Jump to:

5539 Posts in 1738 Topics by 1224 members

Customising the CMS

SilverStripe Forums » Customising the CMS » phpCAS autologin issue

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 867 Views
  • benshu
    Avatar
    Community Member
    4 Posts

    phpCAS autologin issue Link to this post

    Hi,

    I am trying to get an automatic login to the admin panel based on a phpCAS authentifcation server.
    I have extended MemberLoginform and managed to include the CAS classes.
    I have been able to get the authentifcation from CAS and to automatically login to the front end.

    However, I can then no longer login to admin, I just get a blank page.
    The user I am using is an admin user, but it doesn't redirect to admin section, it displays the front end "you are now logged in as ...".

    any ideas what is wrong ? possibly a conflict between SS classes and the phpCAS external classes I am calling ?

    here is the content of my class:

    <?php

    //let SS know to use the new class rather than the default one for the login form
    //Object::useCustomClass('MemberLoginForm', 'CustomLoginForm');

    class CustomLoginForm extends MemberLoginForm {

       function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) {

          ////////START CASified/////////////

          //CAS required classes and configs
          include_once 'cas/config-lab.php';
          include_once 'cas/CAS.php';
          
          // Initialize phpCAS
          /* @link https://wiki.jasig.org/display/CASC/phpCAS*/
          //last param disable session handling as SS already has session running
          phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context, $start_session=false);
          
          // Uncomment to enable debugging
          //phpCAS::setDebug();
          
          // For production use set the CA certificate that is the issuer of the cert
          // on the CAS server and uncomment the line below
          // phpCAS::setCasServerCACert($cas_server_ca_cert_path);

          // For quick testing you can disable SSL validation of the CAS server.
          // THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
          // VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
          phpCAS::setNoCasServerValidation();
          
          // force CAS authentication
          phpCAS::forceAuthentication();      
          
          // at this step, the user has been authenticated by the CAS server
          // and the user's login name can be read with phpCAS::getUser().
          
          $CASusername = phpCAS::getUser();
          
          ///////////END CASified////////////////
          
          // This is now set on the class directly to make it easier to create subclasses
          // $this->authenticator_class = $authenticatorClassName;

          $customCSS = project() . '/css/member_login.css';
          if(Director::fileExists($customCSS)) {
             Requirements::css($customCSS);
          }
          
          if(isset($_REQUEST['BackURL'])) {
             $backURL = $_REQUEST['BackURL'];
          } else {
             $backURL = Session::get('BackURL');
          }

          if($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
             $fields = new FieldSet(
                new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)
             );
             $actions = new FieldSet(
                new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
             );
          } else {
                      
             if($CASusername == 'mycasusername') {
             //CAS authentified
             
             $emailAddress='myemail';
             $password='mypassword';
                
                $member = false;
                
                $emailAddress = Convert::raw2sql($emailAddress);
                $password = Convert::raw2sql($password);
                
                $member = MemberAuthenticator::authenticate(array(
                   'Email' => $emailAddress,
                   'Password' => $password
                ));

                if ($member) {
                   $member->logIn();
                }
             
             }
             else {
             //else regular login form
           //new TextareaField( name, title, rows, cols, value, form)
          
                if(!$fields) {
                   $label=singleton('Member')->fieldLabel(Member::get_unique_identifier_field());
                   $fields = new FieldSet(
                      new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this),
                      //Regardless of what the unique identifer field is (usually 'Email'), it will be held in the 'Email' value, below:
                      new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this),
                      new PasswordField("Password", _t('Member.PASSWORD', 'Password'))
                   );
                   if(Security::$autologin_enabled) {
                      $fields->push(new CheckboxField(
                         "Remember",
                         _t('Member.REMEMBERME', "Remember me next time?")
                      ));
                   }
                }
                if(!$actions) {
                   $actions = new FieldSet(
                      new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")),
                      new LiteralField(
                         'forgotPassword',
                         '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'
                      )
                   );
                }
             
             }
             
          }

          if(isset($backURL)) {
             $fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
          }

          parent::__construct($controller, $name, $fields, $actions);

          // Focus on the email input when the page is loaded
          // Only include this if other form JS validation is enabled
          if($this->getValidator()->getJavascriptValidationHandler() != 'none') {
             Requirements::customScript(<<<JS
                (function() {
                   var el = document.getElementById("MemberLoginForm_LoginForm_Email");
                   if(el && el.focus) el.focus();
                })();
    JS
             );
          }
       }
       

    }

    thanks

    867 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.