-
Notifications
You must be signed in to change notification settings - Fork 1
/
AuthController.php
159 lines (136 loc) · 4.25 KB
/
AuthController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<?php
namespace Bundle\SimpleCASBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
abstract class AuthController extends Controller
{
/**
* Returns the absolute service URL that CAS should redirect to after
* logging out. This will also be used for redirection after logging in,
* if a referer is not available.
*
* @return string
*/
abstract protected function getServiceUrl();
/**
* Returns the absolute URL to the login action, which is needed by the
* login action to ensure it never redirects to itself.
*
* @return string
*/
abstract protected function getLoginActionUrl();
public function loginAction()
{
$simplecas = $this->getSimpleCAS();
/* If the user is attempting to log in while already authenticated,
* assume they wish to reauthenticate as another user. Redirect the
* user to the CAS logout URL, which should return to this login action.
*
* If a referer URL is available, it will be saved for post-login
* redirection.
*/
if ($simplecas->isAuthenticated()) {
$simplecas->unauthenticate();
if ($referer = $this->getRefererUrl()) {
$simplecas->setLoginRedirectUrl($referer);
}
return $this->redirect($simplecas->getLogoutUrl());
}
return $this->redirect($simplecas->getLoginUrl($this->getLoginRedirectUrlOnce()));
}
public function logoutAction()
{
$simplecas = $this->getSimpleCAS();
$simplecas->unauthenticate();
return $this->redirect($simplecas->getLogoutUrl($this->getServiceUrl()));
}
/**
* Get the post-login redirect URL.
*
* If no redirect URL is saved in the session, this will default to the
* referer. If either of those URL's is invalid (i.e. an internal CAS URL),
* the service URL will be returned.
*
* @see isValidRedirectUrl()
* @return string
*/
protected function getLoginRedirectUrl()
{
$loginRedirectUrl = $this->getSimpleCAS()->getLoginRedirectUrl($this->getRefererUrl());
// Default to service URL if the referrer is invalid
if (! $this->isValidRedirectUrl($loginRedirectUrl)) {
$loginRedirectUrl = $this->getServiceUrl();
}
return $loginRedirectUrl;
}
/**
* Get the post-login redirect URL and ensure it's removed from the session.
*
* @return string
*/
protected function getLoginRedirectUrlOnce()
{
$loginRedirectUrl = $this->getLoginRedirectUrl();
$this->getSimpleCAS()->removeLoginRedirectUrl();
return $loginRedirectUrl;
}
/**
* Set the post-login redirect URL.
*
* @param string
*/
protected function setLoginRedirectUrl($loginRedirectUrl)
{
$this->getSimpleCAS()->setLoginRedirectUrl($loginRedirectUrl);
}
/**
* Get the request referer URL.
*
* @return string
*/
protected function getRefererUrl()
{
return $this->getRequest()->headers->get('referer');
}
/**
* Check that the URL parameter does not point to the login action or one of
* the CAS login/logout URL's (sans query string).
*
* @param string $url
* @return boolean
*/
protected function isValidRedirectUrl($url)
{
$invalidUrls = array(
$this->getLoginActionUrl(),
preg_replace('/\?.*$/', '', $this->getSimpleCAS()->getLoginUrl()),
preg_replace('/\?.*$/', '', $this->getSimpleCAS()->getLogoutUrl()),
);
foreach ($invalidUrls as $invalidUrl) {
if (0 === strncmp($url, $invalidUrl, strlen($invalidUrl))) {
return false;
}
}
return true;
}
/**
* @return \Symfony\Component\HttpFoundation\Request
*/
protected function getRequest()
{
return $this['request'];
}
/**
* @return Symfony\Component\HttpFoundation\Session
*/
protected function getSession()
{
return $this['session'];
}
/**
* @return \Bundle\SimpleCASBundle\SimpleCAS
*/
protected function getSimpleCAS()
{
return $this['simplecas'];
}
}