Merge branch 'auth-cas' of github.com:pitchum/EdPaste into auth-cas

Author: pitchum

.gitignore

@@ -45,3 +45,4 @@ composer.phar
 /.vscode
 composer.lock
 /.vscode
+config/cas.php

README.md

@@ -24,6 +24,7 @@ Run a `composer install`/`php composer install` (depends of your configuration)
 Rename `.env.example` to `.env` and run `php artisan key:generate` from the app's root path.
 Open `.env` and fill it with your database details
 Run `php artisan migrate` from the app's root path, and you're all done.
+Copy and adapt CAS configuration from `config/cas.example.php` to `config/cas.php`.
 
 Go to `http://your.vhost.server.com/` which leads to the DocumentRoot `/app/path/public`, and this should work !
 

app/Http/Controllers/PasteController.php

@@ -102,10 +102,13 @@ public function view($link, Request $request){
     $paste = Paste::where('link', $link)->firstOrFail();
 
     // Est-ce que l'utilisateur connecté est celui qui a écrit la paste ?
-    cas()->isAuthenticated();
-    $username = cas()->getCurrentUser();
-    $user = User::where('name', $username)->first();
-    $isSameUser = (($user->id == $paste->userId && $paste->userId != 0)) ? true : false;
+    if (cas()->isAuthenticated()) {
+      $username = cas()->getCurrentUser();
+      $user = User::where('name', $username)->first();
+      $isSameUser = (($user->id == $paste->userId && $paste->userId != 0)) ? true : false;
+    } else {
+      $isSameUser = false;
+    }
 
     // Expiration de la paste
     if($paste->expiration != 0){

app/Http/Kernel.php

@@ -49,8 +49,8 @@ class Kernel extends HttpKernel
     protected $routeMiddleware = [
         'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-	'cas.auth'  => \Subfission\Cas\Middleware\CASAuth::class,
-	'cas.guest' => \Subfission\Cas\Middleware\RedirectCASAuthenticated::class,
+        'cas.auth'  => \Subfission\Cas\Middleware\CASAuth::class,
+        'cas.guest' => \Subfission\Cas\Middleware\RedirectCASAuthenticated::class,
         'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
         'can' => \Illuminate\Auth\Middleware\Authorize::class,
         'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,

config/cas.example.php

@@ -0,0 +1,170 @@
+<?php
+return [
+    /*
+    |--------------------------------------------------------------------------
+    | CAS Hostname
+    |--------------------------------------------------------------------------
+    | Example: 'cas.myuniv.edu'.
+    */
+    'cas_hostname'        => env('CAS_HOSTNAME', 'sso.mycompany.com'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS Authorized Hosts
+    |--------------------------------------------------------------------------
+    | Example: 'cas.myuniv.edu'.  This is used when SAML is active and is
+    | recommended for protecting against DOS attacks.  If using load
+    | balanced hosts, then separate each with a comma.
+    */
+    'cas_real_hosts'      => env('CAS_REAL_HOSTS', 'sso.mycompany.com'),
+
+
+    /*
+    |--------------------------------------------------------------------------
+    | Customize CAS Session Cookie Name
+    |--------------------------------------------------------------------------
+    */
+    'cas_session_name'    => env('CAS_SESSION_NAME', 'CASAuth'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Laravel has it's own authentication sessions. Unless you want phpCAS
+    | to manage the session, leave this set to false.  Note that the
+    | middleware and redirect classes will be handling removal
+    | of the Laravel sessions when this is set to false.
+    |--------------------------------------------------------------------------
+    */
+    'cas_control_session' => env('CAS_CONTROL_SESSIONS', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Enable using this as a cas proxy
+    |--------------------------------------------------------------------------
+    */
+    'cas_proxy'           => env('CAS_PROXY', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Cas Port
+    |--------------------------------------------------------------------------
+    | Usually 443
+    */
+    'cas_port'            => env('CAS_PORT', 443),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS URI
+    |--------------------------------------------------------------------------
+    | Sometimes is /cas
+    */
+    'cas_uri'             => env('CAS_URI', '/idp/cas'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS Validation
+    |--------------------------------------------------------------------------
+    | CAS server SSL validation: 'self' for self-signed certificate, 'ca' for
+    | certificate from a CA, empty for no SSL validation.
+    |
+    | VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL
+    */
+    'cas_validation'          => env('CAS_VALIDATION', ''),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CA Certificate
+    |--------------------------------------------------------------------------
+    | Path to the CA certificate file.  For production use set
+    | the CA certificate that is the issuer of the cert
+    */
+    'cas_cert'                => env('CAS_CERT', ''),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CN Validation (if you are using CA certs)
+    |--------------------------------------------------------------------------
+    | If for some reason you want to disable validating the certificate
+    | intermediaries, here is where you can.  Recommended to leave
+    | this set with default (true).
+    */
+    'cas_validate_cn'     => env('CAS_VALIDATE_CN', true),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS Login URI
+    |--------------------------------------------------------------------------
+    | Empty is fine
+    */
+    'cas_login_url'       => env('CAS_LOGIN_URL', ''),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS Logout URI
+    |--------------------------------------------------------------------------
+    */
+    'cas_logout_url'      => env('CAS_LOGOUT_URL', 'https://sso.mycompany.com/idp/cas/logout'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS Logout Redirect Services
+    |--------------------------------------------------------------------------
+    | If your server supports redirection services, enter the redirect url
+    | in this section.  If left blank, it will default to disabled.
+    */
+    'cas_logout_redirect' => env('CAS_LOGOUT_REDIRECT', ''),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS Successful Logon Redirection Url
+    |--------------------------------------------------------------------------
+    | By default, CAS will assume that the user should be redirected to the
+    | page in which the call was initiated.  You can override this method
+    | and force the user to be redirected to a specific URL here.
+    */
+    'cas_redirect_path'   => env('CAS_REDIRECT_PATH', ''),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS Supports SAML 1.1, allowing you to retrieve more than just the
+    | user identifier.  If your CAS authentication service supports
+    | this feature, you may be able to retrieve user meta data.
+    |--------------------------------------------------------------------------
+    */
+    'cas_enable_saml'     => env('CAS_ENABLE_SAML', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CAS will support version 1.0, 2.0, 3.0 of the protocol.  It is recommended
+    | to use version 2.0, 3.0, or SAML 1.1.  If you enable SAML, then that
+    | will override this configuration.
+    |--------------------------------------------------------------------------
+    */
+    'cas_version'         => env('CAS_VERSION', "2.0"),
+    
+    /*
+    |--------------------------------------------------------------------------
+    | Enable PHPCas Debug Mode
+    | Options are:
+    | 1) true (defaults logfile creation to /tmp/phpCAS.log)
+    | 2) 'path/to/logfile'
+    | 3) false
+    |--------------------------------------------------------------------------
+    */
+    'cas_debug'           => env('CAS_DEBUG', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Enable Verbose error messages. Not recommended for production.
+    | true | false
+    |--------------------------------------------------------------------------
+    */
+    'cas_verbose_errors'  => env('CAS_VERBOSE_ERRORS', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | This will cause CAS to skip authentication and assume this user id.
+    | This should only be used for developmental purposes.  getAttributes()
+    | will return null in this condition.
+     */
+    'cas_masquerade'      => env('CAS_MASQUERADE', '')
+];

resources/views/auth/login.blade.php

@@ -4,8 +4,10 @@
 
 @section('navbar')
 <li class="nav-item"><a href="/" class="nav-link">Home</a></li>
+{{--
 <li class="nav-item active"><a href="#" class="nav-link">Login</a></li>
 <li class="nav-item"><a href="/register" class="nav-link">Register</a></li>
+--}}
 @endsection
 
 @section('content')

resources/views/auth/register.blade.php

@@ -4,8 +4,10 @@
 
 @section('navbar')
 <li class="nav-item"><a href="/" class="nav-link">Home</a></li>
+{{--
 <li class="nav-item"><a href="/login" class="nav-link">Login</a></li>
 <li class="nav-item active"><a href="#" class="nav-link">Register</a></li>
+--}}
 @endsection
 
 @section('content')

resources/views/layouts/app.blade.php

@@ -45,7 +45,7 @@
                     <ul class="nav navbar-nav">
                         &nbsp;
                     </ul>
-
+{{--
                     <!-- Right Side Of Navbar -->
                     <ul class="nav navbar-nav navbar-right">
                         <!-- Authentication Links -->
@@ -74,6 +74,7 @@
                             </li>
                         @endif
                     </ul>
+--}}
                 </div>
             </div>
         </nav>

resources/views/paste/account.blade.php

@@ -4,6 +4,7 @@
 
 @section('navbar')
 <li class="nav-item"><a href="/" class="nav-link">Home</a></li>
+{{--
 @if (Auth::check())
 <li class="nav-item"><a href="/users/dashboard" class="nav-link">Dashboard</a></li>
 <li class="nav-item active"><a href="/users/account" class="nav-link">My Account</a></li>
@@ -12,6 +13,7 @@
 <li class="nav-item"><a href="/login" class="nav-link">Login</a></li>
 <li class="nav-item"><a href="/register" class="nav-link">Register</a></li>
 @endif
+--}}
 @endsection
 
 @section('content')<div class="container">

resources/views/paste/dashboard.blade.php

@@ -4,6 +4,7 @@
 
 @section('navbar')
 <li class="nav-item"><a href="/" class="nav-link">Home</a></li>
+{{--
 @if (Auth::check())
 <li class="nav-item active"><a href="/users/dashboard" class="nav-link">Dashboard</a></li>
 <li class="nav-item"><a href="/users/account" class="nav-link">My Account</a></li>
@@ -12,6 +13,7 @@
 <li class="nav-item"><a href="/login" class="nav-link">Login</a></li>
 <li class="nav-item"><a href="/register" class="nav-link">Register</a></li>
 @endif
+--}}
 @endsection
 
 @section('script')

resources/views/paste/edit.blade.php

@@ -4,6 +4,7 @@
 
 @section('navbar')
 <li class="nav-item"><a href="/" class="nav-link">Home</a></li>
+{{--
 @if (Auth::check())
 <li class="nav-item"><a href="/users/dashboard" class="nav-link">Dashboard</a></li>
 <li class="nav-item"><a href="/users/account" class="nav-link">My Account</a></li>
@@ -12,6 +13,7 @@
 <li class="nav-item"><a href="/login" class="nav-link">Login</a></li>
 <li class="nav-item"><a href="/register" class="nav-link">Register</a></li>
 @endif
+--}}
 @endsection
 
 @section('script')

resources/views/paste/index.blade.php

@@ -4,6 +4,7 @@
 
 @section('navbar')
 <li class="nav-item active"><a href="#" class="nav-link">Home</a></li>
+{{--
 @if (Auth::check())
 <li class="nav-item"><a href="/users/dashboard" class="nav-link">Dashboard</a></li>
 <li class="nav-item"><a href="/users/account" class="nav-link">My Account</a></li>
@@ -12,6 +13,7 @@
 <li class="nav-item"><a href="/login" class="nav-link">Login</a></li>
 <li class="nav-item"><a href="/register" class="nav-link">Register</a></li>
 @endif
+--}}
 @endsection
 
 @section('script')

resources/views/paste/password.blade.php

@@ -4,6 +4,7 @@
 
 @section('navbar')
 <li class="nav-item"><a href="/" class="nav-link">Home</a></li>
+{{--
 @if (Auth::check())
 <li class="nav-item"><a href="/users/dashboard" class="nav-link">Dashboard</a></li>
 <li class="nav-item"><a href="/users/account" class="nav-link">My Account</a></li>
@@ -12,6 +13,7 @@
 <li class="nav-item"><a href="/login" class="nav-link">Login</a></li>
 <li class="nav-item"><a href="/register" class="nav-link">Register</a></li>
 @endif
+--}}
 @endsection
 
 @section('content')

resources/views/paste/view.blade.php

@@ -5,6 +5,7 @@
 
 @section('navbar')
 <li class="nav-item"><a href="/" class="nav-link">Home</a></li>
+{{--
 @if (Auth::check())
 <li class="nav-item"><a href="/users/dashboard" class="nav-link">Dashboard</a></li>
 <li class="nav-item"><a href="/users/account" class="nav-link">My Account</a></li>
@@ -13,6 +14,7 @@
 <li class="nav-item"><a href="/login" class="nav-link">Login</a></li>
 <li class="nav-item"><a href="/register" class="nav-link">Register</a></li>
 @endif
+--}}
 @endsection
 
 @section('style')