# --
# Kernel/System/Auth/CAS.pm - provides the $ENV authentication
# Authentication
# Copyright (C) 2001-2009 OTRS AG, http://otrs.org/
# --
# $Id: HTTPBasicAuth.pm,v 1.15 2009/09/22 15:16:05 mb Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# If you use this module, you should use as fallback the following
# config settings:
#
# If use isn't login through apache ($ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER})
# $Self->{CustomerPanelLoginURL} = 'http://host.example.com/not-authorised-for-otrs.html';
#
# $Self->{CustomerPanelLogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';
# --

package Kernel::System::CustomerAuth::CAS;

use strict;
use warnings;
use CGI;
use AuthCAS;
use CGI;
use CGI::Carp qw( fatalsToBrowser );

#use CGI ':standard';

use vars qw($VERSION);
$VERSION = qw($Revision: 1.15 $) [1];

sub new {
	my ( $Type, %Param ) = @_;

	# allocate new hash for object
	my $Self = {};
	bless( $Self, $Type );

	# check needed objects
	for (qw(LogObject ConfigObject DBObject)) {
		$Self->{$_} = $Param{$_} || die "No $_!";
	}

	# Debug 0=off 1=on
	$Self->{Debug} = 1;

	$Self->{Count} = $Param{Count} || '';
	
	$Self->{LogObject}->Log(
	    Priority => 'error',
	    Message => "CAS.pm",
	);

	return $Self;
}
sub GetOption {
	my ( $Self, %Param ) = @_;

	# check needed stuff
	if ( !$Param{What} ) {
		$Self->{LogObject}->Log( Priority => 'error', Message => "Need What!" );
		return;
	}

	# module options
	my %Option = ( PreAuth => 1, );

	# return option
	return $Option{ $Param{What} };
}

sub Auth {
	my ( $Self, %Param ) = @_;
	my $QueryString = $ENV{"QUERY_STRING"} || '';

	my $cas =
	  new AuthCAS( casUrl =>
		  $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::CASUrl'),
		  CAFile => '/opt/otrs/sandbox.crt.cer' );
	my $app_url =
	  $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::ServiceUrl');
	my $Gateway =
	  $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::Gateway');
	my $User = '';

	# replace parts of login
	$Self->{LogObject}->Log( Priority => 'error', Message => "url $app_url" );
	$Self->{LogObject}->Log(
		Priority => 'error',
		Message  => "url cas "
		  . $Self->{ConfigObject}->Get('AuthModule::CAS::CASUrl')
	);

	###
	### Redirect the User for login at CAS
	###
	unless ( $QueryString =~ /ticket/ ) {
		$Self->{LogObject}
		  ->Log( Priority => 'error', Message => "no ticket $QueryString" );
		my $login_url = $cas->getServerLoginURL($app_url);
		my $q         = CGI->new();
		print $q->header('text/html');
		print $q->redirect( $login_url );
	}
	else {
		$Self->{LogObject}
		  ->Log( Priority => 'error', Message => "ticket $QueryString" );
		$QueryString =~ /ticket%3D([^&]+)/;
		my $ST = $1;

 		#      $Self->{LogObject}->Log( Priority => 'error', Message => "st $ST" );
		$User = $cas->validateST( $app_url, $ST );
	}


	return $User;
}

1;