Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.0.x will end 8 May 2023 (12 months).
- Bug fixes for security issues in 4.0.x will end 13 November 2023 (18 months).
- PHP version: minimum PHP 7.3.0 Note: the minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is also supported.
/auth/cas/CAS/vendor/apereo/phpcas/source/ -> CAS.php (source)
Licensed to Jasig under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. Jasig licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at:
| Author: | Pascal Aubry <pascal.aubry@univ-rennes1.fr> |
| Author: | Olivier Berger <olivier.berger@it-sudparis.eu> |
| Author: | Brett Bieber <brett.bieber@gmail.com> |
| Author: | Joachim Fritschi <jfritschi@freenet.de> |
| Author: | Adam Franco <afranco@middlebury.edu> |
| License: | http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 |
| File Size: | 2083 lines (65 kb) |
| Included or required: | 1 time |
| Referenced: | 1 time |
| Includes or requires: | 1 file auth/cas/CAS/vendor/apereo/phpcas/source/CAS/Autoload.php |
Defines 1 class
phpCAS:: (68 methods):
client()
proxy()
isInitialized()
setLogger()
setDebug()
setVerbose()
getVerbose()
log()
error()
trace()
traceBegin()
traceEnd()
traceExit()
setLang()
getVersion()
getSupportedProtocols()
setHTMLHeader()
setHTMLFooter()
setPGTStorage()
setPGTStorageDb()
setPGTStorageFile()
getProxiedService()
initializeProxiedService()
serviceWeb()
serviceMail()
setCacheTimesForAuthRecheck()
setCasAttributeParserCallback()
setPostAuthenticateCallback()
setSingleSignoutCallback()
checkAuthentication()
forceAuthentication()
renewAuthentication()
isAuthenticated()
isSessionAuthenticated()
getUser()
getAttributes()
hasAttributes()
hasAttribute()
getAttribute()
handleLogoutRequests()
getServerLoginURL()
setServerLoginURL()
setServerServiceValidateURL()
setServerProxyValidateURL()
setServerSamlValidateURL()
getServerLogoutURL()
setServerLogoutURL()
logout()
logoutWithRedirectService()
logoutWithUrl()
logoutWithRedirectServiceAndUrl()
setFixedCallbackURL()
setFixedServiceURL()
getServiceURL()
retrievePT()
setCasServerCACert()
setNoCasServerValidation()
setNoClearTicketsFromUrl()
setExtraCurlOption()
setSessionIdSalt()
allowProxyChain()
getProxies()
addRebroadcastNode()
addRebroadcastHeader()
_validateClientExists()
_validateProxyExists()
getCasClient()
setCasClient()
Defines 68 functions
The phpCAS class is a simple container for the phpCAS library. It provides CAS
authentication for web applications written in PHP.
authentication for web applications written in PHP.
| client($server_version, $server_hostname,$server_port, $server_uri, $service_base_url,$changeSessionID = true, \SessionHandlerInterface $sessionHandler = null) X-Ref |
| phpCAS client initializer. return: void a newly created CAS_Client object param: string $server_version the version of the CAS server param: string $server_hostname the hostname of the CAS server param: int $server_port the port the CAS server is running on param: string $server_uri the URI the CAS server is responding on param: string|string[]|CAS_ServiceBaseUrl_Interface param: bool $changeSessionID Allow phpCAS to change the session_id param: \SessionHandlerInterface $sessionHandler the session handler |
| proxy($server_version, $server_hostname,$server_port, $server_uri, $service_base_url,$changeSessionID = true, \SessionHandlerInterface $sessionHandler = null) X-Ref |
| phpCAS proxy initializer. return: void a newly created CAS_Client object param: string $server_version the version of the CAS server param: string $server_hostname the hostname of the CAS server param: string $server_port the port the CAS server is running on param: string $server_uri the URI the CAS server is responding on param: string|string[]|CAS_ServiceBaseUrl_Interface param: bool $changeSessionID Allow phpCAS to change the session_id param: \SessionHandlerInterface $sessionHandler the session handler |
| isInitialized() X-Ref |
| Answer whether or not the client or proxy has been initialized return: bool |
| setLogger($logger = null) X-Ref |
| Set/unset PSR-3 logger return: void param: LoggerInterface $logger the PSR-3 logger used for logging, or |
| setDebug($filename = '') X-Ref |
| Set/unset debug mode return: void param: string $filename the name of the file used for logging, or false |
| setVerbose($verbose) X-Ref |
| Enable verbose errors messages in the website output This is a security relevant since internal status info may leak an may help an attacker. Default is therefore false return: void param: bool $verbose enable verbose output |
| getVerbose() X-Ref |
| Show is verbose mode is on return: bool verbose |
| log($str) X-Ref |
| Logs a string in debug mode. return: void param: string $str the string to write |
| error($msg) X-Ref |
| This method is used by interface methods to print an error and where the function was originally called from. return: void param: string $msg the message to print |
| trace($str) X-Ref |
| This method is used to log something in debug mode. return: void param: string $str string to log |
| traceBegin() X-Ref |
| This method is used to indicate the start of the execution of a function in debug mode. return: void |
| traceEnd($res = '') X-Ref |
| This method is used to indicate the end of the execution of a function in debug mode. return: void param: mixed $res the result of the function |
| traceExit() X-Ref |
| This method is used to indicate the end of the execution of the program return: void |
| setLang($lang) X-Ref |
| This method is used to set the language used by phpCAS. return: void param: string $lang string representing the language. |
| getVersion() X-Ref |
| This method returns the phpCAS version. return: string the phpCAS version. |
| getSupportedProtocols() X-Ref |
| This method returns supported protocols. return: array an array of all supported protocols. Use internal protocol name as array key. |
| setHTMLHeader($header) X-Ref |
| This method sets the HTML header used for all outputs. return: void param: string $header the HTML header. |
| setHTMLFooter($footer) X-Ref |
| This method sets the HTML footer used for all outputs. return: void param: string $footer the HTML footer. |
| setPGTStorage($storage) X-Ref |
| This method can be used to set a custom PGT storage object. return: void param: CAS_PGTStorage_AbstractStorage $storage a PGT storage object that inherits from the |
| setPGTStorageDb($dsn_or_pdo, $username='',$password='', $table='', $driver_options=null) X-Ref |
| This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a database. return: void param: string $dsn_or_pdo a dsn string to use for creating a PDO param: string $username the username to use when connecting to the param: string $password the password to use when connecting to the param: string $table the table to use for storing and retrieving param: string $driver_options any driver options to use when connecting |
| setPGTStorageFile($path = '') X-Ref |
| This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the filesystem. return: void param: string $path the path where the PGT's should be stored |
| getProxiedService($type) X-Ref |
| Answer a proxy-authenticated service handler. return: CAS_ProxiedService param: string $type The service type. One of |
| initializeProxiedService(CAS_ProxiedService $proxiedService) X-Ref |
| Initialize a proxied-service handler with the proxy-ticket it should use. return: void param: CAS_ProxiedService $proxiedService Proxied Service Handler |
| serviceWeb($url, & $err_code, & $output) X-Ref |
| This method is used to access an HTTP[S] service. return: bool true on success, false otherwise (in this later case, param: string $url the service to access. param: int &$err_code an error code Possible values are param: string &$output the output of the service (also used to give an |
| serviceMail($url, $service, $flags, & $err_code, & $err_msg, & $pt) X-Ref |
| This method is used to access an IMAP/POP3/NNTP service. return: object|false IMAP stream on success, false otherwise (in this later param: string $url a string giving the URL of the service, param: string $service a string giving for CAS retrieve Proxy ticket param: string $flags options given to imap_open(). param: int &$err_code an error code Possible values are param: string &$err_msg an error message on failure param: string &$pt the Proxy Ticket (PT) retrieved from the CAS |
| setCacheTimesForAuthRecheck($n) X-Ref |
| Set the times authentication will be cached before really accessing the CAS server in gateway mode: - -1: check only once, and then never again (until you pree login) - 0: always check - n: check every "n" time return: void param: int $n an integer. |
| setCasAttributeParserCallback($function, array $additionalArgs = array() X-Ref |
| Set a callback function to be run when receiving CAS attributes The callback function will be passed an $success_elements payload of the response (\DOMElement) as its first parameter. return: void param: string $function Callback function param: array $additionalArgs optional array of arguments |
| setPostAuthenticateCallback($function, array $additionalArgs = array() X-Ref |
| Set a callback function to be run when a user authenticates. The callback function will be passed a $logoutTicket as its first parameter, followed by any $additionalArgs you pass. The $logoutTicket parameter is an opaque string that can be used to map the session-id to logout request in order to support single-signout in applications that manage their own sessions (rather than letting phpCAS start the session). phpCAS::forceAuthentication() will always exit and forward client unless they are already authenticated. To perform an action at the moment the user logs in (such as registering an account, performing logging, etc), register a callback function here. return: void param: callable $function Callback function param: array $additionalArgs optional array of arguments |
| setSingleSignoutCallback($function, array $additionalArgs = array() X-Ref |
| Set a callback function to be run when a single-signout request is received. The callback function will be passed a $logoutTicket as its first parameter, followed by any $additionalArgs you pass. The $logoutTicket parameter is an opaque string that can be used to map a session-id to the logout request in order to support single-signout in applications that manage their own sessions (rather than letting phpCAS start and destroy the session). return: void param: callable $function Callback function param: array $additionalArgs optional array of arguments |
| checkAuthentication() X-Ref |
| This method is called to check if the user is already authenticated locally or has a global cas session. A already existing cas session is determined by a cas gateway call.(cas login call without any interactive prompt) return: bool true when the user is authenticated, false when a previous |
| forceAuthentication() X-Ref |
| This method is called to force authentication if the user was not already authenticated. If the user is not authenticated, halt by redirecting to the CAS server. return: bool Authentication |
| renewAuthentication() X-Ref |
| This method is called to renew the authentication. return: void |
| isAuthenticated() X-Ref |
| This method is called to check if the user is authenticated (previously or by tickets given in the URL). return: bool true when the user is authenticated. |
| isSessionAuthenticated() X-Ref |
| Checks whether authenticated based on $_SESSION. Useful to avoid server calls. return: bool true if authenticated, false otherwise. |
| getUser() X-Ref |
| This method returns the CAS user's login name. return: string the login name of the authenticated user |
| getAttributes() X-Ref |
| Answer attributes about the authenticated user. return: array |
| hasAttributes() X-Ref |
| Answer true if there are attributes for the authenticated user. return: bool |
| hasAttribute($key) X-Ref |
| Answer true if an attribute exists for the authenticated user. return: bool param: string $key attribute name |
| getAttribute($key) X-Ref |
| Answer an attribute for the authenticated user. return: mixed string for a single value or an array if multiple values exist. param: string $key attribute name |
| handleLogoutRequests($check_client = true, $allowed_clients = array() X-Ref |
| Handle logout requests. return: void param: bool $check_client additional safety check param: array $allowed_clients array of allowed clients |
| getServerLoginURL() X-Ref |
| This method returns the URL to be used to login. return: string the login URL |
| setServerLoginURL($url = '') X-Ref |
| Set the login URL of the CAS server. return: void param: string $url the login URL |
| setServerServiceValidateURL($url = '') X-Ref |
| Set the serviceValidate URL of the CAS server. Used for all CAS versions of URL validations. Examples: CAS 1.0 http://www.exemple.com/validate CAS 2.0 http://www.exemple.com/validateURL CAS 3.0 http://www.exemple.com/p3/serviceValidate return: void param: string $url the serviceValidate URL |
| setServerProxyValidateURL($url = '') X-Ref |
| Set the proxyValidate URL of the CAS server. Used for all CAS versions of proxy URL validations Examples: CAS 1.0 http://www.exemple.com/ CAS 2.0 http://www.exemple.com/proxyValidate CAS 3.0 http://www.exemple.com/p3/proxyValidate return: void param: string $url the proxyValidate URL |
| setServerSamlValidateURL($url = '') X-Ref |
| Set the samlValidate URL of the CAS server. return: void param: string $url the samlValidate URL |
| getServerLogoutURL() X-Ref |
| This method returns the URL to be used to logout. return: string the URL to use to log out |
| setServerLogoutURL($url = '') X-Ref |
| Set the logout URL of the CAS server. return: void param: string $url the logout URL |
| logout($params = "") X-Ref |
| This method is used to logout from CAS. return: void param: string $params an array that contains the optional url and |
| logoutWithRedirectService($service) X-Ref |
| This method is used to logout from CAS. Halts by redirecting to the CAS server. return: void param: string $service a URL that will be transmitted to the CAS server |
| logoutWithUrl($url) X-Ref |
| This method is used to logout from CAS. Halts by redirecting to the CAS server. return: void param: string $url a URL that will be transmitted to the CAS server |
| logoutWithRedirectServiceAndUrl($service, $url) X-Ref |
| This method is used to logout from CAS. Halts by redirecting to the CAS server. return: void param: string $service a URL that will be transmitted to the CAS server param: string $url a URL that will be transmitted to the CAS server |
| setFixedCallbackURL($url = '') X-Ref |
| Set the fixed URL that will be used by the CAS server to transmit the PGT. When this method is not called, a phpCAS script uses its own URL for the callback. return: void param: string $url the URL |
| setFixedServiceURL($url) X-Ref |
| Set the fixed URL that will be set as the CAS service parameter. When this method is not called, a phpCAS script uses its own URL. return: void param: string $url the URL |
| getServiceURL() X-Ref |
| Get the URL that is set as the CAS service parameter. return: string Service Url |
| retrievePT($target_service, & $err_code, & $err_msg) X-Ref |
| Retrieve a Proxy Ticket from the CAS server. return: string Proxy Ticket param: string $target_service Url string of service to proxy param: int &$err_code error code param: string &$err_msg error message |
| setCasServerCACert($cert, $validate_cn = true) X-Ref |
| Set the certificate of the CAS server CA and if the CN should be properly verified. return: void param: string $cert CA certificate file name param: bool $validate_cn Validate CN in certificate (default true) |
| setNoCasServerValidation() X-Ref |
| Set no SSL validation for the CAS server. return: void |
| setNoClearTicketsFromUrl() X-Ref |
| Disable the removal of a CAS-Ticket from the URL when authenticating DISABLING POSES A SECURITY RISK: We normally remove the ticket by an additional redirect as a security precaution to prevent a ticket in the HTTP_REFERRER or be carried over in the URL parameter return: void |
| setExtraCurlOption($key, $value) X-Ref |
| Change CURL options. CURL is used to connect through HTTPS to CAS server return: void param: string $key the option key param: string $value the value to set |
| setSessionIdSalt($salt) X-Ref |
| Set a salt/seed for the session-id hash to make it harder to guess. When $changeSessionID = true phpCAS will create a session-id that is derived from the service ticket. Doing so allows phpCAS to look-up and destroy the proper session on single-log-out requests. While the service tickets provided by the CAS server may include enough data to generate a strong hash, clients may provide an additional salt to ensure that session ids are not guessable if the session tickets do not have enough entropy. return: void param: string $salt The salt to combine with the session ticket. |
| allowProxyChain(CAS_ProxyChain_Interface $proxy_chain) X-Ref |
| If you want your service to be proxied you have to enable it (default disabled) and define an accepable list of proxies that are allowed to proxy your service. Add each allowed proxy definition object. For the normal CAS_ProxyChain class, the constructor takes an array of proxies to match. The list is in reverse just as seen from the service. Proxies have to be defined in reverse from the service to the user. If a user hits service A and gets proxied via B to service C the list of acceptable on C would be array(B,A). The definition of an individual proxy can be either a string or a regexp (preg_match is used) that will be matched against the proxy list supplied by the cas server when validating the proxy tickets. The strings are compared starting from the beginning and must fully match with the proxies in the list. Example: phpCAS::allowProxyChain(new CAS_ProxyChain(array( 'https://app.example.com/' ))); phpCAS::allowProxyChain(new CAS_ProxyChain(array( '/^https:\/\/app[0-9]\.example\.com\/rest\//', 'http://client.example.com/' ))); For quick testing or in certain production screnarios you might want to allow allow any other valid service to proxy your service. To do so, add the "Any" chain: phpCAS::allowProxyChain(new CAS_ProxyChain_Any); THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER ON THIS SERVICE. return: void param: CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be |
| getProxies() X-Ref |
| Answer an array of proxies that are sitting in front of this application. This method will only return a non-empty array if we have received and validated a Proxy Ticket. return: array |
| addRebroadcastNode($rebroadcastNodeUrl) X-Ref |
| Add a pgtIou/pgtId and logoutRequest rebroadcast node. return: void param: string $rebroadcastNodeUrl The rebroadcast node URL. Can be |
| addRebroadcastHeader($header) X-Ref |
| This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest. return: void param: String $header Header to send when rebroadcasting. |
| _validateClientExists() X-Ref |
| Checks if a client already exists return: void |
| _validateProxyExists() X-Ref |
| Checks of a proxy client aready exists return: void |
| getCasClient() X-Ref |
return: CAS_Client |
| setCasClient(\CAS_Client $client) X-Ref |
| For testing purposes, use this method to set the client to a test double return: void |
