @param string $wp_cassify_operator_prefix 75 * @param string $wp_cassify_allowed_parenthesis 76 * @param array $wp_cassify_allowed_get_parameters 77 * @param array $wp_cassify_error_messages 78 * @param array $wp_cassify_user_error_codes 79 * @param string $wp_cassify_service_ticket_salt 77 80 */ 78 81 public function init_parameters( … … 101 104 $wp_cassify_allowed_get_parameters, 102 105 $wp_cassify_error_messages, 103 $wp_cassify_user_error_codes 106 $wp_cassify_user_error_codes, 107 $wp_cassify_service_ticket_salt 104 108 ) { 105 109 $this->wp_cassify_network_activated = $wp_cassify_network_activated; … … 128 132 $this->wp_cassify_error_messages = $wp_cassify_error_messages; 129 133 $this->wp_cassify_user_error_codes = $wp_cassify_user_error_codes; 134 $this->wp_cassify_service_ticket_salt = $wp_cassify_service_ticket_salt; 130 135 131 136 // Check if CAS Authentication must be bypassed. … … 137 142 add_filter( 'the_content', array( $this, 'wp_cassify_display_message' ) ); 138 143 139 // Add the actions 140 add_action( 'init', array( $this , 'wp_cassify_session_start' ), 1 ); 141 add_action( 'init', array( $this , 'wp_cassify_grab_service_ticket' ) , 2 ); 142 144 // Start PHP Session. 145 add_action( 'wp_loaded', array( $this , 'wp_cassify_session_start' ), 1 ); 146 147 // Grab service ticket and authenticate user from cas 148 add_action( 'wp_loaded', array( $this , 'wp_cassify_grab_service_ticket' ) , 2 ); 149 150 // Perform SLO (Single Log Out) (Not enabled by default) 151 add_action( 'template_redirect', array ( $this, 'wp_cassify_slo' ), 1 ); 152 153 // Perform gateway mode : detect if user was already cas authenticated via another app 154 // to perform autologin. (Not enabled by default) 155 add_action( 'template_redirect', array ( $this, 'wp_cassify_gateway_mode' ), 2 ); 156 157 // Check if user is loggued in, if not it redirect to CAS Server. 143 158 add_action( 'wp_authenticate', array( $this , 'wp_cassify_redirect' ) , 1 ); 159 160 // Perform logout request 144 161 add_action( 'wp_logout', array( $this , 'wp_cassify_logout' ) , 10 ); 145 add_action( 'wp_cassify_send_notification', array( $this, 'wp_cassify_send_notification_message' ), 1, 1 ); 162 163 // Send mails notifications if enabled. 164 add_action( 'wp_cassify_send_notification', array( $this, 'wp_cassify_send_notification_message' ), 1, 1 ); 146 165 } 147 166 … … 156 175 */ 157 176 public function add_custom_query_var( $vars ){ 158 159 160 161 162 163 164 177 178 $vars[] = $this->wp_cassify_default_service_ticket_parameter_name; 179 $vars[] = $this->wp_cassify_default_service_service_parameter_name; 180 $vars[] = $this->wp_cassify_default_bypass_parameter_name; 181 $vars[] = $this->wp_cassify_default_gateway_parameter_name; 182 183 foreach ( $this->wp_cassify_allowed_get_parameters as $allowed_get_parameter ) { 165 184 $vars[] = $allowed_get_parameter; 166 167 168 185 } 186 187 return $vars; 169 188 } 170 189 171 190 /** 172 191 * Display information messages from plugin on front-ofice 173 * @param string $content Page content to replace by message to display 192 * 193 * @param string $content Page content to replace by message to display 194 * @return string $content Page content to replace by message to display 174 195 */ 175 196 public function wp_cassify_display_message( $content ) { … … 186 207 /** 187 208 * Clear reauth parameter from login url to login directly from CAS server. 209 * 210 * @param string $login_url The wp login url 211 * @return string $login_url The wp login url without reauth parameter. 