Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
lib
unicaen
auth
Commits
1b1a594e
Commit
1b1a594e
authored
Apr 19, 2018
by
Bertrand Gauthier
Browse files
Nouvelle technique pour usurper une identité.
parent
058ae8f8
Changes
2
Hide whitespace changes
Inline
Side-by-side
config/module.config.php
View file @
1b1a594e
...
...
@@ -122,6 +122,7 @@ return [
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'informatique-et-libertes'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'refresh-session'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenAuth\Controller\Utilisateur'
,
'action'
=>
'selectionner-profil'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenAuth\Controller\Utilisateur'
,
'action'
=>
'usurper-identite'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
'action'
=>
'shibboleth'
,
'roles'
=>
[]],
],
...
...
src/UnicaenAuth/Controller/UtilisateurController.php
View file @
1b1a594e
...
...
@@ -2,7 +2,13 @@
namespace
UnicaenAuth\Controller
;
use
UnicaenAuth\Entity\Db\UserInterface
;
use
UnicaenAuth\Entity\Ldap\People
;
use
UnicaenAuth\Entity\Shibboleth\ShibUser
;
use
UnicaenAuth\Options\ModuleOptions
;
use
Zend\Authentication\AuthenticationService
;
use
Zend\Http\Request
;
use
Zend\Http\Response
;
use
Zend\Mvc\Controller\AbstractActionController
;
/**
...
...
@@ -12,6 +18,62 @@ use Zend\Mvc\Controller\AbstractActionController;
*/
class
UtilisateurController
extends
AbstractActionController
{
/**
* Usurpe l'identité d'un autre utilisateur.
*
* @return Response
*/
public
function
usurperIdentiteAction
()
{
$request
=
$this
->
getRequest
();
if
(
!
$request
instanceof
Request
)
{
exit
(
1
);
}
$redirection
=
$this
->
redirect
()
->
toRoute
(
'home'
);
$newIdentity
=
$request
->
getQuery
(
'identity'
,
$request
->
getPost
(
'identity'
));
if
(
!
$newIdentity
)
{
return
$redirection
;
}
/** @var AuthenticationService $authenticationService */
$authenticationService
=
$this
->
getServiceLocator
()
->
get
(
AuthenticationService
::
class
);
/** @var ModuleOptions $options */
$options
=
$this
->
getServiceLocator
()
->
get
(
'unicaen-auth_module_options'
);
$currentIdentity
=
$authenticationService
->
getIdentity
();
if
(
!
$currentIdentity
)
{
return
$redirection
;
}
if
(
!
is_array
(
$currentIdentity
))
{
return
$redirection
;
}
if
(
isset
(
$currentIdentity
[
'shib'
]))
{
/** @var ShibUser $currentIdentity */
$currentIdentity
=
$currentIdentity
[
'shib'
];
}
elseif
(
isset
(
$currentIdentity
[
'ldap'
]))
{
/** @var People $currentIdentity */
$currentIdentity
=
$currentIdentity
[
'ldap'
];
}
elseif
(
isset
(
$currentIdentity
[
'db'
]))
{
/** @var UserInterface $currentIdentity */
$currentIdentity
=
$currentIdentity
[
'db'
];
}
else
{
return
$redirection
;
}
$currentIdentity
=
$currentIdentity
->
getUsername
();
if
(
!
in_array
(
$currentIdentity
,
$options
->
getUsurpationAllowedUsernames
()))
{
return
$redirection
;
}
$authenticationService
->
getStorage
()
->
write
(
$newIdentity
);
return
$redirection
;
}
/**
* Traite les requêtes AJAX POST de sélection d'un profil utilisateur.
* La sélection est mémorisé en session par le service AuthUserContext.
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment