├── SensioCasBundle.php
├── Service
    ├── Response
    │   ├── ResponseInterface.php
    │   ├── Response.php
    │   ├── V1Response.php
    │   └── V2Response.php
    ├── Protocol
    │   ├── ProtocolInterface.php
    │   ├── V1Protocol.php
    │   ├── V2Protocol.php
    │   └── Protocol.php
    ├── Request
    │   ├── RequestInterface.php
    │   ├── FileRequest.php
    │   ├── HttpRequest.php
    │   ├── Request.php
    │   └── CurlRequest.php
    └── Cas.php
├── Resources
    ├── views
    │   └── Tests
    │   │   ├── validationErrorV2.twig
    │   │   └── validationSuccessV2.twig
    ├── config
    │   ├── Tests
    │   │   ├── config.yml
    │   │   └── routing.yml
    │   ├── security_factories.xml
    │   └── cas.xml
    └── doc
    │   └── index.rst
├── README.md
├── Tests
    ├── BasicTests.php
    ├── ValidationTests.php
    └── Controller
    │   └── CasBundleTestsController.php
├── Security
    ├── CasLogoutHandler.php
    ├── CasAuthenticationToken.php
    ├── CasAuthenticationEntryPoint.php
    ├── CasAuthenticationProvider.php
    ├── CasAuthenticationFactory.php
    └── CasAuthenticationListener.php
└── DependencyInjection
    ├── Configuration.php
    └── SensioCasExtension.php


/SensioCasBundle.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle;
 4 | 
 5 | use Symfony\Component\HttpKernel\Bundle\Bundle;
 6 | 
 7 | class SensioCasBundle extends Bundle
 8 | {
 9 | }
10 | 


--------------------------------------------------------------------------------
/Service/Response/ResponseInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Response;
 4 | 
 5 | interface ResponseInterface
 6 | {
 7 |     function isSuccess();
 8 |     function getUsername();
 9 |     function getAttributes();
10 | }


--------------------------------------------------------------------------------
/Resources/views/Tests/validationErrorV2.twig:
--------------------------------------------------------------------------------
1 | <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
2 |     <cas:authenticationFailure code="code">
3 |         Authentication failure message
4 |     </cas:authenticationFailure>
5 | </cas:serviceResponse>


--------------------------------------------------------------------------------
/Service/Protocol/ProtocolInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Protocol;
 4 | 
 5 | interface ProtocolInterface
 6 | {
 7 |     function getLoginUri($service);
 8 |     function getLogoutUri($service);
 9 |     function getValidationUri($service, $ticket);
10 | }


--------------------------------------------------------------------------------
/Resources/views/Tests/validationSuccessV2.twig:
--------------------------------------------------------------------------------
1 | <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
2 |     <cas:authenticationSuccess>
3 |         <cas:user>user-id</cas:user>
4 |         <cas:proxyGrantingTicket>granting-ticket</cas:proxyGrantingTicket>
5 |     </cas:authenticationSuccess>
6 | </cas:serviceResponse>


--------------------------------------------------------------------------------
/Service/Request/RequestInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Request;
 4 | 
 5 | use Sensio\CasBundle\Service\Response\ResponseInterface;
 6 | 
 7 | interface RequestInterface
 8 | {
 9 |     function __construct($uri);
10 |     function setHeaders(array $headers = array());
11 |     function setCookies(array $cookies = array());
12 |     function setCertFile($file = null);
13 |     function send(ResponseInterface $response);
14 |     function getResponse();
15 | }


--------------------------------------------------------------------------------
/Service/Protocol/V1Protocol.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Protocol;
 4 | 
 5 | use Sensio\CasBundle\Service\Protocol\Protocol;
 6 | use Sensio\CasBundle\Service\Protocol\ProtocolInterface;
 7 | 
 8 | class V1Protocol extends Protocol implements ProtocolInterface
 9 | {
10 |     public function getValidationUri($service, $ticket)
11 |     {
12 |         return $this->buildUri('validate', array(
13 |             'service' => $this->cleanUri($service),
14 |             'ticket' => $ticket,
15 |         ));
16 |     }
17 | }


--------------------------------------------------------------------------------
/Service/Protocol/V2Protocol.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Protocol;
 4 | 
 5 | use Sensio\CasBundle\Service\Protocol\Protocol;
 6 | use Sensio\CasBundle\Service\Protocol\ProtocolInterface;
 7 | 
 8 | class V2Protocol extends Protocol implements ProtocolInterface
 9 | {
10 |     public function getValidationUri($service, $ticket)
11 |     {
12 |         return $this->buildUri('serviceValidate', array(
13 |             'service' => $this->cleanUri($service),
14 |             'ticket' => $ticket,
15 |         ));
16 |     }
17 | }


--------------------------------------------------------------------------------
/Resources/config/Tests/config.yml:
--------------------------------------------------------------------------------
 1 | security.config:
 2 |     providers:
 3 |         provider:
 4 |             users:   { user-id: { roles: ROLE_USER } }
 5 |     firewalls:
 6 |         firewall:
 7 |             pattern: /cas/protected
 8 |             cas:     { provider: provider }
 9 |     template:        %kernel.root_dir%/../src/Bundle/Sensio/CasBundle/Resources/config/security_factories.xml
10 | 
11 | cas.config:
12 |     uri:             http://sandbox.dev/cas/server
13 |     version:         2
14 |     cert:            ~
15 |     request:         file
16 | 


