Skip to content
Snippets Groups Projects
Commit a4d9fadd authored by Jean-Philippe Metivier's avatar Jean-Philippe Metivier
Browse files

Initial commit

parents
No related branches found
No related tags found
No related merge requests found
Showing
with 1631 additions and 0 deletions
# Changelog
## 1.3.0 - 23/01/2019
- Authentification locale activable/désactivable dans la config.
- Clé de config `unicaen-auth` > `local` > `enabled`.
- Ajout de la fonctionnalité "Mot de passe oublié" pour l'authentification locale.
- Principe: un lien contenant un token est envoyé par mail à l'utilisateur.
- NB: Le username de l'utilisateur doit être une adresse électronique.
- NB: nécessité de créer une nouvelle colonne dans la table des utilisateurs,
cf. [répertoire data](./data).
## 1.3.1 - 25/01/2019
- Fonctionnalité "Mot de passe oublié" :
- Correction: l'utilisateur n'était pas recherché par son username!
- Ajout d'un validateur sur le formulaire de saisie de l'adresse électronique.
- Vérification que le compte utilisateur est bien local.
## 1.3.2 - 29/01/2019
- Authentification Shibboleth: possibilité de spécifier les attributs nécessaires au fonctionnement de l'appli
(clé de config `unicaen-auth` > `shibboleth` > `required_attributes`).
## 1.3.3 - 29/01/2019
- Correction du namespace de l'exception InvalidArgumentException lancée dans ShibService.
## 1.3.4 - 30/01/2019
- Correction d'un nom erroné de variable passée à une vue : passwordReset.
- Correction config globale .dist: désactivation par défaut de l'auth locale pure ; commentaires plus précis.
- Adapter Db: suppression catch exception inexistante ; correction doc ; ajout initialisation de variable manquante.
## 1.3.5 - 04/02/2019
- Simplifications autour de la simulation d'une authentification shibboleth.
<?php
namespace UnicaenAuthentification;
use Zend\EventManager\EventInterface;
use Zend\ModuleManager\Feature\AutoloaderProviderInterface;
use Zend\ModuleManager\Feature\ConfigProviderInterface;
use Zend\ModuleManager\Feature\ServiceProviderInterface;
/**
* Point d'entrée du module d'authentification Unicaen.
*
* @author Bertrand GAUTHIER <bertrand.gauthier@unicaen.fr>
*/
class Module implements AutoloaderProviderInterface, ConfigProviderInterface, ServiceProviderInterface
{
/**
* @return array
* @see ConfigProviderInterface
*/
public function getConfig()
{
return include __DIR__ . '/config/module.config.php';
}
/**
* @return array
* @see AutoloaderProviderInterface
*/
public function getAutoloaderConfig()
{
return [
'Zend\Loader\StandardAutoloader' => [
'namespaces' => [
__NAMESPACE__ => __DIR__ . '/src/' . __NAMESPACE__,
],
],
];
}
/**
* This method is called once the MVC bootstrapping is complete,
* after the "loadModule.post" event, once $application->bootstrap() is called.
*
* @param EventInterface $e
*
* @see BootstrapListenerInterface
*/
public function onBootstrap(EventInterface $e)
{
}
/**
* @return array
* @see ServiceProviderInterface
*/
public function getServiceConfig()
{
return [
//========== repris du module zf-commons/zfc-user-doctrine-orm abandonné =========
'aliases' => array(
'zfcuser_doctrine_em' => 'Doctrine\ORM\EntityManager',
),
//===========================================
'factories' => [
//========== repris du module zf-commons/zfc-user-doctrine-orm abandonné =========
'zfcuser_module_options' => function ($sm) {
$config = $sm->get('Configuration');
return new Options\ModuleOptions(isset($config['zfcuser']) ? $config['zfcuser'] : array());
},
//===========================================
],
];
}
}
\ No newline at end of file
# UnicaenAuth
Ce module :
- ajoute à une application la possibilité d'identifier/authentifier l'utilisateur (LDAP, base de données ou CAS).
- fournit la possibilité à l'utilisateur de se créer un compte dans la base de données de l'application (option de config).
- fournit les fonctionnalités d'habilitation de l'utilisateur (ACL).
- Une bibliothèque de rôles éditable via une IHM
- Un système de gestion des droits avec des privilèges éditables via une IHM
- Un système d'assertions avancées pour gérer des cas complexes d'autorisations
- requiert les modules suivants :
- UnicaenApp
- ZfcUserDoctrineOrm
- phpCAS
- BjyAuthorize
## Documentation
- [Installation](./doc/installation.md)
- [Configuration](./doc/configuration.md)
- [Authentification](./doc/authentification.md)
- [Services](./doc/services.md)
- [Utilisation de la gestion des droits et privilèges](./doc/droits.md)
- [Aides de vue (view helpers)](./doc/helpers.md)
<?php
// Generated by ZF2's ./bin/classmap_generator.php
return array(
'UnicaenAutorisation\Module' => __DIR__ . '/Module.php',
'UnicaenAutorisation\Guard\PrivilegeController' => __DIR__ . '/src/UnicaenAutorisation/Guard/PrivilegeController.php',
'UnicaenAutorisation\Options\AuthenticationOptionsInterface' => __DIR__ . '/src/UnicaenAutorisation/Options/AuthenticationOptionsInterface.php',
'UnicaenAutorisation\Options\Traits\ModuleOptionsAwareTrait' => __DIR__ . '/src/UnicaenAutorisation/Options/Traits/ModuleOptionsAwareTrait.php',
'UnicaenAutorisation\Options\ModuleOptionsFactory' => __DIR__ . '/src/UnicaenAutorisation/Options/ModuleOptionsFactory.php',
'UnicaenAutorisation\Options\ModuleOptions' => __DIR__ . '/src/UnicaenAutorisation/Options/ModuleOptions.php',
'UnicaenAutorisation\Entity\Db\CategoriePrivilege' => __DIR__ . '/src/UnicaenAutorisation/Entity/Db/CategoriePrivilege.php',
'UnicaenAutorisation\Entity\Db\User' => __DIR__ . '/src/UnicaenAutorisation/Entity/Db/User.php',
'UnicaenAutorisation\Entity\Db\Privilege' => __DIR__ . '/src/UnicaenAutorisation/Entity/Db/Privilege.php',
'UnicaenAutorisation\Entity\Db\Role' => __DIR__ . '/src/UnicaenAutorisation/Entity/Db/Role.php',
'UnicaenAutorisation\Entity\Db\AbstractUser' => __DIR__ . '/src/UnicaenAutorisation/Entity/Db/AbstractUser.php',
'UnicaenAutorisation\Entity\Ldap\People' => __DIR__ . '/src/UnicaenAutorisation/Entity/Ldap/People.php',
'UnicaenAutorisation\Service\LdapUserAwareInterface' => __DIR__ . '/src/UnicaenAutorisation/Service/LdapUserAwareInterface.php',
'UnicaenAutorisation\Service\AuthorizeService' => __DIR__ . '/src/UnicaenAutorisation/Service/AuthorizeService.php',
'UnicaenAutorisation\Service\DbUserAwareInterface' => __DIR__ . '/src/UnicaenAutorisation/Service/DbUserAwareInterface.php',
'UnicaenAutorisation\Service\User' => __DIR__ . '/src/UnicaenAutorisation/Service/User.php',
'UnicaenAutorisation\Service\Traits\UserContextServiceAwareTrait' => __DIR__ . '/src/UnicaenAutorisation/Service/Traits/UserContextServiceAwareTrait.php',
'UnicaenAutorisation\Service\Traits\RoleServiceAwareTrait' => __DIR__ . '/src/UnicaenAutorisation/Service/Traits/RoleServiceAwareTrait.php',
'UnicaenAutorisation\Service\Traits\CategoriePrivilegeServiceAwareTrait' => __DIR__ . '/src/UnicaenAutorisation/Service/Traits/CategoriePrivilegeAwareTrait.php',
'UnicaenAutorisation\Service\Traits\PrivilegeServiceAwareTrait' => __DIR__ . '/src/UnicaenAutorisation/Service/Traits/PrivilegeServiceAwareTrait.php',
'UnicaenAutorisation\Service\UserAwareInitializer' => __DIR__ . '/src/UnicaenAutorisation/Service/UserAwareInitializer.php',
'UnicaenAutorisation\Service\UserContext' => __DIR__ . '/src/UnicaenAutorisation/Service/UserContext.php',
'UnicaenAutorisation\Service\PrivilegeService' => __DIR__ . '/src/UnicaenAutorisation/Service/PrivilegeService.php',
'UnicaenAutorisation\Service\RoleService' => __DIR__ . '/src/UnicaenAutorisation/Service/RoleService.php',
'UnicaenAutorisation\Service\CategoriePrivilegeService' => __DIR__ . '/src/UnicaenAutorisation/Service/CategoriePrivilegeService.php',
'UnicaenAutorisation\Service\AbstractService' => __DIR__ . '/src/UnicaenAutorisation/Service/AbstractService.php',
'UnicaenAutorisation\Service\AuthorizeServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Service/AuthorizeServiceFactory.php',
'UnicaenAutorisation\Authentication\AuthenticationServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Authentication/AuthenticationServiceFactory.php',
'UnicaenAutorisation\Authentication\Storage\Ldap' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Storage/Ldap.php',
'UnicaenAutorisation\Authentication\Storage\Db' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Storage/Db.php',
'UnicaenAutorisation\Authentication\Storage\Chain' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Storage/Chain.php',
'UnicaenAutorisation\Authentication\Storage\ChainableStorage' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Storage/ChainableStorage.php',
'UnicaenAutorisation\Authentication\Storage\ChainServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Storage/ChainServiceFactory.php',
'UnicaenAutorisation\Authentication\Storage\ChainEvent' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Storage/ChainEvent.php',
'UnicaenAutorisation\Authentication\Adapter\Ldap' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Adapter/Ldap.php',
'UnicaenAutorisation\Authentication\Adapter\Db' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Adapter/Db.php',
'UnicaenAutorisation\Authentication\Adapter\AbstractFactory' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Adapter/AbstractFactory.php',
'UnicaenAutorisation\Authentication\Adapter\Cas' => __DIR__ . '/src/UnicaenAutorisation/Authentication/Adapter/Cas.php',
'UnicaenAutorisation\Assertion\AbstractAssertion' => __DIR__ . '/src/UnicaenAutorisation/Assertion/AbstractAssertion.php',
'UnicaenAutorisation\Acl\NamedRole' => __DIR__ . '/src/UnicaenAutorisation/Acl/NamedRole.php',
'UnicaenAutorisation\View\RedirectionStrategy' => __DIR__ . '/src/UnicaenAutorisation/View/RedirectionStrategy.php',
'UnicaenAutorisation\View\Helper\AppConnection' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/AppConnection.php',
'UnicaenAutorisation\View\Helper\UserProfileSelectRadioItem' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserProfileSelectRadioItem.php',
'UnicaenAutorisation\View\Helper\UserProfileFactory' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserProfileFactory.php',
'UnicaenAutorisation\View\Helper\UserStatus' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserStatus.php',
'UnicaenAutorisation\View\Helper\UserStatusFactory' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserStatusFactory.php',
'UnicaenAutorisation\View\Helper\UserAbstract' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserAbstract.php',
'UnicaenAutorisation\View\Helper\UserProfileSelect' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserProfileSelect.php',
'UnicaenAutorisation\View\Helper\UserConnectionFactory' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserConnectionFactory.php',
'UnicaenAutorisation\View\Helper\UserInfoFactory' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserInfoFactory.php',
'UnicaenAutorisation\View\Helper\UserInfo' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserInfo.php',
'UnicaenAutorisation\View\Helper\UserCurrentFactory' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserCurrentFactory.php',
'UnicaenAutorisation\View\Helper\UserProfileSelectRadioItemFactory' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserProfileSelectRadioItemFactory.php',
'UnicaenAutorisation\View\Helper\UserProfileSelectFactory' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserProfileSelectFactory.php',
'UnicaenAutorisation\View\Helper\UserProfile' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserProfile.php',
'UnicaenAutorisation\View\Helper\UserCurrent' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserCurrent.php',
'UnicaenAutorisation\View\Helper\UserConnection' => __DIR__ . '/src/UnicaenAutorisation/View/Helper/UserConnection.php',
'UnicaenAutorisation\Controller\DroitsController' => __DIR__ . '/src/UnicaenAutorisation/Controller/DroitsController.php',
'UnicaenAutorisation\Controller\UtilisateurController' => __DIR__ . '/src/UnicaenAutorisation/Controller/UtilisateurController.php',
