From f40c5df1115afa0119db75367584a56d060bdd7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@fusiondirectory.org>
Date: Mon, 15 Feb 2021 15:57:49 +0100
Subject: [PATCH] :sparkles: feat(cas) Add a verbose flag for CAS

issue #6150
---
 contrib/openldap/core-fd-conf.schema  |  8 +++++++-
 html/index.php                        | 13 +------------
 include/login/class_LoginCAS.inc      | 28 +++++++++++++++++++--------
 plugins/config/class_configInLdap.inc |  5 +++++
 4 files changed, 33 insertions(+), 21 deletions(-)

diff --git a/contrib/openldap/core-fd-conf.schema b/contrib/openldap/core-fd-conf.schema
index a27f7f722..b135d1291 100644
--- a/contrib/openldap/core-fd-conf.schema
+++ b/contrib/openldap/core-fd-conf.schema
@@ -506,6 +506,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.21.5 NAME 'fdCasContext'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE)
 
+attributetype ( 1.3.6.1.4.1.38414.8.21.6 NAME 'fdCasVerbose'
+  DESC 'FusionDirectory - CAS verbose flag'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
 # merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options
 
 attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix'
@@ -619,7 +625,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
     fdAclTabOnObjects $ fdDepartmentCategories $ fdAclTargetFilterLimit $
     fdIncrementalModifierStates $
     fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $
-    fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $
+    fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $ fdCasVerbose $
     fdLoginMethod
   ) )
 
diff --git a/html/index.php b/html/index.php
index 8e5246b76..c81288749 100644
--- a/html/index.php
+++ b/html/index.php
@@ -50,18 +50,7 @@ if (isset($_REQUEST['signout']) && $_REQUEST['signout']) {
   if (session::is_set('connected')) {
     $config = session::get('config');
     if ($config->get_cfg_value('casActivated') == 'TRUE') {
-      require_once('CAS.php');
-      /* Move FD autoload after CAS autoload */
-      spl_autoload_unregister('__fusiondirectory_autoload');
-      spl_autoload_register('__fusiondirectory_autoload');
-      phpCAS::client(
-        CAS_VERSION_2_0,
-        $config->get_cfg_value('casHost', 'localhost'),
-        (int) $config->get_cfg_value('casPort', '443'),
-        $config->get_cfg_value('casContext', '')
-      );
-      // Set the CA certificate that is the issuer of the cert
-      phpCAS::setCasServerCACert($config->get_cfg_value('casServerCaCertPath'));
+      LoginCAS::initCAS();
       phpCAS::logout();
     }
     $reason = 'Sign out';
diff --git a/include/login/class_LoginCAS.inc b/include/login/class_LoginCAS.inc
index 790425445..8160c3843 100644
--- a/include/login/class_LoginCAS.inc
+++ b/include/login/class_LoginCAS.inc
@@ -29,31 +29,43 @@ class LoginCAS extends LoginMethod
     return _('CAS');
   }
 
-  /*! \brief All login steps in the right order for CAS login */
-  static function loginProcess ()
+  /*! \brief Initialize phpCAS library */
+  static function initCAS ()
   {
-    global $config, $message, $ui;
+    global $config;
 
     require_once('CAS.php');
     /* Move FD autoload after CAS autoload */
     spl_autoload_unregister('__fusiondirectory_autoload');
     spl_autoload_register('__fusiondirectory_autoload');
 
-    static::init();
-
-    /* Reset error messages */
-    $message = '';
+    if ($config->get_cfg_value('casVerbose') == 'TRUE') {
+      phpCAS::setVerbose(TRUE);
+    }
 
     // Initialize phpCAS
     phpCAS::client(
       CAS_VERSION_2_0,
       $config->get_cfg_value('casHost', 'localhost'),
-      (int)($config->get_cfg_value('casPort', 443)),
+      (int) ($config->get_cfg_value('casPort', 443)),
       $config->get_cfg_value('casContext', '')
     );
 
     // Set the CA certificate that is the issuer of the cert
     phpCAS::setCasServerCACert($config->get_cfg_value('casServerCaCertPath'));
+  }
+
+  /*! \brief All login steps in the right order for CAS login */
+  static function loginProcess ()
+  {
+    global $config, $message, $ui;
+
+    static::init();
+
+    static::initCAS();
+
+    /* Reset error messages */
+    $message = '';
 
     // force CAS authentication
     phpCAS::forceAuthentication();
diff --git a/plugins/config/class_configInLdap.inc b/plugins/config/class_configInLdap.inc
index 8c5bac2cf..69e9dc581 100644
--- a/plugins/config/class_configInLdap.inc
+++ b/plugins/config/class_configInLdap.inc
@@ -243,6 +243,10 @@ class configInLdap extends simplePlugin
             'fdCasContext', FALSE,
             '/cas'
           ),
+          new BooleanAttribute(
+            _('Verbose error'), _('Activate verbose errors in phpCAS. Avoid in production.'),
+            'fdCasVerbose', FALSE
+          ),
         ]
       ],
       'people_and_group' => [
@@ -505,6 +509,7 @@ class configInLdap extends simplePlugin
             'fdCasHost',
             'fdCasPort',
             'fdCasContext',
+            'fdCasVerbose',
           ],
           'nonheader' => [
             'fdHttpHeaderAuthHeaderName',
-- 
GitLab