diff --git a/config-templates/module_casserver.php b/config-templates/module_casserver.php
index 80725e1..8bc898e 100644
--- a/config-templates/module_casserver.php
+++ b/config-templates/module_casserver.php
@@ -1,7 +1,8 @@
[
+ 'scopes' => [
'mobile' => [
'https://idp1.domain:1234/saml2/idp/metadata.php',
'https://idp2.domain:5678/saml2/idp/metadata.php'
],
'desktop' => [
- 'https://idp3.domain:1234/saml2/idp/metadata.php',
+ 'https://idp3.domain:1234/saml2/idp/metadata.php',
'https://idp4.domain:5678/saml2/idp/metadata.php'
]
],
@@ -63,8 +64,11 @@
'attributes' => true, // enable transfer of attributes, defaults to true
'attributes_to_transfer' => ['eduPersonPrincipalName'], // set of attributes to transfer, defaults to all
- /* Optional authproc filter. Only authproc filters that solely rely on attributes (such as core:AttributeMap and AttributeAlter)
- may be used. If your authsource supports authproc filters you are better off doing it there. */
+ /**
+ * Optional authproc filter. Only authproc filters that solely rely on attributes
+ * (such as core:AttributeMap and AttributeAlter)
+ * may be used. If your authsource supports authproc filters you are better off doing it there.
+ */
'authproc' => [
[
'class' => 'core:AttributeMap',
@@ -75,18 +79,26 @@
],
'base64attributes' => true, // base64 encode transferred attributes, defaults to false
- 'base64_attributes_indicator_attribute' => 'base64Attributes', /*add an attribute with the value of the base64attributes
- configuration parameter to the set of transferred attributes.
- Defaults to not adding an indicator attribute. */
+
+ /**
+ * add an attribute with the value of the base64attributes
+ * configuration parameter to the set of transferred attributes.
+ * Defaults to not adding an indicator attribute.
+ */
+ 'base64_attributes_indicator_attribute' => 'base64Attributes',
'enable_logout' => true, // enable CAS logout, defaults to false
'skip_logout_page' => true, /*perform a redirect instead of showing a logout page with a link to the location
given in the url parameter, defaults to false. Skipping the logout page makes the
url query parameter to CAS logout mandatory for obvious reasons.*/
- 'service_ticket_expire_time' => 5, //how many seconds service tickets are valid for, defaults to 5
- 'proxy_granting_ticket_expire_time' => 600, //how many seconds proxy granting tickets are valid for at most, defaults to 3600
- 'proxy_ticket_expire_time' => 5, //how many seconds proxy tickets are valid for, defaults to 5
+ // how many seconds service tickets are valid for, defaults to 5
+ 'service_ticket_expire_time' => 5,
+ // how many seconds proxy granting tickets are valid for at most, defaults to 3600
+ 'proxy_granting_ticket_expire_time' => 600,
+ //how many seconds proxy tickets are valid for, defaults to 5
+ 'proxy_ticket_expire_time' => 5,
- 'debugMode' => true, // If query param debugMode=true is sent to the login endpoint then print cas ticket xml. Default false
+ // If query param debugMode=true is sent to the login endpoint then print cas ticket xml. Default false
+ 'debugMode' => true,
];
diff --git a/lib/Cas/CasException.php b/lib/Cas/CasException.php
index 4f7099d..28a77e9 100644
--- a/lib/Cas/CasException.php
+++ b/lib/Cas/CasException.php
@@ -8,7 +8,8 @@
*/
class CasException extends \Exception
{
- // For list of cas codes see https://apereo.github.io/cas/5.2.x/protocol/CAS-Protocol-Specification.html#253-error-codes
+ // For list of cas codes see:
+ // https://apereo.github.io/cas/5.2.x/protocol/CAS-Protocol-Specification.html#253-error-codes
const INVALID_TICKET = 'INVALID_TICKET';
const INVALID_SERVICE = 'INVALID_SERVICE';
diff --git a/lib/Cas/Protocol/Cas10.php b/lib/Cas/Protocol/Cas10.php
index f90ddc9..9442de3 100644
--- a/lib/Cas/Protocol/Cas10.php
+++ b/lib/Cas/Protocol/Cas10.php
@@ -41,7 +41,7 @@ public function __construct(Configuration $config)
*/
public function getValidateSuccessResponse($username)
{
- return "yes\n".$username."\n";
+ return "yes\n" . $username . "\n";
}
diff --git a/lib/Cas/Protocol/Cas20.php b/lib/Cas/Protocol/Cas20.php
index 57ff808..906690d 100644
--- a/lib/Cas/Protocol/Cas20.php
+++ b/lib/Cas/Protocol/Cas20.php
@@ -244,7 +244,7 @@ public function getProxyFailureResponse($errorCode, $explanation)
private function workAroundForBuggyJasigXmlParser($xmlString)
{
// when will people stop hand coding xml handling....?
