Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Customising the CMS /

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba

phpCAS autologin issue


Go to End
Reply


1178 Views

Avatar
benshu

Community Member, 4 Posts

4 April 2012 at 1:39am

Hi,

I am trying to get an automatic login to the admin panel based on a phpCAS authentifcation server.
I have extended MemberLoginform and managed to include the CAS classes.
I have been able to get the authentifcation from CAS and to automatically login to the front end.

However, I can then no longer login to admin, I just get a blank page.
The user I am using is an admin user, but it doesn't redirect to admin section, it displays the front end "you are now logged in as ...".

any ideas what is wrong ? possibly a conflict between SS classes and the phpCAS external classes I am calling ?

here is the content of my class:


<?php

//let SS know to use the new class rather than the default one for the login form
//Object::useCustomClass('MemberLoginForm', 'CustomLoginForm');

class CustomLoginForm extends MemberLoginForm {

   	function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) {

		////////START CASified/////////////

		//CAS required classes and configs
		include_once 'cas/config-lab.php';
		include_once 'cas/CAS.php';
		
		// Initialize phpCAS
		/* @link https://wiki.jasig.org/display/CASC/phpCAS*/
		//last param disable session handling as SS already has session running
		phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context, $start_session=false);
		
		// Uncomment to enable debugging
		//phpCAS::setDebug();
		
		// For production use set the CA certificate that is the issuer of the cert
		// on the CAS server and uncomment the line below
		// phpCAS::setCasServerCACert($cas_server_ca_cert_path);

		// For quick testing you can disable SSL validation of the CAS server.
		// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
		// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
		phpCAS::setNoCasServerValidation();
		
		// force CAS authentication
		phpCAS::forceAuthentication();		
		
		// at this step, the user has been authenticated by the CAS server
		// and the user's login name can be read with phpCAS::getUser().
		
		$CASusername = phpCAS::getUser();
		
		///////////END CASified////////////////
		
		// This is now set on the class directly to make it easier to create subclasses
		// $this->authenticator_class = $authenticatorClassName;

		$customCSS = project() . '/css/member_login.css';
		if(Director::fileExists($customCSS)) {
			Requirements::css($customCSS);
		}
		
		if(isset($_REQUEST['BackURL'])) {
			$backURL = $_REQUEST['BackURL'];
		} else {
			$backURL = Session::get('BackURL');
		}

		if($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
			$fields = new FieldSet(
				new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)
			);
			$actions = new FieldSet(
				new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
			);
		} else {
						
			if($CASusername == 'mycasusername') {
			//CAS authentified
			
			$emailAddress='myemail';
			$password='mypassword';
				
				$member = false;
				
				$emailAddress = Convert::raw2sql($emailAddress);
				$password     = Convert::raw2sql($password);
				
				$member = MemberAuthenticator::authenticate(array(
					'Email'    => $emailAddress,
					'Password' => $password
				));

				if ($member) {
					$member->logIn();
				}
			
			}
			else {
			//else regular login form
		   //new TextareaField( name, title, rows, cols, value, form) 
		
				if(!$fields) {
					$label=singleton('Member')->fieldLabel(Member::get_unique_identifier_field());
					$fields = new FieldSet(
						new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this),
						//Regardless of what the unique identifer field is (usually 'Email'), it will be held in the 'Email' value, below:
						new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this),
						new PasswordField("Password", _t('Member.PASSWORD', 'Password'))
					);
					if(Security::$autologin_enabled) {
						$fields->push(new CheckboxField(
							"Remember", 
							_t('Member.REMEMBERME', "Remember me next time?")
						));
					}
				}
				if(!$actions) {
					$actions = new FieldSet(
						new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")),
						new LiteralField(
							'forgotPassword',
							'<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'
						)
					);
				}
			
			}
			
		}

		if(isset($backURL)) {
			$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
		}

		parent::__construct($controller, $name, $fields, $actions);

		// Focus on the email input when the page is loaded
		// Only include this if other form JS validation is enabled
		if($this->getValidator()->getJavascriptValidationHandler() != 'none') {
			Requirements::customScript(<<<JS
				(function() {
					var el = document.getElementById("MemberLoginForm_LoginForm_Email");
					if(el && el.focus) el.focus(); 
				})();
JS
			);
		}
	}
	   

}


thanks