WIP: SSO login. Testing

.gitignore

@@ -8,6 +8,8 @@ drupal/modules/*
 !drupal/modules/epal/
 !drupal/modules/epalreadydata/
 !drupal/modules/oauthost/
+!drupal/modules/casost/
+drupal/modules/casost/src/CAS/*
 !drupal/modules/epaldeploysystem/
 
 # Logs

drupal/modules/casost/casost.info.yml

+name: casost
+type: module
+description: Authentication Provider OST
+core: 8.x
+package: casost

drupal/modules/casost/casost.links.action.yml

+entity.casost_config.add_form:
+  route_name: entity.casost_config.add_form
+  title: 'Add CASOST Config'
+  appears_on:
+    - entity.casost_config.collection
+entity.casost_session.add_form:
+  route_name: entity.casost_session.add_form
+  title: 'Add CASOST Session'
+  appears_on:
+    - entity.casost_session.collection

drupal/modules/casost/casost.links.menu.yml

+
+# CASOST Config menu items definition
+entity.casost_config.collection:
+  title: 'CASOST Config list'
+  route_name: entity.casost_config.collection
+  description: 'List CASOST Config entities'
+  parent: system.admin_structure
+  weight: 100
+
+casost_config.admin.structure.settings:
+  title: CASOST Config settings
+  description: 'Configure CASOST Config entities'
+  route_name: casost_config.settings
+  parent: system.admin_structure
+
+# CASOST Session menu items definition
+entity.casost_session.collection:
+  title: 'CASOST Session list'
+  route_name: entity.casost_session.collection
+  description: 'List CASOST Session entities'
+  parent: system.admin_structure
+  weight: 100
+
+casost_session.admin.structure.settings:
+  title: CASOST Session settings
+  description: 'Configure CASOST Session entities'
+  route_name: casost_session.settings
+  parent: system.admin_structure

drupal/modules/casost/casost.links.task.yml

+# CASOST Config routing definition
+casost_config.settings_tab:
+  route_name: casost_config.settings
+  title: 'Settings'
+  base_route: casost_config.settings
+
+entity.casost_config.canonical:
+  route_name: entity.casost_config.canonical
+  base_route: entity.casost_config.canonical
+  title: 'View'
+
+entity.casost_config.edit_form:
+  route_name: entity.casost_config.edit_form
+  base_route: entity.casost_config.canonical
+  title: 'Edit'
+
+entity.casost_config.delete_form:
+  route_name:  entity.casost_config.delete_form
+  base_route:  entity.casost_config.canonical
+  title: Delete
+  weight: 10
+
+# CASOST Session routing definition
+casost_session.settings_tab:
+  route_name: casost_session.settings
+  title: 'Settings'
+  base_route: casost_session.settings
+
+entity.casost_session.canonical:
+  route_name: entity.casost_session.canonical
+  base_route: entity.casost_session.canonical
+  title: 'View'
+
+entity.casost_session.edit_form:
+  route_name: entity.casost_session.edit_form
+  base_route: entity.casost_session.canonical
+  title: 'Edit'
+
+entity.casost_session.delete_form:
+  route_name:  entity.casost_session.delete_form
+  base_route:  entity.casost_session.canonical
+  title: Delete
+  weight: 10

drupal/modules/casost/casost.module

+<?php
+
+/**
+ * @file
+ * Contains casost.module.
+ */
+
+use Drupal\Core\Routing\RouteMatchInterface;
+
+/**
+ * Implements hook_help().
+ */
+function casost_help($route_name, RouteMatchInterface $route_match) {
+  switch ($route_name) {
+    // Main module help for the casost module.
+    case 'help.page.casost':
+      $output = '';
+      $output .= '<h3>' . t('About') . '</h3>';
+      $output .= '<p>' . t('Authentication Provider OST') . '</p>';
+      return $output;
+
+    default:
+  }
+}
+
+/**
+ * Implements hook_theme().
+ */
+function casost_theme() {
+  return [
+    'casost' => [
+      'template' => 'casost',
+      'render element' => 'children',
+    ],
+  ];
+}

drupal/modules/casost/casost.permissions.yml

+add casost config entities:
+  title: 'Create new CASOST Config entities'
+
+administer casost config entities:
+  title: 'Administer CASOST Config entities'
+  description: 'Allow to access the administration form to configure CASOST Config entities.'
+  restrict access: true
+
+delete casost config entities:
+  title: 'Delete CASOST Config entities'
+
+edit casost config entities:
+  title: 'Edit CASOST Config entities'
+
+access casost config overview:
+  title: 'Access the CASOST Config overview page'
+
+view published casost config entities:
+  title: 'View published CASOST Config entities'
+
+view unpublished casost config entities:
+  title: 'View unpublished CASOST Config entities'
+add casost session entities:
+  title: 'Create new CASOST Session entities'
+
+administer casost session entities:
+  title: 'Administer CASOST Session entities'
+  description: 'Allow to access the administration form to configure CASOST Session entities.'
+  restrict access: true
+
+delete casost session entities:
+  title: 'Delete CASOST Session entities'
+
+edit casost session entities:
+  title: 'Edit CASOST Session entities'
+
+access casost session overview:
+  title: 'Access the CASOST Session overview page'
+
+view published casost session entities:
+  title: 'View published CASOST Session entities'
+
+view unpublished casost session entities:
+  title: 'View unpublished CASOST Session entities'

drupal/modules/casost/casost.routing.yml

+casost.log_in_go:
+  path: /cas/login
+  defaults:
+    _controller: '\Drupal\casost\Controller\CASLogin::loginGo'
+  requirements:
+    _access: 'TRUE'
+casost.callback_log_in:
+  path: /cas/cb
+  defaults:
+    _controller: '\Drupal\casost\Controller\CBController::loginCB'
+  requirements:
+    _permission: 'access content'
+casost.log_out_go:
+  path: /cas/logout
+  options:
+    _auth: [ 'basic_auth' ]
+  defaults:
+    _controller: '\Drupal\casost\Controller\CASLogout::logoutGo'
+  requirements:
+    _user_is_logged_in: 'TRUE'

drupal/modules/casost/casost.services.yml

+services:
+  logger.channel.cas:
+    parent: 'logger.channel_base'
+    arguments: ['epal']

drupal/modules/casost/casost_config.page.inc

+<?php
+
+/**
+ * @file
+ * Contains casost_config.page.inc.
+ *
+ * Page callback for CASOST Config entities.
+ */
+
+use Drupal\Core\Render\Element;
+
+/**
+ * Prepares variables for CASOST Config templates.
+ *
+ * Default template: casost_config.html.twig.
+ *
+ * @param array $variables
+ *   An associative array containing:
+ *   - elements: An associative array containing the user information and any
+ *   - attributes: HTML attributes for the containing element.
+ */
+function template_preprocess_casost_config(array &$variables) {
+  // Fetch CASOSTConfig Entity Object.
+  $casost_config = $variables['elements']['#casost_config'];
+
+  // Helpful $content variable for templates.
+  foreach (Element::children($variables['elements']) as $key) {
+    $variables['content'][$key] = $variables['elements'][$key];
+  }
+}

drupal/modules/casost/casost_session.page.inc

+<?php
+
+/**
+ * @file
+ * Contains casost_session.page.inc.
+ *
+ * Page callback for CASOST Session entities.
+ */
+
+use Drupal\Core\Render\Element;
+
+/**
+ * Prepares variables for CASOST Session templates.
+ *
+ * Default template: casost_session.html.twig.
+ *
+ * @param array $variables
+ *   An associative array containing:
+ *   - elements: An associative array containing the user information and any
+ *   - attributes: HTML attributes for the containing element.
+ */
+function template_preprocess_casost_session(array &$variables) {
+  // Fetch CASOSTSession Entity Object.
+  $casost_session = $variables['elements']['#casost_session'];
+
+  // Helpful $content variable for templates.
+  foreach (Element::children($variables['elements']) as $key) {
+    $variables['content'][$key] = $variables['elements'][$key];
+  }
+}

drupal/modules/casost/composer.json

+{
+  "name": "drupal/casost",
+  "type": "drupal-module",
+  "description": "Authentication Provider OST",
+  "keywords": ["Drupal"],
+  "license": "GPL-2.0+",
+  "homepage": "https://www.drupal.org/project/casost",
+  "minimum-stability": "dev",
+  "support": {
+    "issues": "https://www.drupal.org/project/issues/casost",
+    "source": "http://cgit.drupalcode.org/casost"
+  },
+  "require": { }
+}

drupal/modules/casost/src/CAS/CAS/AuthenticationException.php

+<?php
+
+/**
+ * Licensed to Jasig under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * Jasig licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * PHP Version 5
+ *
+ * @file     CAS/AuthenticationException.php
+ * @category Authentication
+ * @package  PhpCAS
+ * @author   Joachim Fritschi <jfritschi@freenet.de>
+ * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
+ * @link     https://wiki.jasig.org/display/CASC/phpCAS
+ */
+
+/**
+ * This interface defines methods that allow proxy-authenticated service handlers
+ * to interact with phpCAS.
+ *
+ * Proxy service handlers must implement this interface as well as call
+ * phpCAS::initializeProxiedService($this) at some point in their implementation.
+ *
+ * While not required, proxy-authenticated service handlers are encouraged to
+ * implement the CAS_ProxiedService_Testable interface to facilitate unit testing.
+ *
+ * @class    CAS_AuthenticationException
+ * @category Authentication
+ * @package  PhpCAS
+ * @author   Joachim Fritschi <jfritschi@freenet.de>
+ * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
+ * @link     https://wiki.jasig.org/display/CASC/phpCAS
+ */
+
+class CAS_AuthenticationException
+extends RuntimeException
+implements CAS_Exception
+{
+
+    /**
+     * This method is used to print the HTML output when the user was not
+     * authenticated.
+     *
+     * @param CAS_Client $client       phpcas client
+     * @param string     $failure      the failure that occured
+     * @param string     $cas_url      the URL the CAS server was asked for
+     * @param bool       $no_response  the response from the CAS server (other
+     * parameters are ignored if TRUE)
+     * @param bool       $bad_response bad response from the CAS server ($err_code
+     * and $err_msg ignored if TRUE)
+     * @param string     $cas_response the response of the CAS server
+     * @param int        $err_code     the error code given by the CAS server
+     * @param string     $err_msg      the error message given by the CAS server
+     */
+    public function __construct($client,$failure,$cas_url,$no_response,
+        $bad_response='',$cas_response='',$err_code='',$err_msg=''
+    ) {
+        phpCAS::traceBegin();
+        $lang = $client->getLangObj();
+        $client->printHTMLHeader($lang->getAuthenticationFailed());
+        printf(
+            $lang->getYouWereNotAuthenticated(),
+            htmlentities($client->getURL()),
+            isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN']:''
+        );
+        phpCAS::trace('CAS URL: '.$cas_url);
+        phpCAS::trace('Authentication failure: '.$failure);
+        if ( $no_response ) {
+            phpCAS::trace('Reason: no response from the CAS server');
+        } else {
+            if ( $bad_response ) {
+                phpCAS::trace('Reason: bad response from the CAS server');
+            } else {
+                switch ($client->getServerVersion()) {
+                case CAS_VERSION_1_0:
+                    phpCAS::trace('Reason: CAS error');
+                    break;
+                case CAS_VERSION_2_0:
+                case CAS_VERSION_3_0:
+                    if ( empty($err_code) ) {
+                        phpCAS::trace('Reason: no CAS error');
+                    } else {
+                        phpCAS::trace('Reason: ['.$err_code.'] CAS error: '.$err_msg);
+                    }
+                    break;
+                }
+            }
+            phpCAS::trace('CAS response: '.$cas_response);
+        }
+        $client->printHTMLFooter();
+        phpCAS::traceExit();
+    }
+
+}
+?>

drupal/modules/casost/src/CAS/CAS/Autoload.php

+<?php
+
+/**
+ * Autoloader Class
+ *
+ *  PHP Version 5
+ *
+ * @file      CAS/Autoload.php
+ * @category  Authentication
+ * @package   SimpleCAS
+ * @author    Brett Bieber <brett.bieber@gmail.com>
+ * @copyright 2008 Regents of the University of Nebraska
+ * @license   http://www1.unl.edu/wdn/wiki/Software_License BSD License
+ * @link      http://code.google.com/p/simplecas/
+ **/
+
+/**
+ * Autoload a class
+ *
+ * @param string $class Classname to load
+ *
+ * @return bool
+ */
+function CAS_autoload($class)
+{
+    // Static to hold the Include Path to CAS
+    static $include_path;
+    // Check only for CAS classes
+    if (substr($class, 0, 4) !== 'CAS_') {
+        return false;
+    }
+    // Setup the include path if it's not already set from a previous call
+    if (empty($include_path)) {
+        $include_path = array(dirname(dirname(__FILE__)), dirname(dirname(__FILE__)) . '/../test/' );
+    }
+
+    // Declare local variable to store the expected full path to the file
+
+    foreach ($include_path as $path) {
+        $file_path = $path . '/' . str_replace('_', '/', $class) . '.php';
+        $fp = @fopen($file_path, 'r', true);
+        if ($fp) {
+            fclose($fp);
+            include $file_path;
+            if (!class_exists($class, false) && !interface_exists($class, false)) {
+                die(
+                    new Exception(
+                        'Class ' . $class . ' was not present in ' .
+                        $file_path .
+                        ' [CAS_autoload]'
+                    )
+                );
+            }
+            return true;
+        }
+    }
+    $e = new Exception(
+        'Class ' . $class . ' could not be loaded from ' .
+        $file_path . ', file does not exist (Path="'
+        . implode(':', $include_path) .'") [CAS_autoload]'
+    );
+    $trace = $e->getTrace();
+    if (isset($trace[2]) && isset($trace[2]['function'])
+        && in_array($trace[2]['function'], array('class_exists', 'interface_exists'))
+    ) {
+        return false;
+    }
+    if (isset($trace[1]) && isset($trace[1]['function'])
+        && in_array($trace[1]['function'], array('class_exists', 'interface_exists'))
+    ) {
+        return false;
+    }
+    die ((string) $e);
+}
+
+// set up __autoload
+if (function_exists('spl_autoload_register')) {
+    if (!(spl_autoload_functions())
+        || !in_array('CAS_autoload', spl_autoload_functions())
+    ) {
+        spl_autoload_register('CAS_autoload');
+        if (function_exists('__autoload')
+            && !in_array('__autoload', spl_autoload_functions())
+        ) {
+            // __autoload() was being used, but now would be ignored, add
+            // it to the autoload stack
+            spl_autoload_register('__autoload');
+        }
+    }
+} elseif (!function_exists('__autoload')) {
+
+    /**
+     * Autoload a class
+     *
+     * @param string $class Class name
+     *
+     * @return bool
+     */
+    function __autoload($class)
+    {
+        return CAS_autoload($class);
+    }
+}
+
+?>
\ No newline at end of file

drupal/modules/casost/src/CAS/CAS/CookieJar.php

+<?php
+
+/**
+ * Licensed to Jasig under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * Jasig licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * PHP Version 5
+ *
+ * @file     CAS/CookieJar.php
+ * @category Authentication
+ * @package  PhpCAS
+ * @author   Adam Franco <afranco@middlebury.edu>
+ * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
+ * @link     https://wiki.jasig.org/display/CASC/phpCAS
+ */
+
+/**
+ * This class provides access to service cookies and handles parsing of response
+ * headers to pull out cookie values.
+ *
+ * @class    CAS_CookieJar
+ * @category Authentication
+ * @package  PhpCAS
+ * @author   Adam Franco <afranco@middlebury.edu>
+ * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
+ * @link     https://wiki.jasig.org/display/CASC/phpCAS
+ */
+class CAS_CookieJar
+{
+
+    private $_cookies;
+
+    /**
+     * Create a new cookie jar by passing it a reference to an array in which it
+     * should store cookies.
+     *
+     * @param array &$storageArray Array to store cookies
+     *
+     * @return void
+     */
+    public function __construct (array &$storageArray)
+    {
+        $this->_cookies =& $storageArray;
+    }
+
+    /**
+     * Store cookies for a web service request.
+     * Cookie storage is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt
+     *
+     * @param string $request_url      The URL that generated the response headers.
+     * @param array  $response_headers An array of the HTTP response header strings.
+     *
+     * @return void
+     *
+     * @access private
+     */
+    public function storeCookies ($request_url, $response_headers)
+    {
+        $urlParts = parse_url($request_url);
+        $defaultDomain = $urlParts['host'];
+
+        $cookies = $this->parseCookieHeaders($response_headers, $defaultDomain);
+
+        // var_dump($cookies);
+        foreach ($cookies as $cookie) {
+            // Enforce the same-origin policy by verifying that the cookie
+            // would match the url that is setting it
+            if (!$this->cookieMatchesTarget($cookie, $urlParts)) {
+                continue;
+            }
+
+            // store the cookie
+            $this->storeCookie($cookie);
+
+            phpCAS::trace($cookie['name'].' -> '.$cookie['value']);
+        }
+    }
+
+    /**
+     * Retrieve cookies applicable for a web service request.
+     * Cookie applicability is based on RFC 2965: http://www.ietf.org/rfc/rfc2965.txt