--------------------------------------------------------------------------------
/Service/Request/FileRequest.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Request;
 4 | 
 5 | use Sensio\CasBundle\Service\Request\RequestInterface;
 6 | use Sensio\CasBundle\Service\Request\Request;
 7 | use Sensio\CasBundle\Service\Response\ResponseInterface;
 8 | 
 9 | class FileRequest extends Request implements RequestInterface
10 | {
11 |     public function send(ResponseInterface $response)
12 |     {
13 |         $this->response = $response;
14 |         $this->response->setBody(file_get_contents($this->uri));
15 | 
16 |         return $this;
17 |     }
18 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | Adds the CAS authentication to Symfony 2
 2 | ========================================
 3 | 
 4 | DEPRECATED, use https://github.com/BeSimple/BeSimpleSsoAuthBundle instead.
 5 | 
 6 | Read about it on its [official documentation](https://github.com/sensio/CasBundle/blob/master/Resources/doc/index.rst).
 7 | 
 8 | -  [More information about CAS (Central Authentication Service)](http://www.jasig.org/cas).
 9 | -  Unlike [SimpleCasBundle](https://github.com/jmikola/SimpleCASBundle), it's based on the Symfony2 security component.
10 | -  Proxy features are not yet available.
11 | 


--------------------------------------------------------------------------------
/Resources/config/Tests/routing.yml:
--------------------------------------------------------------------------------
 1 | cas_service:
 2 |     pattern:  /cas/service
 3 |     defaults: { _controller: Sensio/CasBundle/Tests:CasBundleTests:service }
 4 |     
 5 | cas_protected:
 6 |     pattern:  /cas/protected
 7 |     defaults: { _controller: Sensio/CasBundle/Tests:CasBundleTests:protected }
 8 | 
 9 | cas_validate_v1:
10 |     pattern:  /cas/server/validate
11 |     defaults: { _controller: Sensio/CasBundle/Tests:CasBundleTests:validateV1 }
12 | 
13 | cas_validate_v2:
14 |     pattern:  /cas/server/serviceValidate
15 |     defaults: { _controller: Sensio/CasBundle/Tests:CasBundleTests:validateV2 }


--------------------------------------------------------------------------------
/Tests/BasicTests.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Tests\CasBundle;
 4 | 
 5 | use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
 6 | 
 7 | class BasicTest extends WebTestCase
 8 | {
 9 |     public function testService()
10 |     {
11 |         $client = self::createClient();
12 |         $crawler = $client->request('GET', '/cas/service');
13 |         $this->assertEquals('Sensio\\CasBundle\\Service\\Cas', $crawler->text());
14 |     }
15 | 
16 |     public function testProtected()
17 |     {
18 |         $client = self::createClient();
19 |         $crawler = $client->request('GET', '/cas/protected');
20 |         $this->assertTrue($client->getResponse()->isRedirection());
21 |     }
22 | }


--------------------------------------------------------------------------------
/Tests/ValidationTests.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Tests\CasBundle;
 4 | 
 5 | use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
 6 | 
 7 | class ValidationTest extends WebTestCase
 8 | {
 9 |     public function testSuccess()
10 |     {
11 |         $client = self::createClient();
12 |         $crawler = $client->request('GET', '/cas/protected?ticket=success');
13 |         $this->assertEquals('access granted', $crawler->text());
14 |     }
15 | 
16 |     public function testError()
17 |     {
18 |         $client = self::createClient();
19 |         $crawler = $client->request('GET', '/cas/protected?ticket=error');
20 |         $this->assertTrue($client->getResponse()->isRedirection());
21 |     }
22 | }


--------------------------------------------------------------------------------
/Security/CasLogoutHandler.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Security;
 4 | 
 5 | use Symfony\Component\HttpKernel\Security\Logout\LogoutHandlerInterface;
 6 | use Symfony\Component\Security\Authentication\Token\TokenInterface;
 7 | use Symfony\Component\HttpFoundation\Response;
 8 | use Symfony\Component\HttpFoundation\Request;
 9 | use Sensio\CasBundle\Service\Cas;
10 | 
11 | class CasLogoutHandler implements LogoutHandlerInterface
12 | {
13 |     protected $cas;
14 | 
15 |     public function __construct(Cas $cas)
16 |     {
17 |         $this->cas = $cas;
18 |     }
19 | 
20 |     public function logout(Request $request, Response $response, TokenInterface $token)
21 |     {
22 |         return $this->cas->getLogoutResponse($request);
23 |     }
24 | }


--------------------------------------------------------------------------------
/Resources/config/security_factories.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" ?>
 2 | 
 3 | <container xmlns="http://symfony.com/schema/dic/services"
 4 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 5 |     xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
 6 |     <parameters>
 7 | 
 8 |         <parameter key="security.authentication.factory.cas.class">Sensio\CasBundle\Security\CasAuthenticationFactory</parameter>
 9 | 
10 |     </parameters>
11 |     <services>
12 | 
13 |         <service id="security.authentication.factory.cas" class="%security.authentication.factory.cas.class%">
14 |             <tag name="security.listener.factory" />
15 |         </service>
16 | 
17 |     </services>
18 | </container>


--------------------------------------------------------------------------------
/Security/CasAuthenticationToken.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Security;
 4 | 
 5 | use Symfony\Component\Security\Core\Authentication\Token\AbstractToken;
 6 | 
 7 | class CasAuthenticationToken extends AbstractToken
 8 | {
 9 |     protected $casAttributes;
10 | 
11 |     public function __construct($user, array $attributes = array(), array $roles = array())
12 |     {
13 |         parent::__construct($roles);
14 | 
15 |         $this->setUser($user);
16 |         $this->casAttributes = $attributes;
17 | 
18 |         parent::setAuthenticated(true);
19 |     }
20 | 
21 |     public function getCredentials()
22 |     {
23 |         return '';
24 |     }
25 | 
26 |     public function getCasAttributes()
27 |     {
28 |         return $this->casAttributes;
29 |     }
30 | }