- return str_replace('><', '>'.PHP_EOL.'<', str_replace(PHP_EOL, '', $xmlString));
+ return str_replace('><', '>' . PHP_EOL . '<', str_replace(PHP_EOL, '', $xmlString));
}
@@ -259,7 +259,7 @@ private function generateCas20Attribute($xmlDocument, $attributeName, $attribute
$attributeValueNode = $xmlDocument->createTextNode($this->base64EncodeAttributes ?
base64_encode($attributeValue) : $attributeValue);
- $attributeElement = $xmlDocument->createElement('cas:'.$attributeName);
+ $attributeElement = $xmlDocument->createElement('cas:' . $attributeName);
$attributeElement->appendChild($attributeValueNode);
diff --git a/lib/Cas/ServiceValidator.php b/lib/Cas/ServiceValidator.php
index 966c98f..6f81d63 100644
--- a/lib/Cas/ServiceValidator.php
+++ b/lib/Cas/ServiceValidator.php
@@ -55,7 +55,7 @@ public function checkServiceURL($service)
$isValidService = true;
break;
} elseif ($result === false) {
- Logger::warning("Invalid CAS legal service url '$legalUrl'. Error ".preg_last_error());
+ Logger::warning("Invalid CAS legal service url '$legalUrl'. Error " . preg_last_error());
}
} elseif (strpos($service, $legalUrl) === 0) {
$isValidService = true;
diff --git a/lib/Cas/Ticket/FileSystemTicketStore.php b/lib/Cas/Ticket/FileSystemTicketStore.php
index c5f8713..0fe17a2 100644
--- a/lib/Cas/Ticket/FileSystemTicketStore.php
+++ b/lib/Cas/Ticket/FileSystemTicketStore.php
@@ -48,11 +48,11 @@ public function __construct(Configuration $config)
$path = $config->resolvePath($storeConfig['directory']);
if (is_null($path) || !is_dir($path)) {
- throw new Exception('Directory for CAS Server ticket storage ['.strval($path).'] does not exists.');
+ throw new Exception('Directory for CAS Server ticket storage [' . strval($path) . '] does not exists.');
}
if (!is_writable($path)) {
- throw new Exception('Directory for CAS Server ticket storage ['.$path.'] is not writable.');
+ throw new Exception('Directory for CAS Server ticket storage [' . $path . '] is not writable.');
}
$this->pathToTicketDirectory = preg_replace('/\/$/', '', $path);
@@ -65,7 +65,7 @@ public function __construct(Configuration $config)
*/
public function getTicket($ticketId)
{
- $filename = $this->pathToTicketDirectory.'/'.$ticketId;
+ $filename = $this->pathToTicketDirectory . '/' . $ticketId;
if (file_exists($filename)) {
$content = file_get_contents($filename);
@@ -83,7 +83,7 @@ public function getTicket($ticketId)
*/
public function addTicket(array $ticket)
{
- $filename = $this->pathToTicketDirectory.'/'.$ticket['id'];
+ $filename = $this->pathToTicketDirectory . '/' . $ticket['id'];
file_put_contents($filename, serialize($ticket));
}
@@ -94,7 +94,7 @@ public function addTicket(array $ticket)
*/
public function deleteTicket($ticketId)
{
- $filename = $this->pathToTicketDirectory.'/'.$ticketId;
+ $filename = $this->pathToTicketDirectory . '/' . $ticketId;
if (file_exists($filename)) {
unlink($filename);
diff --git a/lib/Cas/Ticket/MemCacheTicketStore.php b/lib/Cas/Ticket/MemCacheTicketStore.php
index 366bf91..03567de 100644
--- a/lib/Cas/Ticket/MemCacheTicketStore.php
+++ b/lib/Cas/Ticket/MemCacheTicketStore.php
@@ -89,6 +89,6 @@ public function deleteTicket($ticketId)
*/
private function scopeTicketId($ticketId)
{
- return $this->prefix.'.'.$ticketId;
+ return $this->prefix . '.' . $ticketId;
}
}
diff --git a/lib/Cas/Ticket/SQLTicketStore.php b/lib/Cas/Ticket/SQLTicketStore.php
index d46a855..f7c334c 100644
--- a/lib/Cas/Ticket/SQLTicketStore.php
+++ b/lib/Cas/Ticket/SQLTicketStore.php
@@ -117,7 +117,7 @@ public function deleteTicket($ticketId)
*/
private function scopeTicketId($ticketId)
{
- return $this->prefix.'.'.$ticketId;
+ return $this->prefix . '.' . $ticketId;
}
@@ -130,9 +130,9 @@ private function initTableVersionTable()
$this->tableVersions = [];
try {
- $fetchTableVersion = $this->pdo->query('SELECT _name, _version FROM '.$this->prefix.'_tableVersion');
+ $fetchTableVersion = $this->pdo->query('SELECT _name, _version FROM ' . $this->prefix . '_tableVersion');
} catch (PDOException $e) {
- $this->pdo->exec('CREATE TABLE '.$this->prefix.
+ $this->pdo->exec('CREATE TABLE ' . $this->prefix .
'_tableVersion (_name VARCHAR(30) NOT NULL UNIQUE, _version INTEGER NOT NULL)');
return;
}
@@ -153,11 +153,11 @@ private function initKVTable()
return;
}
- $query = 'CREATE TABLE '.$this->prefix.
+ $query = 'CREATE TABLE ' . $this->prefix .
'_kvstore (_key VARCHAR(50) NOT NULL, _value TEXT NOT NULL, _expire TIMESTAMP, PRIMARY KEY (_key))';
$this->pdo->exec($query);
- $query = 'CREATE INDEX '.$this->prefix.'_kvstore_expire ON '.$this->prefix.'_kvstore (_expire)';
+ $query = 'CREATE INDEX ' . $this->prefix . '_kvstore_expire ON ' . $this->prefix . '_kvstore (_expire)';
$this->pdo->exec($query);
$this->setTableVersion('kvstore', 1);
@@ -191,7 +191,7 @@ private function setTableVersion($name, $version)
Assert::integer($version);
$this->insertOrUpdate(
- $this->prefix.'_tableVersion',
+ $this->prefix . '_tableVersion',
['_name'],
[
'_name' => $name,
@@ -212,24 +212,24 @@ private function insertOrUpdate($table, array $keys, array $data)
{
Assert::string($table);
- $colNames = '('.implode(', ', array_keys($data)).')';
- $values = 'VALUES(:'.implode(', :', array_keys($data)).')';
+ $colNames = '(' . implode(', ', array_keys($data)) . ')';
+ $values = 'VALUES(:' . implode(', :', array_keys($data)) . ')';
switch ($this->driver) {
case 'mysql':
- $query = 'REPLACE INTO '.$table.' '.$colNames.' '.$values;
+ $query = 'REPLACE INTO ' . $table . ' ' . $colNames . ' ' . $values;
$query = $this->pdo->prepare($query);
$query->execute($data);
return;
case 'sqlite':
- $query = 'INSERT OR REPLACE INTO '.$table.' '.$colNames.' '.$values;
+ $query = 'INSERT OR REPLACE INTO ' . $table . ' ' . $colNames . ' ' . $values;
$query = $this->pdo->prepare($query);
$query->execute($data);
return;
default:
/* Default implementation. Try INSERT, and UPDATE if that fails. */
- $insertQuery = 'INSERT INTO '.$table.' '.$colNames.' '.$values;
+ $insertQuery = 'INSERT INTO ' . $table . ' ' . $colNames . ' ' . $values;
/** @var \PDOStatement|false $insertQuery */
$insertQuery = $this->pdo->prepare($insertQuery);
@@ -260,7 +260,7 @@ private function insertOrUpdateFallback($table, array $keys, array $data, PDOSta
case '23505': /* PostgreSQL */
break;
default:
- Logger::error('casserver: Error while saving data: '.$e->getMessage());
+ Logger::error('casserver: Error while saving data: ' . $e->getMessage());
throw $e;
}
}
@@ -269,7 +269,7 @@ private function insertOrUpdateFallback($table, array $keys, array $data, PDOSta
$condCols = [];
foreach ($data as $col => $value) {
- $tmp = $col.' = :'.$col;
+ $tmp = $col . ' = :' . $col;
if (in_array($col, $keys, true)) {
$condCols[] = $tmp;
@@ -278,7 +278,7 @@ private function insertOrUpdateFallback($table, array $keys, array $data, PDOSta
}
}
- $updateQuery = 'UPDATE '.$table.' SET '.implode(',', $updateCols).' WHERE '.implode(' AND ', $condCols);
+ $updateQuery = 'UPDATE ' . $table . ' SET ' . implode(',', $updateCols) . ' WHERE ' . implode(' AND ', $condCols);
$updateQuery = $this->pdo->prepare($updateQuery);
$updateQuery->execute($data);
}
@@ -289,7 +289,7 @@ private function insertOrUpdateFallback($table, array $keys, array $data, PDOSta
*/
private function cleanKVStore()
{
- $query = 'DELETE FROM '.$this->prefix.'_kvstore WHERE _expire < :now';
+ $query = 'DELETE FROM ' . $this->prefix . '_kvstore WHERE _expire < :now';
$params = ['now' => gmdate('Y-m-d H:i:s')];
$query = $this->pdo->prepare($query);
@@ -309,7 +309,7 @@ private function get($key)
$key = sha1($key);
}
- $query = 'SELECT _value FROM '.$this->prefix.
+ $query = 'SELECT _value FROM ' . $this->prefix .
'_kvstore WHERE _key = :key AND (_expire IS NULL OR _expire > :now)';
$params = ['key' => $key, 'now' => gmdate('Y-m-d H:i:s')];
@@ -369,7 +369,7 @@ private function set($key, $value, $expire = null)
'_expire' => $expire,
];
- $this->insertOrUpdate($this->prefix.'_kvstore', ['_key'], $data);
+ $this->insertOrUpdate($this->prefix . '_kvstore', ['_key'], $data);
}
@@ -390,7 +390,7 @@ private function delete($key)
];
- $query = 'DELETE FROM '.$this->prefix.'_kvstore WHERE _key=:_key';
+ $query = 'DELETE FROM ' . $this->prefix . '_kvstore WHERE _key=:_key';
$query = $this->pdo->prepare($query);
$query->execute($data);
}
diff --git a/lib/Cas/TicketValidator.php b/lib/Cas/TicketValidator.php
index dd91674..a1765f4 100644
--- a/lib/Cas/TicketValidator.php
+++ b/lib/Cas/TicketValidator.php
@@ -63,8 +63,8 @@ public function validateAndDeleteTicket($ticket, $service)
$serviceTicket = $this->ticketStore->getTicket($ticket);
if ($serviceTicket == null) {
- $message = 'Ticket '.var_export($ticket, true).' not recognized';
- Logger::debug('casserver:'.$message);
+ $message = 'Ticket ' . var_export($ticket, true) . ' not recognized';
+ Logger::debug('casserver:' . $message);
throw new CasException(CasException::INVALID_TICKET, $message);
}
@@ -72,17 +72,17 @@ public function validateAndDeleteTicket($ticket, $service)
$this->ticketStore->deleteTicket($ticket);
if ($this->ticketFactory->isExpired($serviceTicket)) {
- $message = 'Ticket '.var_export($ticket, true).' has expired';
- Logger::debug('casserver:'.$message);
+ $message = 'Ticket ' . var_export($ticket, true) . ' has expired';
+ Logger::debug('casserver:' . $message);
throw new CasException(CasException::INVALID_TICKET, $message);
}
if (self::sanitize($serviceTicket['service']) !== self::sanitize($service)) {
- $message = 'Mismatching service parameters: expected '.
- var_export($serviceTicket['service'], true).
- ' but was: '.var_export($service, true);
+ $message = 'Mismatching service parameters: expected ' .
+ var_export($serviceTicket['service'], true) .
+ ' but was: ' . var_export($service, true);
- Logger::debug('casserver:'.$message);
+ Logger::debug('casserver:' . $message);
throw new CasException(CasException::INVALID_SERVICE, $message);
}
diff --git a/templates/loggedIn.php b/templates/loggedIn.php
index 172a5cb..b4330ec 100644
--- a/templates/loggedIn.php
+++ b/templates/loggedIn.php
@@ -36,5 +36,5 @@
$this->includeAtTemplateBase('includes/footer.php');
if (isset($this->data['autofocus'])) {
- echo '';
+ echo '';
}
diff --git a/templates/loggedOut.php b/templates/loggedOut.php
index 7fb22dd..09a2e84 100644
--- a/templates/loggedOut.php
+++ b/templates/loggedOut.php
@@ -33,7 +33,7 @@
data['url'])) {
- echo(''.$this->t('{casserver:casserver:continue_heading}').'');
+ echo('
' . $this->t('{casserver:casserver:continue_heading}') . '');
}
?>
@@ -42,5 +42,5 @@
$this->includeAtTemplateBase('includes/footer.php');
if (isset($this->data['autofocus'])) {
- echo '';
+ echo '';
}
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 5c1c4ab..73746a4 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -1,15 +1,15 @@
assertEquals('samlp:Success', $response->Status->StatusCode->attributes()->Value);
$this->assertEquals('localhost', $response->Assertion->attributes()->Issuer);
$this->assertEquals($serviceUrl, $response->Assertion->Conditions->AudienceRestrictionCondition->Audience);
- $attributeStatement= $response->Assertion->AttributeStatement;
+ $attributeStatement = $response->Assertion->AttributeStatement;
$this->assertEquals('saisusr', $attributeStatement->Subject->NameIdentifier);
$this->assertEquals(
'urn:oasis:names:tc:SAML:1.0:cm:artifact',
@@ -43,7 +43,7 @@ public function testSamlValidatXmlGeneration()
$asSoap = $samlValidate->wrapInSoap($xmlString);
- $soapPrefix =<<< EOF
+ $soapPrefix = <<< EOF
diff --git a/tests/lib/ServiceValidatorTest.php b/tests/lib/ServiceValidatorTest.php
index 5843568..434d2b9 100644
--- a/tests/lib/ServiceValidatorTest.php
+++ b/tests/lib/ServiceValidatorTest.php
@@ -1,16 +1,16 @@
server = new BuiltInServer();
$this->server_addr = $this->server->start();
$this->server_pid = $this->server->getPid();
- $this->shared_file = sys_get_temp_dir().'/'.$this->server_pid.'.lock';
- $this->cookies_file = sys_get_temp_dir().'/'.$this->server_pid.'.cookies';
+ $this->shared_file = sys_get_temp_dir() . '/' . $this->server_pid . '.lock';
+ $this->cookies_file = sys_get_temp_dir() . '/' . $this->server_pid . '.cookies';
}
@@ -63,7 +63,7 @@ protected function setup() : void
* Removes the lock file and cookies file
* @return void
*/
- protected function tearDown() : void
+ protected function tearDown(): void
{
@unlink($this->shared_file);
@unlink($this->cookies_file); // remove it if it exists
@@ -265,7 +265,7 @@ public function testValidServiceUrlWithPost()
// Validate the form contains the required elements
$body = $resp['body'];
- $dom = new DOMDocument;
+ $dom = new DOMDocument();
$dom->loadHTML($body);
$form = $dom->getElementsByTagName('form');
$item = $form->item(0);
@@ -407,8 +407,8 @@ private function execAndHandleCurlResponse($ch)
public function post($query, $body, $parameters = [], $curlopts = [])
{
$ch = curl_init();
- $url = 'http://'.$this->server_addr.$query;
- $url .= (!empty($parameters)) ? '?'.http_build_query($parameters) : '';
+ $url = 'http://' . $this->server_addr . $query;
+ $url .= (!empty($parameters)) ? '?' . http_build_query($parameters) : '';
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => 1,
diff --git a/tests/www/UtilsTest.php b/tests/www/UtilsTest.php
index 4ba5313..0ea2b10 100644
--- a/tests/www/UtilsTest.php
+++ b/tests/www/UtilsTest.php
@@ -1,4 +1,5 @@
$forceAuthn,
@@ -192,7 +192,11 @@
$parameters['ticket'] = $serviceTicket['id'];
$validDebugModes = ['true', 'samlValidate'];
- if (array_key_exists('debugMode',$_GET) && in_array($_GET['debugMode'], $validDebugModes) && $casconfig->getBoolean('debugMode', false)) {
+ if (
+ array_key_exists('debugMode', $_GET) &&
+ in_array($_GET['debugMode'], $validDebugModes) &&
+ $casconfig->getBoolean('debugMode', false)
+ ) {
if ($_GET['debugMode'] === 'samlValidate') {
$samlValidate = new SamlValidateResponder();
$samlResponse = $samlValidate->convertToSaml($serviceTicket);
diff --git a/www/logout.php b/www/logout.php
index 629e748..46ffd6e 100644
--- a/www/logout.php
+++ b/www/logout.php
@@ -29,7 +29,7 @@
if (!$casconfig->getValue('enable_logout', false)) {
$message = 'Logout not allowed';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
throw new \Exception($message);
}
@@ -39,7 +39,7 @@
if ($skipLogoutPage && !array_key_exists('url', $_GET)) {
$message = 'Required URL query parameter [url] not provided. (CAS Server)';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
throw new \Exception($message);
}
diff --git a/www/proxy.php b/www/proxy.php
index 39248ee..42da32c 100644
--- a/www/proxy.php
+++ b/www/proxy.php
@@ -36,7 +36,8 @@
$legal_target_service_urls = $casconfig->getValue('legal_target_service_urls', []);
-if (array_key_exists('targetService', $_GET) &&
+if (
+ array_key_exists('targetService', $_GET) &&
checkServiceURL(sanitize($_GET['targetService']), $legal_target_service_urls) && array_key_exists('pgt', $_GET)
) {
$ticketStoreConfig = $casconfig->getValue('ticketstore', ['class' => 'casserver:FileSystemTicketStore']);
@@ -53,7 +54,9 @@
if (!is_null($proxyGrantingTicket) && $ticketFactory->isProxyGrantingTicket($proxyGrantingTicket)) {
$sessionTicket = $ticketStore->getTicket($proxyGrantingTicket['sessionId']);
- if (!is_null($sessionTicket) && $ticketFactory->isSessionTicket($sessionTicket) &&
+ if (
+ !is_null($sessionTicket) &&
+ $ticketFactory->isSessionTicket($sessionTicket) &&
!$ticketFactory->isExpired($sessionTicket)
) {
$proxyTicket = $ticketFactory->createProxyTicket(
@@ -69,42 +72,42 @@
echo $protocol->getProxySuccessResponse($proxyTicket['id']);
} else {
- $message = 'Ticket '.var_export($_GET['pgt'], true).' has expired';
+ $message = 'Ticket ' . var_export($_GET['pgt'], true) . ' has expired';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('BAD_PGT', $message);
}
} elseif (!$ticketFactory->isProxyGrantingTicket($proxyGrantingTicket)) {
- $message = 'Not a valid proxy granting ticket id: '.var_export($_GET['pgt'], true);
+ $message = 'Not a valid proxy granting ticket id: ' . var_export($_GET['pgt'], true);
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('BAD_PGT', $message);
} else {
- $message = 'Ticket '.var_export($_GET['pgt'], true).' not recognized';
+ $message = 'Ticket ' . var_export($_GET['pgt'], true) . ' not recognized';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('BAD_PGT', $message);
}
} elseif (!array_key_exists('targetService', $_GET)) {
$message = 'Missing target service parameter [targetService]';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message);
} elseif (!checkServiceURL(sanitize($_GET['targetService']), $legal_target_service_urls)) {
- $message = 'Target service parameter not listed as a legal service: [targetService] = '.
+ $message = 'Target service parameter not listed as a legal service: [targetService] = ' .
var_export($_GET['targetService'], true);
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message);
} else {
$message = 'Missing proxy granting ticket parameter: [pgt]';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message);
}
diff --git a/www/samlValidate.php b/www/samlValidate.php
index 67cd68b..69793ba 100644
--- a/www/samlValidate.php
+++ b/www/samlValidate.php
@@ -1,6 +1,5 @@
isServiceTicket($serviceTicket) ||
- ($ticketFactory->isProxyTicket($serviceTicket) && $method === 'proxyValidate'))
+ if (
+ !is_null($serviceTicket) && ($ticketFactory->isServiceTicket($serviceTicket) ||
+ ($ticketFactory->isProxyTicket($serviceTicket) && $method === 'proxyValidate'))
) {
$ticketStore->deleteTicket($_GET['ticket']);
$attributes = $serviceTicket['attributes'];
- if (!$ticketFactory->isExpired($serviceTicket) &&
+ if (
+ !$ticketFactory->isExpired($serviceTicket) &&
sanitize($serviceTicket['service']) == sanitize($_GET['service']) &&
(!$forceAuthn || $serviceTicket['forceAuthn'])
) {
@@ -81,7 +83,8 @@
$pgtUrl = $_GET['pgtUrl'];
- if (!is_null($sessionTicket) && $ticketFactory->isSessionTicket($sessionTicket) &&
+ if (
+ !is_null($sessionTicket) && $ticketFactory->isSessionTicket($sessionTicket) &&
!$ticketFactory->isExpired($sessionTicket)
) {
$proxyGrantingTicket = $ticketFactory->createProxyGrantingTicket([
@@ -92,8 +95,8 @@
'sessionId' => $serviceTicket['sessionId']
]);
try {
- \SimpleSAML\Utils\HTTP::fetch($pgtUrl.'?pgtIou='.$proxyGrantingTicket['iou'].
- '&pgtId='.$proxyGrantingTicket['id']);
+ \SimpleSAML\Utils\HTTP::fetch($pgtUrl . '?pgtIou=' . $proxyGrantingTicket['iou'] .
+ '&pgtId=' . $proxyGrantingTicket['id']);
$protocol->setProxyGrantingTicketIOU($proxyGrantingTicket['iou']);
@@ -107,29 +110,29 @@
echo $protocol->getValidateSuccessResponse($serviceTicket['userName']);
} else {
if ($ticketFactory->isExpired($serviceTicket)) {
- $message = 'Ticket '.var_export($_GET['ticket'], true).' has expired';
+ $message = 'Ticket ' . var_export($_GET['ticket'], true) . ' has expired';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse('INVALID_TICKET', $message);
} else {
if (sanitize($serviceTicket['service']) != sanitize($_GET['service'])) {
- $message = 'Mismatching service parameters: expected '.
- var_export($serviceTicket['service'], true).
- ' but was: '.var_export($_GET['service'], true);
+ $message = 'Mismatching service parameters: expected ' .
+ var_export($serviceTicket['service'], true) .
+ ' but was: ' . var_export($_GET['service'], true);
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse('INVALID_SERVICE', $message);
} else {
if ($serviceTicket['forceAuthn'] != $forceAuthn) {
$message = 'Ticket was issue from single sign on session';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse('INVALID_TICKET', $message);
} else {
- \SimpleSAML\Logger::error('casserver:'.$method.': internal server error.');
+ \SimpleSAML\Logger::error('casserver:' . $method . ': internal server error.');
echo $protocol->getValidateFailureResponse('INTERNAL_ERROR', 'Unknown internal error');
}
@@ -138,9 +141,9 @@
}
} else {
if (is_null($serviceTicket)) {
- $message = 'Ticket '.var_export($_GET['ticket'], true).' not recognized';
+ $message = 'Ticket ' . var_export($_GET['ticket'], true) . ' not recognized';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse('INVALID_TICKET', $message);
} else {
@@ -150,24 +153,25 @@
* @psalm-suppress RedundantCondition
*/
if ($ticketFactory->isProxyTicket($serviceTicket) && ($method === 'serviceValidate')) {
- $message = 'Ticket '.var_export($_GET['ticket'], true).
+ $message = 'Ticket ' . var_export($_GET['ticket'], true) .
' is a proxy ticket. Use proxyValidate instead.';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse('INVALID_TICKET', $message);
} else {
- $message = 'Ticket '.var_export($_GET['ticket'], true).' is not a service ticket';
+ $message = 'Ticket ' . var_export($_GET['ticket'], true) . ' is not a service ticket';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse('INVALID_TICKET', $message);
}
}
}
} catch (\Exception $e) {
- \SimpleSAML\Logger::error('casserver:serviceValidate: internal server error. '.
- var_export($e->getMessage(), true));
+ \SimpleSAML\Logger::error(
+ 'casserver:serviceValidate: internal server error. ' . var_export($e->getMessage(), true)
+ );
echo $protocol->getValidateFailureResponse('INTERNAL_ERROR', $e->getMessage());
}
@@ -175,13 +179,13 @@
if (!array_key_exists('service', $_GET)) {
$message = 'Missing service parameter: [service]';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse('INVALID_REQUEST', $message);
} else {
$message = 'Missing ticket parameter: [ticket]';
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse('INVALID_REQUEST', $message);
}
diff --git a/www/validate.php b/www/validate.php
index 0f351a3..8257d83 100644
--- a/www/validate.php
+++ b/www/validate.php
@@ -57,7 +57,8 @@
$usernameField = $casconfig->getValue('attrname', 'eduPersonPrincipalName');
- if (!$ticketFactory->isExpired($serviceTicket) &&
+ if (
+ !$ticketFactory->isExpired($serviceTicket) &&
sanitize($serviceTicket['service']) == sanitize($_GET['service']) &&
(!$forceAuthn || $serviceTicket['forceAuthn']) &&
array_key_exists($usernameField, $serviceTicket['attributes'])
@@ -65,40 +66,40 @@
echo $protocol->getValidateSuccessResponse($serviceTicket['attributes'][$usernameField][0]);
} else {
if (!array_key_exists($usernameField, $serviceTicket['attributes'])) {
- \SimpleSAML\Logger::error('casserver:validate: internal server error. Missing user name attribute: '.
+ \SimpleSAML\Logger::error('casserver:validate: internal server error. Missing user name attribute: ' .
var_export($usernameField, true));
echo $protocol->getValidateFailureResponse();
} else {
if ($ticketFactory->isExpired($serviceTicket)) {
- $message = 'Ticket has '.var_export($_GET['ticket'], true).' expired';
+ $message = 'Ticket has ' . var_export($_GET['ticket'], true) . ' expired';
} else {
if (sanitize($serviceTicket['service']) == sanitize($_GET['service'])) {
- $message = 'Mismatching service parameters: expected '.
- var_export($serviceTicket['service'], true).
- ' but was: '.var_export($_GET['service'], true);
+ $message = 'Mismatching service parameters: expected ' .
+ var_export($serviceTicket['service'], true) .
+ ' but was: ' . var_export($_GET['service'], true);
} else {
$message = 'Ticket was issue from single sign on session';
}
}
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse();
}
}
} else {
if (is_null($serviceTicket)) {
- $message = 'ticket: '.var_export($_GET['ticket'], true).' not recognized';
+ $message = 'ticket: ' . var_export($_GET['ticket'], true) . ' not recognized';
} else {
- $message = 'ticket: '.var_export($_GET['ticket'], true).' is not a service ticket';
+ $message = 'ticket: ' . var_export($_GET['ticket'], true) . ' is not a service ticket';
}
- \SimpleSAML\Logger::debug('casserver:'.$message);
+ \SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse();
}
} catch (\Exception $e) {
- \SimpleSAML\Logger::error('casserver:validate: internal server error. '.var_export($e->getMessage(), true));
+ \SimpleSAML\Logger::error('casserver:validate: internal server error. ' . var_export($e->getMessage(), true));
echo $protocol->getValidateFailureResponse();
}
@@ -109,7 +110,7 @@
$message = 'Missing ticket parameter: [ticket]';
}
- SimpleSAML\Logger::debug('casserver:'.$message);
+ SimpleSAML\Logger::debug('casserver:' . $message);
echo $protocol->getValidateFailureResponse();
}