class CasForcedAuthSubscriber in CAS 2.x
Event subscriber for implementing CAS forced authentication.
Hierarchy
- class \Drupal\Core\EventSubscriber\HttpExceptionSubscriberBase implements \Symfony\Component\EventDispatcher\EventSubscriberInterface
- class \Drupal\cas\Subscriber\CasForcedAuthSubscriber
Expanded class hierarchy of CasForcedAuthSubscriber
1 string reference to 'CasForcedAuthSubscriber'
1 service uses CasForcedAuthSubscriber
File
- src/
Subscriber/ CasForcedAuthSubscriber.php, line 22
Namespace
Drupal\cas\SubscriberView source
class CasForcedAuthSubscriber extends HttpExceptionSubscriberBase {
/**
* Route matcher object.
*
* @var \Drupal\Core\Routing\RouteMatchInterface
*/
protected $routeMatcher;
/**
* The config factory.
*
* @var \Drupal\Core\Config\ConfigFactoryInterface
*/
protected $configFactory;
/**
* The current user service.
*
* @var \Drupal\Core\Session\AccountInterface
*/
protected $currentUser;
/**
* Condition manager.
*
* @var \Drupal\Core\Condition\ConditionManager
*/
protected $conditionManager;
/**
* CAS helper.
*
* @var \Drupal\cas\Service\CasHelper
*/
protected $casHelper;
/**
* CasRedirector.
*
* @var \Drupal\cas\Service\CasRedirector
*/
protected $casRedirector;
/**
* Is forced login configuration setting enabled.
*
* @var bool
*/
protected $forcedLoginEnabled = FALSE;
/**
* Paths to check for forced login.
*
* @var array
*/
protected $forcedLoginPaths = [];
/**
* Constructs a new CasSubscriber.
*
* @param \Drupal\Core\Routing\RouteMatchInterface $route_matcher
* The route matcher.
* @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
* The config factory.
* @param \Drupal\Core\Session\AccountInterface $current_user
* The current user.
* @param \Drupal\Core\Condition\ConditionManager $condition_manager
* The condition manager.
* @param \Drupal\cas\Service\CasHelper $cas_helper
* The CAS Helper service.
* @param \Drupal\cas\Service\CasRedirector $cas_redirector
* The CAS Redirector Service.
*/
public function __construct(RouteMatchInterface $route_matcher, ConfigFactoryInterface $config_factory, AccountInterface $current_user, ConditionManager $condition_manager, CasHelper $cas_helper, CasRedirector $cas_redirector) {
$this->routeMatcher = $route_matcher;
$this->configFactory = $config_factory;
$this->currentUser = $current_user;
$this->conditionManager = $condition_manager;
$this->casHelper = $cas_helper;
$this->casRedirector = $cas_redirector;
$settings = $this->configFactory
->get('cas.settings');
$this->forcedLoginPaths = $settings
->get('forced_login.paths');
$this->forcedLoginEnabled = $settings
->get('forced_login.enabled');
}
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents() {
// Run before DynamicPageCacheSubscriber (27) and
// CasGatewayAuthSubscriber (28)
// but after important services like RouterListener (32) and
// MaintenanceModeSubscriber (30)
$events[KernelEvents::REQUEST][] = [
'onRequest',
29,
];
$events[KernelEvents::EXCEPTION][] = [
'onException',
0,
];
return $events;
}
/**
* Respond to kernel request set forced auth redirect response.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The event.
*/
public function onRequest(GetResponseEvent $event) {
// Don't do anything if this is a sub request and not a master request.
if ($event
->getRequestType() != HttpKernelInterface::MASTER_REQUEST) {
return;
}
// Some routes we don't want to run on.
$current_route = $this->routeMatcher
->getRouteName();
if (in_array($current_route, CasHelper::IGNOREABLE_AUTO_LOGIN_ROUTES)) {
return;
}
// Only care about anonymous users.
if ($this->currentUser
->isAuthenticated()) {
return;
}
if (!$this->forcedLoginEnabled) {
return;
}
// Check if user provided specific paths to force/not force a login.
$condition = $this->conditionManager
->createInstance('request_path');
$condition
->setConfiguration($this->forcedLoginPaths);
if (!$this->conditionManager
->execute($condition)) {
return;
}
$this->casHelper
->log(LogLevel::DEBUG, 'Initializing forced login auth from CasSubscriber.');
// Start constructing the URL redirect to CAS for forced auth.
// Add the current path to the service URL as the 'destination' param,
// so that when the ServiceController eventually processess the login,
// it knows to return the user back here.
$request = $event
->getRequest();
$currentPath = str_replace($request
->getSchemeAndHttpHost(), '', $request
->getUri());
$redirectData = new CasRedirectData([
'destination' => $currentPath,
]);
$response = $this->casRedirector
->buildRedirectResponse($redirectData);
if ($response) {
$event
->setResponse($response);
// If there's a 'destination' parameter set on the current request,
// remove it, otherwise Drupal's RedirectResponseSubscriber will send
// users to that location instead of to our CAS server.
$request->query
->remove('destination');
}
}
/**
* {@inheritdoc}
*/
protected function getHandledFormats() {
return [
'html',
];
}
/**
* Handle 403 errors.
*
* Other request subscribers with a higher priority may intercept the request
* and return a 403 before our request subscriber can handle it. In those
* instances we handle the forced login redirect if applicable here instead,
* using an exception subscriber.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent $event
* The event to process.
*/
public function on403(GetResponseForExceptionEvent $event) {
$this
->onRequest($event);
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
CasForcedAuthSubscriber:: |
protected | property | CAS helper. | |
CasForcedAuthSubscriber:: |
protected | property | CasRedirector. | |
CasForcedAuthSubscriber:: |
protected | property | Condition manager. | |
CasForcedAuthSubscriber:: |
protected | property | The config factory. | |
CasForcedAuthSubscriber:: |
protected | property | The current user service. | |
CasForcedAuthSubscriber:: |
protected | property | Is forced login configuration setting enabled. | |
CasForcedAuthSubscriber:: |
protected | property | Paths to check for forced login. | |
CasForcedAuthSubscriber:: |
protected | property | Route matcher object. | |
CasForcedAuthSubscriber:: |
protected | function |
Specifies the request formats this subscriber will respond to. Overrides HttpExceptionSubscriberBase:: |
|
CasForcedAuthSubscriber:: |
public static | function |
Registers the methods in this class that should be listeners. Overrides HttpExceptionSubscriberBase:: |
|
CasForcedAuthSubscriber:: |
public | function | Handle 403 errors. | |
CasForcedAuthSubscriber:: |
public | function | Respond to kernel request set forced auth redirect response. | |
CasForcedAuthSubscriber:: |
public | function | Constructs a new CasSubscriber. | |
HttpExceptionSubscriberBase:: |
protected static | function | Specifies the priority of all listeners in this class. | 5 |
HttpExceptionSubscriberBase:: |
public | function | Handles errors for this subscriber. | 1 |