'UnicaenAutorisation\Provider\Role\ConfigServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Provider/Role/ConfigServiceFactory.php',
'UnicaenAutorisation\Provider\Role\Config' => __DIR__ . '/src/UnicaenAutorisation/Provider/Role/Config.php',
'UnicaenAutorisation\Provider\Role\UsernameServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Provider/Role/UsernameServiceFactory.php',
'UnicaenAutorisation\Provider\Role\DbRole' => __DIR__ . '/src/UnicaenAutorisation/Provider/Role/DbRole.php',
'UnicaenAutorisation\Provider\Role\DbRoleServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Provider/Role/DbRoleServiceFactory.php',
'UnicaenAutorisation\Provider\Role\Username' => __DIR__ . '/src/UnicaenAutorisation/Provider/Role/Username.php',
'UnicaenAutorisation\Provider\Privilege\PrivilegeProviderAwareTrait' => __DIR__ . '/src/UnicaenAutorisation/Provider/Privilege/PrivilegeProviderAwareTrait.php',
'UnicaenAutorisation\Provider\Privilege\PrivilegeProviderInterface' => __DIR__ . '/src/UnicaenAutorisation/Provider/Privilege/PrivilegeProviderInterface.php',
'UnicaenAutorisation\Provider\Privilege\Privileges' => __DIR__ . '/src/UnicaenAutorisation/Provider/Privilege/Privileges.php',
'UnicaenAutorisation\Provider\Rule\PrivilegeRuleProvider' => __DIR__ . '/src/UnicaenAutorisation/Provider/Rule/PrivilegeRuleProvider.php',
'UnicaenAutorisation\Provider\Identity\DbServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/DbServiceFactory.php',
'UnicaenAutorisation\Provider\Identity\Basic' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/Basic.php',
'UnicaenAutorisation\Provider\Identity\Ldap' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/Ldap.php',
'UnicaenAutorisation\Provider\Identity\Db' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/Db.php',
'UnicaenAutorisation\Provider\Identity\Chain' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/Chain.php',
'UnicaenAutorisation\Provider\Identity\ChainableProvider' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/ChainableProvider.php',
'UnicaenAutorisation\Provider\Identity\LdapServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/LdapServiceFactory.php',
'UnicaenAutorisation\Provider\Identity\BasicServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/BasicServiceFactory.php',
'UnicaenAutorisation\Provider\Identity\ChainServiceFactory' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/ChainServiceFactory.php',
'UnicaenAutorisation\Provider\Identity\ChainEvent' => __DIR__ . '/src/UnicaenAutorisation/Provider/Identity/ChainEvent.php',
'UnicaenAutorisation\Event\UserAuthenticatedEvent' => __DIR__ . '/src/UnicaenAutorisation/Event/UserAuthenticatedEvent.php',
'UnicaenAutorisation\Event\Listener\AuthenticatedUserSavedAbstractListener' => __DIR__ . '/src/UnicaenAutorisation/Event/Listener/AuthenticatedUserSavedAbstractListener.php',
'UnicaenAutorisation\Form\Droits\Traits\RoleFormAwareTrait' => __DIR__ . '/src/UnicaenAutorisation/Form/Droits/Traits/RoleFormAwareTrait.php',
'UnicaenAutorisation\Form\Droits\RoleForm' => __DIR__ . '/src/UnicaenAutorisation/Form/Droits/RoleForm.php',
'RoleFormHydrator' => __DIR__ . '/src/UnicaenAutorisation/Form/Droits/RoleForm.php',
);
{
"name": "unicaen/auth",
"description": "Module d'authentification pour les applications Unicaen",
"repositories": [
{
"type": "composer",
"url": "https://gest.unicaen.fr/packagist"
}
],
"require": {
"unicaen/app": "^3.0",
"unicaen/bjy-authorize": "^3.0",
"jasig/phpcas": "^1.3",
"ramsey/uuid": "^3.7"
},
"require-dev": {
"phpunit/phpunit": "^5.6"
},
"autoload": {
"psr-0": {
"UnicaenAuthentification": "src/"
},
"classmap": [
"./Module.php"
]
}
}
This diff is collapsed.
This diff is collapsed.
<?php
/**
* UnicaenAuthentification Global Configuration
*/
return [
'unicaen-auth' => [
/**
* Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit
* être enregistré/mis à jour dans la table des utilisateurs de l'appli.
*/
'save_ldap_user_in_database' => false,
'entity_manager_name' => 'doctrine.entitymanager.orm_default', // nom du gestionnaire d'entités à utiliser
/**
* Attribut LDAP utilisé pour le username des utilisateurs
* A personnaliser au besoin
*/
//'ldap_username' => 'supannaliaslogin',
],
];
<?php
return [
'unicaen-auth' => [
/**
* Configuration de l'authentification centralisée (CAS).
*/
'cas' => [
/**
* Ordre d'affichage du formulaire de connexion.
*/
'order' => 1,
/**
* Activation ou non de ce mode d'authentification.
*/
'enabled' => true,
/**
* Description facultative de ce mode d'authentification qui apparaîtra sur la page de connexion.
*/
'description' => "Cliquez sur le bouton ci-dessous pour accéder à l'authentification centralisée.",
/**
* Infos de connexion au serveur CAS.
*/
'connection' => [
'default' => [
'params' => [
'hostname' => 'host.domain.fr',
'port' => 443,
'version' => "2.0",
'uri' => "",
'debug' => false,
],
],
]
],
/**
* Configuration de l'authentification locale (compte LDAP établissement, ou compte BDD application).
*/
'local' => [
'order' => 2,
'enabled' => true,
'description' => "Utilisez ce formulaire si vous possédez un compte LDAP établissement ou un compte local dédié à l'application.",
/**
* Mode d'authentification à l'aide d'un compte dans la BDD de l'application.
*/
'db' => [
'enabled' => true, // doit être activé pour que l'usurpation fonctionne (cf. Authentication/Storage/Db::read()) :-/
],
/**
* Mode d'authentification à l'aide d'un compte LDAP.
*/
'ldap' => [
'enabled' => true,
],
],
/**
* Authentification via la fédération d'identité (Shibboleth).
*/
'shib' => [
'order' => 3,
'enabled' => false,
'description' =>
"Cliquez sur le bouton ci-dessous pour accéder à l'authentification via la fédération d'identité. " .
"<strong>NB: Vous devrez utiliser votre compte " .
"&laquo; <a href='http://vie-etudiante.unicaen.fr/vie-numerique/etupass/'>etupass</a> &raquo; " .
"pour vous authentifier...</strong>",
/**
* URL de déconnexion.
*/
'logout_url' => '/Shibboleth.sso/Logout?return=', // NB: '?return=' semble obligatoire!
/**
* Simulation d'authentification d'un utilisateur.
*/
//'simulate' => [
// 'eppn' => 'eppn@domain.fr',
// 'supannEmpId' => '00012345',
//],
/**
* Alias éventuels des clés renseignées par Shibboleth dans la variable superglobale $_SERVER
* une fois l'authentification réussie.
*/
'aliases' => [
'eppn' => 'HTTP_EPPN',
'mail' => 'HTTP_MAIL',
'eduPersonPrincipalName' => 'HTTP_EPPN',
'supannEtuId' => 'HTTP_SUPANNETUID',
'supannEmpId' => 'HTTP_SUPANNEMPID',
'supannCivilite' => 'HTTP_SUPANNCIVILITE',
'displayName' => 'HTTP_DISPLAYNAME',
'sn' => 'HTTP_SN',
'givenName' => 'HTTP_GIVENNAME',
],
/**
* Clés dont la présence sera requise par l'application dans la variable superglobale $_SERVER
* une fois l'authentification réussie.
*/
//'required_attributes' => [
// 'eppn',
// 'mail',
// 'eduPersonPrincipalName',
// 'supannCivilite',
// 'displayName',
// 'sn|surname', // i.e. 'sn' ou 'surname'
// 'givenName',
// 'supannEtuId|supannEmpId',
//],
/**
* Configuration de la stratégie d'extraction d'un identifiant utile parmi les données d'authentification
* shibboleth.
* Ex: identifiant de l'usager au sein du référentiel établissement, transmis par l'IDP via le supannRefId.
*/
'shib_user_id_extractor' => [
// domaine (ex: 'unicaen.fr') de l'EPPN (ex: hochonp@unicaen.fr')
// 'unicaen.fr' => [
// 'supannRefId' => [
// // nom du 1er attribut recherché
// 'name' => 'supannRefId', // ex: '{OCTOPUS:ID}1234;{ISO15693}044D1AZE7A5P80'
// // pattern éventuel pour extraire la partie intéressante
// 'preg_match_pattern' => '|\{OCTOPUS:ID\}(\d+)|', // ex: permet d'extraire '1234'
// ],
// 'supannEmpId' => [
// // nom du 2e attribut recherché
// 'name' => 'supannEmpId',
// // pas de pattern donc valeur brute utilisée
// 'preg_match_pattern' => null,
// ],
// 'supannEtuId' => [
// // nom du 3e attribut recherché
// 'name' => 'supannEtuId',
// ],
// ],
// config de repli pour tous les autres domaines
'default' => [
'supannEmpId' => [
'name' => 'supannEmpId',
],
'supannEtuId' => [
'name' => 'supannEtuId',
],
],
],
],
/**
* Identifiants de connexion autorisés à faire de l'usurpation d'identité.
* (NB: à réserver exclusivement aux tests.)
*/
'usurpation_allowed_usernames' => [
//'username', // format LDAP
//'e.mail@domain.fr', // format BDD
//'eppn@domain.fr', // format Shibboleth
],
],
];
File added
msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2013-05-16 14:55+0100\n"
"PO-Revision-Date: 2013-05-16 14:58+0100\n"
"Last-Translator: Université de Caen Basse Normandie\n"
"Language-Team: \n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Poedit-KeywordsList: translate;setLabel\n"
"X-Poedit-Basepath: .\n"
"X-Poedit-Language: French\n"
"X-Poedit-Country: FRANCE\n"
"X-Poedit-SourceCharset: utf-8\n"
"X-Poedit-SearchPath-0: ..\n"
"X-Poedit-SearchPath-1: ../../../zf-commons/zfc-user\n"
#: ../src/UnicaenAuth/View/Helper/UserStatus.php:91
msgid "Erreur: identité inattendue"
msgstr "Error: unexpected identity"
#: ../src/UnicaenAuth/View/Helper/UserStatus.php:97
msgid "Aucun"
msgstr "None"
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:51
msgid "Affectations administratives"
msgstr "Display authentication form"
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:52
msgid "Affectations recherche"
msgstr "Research structure"
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:53
msgid "Responsabilités"
msgstr "Responsabilities"
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:64
msgid "Aucune affectation trouvée."
msgstr "No admin structure found."
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:95
msgid "Aucune affectation disponible."
msgstr "No structure found."
#: ../src/UnicaenAuth/View/Helper/UserCurrent.php:34
msgid "Utilisateur connecté : "
msgstr "Login user : "
#: ../src/UnicaenAuth/View/Helper/UserConnection.php:49
msgid "Connexion"
msgstr "Connection"
#: ../src/UnicaenAuth/View/Helper/UserConnection.php:50
msgid "Affiche le formulaire d'authentification"
msgstr "Display authentication form"
#: ../src/UnicaenAuth/View/Helper/UserConnection.php:54
msgid "Déconnexion"
msgstr "Logout"
#: ../src/UnicaenAuth/View/Helper/UserConnection.php:55
msgid "Supprime les informations de connexion"
msgstr "Clear connection informations"
#: ../language/msgids.php:2
msgid "Username"
msgstr "Username"
#: ../language/msgids.php:3
msgid "Password"
msgstr "Password"
#: ../language/msgids.php:4
msgid "Email"
msgstr "Email"
#: ../language/msgids.php:5
msgid "Display Name"
msgstr "Nom complet"
#: ../language/msgids.php:6
msgid "Password Verify"
msgstr "Mot de passe (pour vérification)"
#: ../language/msgids.php:7
msgid "Authentication failed. Please try again."
msgstr "L'authentification a échoué. Recommencez, svp."
#: ../config/module.config.php:209
msgid "Se connecter"
msgstr "Login"
#: ../config/module.config.php:214
msgid "S'enregistrer"
msgstr "Register"
#: ../../../zf-commons/zfc-user/src/ZfcUser/Form/Login.php:62
#: ../view/zfc-user/user/login.phtml:1
msgid "Sign In"
msgstr "Sign In"
#: ../../../zf-commons/zfc-user/src/ZfcUser/Form/Register.php:36
#: ../view/zfc-user/user/register.phtml:1
msgid "Register"
msgstr "Register"
#: ../../../zf-commons/zfc-user/src/ZfcUser/Form/Base.php:78
msgid "Submit"
msgstr "Submit"
#: ../view/zfc-user/user/register.phtml:5
msgid "Registration is disabled"
msgstr "Registration is disabled"
#: ../view/zfc-user/user/login.phtml:31
msgid "Not registered?"
msgstr "Not registered?"
#: ../view/zfc-user/user/login.phtml:31
msgid "Sign up!"
msgstr "Sign up!"
#: ../view/zfc-user/user/index.phtml:2
msgid "Hello,"
msgstr "Hello,"
#~ msgid "Ferme votre session au sein de cette application"
#~ msgstr "Close your application session"
#~ msgid "Profil"
#~ msgstr "Profile"
#~ msgid "Version"
#~ msgstr "Version"
#~ msgid "du"
#~ msgstr "du"
#~ msgid "ou"
#~ msgstr "ou"
#~ msgid "Contact"
#~ msgstr "Contact"
#~ msgid "Contacter par mail"
#~ msgstr "Contacter par mail"
#~ msgid "Inconnu"
#~ msgstr "Inconnu"
#~ msgid "Page d'accueil de l'application"
#~ msgstr "Page d'accueil de l'application"
#~ msgid "Néant"
#~ msgstr "Néant"
#~ msgid "Suivant >"
#~ msgstr "Suivant >"
#~ msgid "Passer à l'étape suivante"
#~ msgstr "Passer à l'étape suivante"
#~ msgid "< Précédent"
#~ msgstr "< Précédent"
#~ msgid "Revenir à l'étape précédente"
#~ msgstr "Revenir à l'étape précédente"
#~ msgid "Annuler"
#~ msgstr "Annuler"
#~ msgid "Abandonner la saisie"
#~ msgstr "Abandonner la saisie"
#~ msgid "Terminer"
#~ msgstr "Terminer"
File added
msgid ""
msgstr ""
"Project-Id-Version: \n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2014-02-27 13:41+0100\n"
"PO-Revision-Date: 2019-01-25 16:32+0100\n"
"Last-Translator: Université de Caen Basse Normandie\n"
"Language-Team: \n"
"Language: fr_FR\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Poedit-KeywordsList: translate;setLabel;_\n"
"X-Poedit-Basepath: .\n"
"X-Poedit-SourceCharset: utf-8\n"
"X-Generator: Poedit 1.8.7.1\n"
"X-Poedit-SearchPath-0: ..\n"
#: ../Module.php:151
msgid "Username"
msgstr "Identifiant de connexion"
#: ../src/UnicaenAuth/View/Helper/UserStatus.php:81
msgid "Vous n'êtes pas connecté(e)"
msgstr "Vous n'êtes pas connecté(e)"
#: ../src/UnicaenAuth/View/Helper/UserProfile.php:37
msgid "Profil utilisateur"
msgstr "Profil utilisateur"
#: ../src/UnicaenAuth/View/Helper/UserProfile.php:38
msgid "Inconnu"
msgstr "Inconnu"
#: ../src/UnicaenAuth/View/Helper/UserProfile.php:39
#: ../src/UnicaenAuth/View/Helper/UserCurrent.php:50
msgid "Aucun"
msgstr "Aucun"
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:50
msgid "Affectations administratives"
msgstr "Affectations administratives"
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:51
msgid "Affectations recherche"
msgstr "Affectations recherche"
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:52
msgid "Responsabilités"
msgstr "Responsabilités"
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:72
msgid "Aucune affectation trouvée."
msgstr "Aucune affectation trouvée."
#: ../src/UnicaenAuth/View/Helper/UserInfo.php:99
msgid "Aucune information disponible."
msgstr "Aucune information disponible."
#: ../src/UnicaenAuth/View/Helper/UserCurrent.php:58
msgid "Utilisateur connecté à l'application"
msgstr "Utilisateur connecté à l'application"
#: ../language/msgids.php:3
msgid "Password"
msgstr "Mot de passe"
#: ../language/msgids.php:4
msgid "Email"
msgstr "Votre adresse mail"
#: ../language/msgids.php:5
msgid "Display Name"
msgstr "Votre nom complet"
#: ../language/msgids.php:6
msgid "Password Verify"
msgstr "Confirmez votre mot de passe"
#: ../language/msgids.php:7
msgid "Authentication failed. Please try again."
msgstr "Identifiant ou mot de passe incorrect."
#: ../config/module.config.php:267
msgid "Se connecter"
msgstr "Se connecter"
#: ../config/module.config.php:272
msgid "S'enregistrer"
msgstr "S'enregistrer"
#: ../view/zfc-user/user/register.phtml:1
msgid "Register"
msgstr "Créer mon compte"
#: ../view/zfc-user/user/register.phtml:5
msgid "Registration is disabled"
msgstr "La création de compte est désactivée"
#: ../view/zfc-user/user/login.phtml:2
msgid "Sign In"
msgstr "Se connecter"
#: ../view/zfc-user/user/login.phtml:55
msgid "Not registered?"
msgstr "Pas encore de compte ?"
#: ../view/zfc-user/user/login.phtml:55
msgid "Sign up!"
msgstr "Enregistrez-vous!"
#: ../view/zfc-user/user/index.phtml:2
msgid "Hello,"
msgstr "Bonjour,"
#: ../view/error/403.phtml:7
msgid "Vous n'êtes pas autorisé(e) à accéder à cette page."
msgstr "Vous n'êtes pas autorisé(e) à accéder à cette page."
#: ../view/error/403.phtml:12
msgid "Erreur inattendue."
msgstr "Erreur inattendue."