--------------------------------------------------------------------------------
/Security/CasAuthenticationEntryPoint.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Security;
 4 | 
 5 | use Sensio\CasBundle\Service\Cas;
 6 | use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
 7 | use Symfony\Component\Security\Core\Exception\AuthenticationException;
 8 | use Symfony\Component\HttpFoundation\Request;
 9 | use Sensio\CasBundle\Service\Client;
10 | 
11 | class CasAuthenticationEntryPoint implements AuthenticationEntryPointInterface
12 | {
13 |     protected $cas;
14 | 
15 |     public function __construct(Cas $cas)
16 |     {
17 |         $this->cas = $cas;
18 |     }
19 | 
20 |     public function start(Request $request, AuthenticationException $authException = null)
21 |     {
22 |         return $this->cas->getLoginResponse($request);
23 |     }
24 | }


--------------------------------------------------------------------------------
/Service/Request/HttpRequest.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Request;
 4 | 
 5 | use Sensio\CasBundle\Service\Request\RequestInterface;
 6 | use Sensio\CasBundle\Service\Request\Request;
 7 | use Sensio\CasBundle\Service\Response\ResponseInterface;
 8 | 
 9 | class HttpRequest extends Request implements RequestInterface
10 | {
11 |     public function send(ResponseInterface $response)
12 |     {
13 |         $request = new \HttpRequest($this->uri);
14 |         $request->setHeaders($this->headers);
15 |         $request->setCookies($this->cookies);
16 |         $request->setSslOptions(array('CERT' => $this->certFile));
17 |         $request->send();
18 | 
19 |         $this->response = $response;
20 |         $this->response->setHeaders($request->getResponseHeader());
21 |         $this->response->setBody($request->getResponseBody());
22 | 
23 |         return $this;
24 |     }
25 | }


--------------------------------------------------------------------------------
/Service/Response/Response.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Response;
 4 | 
 5 | abstract class Response
 6 | {
 7 |     protected
 8 |         $headers = array(),
 9 |         $success,
10 |         $username,
11 |         $attributes = array(),
12 |         $failureMessage;
13 | 
14 |     public function setHeaders(array $headers)
15 |     {
16 |         $this->headers = $headers;
17 | 
18 |         return $this;
19 |     }
20 | 
21 |     public function addHeader($header)
22 |     {
23 |         $this->headers[] = (string) $header;
24 |     }
25 | 
26 |     public function isSuccess()
27 |     {
28 |         return $this->success;
29 |     }
30 | 
31 |     public function getUsername()
32 |     {
33 |         return $this->username;
34 |     }
35 | 
36 |     public function getAttributes()
37 |     {
38 |         return $this->attributes;
39 |     }
40 | 
41 |     public function getFailureMessage()
42 |     {
43 |         return $this->failureMessage;
44 |     }
45 | }


--------------------------------------------------------------------------------
/Service/Response/V1Response.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Response;
 4 | 
 5 | use Sensio\CasBundle\Service\Response\Response;
 6 | use Sensio\CasBundle\Service\Response\ResponseInterface;
 7 | 
 8 | class V1Response extends Response implements ResponseInterface
 9 | {
10 |     public function setBody($body)
11 |     {
12 |         if ($body === false) {
13 |             $this->failureMessage = 'Request failed';
14 |             $this->success = false;
15 | 
16 |             return $this;
17 |         }
18 | 
19 |         $data = explode("\n", str_replace("\n\n", "\n", str_replace("\r", "\n", $body)));
20 |         $this->success = strtolower($data[0]) === 'yes';
21 | 
22 |         if ($this->success) {
23 |             $this->username = (count($data) > 1 && $data[1]) ? $data[1] : 'Undefined';
24 |         } else {
25 |             $this->failureMessage = (count($data) > 1 && $data[1]) ? $data[1] : 'Unknown error';
26 |         }
27 | 
28 |         return $this;
29 |     }
30 | }


--------------------------------------------------------------------------------
/DependencyInjection/Configuration.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\DependencyInjection;
 4 | 
 5 | use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 6 | use Symfony\Component\Config\Definition\ConfigurationInterface;
 7 | 
 8 | class Configuration implements ConfigurationInterface
 9 | {
10 |     /**
11 |      * Generates the configuration tree.
12 |      *
13 |      * @return TreeBuilder
14 |      */
15 |     public function getConfigTreeBuilder()
16 |     {
17 |         $treeBuilder = new TreeBuilder();
18 | 
19 |         return $treeBuilder
20 |             ->root('sensio_cas')
21 |                 ->children()
22 |                     ->scalarNode('uri')->isRequired()->cannotBeEmpty()->end()
23 |                     ->scalarNode('version')->defaultValue(2)->end()
24 |                     ->scalarNode('cert')->defaultFalse()->end()
25 |                     ->scalarNode('request')->defaultValue('curl')->end()
26 |                 ->end()
27 |             ->end()
28 |         ;
29 |     }
30 | }
31 | 


--------------------------------------------------------------------------------
/Tests/Controller/CasBundleTestsController.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Tests\Controller;
 4 | 
 5 | use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 6 | 
 7 | class CasBundleTestsController extends Controller
 8 | {
 9 |     public function serviceAction()
10 |     {
11 |         return $this->createResponse(get_class($this->get('cas')));
12 |     }
13 | 
14 |     public function protectedAction()
15 |     {
16 |         return $this->createResponse('access granted');
17 |     }
18 | 
19 |     public function validateV1Action()
20 |     {
21 |         return $this->validateAction('V1');
22 |     }
23 | 
24 |     public function validateV2Action()
25 |     {
26 |         return $this->validateAction('V2');
27 |     }
28 | 
29 |     protected function validateAction($version)
30 |     {
31 |         $ticket = $this->get('request')->query->get('ticket');
32 |         $template = 'validation'.($ticket == 'success' ? 'Success' : 'Error').$version.'.twig';
33 |         return $this->render('Sensio/CasBundle:Tests:'.$template);
34 |     }
35 | }


--------------------------------------------------------------------------------
/Service/Request/Request.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Request;
 4 | 
 5 | abstract class Request
 6 | {
 7 |     protected
 8 |         $uri,
 9 |         $headers,
10 |         $cookies,
11 |         $certFile,
12 |         $response;
13 | 
14 |     public function __construct($uri)
15 |     {
16 |         $this->uri = $uri;
17 |         $this->headers = array();
18 |         $this->cookies = array();
19 |         $this->certFile = null;
20 |         $this->response = null;
21 |     }
22 | 
23 |     public function setHeaders(array $headers = array())
24 |     {
25 |         $this->headers = $headers;
26 | 
27 |         return $this;
28 |     }
29 | 
30 |     public function setCookies(array $cookies = array())
31 |     {
32 |         $this->cookies = $cookies;
33 | 
34 |         return $this;
35 |     }
36 | 
37 |     public function setCertFile($certFile = null)
38 |     {
39 |         $this->certFile = $certFile;
40 | 
41 |         return $this;
42 |     }
43 | 
44 |     public function getResponse()
45 |     {
46 |         return $this->response;
47 |     }
48 | }


--------------------------------------------------------------------------------
/DependencyInjection/SensioCasExtension.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\DependencyInjection;
 4 | 
 5 | use Symfony\Component\DependencyInjection\ContainerBuilder;
 6 | use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;
 7 | use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 8 | use Symfony\Component\Config\FileLocator;
 9 | use Symfony\Component\Config\Definition\Processor;
10 | 
11 | class SensioCasExtension extends Extension
12 | {
13 |     public function load(array $configs, ContainerBuilder $container)
14 |     {
15 |         $processor = new Processor();
16 |         $configuration = new Configuration();
17 | 
18 |         // add configuration
19 |         $config = $processor->processConfiguration($configuration, $configs);
20 | 
21 |         foreach ($config as $key => $value) {
22 |             $container->setParameter('sensio_cas.'.$key, $value);
23 |         }
24 | 
25 |         // load service
26 |         $loader = new XmlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
27 |         $loader->load('cas.xml');
28 |     }
29 | }
30 | 


--------------------------------------------------------------------------------
/Service/Protocol/Protocol.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Protocol;
 4 | 
 5 | abstract class Protocol
 6 | {
 7 |     protected $baseUri;
 8 | 
 9 |     public function __construct($baseUri)
10 |     {
11 |         $this->baseUri = $baseUri;
12 |     }
13 | 
14 |     public function getLoginUri($service)
15 |     {
16 |         return $this->buildUri('login', array(
17 |             'service' => $this->cleanUri($service),
18 |         ));
19 |     }
20 | 
21 |     public function getLogoutUri($service)
22 |     {
23 |         return $this->buildUri('logout', array(
24 |             'service' => $this->cleanUri($service),
25 |         ));
26 |     }
27 | 
28 |     protected function cleanUri($uri)
29 |     {
30 |         $replacements = array(
31 |             '/\?logout/'        => '',
32 |             '/&ticket=[^&]*/'   => '',
33 |             '/\?ticket=[^&;]*/' => '?',
34 |             '/\?%26/'           => '?',
35 |             '/\?&/'             => '?',
36 |             '/\?$/'             => ''
37 |         );
38 | 
39 |         return preg_replace(array_keys($replacements), array_values($replacements), $uri);
40 |     }
41 | 
42 |     protected function buildUri($action, array $parameters = array())
43 |     {
44 |         $query = array();
45 | 
46 |         foreach($parameters as $key => $value) {
47 |             if($value === true) {
48 |                 $query[] = $key.'=true';
49 |             } elseif($value) {
50 |                 $query[] = $key.'='.urlencode($value);
51 |             }
52 |         }
53 | 
54 |         return $this->baseUri.'/'.$action.(count($query) ? '?'.implode('&', $query) : '');
55 |     }
56 | }


--------------------------------------------------------------------------------
/Service/Request/CurlRequest.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Request;
 4 | 
 5 | use Sensio\CasBundle\Service\Request\RequestInterface;
 6 | use Sensio\CasBundle\Service\Request\Request;
 7 | use Sensio\CasBundle\Service\Response\ResponseInterface;
 8 | 
 9 | class CurlRequest extends Request implements RequestInterface
10 | {
11 |     public function send(ResponseInterface $response)
12 |     {
13 |         $this->response = $response;
14 |         $request = curl_init($this->uri);
15 | 
16 |         $options = array(
17 |             CURLOPT_RETURNTRANSFER => 1,
18 |             CURLOPT_HEADERFUNCTION => array($this, 'addResponseHeader'),
19 |             CURLOPT_HTTPHEADER => $this->headers,
20 |         );
21 | 
22 |         if (count($this->cookies)) {
23 |             $options[CURLOPT_COOKIE] = implode(';', $this->cookies);
24 |         }
25 | 
26 |         curl_setopt_array($request, $options);
27 | 
28 |         if ($this->certFile) {
29 |             $sslOptions = array(
30 |                 CURLOPT_SSL_VERIFYHOST => 1,
31 |                 CURLOPT_SSL_VERIFYPEER => 1,
32 |                 CURLOPT_CAINFO => $this->certFile,
33 |             );
34 |         } else {
35 |             $sslOptions = array(
36 |                 CURLOPT_SSL_VERIFYPEER => 0,
37 |             );
38 |         }
39 | 
40 |         curl_setopt_array($request, $sslOptions);
41 | 
42 |         $this->response->setBody(curl_exec($request));
43 |         curl_close($request);
44 | 
45 |         return $this;
46 |     }
47 | 
48 |     public function addResponseHeader($request, $header)
49 |     {
50 |         $this->response->addHeader($header);
51 | 
52 |         return strlen($header);
53 |     }
54 | }


--------------------------------------------------------------------------------
/Resources/config/cas.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" ?>
 2 | 
 3 | <container xmlns="http://symfony.com/schema/dic/services"
 4 |     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 5 |     xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
 6 |     <parameters>
 7 | 
 8 |         <parameter key="sensio_cas.class">Sensio\CasBundle\Service\Cas</parameter>
 9 |         <parameter key="security.authentication.cas_entry_point.class">Sensio\CasBundle\Security\CasAuthenticationEntryPoint</parameter>
10 |         <parameter key="security.authentication.listener.cas.class">Sensio\CasBundle\Security\CasAuthenticationListener</parameter>
11 |         <parameter key="security.authentication.provider.cas.class">Sensio\CasBundle\Security\CasAuthenticationProvider</parameter>
12 |         <parameter key="security.logout.handler.cas.class">Sensio\CasBundle\Security\CasLogoutHandler</parameter>
13 | 
14 |     </parameters>
15 |     <services>
16 | 
17 |         <service id="sensio_cas" class="%sensio_cas.class%">
18 |             <argument>%sensio_cas.uri%</argument>
19 |             <argument>%sensio_cas.version%</argument>
20 |             <argument>%sensio_cas.cert%</argument>
21 |             <argument>%sensio_cas.request%</argument>
22 |         </service>
23 | 
24 |         <service id="security.authentication.cas_entry_point" class="%security.authentication.cas_entry_point.class%">
25 |             <argument type="service" id="sensio_cas" />
26 |         </service>
27 | 
28 |         <service id="security.logout.handler.cas" class="%security.logout.handler.cas.class%">
29 |             <argument type="service" id="sensio_cas" />
30 |         </service>
31 | 
32 |     </services>
33 | </container>
34 | 


--------------------------------------------------------------------------------
/Security/CasAuthenticationProvider.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Security;
 4 | 
 5 | use Symfony\Component\Security\Core\User\UserProviderInterface;
 6 | use Symfony\Component\Security\Core\User\UserCheckerInterface;
 7 | use Symfony\Component\Security\Core\Authentication\Token\Token;
 8 | use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 9 | use Symfony\Component\Security\Core\Authentication\Provider\PreAuthenticatedAuthenticationProvider;
10 | use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
11 | use Sensio\CasBundle\Security\CasAuthenticationToken;
12 | 
13 | class CasAuthenticationProvider implements AuthenticationProviderInterface
14 | {
15 |     protected $userProvider;
16 |     protected $userChecker;
17 | 
18 |     public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker)
19 |     {
20 |         $this->userProvider = $userProvider;
21 |         $this->userChecker = $userChecker;
22 |     }
23 | 
24 |     public function authenticate(TokenInterface $token)
25 |     {
26 |         if (!$this->supports($token)) {
27 |             return null;
28 |         }
29 | 
30 |         if (!$user = $token->getUser()) {
31 |             throw new BadCredentialsException('No pre-authenticated principal found in request.');
32 |         }
33 | 
34 |         $user = $this->userProvider->loadUserByUsername($user);
35 |         $this->userChecker->checkPostAuth($user);
36 | 
37 |         $authenticatedToken = new CasAuthenticationToken($user, $token->getCasAttributes(), $user->getRoles());
38 |         $authenticatedToken->setAttributes($token->getAttributes());
39 | 
40 |         return $authenticatedToken;
41 |     }
42 | 
43 |     public function supports(TokenInterface $token)
44 |     {
45 |         return $token instanceof CasAuthenticationToken;
46 |     }
47 | }


