Fix login redirects; fix logout problems; add new casost_config parameter

parent 7e658bc2
...@@ -99,15 +99,13 @@ class CASLogin extends ControllerBase ...@@ -99,15 +99,13 @@ class CASLogin extends ControllerBase
// Enable verbose error messages. Disable in production! // Enable verbose error messages. Disable in production!
//phpCAS::setVerbose(true); //phpCAS::setVerbose(true);
phpCAS::client($this->serverVersion, phpCAS::client(
$this->serverVersion,
$this->serverHostname, $this->serverHostname,
intval($this->serverPort), intval($this->serverPort),
$this->serverUri, $this->serverUri,
boolval($this->changeSessionId)); boolval($this->changeSessionId)
);
// \phpCAS::setServerLoginURL('http://sso-test.sch.gr/login');
// \phpCAS::setServerServiceValidateURL('http://sso-test.sch.gr/cas/samlValidate');
if ($this->CASServerCACert) { if ($this->CASServerCACert) {
if ($this->CASServerCNValidate) { if ($this->CASServerCNValidate) {
...@@ -124,12 +122,9 @@ class CASLogin extends ControllerBase ...@@ -124,12 +122,9 @@ class CASLogin extends ControllerBase
return $this->redirectForbidden($configRowName, '5001'); return $this->redirectForbidden($configRowName, '5001');
} }
$attributes = phpCAS::getAttributes(); $attributes = phpCAS::getAttributes();
/* foreach ($attributes as $attr_key => $attr_value) {
$this->logger->warning($attr_key);
$this->logger->warning(phpCAS::getAttribute($attr_key));
} */
/* $isAllowed = true; /*
$isAllowed = true;
$att1 = $attributes[$this->allowed1]; $att1 = $attributes[$this->allowed1];
$att2 = $attributes[$this->allowed2]; $att2 = $attributes[$this->allowed2];
if (!isset($att1) || !isset($att2)) { if (!isset($att1) || !isset($att2)) {
...@@ -155,15 +150,17 @@ class CASLogin extends ControllerBase ...@@ -155,15 +150,17 @@ class CASLogin extends ControllerBase
} }
if (!$found1 || !$found2) { if (!$found1 || !$found2) {
$isAllowed = false; $isAllowed = false;
} */ }
/* if (!$isAllowed) { if (!$isAllowed) {
$response = new Response(); $response = new Response();
$response->setContent(t('Access is allowed only to official school accounts')); $response->setContent(t('Access is allowed only to official school accounts'));
$response->setStatusCode(Response::HTTP_FORBIDDEN); $response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json;charset=UTF-8'); $response->headers->set('Content-Type', 'application/json;charset=UTF-8');
return $response; return $response;
} */ }
*/
$CASUser = phpCAS::getUser(); $CASUser = phpCAS::getUser();
$this->logger->warning($CASUser); $this->logger->warning($CASUser);
...@@ -179,14 +176,15 @@ class CASLogin extends ControllerBase ...@@ -179,14 +176,15 @@ class CASLogin extends ControllerBase
$physicaldeliveryofficename = $filterAttribute("physicaldeliveryofficename"); $physicaldeliveryofficename = $filterAttribute("physicaldeliveryofficename");
/****** the following is for production ***************************/ /****** the following is for production : Χρήση μόνο από ΕΠΙΣΗΜΟΥΣ ΛΟΓΑΡΙΑΣΜΟΥΣ ***************************/
/*
/* if (!$umdobject || $umdobject !== "Account") { if (!$umdobject || $umdobject !== "Account") {
return $this->redirectForbidden($configRowName, '5002'); return $this->redirectForbidden($configRowName, '5002');
} }
if (!$physicaldeliveryofficename || preg_replace('/\s+/', '', $physicaldeliveryofficename) !== 'ΕΠΙΣΗΜΟΣΛΟΓΑΡΙΑΣΜΟΣ') { if (!$physicaldeliveryofficename || preg_replace('/\s+/', '', $physicaldeliveryofficename) !== 'ΕΠΙΣΗΜΟΣΛΟΓΑΡΙΑΣΜΟΣ') {
return $this->redirectForbidden($configRowName, '5003'); return $this->redirectForbidden($configRowName, '5003');
} */ }
*/
phpCAS::trace($umdobject); phpCAS::trace($umdobject);
phpCAS::trace($physicaldeliveryofficename); phpCAS::trace($physicaldeliveryofficename);
...@@ -198,20 +196,14 @@ class CASLogin extends ControllerBase ...@@ -198,20 +196,14 @@ class CASLogin extends ControllerBase
