You are here

public function CasSubscriber::handle in CAS 8

The entry point for our subscriber.

Parameters

\Symfony\Component\HttpKernel\Event\GetResponseEvent $event: The response event from the kernel.

File

src/Subscriber/CasSubscriber.php, line 153

Class

CasSubscriber
Provides a CasSubscriber.

Namespace

Drupal\cas\Subscriber

Code

public function handle(GetResponseEvent $event) {

  // Don't do anything if this is a sub request and not a master request.
  if ($event
    ->getRequestType() != HttpKernelInterface::MASTER_REQUEST) {
    return;
  }

  // Some routes we don't want to run on.
  if ($this
    ->isIgnoreableRoute()) {
    return;
  }

  // The service controller may have indicated that this current request
  // should not be automatically sent to CAS for authentication checking.
  // This is to prevent infinite redirect loops.
  $current_request = $this->requestStack
    ->getCurrentRequest();
  $session = $current_request
    ->getSession();
  if ($session && $session
    ->has('cas_temp_disable_auto_auth')) {
    $session
      ->remove('cas_temp_disable_auto_auth');
    $this->casHelper
      ->log(LogLevel::DEBUG, "Temp disable flag set, skipping CAS subscriber.");
    return;
  }

  // Add the current path to the service URL as the 'destination' param,
  // so that when the ServiceController eventually processess the login,
  // it knows to return the user back here.
  $current_uri = $current_request
    ->getUri();
  $current_scheme_and_host = $current_request
    ->getSchemeAndHttpHost();
  $current_path = str_replace($current_scheme_and_host, '', $current_uri);
  $redirect_data = new CasRedirectData([
    'destination' => $current_path,
  ]);

  // Nothing to do if the user is already logged in.
  if ($this->currentUser
    ->isAuthenticated()) {
    $redirect_data
      ->preventRedirection();
  }
  else {

    // Default assumption is that we don't want to redirect unless page
    // critera matches.
    $redirect_data
      ->preventRedirection();

    // Check to see if we should initiate a gateway auth check.
    if ($this
      ->handleGateway()) {
      $redirect_data
        ->setParameter('gateway', 'true');
      $this->casHelper
        ->log(LogLevel::DEBUG, 'Initializing gateway auth from CasSubscriber.');
      $redirect_data
        ->forceRedirection();
    }

    // Check to see if we should require a forced login.
    if ($this
      ->handleForcedPath()) {
      $this->casHelper
        ->log(LogLevel::DEBUG, 'Initializing forced login auth from CasSubscriber.');
      $redirect_data
        ->setParameter('gateway', NULL);
      $redirect_data
        ->setIsCacheable(TRUE);
      $redirect_data
        ->forceRedirection();
    }
  }

  // If we're still going to redirect, lets do it.
  $response = $this->casRedirector
    ->buildRedirectResponse($redirect_data);
  if ($response) {
    $event
      ->setResponse($response);

    // If there's a 'destination' parameter set on the current request,
    // remove it, otherwise Drupal's RedirectResponseSubscriber will send
    // users to that location instead of to our CAS server.
    $current_request->query
      ->remove('destination');
  }
}