Skip to content
Snippets Groups Projects
Commit 6d3ff3d5 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé...

Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé unicaen-auth > ldap > enabled). Pour l'instant, l'impact est juste l'affichage ou pas du formulaire de connexion LDAP.
parent 4f6859c0
Branches
Tags 1.2.15
No related merge requests found
Pipeline #1674 failed
<?php <?php
use UnicaenAuth\Authentication\Adapter\ShibSimulatorAdapter;
use UnicaenAuth\Authentication\Storage\ShibSimulatorStorage; use UnicaenAuth\Authentication\Storage\ShibSimulatorStorage;
use UnicaenAuth\Controller\AuthControllerFactory; use UnicaenAuth\Controller\AuthControllerFactory;
use UnicaenAuth\Service\ShibService; use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\ShibServiceFactory; use UnicaenAuth\Service\ShibServiceFactory;
use UnicaenAuth\Service\UserContextFactory; use UnicaenAuth\Service\UserContextFactory;
use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory; use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
use UnicaenAuth\View\Helper\UserUsurpationHelperFactory; use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;
$settings = [ $settings = [
/**
* Configuration de l'authentification LDAP.
*/
'ldap' => [
/**
* Possibilité ou non de s'authentifier via l'annuaire LDAP.
*/
'enabled' => true,
],
/** /**
* Fournisseurs d'identité. * Fournisseurs d'identité.
*/ */
...@@ -442,6 +453,7 @@ return [ ...@@ -442,6 +453,7 @@ return [
'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory', 'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory', 'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
'userUsurpation' => UserUsurpationHelperFactory::class, 'userUsurpation' => UserUsurpationHelperFactory::class,
'ldapConnect' => LdapConnectViewHelperFactory::class,
'shibConnect' => ShibConnectViewHelperFactory::class, 'shibConnect' => ShibConnectViewHelperFactory::class,
], ],
'invokables' => [ 'invokables' => [
......
...@@ -6,6 +6,17 @@ ...@@ -6,6 +6,17 @@
* drop this config file in it and change the values as you wish. * drop this config file in it and change the values as you wish.
*/ */
$settings = [ $settings = [
/**
* Configuration de l'authentification LDAP.
*/
'ldap' => [
/**
* Possibilité ou non de s'authentifier via l'annuaire LDAP.
*/
'enabled' => true,
],
/** /**
* Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit * Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit
* être enregistré/mis à jour dans la table des utilisateurs de l'appli. * être enregistré/mis à jour dans la table des utilisateurs de l'appli.
...@@ -25,6 +36,7 @@ $settings = [ ...@@ -25,6 +36,7 @@ $settings = [
$config = [ $config = [
'unicaen-auth' => $settings, 'unicaen-auth' => $settings,
'bjyauthorize' => [ 'bjyauthorize' => [
/* this module uses a meta-role that inherits from any roles that should /* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which * be applied to the active user. the identity provider tells us which
...@@ -54,6 +66,7 @@ $config = [ ...@@ -54,6 +66,7 @@ $config = [
'UnicaenAuth\Provider\Role\Username' => [], 'UnicaenAuth\Provider\Role\Username' => [],
], ],
], ],
'zfcuser' => [ 'zfcuser' => [
/** /**
* Classe de l'entité représentant un utilisateur authentifiable. * Classe de l'entité représentant un utilisateur authentifiable.
......
<?php <?php
return [
'unicaen-auth' => [
/** /**
* Configuration locale du module UnicaenAuth. * Configuration de l'authentification Shibboleth.
*
* If you have a ./config/autoload/ directory set up for your project, you can
* drop this config file in it and change the values as you wish.
*/
$settings = [
/**
* Activation ou non de l'authentification Shibboleth.
*/ */
'shibboleth' => [ 'shibboleth' => [
'enable' => false, 'enable' => false,
'simulate' => [
'eppn' => 'gauthierb@unicaen.fr',
'supannEmpId' => '00021237',
], ],
'aliases' => [
'eppn' => 'HTTP_EPPN',
'mail' => 'HTTP_MAIL',
'eduPersonPrincipalName' => 'HTTP_EPPN',
'supannEtuId' => 'HTTP_SUPANNETUID',
'supannEmpId' => 'HTTP_SUPANNEMPID',
'supannCivilite' => 'HTTP_SUPANNCIVILITE',
'displayName' => 'HTTP_DISPLAYNAME',
'sn' => 'HTTP_SN',
'givenName' => 'HTTP_GIVENNAME',
],
],
/** /**
* Paramètres de connexion au serveur CAS : * Paramètres de connexion au serveur CAS :
* - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide. * - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
* - pour l'activer, renseigner les paramètres. * - pour l'activer, renseigner les paramètres.
*/ */
'cas' => [ 'cas' => [
// 'connection' => array( 'connection' => [
// 'default' => array( 'default' => [
// 'params' => array( 'params' => [
// 'hostname' => 'cas.unicaen.fr', 'hostname' => 'cas.unicaen.fr',
// 'port' => 443, 'port' => 443,
// 'version' => "2.0", 'version' => "2.0",
// 'uri' => "", 'uri' => "",
// 'debug' => false, 'debug' => false,
// ), ],
// ),
// ),
], ],
],
],
/** /**
* Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité. * Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité.
* NB: à réserver exclusivement aux tests. * NB: à réserver exclusivement aux tests.
*/ */
// 'usurpation_allowed_usernames' => array(), 'usurpation_allowed_usernames' => [],
]; ],
/**
* You do not need to edit below this line
*/
return [
'unicaen-auth' => $settings,
]; ];
...@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options; ...@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options;
*/ */
class ModuleOptions extends \ZfcUser\Options\ModuleOptions class ModuleOptions extends \ZfcUser\Options\ModuleOptions
{ {
/**
* Paramètres concernant l'authentification LDAP.
*
* @var array
*/
protected $ldap = [];
/** /**
* @var array * @var array
*/ */
...@@ -39,6 +46,29 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions ...@@ -39,6 +46,29 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
*/ */
protected $entityManagerName = 'doctrine.entitymanager.orm_default'; protected $entityManagerName = 'doctrine.entitymanager.orm_default';
/**
* Retourne les paramètres concernant l'authentification LDAP.
*
* @return array
*/
public function getLdap()
{
return $this->ldap;
}
/**
* Spécifie les paramètres concernant l'authentification LDAP.
*
* @param array $ldap
* @return self
*/
public function setLdap(array $ldap)
{
$this->ldap = $ldap;
return $this;
}
/** /**
* set usernames allowed to make usurpation * set usernames allowed to make usurpation
* *
...@@ -89,8 +119,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions ...@@ -89,8 +119,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this->saveLdapUserInDatabase; return $this->saveLdapUserInDatabase;
} }
/** /**
* @return string * @return string
*/ */
...@@ -99,8 +127,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions ...@@ -99,8 +127,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this->ldapUsername; return $this->ldapUsername;
} }
/** /**
* @param string $ldapUsername * @param string $ldapUsername
* *
...@@ -113,8 +139,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions ...@@ -113,8 +139,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this; return $this;
} }
/** /**
* set cas connection params * set cas connection params
* *
......
<?php
namespace UnicaenAuth\View\Helper;
use Zend\Form\Form;
use Zend\View\Helper\AbstractHelper;
use Zend\View\Renderer\PhpRenderer;
use Zend\View\Resolver\TemplatePathStack;
/**
* Aide de vue dessinant le formulaire d'authentification LDAP,
* si l'authentification LDAP est activée.
*
* @method PhpRenderer getView()
* @author Unicaen
*/
class LdapConnectViewHelper extends AbstractHelper
{
/**
* @var bool
*/
protected $enabled = true;
/**
* @var Form
*/
protected $form;
/**
* @param bool $enabled
* @return $this
*/
public function setEnabled($enabled = true)
{
$this->enabled = $enabled;
return $this;
}
/**
* @param Form $form
* @return $this
*/
public function __invoke(Form $form)
{
$this->form = $form;
$this->getView()->resolver()->attach(
new TemplatePathStack(['script_paths' => [__DIR__ . "/partial"]])
);
return $this;
}
/**
* @return string
*/
public function __toString()
{
if (! $this->enabled) {
return '';
}
try {
return $this->getView()->render("ldap-connect", [
'enabled' => $this->enabled,
'form' => $this->form,
]);
} catch (\Exception $e) {
return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';
}
}
}
\ No newline at end of file
<?php
namespace UnicaenAuth\View\Helper;
use UnicaenAuth\Options\ModuleOptions;
use Zend\View\HelperPluginManager;
class LdapConnectViewHelperFactory
{
/**
* @param HelperPluginManager $hpm
* @return LdapConnectViewHelper
*/
public function __invoke(HelperPluginManager $hpm)
{
/** @var ModuleOptions $moduleOptions */
$moduleOptions = $hpm->getServiceLocator()->get('unicaen-auth_module_options');
$ldapArrayConfig = $moduleOptions->getLdap();
$ldapEnabled = isset($ldapArrayConfig['enabled']) && (bool) $ldapArrayConfig['enabled'];
$helper = new LdapConnectViewHelper();
$helper->setEnabled($ldapEnabled);
return $helper;
}
}
\ No newline at end of file
...@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper ...@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper
$shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true); $shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true);
return <<<EOS return <<<EOS
Se connecter plutôt avec la Se connecter via la
<a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a> <a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a>
EOS; EOS;
} }
......
<?php
use Zend\Form\Form;
/**
* @var bool $enabled
* @var Form $form
* @var string $redirect
*/
?>
<?php echo $this->form()->openTag($form) ?>
<?php if (($errors = $this->formErrors($form))): ?>
<p><?php echo $errors ?></p>
<?php endif ?>
<p>
<?php
$identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity);
echo $this->formInput($identity);
?>
</p>
<p>
<?php
$identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity);
echo $this->formInput($identity);
?>
</p>
<?php if ($redirect): ?>
<input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
<?php endif ?>
<p>
<?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
</p>
<?php echo $this->form()->closeTag() ?>
...@@ -24,36 +24,11 @@ $form->setAttributes([ ...@@ -24,36 +24,11 @@ $form->setAttributes([
</div> </div>
<div class="panel-body"> <div class="panel-body">
<?php echo $this->form()->openTag($form) ?>
<?php if (($errors = $this->formErrors($this->loginForm))): ?>
<p><?php echo $errors ?></p>
<?php endif ?>
<p>
<?php <?php
$identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']); $ldapAuthHtml = (string) $this->ldapConnect($form);
echo $this->formLabel($identity); $shibAuthHtml = (string) $this->shibConnect($form);
echo $this->formInput($identity); echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml]));
?> ?>
</p>
<p>
<?php
$identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity);
echo $this->formInput($identity);
?>
</p>
<?php if ($this->redirect): ?>
<input type="hidden" name="redirect" value="<?php echo $this->redirect ?>" />
<?php endif ?>
<p>
<?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
</p>
<?php echo $this->form()->closeTag() ?>
<hr>
<!-- Connexion Shibboleth (si activée) -->
<?php echo $this->shibConnect() ?>
</div> </div>
</div> </div>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment