The start of something beautiful
This commit is contained in:
@@ -0,0 +1,85 @@
|
||||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\Security\Http\AccessToken\Cas;
|
||||
|
||||
use Symfony\Component\HttpClient\HttpClient;
|
||||
use Symfony\Component\HttpFoundation\RequestStack;
|
||||
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
||||
use Symfony\Component\Security\Http\AccessToken\AccessTokenHandlerInterface;
|
||||
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
|
||||
use Symfony\Contracts\HttpClient\HttpClientInterface;
|
||||
|
||||
/**
|
||||
* @see https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-V2-Specification.html
|
||||
*
|
||||
* @author Nicolas Attard <contact@nicolasattard.fr>
|
||||
*/
|
||||
final class Cas2Handler implements AccessTokenHandlerInterface
|
||||
{
|
||||
public function __construct(
|
||||
private readonly RequestStack $requestStack,
|
||||
private readonly string $validationUrl,
|
||||
private readonly string $prefix = 'cas',
|
||||
private ?HttpClientInterface $client = null,
|
||||
) {
|
||||
if (null === $client) {
|
||||
if (!class_exists(HttpClient::class)) {
|
||||
throw new \LogicException(sprintf('You cannot use "%s" as the HttpClient component is not installed. Try running "composer require symfony/http-client".', __CLASS__));
|
||||
}
|
||||
|
||||
$this->client = HttpClient::create();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws AuthenticationException
|
||||
*/
|
||||
public function getUserBadgeFrom(string $accessToken): UserBadge
|
||||
{
|
||||
$response = $this->client->request('GET', $this->getValidationUrl($accessToken));
|
||||
|
||||
$xml = new \SimpleXMLElement($response->getContent(), 0, false, $this->prefix, true);
|
||||
|
||||
if (isset($xml->authenticationSuccess)) {
|
||||
return new UserBadge((string) $xml->authenticationSuccess->user);
|
||||
}
|
||||
|
||||
if (isset($xml->authenticationFailure)) {
|
||||
throw new AuthenticationException('CAS Authentication Failure: '.trim((string) $xml->authenticationFailure));
|
||||
}
|
||||
|
||||
throw new AuthenticationException('Invalid CAS response.');
|
||||
}
|
||||
|
||||
private function getValidationUrl(string $accessToken): string
|
||||
{
|
||||
$request = $this->requestStack->getCurrentRequest();
|
||||
|
||||
if (null === $request) {
|
||||
throw new \LogicException('Request should exist so it can be processed for error.');
|
||||
}
|
||||
|
||||
$query = $request->query->all();
|
||||
|
||||
if (!isset($query['ticket'])) {
|
||||
throw new AuthenticationException('No ticket found in request.');
|
||||
}
|
||||
unset($query['ticket']);
|
||||
$queryString = $query ? '?'.http_build_query($query) : '';
|
||||
|
||||
return sprintf('%s?ticket=%s&service=%s',
|
||||
$this->validationUrl,
|
||||
urlencode($accessToken),
|
||||
urlencode($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().$queryString)
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user