From 8e5deafe5a7acc023ab6a6477691f6d9496018db Mon Sep 17 00:00:00 2001
From: dperonnet <damien.peronnet@recia.fr>
Date: Fri, 6 Nov 2015 13:54:59 +0100
Subject: [PATCH] adapting usercas to a cas managed session

Don't forget to configure in general config (config.php) the property 'casRealHosts' as array.
This property is needed when using plugin server_session_manager to manage the CAS global logout request and it represents the "real" hosts of clustered cas server that send SAML logout messages.
Assumes the cas server is load balanced across multiple hosts
---
 appinfo/app.php | 15 +++++++++++----
 user_cas.php    | 18 +++++++++++++++---
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/appinfo/app.php b/appinfo/app.php
index cf064fe..cb1610d 100644
--- a/appinfo/app.php
+++ b/appinfo/app.php
@@ -27,6 +27,8 @@
 
 if (OCP\App::isEnabled('user_cas')) {
 
+	$CAS_DIR = OCP\Config::getSystemValue ( 'cas_dir', 'error' );
+
 	require_once 'user_cas/user_cas.php';
 
 	OCP\App::registerAdmin('user_cas', 'settings');
@@ -39,8 +41,13 @@
 	OCP\Util::connectHook('OC_User', 'post_login', 'OC_USER_CAS_Hooks', 'post_login');
 	OCP\Util::connectHook('OC_User', 'logout', 'OC_USER_CAS_Hooks', 'logout');
 
-	$force_login = shouldEnforceAuthentication();
-
+	// check if session is managed by cas or not
+	$isSessionManagedByCas = \OCP\App::isEnabled ( 'server_session_manager' );
+	$force_login=false;
+	
+	if(!$isSessionManagedByCas){
+		$force_login = shouldEnforceAuthentication();
+	}
 	if( (isset($_GET['app']) && $_GET['app'] == 'user_cas') || $force_login ) {
 
 		if (OC_USER_CAS :: initialized_php_cas()) {
@@ -62,8 +69,8 @@
 		OC_Util::redirectToDefaultPage();
 	}
 
-
-	if (!phpCAS::isAuthenticated() && !OCP\User::isLoggedIn()) {
+ 
+ 	if (!phpCAS::isAuthenticated() && !OCP\User::isLoggedIn() && !$isSessionManagedByCas) {
 
 		// Load js code in order to render the CAS link and to hide parts of the normal login form
 		OCP\Util::addScript('user_cas', 'login');
diff --git a/user_cas.php b/user_cas.php
index e227f60..5523f5e 100644
--- a/user_cas.php
+++ b/user_cas.php
@@ -56,8 +56,7 @@ public function __construct() {
 		$this->protectedGroups = explode (',', str_replace(' ', '', OCP\Config::getAppValue('user_cas', 'cas_protected_groups', '')));
 		$this->mailMapping = OCP\Config::getAppValue('user_cas', 'cas_email_mapping', '');
 		$this->displayNameMapping = OCP\Config::getAppValue('user_cas', 'cas_displayName_mapping', '');
-		$this->groupMapping = OCP\Config::getAppValue('user_cas', 'cas_group_mapping', '');
-
+		$this->groupMapping = OCP\Config::getAppValue('user_cas', 'cas_group_mapping', '');	
 		self :: initialized_php_cas();
 	}
 
@@ -84,15 +83,28 @@ public static function initialized_php_cas() {
 			if ($casDebugFile !== '') {
 				phpCAS::setDebug($casDebugFile);
 			}
-			phpCAS::client($casVersion,$casHostname,(int)$casPort,$casPath,false);
+			/**
+			 * IMPORTANT @author:mcisse:
+			 * PHP_CAS DOIT S'OCCUPER DE L'INITIALISATION DE LA SESSION SI ON VEUT QUE LE GLOBAL LOGOUT FONCTIONNE
+			 */
+			$isSessionManagedByCas = \OCP\App::isEnabled ( 'server_session_manager' );
+			phpCAS::client($casVersion,$casHostname,(int)$casPort,$casPath,$isSessionManagedByCas);
 			if(!empty($casCertPath)) {
 				phpCAS::setCasServerCACert($casCertPath);
 			}
 			else {
 				phpCAS::setNoCasServerValidation();
 			}
+			// Les hosts sont definies dans la config generale d'owncloud /config/config.php  
+			$casRealHosts = OCP\Config::getSystemValue ('casRealHosts', array());
+			/**
+			 * IMPORTANT @author:mcisse:
+			 * PHP_CAS DOIT S'OCCUPER DE LA DESTRUCTION DE LA SESSION SI ON VEUT QUE LE GLOBAL LOGOUT FONCTIONNE
+			 */
+			phpCAS::handleLogoutRequests ( $isSessionManagedByCas, $casRealHosts );
 			self :: $_initialized_php_cas = true;
 		}
+		
 		return self :: $_initialized_php_cas;
 	}