188 212 */ 189 213 public function wp_cassify_clear_reauth( $login_url ) { … … 202 226 } 203 227 } 228 229 /** 230 * Replace current session id with service ticket UID. 231 * to handle SLO requests 232 * 233 * @param string $service_ticket ST provided by CAS Server in callback URL. 234 * @param boolean $restore if true, attach current session values to new session id. 235 */ 236 private function wp_cassify_switch_session_id( $service_ticket, $restore = false ) { 237 238 // Backup current session vars 239 $current_session = $_SESSION; 240 241 // Extract service ticket unique ID. Service ticket is structured by default 242 // like this : ST-index-XXXXXXX-host 243 // For more information see this : 244 // https://apereo.github.io/cas/4.1.x/installation/Configuring-Ticketing-Components.html 245 $service_ticket_uid = explode( '-', $service_ticket )[ 2 ]; 246 247 // Hash the ticket to ensure that the value meets the PHP 7.1 requirement 248 $session_id = hash( 'sha256', $this->wp_cassify_service_ticket_salt . $service_ticket_uid ); 249 250 if ( session_id() !== "" ) { 251 session_unset(); 252 session_destroy(); 253 } 254 255 session_id( $session_id ); 256 session_start(); 257 258 // Restoring current session vars. 259 if ( $restore ) { 260 $_SESSION = $current_session; 261 } 262 } 204 263 205 264 /** … … 209 268 public function wp_cassify_set_authenticated( $is_authenticated ) { 210 269 211 $this->wp_cassify_session_start(); 212 213 if ( $is_authenticated ) { 214 $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] = true; 215 } 216 else { 217 $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] = false; 218 } 270 $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] = $is_authenticated; 219 271 } 220 272 … … 225 277 226 278 $is_authenticated = false; 227 228 $this->wp_cassify_session_start(); 229 279 230 280 if ( isset( $_SESSION['wp_cassify'] ) ) { 231 281 if ( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] == true ) { … … 243 293 public function wp_cassify_get_cas_user_datas() { 244 294 245 $this->wp_cassify_session_start();246 247 295 $cas_user_datas = false; 248 296 … … 280 328 $wordpress_user_account_created = false; 281 329 $current_blog_id = get_current_blog_id(); 282 283 $wp_cassify_base_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_base_url' );284 $wp_cassify_create_user_if_not_exist = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_create_user_if_not_exist' );285 $wp_cassify_ssl_cipher = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_ssl_cipher' );286 $wp_cassify_ssl_check_certificate = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_ssl_check_certificate' );287 $wp_cassify_attributes_list = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_attributes_list' );288 $wp_cassify_login_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_login_servlet' );289 $wp_cassify_logout_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_logout_servlet' );290 $wp_cassify_service_validate_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_service_validate_servlet' );291 $wp_cassify_allow_deny_order = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_allow_deny_order' );292 $wp_cassify_autorization_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_autorization_rules' ) );293 $wp_cassify_user_role_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_user_role_rules' ) );294 $wp_cassify_user_purge_user_roles_before_applying_rules = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_user_purge_user_roles_before_applying_rules' );295 $wp_cassify_user_attributes_mapping_list = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_user_attributes_mapping_list' ) );296 $wp_cassify_notification_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notification_rules' ) );297 $wp_cassify_expiration_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_expiration_rules' ) );298 299 if ( empty( $wp_cassify_login_servlet ) ) {300 $wp_cassify_login_servlet = $this->wp_cassify_default_login_servlet;301 }302 303 if ( empty( $wp_cassify_logout_servlet ) ) {304 $wp_cassify_logout_servlet = $this->wp_cassify_default_logout_servlet;305 }306 307 if ( empty( $wp_cassify_service_validate_servlet ) ) {308 $wp_cassify_service_validate_servlet = $this->wp_cassify_default_service_validate_servlet;309 }310 311 if (! empty( $wp_cassify_ssl_cipher ) ) {312 $wp_cassify_ssl_cipher_selected = $wp_cassify_ssl_cipher;313 }314 else {315 $wp_cassify_ssl_cipher_selected = '0';316 }317 318 if ( empty( $wp_cassify_ssl_check_certificate ) ) {319 $wp_cassify_ssl_check_certificate = $this->wp_cassify_default_ssl_check_certificate;320 }321 322 if ( empty( $wp_cassify_allow_deny_order ) ) {323 $wp_cassify_allow_deny_order = $this->wp_cassify_default_allow_deny_order;324 }325 326 if ( ( is_array( $wp_cassify_autorization_rules ) ) && ( count( $wp_cassify_autorization_rules ) > 0 ) ) {327 foreach ( $wp_cassify_autorization_rules as $rule_key => $rule_value ) {328 $wp_cassify_autorization_rules[ $rule_key ] = stripslashes( $rule_value );329 }330 }331 else {332 $wp_cassify_autorization_rules = array();333 }334 330 335 331 $wp_cassify_default_service_ticket_parameter_name = $this->wp_cassify_default_service_ticket_parameter_name; … … 343 339 if ( (! is_user_logged_in() ) || (! is_user_member_of_blog() ) ) { 344 340 if (! empty( $service_ticket ) ) { 341 342 // Retrieve configuration options from database 343 $wp_cassify_base_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_base_url' ); 344 $wp_cassify_create_user_if_not_exist = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_create_user_if_not_exist' ); 345 $wp_cassify_ssl_cipher = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_ssl_cipher' ); 346 $wp_cassify_ssl_check_certificate = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_ssl_check_certificate' ); 347 $wp_cassify_attributes_list = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_attributes_list' ); 348 $wp_cassify_login_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_login_servlet' ); 349 $wp_cassify_logout_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_logout_servlet' ); 350 $wp_cassify_service_validate_servlet = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_service_validate_servlet' ); 351 $wp_cassify_allow_deny_order = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_allow_deny_order' ); 352 $wp_cassify_autorization_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_autorization_rules' ) ); 353 $wp_cassify_user_role_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_user_role_rules' ) ); 354 $wp_cassify_user_purge_user_roles_before_applying_rules = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_user_purge_user_roles_before_applying_rules' ); 355 $wp_cassify_user_attributes_mapping_list = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_user_attributes_mapping_list' ) ); 356 $wp_cassify_notification_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_notification_rules' ) ); 357 $wp_cassify_expiration_rules = unserialize( WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_expiration_rules' ) ); 358 $wp_cassify_log_out_on_errors = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_log_out_on_errors' ); 359 $wp_cassify_enable_slo = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_enable_slo' ); 360 361 362 // Set defaults values if options are not set. 363 $wp_cassify_login_servlet = ( empty( $wp_cassify_login_servlet ) ) ? $this->wp_cassify_default_login_servlet : $wp_cassify_login_servlet; 364 $wp_cassify_logout_servlet = ( empty( $wp_cassify_logout_servlet ) ) ? $this->wp_cassify_default_logout_servlet : $wp_cassify_logout_servlet; 365 $wp_cassify_service_validate_servlet = ( empty( $wp_cassify_service_validate_servlet ) ) ? $this->wp_cassify_default_service_validate_servlet : $wp_cassify_service_validate_servlet; 366 $wp_cassify_ssl_cipher_selected = (! empty( $wp_cassify_ssl_cipher ) ) ? $wp_cassify_ssl_cipher : '0'; 367 $wp_cassify_ssl_check_certificate = ( empty( $wp_cassify_ssl_check_certificate ) ) ? $this->wp_cassify_default_ssl_check_certificate : $wp_cassify_ssl_check_certificate; 368 $wp_cassify_allow_deny_order = ( empty( $wp_cassify_allow_deny_order ) ) ? $this->wp_cassify_default_allow_deny_order : $wp_cassify_allow_deny_order; 369 370 if ( ( is_array( $wp_cassify_autorization_rules ) ) && ( count( $wp_cassify_autorization_rules ) > 0 ) ) { 371 foreach ( $wp_cassify_autorization_rules as $rule_key => $rule_value ) { 372 $wp_cassify_autorization_rules[ $rule_key ] = stripslashes( $rule_value ); 373 } 374 } 375 else { 376 $wp_cassify_autorization_rules = array(); 377 } 378 379 // If SLO enabled, replace session_id with service ticket to handle logout requests. 380 if ( $wp_cassify_enable_slo == 'enable_slo') { 381 $this->wp_cassify_switch_session_id( $service_ticket, true ); 382 } 345 383 346 384 $service_validate_url = $wp_cassify_base_url . … … 384 422 $cas_user_datas = $this->wp_cassify_parse_xml_response( $cas_server_xml_response ); 385 423 424 unset( $cas_user_datas['cas_user_id'] ); 425 386 426 if ( empty( $cas_user_datas['cas_user_id'] ) ) { 387 die( 'CAS Authentication failed 2 ! ' . $cas_server_xml_response); 427 if ( $wp_cassify_log_out_on_errors == 'log_out_on_errors' ) 428 $this->wp_cassify_logout(); 429 430 die( 'CAS Authentication failed 2 ! ' . $cas_server_xml_response ); 388 431 } 389 432 else { … … 538 581 if (! $this->wp_cassify_is_in_while_list( $service_url ) ) { 539 582 if ( empty( $service_url ) ) { 583 if ( $wp_cassify_log_out_on_errors == 'log_out_on_errors' ) 584 $this->wp_cassify_logout(); 540 585 die( 'CAS Service URL not set !' ); 541 586 } … … 593 638 $redirect_to = WP_Cassify_Utils::wp_cassify_extract_get_parameter( $current_url , $this->wp_cassify_default_redirect_parameter_name ); 594 639 640 // Detect if user has been authenticated using CAS. 641 $authenticated_by_cas = $this->wp_cassify_is_authenticated(); 642 643 do_action( 'wp_cassify_logout_before', $current_url, $redirect_to, $authenticated_by_cas ); 644 595 645 // Define default values if url parameters or options values empty. 596 646 if ( empty( $wp_cassify_logout_servlet ) ) { … … 605 655 } 606 656 607 // Send logout notification if rule is matched. 657 // Send logout notification if rule is matched. 608 658 if ( isset( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['wp_cassify_cas_user_datas'] ) ) { 609 659 … … 620 670 do_action( 'wp_cassify_send_notification', 'User account has been logged out :' . $cas_user_datas[ 'cas_user_id' ] ); 621 671 } 622 } 623 624 // Detect if user has been authenticated using CAS. 625 $authenticated_by_cas = $this->wp_cassify_is_authenticated(); 672 } 626 673 627 674 // Destroy wordpress session; … … 642 689 } 643 690 691 /** 692 * Enable support for central logout (Single Sign Out). 693 */ 694 public function wp_cassify_slo() { 695 696 $wp_cassify_enable_slo = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_enable_slo' ); 697 $wp_cassify_base_url = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_base_url' ); 698 699 if ( $wp_cassify_enable_slo == 'enable_slo' ) { 700 if ( !empty( $_POST['logoutRequest'] ) ) { 701 702 $decoded_logout_rq = urldecode( $_POST['logoutRequest'] ); 703 $client_fqdn = gethostbyaddr( $_SERVER['REMOTE_ADDR'] ); 704 705 if ( $client_fqdn == parse_url( $wp_cassify_base_url, PHP_URL_HOST ) ) { 706 // if ( true ) { 707 preg_match( 708 "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", 709 $decoded_logout_rq, $tick, PREG_OFFSET_CAPTURE, 3 710 ); 711 712 $wrappedSamlSessionIndex = preg_replace( '|<samlp:SessionIndex>|', '', $tick[0][0] ); 713 714 $ticket2logout = preg_replace( '|</samlp:SessionIndex>|', '', $wrappedSamlSessionIndex ); 715 $ticket2logout = preg_replace('/[^a-zA-Z0-9\-]/', '', $ticket2logout); 716 717 // Switch session ID with Service Ticket ID 718 $this->wp_cassify_switch_session_id( $ticket2logout ); 719 720 $cas_user_datas = $this->wp_cassify_get_cas_user_datas(); 721 722 // Kill WP user session 723 if ( $cas_user_datas !== false ) { 724 $wp_current_user = get_user_by( 'login', $cas_user_datas[ 'cas_user_id' ] ); 725 if ( $wp_current_user ) { 726 wp_set_current_user ( $wp_current_user->ID ); 727 wp_destroy_all_sessions(); 728 } 729 } 730 731 // Overwrite current session 732 session_unset(); 733 session_destroy(); 734 735 do_action( 'wp_cassify_slo_after' ); 736 737 exit(); 738 } 739 } 740 } 741 } 742 644 743 /** 645 744 * Get the service ticket from cas server request. … … 648 747 649 748 $wp_cassify_service_ticket = get_query_var( $this->wp_cassify_default_service_ticket_parameter_name ); 749 $current_url = WP_Cassify_Utils::wp_cassify_get_current_url( 750 $this->wp_cassify_default_wordpress_blog_http_port, 751 $this->wp_cassify_default_wordpress_blog_https_port 752 ); 650 753 651 754 if ( empty( $wp_cassify_service_ticket ) ) { 652 653 $current_url = WP_Cassify_Utils::wp_cassify_get_current_url(654 $this->wp_cassify_default_wordpress_blog_http_port,655 $this->wp_cassify_default_wordpress_blog_https_port656 );657 755 $wp_cassify_service_ticket = WP_Cassify_Utils::wp_cassify_extract_get_parameter( 658 756 rawurldecode( $current_url ), … … 661 759 662 760 return $wp_cassify_service_ticket; 761 } 762 763 764 /** 765 * Enable support for auto-login (Gateway Mode). 766 */ 767 public function wp_cassify_gateway_mode() { 768 769 $wp_cassify_enable_gateway_mode = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_enable_gateway_mode' ); 770 771 if ( $wp_cassify_enable_gateway_mode ) { 772 if ( ( (! is_user_logged_in() ) || (! is_user_member_of_blog() ) ) && ( $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] ) && (! get_query_var( 'wp_cassify_bypass' ) ) ) { 773 if ( isset($GLOBALS['wp-cassify']) ) { 774 $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['user_auth'] = false; 775 $GLOBALS['wp-cassify']->wp_cassify_check_authentication(); 776 } 777 } 778 else if ( (! is_user_logged_in() ) && (! get_query_var( 'wp_cassify_bypass' ) ) ){ 779 if ( isset($GLOBALS['wp-cassify']) ) { 780 $GLOBALS['wp-cassify']->wp_cassify_check_authentication(); 781 } 782 } 783 else if ( ! is_user_member_of_blog() ) { 784 if ( isset($GLOBALS['wp-cassify']) ) { 785 $GLOBALS['wp-cassify']->wp_cassify_check_authentication(); 786 } 787 } 788 } 663 789 } 664 790 … … 671 797 */ 672 798 public function wp_cassify_check_authentication() { 673 674 $this->wp_cassify_session_start(); 675 799 676 800 $auth = false; 677 801 … … 735 859 } 736 860 } 737 738 $this->wp_cassify_session_start();739 861 740 862 $_SESSION['wp_cassify'][ $this->wp_cassify_current_blog_id ]['wp_cassify_cas_user_datas'] = $cas_user_datas_filtered; … … 911 1033 /** 912 1034 * Check if request use gateway mode. 1035 * s 913 1036 * @param string $callback_service_url Url used by CAS server to return to service. 914 1037 * @return bool $is_gateway_request Return true if request to CAS Server is made in gateway mode (eg : ?gateway=true) -
wp-cassify/trunk/classes/wp_cassify_rule_solver.php
r2248092 r2287310 187 187 188 188 break; 189 190 case '-NCONTAINS' : 191 192 if ( strpos( $wp_cassify_rule_solver_item->left_operand, $this->strip_double_quotes_from_operand( $wp_cassify_rule_solver_item->right_operand ) ) == FALSE ) { 193 $wp_cassify_rule_solver_item->result = 'TRUE'; 194 } 195 else { 196 $wp_cassify_rule_solver_item->result = 'FALSE'; 197 } 198 199 break; 189 200 190 201 case '-STARTWITH' : -
wp-cassify/trunk/config.php
