Commit 6d3ff3d5 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé...

Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé unicaen-auth > ldap > enabled). Pour l'instant, l'impact est juste l'affichage ou pas du formulaire de connexion LDAP.
parent 4f6859c0
Pipeline #1674 failed with stages
in 1 minute and 59 seconds
<?php
use UnicaenAuth\Authentication\Adapter\ShibSimulatorAdapter;
use UnicaenAuth\Authentication\Storage\ShibSimulatorStorage;
use UnicaenAuth\Controller\AuthControllerFactory;
use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\ShibServiceFactory;
use UnicaenAuth\Service\UserContextFactory;
use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;
$settings = [
/**
* Configuration de l'authentification LDAP.
*/
'ldap' => [
/**
* Possibilité ou non de s'authentifier via l'annuaire LDAP.
*/
'enabled' => true,
],
/**
* Fournisseurs d'identité.
*/
......@@ -442,6 +453,7 @@ return [
'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
'userUsurpation' => UserUsurpationHelperFactory::class,
'ldapConnect' => LdapConnectViewHelperFactory::class,
'shibConnect' => ShibConnectViewHelperFactory::class,
],
'invokables' => [
......
......@@ -6,6 +6,17 @@
* drop this config file in it and change the values as you wish.
*/
$settings = [
/**
* Configuration de l'authentification LDAP.
*/
'ldap' => [
/**
* Possibilité ou non de s'authentifier via l'annuaire LDAP.
*/
'enabled' => true,
],
/**
* Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit
* être enregistré/mis à jour dans la table des utilisateurs de l'appli.
......@@ -25,6 +36,7 @@ $settings = [
$config = [
'unicaen-auth' => $settings,
'bjyauthorize' => [
/* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which
......@@ -54,6 +66,7 @@ $config = [
'UnicaenAuth\Provider\Role\Username' => [],
],
],
'zfcuser' => [
/**
* Classe de l'entité représentant un utilisateur authentifiable.
......
<?php
/**
* Configuration locale du module UnicaenAuth.
*
* If you have a ./config/autoload/ directory set up for your project, you can
* drop this config file in it and change the values as you wish.
*/
$settings = [
/**
* Activation ou non de l'authentification Shibboleth.
*/
'shibboleth' => [
'enable' => false,
],
/**
* Paramètres de connexion au serveur CAS :
* - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
* - pour l'activer, renseigner les paramètres.
*/
'cas' => [
// 'connection' => array(
// 'default' => array(
// 'params' => array(
// 'hostname' => 'cas.unicaen.fr',
// 'port' => 443,
// 'version' => "2.0",
// 'uri' => "",
// 'debug' => false,
// ),
// ),
// ),
],
/**
* Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité.
* NB: à réserver exclusivement aux tests.
*/
// 'usurpation_allowed_usernames' => array(),
];
/**
* You do not need to edit below this line
*/
return [
'unicaen-auth' => $settings,
];
\ No newline at end of file
'unicaen-auth' => [
/**
* Configuration de l'authentification Shibboleth.
*/
'shibboleth' => [
'enable' => false,
'simulate' => [
'eppn' => 'gauthierb@unicaen.fr',
'supannEmpId' => '00021237',
],
'aliases' => [
'eppn' => 'HTTP_EPPN',
'mail' => 'HTTP_MAIL',
'eduPersonPrincipalName' => 'HTTP_EPPN',
'supannEtuId' => 'HTTP_SUPANNETUID',
'supannEmpId' => 'HTTP_SUPANNEMPID',
'supannCivilite' => 'HTTP_SUPANNCIVILITE',
'displayName' => 'HTTP_DISPLAYNAME',
'sn' => 'HTTP_SN',
'givenName' => 'HTTP_GIVENNAME',
],
],
/**
* Paramètres de connexion au serveur CAS :
* - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
* - pour l'activer, renseigner les paramètres.
*/
'cas' => [
'connection' => [
'default' => [
'params' => [
'hostname' => 'cas.unicaen.fr',
'port' => 443,
'version' => "2.0",
'uri' => "",
'debug' => false,
],
],
],
],
/**
* Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité.
* NB: à réserver exclusivement aux tests.
*/
'usurpation_allowed_usernames' => [],
],
];
......@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options;
*/
class ModuleOptions extends \ZfcUser\Options\ModuleOptions
{
/**
* Paramètres concernant l'authentification LDAP.
*
* @var array
*/
protected $ldap = [];
/**
* @var array
*/
......@@ -39,6 +46,29 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
*/
protected $entityManagerName = 'doctrine.entitymanager.orm_default';
/**
* Retourne les paramètres concernant l'authentification LDAP.
*
* @return array
*/
public function getLdap()
{
return $this->ldap;
}
/**
* Spécifie les paramètres concernant l'authentification LDAP.
*
* @param array $ldap
* @return self
*/
public function setLdap(array $ldap)
{
$this->ldap = $ldap;
return $this;
}
/**
* set usernames allowed to make usurpation
*
......@@ -89,8 +119,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this->saveLdapUserInDatabase;
}
/**
* @return string
*/
......@@ -99,8 +127,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this->ldapUsername;
}
/**
* @param string $ldapUsername
*
......@@ -113,8 +139,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this;
}
/**
* set cas connection params
*
......
<?php
namespace UnicaenAuth\View\Helper;
use Zend\Form\Form;
use Zend\View\Helper\AbstractHelper;
use Zend\View\Renderer\PhpRenderer;
use Zend\View\Resolver\TemplatePathStack;
/**
* Aide de vue dessinant le formulaire d'authentification LDAP,
* si l'authentification LDAP est activée.
*
* @method PhpRenderer getView()
* @author Unicaen
*/
class LdapConnectViewHelper extends AbstractHelper
{
/**
* @var bool
*/
protected $enabled = true;
/**
* @var Form
*/
protected $form;
/**
* @param bool $enabled
* @return $this
*/
public function setEnabled($enabled = true)
{
$this->enabled = $enabled;
return $this;
}
/**
* @param Form $form
* @return $this
*/
public function __invoke(Form $form)
{
$this->form = $form;
$this->getView()->resolver()->attach(
new TemplatePathStack(['script_paths' => [__DIR__ . "/partial"]])
);
return $this;
}
/**
* @return string
*/
public function __toString()
{
if (! $this->enabled) {
return '';
}
try {
return $this->getView()->render("ldap-connect", [
'enabled' => $this->enabled,
'form' => $this->form,
]);
} catch (\Exception $e) {
return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';
}
}
}
\ No newline at end of file
<?php
namespace UnicaenAuth\View\Helper;
use UnicaenAuth\Options\ModuleOptions;
use Zend\View\HelperPluginManager;
class LdapConnectViewHelperFactory
{
/**
* @param HelperPluginManager $hpm
* @return LdapConnectViewHelper
*/
public function __invoke(HelperPluginManager $hpm)
{
/** @var ModuleOptions $moduleOptions */
$moduleOptions = $hpm->getServiceLocator()->get('unicaen-auth_module_options');
$ldapArrayConfig = $moduleOptions->getLdap();
$ldapEnabled = isset($ldapArrayConfig['enabled']) && (bool) $ldapArrayConfig['enabled'];
$helper = new LdapConnectViewHelper();
$helper->setEnabled($ldapEnabled);
return $helper;
}
}
\ No newline at end of file
......@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper
$shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true);
return <<<EOS
Se connecter plutôt avec la
Se connecter via la
<a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a>
EOS;
}
......
<?php
use Zend\Form\Form;
/**
* @var bool $enabled
* @var Form $form
* @var string $redirect
*/
?>
<?php echo $this->form()->openTag($form) ?>
<?php if (($errors = $this->formErrors($form))): ?>
<p><?php echo $errors ?></p>
<?php endif ?>
<p>
<?php
$identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity);
echo $this->formInput($identity);
?>
</p>
<p>
<?php
$identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity);
echo $this->formInput($identity);
?>
</p>
<?php if ($redirect): ?>
<input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
<?php endif ?>
<p>
<?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
</p>
<?php echo $this->form()->closeTag() ?>
......@@ -24,36 +24,11 @@ $form->setAttributes([
</div>
<div class="panel-body">
<?php echo $this->form()->openTag($form) ?>
<?php if (($errors = $this->formErrors($this->loginForm))): ?>
<p><?php echo $errors ?></p>
<?php endif ?>
<p>
<?php
$identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity);
echo $this->formInput($identity);
?>
</p>
<p>
<?php
$identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity);
echo $this->formInput($identity);
?>
</p>
<?php if ($this->redirect): ?>
<input type="hidden" name="redirect" value="<?php echo $this->redirect ?>" />
<?php endif ?>
<p>
<?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
</p>
<?php echo $this->form()->closeTag() ?>
<hr>
<!-- Connexion Shibboleth (si activée) -->
<?php echo $this->shibConnect() ?>
<?php
$ldapAuthHtml = (string) $this->ldapConnect($form);
$shibAuthHtml = (string) $this->shibConnect($form);
echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml]));
?>
</div>
</div>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment