Fix login redirects; fix logout problems; add new casost_config parameter

parent 7e658bc2
......@@ -99,15 +99,13 @@ class CASLogin extends ControllerBase
// Enable verbose error messages. Disable in production!
//phpCAS::setVerbose(true);
phpCAS::client($this->serverVersion,
phpCAS::client(
$this->serverVersion,
$this->serverHostname,
intval($this->serverPort),
$this->serverUri,
boolval($this->changeSessionId));
// \phpCAS::setServerLoginURL('http://sso-test.sch.gr/login');
// \phpCAS::setServerServiceValidateURL('http://sso-test.sch.gr/cas/samlValidate');
boolval($this->changeSessionId)
);
if ($this->CASServerCACert) {
if ($this->CASServerCNValidate) {
......@@ -124,12 +122,9 @@ class CASLogin extends ControllerBase
return $this->redirectForbidden($configRowName, '5001');
}
$attributes = phpCAS::getAttributes();
/* foreach ($attributes as $attr_key => $attr_value) {
$this->logger->warning($attr_key);
$this->logger->warning(phpCAS::getAttribute($attr_key));
} */
/* $isAllowed = true;
/*
$isAllowed = true;
$att1 = $attributes[$this->allowed1];
$att2 = $attributes[$this->allowed2];
if (!isset($att1) || !isset($att2)) {
......@@ -155,15 +150,17 @@ class CASLogin extends ControllerBase
}
if (!$found1 || !$found2) {
$isAllowed = false;
} */
}
/* if (!$isAllowed) {
if (!$isAllowed) {
$response = new Response();
$response->setContent(t('Access is allowed only to official school accounts'));
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json;charset=UTF-8');
return $response;
} */
}
*/
$CASUser = phpCAS::getUser();
$this->logger->warning($CASUser);
......@@ -179,14 +176,15 @@ class CASLogin extends ControllerBase
$physicaldeliveryofficename = $filterAttribute("physicaldeliveryofficename");
/****** the following is for production ***************************/
/* if (!$umdobject || $umdobject !== "Account") {
/****** the following is for production : Χρήση μόνο από ΕΠΙΣΗΜΟΥΣ ΛΟΓΑΡΙΑΣΜΟΥΣ ***************************/
/*
if (!$umdobject || $umdobject !== "Account") {
return $this->redirectForbidden($configRowName, '5002');
}
if (!$physicaldeliveryofficename || preg_replace('/\s+/', '', $physicaldeliveryofficename) !== 'ΕΠΙΣΗΜΟΣΛΟΓΑΡΙΑΣΜΟΣ') {
return $this->redirectForbidden($configRowName, '5003');
} */
}
*/
phpCAS::trace($umdobject);
phpCAS::trace($physicaldeliveryofficename);
......@@ -198,20 +196,14 @@ class CASLogin extends ControllerBase
return $this->redirectForbidden($configRowName, '5004');
}
// $this->logger->warning('redirecturl=' . $this->redirectUrl);
$epalToken = $this->authenticatePhase2($request, $CASUser, $userAssigned, $filterAttribute('cn'));
if ($epalToken) {
if ('casost_sch_sso_config' === $configRowName) {
/* $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false); */
return new RedirectResponse($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
} else {
\Drupal::service('page_cache_kill_switch')->trigger();
return new RedirectResponseWithCookieExt($this->redirectUrl . $epalToken.'&auth_role=' . $userAssigned["exposedRole"], 302, []);
}
// $headers = array("auth_token" => $epalToken, "auth_role" => "director");
// return new RedirectResponse($this->redirectUrl, 302, $headers);
} else {
return $this->redirectForbidden($configRowName, '5005');
}
......
