86 lines
2.9 KiB
PHP
86 lines
2.9 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Symfony package.
|
|
*
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Symfony\Component\Security\Http\AccessToken\Cas;
|
|
|
|
use Symfony\Component\HttpClient\HttpClient;
|
|
use Symfony\Component\HttpFoundation\RequestStack;
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
use Symfony\Component\Security\Http\AccessToken\AccessTokenHandlerInterface;
|
|
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
|
|
use Symfony\Contracts\HttpClient\HttpClientInterface;
|
|
|
|
/**
|
|
* @see https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-V2-Specification.html
|
|
*
|
|
* @author Nicolas Attard <contact@nicolasattard.fr>
|
|
*/
|
|
final class Cas2Handler implements AccessTokenHandlerInterface
|
|
{
|
|
public function __construct(
|
|
private readonly RequestStack $requestStack,
|
|
private readonly string $validationUrl,
|
|
private readonly string $prefix = 'cas',
|
|
private ?HttpClientInterface $client = null,
|
|
) {
|
|
if (null === $client) {
|
|
if (!class_exists(HttpClient::class)) {
|
|
throw new \LogicException(sprintf('You cannot use "%s" as the HttpClient component is not installed. Try running "composer require symfony/http-client".', __CLASS__));
|
|
}
|
|
|
|
$this->client = HttpClient::create();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @throws AuthenticationException
|
|
*/
|
|
public function getUserBadgeFrom(string $accessToken): UserBadge
|
|
{
|
|
$response = $this->client->request('GET', $this->getValidationUrl($accessToken));
|
|
|
|
$xml = new \SimpleXMLElement($response->getContent(), 0, false, $this->prefix, true);
|
|
|
|
if (isset($xml->authenticationSuccess)) {
|
|
return new UserBadge((string) $xml->authenticationSuccess->user);
|
|
}
|
|
|
|
if (isset($xml->authenticationFailure)) {
|
|
throw new AuthenticationException('CAS Authentication Failure: '.trim((string) $xml->authenticationFailure));
|
|
}
|
|
|
|
throw new AuthenticationException('Invalid CAS response.');
|
|
}
|
|
|
|
private function getValidationUrl(string $accessToken): string
|
|
{
|
|
$request = $this->requestStack->getCurrentRequest();
|
|
|
|
if (null === $request) {
|
|
throw new \LogicException('Request should exist so it can be processed for error.');
|
|
}
|
|
|
|
$query = $request->query->all();
|
|
|
|
if (!isset($query['ticket'])) {
|
|
throw new AuthenticationException('No ticket found in request.');
|
|
}
|
|
unset($query['ticket']);
|
|
$queryString = $query ? '?'.http_build_query($query) : '';
|
|
|
|
return sprintf('%s?ticket=%s&service=%s',
|
|
$this->validationUrl,
|
|
urlencode($accessToken),
|
|
urlencode($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().$queryString)
|
|
);
|
|
}
|
|
}
|