feat(cas) Add a verbose flag for CAS

issue #6150

contrib/openldap/core-fd-conf.schema

@@ -506,6 +506,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.21.5 NAME 'fdCasContext'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE)
 
+attributetype ( 1.3.6.1.4.1.38414.8.21.6 NAME 'fdCasVerbose'
+  DESC 'FusionDirectory - CAS verbose flag'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
 # merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options
 
 attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix'
@@ -619,7 +625,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
     fdAclTabOnObjects $ fdDepartmentCategories $ fdAclTargetFilterLimit $
     fdIncrementalModifierStates $
     fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $
-    fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $
+    fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $ fdCasVerbose $
     fdLoginMethod
   ) )
 

html/index.php

@@ -50,18 +50,7 @@ if (isset($_REQUEST['signout']) && $_REQUEST['signout']) {
   if (session::is_set('connected')) {
     $config = session::get('config');
     if ($config->get_cfg_value('casActivated') == 'TRUE') {
-      require_once('CAS.php');
-      /* Move FD autoload after CAS autoload */
-      spl_autoload_unregister('__fusiondirectory_autoload');
-      spl_autoload_register('__fusiondirectory_autoload');
-      phpCAS::client(
-        CAS_VERSION_2_0,
-        $config->get_cfg_value('casHost', 'localhost'),
-        (int) $config->get_cfg_value('casPort', '443'),
-        $config->get_cfg_value('casContext', '')
-      );
-      // Set the CA certificate that is the issuer of the cert
-      phpCAS::setCasServerCACert($config->get_cfg_value('casServerCaCertPath'));
+      LoginCAS::initCAS();
       phpCAS::logout();
     }
     $reason = 'Sign out';

include/login/class_LoginCAS.inc

@@ -29,31 +29,43 @@ class LoginCAS extends LoginMethod
     return _('CAS');
   }
 
-  /*! \brief All login steps in the right order for CAS login */
-  static function loginProcess ()
+  /*! \brief Initialize phpCAS library */
+  static function initCAS ()
   {
-    global $config, $message, $ui;
+    global $config;
 
     require_once('CAS.php');
     /* Move FD autoload after CAS autoload */
     spl_autoload_unregister('__fusiondirectory_autoload');
     spl_autoload_register('__fusiondirectory_autoload');
 
-    static::init();
-
-    /* Reset error messages */
-    $message = '';
+    if ($config->get_cfg_value('casVerbose') == 'TRUE') {
+      phpCAS::setVerbose(TRUE);
+    }
 
     // Initialize phpCAS
     phpCAS::client(
       CAS_VERSION_2_0,
       $config->get_cfg_value('casHost', 'localhost'),
-      (int)($config->get_cfg_value('casPort', 443)),
+      (int) ($config->get_cfg_value('casPort', 443)),
       $config->get_cfg_value('casContext', '')
     );
 
     // Set the CA certificate that is the issuer of the cert
     phpCAS::setCasServerCACert($config->get_cfg_value('casServerCaCertPath'));
+  }
+
+  /*! \brief All login steps in the right order for CAS login */
+  static function loginProcess ()
+  {
+    global $config, $message, $ui;
+
+    static::init();
+
+    static::initCAS();
+
+    /* Reset error messages */
+    $message = '';
 
     // force CAS authentication
     phpCAS::forceAuthentication();

plugins/config/class_configInLdap.inc

@@ -243,6 +243,10 @@ class configInLdap extends simplePlugin
             'fdCasContext', FALSE,
             '/cas'
           ),
+          new BooleanAttribute(
+            _('Verbose error'), _('Activate verbose errors in phpCAS. Avoid in production.'),
+            'fdCasVerbose', FALSE
+          ),
         ]
       ],
       'people_and_group' => [
@@ -505,6 +509,7 @@ class configInLdap extends simplePlugin
             'fdCasHost',
             'fdCasPort',
             'fdCasContext',
+            'fdCasVerbose',
           ],
           'nonheader' => [
             'fdHttpHeaderAuthHeaderName',