Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
- Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
- PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
/auth/cas/CAS/vendor/apereo/phpcas/source/ -> CAS.php (source)
Licensed to Jasig under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. Jasig licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at:
| Author: | Pascal Aubry <pascal.aubry@univ-rennes1.fr> |
| Author: | Olivier Berger <olivier.berger@it-sudparis.eu> |
| Author: | Brett Bieber <brett.bieber@gmail.com> |
| Author: | Joachim Fritschi <jfritschi@freenet.de> |
| Author: | Adam Franco <afranco@middlebury.edu> |
| License: | http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| File Size: | 2083 lines (65 kb) |
| Included or required: | 1 time |
| Referenced: | 1 time |
| Includes or requires: | 1 file auth/cas/CAS/vendor/apereo/phpcas/source/CAS/Autoload.php |
Defines 1 class
phpCAS:: (68 methods):
client()
proxy()
isInitialized()
setLogger()
setDebug()
setVerbose()
getVerbose()
log()
error()
trace()
traceBegin()
traceEnd()
traceExit()
setLang()
getVersion()
getSupportedProtocols()
setHTMLHeader()
setHTMLFooter()
setPGTStorage()
setPGTStorageDb()
setPGTStorageFile()
getProxiedService()
initializeProxiedService()
serviceWeb()
serviceMail()
setCacheTimesForAuthRecheck()
setCasAttributeParserCallback()
setPostAuthenticateCallback()
setSingleSignoutCallback()
checkAuthentication()
forceAuthentication()
renewAuthentication()
isAuthenticated()
isSessionAuthenticated()
getUser()
getAttributes()
hasAttributes()
hasAttribute()
getAttribute()
handleLogoutRequests()
getServerLoginURL()
setServerLoginURL()
setServerServiceValidateURL()
setServerProxyValidateURL()
setServerSamlValidateURL()
getServerLogoutURL()
setServerLogoutURL()
logout()
logoutWithRedirectService()
logoutWithUrl()
logoutWithRedirectServiceAndUrl()
setFixedCallbackURL()
setFixedServiceURL()
getServiceURL()
retrievePT()
setCasServerCACert()
setNoCasServerValidation()
setNoClearTicketsFromUrl()
setExtraCurlOption()
setSessionIdSalt()
allowProxyChain()
getProxies()
addRebroadcastNode()
addRebroadcastHeader()
_validateClientExists()
_validateProxyExists()
getCasClient()
setCasClient()
Defines 68 functions
The phpCAS class is a simple container for the phpCAS library. It provides CAS
authentication for web applications written in PHP.
authentication for web applications written in PHP.
| client($server_version, $server_hostname,$server_port, $server_uri, $service_base_url,$changeSessionID = true, \SessionHandlerInterface $sessionHandler = null) X-Ref |
| phpCAS client initializer. param: string $server_version the version of the CAS server param: string $server_hostname the hostname of the CAS server param: int $server_port the port the CAS server is running on param: string $server_uri the URI the CAS server is responding on param: string|string[]|CAS_ServiceBaseUrl_Interface param: bool $changeSessionID Allow phpCAS to change the session_id param: \SessionHandlerInterface $sessionHandler the session handler return: void a newly created CAS_Client object |
| proxy($server_version, $server_hostname,$server_port, $server_uri, $service_base_url,$changeSessionID = true, \SessionHandlerInterface $sessionHandler = null) X-Ref |
| phpCAS proxy initializer. param: string $server_version the version of the CAS server param: string $server_hostname the hostname of the CAS server param: string $server_port the port the CAS server is running on param: string $server_uri the URI the CAS server is responding on param: string|string[]|CAS_ServiceBaseUrl_Interface param: bool $changeSessionID Allow phpCAS to change the session_id param: \SessionHandlerInterface $sessionHandler the session handler return: void a newly created CAS_Client object |
| isInitialized() X-Ref |
| Answer whether or not the client or proxy has been initialized return: bool |
| setLogger($logger = null) X-Ref |
| Set/unset PSR-3 logger param: LoggerInterface $logger the PSR-3 logger used for logging, or return: void |
| setDebug($filename = '') X-Ref |
| Set/unset debug mode param: string $filename the name of the file used for logging, or false return: void |
| setVerbose($verbose) X-Ref |
| Enable verbose errors messages in the website output This is a security relevant since internal status info may leak an may help an attacker. Default is therefore false param: bool $verbose enable verbose output return: void |
| getVerbose() X-Ref |
| Show is verbose mode is on return: bool verbose |
| log($str) X-Ref |
| Logs a string in debug mode. param: string $str the string to write return: void |
| error($msg) X-Ref |
| This method is used by interface methods to print an error and where the function was originally called from. param: string $msg the message to print return: void |
