From 8fd7dd02101107c8069e7d5c4ab5c9286f7fcc0d Mon Sep 17 00:00:00 2001
From: inghamn <inghamn@100bd78a-fc82-11de-b5bc-ffd2847a4b57>
Date: Fri, 29 Jan 2010 17:22:45 +0000
Subject: [PATCH] Added support for CAS authentication

git-svn-id: https://rosehill.googlecode.com/svn/trunk@64 100bd78a-fc82-11de-b5bc-ffd2847a4b57
---
 configuration.inc.default | 29 +++++++++++++++++++++++++++++
 html/login/home.php       | 11 +++--------
 html/login/login.php      |  4 +---
 html/login/logout.php     | 14 +++++++++++++-
 4 files changed, 46 insertions(+), 12 deletions(-)

diff --git a/configuration.inc.default b/configuration.inc.default
index 1d5762b..2c0c07b 100644
--- a/configuration.inc.default
+++ b/configuration.inc.default
@@ -114,6 +114,35 @@ if (!defined('STDIN')) {
 	session_start();
 }
 
+/**
+ * We now do single sign-on using CAS  http://www.jasig.org/cas
+ *
+ * http://code.google.com/p/simplecas/
+ *
+ * SimpleCAS is a PHP library for handling the calls to the CAS service
+ * The version we're running right now has been modified to remove
+ * the depency on HTTP_Request2.  Instead, it uses curl
+ */
+define('CAS','/var/www/libraries/SimpleCAS');
+define('CAS_SERVER','cas.somewhere.org');
+define('CAS_URI','cas');
+define('CAS_COOKIE','cas_session');
+define('CAS_DOMAIN','.localhost');
+if (session_id()) {
+	if (!isset($_SESSION['USER']) && isset($_COOKIE[CAS_COOKIE])) {
+		require_once CAS.'/SimpleCAS/Autoload.php';
+		$options = array('hostname'=>CAS_SERVER,'uri'=>CAS_URI);
+		$protocol = new SimpleCAS_Protocol_Version2($options);
+		$client = SimpleCAS::client($protocol);
+		$client->forceAuthentication();
+
+		if ($client->isAuthenticated()) {
+			$user = new User($client->getUsername());
+			$user->startNewSession();
+		}
+	}
+}
+
 /**
  * Load the Zend_Acl
  * Access control is going to handled using the Zend_Acl
diff --git a/html/login/home.php b/html/login/home.php
index 4be24dd..f3433d4 100644
--- a/html/login/home.php
+++ b/html/login/home.php
@@ -1,9 +1,6 @@
 <?php
 /**
- *	Logs a user into the system.
- *
- *	A logged in user will have a $_SESSION['USER']
- *								$_SESSION['IP_ADDRESS']
+ *	Logs a user into the system using CAS
  *
  * @copyright 2006-2010 City of Bloomington, Indiana
  * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.txt
@@ -14,17 +11,15 @@ if (isset($_REQUEST['return_url'])) {
 }
 require_once '/var/www/libraries/SimpleCAS/SimpleCAS/Autoload.php';
 
-$options = array('hostname'=>'bandit.bloomington.in.gov',
-				'uri'=>'cas');
+$options = array('hostname'=>CAS_SERVER,'uri'=>CAS_URI);
 $protocol = new SimpleCAS_Protocol_Version2($options);
-
 $client = SimpleCAS::client($protocol);
 $client->forceAuthentication();
 
 if ($client->isAuthenticated()) {
 	$user = new User($client->getUsername());
 	$user->startNewSession();
-	setcookie('cas_session','true',0,'/','.bloomington.in.gov');
+	setcookie(CAS_COOKIE,'true',0,'/',CAS_DOMAIN);
 
 	if (isset($_SESSION['return_url'])) {
 		header('Location: '.$_SESSION['return_url']);
diff --git a/html/login/login.php b/html/login/login.php
index 5570813..642bdd0 100644
--- a/html/login/login.php
+++ b/html/login/login.php
@@ -1,8 +1,6 @@
 <?php
 /**
- *	Logs a user into the system.
- *
- *	A logged in user will have a $_SESSION['USER']
+ *	Logs a user into the system using this application's internal authentication
  *
  * @copyright 2006-2009 City of Bloomington, Indiana
  * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.txt
diff --git a/html/login/logout.php b/html/login/logout.php
index 494b5f1..ccf3f1c 100644
--- a/html/login/logout.php
+++ b/html/login/logout.php
@@ -1,9 +1,21 @@
 <?php
 /**
  * Logs a user out of the system
- * @copyright 2008 City of Bloomington, Indiana
+ *
+ * @copyright 2008-2010 City of Bloomington, Indiana
  * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.txt
  * @author Cliff Ingham <inghamn@bloomington.in.gov>
  */
+if (isset($_COOKIE[CAS_COOKIE])) {
+	setcookie(CAS_COOKIE,'true',time()-3600,'/',CAS_DOMAIN);
+
+	require_once CAS.'/SimpleCAS/Autoload.php';
+
+	$options = array('hostname'=>CAS_SERVER,'uri'=>CAS_URI);
+	$protocol = new SimpleCAS_Protocol_Version2($options);
+	$client = SimpleCAS::client($protocol);
+	$client->logout(BASE_URL);
+}
+
 session_destroy();
 header('Location: '.BASE_URL);