......@@ -20,6 +20,7 @@ class CASLogout extends ControllerBase
protected $serverPort;
protected $serverUri;
protected $changeSessionId;
protected $logoutRedirectUrl;
protected $CASServerCACert;
protected $CASServerCNValidate;
protected $noCASServerValidation;
......@@ -76,6 +77,7 @@ class CASLogout extends ControllerBase
$this->serverUri = $CASOSTConfig->serveruri->value === null ? '' : $CASOSTConfig->serveruri->value;
$this->redirectUrl = $CASOSTConfig->redirecturl->value;
$this->changeSessionId = $CASOSTConfig->changesessionid->value;
$this->logoutRedirectUrl = $CASOSTConfig->logoutredirecturl->value;
$this->CASServerCACert = $CASOSTConfig->casservercacert->value;
$this->CASServerCNValidate = $CASOSTConfig->casservercnvalidate->value;
$this->noCASServerValidation = $CASOSTConfig->nocasservervalidation->value;
......@@ -96,11 +98,13 @@ class CASLogout extends ControllerBase
// phpCAS::setVerbose(true);
// Initialize phpCAS
phpCAS::client($this->serverVersion,
phpCAS::client(
$this->serverVersion,
$this->serverHostname,
intval($this->serverPort),
$this->serverUri,
boolval($this->changeSessionId));
boolval($this->changeSessionId)
);
$authToken = $request->headers->get('PHP_AUTH_USER');
$users = $this->entityTypeManager->getStorage('user')->loadByProperties(array('name' => $authToken));
......@@ -109,32 +113,22 @@ class CASLogout extends ControllerBase
if (!$user) {
return $this->redirectForbidden($configRowName, '7002');
}
// phpCAS::handleLogoutRequests();
// phpCAS::logoutWithRedirectService('http://eduslim2.minedu.gov.gr/dist/#/school');
// session_unset();
// session_destroy();
$user->setPassword(uniqid('pw'));
$user->save();
$response = new Response();
$response->setContent('logout successful');
$response->setContent("{\"message\": \"Server logout successful\",\"next\": \"{$this->logoutRedirectUrl}\"}");
$response->setStatusCode(Response::HTTP_OK);
$response->headers->set('Content-Type', 'application/json');
// phpCAS::logout(array('url'=>$this->redirectUrl));
// phpCAS::logout();
session_unset();
session_destroy();
\Drupal::service('page_cache_kill_switch')->trigger();
// phpCAS::logoutWithRedirectServiceAndUrl('https://sso-test.sch.gr/logout','');
// header('Location: '.'https://sso-test.sch.gr/login?service=https%3A%2F%2Feduslim2.minedu.gov.gr%2Fdrupal%2Fcas%2Flogin%3Fconfig%3D2');
// header('Location: https://sso-test.sch.gr/logout');
// exit(0);
// return new RedirectResponseWithCookieExt("https://sso-test.sch.gr/logout", 302, []);
// phpCAS::logout(array('service' => 'http://eduslim2.minedu.gov.gr/dist/#/school'));
// phpCAS::logoutWithRedirectService('http://eduslim2.minedu.gov.gr/dist/#/school');
// phpCAS::handleLogoutRequests();
session_start();
return $response;
} catch (\Exception $e) {
$this->logger->warning($e->getMessage());
......
......@@ -201,11 +201,11 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -4,
'weight' => -100,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -4,
'weight' => -100,
))
->setDisplayConfigurable('form', true)
->setDisplayConfigurable('view', true);
......@@ -313,7 +313,39 @@ class CASOSTConfig extends ContentEntityBase implements CASOSTConfigInterface
$fields['changesessionid'] = BaseFieldDefinition::create('boolean')
->setLabel(t('Change Session Id'))
->setDescription(t('A boolean indicating whether we change session id.'))
->setDefaultValue(false);
->setDefaultValue(true)
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -5,
))
->setDisplayOptions('form', array(
'type' => 'boolean_checkbox',
'settings' => array('display_label' => true),
'weight' => -5,
))
->setDisplayConfigurable('form', true)
->setDisplayConfigurable('view', true);
$fields['logoutredirecturl'] = BaseFieldDefinition::create('string')
->setLabel(t('Logout Redirect Url'))
->setDescription(t('Logout Redirect Url used by the client application after drupal logout.'))
->setSettings(array(
'max_length' => 500,
'text_processing' => 0,
))
->setDefaultValue('https://sso-test.sch.gr/logout?service=https%3A%2F%2Fe-epal.minedu.gov.gr%2F%23%2Fschool')
->setDisplayOptions('view', array(
'label' => 'above',
'type' => 'string',
'weight' => -5,
))
->setDisplayOptions('form', array(
'type' => 'string_textfield',
'weight' => -5,
))
->setDisplayConfigurable('form', true)
->setDisplayConfigurable('view', true);
$fields['casservercacert'] = BaseFieldDefinition::create('string')
->setLabel(t('CAS Server CaCert'))
......
......@@ -83,13 +83,22 @@ export default class HeaderComponent implements OnInit, OnDestroy {
this._hds.signOut().then(data => {
this._ata.initLoginInfo();
if (this.authRole === SCHOOL_ROLE) {
this.router.navigate(['/school']);
// this.router.navigate(['/school']);
this.authToken = '';
this.authRole = '';
window.location.assign((<any> data).next);
}
else if (this.authRole === PDE_ROLE) {
this.router.navigate(['/school']);
// this.router.navigate(['/school']);
this.authToken = '';
this.authRole = '';
window.location.assign((<any> data).next);
}
else if (this.authRole === DIDE_ROLE) {
this.router.navigate(['/school']);
// this.router.navigate(['/school']);
this.authToken = '';
this.authRole = '';
window.location.assign((<any> data).next);
}
else if (this.authRole === STUDENT_ROLE) {
this._eca.initEpalClasses();
......
......@@ -414,7 +414,7 @@ export class HelperDataService implements OnInit, OnDestroy {
return new Promise((resolve, reject) => {
this.http.post(`${AppSettings.API_ENDPOINT}${logoutRoute}${AppSettings.API_ENDPOINT_PARAMS}`, {}, options)
.map(response => response)
.map(response => response.json())
.subscribe(data => {
this._cookieService.removeAll();
window.onbeforeunload = function () {console.log("unloading")};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment