module.config.php 20 KB
Newer Older
Bertrand Gauthier's avatar
Bertrand Gauthier committed
1
<?php
2

3
4
5
use UnicaenAuth\Controller\AuthControllerFactory;
use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\ShibServiceFactory;
6
use UnicaenAuth\Service\UserContextFactory;
7
use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
8
use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;
9

10
$settings = [
11
12
13
    /**
     * Fournisseurs d'identité.
     */
14
    'identity_providers'  => [
15
16
        300 => 'UnicaenAuth\Provider\Identity\Basic', // en 1er
        200 => 'UnicaenAuth\Provider\Identity\Db',    // en 2e
17
        100 => 'UnicaenAuth\Provider\Identity\Ldap',  // en 3e @deprecated
18
19
20
    ],
];

21
22
return [
    'zfcuser'         => [
23
        /**
24
25
26
         * Enable registration
         * Allows users to register through the website.
         * Accepted values: boolean true or false
27
         */
28
        'enable_registration'     => true,
29
        /**
30
31
32
33
34
         * Modes for authentication identity match
         * Specify the allowable identity modes, in the order they should be
         * checked by the Authentication plugin.
         * Default value: array containing 'email'
         * Accepted values: array containing one or more of: email, username
35
         */
36
37
38
39
40
41
42
43
        'auth_identity_fields'    => ['username', 'email'],
        /**
         * Login Redirect Route
         * Upon successful login the user will be redirected to the entered route
         * Default value: 'zfcuser'
         * Accepted values: A valid route name within your application
         */
        'login_redirect_route'    => 'home',
44
        /**
45
46
47
48
         * Logout Redirect Route
         * Upon logging out the user will be redirected to the enterd route
         * Default value: 'zfcuser/login'
         * Accepted values: A valid route name within your application
49
         */
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
        'logout_redirect_route'   => 'home',
        /**
         * Enable Username
         * Enables username field on the registration form, and allows users to log
         * in using their username OR email address. Default is false.
         * Accepted values: boolean true or false
         */
        'enable_username'         => false,
        /**
         * Enable Display Name
         * Enables a display name field on the registration form, which is persisted
         * in the database. Default value is false.
         * Accepted values: boolean true or false
         */
        'enable_display_name'     => true,
        /**
         * Authentication Adapters
         * Specify the adapters that will be used to try and authenticate the user
         * Default value: array containing 'ZfcUser\Authentication\Adapter\Db' with priority 100
         * Accepted values: array containing services that implement 'ZfcUser\Authentication\Adapter\ChainableAdapter'
         */
        'auth_adapters'           => [
            300 => 'UnicaenAuth\Authentication\Adapter\Ldap', // notifié en 1er
            200 => 'UnicaenAuth\Authentication\Adapter\Db',   //         ensuite (si échec d'authentification Ldap)
            100 => 'UnicaenAuth\Authentication\Adapter\Cas',  //         ensuite (si échec d'authentification Db)
        ],

        // telling ZfcUser to use our own class
        'user_entity_class'       => 'UnicaenAuth\Entity\Db\User',
        // telling ZfcUserDoctrineORM to skip the entities it defines
        'enable_default_entities' => false,
81
    ],
82
    'bjyauthorize'    => [
83

84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
        /* role providers simply provide a list of roles that should be inserted
         * into the Zend\Acl instance. the module comes with two providers, one
         * to specify roles in a config file and one to load roles using a
         * Zend\Db adapter.
         */
        'role_providers'    => [
            /**
             * 2 rôles doivent systématiquement exister dans les ACL :
             * - le rôle par défaut 'guest', c'est le rôle de tout utilisateur non authentifié.
             * - le rôle 'user', c'est le rôle de tout utilisateur authentifié.
             */
            'UnicaenAuth\Provider\Role\Config'   => [
                'guest' => ['name' => "Non authentifié(e)", 'selectable' => false, 'children' => [
                    'user' => ['name' => "Authentifié(e)", 'selectable' => false],
                ]],
            ],
        ],

        // strategy service name for the strategy listener to be used when permission-related errors are detected
        //    'unauthorized_strategy' => 'BjyAuthorize\View\RedirectionStrategy',
        'unauthorized_strategy' => 'UnicaenAuth\View\RedirectionStrategy',

        /* Currently, only controller and route guards exist
107
         */
108
109
110
111
112
113
114
115
116
        'guards'                => [
            /* If this guard is specified here (i.e. it is enabled), it will block
             * access to all controllers and actions unless they are specified here.
             * You may omit the 'action' index to allow access to the entire controller
             */
            'BjyAuthorize\Guard\Controller'         => [
                ['controller' => 'index', 'action' => 'index', 'roles' => []],
                ['controller' => 'zfcuser', 'roles' => []],
                ['controller' => 'Application\Controller\Index', 'roles' => []],
117

118
119
120
121
122
123
124
125
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'etab', 'roles' => []],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'apropos', 'roles' => []],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'contact', 'roles' => []],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'plan', 'roles' => []],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'mentions-legales', 'roles' => []],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'informatique-et-libertes', 'roles' => []],
                ['controller' => 'UnicaenApp\Controller\Application', 'action' => 'refresh-session', 'roles' => []],
                ['controller' => 'UnicaenAuth\Controller\Utilisateur', 'action' => 'selectionner-profil', 'roles' => []],
126
127

                ['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'shibboleth', 'roles' => []],
128
            ],
129
130
        ],
    ],
131
132
    'unicaen-auth'    => $settings,
    'doctrine'        => [
133
        'driver' => [
134
            // overriding zfc-user-doctrine-orm's config
135
            'zfcuser_entity'  => [
136
                'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
137
                'paths' => [
138
139
                    __DIR__ . '/../src/UnicaenAuth/Entity/Db',
                ],
140
141
            ],
            'orm_auth_driver' => [
142
143
                'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
                'cache' => 'array',
144
                'paths' => [
145
146
                    __DIR__ . '/../src/UnicaenAuth/Entity/Db',
                ],
147
            ],
148
            'orm_default'     => [
149
                'class'   => 'Doctrine\ORM\Mapping\Driver\DriverChain',
150
                'drivers' => [
151
                    'UnicaenAuth\Entity\Db' => 'zfcuser_entity',
152
153
                    'UnicaenAuth\Entity\Db' => 'orm_auth_driver',
                ],
154
155
156
            ],
        ],
    ],
157
158
    'view_manager'    => [
        'template_map'        => [
159
            'error/403' => __DIR__ . '/../view/error/403.phtml',
160
161
        ],
        'template_path_stack' => [
162
            'unicaen-auth' => __DIR__ . '/../view',
163
164
        ],
    ],
165
    'translator'      => [
166
167
        'translation_file_patterns' => [
            [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
168
169
170
                'type'     => 'gettext',
                'base_dir' => __DIR__ . '/../language',
                'pattern'  => '%s.mo',
171
172
173
            ],
        ],
    ],
174
    'router'          => [
175
        'routes' => [
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
            'auth'     => [
                'type'          => 'Literal',
                'options'       => [
                    'route'    => '/auth',
                    'defaults' => [
                        'controller' => 'UnicaenAuth\Controller\Auth',
                    ],
                ],
                'may_terminate' => false,
                'child_routes'  => [
                    'shibboleth' => [
                        'type' => 'Literal',
                        'options' => [
                            'route'    => '/shibboleth',
                            'defaults' => [
                                'action'     => 'shibboleth',
                            ],
                        ],
                    ],
                ],
            ],
197
198
199
200
201
            'zfcuser'     => [
                'type'          => 'Literal',
                'priority'      => 1000,
                'options'       => [
                    'route'    => '/auth',
202
                    'defaults' => [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
203
204
                        'controller' => 'zfcuser',
                        'action'     => 'index',
205
206
                    ],
                ],
Bertrand Gauthier's avatar
Bertrand Gauthier committed
207
                'may_terminate' => true,
208
209
210
                'child_routes'  => [
                    'login'    => [
                        'type'    => 'Literal',
211
                        'options' => [
212
                            'route'    => '/connexion',
213
                            'defaults' => [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
214
215
                                'controller' => 'zfcuser',
                                'action'     => 'login',
216
217
218
                            ],
                        ],
                    ],
219
220
                    'logout'   => [
                        'type'    => 'Literal',
221
                        'options' => [
222
                            'route'    => '/deconnexion',
223
                            'defaults' => [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
224
225
                                'controller' => 'zfcuser',
                                'action'     => 'logout',
226
227
228
229
                            ],
                        ],
                    ],
                    'register' => [
230
                        'type'    => 'Literal',
231
                        'options' => [
232
                            'route'    => '/creation-compte',
233
                            'defaults' => [
234
235
                                'controller' => 'zfcuser',
                                'action'     => 'register',
236
237
238
239
240
241
                            ],
                        ],
                    ],
                ],
            ],
            'utilisateur' => [
242
243
                'type'          => 'Literal',
                'options'       => [
244
                    'route'    => '/utilisateur',
245
                    'defaults' => [
246
247
248
                        '__NAMESPACE__' => 'UnicaenAuth\Controller',
                        'controller'    => 'Utilisateur',
                        'action'        => 'index',
249
250
                    ],
                ],
251
                'may_terminate' => true,
252
                'child_routes'  => [
253
                    'default' => [
254
                        'type'    => 'Segment',
255
                        'options' => [
256
                            'route'       => '/:action[/:id]',
257
                            'constraints' => [
258
259
                                'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
                                'id'     => '[0-9]*',
260
                            ],
261
                            'defaults'    => [
262
                                'action' => 'index',
263
264
265
266
267
                            ],
                        ],
                    ],
                ],
            ],
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
            'droits'      => [
                'type'          => 'Literal',
                'options'       => [
                    'route'    => '/droits',
                    'defaults' => [
                        '__NAMESPACE__' => 'UnicaenAuth\Controller',
                        'controller'    => 'Droits',
                        'action'        => 'index',
                    ],
                ],
                'may_terminate' => true,
                'child_routes'  => [
                    'roles'      => [
                        'type'          => 'Segment',
                        'may_terminate' => true,
                        'options'       => [
                            'route'    => '/roles',
                            'defaults' => [
                                'action' => 'roles',
                            ],
                        ],
                        'child_routes'  => [
                            'edition'     => [
                                'type'          => 'Segment',
                                'may_terminate' => true,
                                'options'       => [
                                    'route'       => '/edition[/:role]',
                                    'constraints' => [
                                        'role' => '[0-9]*',
                                    ],
                                    'defaults'    => [
                                        'action' => 'role-edition',
                                    ],
                                ],
                            ],
                            'suppression' => [
                                'type'          => 'Segment',
                                'may_terminate' => true,
                                'options'       => [
                                    'route'       => '/suppression/:role',
                                    'constraints' => [
                                        'role' => '[0-9]*',
                                    ],
                                    'defaults'    => [
                                        'action' => 'role-suppression',
                                    ],
                                ],
                            ],
                        ],
                    ],
                    'privileges' => [
                        'type'          => 'Literal',
                        'may_terminate' => true,
                        'options'       => [
                            'route'    => '/privileges',
                            'defaults' => [
                                'action' => 'privileges',
                            ],
                        ],
                        'child_routes'  => [
                            'modifier' => [
                                'type'          => 'Segment',
                                'may_terminate' => true,
                                'options'       => [
                                    'route'    => '/modifier',
                                    'defaults' => [
                                        'action' => 'privileges-modifier',
                                    ],
                                ],
                            ],
                        ],
                    ],
                ],
            ],
342
343
        ],
    ],
Bertrand Gauthier's avatar
Bertrand Gauthier committed
344
    // All navigation-related configuration is collected in the 'navigation' key
345
    'navigation'      => [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
346
        // The DefaultNavigationFactory we configured uses 'default' as the sitemap key
347
        'default' => [
Bertrand Gauthier's avatar
Bertrand Gauthier committed
348
            // And finally, here is where we define our page hierarchy
349
350
            'home' => [
                'pages' => [
351
352
353
354
                    'login'    => [
                        'label'   => _("Connexion"),
                        'route'   => 'zfcuser/login',
                        'visible' => false,
355
356
                    ],
                    'register' => [
357
                        'label'   => _("Enregistrement"),
Bertrand Gauthier's avatar
Bertrand Gauthier committed
358
359
                        'route'   => 'zfcuser/register',
                        'visible' => false,
360
361
362
363
364
                    ],
                ],
            ],
        ],
    ],
365
366
367
368
369
370
371
372
373
374
375
    'service_manager' => [
        'aliases'            => [
            'Zend\Authentication\AuthenticationService' => 'zfcuser_auth_service',
            'UnicaenAuth\Privilege\PrivilegeProvider'   => 'UnicaenAuth\Service\Privilege',

            'unicaen-auth_user_service'               => 'UnicaenAuth\Service\User', // pour la compatibilité
            'authUserContext'                         => 'UnicaenAuth\Service\UserContext', // pour la compatibilité
        ],
        'invokables'         => [
            'UnicaenAuth\Authentication\Storage\Db'   => 'UnicaenAuth\Authentication\Storage\Db',
            'UnicaenAuth\Authentication\Storage\Ldap' => 'UnicaenAuth\Authentication\Storage\Ldap',
376
            'UnicaenAuth\Authentication\Storage\Shib' => 'UnicaenAuth\Authentication\Storage\Shib',
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
            'UnicaenAuth\View\RedirectionStrategy'    => 'UnicaenAuth\View\RedirectionStrategy',
            'UnicaenAuth\Service\User'                => 'UnicaenAuth\Service\User',
            'UnicaenAuth\Service\CategoriePrivilege'  => 'UnicaenAuth\Service\CategoriePrivilegeService',
        ],
        'abstract_factories' => [
            'UnicaenAuth\Authentication\Adapter\AbstractFactory',
        ],
        'factories'          => [
            'unicaen-auth_module_options'              => 'UnicaenAuth\Options\ModuleOptionsFactory',
            'zfcuser_auth_service'                     => 'UnicaenAuth\Authentication\AuthenticationServiceFactory',
            'UnicaenAuth\Authentication\Storage\Chain' => 'UnicaenAuth\Authentication\Storage\ChainServiceFactory',
            'UnicaenAuth\Provider\Identity\Chain'      => 'UnicaenAuth\Provider\Identity\ChainServiceFactory',
            'UnicaenAuth\Provider\Identity\Ldap'       => 'UnicaenAuth\Provider\Identity\LdapServiceFactory',
            'UnicaenAuth\Provider\Identity\Db'         => 'UnicaenAuth\Provider\Identity\DbServiceFactory',
            'UnicaenAuth\Provider\Identity\Basic'      => 'UnicaenAuth\Provider\Identity\BasicServiceFactory',
            'UnicaenAuth\Provider\Role\Config'         => 'UnicaenAuth\Provider\Role\ConfigServiceFactory',
            'UnicaenAuth\Provider\Role\DbRole'         => 'UnicaenAuth\Provider\Role\DbRoleServiceFactory',
            'UnicaenAuth\Provider\Role\Username'       => 'UnicaenAuth\Provider\Role\UsernameServiceFactory',
Bertrand Gauthier's avatar
Bertrand Gauthier committed
395
396
            'UnicaenAuth\Service\Role'                 => 'UnicaenAuth\Service\RoleServiceFactory',
            'UnicaenAuth\Service\Privilege'            => 'UnicaenAuth\Service\PrivilegeServiceFactory',
397
398
            'BjyAuthorize\Service\Authorize'           => 'UnicaenAuth\Service\AuthorizeServiceFactory', // substituion
            'zfcuser_redirect_callback'                => 'UnicaenAuth\Authentication\RedirectCallbackFactory', // substituion
399
            ShibService::class                         => ShibServiceFactory::class,
400
            'UnicaenAuth\Service\UserContext'          => UserContextFactory::class,
401
402
403
404
            'MouchardCompleterAuth'        => 'UnicaenAuth\Mouchard\MouchardCompleterAuthFactory',
        ],
        'shared' => [
            'MouchardCompleterAuth'        => false,
405
406
407
408
409
410
411
412
413
414
415
        ],
        'initializers'       => [
            'UnicaenAuth\Service\UserAwareInitializer',
        ],
    ],

    'controllers'   => [
        'invokables' => [
            'UnicaenAuth\Controller\Utilisateur' => 'UnicaenAuth\Controller\UtilisateurController',
            'UnicaenAuth\Controller\Droits'      => 'UnicaenAuth\Controller\DroitsController',
        ],
416
417
418
        'factories' => [
            'UnicaenAuth\Controller\Auth'        => AuthControllerFactory::class,
        ],
419
420
421
422
423
424
425
    ],

    'form_elements' => [
        'invokables' => [
            'UnicaenAuth\Form\Droits\Role' => 'UnicaenAuth\Form\Droits\RoleForm',
        ],
    ],
426

427
    'view_helpers'  => [
428
429
430
431
432
433
434
435
        'factories'  => [
            'userConnection'             => 'UnicaenAuth\View\Helper\UserConnectionFactory',
            'userCurrent'                => 'UnicaenAuth\View\Helper\UserCurrentFactory',
            'userStatus'                 => 'UnicaenAuth\View\Helper\UserStatusFactory',
            'userProfile'                => 'UnicaenAuth\View\Helper\UserProfileFactory',
            'userInfo'                   => 'UnicaenAuth\View\Helper\UserInfoFactory',
            'userProfileSelect'          => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
            'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
436
            'userUsurpation'             => UserUsurpationHelperFactory::class,
437
            'shibConnect'                => ShibConnectViewHelperFactory::class,
438
439
440
441
442
        ],
        'invokables' => [
            'appConnection' => 'UnicaenAuth\View\Helper\AppConnection',
        ],
    ],
443
];