#~ msgid "Votre adresse"
#~ msgstr "Votre adresse"
#~ msgid "Votre message"
#~ msgstr "Votre message"
#~ msgid "Vous"
#~ msgstr "Vous"
#~ msgid "Step fieldset"
#~ msgstr "Etape"
#~ msgid "Version"
#~ msgstr "Version"
#~ msgid "du"
#~ msgstr "du"
#~ msgid "ou"
#~ msgstr "ou"
#~ msgid "Contact"
#~ msgstr "Contact"
#~ msgid "Contacter par mail"
#~ msgstr "Contacter par mail"
#~ msgid "Page d'accueil de l'application"
#~ msgstr "Page d'accueil de l'application"
#~ msgid "Néant"
#~ msgstr "Néant"
#, fuzzy
#~ msgid "À propos de cette application"
#~ msgstr "Ferme votre session au sein de cette application"
#, fuzzy
#~ msgid "Contact concernant l'application"
#~ msgstr "Page d'accueil de l'application"
#, fuzzy
#~ msgid "Plan de navigation au sein de l'application"
#~ msgstr "Page d'accueil de l'application"
#~ msgid "Connexion"
#~ msgstr "Connexion"
#~ msgid "Affiche le formulaire d'authentification"
#~ msgstr "Affiche le formulaire d'authentification"
#~ msgid "Déconnexion"
#~ msgstr "Déconnexion"
#~ msgid "Supprime les informations de connexion"
#~ msgstr "Supprime les informations de connexion"
#~ msgid "Submit"
#~ msgstr "Valider"
#~ msgid "Profil"
#~ msgstr "Profil"
#~ msgid "Suivant >"
#~ msgstr "Suivant >"
#~ msgid "Passer à l'étape suivante"
#~ msgstr "Passer à l'étape suivante"
#~ msgid "< Précédent"
#~ msgstr "< Précédent"
#~ msgid "Revenir à l'étape précédente"
#~ msgstr "Revenir à l'étape précédente"
#~ msgid "Annuler"
#~ msgstr "Annuler"
#~ msgid "Abandonner la saisie"
#~ msgstr "Abandonner la saisie"
#~ msgid "Terminer"
#~ msgstr "Terminer"
<?php
_("Username");
_("Password");
_("Email");
_("Display Name");
_("Password Verify");
_("Authentication failed. Please try again.");
\ No newline at end of file
<?php
namespace UnicaenAuthentification\Authentication\Adapter;
use UnicaenAuthentification\Authentication\SessionIdentity;
use Zend\Authentication\Storage\StorageInterface;
use Zend\EventManager\EventInterface;
use Zend\EventManager\EventManagerInterface;
use Zend\EventManager\ListenerAggregateInterface;
use Zend\EventManager\ListenerAggregateTrait;
use ZfcUser\Authentication\Adapter\ChainableAdapter;
abstract class AbstractAdapter implements ChainableAdapter, ListenerAggregateInterface
{
use ListenerAggregateTrait;
/**
* @var string
*/
protected $type;
/**
* @var StorageInterface
*/
protected $storage;
/**
* @param string $type
* @return self
*/
public function setType(string $type): self
{
$this->type = $type;
return $this;
}
/**
* @return string
*/
public function getType(): string
{
return $this->type;
}
/**
* Returns the persistent storage handler
*
* @return StorageInterface
*/
public function getStorage(): StorageInterface
{
return $this->storage;
}
/**
* Sets the persistent storage handler
*
* @param StorageInterface $storage
* @return self Provides a fluent interface
*/
public function setStorage(StorageInterface $storage): self
{
$this->storage = $storage;
return $this;
}
/**
* Check if this adapter is satisfied or not
*
* @return bool
*/
public function isSatisfied(): bool
{
$storage = $this->getStorage()->read();
return (isset($storage['is_satisfied']) && true === $storage['is_satisfied']);
}
/**
* Set if this adapter is satisfied or not
*
* @param bool $bool
* @return self
*/
public function setSatisfied($bool = true): self
{
$storage = $this->getStorage()->read() ?: array();
$storage['is_satisfied'] = $bool;
$this->getStorage()->write($storage);
return $this;
}
/**
* @param string $username
* @return SessionIdentity
*/
protected function createSessionIdentity(string $username): SessionIdentity
{
return SessionIdentity::newInstance($username, $this->type);
}
/**
* Called when user id logged out
*
* @param EventInterface $e
*/
public function logout(EventInterface $e)
{
$this->getStorage()->clear();
}
/**
* @inheritDoc
*/
public function attach(EventManagerInterface $events, $priority = 1)
{
$events->attach('authenticate', [$this, 'authenticate'], $priority);
$events->attach('logout', [$this, 'logout'], $priority);
}
}
<?php
namespace UnicaenAuthentification\Authentication\Adapter;
use UnicaenAuthentification\Options\Traits\ModuleOptionsAwareTrait;
use Zend\Authentication\Result as AuthenticationResult;
use Zend\EventManager\EventInterface;
use Zend\Session\Container as SessionContainer;
use ZfcUser\Authentication\Adapter\AdapterChainEvent;
use ZfcUser\Entity\UserInterface;
use ZfcUser\Mapper\UserInterface as UserMapperInterface;
/**
* Classe abstraite des adpater d'authentification à partir de la base de données.
*
* Ajout par rapport à la classe mère : si aucune base de données ou table n'existe,
* l'authentification ne plante pas (i.e. renvoit false).
*
* @author Bertrand GAUTHIER <bertrand.gauthier@unicaen.fr>
*/
abstract class AbstractDb extends AbstractAdapter
{
use ModuleOptionsAwareTrait;
/**
* @var string
*/
protected $type;
/**
* @var AdapterChainEvent
*/
protected $event;
/**
* @var UserMapperInterface
*/
protected $mapper;
/**
* @inheritDoc
*/
// public function authenticate(EventInterface $e): bool
public function authenticate( $e): bool
{
// NB: Dans la version 3.0.0 de zf-commons/zfc-user, cette méthode prend un EventInterface.
// Mais dans la branche 3.x, c'est un AdapterChainEvent !
// Si un jour c'est un AdapterChainEvent qui est attendu, plus besoin de faire $e->getTarget().
$this->event = $e->getTarget();
if ($this->event->getIdentity()) {
return true;
}
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$this->event
->setIdentity($storage['identity'])
->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
return true;
}
$userObject = $this->fetchUserObject();
if ($userObject === null) {
return false;
}
if ($this->moduleOptions->getEnableUserState()) {
// Don't allow user to login if state is not in allowed list
if (!in_array($userObject->getState(), $this->moduleOptions->getAllowedLoginStates())) {
$this->event
->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)
->setMessages(["Ce compte utilisateur a été désactivé"]);
$this->setSatisfied(false);
return false;
}
}
$result = $this->authenticateUserObject($userObject);
if ($result === false) {
return false;
}
// regen the id
$session = new SessionContainer($this->getStorage()->getNamespace());
$session->getManager()->regenerateId();
// Success!
$identity = $this->createSessionIdentity($userObject->getUsername());
$this->event->setIdentity($identity);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $this->event->getIdentity();
$this->getStorage()->write($storage);
$this->event
->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
return true;
}
/**
* @return \ZfcUser\Entity\UserInterface|null
*/
abstract protected function fetchUserObject(): ?UserInterface;
/**
* @param \ZfcUser\Entity\UserInterface $userObject
* @return bool
*/
abstract protected function authenticateUserObject(UserInterface $userObject): bool;
/**
* setMapper
*
* @param UserMapperInterface $mapper
* @return self
*/
public function setMapper(UserMapperInterface $mapper): self
{
$this->mapper = $mapper;
return $this;
}
}
\ No newline at end of file
<?php
namespace UnicaenAuthentification\Authentication\Adapter;
use Interop\Container\ContainerInterface;
use UnicaenApp\Exception\LogicException;
use UnicaenAuthentification\Options\ModuleOptions;
use UnicaenAuthentification\Service\User;
use Zend\EventManager\EventManager;
use Zend\EventManager\EventManagerAwareInterface;
use Zend\Router\Http\TreeRouteStack;
use Zend\ServiceManager\AbstractFactoryInterface;
use Zend\ServiceManager\ServiceLocatorInterface;
use UnicaenApp\Mapper\Ldap\People as LdapPeopleMapper;
/**
* Description of AbstractFactory
*
* @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
*/
class AbstractFactory implements AbstractFactoryInterface
{
public function canCreateServiceWithName(ServiceLocatorInterface $serviceLocator, $name, $requestedName)
{
return $this->canCreate($serviceLocator, $requestedName);
}
public function createServiceWithName(ServiceLocatorInterface $serviceLocator, $name, $requestedName)
{
return $this->__invoke($serviceLocator, $requestedName);
}
public function canCreate(ContainerInterface $container, $requestedName)
{
return strpos($requestedName, __NAMESPACE__) === 0 && class_exists($requestedName);
}
public function __invoke(ContainerInterface $container, $requestedName, array $options = null)
{
switch ($requestedName) {
case __NAMESPACE__ . '\Ldap':
$adapter = new Ldap();
break;
case __NAMESPACE__ . '\Db':
$adapter = new Db();
break;
case __NAMESPACE__ . '\Cas':
$adapter = new Cas();
break;
//
// NB: pour faire simple, la stratégie de créer un adapter pour l'auth Shibboleth n'a pas été retenue.
//
// case __NAMESPACE__ . '\Shib':
// $adapter = new Shib();
// break;
default:
throw new LogicException("Service demandé inattendu : '$requestedName'!");
break;
}
$this->injectDependencies($adapter, $container);
if ($adapter instanceof EventManagerAwareInterface) {
/** @var EventManager $eventManager */
$eventManager = $container->get('EventManager');
$adapter->setEventManager($eventManager);
$userService = $container->get('unicaen-auth_user_service'); /* @var $userService \UnicaenAuthentification\Service\User */
$eventManager->attach('userAuthenticated', [$userService, 'userAuthenticated'], 100);
}
return $adapter;
}
/**
* @param Ldap|Db|Cas $adapter
* @param ContainerInterface $container
*/
private function injectDependencies($adapter, ContainerInterface $container)
{
switch (true) {
case $adapter instanceof Ldap:
/** @var User $userService */
$userService = $container->get('unicaen-auth_user_service');
$adapter->setUserService($userService);
/** @var LdapPeopleMapper $ldapPeopleMapper */
$ldapPeopleMapper = $container->get('ldap_people_mapper');
$adapter->setLdapPeopleMapper($ldapPeopleMapper);
$options = array_merge(
$container->get('zfcuser_module_options')->toArray(),
$container->get('unicaen-auth_module_options')->toArray());
$adapter->setOptions(new ModuleOptions($options));
/** @var \UnicaenApp\Options\ModuleOptions $appModuleOptions */
$appModuleOptions = $container->get('unicaen-app_module_options');
$adapter->setAppModuleOptions($appModuleOptions);
break;
case $adapter instanceof Cas:
/** @var User $userService */
$userService = $container->get('unicaen-auth_user_service');
$adapter->setUserService($userService);
/** @var mixed $router */
$router = $container->get('router');
$adapter->setRouter($router);
$options = array_merge(
$container->get('zfcuser_module_options')->toArray(),
$container->get('unicaen-auth_module_options')->toArray());
$adapter->setOptions(new ModuleOptions($options));
/** @var LdapPeopleMapper $ldapPeopleMapper */
$ldapPeopleMapper = $container->get('ldap_people_mapper');
$adapter->setLdapPeopleMapper($ldapPeopleMapper);
break;
default:
break;
}
}
}
\ No newline at end of file
<?php
namespace UnicaenAuthentification\Authentication\Adapter;
use Zend\Stdlib\RequestInterface as Request;
use Zend\Stdlib\ResponseInterface as Response;
use ZfcUser\Exception;
class AdapterChain extends \ZfcUser\Authentication\Adapter\AdapterChain
{
/**
* prepareForAuthentication
*
* @param Request $request
* @return Response|bool
* @throws Exception\AuthenticationEventException
*/
public function prepareForAuthentication(Request $request)
{
$e = $this->getEvent();
$e->setRequest($request);
$this->getEventManager()->trigger('authenticate.pre', $e);
$result = $this->getEventManager()->triggerUntil(function ($result) {
return $result === true || $result instanceof Response;
}, 'authenticate', $e);
if ($result->stopped()) {
$last = $result->last();
if ($last === true || $last instanceof Response) {
return $last;
}
// throw new Exception\AuthenticationEventException(
// sprintf(
// 'Auth event was stopped without a response. Got "%s" instead',
// is_object($result->last()) ? get_class($result->last()) : gettype($result->last())
// )
// );
}
if ($e->getIdentity()) {
$this->getEventManager()->trigger('authenticate.success', $e);
return true;
}
$this->getEventManager()->trigger('authenticate.fail', $e);
return false;
}
/**
* logoutAdapters
*
* @return Response|null
*/
public function logoutAdapters(): ?Response
{
//Adapters might need to perform additional cleanup after logout
$responseCollection = $this->getEventManager()->triggerUntil(function ($test) {
return ($test instanceof Response);
}, 'logout', $this->getEvent());
if ($responseCollection->stopped()) {
if ($responseCollection->last() instanceof Response) {
return $responseCollection->last();
}
throw new Exception\AuthenticationEventException(
sprintf(
'Auth event was stopped without a response. Got "%s" instead',
is_object($responseCollection->last()) ? get_class($responseCollection->last()) : gettype($responseCollection->last())
)
);
}
return null;
}
}
<?php
namespace UnicaenAuthentification\Authentication\Adapter;
use Interop\Container\ContainerInterface;
use ZfcUser\Authentication\Adapter\Exception\OptionsNotFoundException;
use ZfcUser\Options\ModuleOptions;
class AdapterChainServiceFactory
{
public function __invoke(ContainerInterface $container, $requestedName, array $options = null): AdapterChain
{
$chain = new AdapterChain();
$options = $this->getOptions($container);
$enabledTypes = array_keys($options->getEnabledAuthTypes()); // types d'auth activés
// on attache chaque adapter uniquement s'il est activé
foreach ($options->getAuthAdapters() as $priority => $adapterName) {
/** @var AbstractAdapter $adapter */
$adapter = $container->get($adapterName);
if (in_array($adapter->getType(), $enabledTypes)) {
$adapter->attach($chain->getEventManager(), $priority);
}
}
return $chain;
}
/**
* @var ModuleOptions
*/
protected $options;
/**
* set options
*
* @param ModuleOptions $options
* @return self
*/
public function setOptions(ModuleOptions $options): self
{
$this->options = $options;
return $this;
}
/**
* get options
*
* @param ContainerInterface|null $container (optional) Service Locator
* @return ModuleOptions $options
*/
public function getOptions(ContainerInterface $container = null): ModuleOptions
{
if (!$this->options) {
if (!$container) {
throw new OptionsNotFoundException(
'Options were tried to retrieve but not set ' .
'and no service locator was provided'
);
}
$this->setOptions($container->get('unicaen-auth_module_options'));
}
return $this->options;
}
}
<?php
namespace UnicaenAuthentification\Authentication\Adapter;
use Exception;
use phpCAS;
use UnicaenApp\Mapper\Ldap\People as LdapPeopleMapper;
use UnicaenAuthentification\Options\Traits\ModuleOptionsAwareTrait;
use UnicaenAuthentification\Service\User;
use Zend\Authentication\Result as AuthenticationResult;
use Zend\EventManager\EventInterface;
use Zend\Router\RouteInterface;
use Zend\Router\RouteStackInterface;
use ZfcUser\Authentication\Adapter\AdapterChainEvent;
/**
* CAS authentication adpater
*
* @author Bertrand GAUTHIER <bertrand.gauthier@unicaen.fr>
*/
class Cas extends AbstractAdapter
{
use ModuleOptionsAwareTrait;
const TYPE = 'cas';
/**
* @var string
*/
protected $type = self::TYPE;
/**
* @var array
*/
protected $casOptions;
/**
* @var phpCAS
*/
protected $casClient;
/**
* @var LdapPeopleMapper
*/
protected $ldapPeopleMapper;
/**
* @var User
*/
private $userService;
/**
* @param User $userService
*/
public function setUserService(User $userService)
{
$this->userService = $userService;
}
/**
* @var RouteInterface
*/
private $router;
/**
* @param RouteInterface $router
*/
public function setRouter(RouteInterface $router)
{
$this->router = $router;
}
/**
* @inheritDoc
*/
// public function authenticate(EventInterface $e): bool
public function authenticate( $e): bool
{
// NB: Dans la version 3.0.0 de zf-commons/zfc-user, cette méthode prend un EventInterface.
// Mais dans la branche 3.x, c'est un AdapterChainEvent !
// Si un jour c'est un AdapterChainEvent qui est attendu, plus besoin de faire $e->getTarget().
$event = $e->getTarget(); /* @var $event AdapterChainEvent */
$type = $event->getRequest()->getPost()->get('type');
if ($type !== $this->type) {
return false;
}
// if ($e->getIdentity()) {
// return;
// }
/* DS : modification liée à une boucle infinie lors de l'authentification CAS */
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$event
->setIdentity($storage['identity'])
->setCode(AuthenticationResult::SUCCESS)
->setMessages(['Authentication successful.']);
return true;
}
error_reporting($oldErrorReporting = error_reporting() & ~E_NOTICE);
$this->getCasClient()->forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
$identity = $this->createSessionIdentity($this->getCasClient(false)->getUser());
error_reporting($oldErrorReporting);
$event->setIdentity($identity);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $event->getIdentity();
$this->getStorage()->write($storage);
$event
->setCode(AuthenticationResult::SUCCESS)
->setMessages(['Authentication successful.']);
// recherche de l'individu dans l'annuaire LDAP (il existe forcément puisque l'auth CAS a réussi)
$ldapPeople = $this->getLdapPeopleMapper()->findOneByUsername($identity->getUsername());
/* @var $userService User */
$this->userService->userAuthenticated($ldapPeople);
return true;
}
/**
* @inheritDoc
*/
public function logout(EventInterface $e)
{
parent::logout($e);
$storage = $this->getStorage()->read();
if (! isset($storage['identity'])) {
return;
}
$returnUrl = $this->router->getRequestUri()->setPath($this->router->getBaseUrl())->toString();
$this->getCasClient()->logoutWithRedirectService($returnUrl);
}
/**
* Retourne le client CAS.
*
* @param boolean $initClient
* @return phpCAS
* @throws Exception
*/
public function getCasClient($initClient = true): phpCAS
{
if (null === $this->casClient) {
$this->casClient = new phpCAS();
}
if (!$initClient) {
return $this->casClient;
}
if (null === $this->casOptions) {
$config = $this->moduleOptions->getCas();
if (!isset($config['connection']['default']['params']) || !$config['connection']['default']['params']) {
throw new Exception("Les paramètres de connexion au serveur CAS sont invalides.");
}
$this->casOptions = $config['connection']['default']['params'];
}
$options = $this->casOptions;
if (array_key_exists('debug', $options) && (bool) $options['debug']) {
$this->casClient->setDebug();
}
// initialize phpCAS
$this->casClient->client($options['version'], $options['hostname'], $options['port'], $options['uri'], true);
// no SSL validation for the CAS server
$this->casClient->setNoCasServerValidation();
return $this->casClient;
}
/**
* Spécifie le client CAS.
*
* @param phpCAS $casClient
* @return self
*/
public function setCasClient(phpCAS $casClient): self
{
$this->casClient = $casClient;
return $this;
}
/**
* get ldap people mapper
*
* @return LdapPeopleMapper
*/
public function getLdapPeopleMapper(): LdapPeopleMapper
{
return $this->ldapPeopleMapper;
}
/**
* set ldap people mapper
*
* @param LdapPeopleMapper $mapper
* @return self
*/
public function setLdapPeopleMapper(LdapPeopleMapper $mapper): self
{
$this->ldapPeopleMapper = $mapper;
return $this;
}
/**
* @param RouteInterface $router
*/
public function reconfigureRoutesForCasAuth(RouteInterface $router)
{
if(!$router instanceof RouteStackInterface) {
return;
}
$router->addRoutes([
// remplace les routes existantes (cf. config du module)
'zfcuser' => [
'type' => 'Literal',
'priority' => 1000,
'options' => [
'route' => '/auth',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'index',
],
],
'may_terminate' => true,
'child_routes' => [
'login' => [
'type' => 'Segment',
'options' => [
'route' => '/connexion[/:type]',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'authenticate', // zappe l'action 'login'
],
],
],
'logout' => [
'type' => 'Literal',
'options' => [
'route' => '/deconnexion',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'logout',
],
],
],
],
],
]);
}
}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment