Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Customising the CMS /

phpCAS autologin issue


Reply


983 Views

Avatar
benshu

Community Member, 4 Posts

4 April 2012 at 1:39am

Hi,

I am trying to get an automatic login to the admin panel based on a phpCAS authentifcation server.
I have extended MemberLoginform and managed to include the CAS classes.
I have been able to get the authentifcation from CAS and to automatically login to the front end.

However, I can then no longer login to admin, I just get a blank page.
The user I am using is an admin user, but it doesn't redirect to admin section, it displays the front end "you are now logged in as ...".

any ideas what is wrong ? possibly a conflict between SS classes and the phpCAS external classes I am calling ?

here is the content of my class:

<?php

//let SS know to use the new class rather than the default one for the login form
//Object::useCustomClass('MemberLoginForm', 'CustomLoginForm');

class CustomLoginForm extends MemberLoginForm {

   function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) {

      ////////START CASified/////////////

      //CAS required classes and configs
      include_once 'cas/config-lab.php';
      include_once 'cas/CAS.php';
      
      // Initialize phpCAS
      /* @link https://wiki.jasig.org/display/CASC/phpCAS*/
      //last param disable session handling as SS already has session running
      phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context, $start_session=false);
      
      // Uncomment to enable debugging
      //phpCAS::setDebug();
      
      // For production use set the CA certificate that is the issuer of the cert
      // on the CAS server and uncomment the line below
      // phpCAS::setCasServerCACert($cas_server_ca_cert_path);

      // For quick testing you can disable SSL validation of the CAS server.
      // THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
      // VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
      phpCAS::setNoCasServerValidation();
      
      // force CAS authentication
      phpCAS::forceAuthentication();      
      
      // at this step, the user has been authenticated by the CAS server
      // and the user's login name can be read with phpCAS::getUser().
      
      $CASusername = phpCAS::getUser();
      
      ///////////END CASified////////////////
      
      // This is now set on the class directly to make it easier to create subclasses
      // $this->authenticator_class = $authenticatorClassName;

      $customCSS = project() . '/css/member_login.css';
      if(Director::fileExists($customCSS)) {
         Requirements::css($customCSS);
      }
      
      if(isset($_REQUEST['BackURL'])) {
         $backURL = $_REQUEST['BackURL'];
      } else {
         $backURL = Session::get('BackURL');
      }

      if($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
         $fields = new FieldSet(
            new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)
         );
         $actions = new FieldSet(
            new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
         );
      } else {
                  
         if($CASusername == 'mycasusername') {
         //CAS authentified
         
         $emailAddress='myemail';
         $password='mypassword';
            
            $member = false;
            
            $emailAddress = Convert::raw2sql($emailAddress);
            $password = Convert::raw2sql($password);
            
            $member = MemberAuthenticator::authenticate(array(
               'Email' => $emailAddress,
               'Password' => $password
            ));

            if ($member) {
               $member->logIn();
            }
         
         }
         else {
         //else regular login form
       //new TextareaField( name, title, rows, cols, value, form)
      
            if(!$fields) {
               $label=singleton('Member')->fieldLabel(Member::get_unique_identifier_field());
               $fields = new FieldSet(
                  new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this),
                  //Regardless of what the unique identifer field is (usually 'Email'), it will be held in the 'Email' value, below:
                  new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this),
                  new PasswordField("Password", _t('Member.PASSWORD', 'Password'))
               );
               if(Security::$autologin_enabled) {
                  $fields->push(new CheckboxField(
                     "Remember",
                     _t('Member.REMEMBERME', "Remember me next time?")
                  ));
               }
            }
            if(!$actions) {
               $actions = new FieldSet(
                  new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")),
                  new LiteralField(
                     'forgotPassword',
                     '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'
                  )
               );
            }
         
         }
         
      }

      if(isset($backURL)) {
         $fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
      }

      parent::__construct($controller, $name, $fields, $actions);

      // Focus on the email input when the page is loaded
      // Only include this if other form JS validation is enabled
      if($this->getValidator()->getJavascriptValidationHandler() != 'none') {
         Requirements::customScript(<<<JS
            (function() {
               var el = document.getElementById("MemberLoginForm_LoginForm_Email");
               if(el && el.focus) el.focus();
            })();
JS
         );
      }
   }
   

}

thanks