module.config.php 34.6 KB
Newer Older
Bertrand Gauthier's avatar
Bertrand Gauthier committed
1
<?php
2

3
4
namespace UnicaenAuth;

5
use UnicaenAuth\Authentication\Adapter\AdapterChainServiceFactory;
6
use UnicaenAuth\Authentication\Adapter\Cas;
7
use UnicaenAuth\Authentication\Adapter\CasAdapterFactory;
8
use UnicaenAuth\Authentication\Adapter\Db;
9
use UnicaenAuth\Authentication\Adapter\DbAdapterFactory;
10
use UnicaenAuth\Authentication\Adapter\Ldap;
11
use UnicaenAuth\Authentication\Adapter\LdapAdapterFactory;
12
13
14
use UnicaenAuth\Authentication\Adapter\LocalAdapter;
use UnicaenAuth\Authentication\Adapter\LocalAdapterFactory;
use UnicaenAuth\Authentication\Adapter\Shib;
15
use UnicaenAuth\Authentication\Adapter\ShibAdapterFactory;
16
17
use UnicaenAuth\Authentication\Storage\Auth;
use UnicaenAuth\Authentication\Storage\AuthFactory;
18
19
20
use UnicaenAuth\Authentication\Storage\DbFactory;
use UnicaenAuth\Authentication\Storage\LdapFactory;
use UnicaenAuth\Authentication\Storage\ShibFactory;
21
22
use UnicaenAuth\Authentication\Storage\Usurpation;
use UnicaenAuth\Authentication\Storage\UsurpationFactory;
23
use UnicaenAuth\Controller\AuthController;
24
use UnicaenAuth\Controller\AuthControllerFactory;
25
26
use UnicaenAuth\Controller\DroitsControllerFactory;
use UnicaenAuth\Controller\UtilisateurControllerFactory;
27
28
use UnicaenAuth\Form\CasLoginForm;
use UnicaenAuth\Form\CasLoginFormFactory;
29
use UnicaenAuth\Form\Droits\RoleFormFactory;
30
31
use UnicaenAuth\Form\LoginFormFactory;
use UnicaenAuth\Form\LoginForm;
32
33
use UnicaenAuth\Form\ShibLoginForm;
use UnicaenAuth\Form\ShibLoginFormFactory;
34
35
use UnicaenAuth\Guard\PrivilegeControllerFactory;
use UnicaenAuth\Guard\PrivilegeRouteFactory;
36
use UnicaenAuth\Options\ModuleOptions;
37
use UnicaenAuth\ORM\Event\Listeners\HistoriqueListenerFactory;
38
use UnicaenAuth\Provider\Rule\PrivilegeRuleProviderFactory;
39
40
use UnicaenAuth\Service\CasService;
use UnicaenAuth\Service\CasServiceFactory;
41
42
use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\ShibServiceFactory;
43
use UnicaenAuth\Service\UserContext;
44
use UnicaenAuth\Service\UserContextFactory;
45
use UnicaenAuth\Service\UserFactory;
46
use UnicaenAuth\Service\UserMapperFactory;
47
48
49
50
51
use UnicaenAuth\View\Helper\CasConnectViewHelper;
use UnicaenAuth\View\Helper\CasConnectViewHelperFactory;
use UnicaenAuth\View\Helper\ConnectViewHelper;
use UnicaenAuth\View\Helper\DbConnectViewHelper;
use UnicaenAuth\View\Helper\DbConnectViewHelperFactory;
52
use UnicaenAuth\View\Helper\LdapConnectViewHelper;
53
use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
54
use UnicaenAuth\View\Helper\LocalConnectViewHelper;
55
use UnicaenAuth\View\Helper\LocalConnectViewHelperFactory;
56
use UnicaenAuth\View\Helper\ShibConnectViewHelper;
57
use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
use UnicaenAuth\View\Helper\UserConnection;
use UnicaenAuth\View\Helper\UserConnectionFactory;
use UnicaenAuth\View\Helper\UserCurrent;
use UnicaenAuth\View\Helper\UserCurrentFactory;
use UnicaenAuth\View\Helper\UserInfo;
use UnicaenAuth\View\Helper\UserInfoFactory;
use UnicaenAuth\View\Helper\UserProfile;
use UnicaenAuth\View\Helper\UserProfileFactory;
use UnicaenAuth\View\Helper\UserProfileSelect;
use UnicaenAuth\View\Helper\UserProfileSelectFactory;
use UnicaenAuth\View\Helper\UserProfileSelectRadioItem;
use UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory;
use UnicaenAuth\View\Helper\UserStatus;
use UnicaenAuth\View\Helper\UserStatusFactory;
use UnicaenAuth\View\Helper\UserUsurpationHelper;
73
use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;
Bertrand Gauthier's avatar
Bertrand Gauthier committed
74
75
use Laminas\Authentication\AuthenticationService;
use Laminas\ServiceManager\Proxy\LazyServiceFactory;
76

77
$settings = [
78
79
80
81
82
83
84
85
86
    /**
     * Tous les types d'authentification supportés par le module unicaen/auth.
     */
    'auth_types' => [
        'local', // càd 'ldap' et 'db'
        'cas',
        'shib',
    ],

87
    /**
88
     * Configuration de l'authentification centralisée (CAS).
89
     */
90
    'cas' => [
91
        /**
92
         * Ordre d'affichage du formulaire de connexion.
93
         */
94
95
96
97
98
        'order' => 1,

        /**
         * Activation ou non de ce mode d'authentification.
         */
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
        'enabled' => true,

        /**
         * Description facultative de ce mode d'authentification qui apparaîtra sur la page de connexion.
         */
        'description' => "Cliquez sur le bouton ci-dessous pour accéder à l'authentification centralisée.",

        /**
         * Adapter compétent pour réaliser l'authentification de l'utilisateur.
         */
        'adapter' => Cas::class,

        /**
         * Service/formulaire d'authentification à utiliser.
         */
        'form' => CasLoginForm::class,

        /**
         * Infos de connexion au serveur CAS.
         */
        'connection' => [
            'default' => [
                'params' => [
                    'hostname' => 'host.domain.fr',
                    'port'     => 443,
                    'version'  => "2.0",
                    'uri'      => "",
                    'debug'    => false,
                ],
            ],
        ]
    ],

    /**
     * Configuration de l'authentification locale (compte LDAP établissement, ou compte BDD application).
     */
    'local' => [
        'order' => 2,
        'enabled' => true,
        'description' => "Utilisez ce formulaire si vous possédez un compte LDAP établissement ou un compte local dédié à l'application.",

        'form' => LoginForm::class,

        /**
         * Mode d'authentification à l'aide d'un compte dans la BDD de l'application.
         */
        'db' => [
            'enabled' => true, // doit être activé pour que l'usurpation fonctionne (cf. Authentication/Storage/Db::read()) :-/ todo: faire mieux
            'adapter' => Db::class,
            'form' => LoginForm::class,
        ],
150
151

        /**
152
         * Mode d'authentification à l'aide d'un compte LDAP.
153
         */
154
155
156
157
158
159
160
161
162
163
164
165
166
        'ldap' => [
            'enabled' => true,
            'adapter' => Ldap::class,
            'form' => LoginForm::class,
        ],
    ],

    /**
     * Configuration de l'authentification via la fédération d'identité (Shibboleth).
     */
    'shib' => [
        'order' => 3,
        'enabled' => false,
167
        'description' => "Cliquez sur le bouton ci-dessous pour accéder à l'authentification via la fédération d'identité.",
168
169
        'adapter' => Shib::class,
        'form' => ShibLoginForm::class,
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203

        /**
         * URL de déconnexion.
         */
        //'logout_url' => '/Shibboleth.sso/Logout?return=', // NB: '?return=' semble obligatoire!

        /*
        'simulate' => [
            'eppn'        => 'login@domain.fr',
            'supannEmpId' => '00012345',
        ],
        'aliases' => [
            'eppn'                   => 'HTTP_EPPN',
            'mail'                   => 'HTTP_MAIL',
            'eduPersonPrincipalName' => 'HTTP_EPPN',
            'supannEtuId'            => 'HTTP_SUPANNETUID',
            'supannEmpId'            => 'HTTP_SUPANNEMPID',
            'supannCivilite'         => 'HTTP_SUPANNCIVILITE',
            'displayName'            => 'HTTP_DISPLAYNAME',
            'sn'                     => 'HTTP_SN',
            'givenName'              => 'HTTP_GIVENNAME',
        ],
        /*
        'required_attributes' => [
            'eppn',
            'mail',
            'eduPersonPrincipalName',
            'supannCivilite',
            'displayName',
            'sn|surname', // i.e. 'sn' ou 'surname'
            'givenName',
            'supannEtuId|supannEmpId',
        ],
        */
204
205
206
207
208
209
210
211
212
213

        /**
         * Configuration de la stratégie d'extraction d'un identifiant utile parmi les données d'authentification
         * shibboleth.
         * Ex: identifiant de l'usager au sein du référentiel établissement, transmis par l'IDP via le supannRefId.
         */
        'shib_user_id_extractor' => [
            /*
            // domaine (ex: 'unicaen.fr') de l'EPPN (ex: hochonp@unicaen.fr')
            'unicaen.fr' => [
214
                'supannRefId' => [
215
216
217
218
219
                    // nom du 1er attribut recherché
                    'name' => 'supannRefId', // ex: '{OCTOPUS:ID}1234;{ISO15693}044D1AZE7A5P80'
                    // pattern éventuel pour extraire la partie intéressante
                    'preg_match_pattern' => '|\{OCTOPUS:ID\}(\d+)|', // ex: permet d'extraire '1234'
                ],
220
                'supannEmpId' => [
221
222
223
224
225
                    // nom du 2e attribut recherché, si le 1er est introuvable
                    'name' => 'supannEmpId',
                    // pas de pattern donc valeur brute utilisée
                    'preg_match_pattern' => null,
                ],
226
                'supannEtuId' => [
227
228
229
230
231
232
233
                    // nom du 3e attribut recherché, si le 2e est introuvable
                    'name' => 'supannEtuId',
                ],
            ],
            */
            // config de repli pour tous les autres domaines
            'default' => [
234
                'supannEmpId' => [
235
236
                    'name' => 'supannEmpId',
                ],
237
                'supannEtuId' => [
238
239
240
241
                    'name' => 'supannEtuId',
                ],
            ],
        ],
242
243
    ],

244
245
246
    /**
     * Fournisseurs d'identité.
     */
247
    'identity_providers'  => [
248
249
        300 => 'UnicaenAuth\Provider\Identity\Basic', // en 1er
        200 => 'UnicaenAuth\Provider\Identity\Db',    // en 2e
250
        100 => 'UnicaenAuth\Provider\Identity\Ldap',  // en 3e @deprecated
251
    ],
252
253
254
255
256

    /**
     * Attribut LDAP utilisé pour le username des utilisateurs
     */
    'ldap_username' => 'supannaliaslogin',
257
258
];

259
260
return [
    'zfcuser'         => [
261
        /**
262
263
264
         * Enable registration
         * Allows users to register through the website.
         * Accepted values: boolean true or false
265
         */
266
        'enable_registration'     => true,
267
        /**
268
269
270
271
272
         * Modes for authentication identity match
         * Specify the allowable identity modes, in the order they should be
         * checked by the Authentication plugin.
         * Default value: array containing 'email'
         * Accepted values: array containing one or more of: email, username
273
         */
274
275
276
277
278
279
280
281
        'auth_identity_fields'    => ['username', 'email'],
        /**
         * Login Redirect Route
         * Upon successful login the user will be redirected to the entered route
         * Default value: 'zfcuser'
         * Accepted values: A valid route name within your application
         */
        'login_redirect_route'    => 'home',
282
        /**
283
284
285
286
         * Logout Redirect Route
         * Upon logging out the user will be redirected to the enterd route
         * Default value: 'zfcuser/login'
         * Accepted values: A valid route name within your application
287
         */
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
        'logout_redirect_route'   => 'home',
        /**
         * Enable Username
         * Enables username field on the registration form, and allows users to log
         * in using their username OR email address. Default is false.
         * Accepted values: boolean true or false
         */
        'enable_username'         => false,
        /**
         * Enable Display Name
         * Enables a display name field on the registration form, which is persisted
         * in the database. Default value is false.
         * Accepted values: boolean true or false
         */
        'enable_display_name'     => true,
        /**
         * Authentication Adapters
         * Specify the adapters that will be used to try and authenticate the user
         * Default value: array containing 'ZfcUser\Authentication\Adapter\Db' with priority 100
         * Accepted values: array containing services that implement 'ZfcUser\Authentication\Adapter\ChainableAdapter'
         */
309
310
        'auth_adapters' => [
            400 => LocalAdapter::class, // délègue à Db et Ldap
311
312
            100 => 'UnicaenAuth\Authentication\Adapter\Cas',
            50 =>  'UnicaenAuth\Authentication\Adapter\Shib',
313
314
315
316
317
318
        ],

