/usr/share/perl5/Jifty/Plugin/Authentication/CAS/Action/CASLogin.pm is in libjifty-plugin-authentication-cas-perl 1.00-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 | use warnings;
use strict;
=head1 NAME
Jifty::Plugin::Authentication::CAS::Action::CASLogin - process CAS login plugin
=cut
package Jifty::Plugin::Authentication::CAS::Action::CASLogin;
use base qw/Jifty::Action/;
=head2 arguments
Return the ticket form field
=cut
sub arguments {
return (
{
ticket => {
label => 'cas ticket',
ajax_validates => 1,
},
}
);
}
=head2 validate_ticket ST
for ajax_validates
Makes sure that the ticket submitted is legal.
=cut
sub validate_ticket {
my $self = shift;
my $ticket = shift;
if ( $ticket && $ticket !~ /^[A-Za-z0-9-]+$/ ) {
return $self->validation_error(
ticket => _("That doesn't look like a valid ticket.") );
}
return $self->validation_ok('ticket');
}
=head2 take_action
Actually check the user's password. If it's right, log them in.
Otherwise, throw an error.
=cut
sub take_action {
my $self = shift;
my $ticket = $self->argument_value('ticket');
my ($plugin) = Jifty->find_plugin('Jifty::Plugin::Authentication::CAS');
# my $service_url = ($ENV{SERVER_PORT} == 443)?'https://':'http://'.
# $ENV{HTTP_HOST}.'/caslogin';
my $service_url = Jifty->web->url.'/caslogin';
if ( Jifty->web->request->continuation ) {
$service_url .= '?J:C='.Jifty->web->request->continuation_id;
};
if (! $ticket) {
my $login_url = $plugin->CAS->login_url( $service_url );
Jifty->web->_redirect($login_url);
return 1;
}
my $r = $plugin->CAS->service_validate($service_url,$ticket);
my $username;
if ($r->is_success) {
$username = $r->user();
}
else {
Jifty->log->info("CAS error: $ticket $username");
return;
};
my ($name,$email);
#TODO add a ldap conf to find name and email
$email = $username.'@'.$plugin->domain() if ($plugin->domain());
# Load up the user
my $current_user = Jifty->app_class('CurrentUser');
my $user = ($email) ? $current_user->new( email => $email) # load by email to mix authentication
: $current_user->new( cas_id => $username ); # else load by cas_id
# Autocreate the user if necessary
if ( not $user->id ) {
my $action = Jifty->web->new_action(
class => 'CreateUser',
current_user => $current_user->superuser,
arguments => {
cas_id => $username
}
);
$action->run;
if ( not $action->result->success ) {
# Should this be less "friendly"?
$self->result->error(_("Sorry, something weird happened (we couldn't create a user for you). Try again later."));
return;
}
$user = $current_user->new( cas_id => $username );
}
my $u = $user->user_object;
# Update, just in case
$u->__set( column => 'cas_id', value => $username ) if (!$u->cas_id);
$u->__set( column => 'name', value => $username ) if (!$u->name);
$u->__set( column => 'name', value => $name ) if ($name);
$u->__set( column => 'email', value => $email ) if ($email);
# Actually do the signin thing.
Jifty->web->current_user( $user );
Jifty->web->session->set_cookie;
# Success!
$self->report_success;
return 1;
};
=head2 report_success
=cut
sub report_success {
my $self = shift;
$self->result->message(_("Hi %1!", Jifty->web->current_user->user_object->name ));
};
1;
|