Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé...

Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé unicaen-auth > ldap > enabled). Pour l'instant, l'impact est juste l'affichage ou pas du formulaire de connexion LDAP.

Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé...
Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé unicaen-auth > ldap > enabled). Pour l'instant, l'impact est juste l'affichage ou pas du formulaire de connexion LDAP.
6d3ff3d5 · Bertrand Gauthier · 4f6859c0 · 6d3ff3d5 · 6d3ff3d5 · 6d3ff3d5
Commit 6d3ff3d5 authored Jul 13, 2018 by Bertrand Gauthier
--- a/config/module.config.php
+++ b/config/module.config.php
 <?php

-use UnicaenAuth\Authentication\Adapter\ShibSimulatorAdapter;
 use UnicaenAuth\Authentication\Storage\ShibSimulatorStorage;
 use UnicaenAuth\Controller\AuthControllerFactory;
 use UnicaenAuth\Service\ShibService;
 use UnicaenAuth\Service\ShibServiceFactory;
 use UnicaenAuth\Service\UserContextFactory;
+use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
 use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
 use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;

 $settings = [
+
+    /**
+     * Configuration de l'authentification LDAP.
+     */
+    'ldap' => [
+        /**
+         * Possibilité ou non de s'authentifier via l'annuaire LDAP.
+         */
+        'enabled' => true,
+    ],
+
    /**
     * Fournisseurs d'identité.
     */
@@ -442,6 +453,7 @@ return [
            'userProfileSelect'          => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
            'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
            'userUsurpation'             => UserUsurpationHelperFactory::class,
+            'ldapConnect'                => LdapConnectViewHelperFactory::class,
            'shibConnect'                => ShibConnectViewHelperFactory::class,
        ],
        'invokables' => [

--- a/config/unicaen-auth.global.php.dist
+++ b/config/unicaen-auth.global.php.dist
@@ -6,6 +6,17 @@
 * drop this config file in it and change the values as you wish.
 */
 $settings = [
+
+    /**
+     * Configuration de l'authentification LDAP.
+     */
+    'ldap' => [
+        /**
+         * Possibilité ou non de s'authentifier via l'annuaire LDAP.
+         */
+        'enabled' => true,
+    ],
+
    /**
     * Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit
     * être enregistré/mis à jour dans la table des utilisateurs de l'appli.
@@ -25,6 +36,7 @@ $settings = [

 $config = [
    'unicaen-auth' => $settings,
+
    'bjyauthorize' => [
        /* this module uses a meta-role that inherits from any roles that should
         * be applied to the active user. the identity provider tells us which
@@ -54,6 +66,7 @@ $config = [
            'UnicaenAuth\Provider\Role\Username' => [],
        ],
    ],
+
    'zfcuser'      => [
        /**
         * Classe de l'entité représentant un utilisateur authentifiable.

--- a/config/unicaen-auth.local.php.dist
+++ b/config/unicaen-auth.local.php.dist
 <?php
-/**
- * Configuration locale du module UnicaenAuth.
- *
- * If you have a ./config/autoload/ directory set up for your project, you can
- * drop this config file in it and change the values as you wish.
- */
-$settings = [
-    /**
-     * Activation ou non de l'authentification Shibboleth.
-     */
-    'shibboleth' => [
-        'enable' => false,
-    ],
-    /**
-     * Paramètres de connexion au serveur CAS :
-     * - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
-     * - pour l'activer, renseigner les paramètres.
-     */
-    'cas' => [
-//        'connection' => array(
-//            'default' => array(
-//                'params' => array(
-//                    'hostname' => 'cas.unicaen.fr',
-//                    'port' => 443,
-//                    'version' => "2.0",
-//                    'uri' => "",
-//                    'debug' => false,
-//                ),
-//            ),
-//        ),
-    ],
-    /**
-     * Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité.
-     * NB: à réserver exclusivement aux tests.
-     */
-//    'usurpation_allowed_usernames' => array(),
-];

-/**
- * You do not need to edit below this line
- */
 return [
-    'unicaen-auth' => $settings,
-];
\ No newline at end of file
+    'unicaen-auth' => [
+
+        /**
+         * Configuration de l'authentification Shibboleth.
+         */
+        'shibboleth' => [
+            'enable' => false,
+            'simulate' => [
+                'eppn'        => 'gauthierb@unicaen.fr',
+                'supannEmpId' => '00021237',
+            ],
+            'aliases' => [
+                'eppn'                   => 'HTTP_EPPN',
+                'mail'                   => 'HTTP_MAIL',
+                'eduPersonPrincipalName' => 'HTTP_EPPN',
+                'supannEtuId'            => 'HTTP_SUPANNETUID',
+                'supannEmpId'            => 'HTTP_SUPANNEMPID',
+                'supannCivilite'         => 'HTTP_SUPANNCIVILITE',
+                'displayName'            => 'HTTP_DISPLAYNAME',
+                'sn'                     => 'HTTP_SN',
+                'givenName'              => 'HTTP_GIVENNAME',
+            ],
+        ],
+
+        /**
+         * Paramètres de connexion au serveur CAS :
+         * - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
+         * - pour l'activer, renseigner les paramètres.
+         */
+        'cas' => [
+            'connection' => [
+                'default' => [
+                    'params' => [
+                        'hostname' => 'cas.unicaen.fr',
+                        'port'     => 443,
+                        'version'  => "2.0",
+                        'uri'      => "",
+                        'debug'    => false,
+                    ],
+                ],
+            ],
+        ],
+
+        /**
+         * Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité.
+         * NB: à réserver exclusivement aux tests.
+         */
+        'usurpation_allowed_usernames' => [],
+    ],
+];
--- a/src/UnicaenAuth/Options/ModuleOptions.php
+++ b/src/UnicaenAuth/Options/ModuleOptions.php
@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options;
 */
 class ModuleOptions extends \ZfcUser\Options\ModuleOptions
 {
+    /**
+     * Paramètres concernant l'authentification LDAP.
+     *
+     * @var array
+     */
+    protected $ldap = [];
+
    /**
     * @var array
     */
@@ -39,6 +46,29 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
     */
    protected $entityManagerName = 'doctrine.entitymanager.orm_default';

+    /**
+     * Retourne les paramètres concernant l'authentification LDAP.
+     *
+     * @return array
+     */
+    public function getLdap()
+    {
+        return $this->ldap;
+    }
+
+    /**
+     * Spécifie les paramètres concernant l'authentification LDAP.
+     *
+     * @param array $ldap
+     * @return self
+     */
+    public function setLdap(array $ldap)
+    {
+        $this->ldap = $ldap;
+
+        return $this;
+    }
+
    /**
     * set usernames allowed to make usurpation
     *
@@ -89,8 +119,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
        return $this->saveLdapUserInDatabase;
    }

-
-
    /**
     * @return string
     */
@@ -99,8 +127,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
        return $this->ldapUsername;
    }

-
-
    /**
     * @param string $ldapUsername
     *
@@ -113,8 +139,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
        return $this;
    }

-
-
    /**
     * set cas connection params
     *

--- a/src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php
+++ b/src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php
+<?php
+
+namespace UnicaenAuth\View\Helper;
+
+use Zend\Form\Form;
+use Zend\View\Helper\AbstractHelper;
+use Zend\View\Renderer\PhpRenderer;
+use Zend\View\Resolver\TemplatePathStack;
+
+/**
+ * Aide de vue dessinant le formulaire d'authentification LDAP,
+ * si l'authentification LDAP est activée.
+ *
+ * @method PhpRenderer getView()
+ * @author Unicaen
+ */
+class LdapConnectViewHelper extends AbstractHelper
+{
+    /**
+     * @var bool
+     */
+    protected $enabled = true;
+
+    /**
+     * @var Form
+     */
+    protected $form;
+
+    /**
+     * @param bool $enabled
+     * @return $this
+     */
+    public function setEnabled($enabled = true)
+    {
+        $this->enabled = $enabled;
+
+        return $this;
+    }
+
+    /**
+     * @param Form $form
+     * @return $this
+     */
+    public function __invoke(Form $form)
+    {
+        $this->form = $form;
+
+        $this->getView()->resolver()->attach(
+            new TemplatePathStack(['script_paths' => [__DIR__ . "/partial"]])
+        );
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function __toString()
+    {
+        if (! $this->enabled) {
+            return '';
+        }
+
+        try {
+            return $this->getView()->render("ldap-connect", [
+                'enabled' => $this->enabled,
+                'form' => $this->form,
+            ]);
+        } catch (\Exception $e) {
+            return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';
+        }
+    }
+}
\ No newline at end of file
--- a/src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php
+++ b/src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php
+<?php
+
+namespace UnicaenAuth\View\Helper;
+
+use UnicaenAuth\Options\ModuleOptions;
+use Zend\View\HelperPluginManager;
+
+class LdapConnectViewHelperFactory
+{
+    /**
+     * @param HelperPluginManager $hpm
+     * @return LdapConnectViewHelper
+     */
+    public function __invoke(HelperPluginManager $hpm)
+    {
+        /** @var ModuleOptions $moduleOptions */
+        $moduleOptions = $hpm->getServiceLocator()->get('unicaen-auth_module_options');
+        $ldapArrayConfig = $moduleOptions->getLdap();
+
+        $ldapEnabled = isset($ldapArrayConfig['enabled']) && (bool) $ldapArrayConfig['enabled'];
+
+        $helper = new LdapConnectViewHelper();
+        $helper->setEnabled($ldapEnabled);
+
+        return $helper;
+    }
+}
\ No newline at end of file
--- a/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php
+++ b/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php
@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper
        $shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true);

        return <<<EOS
-Se connecter plutôt avec la 
+Se connecter via la 
 <a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a>
 EOS;
    }

--- a/src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml
+++ b/src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml
+<?php
+
+use Zend\Form\Form;
+
+/**
+ * @var bool   $enabled
+ * @var Form   $form
+ * @var string $redirect
+ */
+?>
+
+<?php echo $this->form()->openTag($form) ?>
+<?php if (($errors = $this->formErrors($form))): ?>
+    <p><?php echo $errors ?></p>
+<?php endif ?>
+<p>
+    <?php
+    $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
+    echo $this->formLabel($identity);
+    echo $this->formInput($identity);
+    ?>
+</p>
+<p>
+    <?php
+    $identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
+    echo $this->formLabel($identity);
+    echo $this->formInput($identity);
+    ?>
+</p>
+<?php if ($redirect): ?>
+    <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
+<?php endif ?>
+<p>
+    <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
+</p>
+<?php echo $this->form()->closeTag() ?>
--- a/view/zfc-user/user/login.phtml
+++ b/view/zfc-user/user/login.phtml
@@ -24,36 +24,11 @@ $form->setAttributes([
    </div>

    <div class="panel-body">
-        <?php echo $this->form()->openTag($form) ?>
-        <?php if (($errors = $this->formErrors($this->loginForm))): ?>
-            <p><?php echo $errors ?></p>
-        <?php endif ?>
-        <p>
-            <?php
-            $identity = $form->get($name     = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
-            echo $this->formLabel($identity);
-            echo $this->formInput($identity);
-            ?>
-        </p>
-        <p>
-            <?php
-            $identity = $form->get($name     = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
-            echo $this->formLabel($identity);
-            echo $this->formInput($identity);
-            ?>
-        </p>
-        <?php if ($this->redirect): ?>
-            <input type="hidden" name="redirect" value="<?php echo $this->redirect ?>" />
-        <?php endif ?>
-        <p>
-            <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
-        </p>
-        <?php echo $this->form()->closeTag() ?>
-
-        <hr>
-
-        <!-- Connexion Shibboleth (si activée) -->
-        <?php echo $this->shibConnect() ?>
+        <?php
+        $ldapAuthHtml = (string) $this->ldapConnect($form);
+        $shibAuthHtml = (string) $this->shibConnect($form);
+        echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml]));
+        ?>
    </div>
 </div>