From 8b9675e0f40e5b3b07c0015f3d39c9cb9bc053b8 Mon Sep 17 00:00:00 2001
From: "Bradley M. Froehle" <brad.froehle@gmail.com>
Date: Thu, 17 May 2012 20:28:39 -0700
Subject: [PATCH] Issue #869926 by bfroehle, p-andrei, therainmakor | dpalmer:
 Use phpCAS::setCacheTimesForAuthRecheck.

---
 cas.admin.inc |   13 +++++++++----
 cas.install   |   24 +++++++++++++++++++++++-
 cas.module    |   16 ++++++++--------
 cas.test      |    4 ++--
 4 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/cas.admin.inc b/cas.admin.inc
index b4e2279..e1885ae 100644
--- a/cas.admin.inc
+++ b/cas.admin.inc
@@ -213,11 +213,16 @@ function cas_admin_settings() {
     '#collapsed' => TRUE,
   );
 
-  $form['pages']['cas_check_first'] = array(
-    '#type' => 'checkbox',
+  $form['pages']['cas_check_frequency'] = array(
+    '#type' => 'select',
     '#title' => t('Check with the CAS server to see if the user is already logged in?'),
-    '#default_value' => variable_get('cas_check_first', 0),
-    '#description' => t('This implements the <a href="@cas-gateway">Gateway feature</a> of the CAS Protocol. The check is only performed the first time a user visits your site, so that the local drupal logout is still useful for site admins.', array('@cas-gateway' => 'https://wiki.jasig.org/display/CAS/gateway')),
+    '#default_value' => variable_get('cas_check_frequency', CAS_CHECK_NEVER),
+    '#options' => array(
+      CAS_CHECK_NEVER => 'Never',
+      CAS_CHECK_ONCE => 'Once, but not again until login',
+      CAS_CHECK_ALWAYS => 'Always',
+    ),
+    '#description' => t('This implements the <a href="@cas-gateway">Gateway feature</a> of the CAS Protocol. Enabling this may prevent logging out of Drupal without also logging out of CAS.', array('@cas-gateway' => 'https://wiki.jasig.org/display/CAS/gateway')),
   );
 
   $form['pages']['cas_access'] = array(
diff --git a/cas.install b/cas.install
index feb8e34..6e806d5 100644
--- a/cas.install
+++ b/cas.install
@@ -89,7 +89,7 @@ function cas_uninstall() {
   variable_del('cas_auto_assigned_role');
   variable_del('cas_cert');
   variable_del('cas_changePasswordURL');
-  variable_del('cas_check_first');
+  variable_del('cas_check_frequency');
   variable_del('cas_debugfile');
   variable_del('cas_domain');
   variable_del('cas_exclude');
@@ -116,6 +116,7 @@ function cas_uninstall() {
 
   // And old (un-used) variables.
   variable_del('cas_cert_verify');
+  variable_del('cas_check_first');
   variable_del('cas_first_login');
   variable_del('cas_hijack_user');
   variable_del('cas_ldap_email_attribute');
@@ -337,3 +338,24 @@ function cas_update_6304() {
   }
   return array();
 }
+
+/**
+ * Use variable 'cas_check_frequency' instead of 'cas_gateway'.
+ */
+function cas_update_6305() {
+  if (variable_get('cas_check_first', NULL) === NULL) {
+    // The old variable was not set, nothing to do.
+    return array();
+  }
+
+  if (variable_get('cas_check_first', FALSE)) {
+    // Check once, but not again until login.
+    variable_set('cas_check_frequency', -1);
+  }
+  else {
+    // Check never.
+    variable_set('cas_check_frequency', -2);
+  }
+  variable_del('cas_check_first');
+  return array();
+}
diff --git a/cas.module b/cas.module
index 92a2757..f843b7b 100644
--- a/cas.module
+++ b/cas.module
@@ -15,6 +15,11 @@ define('CAS_LOGIN_DRUPAL_INVITE_DEFAULT', 'Cancel CAS login');
 define('CAS_LOGIN_REDIR_MESSAGE', 'You will be redirected to the secure CAS login page.');
 define('CAS_EXCLUDE', 'services/*');
 
+// Frequency of CAS Gateway checking.
+define('CAS_CHECK_NEVER', -2);
+define('CAS_CHECK_ONCE', -1);
+define('CAS_CHECK_ALWAYS', 0);
+
 /**
  * Implementation of hook_init().
  *
@@ -86,8 +91,6 @@ function cas_login_check($force_authentication = TRUE) {
   }
   else {
     $logged_in = phpCAS::checkAuthentication();
-    // Set the login tested cookie
-    setcookie('cas_login_checked', 'true');
 
     // We're done cause we're not logged in.
     if (!$logged_in) {
@@ -283,6 +286,8 @@ function cas_phpcas_init($force = FALSE) {
   $service = isset($_GET['q']) ? $_GET['q'] : 'cas';
   phpCAS::setFixedServiceURL(url($service, array('query' => cas_login_destination(), 'absolute' => TRUE)));
 
+  phpCAS::setCacheTimesForAuthRecheck((int) variable_get('cas_check_frequency', CAS_CHECK_NEVER));
+
   // Allow other modules to call phpCAS routines. We do not call
   // drupal_alter() since there are no parameters to pass.
   module_invoke_all('cas_phpcas_alter');
@@ -712,16 +717,11 @@ function cas_login_block_submit($form, &$form_state) {
  *   authenticated, FALSE otherwise.
  */
 function _cas_allow_check_for_login() {
-  if (!variable_get('cas_check_first', 0)) {
+  if (variable_get('cas_check_frequency', CAS_CHECK_NEVER) == CAS_CHECK_NEVER) {
     // The user has disabled the feature.
     return FALSE;
   }
 
-  // Check to see if we already have.
-  if (!empty($_COOKIE['cas_login_checked'])) {
-    return FALSE;
-  }
-
   // Check to see if we've got a search bot.
   $crawlers = array(
     'Google',
diff --git a/cas.test b/cas.test
index 7d11d97..5ace08a 100644
--- a/cas.test
+++ b/cas.test
@@ -693,7 +693,7 @@ class CasGatewayTestCase extends CasTestHelper {
 
   function setUp() {
     parent::setUp();
-    variable_set('cas_check_first', TRUE);
+    variable_set('cas_check_frequency', CAS_CHECK_ONCE);
   }
 
   /**
@@ -777,7 +777,7 @@ class CasRequiredLoginTestCase extends CasTestHelper {
     $account = $this->casCreateUser();
     $this->setCasUser($account);
 
-    variable_set('cas_check_first', TRUE);
+    variable_set('cas_check_frequency', CAS_CHECK_ONCE);
     variable_set('cas_exclude', "node/$node->nid");
 
     // Visit an excluded page and ensure we did not try to log in.
-- 
1.7.10.2