| trace($str) X-Ref |
| This method is used to log something in debug mode. param: string $str string to log return: void |
| traceBegin() X-Ref |
| This method is used to indicate the start of the execution of a function in debug mode. return: void |
| traceEnd($res = '') X-Ref |
| This method is used to indicate the end of the execution of a function in debug mode. param: mixed $res the result of the function return: void |
| traceExit() X-Ref |
| This method is used to indicate the end of the execution of the program return: void |
| setLang($lang) X-Ref |
| This method is used to set the language used by phpCAS. param: string $lang string representing the language. return: void |
| getVersion() X-Ref |
| This method returns the phpCAS version. return: string the phpCAS version. |
| getSupportedProtocols() X-Ref |
| This method returns supported protocols. return: array an array of all supported protocols. Use internal protocol name as array key. |
| setHTMLHeader($header) X-Ref |
| This method sets the HTML header used for all outputs. param: string $header the HTML header. return: void |
| setHTMLFooter($footer) X-Ref |
| This method sets the HTML footer used for all outputs. param: string $footer the HTML footer. return: void |
| setPGTStorage($storage) X-Ref |
| This method can be used to set a custom PGT storage object. param: CAS_PGTStorage_AbstractStorage $storage a PGT storage object that inherits from the return: void |
| setPGTStorageDb($dsn_or_pdo, $username='',$password='', $table='', $driver_options=null) X-Ref |
| This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a database. param: string $dsn_or_pdo a dsn string to use for creating a PDO param: string $username the username to use when connecting to the param: string $password the password to use when connecting to the param: string $table the table to use for storing and retrieving param: string $driver_options any driver options to use when connecting return: void |
| setPGTStorageFile($path = '') X-Ref |
| This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the filesystem. param: string $path the path where the PGT's should be stored return: void |
| getProxiedService($type) X-Ref |
| Answer a proxy-authenticated service handler. param: string $type The service type. One of return: CAS_ProxiedService |
| initializeProxiedService(CAS_ProxiedService $proxiedService) X-Ref |
| Initialize a proxied-service handler with the proxy-ticket it should use. param: CAS_ProxiedService $proxiedService Proxied Service Handler return: void |
| serviceWeb($url, & $err_code, & $output) X-Ref |
| This method is used to access an HTTP[S] service. param: string $url the service to access. param: int &$err_code an error code Possible values are param: string &$output the output of the service (also used to give an return: bool true on success, false otherwise (in this later case, |
| serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) X-Ref |
| This method is used to access an IMAP/POP3/NNTP service. param: string $url a string giving the URL of the service, param: string $service a string giving for CAS retrieve Proxy ticket param: string $flags options given to imap_open(). param: int &$err_code an error code Possible values are param: string &$err_msg an error message on failure param: string &$pt the Proxy Ticket (PT) retrieved from the CAS return: object|false IMAP stream on success, false otherwise (in this later |
| setCacheTimesForAuthRecheck($n) X-Ref |
| Set the times authentication will be cached before really accessing the CAS server in gateway mode: - -1: check only once, and then never again (until you pree login) - 0: always check - n: check every "n" time param: int $n an integer. return: void |
| setCasAttributeParserCallback($function, array $additionalArgs = array() X-Ref |
| Set a callback function to be run when receiving CAS attributes The callback function will be passed an $success_elements payload of the response (\DOMElement) as its first parameter. param: string $function Callback function param: array $additionalArgs optional array of arguments return: void |
| setPostAuthenticateCallback($function, array $additionalArgs = array() X-Ref |
| Set a callback function to be run when a user authenticates. The callback function will be passed a $logoutTicket as its first parameter, followed by any $additionalArgs you pass. The $logoutTicket parameter is an opaque string that can be used to map the session-id to logout request in order to support single-signout in applications that manage their own sessions (rather than letting phpCAS start the session). phpCAS::forceAuthentication() will always exit and forward client unless they are already authenticated. To perform an action at the moment the user logs in (such as registering an account, performing logging, etc), register a callback function here. param: callable $function Callback function param: array $additionalArgs optional array of arguments return: void |