r1822692 r2287310 12 12 $wp_cassify_default_xpath_query_to_extact_cas_user = '//cas:serviceResponse/cas:authenticationSuccess/cas:user'; 13 13 $wp_cassify_default_xpath_query_to_extact_cas_attributes = '//cas:serviceResponse/cas:authenticationSuccess/cas:attributes'; 14 $wp_cassify_service_ticket_salt = 'change_this_with_another_value'; // Change default salt. 14 15 15 16 // CAS Protocol version -
wp-cassify/trunk/readme.txt
r2248092 r2287310 5 5 Donate link: https://wpcassify.wordpress.com/donate/ 6 6 Requires at least: 4.4 7 Tested up to: 5. 3.27 Tested up to: 5.4 8 8 Requires PHP: 7.0 9 Stable tag: 2.2. 19 Stable tag: 2.2.2 10 10 License: GPLv2 or later 11 11 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 15 15 == Description == 16 16 17 If you're happy with this plugin : 18 As a reward for my efforts, I would like to receive T-shirts (or other goodies) as gifts from the universities or companies that use it. 19 My size is L. Best regards. 20 17 21 This JASIG CAS authentication plugin has no phpCas library dependency. This is not only an authentication plugin. 18 22 You can build custom authorization rules according to cas user attributes populated. If user don't exist in Wordpress 19 database, it can be created automatically. There are many features. You can customize everything : CAS servlets URL, 20 XPath Query to parse cas server xml response, user attributes you want to populate. 23 database, it can be created automatically. There are many features. You can customize everything. 21 24 22 25 = Website = … … 31 34 = Features included = 32 35 36 * NEW FEATURES !!! 37 * SLO (Single Log Out) support (thanks to dedotombo and me) 38 * Adding NCONTAINS operator (thanks to blandman) 39 * Fix bug on Gateway mode (autologin) (thanks to dedotombo again). Now it's now necessary to hack theme files to fire it. 40 * Adding option logout on authentication failure to not disturb users 41 * Initialize PHP session at a later stage (on wp_loaded not on init) 42 * Adding some customs hooks and filters. 33 43 34 44 * Tested with CAS Server version 4.1.4 … … 87 97 * Custom shortcode to generate CAS login/logout link into your blog. (See online documentation) 88 98 * Debug settings, dump last xml cas server response. 89 * Detect if user has already authenticated by CAS from your public pages and perform auto-login. Include this in 90 your index.php or in another template file inside your theme (It use CAS gateway mode) : 91 ` 92 if (! isset( $_GET['wp_cassify_bypass'] ) ) { 93 if (! is_user_logged_in() ) { 94 if ( isset($GLOBALS['wp-cassify']) ) { 95 $GLOBALS['wp-cassify']->wp_cassify_check_authentication(); 96 } 97 } 98 else if (! is_user_member_of_blog() ) { 99 if ( isset($GLOBALS['wp-cassify']) ) { 100 $GLOBALS['wp-cassify']->wp_cassify_check_authentication(); 101 } 102 } 103 } 104 ` 99 * Detect if user has already authenticated by CAS from your public pages and perform auto-login with gateway mode 105 100 * Add '-IN' and '-NOTIN' operators to process array attributes values returned from CAS. 106 101 When you have : … … 152 147 == Changelog == 153 148 149 = 2.2.2 = 150 * SLO (Single Log Out) support (thanks to dedotombo and me) 151 * Adding NCONTAINS operator (thanks to blandman) 152 * Fix bug on Gateway mode (autologin) (thanks to dedotombo again). Now it's now necessary to hack theme files to fire it. 153 * Adding option logout on authentication failure to not disturb users 154 * Initialize PHP session at a later stage (on wp_loaded not on init) 155 154 156 = 2.2.1 = 155 157 * Fix incorrect PHP version requirement, thanks to olhovsky. -
wp-cassify/trunk/wp-cassify.php
r2248092 r2287310 122 122 $wp_cassify_allowed_get_parameters, 123 123 $wp_cassify_error_messages, 124 $wp_cassify_user_error_codes 124 $wp_cassify_user_error_codes, 125 $wp_cassify_service_ticket_salt 125 126 ); 126 127
Note: See TracChangeset
for help on using the changeset viewer.