return $this->redirectForbidden($configRowName, '5004'); return $this->redirectForbidden($configRowName, '5004');
} }
// $this->logger->warning('redirecturl=' . $this->redirectUrl);
$epalToken = $this->authenticatePhase2($request, $CASUser, $userAssigned, $filterAttribute('cn')); $epalToken = $this->authenticatePhase2($request, $CASUser, $userAssigned, $filterAttribute('cn'));
if ($epalToken) { if ($epalToken) {
if ('casost_sch_sso_config' === $configRowName) { if ('casost_sch_sso_config' === $configRowName) {
/* $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false); */
return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []); return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
} else { } else {
\Drupal::service('page_cache_kill_switch')->trigger(); \Drupal::service('page_cache_kill_switch')->trigger();
return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []); return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
} }
// $headers = array("auth_token" => $epalToken, "auth_role" => "director");
// return new RedirectResponse($this->redirectUrl, 302, $headers);
} else { } else {
return $this->redirectForbidden($configRowName, '5005'); return $this->redirectForbidden($configRowName, '5005');
} }
......
...@@ -20,6 +20,7 @@ class CASLogout extends ControllerBase ...@@ -20,6 +20,7 @@ class CASLogout extends ControllerBase
protected $serverPort; protected $serverPort;
protected $serverUri; protected $serverUri;
protected $changeSessionId; protected $changeSessionId;
protected $logoutRedirectUrl;
protected $CASServerCACert; protected $CASServerCACert;
protected $CASServerCNValidate; protected $CASServerCNValidate;
protected $noCASServerValidation; protected $noCASServerValidation;
...@@ -76,6 +77,7 @@ class CASLogout extends ControllerBase ...@@ -76,6 +77,7 @@ class CASLogout extends ControllerBase
$this->serverUri = $CASOSTConfig->serveruri->value === null ? '' : $CASOSTConfig->serveruri->value; $this->serverUri = $CASOSTConfig->serveruri->value === null ? '' : $CASOSTConfig->serveruri->value;
$this->redirectUrl = $CASOSTConfig->redirecturl->value; $this->redirectUrl = $CASOSTConfig->redirecturl->value;
$this->changeSessionId = $CASOSTConfig->changesessionid->value; $this->changeSessionId = $CASOSTConfig->changesessionid->value;
$this->logoutRedirectUrl = $CASOSTConfig->logoutredirecturl->value;
$this->CASServerCACert = $CASOSTConfig->casservercacert->value; $this->CASServerCACert = $CASOSTConfig->casservercacert->value;
$this->CASServerCNValidate = $CASOSTConfig->casservercnvalidate->value; $this->CASServerCNValidate = $CASOSTConfig->casservercnvalidate->value;
$this->noCASServerValidation = $CASOSTConfig->nocasservervalidation->value; $this->noCASServerValidation = $CASOSTConfig->nocasservervalidation->value;
...@@ -96,11 +98,13 @@ class CASLogout extends ControllerBase ...@@ -96,11 +98,13 @@ class CASLogout extends ControllerBase
// phpCAS::setVerbose(true); // phpCAS::setVerbose(true);
// Initialize phpCAS // Initialize phpCAS
phpCAS::client($this->serverVersion, phpCAS::client(
$this->serverVersion,
$this->serverHostname, $this->serverHostname,
intval($this->serverPort), intval($this->serverPort),
$this->serverUri, $this->serverUri,
boolval($this->changeSessionId)); boolval($this->changeSessionId)
);
$authToken = $request->headers->get('PHP_AUTH_USER'); $authToken = $request->headers->get('PHP_AUTH_USER');
$users = $this->entityTypeManager->getStorage('user')->loadByProperties(array('name' => $authToken)); $users = $this->entityTypeManager->getStorage('user')->loadByProperties(array('name' => $authToken));
...@@ -109,32 +113,22 @@ class CASLogout extends ControllerBase ...@@ -109,32 +113,22 @@ class CASLogout extends ControllerBase
if (!$user) { if (!$user) {