--------------------------------------------------------------------------------
/Security/CasAuthenticationFactory.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Security;
 4 | 
 5 | use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 6 | use Symfony\Component\Config\Definition\Builder\NodeDefinition;
 7 | use Symfony\Component\DependencyInjection\ContainerBuilder;
 8 | use Symfony\Component\DependencyInjection\Reference;
 9 | use Symfony\Component\DependencyInjection\Definition;
10 | 
11 | class CasAuthenticationFactory implements SecurityFactoryInterface
12 | {
13 |     public function create(ContainerBuilder $container, $id, $config, $userProvider, $defaultEntryPoint)
14 |     {
15 |         $provider = 'security.authentication.provider.cas.'.$id;
16 |         $container
17 |             ->register($provider, '%security.authentication.provider.cas.class%')
18 |             ->setArguments(array(new Reference($userProvider), new Reference('security.account_checker')))
19 |         ;
20 | 
21 |         $listener = new Definition(
22 |             '%security.authentication.listener.cas.class%',
23 |             array(
24 |                 new Reference('security.context'),
25 |                 new Reference('security.authentication.manager'),
26 |                 new Reference('sensio_cas'),
27 |                 new Reference('logger', ContainerBuilder::IGNORE_ON_INVALID_REFERENCE),
28 |             )
29 |         );
30 | 
31 |         $listenerId = 'security.authentication.listener.cas.'.$id;
32 |         $container->setDefinition('security.authentication.listener.cas', $listener);
33 |         $container->setAlias($listenerId, 'security.authentication.listener.cas');
34 | 
35 |         return array($provider, $listenerId, 'security.authentication.cas_entry_point');
36 |     }
37 | 
38 |     public function getPosition()
39 |     {
40 |         return 'pre_auth';
41 |     }
42 | 
43 |     public function getKey()
44 |     {
45 |         return 'cas';
46 |     }
47 | 
48 |     public function addConfiguration(NodeDefinition $node)
49 |     {
50 |         $node
51 |             ->children()
52 |                 ->scalarNode('provider')->end()
53 |             ->end()
54 |         ;
55 |     }
56 | }
57 | 


--------------------------------------------------------------------------------
/Service/Response/V2Response.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Service\Response;
 4 | 
 5 | use Sensio\CasBundle\Service\Response\Response;
 6 | use Sensio\CasBundle\Service\Response\ResponseInterface;
 7 | 
 8 | class V2Response extends Response implements ResponseInterface
 9 | {
10 |     public function setBody($body)
11 |     {
12 |         if ($body === false) {
13 |             $this->failureMessage = 'Request failed';
14 |             $this->success = false;
15 | 
16 |             return $this;
17 |         }
18 | 
19 |         $xml = new \DOMDocument();
20 |         if ($xml->loadXML($body)) {
21 |             foreach ($xml->firstChild->childNodes as $child) {
22 |                 if($child->nodeName === 'cas:authenticationSuccess') {
23 |                     $root = $child;
24 |                     $this->success = true;
25 |                     break;
26 |                 } elseif($child->nodeName === 'cas:authenticationFailure') {
27 |                     $root = $child;
28 |                     $this->success = false;
29 |                     break;
30 |                 }
31 |             }
32 | 
33 |             if ($this->success) {
34 |                 foreach ($root->childNodes as $child) {
35 |                     switch ($child->nodeName) {
36 |                         case 'cas:user':
37 |                             $this->username = $child->textContent;
38 |                             break;
39 | 
40 |                         case 'cas:attributes':
41 |                             foreach($child->childrenNodes as $attr) {
42 |                                 if ($attr->nodeName != '#text') {
43 |                                     $this->attributes[$attr->nodeName] = $attr->textContent;
44 |                                 }
45 |                             }
46 |                             break;
47 | 
48 |                         case 'cas:attribute':
49 |                             $name = $child->attributes->getNamedItem('name')->value;
50 |                             $value = $child->attributes->getNamedItem('value')->value;
51 |                             if ($name && $value) {
52 |                                 $this->attributes[$name] = $value;
53 |                             }
54 |                             break;
55 | 
56 |                         case '#text':
57 |                             break;
58 | 
59 |                         default:
60 |                             $this->attributes[substr($child->nodeName, 4)] = $child->textContent;
61 |                     }
62 |                 }
63 |             } else {
64 |                 $this->failureMessage = (string)$root->textContent;
65 |             }
66 |         } else {
67 |             $this->success = false;
68 |             $this->failureMessage = 'Invalid response';
69 |         }
70 | 
71 |         return $this;
72 |     }
73 | }


--------------------------------------------------------------------------------
/Security/CasAuthenticationListener.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | namespace Sensio\CasBundle\Security;
 4 | 
 5 | use Symfony\Component\Security\Core\SecurityContext;
 6 | use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 7 | use Symfony\Component\Security\Core\Exception\AuthenticationException;
 8 | use Symfony\Component\HttpKernel\Log\LoggerInterface;
 9 | use Symfony\Component\HttpFoundation\Request;
10 | use Symfony\Component\Security\Core\Exception\BadCredentialsException;
11 | use Symfony\Component\Security\Http\Firewall\ListenerInterface;
12 | use Symfony\Component\HttpKernel\Event\GetResponseEvent;
13 | use Sensio\CasBundle\Service\Cas;
14 | 
15 | class CasAuthenticationListener implements ListenerInterface
16 | {
17 |     protected $cas;
18 | 
19 |     public function __construct(SecurityContext $securityContext, AuthenticationManagerInterface $authenticationManager, Cas $cas, LoggerInterface $logger = null)
20 |     {
21 |         $this->securityContext = $securityContext;
22 |         $this->authenticationManager = $authenticationManager;
23 |         $this->cas = $cas;
24 |         $this->logger = $logger;
25 |     }
26 | 
27 |     public function handle(GetResponseEvent $event)
28 |     {
29 |         if (!$this->cas->isValidationRequest($event->getRequest())) {
30 |             return;
31 |         }
32 | 
33 |         if (null !== $this->logger) {
34 |             $this->logger->debug(sprintf('Checking secure context token: %s', $this->securityContext->getToken()));
35 |         }
36 | 
37 |         list($username, $attributes) = $this->getTokenData($event->getRequest());
38 | 
39 |         if (null !== $token = $this->securityContext->getToken()) {
40 |             if ($token instanceof CasAuthenticationToken && $token->isAuthenticated() && (string) $token === $username) {
41 |                 return;
42 |             }
43 |         }
44 |         try {
45 |             $token = $this->authenticationManager->authenticate(new CasAuthenticationToken($username, $attributes));
46 | 
47 |             if (null !== $this->logger) {
48 |                 $this->logger->debug(sprintf('Authentication success: %s', $token));
49 |             }
50 | 
51 |             $this->securityContext->setToken($token);
52 |         } catch (AuthenticationException $failed) {
53 |             $this->securityContext->setToken(null);
54 | 
55 |             if (null !== $this->logger) {
56 |                 $this->logger->debug(sprintf("Cleared security context due to exception: %s", $failed->getMessage()));
57 |             }
58 |         }
59 |     }
60 | 
61 |     protected function getTokenData(Request $request)
62 |     {
63 |         $validation = $this->cas->getValidation($request);
64 | 
65 |         if ($validation->isSuccess()) {
66 |             return array($validation->getUsername(), $validation->getAttributes());
67 |         }
68 | 
69 |         throw new BadCredentialsException('CAS validation failure : '.$validation->getFailureMessage());
70 |     }
71 | }
72 | 


--------------------------------------------------------------------------------
/Service/Cas.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | namespace Sensio\CasBundle\Service;
  4 | 
  5 | use Sensio\CasBundle\Service\Protocol\V1Protocol;
  6 | use Sensio\CasBundle\Service\Protocol\V2Protocol;
  7 | 
  8 | use Sensio\CasBundle\Service\Request\CurlRequest;
  9 | use Sensio\CasBundle\Service\Request\HttpRequest;
 10 | use Sensio\CasBundle\Service\Request\FileRequest;
 11 | 
 12 | use Sensio\CasBundle\Service\Response\V1Response;
 13 | use Sensio\CasBundle\Service\Response\V2Response;
 14 | 
 15 | use Symfony\Component\HttpFoundation\Request;
 16 | use Symfony\Component\HttpFoundation\RedirectResponse;
 17 | 
 18 | class Cas
 19 | {
 20 |     protected
 21 |         $protocol,
 22 |         $version,
 23 |         $certFile,
 24 |         $requestType;
 25 | 
 26 |     public function __construct($baseUri, $version = 2, $certFile = null, $requestType = 'curl')
 27 |     {
 28 |         $this->version = $version;
 29 |         $this->certFile = $certFile;
 30 |         $this->requestType = $requestType;
 31 |         $this->protocol = $this->getProtocol($baseUri, $version);
 32 |     }
 33 | 
 34 |     public function getValidation(Request $request)
 35 |     {
 36 |         $uri = $this->protocol->getValidationUri($request->getUri(), $request->query->get('ticket'));
 37 | 
 38 |         return $this->getRequest($uri)
 39 |             ->setCertFile($this->certFile)
 40 |             ->send($this->getResponse())
 41 |             ->getResponse();
 42 |     }
 43 | 
 44 |     public function getLogoutResponse(Request $request)
 45 |     {
 46 |         $uri = $this->protocol->getLogoutUri($request->getUri());
 47 | 
 48 |         return new RedirectResponse($uri);
 49 |     }
 50 | 
 51 |     public function getLoginResponse(Request $request)
 52 |     {
 53 |         $uri = $this->protocol->getLoginUri($request->getUri());
 54 | 
 55 |         return new RedirectResponse($uri);
 56 |     }
 57 | 
 58 |     public function isValidationRequest(Request $request)
 59 |     {
 60 |         return $request->query->has('ticket');
 61 |     }
 62 | 
 63 |     protected function getProtocol($baseUri)
 64 |     {
 65 |         switch((int) $this->version) {
 66 |             case 1:
 67 |                 return new V1Protocol($baseUri);
 68 |             case 2:
 69 |                 return new V2Protocol($baseUri);
 70 |             default:
 71 |                 throw new \Exception('Invalid CAS version : '.$this->version);
 72 |         }
 73 |     }
 74 | 
 75 |     protected function getResponse()
 76 |     {
 77 |         switch ((int) $this->version) {
 78 |             case 1:
 79 |                 return new V1Response();
 80 |             case 2:
 81 |                 return new V2Response();
 82 |             default:
 83 |                 throw new \Exception('Invalid CAS version : '.$this->version);
 84 |         }
 85 |     }
 86 | 
 87 |     protected function getRequest($uri)
 88 |     {
 89 |         switch (strtolower($this->requestType)) {
 90 |             case 'curl':
 91 |                 return new CurlRequest($uri);
 92 |             case 'http':
 93 |                 return new HttpRequest($uri);
 94 |             case 'file':
 95 |                 return new FileRequest($uri);
 96 |             default:
 97 |                 throw new \Exception('Invalid CAS request type : '.$this->requestType);
 98 |         }
 99 |     }
100 | }
101 | 


--------------------------------------------------------------------------------
/Resources/doc/index.rst:
--------------------------------------------------------------------------------
  1 | Add CAS authentication to Symfony2
  2 | ==================================
  3 | 
  4 | -  More informations about CAS_ (Central Authentication Service).
  5 | -  Unlike SimpleCasBundle_, it's based on the Symfony2 security component.
  6 | -  Proxy features are not yet available.
  7 | 
  8 | Install the Bundle
  9 | ------------------
 10 | 
 11 | 1. Add the sources from github.com (GIT must be installed ;)
 12 | 
 13 |     .. code-block:: text
 14 | 
 15 |         // if your you're using git for your project
 16 |         git submodule add git://github.com/sensio/CasBundle.git vendor/bundles/Sensio/CasBundle
 17 | 
 18 |         // or if your project is not under git control
 19 |         mkdir -p vendor/bundles/Sensio/CasBundle
 20 |         cd vendor/bundles/Sensio/CasBundle
 21 |         git clone git://github.com/sensio/CasBundle.git
 22 | 
 23 | 2. Add the namespace in the autoloader::
 24 | 
 25 |         // app/autoload.php
 26 |         $loader->registerNamespaces(array(
 27 |             'Sensio' => __DIR__.'/../vendor/bundles',
 28 |             // your other namespaces
 29 |         );
 30 | 
 31 | 3. Then add it to your AppKernel class::
 32 | 
 33 |         // in AppKernel::registerBundles()
 34 |         $bundles = array(
 35 |             // ...
 36 |             new Sensio\CasBundle\SensioCasBundle(),
 37 |             // ...
 38 |         );
 39 | 
 40 | Configuration
 41 | -------------
 42 | 
 43 | Deadly simple, here is an example:
 44 | 
 45 | .. configuration-block::
 46 | 
 47 |     .. code-block:: yaml
 48 | 
 49 |         cas.config:
 50 |             uri:     https://my.cas.server:443/ # URI of the cas server
 51 |             version: 2                          # version of the used CAS protocol
 52 |             cert:    /path/to/my/cert.pem       # ssl cert file path (if needed)
 53 |             request: curl                       # request adapter (curl, http or file)
 54 | 
 55 |     .. code-block:: xml
 56 | 
 57 |         <cas:config
 58 |             uri="https://my.cas.server:8080/"
 59 |             version="2"
 60 |             cert="/path/to/my/cert.pem "
 61 |             request="curl" />
 62 | 
 63 |     .. code-block:: php
 64 | 
 65 |         $container->loadFromExtension('cas', 'config', array(
 66 |             'uri'     => 'https://my.cas.server:443/',
 67 |             'version' => 2,
 68 |             'cert'    => '/path/to/my/cert.pem',
 69 |             'request' => 'curl',
 70 |         ));
 71 | 
 72 | In addition, the security component must be aware of the new factory and listeners included in the bundle.
 73 | In order to to it, just look at the following example in YAML:
 74 | 
 75 | .. configuration-block::
 76 | 
 77 |     .. code-block:: yaml
 78 | 
 79 |         security:
 80 |             factories:
 81 |                 - "%kernel.root_dir%/../vendor/bundles/Sensio/CasBundle/Resources/config/security_factories.xml"
 82 | 
 83 |     .. code-block:: xml
 84 | 
 85 |         <security:config>
 86 |             <security:factory>%kernel.root_dir%/../vendor/bundles/Sensio/CasBundle/Resources/config/security_factories.xml</security:factory>
 87 |         </security:config>
 88 | 
 89 |     .. code-block:: php
 90 | 
 91 |         $container->loadFromExtension('security', 'config', array(
 92 |             'factories' => array(
 93 |                 '%kernel.root_dir%/../vendor/bundles/Sensio/CasBundle/Resources/config/security_factories.xml'
 94 |             )
 95 |         ));
 96 | 
 97 | Use the firewall
 98 | ----------------
 99 | 
100 | As usual, here is a simple example (with the template):
101 | 
102 | .. configuration-block::
103 | 
104 |     .. code-block:: yaml
105 | 
106 |         security:
107 |             factories:
108 |                 - "%kernel.root_dir%/../vendor/bundles/Sensio/CasBundle/Resources/config/security_factories.xml"
109 |             providers:
110 |                 my_provider:
111 |                     id: acme_demo.user_provider
112 |             firewalls:
113 |                 my_firewall:
114 |                     pattern:  /regex/to/protected/url
115 |                     cas: { provider: my_provider }
116 | 
117 |         services:
118 |             acme_demo.user_provider:
119 |                 class: My\FooBundle\Security\UserProvider
120 |                 arguments:
121 | 
122 |     .. code-block:: xml
123 | 
124 |         <security:config>
125 |             <security:factory>%kernel.root_dir%/../vendor/bundles/Sensio/CasBundle/Resources/config/security_factories.xml</security:factory>
126 |             <security:provider name="my_provider" id="acme_demo.user_provider" />
127 |             <security:firewall name="my_firewall" pattern="/regex/to/protected/url">
128 |                 <security:cas provider="my_provider" />
129 |             </security:firewall>
130 |         </security:config>
131 | 
132 |         <services>
133 |             <service id="acme_demo.user_provider" class="My\FooBundle\Security\UserProvider" />
134 |         </services>
135 | 
136 |     .. code-block:: php
137 | 
138 |         $container->loadFromExtension('security', 'config', array(
139 |             'factories' => array(
140 |                 '%kernel.root_dir%/../vendor/bundles/Sensio/CasBundle/Resources/config/security_factories.xml'
141 |             ),
142 |             'providers' => array(
143 |                 'my_provider' => array(
144 |                     'id' => 'acme_demo.user_provider'
145 |                 )
146 |             ),
147 |             'firewall'  => array(
148 |                 'my_firewall' => array(
149 |                     'pattern' => '/regex/to/protected/url',
150 |                     'cas'     => array(
151 |                         'provider' => 'my_provider'
152 |                     )
153 |                 )
154 |             )
155 |         ));
156 | 
157 |         $container->setDefinition('acme_demo.user_provider', new Definition(
158 |             'My\FooBundle\Security\UserProvider',
159 |             array()
160 |         ));
161 | 
162 | .. _CAS:             http://www.jasig.org/cas
163 | .. _SimpleCasBundle: https://github.com/jmikola/SimpleCASBundle
164 | 


--------------------------------------------------------------------------------