| setSingleSignoutCallback($function, array $additionalArgs = array() X-Ref |
| Set a callback function to be run when a single-signout request is received. The callback function will be passed a $logoutTicket as its first parameter, followed by any $additionalArgs you pass. The $logoutTicket parameter is an opaque string that can be used to map a session-id to the logout request in order to support single-signout in applications that manage their own sessions (rather than letting phpCAS start and destroy the session). param: callable $function Callback function param: array $additionalArgs optional array of arguments return: void |
| checkAuthentication() X-Ref |
| This method is called to check if the user is already authenticated locally or has a global cas session. A already existing cas session is determined by a cas gateway call.(cas login call without any interactive prompt) return: bool true when the user is authenticated, false when a previous |
| forceAuthentication() X-Ref |
| This method is called to force authentication if the user was not already authenticated. If the user is not authenticated, halt by redirecting to the CAS server. return: bool Authentication |
| renewAuthentication() X-Ref |
| This method is called to renew the authentication. return: void |
| isAuthenticated() X-Ref |
| This method is called to check if the user is authenticated (previously or by tickets given in the URL). return: bool true when the user is authenticated. |
| isSessionAuthenticated() X-Ref |
| Checks whether authenticated based on $_SESSION. Useful to avoid server calls. return: bool true if authenticated, false otherwise. |
| getUser() X-Ref |
| This method returns the CAS user's login name. return: string the login name of the authenticated user |
| getAttributes() X-Ref |
| Answer attributes about the authenticated user. return: array |
| hasAttributes() X-Ref |
| Answer true if there are attributes for the authenticated user. return: bool |
| hasAttribute($key) X-Ref |
| Answer true if an attribute exists for the authenticated user. param: string $key attribute name return: bool |
| getAttribute($key) X-Ref |
| Answer an attribute for the authenticated user. param: string $key attribute name return: mixed string for a single value or an array if multiple values exist. |
| handleLogoutRequests($check_client = true, $allowed_clients = array() X-Ref |
| Handle logout requests. param: bool $check_client additional safety check param: array $allowed_clients array of allowed clients return: void |
| getServerLoginURL() X-Ref |
| This method returns the URL to be used to login. return: string the login URL |
| setServerLoginURL($url = '') X-Ref |
| Set the login URL of the CAS server. param: string $url the login URL return: void |
| setServerServiceValidateURL($url = '') X-Ref |
| Set the serviceValidate URL of the CAS server. Used for all CAS versions of URL validations. Examples: CAS 1.0 http://www.exemple.com/validate CAS 2.0 http://www.exemple.com/validateURL CAS 3.0 http://www.exemple.com/p3/serviceValidate param: string $url the serviceValidate URL return: void |
| setServerProxyValidateURL($url = '') X-Ref |
| Set the proxyValidate URL of the CAS server. Used for all CAS versions of proxy URL validations Examples: CAS 1.0 http://www.exemple.com/ CAS 2.0 http://www.exemple.com/proxyValidate CAS 3.0 http://www.exemple.com/p3/proxyValidate param: string $url the proxyValidate URL return: void |
| setServerSamlValidateURL($url = '') X-Ref |
| Set the samlValidate URL of the CAS server. param: string $url the samlValidate URL return: void |
| getServerLogoutURL() X-Ref |
| This method returns the URL to be used to logout. return: string the URL to use to log out |
| setServerLogoutURL($url = '') X-Ref |
| Set the logout URL of the CAS server. param: string $url the logout URL return: void |
| logout($params = "") X-Ref |
| This method is used to logout from CAS. param: string $params an array that contains the optional url and return: void |
| logoutWithRedirectService($service) X-Ref |
| This method is used to logout from CAS. Halts by redirecting to the CAS server. param: string $service a URL that will be transmitted to the CAS server return: void |
| logoutWithUrl($url) X-Ref |
| This method is used to logout from CAS. Halts by redirecting to the CAS server. param: string $url a URL that will be transmitted to the CAS server return: void |
| logoutWithRedirectServiceAndUrl($service, $url) X-Ref |
| This method is used to logout from CAS. Halts by redirecting to the CAS server. param: string $service a URL that will be transmitted to the CAS server param: string $url a URL that will be transmitted to the CAS server return: void |
| setFixedCallbackURL($url = '') X-Ref |
| Set the fixed URL that will be used by the CAS server to transmit the PGT. When this method is not called, a phpCAS script uses its own URL for the callback. param: string $url the URL return: void |
| setFixedServiceURL($url) X-Ref |
| Set the fixed URL that will be set as the CAS service parameter. When this method is not called, a phpCAS script uses its own URL. param: string $url the URL return: void |
| getServiceURL() X-Ref |
| Get the URL that is set as the CAS service parameter. return: string Service Url |
| retrievePT($target_service, & $err_code, & $err_msg) X-Ref |
| Retrieve a Proxy Ticket from the CAS server. param: string $target_service Url string of service to proxy param: int &$err_code error code param: string &$err_msg error message return: string Proxy Ticket |
| setCasServerCACert($cert, $validate_cn = true) X-Ref |
| Set the certificate of the CAS server CA and if the CN should be properly verified. param: string $cert CA certificate file name param: bool $validate_cn Validate CN in certificate (default true) return: void |
| setNoCasServerValidation() X-Ref |
| Set no SSL validation for the CAS server. return: void |
| setNoClearTicketsFromUrl() X-Ref |
| Disable the removal of a CAS-Ticket from the URL when authenticating DISABLING POSES A SECURITY RISK: We normally remove the ticket by an additional redirect as a security precaution to prevent a ticket in the HTTP_REFERRER or be carried over in the URL parameter return: void |
| setExtraCurlOption($key, $value) X-Ref |
| Change CURL options. CURL is used to connect through HTTPS to CAS server param: string $key the option key param: string $value the value to set return: void |
| setSessionIdSalt($salt) X-Ref |
| Set a salt/seed for the session-id hash to make it harder to guess. When $changeSessionID = true phpCAS will create a session-id that is derived from the service ticket. Doing so allows phpCAS to look-up and destroy the proper session on single-log-out requests. While the service tickets provided by the CAS server may include enough data to generate a strong hash, clients may provide an additional salt to ensure that session ids are not guessable if the session tickets do not have enough entropy. param: string $salt The salt to combine with the session ticket. return: void |
| allowProxyChain(CAS_ProxyChain_Interface $proxy_chain) X-Ref |
| If you want your service to be proxied you have to enable it (default disabled) and define an accepable list of proxies that are allowed to proxy your service. Add each allowed proxy definition object. For the normal CAS_ProxyChain class, the constructor takes an array of proxies to match. The list is in reverse just as seen from the service. Proxies have to be defined in reverse from the service to the user. If a user hits service A and gets proxied via B to service C the list of acceptable on C would be array(B,A). The definition of an individual proxy can be either a string or a regexp (preg_match is used) that will be matched against the proxy list supplied by the cas server when validating the proxy tickets. The strings are compared starting from the beginning and must fully match with the proxies in the list. Example: phpCAS::allowProxyChain(new CAS_ProxyChain(array( 'https://app.example.com/' ))); phpCAS::allowProxyChain(new CAS_ProxyChain(array( '/^https:\/\/app[0-9]\.example\.com\/rest\//', 'http://client.example.com/' ))); For quick testing or in certain production screnarios you might want to allow allow any other valid service to proxy your service. To do so, add the "Any" chain: phpCAS::allowProxyChain(new CAS_ProxyChain_Any); THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER ON THIS SERVICE. param: CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be return: void |
| getProxies() X-Ref |
| Answer an array of proxies that are sitting in front of this application. This method will only return a non-empty array if we have received and validated a Proxy Ticket. return: array |
| addRebroadcastNode($rebroadcastNodeUrl) X-Ref |
| Add a pgtIou/pgtId and logoutRequest rebroadcast node. param: string $rebroadcastNodeUrl The rebroadcast node URL. Can be return: void |
| addRebroadcastHeader($header) X-Ref |
| This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest. param: String $header Header to send when rebroadcasting. return: void |
| _validateClientExists() X-Ref |
| Checks if a client already exists return: void |
| _validateProxyExists() X-Ref |
| Checks of a proxy client aready exists return: void |
| getCasClient() X-Ref |
return: CAS_Client |
| setCasClient(\CAS_Client $client) X-Ref |
| For testing purposes, use this method to set the client to a test double return: void |