return $this->redirectForbidden($configRowName, '7002'); return $this->redirectForbidden($configRowName, '7002');
} }
// phpCAS::handleLogoutRequests();
// phpCAS::logoutWithRedirectService('http://eduslim2.minedu.gov.gr/dist/#/school');
// session_unset();
// session_destroy();
$user->setPassword(uniqid('pw')); $user->setPassword(uniqid('pw'));
$user->save(); $user->save();
$response = new Response(); $response = new Response();
$response->setContent('logout successful'); $response->setContent("{\"message\": \"Server logout successful\",\"next\": \"{$this->logoutRedirectUrl}\"}");
$response->setStatusCode(Response::HTTP_OK); $response->setStatusCode(Response::HTTP_OK);
$response->headers->set('Content-Type', 'application/json'); $response->headers->set('Content-Type', 'application/json');
// phpCAS::logout(array('url'=>$this->redirectUrl)); session_unset();
// phpCAS::logout(); session_destroy();
session_unset();
session_destroy();
\Drupal::service('page_cache_kill_switch')->trigger(); \Drupal::service('page_cache_kill_switch')->trigger();
// phpCAS::logoutWithRedirectServiceAndUrl('https://sso-test.sch.gr/logout',''); // phpCAS::logout(array('service' => 'http://eduslim2.minedu.gov.gr/dist/#/school'));
// header('Location: '.'https://sso-test.sch.gr/login?service=https%3A%2F%2Feduslim2.minedu.gov.gr%2Fdrupal%2Fcas%2Flogin%3Fconfig%3D2'); // phpCAS::logoutWithRedirectService('http://eduslim2.minedu.gov.gr/dist/#/school');
// header('Location: https://sso-test.sch.gr/logout'); // phpCAS::handleLogoutRequests();
// exit(0);
// return new RedirectResponseWithCookieExt("https://sso-test.sch.gr/logout", 302, []); session_start();
return $response; return $response;
} catch (\Exception $e) { } catch (\Exception $e) {
$this->logger->warning($e->getMessage()); $this->logger->warning($e->getMessage());
......
...@@ -83,13 +83,22 @@ export default class HeaderComponent implements OnInit, OnDestroy { ...@@ -83,13 +83,22 @@ export default class HeaderComponent implements OnInit, OnDestroy {
this._hds.signOut().then(data => { this._hds.signOut().then(data => {
this._ata.initLoginInfo(); this._ata.initLoginInfo();
if (this.authRole === SCHOOL_ROLE) { if (this.authRole === SCHOOL_ROLE) {
this.router.navigate(['/school']); // this.router.navigate(['/school']);
this.authToken = '';
this.authRole = '';
window.location.assign((<any> data).next);
} }
else if (this.authRole === PDE_ROLE) { else if (this.authRole === PDE_ROLE) {
this.router.navigate(['/school']); // this.router.navigate(['/school']);
this.authToken = '';
this.authRole = '';
window.location.assign((<any> data).next);
} }
else if (this.authRole === DIDE_ROLE) { else if (this.authRole === DIDE_ROLE) {
this.router.navigate(['/school']); // this.router.navigate(['/school']);
this.authToken = '';
this.authRole = '';
window.location.assign((<any> data).next);
} }
else if (this.authRole === STUDENT_ROLE) { else if (this.authRole === STUDENT_ROLE) {
this._eca.initEpalClasses(); this._eca.initEpalClasses();
......
...@@ -414,7 +414,7 @@ export class HelperDataService implements OnInit, OnDestroy { ...@@ -414,7 +414,7 @@ export class HelperDataService implements OnInit, OnDestroy {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
this.http.post(`${AppSettings.API_ENDPOINT}${logoutRoute}${AppSettings.API_ENDPOINT_PARAMS}`, {}, options) this.http.post(`${AppSettings.API_ENDPOINT}${logoutRoute}${AppSettings.API_ENDPOINT_PARAMS}`, {}, options)
.map(response => response) .map(response => response.json())
.subscribe(data => { .subscribe(data => {
this._cookieService.removeAll(); this._cookieService.removeAll();
window.onbeforeunload = function () {console.log("unloading")}; window.onbeforeunload = function () {console.log("unloading")};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment