Blank Page when using the latest phpCAS 1.6.0

fhlarif commented 1 year ago

Blank Page when using the latest phpCAS 1.6.0

When trying to do the following, received a blank page and thus unable to do anything.
```
$this->cas = app('cas');
```
Most likely due to the latest phpCAS version 1.6.0
Hopefully this can be addressed so we can use the latest phpCAS version

Environment

"php": "^8.0.2|^8.1"
"laravel/framework": "^9.37"
"subfission/cas": "^4.2"
"apereo/phpcas": "1.6.0"

Steps to reproduce

Create a new fresh Laravel 9
Follow the instruction Installation · subfission/cas Wiki (github.com)
Usage: Usage · subfission/cas Wiki (github.com)

Expected behaviour

We should received the config when using
```
$this->cas = app('cas');
```

Actual behaviour

Received blank page instead. Using verbose debugging received such error:

phpCAS error: phpCAS::client(): CAS_TypeMismatchException: type mismatched for parameter $name (should be 'array, string, or CAS_ServiceBaseUrl_Interface object '), boolean given in vendor\subfission\cas\src\Subfission\Cas\CasManager.php on line 121

Current Workaround

Downgrade phpCAS to 1.5.0
```
composer require "apereo/phpcas:1.5.0"
```

dstepe commented 1 year ago

When will this be fixed? roave/security-advisories has tagged apereo/phpcas <1.6 as vulnerable.

https://github.com/Roave/SecurityAdvisories/blob/latest/composer.json#L32

subfission commented 1 year ago

@fhlarif - Thank you for the detailed report.

I'll have to look at the diffs on phpCAS 1.6 vs 1.5 to see what may have caused the breaking change. Can you attach your sanitized config.php content here or relevant .env file content? That may help with debugging.

subfission commented 1 year ago

@dstepe I can patch this as soon as I know why it broke and whether the patch will remain backwards compatible. Otherwise this will be a new release / minor tag.

If you have a testing resource for CAS auth that doesn't require certificates, that will help a ton with automating CI and eventual CD.

subfission / cas