        // telling ZfcUser to use our own class
        'user_entity_class'       => 'UnicaenAuth\Entity\Db\User',
        // telling ZfcUserDoctrineORM to skip the entities it defines
        'enable_default_entities' => false,
319
    ],
320
    'bjyauthorize'    => [
321

322
323
324
        /* role providers simply provide a list of roles that should be inserted
         * into the Zend\Acl instance. the module comes with two providers, one
         * to specify roles in a config file and one to load roles using a
Bertrand Gauthier's avatar
Bertrand Gauthier committed
325
         * Laminas\Db adapter.
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
         */
        'role_providers'    => [
            /**
             * 2 rôles doivent systématiquement exister dans les ACL :
             * - le rôle par défaut 'guest', c'est le rôle de tout utilisateur non authentifié.
             * - le rôle 'user', c'est le rôle de tout utilisateur authentifié.
             */
            'UnicaenAuth\Provider\Role\Config'   => [
                'guest' => ['name' => "Non authentifié(e)", 'selectable' => false, 'children' => [
                    'user' => ['name' => "Authentifié(e)", 'selectable' => false],
                ]],
            ],
        ],

        // strategy service name for the strategy listener to be used when permission-related errors are detected
        //    'unauthorized_strategy' => 'BjyAuthorize\View\RedirectionStrategy',
        'unauthorized_strategy' => 'UnicaenAuth\View\RedirectionStrategy',

        /* Currently, only controller and route guards exist
345
         */
346
347
348
349
350
351
        'guards'                => [
            /* If this guard is specified here (i.e. it is enabled), it will block
             * access to all controllers and actions unless they are specified here.
             * You may omit the 'action' index to allow access to the entire controller
             */
            'BjyAuthorize\Guard\Controller'         => [
352
353
354
                ['controller' => 'index', 'action' => 'index', 'roles' => 'guest'],
                ['controller' => 'zfcuser', 'roles' => 'guest'],
                ['controller' => 'Application\Controller\Index', 'roles' => 'guest'],
355

356
357
358
359
360
361
362
363
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'etab', 'roles' => 'guest'],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'apropos', 'roles' => 'guest'],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'contact', 'roles' => 'guest'],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'plan', 'roles' => 'guest'],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'mentions-legales', 'roles' => 'guest'],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'informatique-et-libertes', 'roles' => 'guest'],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'refresh-session', 'roles' => 'guest'],
                ['controller' => 'UnicaenAuth\Controller\Utilisateur', 'action' => 'selectionner-profil', 'roles' => 'guest'],
364
365
                ['controller' => 'UnicaenAuth\Controller\Utilisateur', 'action' => 'usurper-identite', 'roles' => 'guest'],
                ['controller' => 'UnicaenAuth\Controller\Utilisateur', 'action' => 'stopper-usurpation', 'roles' => 'guest'],
366

