From 1cfbaab3738312512a6001ca783f5bbf6fe7dda2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?V=C3=ADctor=20D=C3=A9niz=20Falc=C3=B3n?= Date: Fri, 13 Dec 2019 12:34:06 +0000 Subject: [PATCH] MDL-67382 auth_cas: update phpCAS to 1.3.8 --- auth/cas/CAS/CAS.php | 2 +- auth/cas/CAS/CAS/Client.php | 85 +++++++++++++++++++++++++++++++++++------- auth/cas/CAS/README.md | 9 ++++- auth/cas/CAS/moodle_readme.txt | 6 +-- 4 files changed, 81 insertions(+), 21 deletions(-) diff --git a/auth/cas/CAS/CAS.php b/auth/cas/CAS/CAS.php index 5d6f8818937..343a3eb199d 100644 --- a/auth/cas/CAS/CAS.php +++ b/auth/cas/CAS/CAS.php @@ -61,7 +61,7 @@ if (!defined('E_USER_DEPRECATED')) { /** * phpCAS version. accessible for the user by phpCAS::getVersion(). */ -define('PHPCAS_VERSION', '1.3.7+'); +define('PHPCAS_VERSION', '1.3.8'); /** * @addtogroup public diff --git a/auth/cas/CAS/CAS/Client.php b/auth/cas/CAS/CAS/Client.php index 338bd50c4ec..f06c1540568 100644 --- a/auth/cas/CAS/CAS/Client.php +++ b/auth/cas/CAS/CAS/Client.php @@ -997,7 +997,18 @@ class CAS_Client // set to callback mode if PgtIou and PgtId CGI GET parameters are provided if ( $this->isProxy() ) { - $this->_setCallbackMode(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId'])); + if(!empty($_GET['pgtIou'])&&!empty($_GET['pgtId'])) { + $this->_setCallbackMode(true); + $this->_setCallbackModeUsingPost(false); + } elseif (!empty($_POST['pgtIou'])&&!empty($_POST['pgtId'])) { + $this->_setCallbackMode(true); + $this->_setCallbackModeUsingPost(true); + } else { + $this->_setCallbackMode(false); + $this->_setCallbackModeUsingPost(false); + } + + } if ( $this->_isCallbackMode() ) { @@ -2330,6 +2341,36 @@ class CAS_Client } /** + * @var bool a boolean to know if the CAS client is using POST parameters when in callback mode. + * Written by CAS_Client::_setCallbackModeUsingPost(), read by CAS_Client::_isCallbackModeUsingPost(). + * + * @hideinitializer + */ + private $_callback_mode_using_post = false; + + /** + * This method sets/unsets usage of POST parameters in callback mode (default/false is GET parameters) + * + * @param bool $callback_mode_using_post true to use POST, false to use GET (default). + * + * @return void + */ + private function _setCallbackModeUsingPost($callback_mode_using_post) + { + $this->_callback_mode_using_post = $callback_mode_using_post; + } + + /** + * This method returns true when the callback mode is using POST, false otherwise. + * + * @return bool A boolean. + */ + private function _isCallbackModeUsingPost() + { + return $this->_callback_mode_using_post; + } + + /** * the URL that should be used for the PGT callback (in fact the URL of the * current request without any CGI parameter). Written and read by * CAS_Client::_getCallbackURL(). @@ -2387,23 +2428,39 @@ class CAS_Client private function _callback() { phpCAS::traceBegin(); - if (preg_match('/^PGTIOU-[\.\-\w]+$/', $_GET['pgtIou'])) { - if (preg_match('/^[PT]GT-[\.\-\w]+$/', $_GET['pgtId'])) { - $this->printHTMLHeader('phpCAS callback'); - $pgt_iou = $_GET['pgtIou']; - $pgt = $_GET['pgtId']; - phpCAS::trace('Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\')'); - echo '

Storing PGT `'.$pgt.'\' (id=`'.$pgt_iou.'\').

'; - $this->_storePGT($pgt, $pgt_iou); - $this->printHTMLFooter(); + if ($this->_isCallbackModeUsingPost()) { + $pgtId = $_POST['pgtId']; + $pgtIou = $_POST['pgtIou']; + } else { + $pgtId = $_GET['pgtId']; + $pgtIou = $_GET['pgtIou']; + } + if (preg_match('/^PGTIOU-[\.\-\w]+$/', $pgtIou)) { + if (preg_match('/^[PT]GT-[\.\-\w]+$/', $pgtId)) { + phpCAS::trace('Storing PGT `'.$pgtId.'\' (id=`'.$pgtIou.'\')'); + $this->_storePGT($pgtId, $pgtIou); + if (array_key_exists('HTTP_ACCEPT', $_SERVER) && + ( $_SERVER['HTTP_ACCEPT'] == 'application/xml' || + $_SERVER['HTTP_ACCEPT'] == 'text/xml' + ) + ) { + echo '' . "\r\n"; + echo ''; + phpCAS::traceExit("XML response sent"); + } else { + $this->printHTMLHeader('phpCAS callback'); + echo '

Storing PGT `'.$pgtId.'\' (id=`'.$pgtIou.'\').

'; + $this->printHTMLFooter(); + phpCAS::traceExit("HTML response sent"); + } phpCAS::traceExit("Successfull Callback"); } else { - phpCAS::error('PGT format invalid' . $_GET['pgtId']); - phpCAS::traceExit('PGT format invalid' . $_GET['pgtId']); + phpCAS::error('PGT format invalid' . $pgtId); + phpCAS::traceExit('PGT format invalid' . $pgtId); } } else { - phpCAS::error('PGTiou format invalid' . $_GET['pgtIou']); - phpCAS::traceExit('PGTiou format invalid' . $_GET['pgtIou']); + phpCAS::error('PGTiou format invalid' . $pgtIou); + phpCAS::traceExit('PGTiou format invalid' . $pgtIou); } // Flush the buffer to prevent from sending anything other then a 200 diff --git a/auth/cas/CAS/README.md b/auth/cas/CAS/README.md index 583c1dce872..f425edca84d 100644 --- a/auth/cas/CAS/README.md +++ b/auth/cas/CAS/README.md @@ -4,11 +4,16 @@ phpCAS phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. -Please see the phpCAS website for more information: +Please see the wiki website for more information: https://wiki.jasig.org/display/CASC/phpCAS -[![Build Status](https://travis-ci.org/Jasig/phpCAS.png)](https://travis-ci.org/Jasig/phpCAS) +Api documentation can be found here: + +https://apereo.github.io/phpCAS/ + + +[![Build Status](https://travis-ci.org/apereo/phpCAS.png)](https://travis-ci.org/apereo/phpCAS) LICENSE diff --git a/auth/cas/CAS/moodle_readme.txt b/auth/cas/CAS/moodle_readme.txt index 7894d1c1867..11cf506a65a 100644 --- a/auth/cas/CAS/moodle_readme.txt +++ b/auth/cas/CAS/moodle_readme.txt @@ -1,5 +1,3 @@ -Description of phpCAS 1.3.7 library import +Description of phpCAS 1.3.8 library import -* downloaded from http://downloads.jasig.org/cas-clients/php/current/ -* applied patch https://github.com/apereo/phpCAS/pull/247 for PHP 7.2 compatibility (MDL-60280) -* applied patch https://github.com/apereo/phpCAS/pull/278 for PHP 7.3 compatibility (MDL-63422) +* downloaded from http://downloads.jasig.org/cas-clients/php/current/ \ No newline at end of file -- 2.11.4.GIT