367
368
369
                ['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'login', 'roles' => 'guest'],
                ['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'authenticate', 'roles' => 'guest'],
                ['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'logout', 'roles' => 'guest'],
370
371
372
                ['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'shibboleth', 'roles' => 'guest'],
                ['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'requestPasswordReset', 'roles' => 'guest'],
                ['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'changePassword', 'roles' => 'guest'],
373
            ],
374
375
        ],
    ],
376
377
    'unicaen-auth'    => $settings,
    'doctrine'        => [
378
        'driver' => [
379
            // overriding zfc-user-doctrine-orm's config
380
            'zfcuser_entity'  => [
381
                'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
382
                'paths' => [
383
384
                    __DIR__ . '/../src/UnicaenAuth/Entity/Db',
                ],
385
386
            ],
            'orm_auth_driver' => [
387
388
                'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
                'cache' => 'array',
389
                'paths' => [
390
391
                    __DIR__ . '/../src/UnicaenAuth/Entity/Db',
                ],
392
            ],
393
            'orm_default'     => [
394
                'class'   => 'Doctrine\ORM\Mapping\Driver\DriverChain',
395
                'drivers' => [
396
                    'UnicaenAuth\Entity\Db' => 'zfcuser_entity',
397
398
                    'UnicaenAuth\Entity\Db' => 'orm_auth_driver',
                ],
399
400
401
            ],
        ],
    ],
402
403
    'view_manager'    => [
        'template_map'        => [
404
            'error/403' => __DIR__ . '/../view/error/403.phtml',
405
406
        ],
        'template_path_stack' => [
407
            'unicaen-auth' => __DIR__ . '/../view',
408
409
        ],
    ],
410
    'translator'      => [
411
412
        'translation_file_patterns' => [
            [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
413
414
415
                'type'     => 'gettext',
                'base_dir' => __DIR__ . '/../language',
                'pattern'  => '%s.mo',
416
417
418
            ],
        ],
    ],
419
    'router'          => [
420
        'routes' => [
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
            'auth'     => [
                'type'          => 'Literal',
                'options'       => [
                    'route'    => '/auth',
                    'defaults' => [
                        'controller' => 'UnicaenAuth\Controller\Auth',
                    ],
                ],
                'may_terminate' => false,
                'child_routes'  => [
                    'shibboleth' => [
                        'type' => 'Literal',
                        'options' => [
                            'route'    => '/shibboleth',
                            'defaults' => [
                                'action'     => 'shibboleth',
                            ],
                        ],
                    ],
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
                    'requestPasswordReset' => [
                        'type'    => 'Segment',
                        'options' => [
                            'route'    => '/request-password-reset',
                            'defaults' => [
                                'action'     => 'requestPasswordReset',
                            ],
                        ],
                    ],
                    'changePassword' => [
                        'type'    => 'Segment',
                        'options' => [
                            'route'    => '/change-password/:token',
                            'defaults' => [
                                'action'     => 'changePassword',
                            ],
                        ],
                    ],
458
459
                ],
            ],
460
461
462
463
464
            'zfcuser'     => [
                'type'          => 'Literal',
                'priority'      => 1000,
                'options'       => [
                    'route'    => '/auth',
465
                    'defaults' => [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
466
467
                        'controller' => 'zfcuser',
                        'action'     => 'index',
468
469
                    ],
                ],
Bertrand Gauthier's avatar
Bertrand Gauthier committed
470
                'may_terminate' => true,
471
472
                'child_routes'  => [
                    'login'    => [
473
                        'type'    => 'Segment',
474
                        'options' => [
475
                            'route'    => '/connexion[/:type]',
476
                            'defaults' => [
477
                                'controller' => 'UnicaenAuth\Controller\Auth', // remplace 'zfcuser'
Bertrand Gauthier's avatar
Bertrand Gauthier committed
478
                                'action'     => 'login',
479
480
481
                            ],
                        ],
                    ],
482
483
484
485
486
487
488
489
490
491
                    'authenticate' => array(
                        'type' => 'Segment',
                        'options' => array(
                            'route' => '/authenticate/:type',
                            'defaults' => array(
                                'controller' => 'UnicaenAuth\Controller\Auth', // remplace 'zfcuser'
                                'action'     => 'authenticate',
                            ),
                        ),
                    ),
492
493
                    'logout'   => [
                        'type'    => 'Literal',
494
                        'options' => [
495
                            'route'    => '/deconnexion',
496
                            'defaults' => [
497
                                'controller' => 'UnicaenAuth\Controller\Auth', // remplace 'zfcuser'
Bertrand Gauthier's avatar
Bertrand Gauthier committed
498
                                'action'     => 'logout',
499
500
501
502
                            ],
                        ],
                    ],
                    'register' => [
503
                        'type'    => 'Literal',
504
                        'options' => [
505
                            'route'    => '/creation-compte',
506
                            'defaults' => [
507
508
                                'controller' => 'zfcuser',
                                'action'     => 'register',
509
510
511
512
513
514
                            ],
                        ],
                    ],
                ],
            ],
            'utilisateur' => [
515
516
                'type'          => 'Literal',
                'options'       => [
517
                    'route'    => '/utilisateur',
518
                    'defaults' => [
519
520
521
                        '__NAMESPACE__' => 'UnicaenAuth\Controller',
                        'controller'    => 'Utilisateur',
                        'action'        => 'index',
522
523
                    ],
                ],
524
                'may_terminate' => true,
525
                'child_routes'  => [
526
                    'default' => [
527
                        'type'    => 'Segment',
528
                        'options' => [
529
                            'route'       => '/:action[/:id]',
530
                            'constraints' => [
531
532
                                'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
                                'id'     => '[0-9]*',
533
                            ],
534
                            'defaults'    => [
535
                                'action' => 'index',
536
537
538
539
540
                            ],
                        ],
                    ],
                ],
            ],
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
            'droits'      => [
                'type'          => 'Literal',
                'options'       => [
                    'route'    => '/droits',
                    'defaults' => [
                        '__NAMESPACE__' => 'UnicaenAuth\Controller',
                        'controller'    => 'Droits',
                        'action'        => 'index',
                    ],
                ],
                'may_terminate' => true,
                'child_routes'  => [
                    'roles'      => [
                        'type'          => 'Segment',
                        'may_terminate' => true,
                        'options'       => [
                            'route'    => '/roles',
                            'defaults' => [
                                'action' => 'roles',
                            ],
                        ],
                        'child_routes'  => [
                            'edition'     => [
                                'type'          => 'Segment',
                                'may_terminate' => true,
                                'options'       => [
                                    'route'       => '/edition[/:role]',
                                    'constraints' => [
                                        'role' => '[0-9]*',
                                    ],
                                    'defaults'    => [
                                        'action' => 'role-edition',
                                    ],
                                ],
                            ],
                            'suppression' => [
                                'type'          => 'Segment',
                                'may_terminate' => true,
                                'options'       => [
                                    'route'       => '/suppression/:role',
                                    'constraints' => [
                                        'role' => '[0-9]*',
                                    ],
                                    'defaults'    => [
                                        'action' => 'role-suppression',
                                    ],
                                ],
                            ],
                        ],
                    ],
                    'privileges' => [
                        'type'          => 'Literal',
                        'may_terminate' => true,
                        'options'       => [
                            'route'    => '/privileges',
                            'defaults' => [
                                'action' => 'privileges',
                            ],
                        ],
                        'child_routes'  => [
                            'modifier' => [
                                'type'          => 'Segment',
                                'may_terminate' => true,
                                'options'       => [
                                    'route'    => '/modifier',
                                    'defaults' => [
                                        'action' => 'privileges-modifier',
                                    ],
                                ],
                            ],
                        ],
                    ],
                ],
            ],
615
616
        ],
    ],
Bertrand Gauthier's avatar
Bertrand Gauthier committed
617
    // All navigation-related configuration is collected in the 'navigation' key
618
    'navigation'      => [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
619
        // The DefaultNavigationFactory we configured uses 'default' as the sitemap key
620
        'default' => [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
621
            // And finally, here is where we define our page hierarchy
622
623
            'home' => [
                'pages' => [
624
625
626
627
                    'login'    => [
                        'label'   => _("Connexion"),
                        'route'   => 'zfcuser/login',
                        'visible' => false,
628
629
                    ],
                    'register' => [
630
                        'label'   => _("Enregistrement"),
Bertrand Gauthier's avatar
Bertrand Gauthier committed
631
632
                        'route'   => 'zfcuser/register',
                        'visible' => false,
633
634
635
636
637
                    ],
                ],
            ],
        ],
    ],
638
639
640
641
642
643
    //
    //( ! ) Warning: Declaration of
    // Application\Service\UserContextServiceAwareTrait::setUserContextService(Application\Service\UserContextService $userContextService)
    // should be compatible with
    // UnicaenAuth\Controller\UtilisateurController::setUserContextService(UnicaenAuth\Service\UserContext $userContextService)
    // in /var/www/sygal/module/Application/src/Application/Controller/UtilisateurController.php on line 34
644
645
    'service_manager' => [
        'aliases'            => [
646
            'unicaen-auth_module_options' => ModuleOptions::class,
647
            'zfcuser_login_form' => LoginForm::class,
Bertrand Gauthier's avatar
Bertrand Gauthier committed
648
            'Laminas\Authentication\AuthenticationService' => 'zfcuser_auth_service',
649
            'UnicaenAuth\Privilege\PrivilegeProvider'   => 'UnicaenAuth\Service\Privilege',
650
            '\UnicaenAuth\Guard\PrivilegeController'    => 'UnicaenAuth\Guard\PrivilegeController',
651
652

            'unicaen-auth_user_service'               => 'UnicaenAuth\Service\User', // pour la compatibilité
653
654
            'authUserContext'                         => UserContext::class, // pour la compatibilité
            'AuthUserContext'                         => UserContext::class, // pour la compatibilité
655
656
657
658
659
660
        ],
        'invokables'         => [
            'UnicaenAuth\View\RedirectionStrategy'    => 'UnicaenAuth\View\RedirectionStrategy',
            'UnicaenAuth\Service\CategoriePrivilege'  => 'UnicaenAuth\Service\CategoriePrivilegeService',
        ],
        'factories'          => [
661
            ModuleOptions::class                       => 'UnicaenAuth\Options\ModuleOptionsFactory',
662
663
664
665
666
667
668
669
670
            'zfcuser_auth_service'                     => 'UnicaenAuth\Authentication\AuthenticationServiceFactory',
            'UnicaenAuth\Authentication\Storage\Chain' => 'UnicaenAuth\Authentication\Storage\ChainServiceFactory',
            'UnicaenAuth\Provider\Identity\Chain'      => 'UnicaenAuth\Provider\Identity\ChainServiceFactory',
            'UnicaenAuth\Provider\Identity\Ldap'       => 'UnicaenAuth\Provider\Identity\LdapServiceFactory',
            'UnicaenAuth\Provider\Identity\Db'         => 'UnicaenAuth\Provider\Identity\DbServiceFactory',
            'UnicaenAuth\Provider\Identity\Basic'      => 'UnicaenAuth\Provider\Identity\BasicServiceFactory',
            'UnicaenAuth\Provider\Role\Config'         => 'UnicaenAuth\Provider\Role\ConfigServiceFactory',
            'UnicaenAuth\Provider\Role\DbRole'         => 'UnicaenAuth\Provider\Role\DbRoleServiceFactory',
            'UnicaenAuth\Provider\Role\Username'       => 'UnicaenAuth\Provider\Role\UsernameServiceFactory',
Bertrand Gauthier's avatar
Bertrand Gauthier committed
671
672
            'UnicaenAuth\Service\Role'                 => 'UnicaenAuth\Service\RoleServiceFactory',
            'UnicaenAuth\Service\Privilege'            => 'UnicaenAuth\Service\PrivilegeServiceFactory',
673
674
            'BjyAuthorize\Service\Authorize'           => 'UnicaenAuth\Service\AuthorizeServiceFactory', // substituion
            'zfcuser_redirect_callback'                => 'UnicaenAuth\Authentication\RedirectCallbackFactory', // substituion
675
            CasService::class                          => CasServiceFactory::class,
676
            ShibService::class                         => ShibServiceFactory::class,
677
            UserContext::class                         => UserContextFactory::class,
678
            'zfcuser_user_mapper'                      => UserMapperFactory::class,
679
            'MouchardCompleterAuth'        => 'UnicaenAuth\Mouchard\MouchardCompleterAuthFactory',
680
            LocalAdapter::class => LocalAdapterFactory::class,
681
682
683
684
            'UnicaenAuth\Authentication\Adapter\Ldap' => LdapAdapterFactory::class,
            'UnicaenAuth\Authentication\Adapter\Db'   => DbAdapterFactory::class,
            'UnicaenAuth\Authentication\Adapter\Cas'  => CasAdapterFactory::class,
            'UnicaenAuth\Authentication\Adapter\Shib' => ShibAdapterFactory::class,
685
686
687
            'UnicaenAuth\Authentication\Storage\Db'   => DbFactory::class,
            'UnicaenAuth\Authentication\Storage\Ldap' => LdapFactory::class,
            'UnicaenAuth\Authentication\Storage\Shib' => ShibFactory::class,
688
689
            Usurpation::class => UsurpationFactory::class,
            Auth::class => AuthFactory::class,
690
691
692
            'UnicaenAuth\Service\User'                => UserFactory::class,
            'UnicaenAuth\Guard\PrivilegeController'   => PrivilegeControllerFactory::class,
            'UnicaenAuth\Guard\PrivilegeRoute'        => PrivilegeRouteFactory::class,
693
            'UnicaenAuth\Provider\Rule\PrivilegeRuleProvider' => PrivilegeRuleProviderFactory::class,
694

695
696
697

            // verrue pour forcer le label de l'identifiant qqsoit l'options 'auth_identity_fields'
            LoginForm::class => LoginFormFactory::class,
698
699
700
701
            CasLoginForm::class => CasLoginFormFactory::class,
            ShibLoginForm::class => ShibLoginFormFactory::class,
            'ZfcUser\Authentication\Adapter\AdapterChain' => AdapterChainServiceFactory::class,

702
703
            'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class,
            'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class,
704
            \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class
705
        ],
706
707
708
709
710
711
712
713
714
715
716
        'lazy_services' => [
            // Mapping services to their class names is required since the ServiceManager is not a declarative DIC.
            'class_map' => [
                'zfcuser_auth_service' => AuthenticationService::class,
            ],
        ],
        'delegators' => [
            'zfcuser_auth_service' => [
                LazyServiceFactory::class,
            ],
        ],
717
718
        'shared' => [
            'MouchardCompleterAuth'        => false,
719
720
721
722
723
724
725
        ],
        'initializers'       => [
            'UnicaenAuth\Service\UserAwareInitializer',
        ],
    ],

    'controllers'   => [
726
727
        'aliases' => [
            'UnicaenAuth\Controller\Auth' => AuthController::class,
728
        ],
729
        'factories' => [
730
            AuthController::class => AuthControllerFactory::class,
731
732
            'UnicaenAuth\Controller\Utilisateur' => UtilisateurControllerFactory::class,
            'UnicaenAuth\Controller\Droits'      => DroitsControllerFactory::class,
733
        ],
734
735
736
737
    ],

    'form_elements' => [
        'invokables' => [
738
739
740
        ],
        'factories' => [
            'UnicaenAuth\Form\Droits\Role' => RoleFormFactory::class,
741
742
        ],
    ],
743

744
    'view_helpers'  => [
745
746
747
748
749
750
751
752
753
        'aliases' => [
            'userConnection'             => UserConnection::class,
            'userCurrent'                => UserCurrent::class,
            'userStatus'                 => UserStatus::class,
            'userProfile'                => UserProfile::class,
            'userInfo'                   => UserInfo::class,
            'userProfileSelect'          => UserProfileSelect::class,
            'userProfileSelectRadioItem' => UserProfileSelectRadioItem::class,
            'userUsurpation'             => UserUsurpationHelper::class,
754
            'dbConnect'                  => DbConnectViewHelper::class,
755
756
757
            'localConnect'               => LocalConnectViewHelper::class,
            'ldapConnect'                => LdapConnectViewHelper::class,
            'shibConnect'                => ShibConnectViewHelper::class,
758
759
            'casConnect'                 => CasConnectViewHelper::class,
            'connect'                    => ConnectViewHelper::class,
760
761
762
763
764
765
766
767
768
769
        ],
        'factories' => [
            UserConnection::class             => UserConnectionFactory::class,
            UserCurrent::class                => UserCurrentFactory::class,
            UserStatus::class                 => UserStatusFactory::class,
            UserProfile::class                => UserProfileFactory::class,
            UserInfo::class                   => UserInfoFactory::class,
            UserProfileSelect::class          => UserProfileSelectFactory::class,
            UserProfileSelectRadioItem::class => UserProfileSelectRadioItemFactory::class,
            UserUsurpationHelper::class       => UserUsurpationHelperFactory::class,
770
            DbConnectViewHelper::class        => DbConnectViewHelperFactory::class,
771
772
773
            LocalConnectViewHelper::class     => LocalConnectViewHelperFactory::class,
            LdapConnectViewHelper::class      => LdapConnectViewHelperFactory::class,
            ShibConnectViewHelper::class      => ShibConnectViewHelperFactory::class,
774
            CasConnectViewHelper::class       => CasConnectViewHelperFactory::class,
775
776
777
        ],
        'invokables' => [
            'appConnection' => 'UnicaenAuth\View\Helper\AppConnection',
778
            ConnectViewHelper::class,
779
780
        ],
    ],
781
];