Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
lib
unicaen
auth
Commits
87b6f3a7
Commit
87b6f3a7
authored
Nov 24, 2015
by
Laurent Lécluse
Browse files
Ajout du champ permettant de gérer les filtres LDAP au modèle et à l'entité Role
Refactoring
parent
29acec33
Changes
4
Hide whitespace changes
Inline
Side-by-side
Module.php
View file @
87b6f3a7
...
...
@@ -5,14 +5,13 @@ namespace UnicaenAuth;
use
Zend\ModuleManager\Feature\AutoloaderProviderInterface
;
use
Zend\ModuleManager\Feature\ConfigProviderInterface
;
use
Zend\ModuleManager\Feature\ServiceProviderInterface
;
use
Zend\ModuleManager\Feature\ViewHelperProviderInterface
;
/**
* Point d'entrée du module d'authentification Unicaen.
*
* @author Bertrand GAUTHIER <bertrand.gauthier@unicaen.fr>
*/
class
Module
implements
ConfigProviderInterface
,
ViewHelperProviderInterface
,
ServiceProviderInterface
class
Module
implements
ConfigProviderInterface
,
ServiceProviderInterface
{
/**
*
...
...
@@ -113,29 +112,6 @@ class Module implements ConfigProviderInterface, ViewHelperProviderInterface, Se
}
}
/**
*
* @return array
* @see ViewHelperProviderInterface
*/
public
function
getViewHelperConfig
()
{
return
[
'factories'
=>
[
'userConnection'
=>
'UnicaenAuth\View\Helper\UserConnectionFactory'
,
'userCurrent'
=>
'UnicaenAuth\View\Helper\UserCurrentFactory'
,
'userStatus'
=>
'UnicaenAuth\View\Helper\UserStatusFactory'
,
'userProfile'
=>
'UnicaenAuth\View\Helper\UserProfileFactory'
,
'userInfo'
=>
'UnicaenAuth\View\Helper\UserInfoFactory'
,
'userProfileSelect'
=>
'UnicaenAuth\View\Helper\UserProfileSelectFactory'
,
'userProfileSelectRadioItem'
=>
'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory'
,
],
'invokables'
=>
[
'appConnection'
=>
'UnicaenAuth\View\Helper\AppConnection'
,
],
];
}
/**
*
* @return array
...
...
config/module.config.php
View file @
87b6f3a7
...
...
@@ -16,7 +16,7 @@ $zfcuserSettings = [
* Allows users to register through the website.
* Accepted values: boolean true or false
*/
'enable_registration'
=>
true
,
'enable_registration'
=>
true
,
/**
* Modes for authentication identity match
* Specify the allowable identity modes, in the order they should be
...
...
@@ -24,42 +24,42 @@ $zfcuserSettings = [
* Default value: array containing 'email'
* Accepted values: array containing one or more of: email, username
*/
'auth_identity_fields'
=>
[
'username'
,
'email'
],
'auth_identity_fields'
=>
[
'username'
,
'email'
],
/**
* Login Redirect Route
* Upon successful login the user will be redirected to the entered route
* Default value: 'zfcuser'
* Accepted values: A valid route name within your application
*/
'login_redirect_route'
=>
'home'
,
'login_redirect_route'
=>
'home'
,
/**
* Logout Redirect Route
* Upon logging out the user will be redirected to the enterd route
* Default value: 'zfcuser/login'
* Accepted values: A valid route name within your application
*/
'logout_redirect_route'
=>
'home'
,
'logout_redirect_route'
=>
'home'
,
/**
* Enable Username
* Enables username field on the registration form, and allows users to log
* in using their username OR email address. Default is false.
* Accepted values: boolean true or false
*/
'enable_username'
=>
false
,
'enable_username'
=>
false
,
/**
* Enable Display Name
* Enables a display name field on the registration form, which is persisted
* in the database. Default value is false.
* Accepted values: boolean true or false
*/
'enable_display_name'
=>
true
,
'enable_display_name'
=>
true
,
/**
* Authentication Adapters
* Specify the adapters that will be used to try and authenticate the user
* Default value: array containing 'ZfcUser\Authentication\Adapter\Db' with priority 100
* Accepted values: array containing services that implement 'ZfcUser\Authentication\Adapter\ChainableAdapter'
*/
'auth_adapters'
=>
[
'auth_adapters'
=>
[
300
=>
'UnicaenAuth\Authentication\Adapter\Ldap'
,
// notifié en 1er
200
=>
'UnicaenAuth\Authentication\Adapter\Db'
,
// ensuite (si échec d'authentification Ldap)
100
=>
'UnicaenAuth\Authentication\Adapter\Cas'
,
// ensuite (si échec d'authentification Db)
...
...
@@ -78,22 +78,22 @@ $bjyauthorize = [
*
* for ZfcUser, this will be your default identity provider
*/
'identity_provider'
=>
'UnicaenAuth\Provider\Identity\Chain'
,
'identity_provider'
=>
'UnicaenAuth\Provider\Identity\Chain'
,
/* role providers simply provide a list of roles that should be inserted
* into the Zend\Acl instance. the module comes with two providers, one
* to specify roles in a config file and one to load roles using a
* Zend\Db adapter.
*/
'role_providers'
=>
[
'role_providers'
=>
[
/**
* 2 rôles doivent systématiquement exister dans les ACL :
* - le rôle par défaut 'guest', c'est le rôle de tout utilisateur non authentifié.
* - le rôle 'user', c'est le rôle de tout utilisateur authentifié.
*/
'UnicaenAuth\Provider\Role\Config'
=>
[
'UnicaenAuth\Provider\Role\Config'
=>
[
'guest'
=>
[
'name'
=>
"Non authentifié(e)"
,
'selectable'
=>
false
,
'children'
=>
[
'user'
=>
[
'name'
=>
"Authentifié(e)"
,
'selectable'
=>
false
]
'user'
=>
[
'name'
=>
"Authentifié(e)"
,
'selectable'
=>
false
]
,
]],
],
/**
...
...
@@ -101,7 +101,7 @@ $bjyauthorize = [
* NB: si le rôle par défaut 'guest' est fourni ici, il ne sera pas ajouté en double dans les ACL.
* NB: si la connexion à la base échoue, ce n'est pas bloquant!
*/
'UnicaenAuth\Provider\Role\DbRole'
=>
[
'UnicaenAuth\Provider\Role\DbRole'
=>
[
'object_manager'
=>
'doctrine.entitymanager.orm_default'
,
'role_entity_class'
=>
'UnicaenAuth\Entity\Db\Role'
,
],
...
...
@@ -114,106 +114,106 @@ $bjyauthorize = [
],
// strategy service name for the strategy listener to be used when permission-related errors are detected
// 'unauthorized_strategy' => 'BjyAuthorize\View\RedirectionStrategy',
// 'unauthorized_strategy' => 'BjyAuthorize\View\RedirectionStrategy',
'unauthorized_strategy'
=>
'UnicaenAuth\View\RedirectionStrategy'
,
/* Currently, only controller and route guards exist
*/
'guards'
=>
[
'guards'
=>
[
/* If this guard is specified here (i.e. it is enabled), it will block
* access to all controllers and actions unless they are specified here.
* You may omit the 'action' index to allow access to the entire controller
*/
'BjyAuthorize\Guard\Controller'
=>
[
[
'controller'
=>
'index'
,
'action'
=>
'index'
,
'roles'
=>
[]],
[
'controller'
=>
'zfcuser'
,
'roles'
=>
[]],
[
'controller'
=>
'index'
,
'action'
=>
'index'
,
'roles'
=>
[]],
[
'controller'
=>
'zfcuser'
,
'roles'
=>
[]],
[
'controller'
=>
'Application\Controller\Index'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'etab'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'apropos'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'contact'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'plan'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'mentions-legales'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'informatique-et-libertes'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'refresh-session'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenAuth\Controller\Utilisateur'
,
'action'
=>
'selectionner-profil'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'etab'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'apropos'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'contact'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'plan'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'mentions-legales'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'informatique-et-libertes'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'refresh-session'
,
'roles'
=>
[]],
[
'controller'
=>
'UnicaenAuth\Controller\Utilisateur'
,
'action'
=>
'selectionner-profil'
,
'roles'
=>
[]],
],
],
];
return
[
'zfcuser'
=>
$zfcuserSettings
,
'bjyauthorize'
=>
$bjyauthorize
,
'unicaen-auth'
=>
$settings
,
'doctrine'
=>
[
'zfcuser'
=>
$zfcuserSettings
,
'bjyauthorize'
=>
$bjyauthorize
,
'unicaen-auth'
=>
$settings
,
'doctrine'
=>
[
'driver'
=>
[
// overriding zfc-user-doctrine-orm's config
'zfcuser_entity'
=>
[
'zfcuser_entity'
=>
[
'class'
=>
'Doctrine\ORM\Mapping\Driver\AnnotationDriver'
,
'paths'
=>
[
__DIR__
.
'/../src/UnicaenAuth/Entity/Db'
]
__DIR__
.
'/../src/UnicaenAuth/Entity/Db'
,
]
,
],
'orm_auth_driver'
=>
[
'class'
=>
'Doctrine\ORM\Mapping\Driver\AnnotationDriver'
,
'cache'
=>
'array'
,
'paths'
=>
[
__DIR__
.
'/../src/UnicaenAuth/Entity/Db'
]
__DIR__
.
'/../src/UnicaenAuth/Entity/Db'
,
]
,
],
'orm_default'
=>
[
'orm_default'
=>
[
'class'
=>
'Doctrine\ORM\Mapping\Driver\DriverChain'
,
'drivers'
=>
[
'UnicaenAuth\Entity\Db'
=>
'zfcuser_entity'
,
'UnicaenAuth\Entity\Db'
=>
'orm_auth_driver'
]
'UnicaenAuth\Entity\Db'
=>
'orm_auth_driver'
,
]
,
],
],
],
'service_manager'
=>
[
'aliases'
=>
[
'aliases'
=>
[
'Zend\Authentication\AuthenticationService'
=>
'zfcuser_auth_service'
,
],
'invokables'
=>
[
'invokables'
=>
[
'unicaen-auth_user_service'
=>
'UnicaenAuth\Service\User'
,
'UnicaenAuth\Authentication\Storage\Db'
=>
'UnicaenAuth\Authentication\Storage\Db'
,
'UnicaenAuth\Authentication\Storage\Ldap'
=>
'UnicaenAuth\Authentication\Storage\Ldap'
,
'UnicaenAuth\View\RedirectionStrategy'
=>
'UnicaenAuth\View\RedirectionStrategy'
,
'authUserContext'
=>
'UnicaenAuth\Service\UserContext'
'authUserContext'
=>
'UnicaenAuth\Service\UserContext'
,
],
'abstract_factories'
=>
[
'UnicaenAuth\Authentication\Adapter\AbstractFactory'
,
],
'factories'
=>
[
'factories'
=>
[
'unicaen-auth_module_options'
=>
'UnicaenAuth\Options\ModuleOptionsFactory'
,
'zfcuser_auth_service'
=>
'UnicaenAuth\Authentication\AuthenticationServiceFactory'
,
'UnicaenAuth\Authentication\Storage\Chain'
=>
'UnicaenAuth\Authentication\Storage\ChainServiceFactory'
,
'UnicaenAuth\Provider\Identity\Chain'
=>
'UnicaenAuth\Provider\Identity\ChainServiceFactory'
,
'UnicaenAuth\Provider\Identity\Ldap'
=>
'UnicaenAuth\Provider\Identity\LdapServiceFactory'
,
'UnicaenAuth\Provider\Identity\Db'
=>
'UnicaenAuth\Provider\Identity\DbServiceFactory'
,
'UnicaenAuth\Provider\Identity\Basic'
=>
'UnicaenAuth\Provider\Identity\BasicServiceFactory'
,
'UnicaenAuth\Provider\Identity\Basic'
=>
'UnicaenAuth\Provider\Identity\BasicServiceFactory'
,
'UnicaenAuth\Provider\Role\Config'
=>
'UnicaenAuth\Provider\Role\ConfigServiceFactory'
,
'UnicaenAuth\Provider\Role\DbRole'
=>
'UnicaenAuth\Provider\Role\DbRoleServiceFactory'
,
'UnicaenAuth\Provider\Role\Username'
=>
'UnicaenAuth\Provider\Role\UsernameServiceFactory'
,
],
'initializers'
=>
[
'initializers'
=>
[
'UnicaenAuth\Service\UserAwareInitializer'
,
],
],
'controllers'
=>
[
'controllers'
=>
[
'invokables'
=>
[
'UnicaenAuth\Controller\Utilisateur'
=>
'UnicaenAuth\Controller\UtilisateurController'
,
],
],
'view_manager'
=>
[
'template_map'
=>
[
'view_manager'
=>
[
'template_map'
=>
[
'error/403'
=>
__DIR__
.
'/../view/error/403.phtml'
,
],
'template_path_stack'
=>
[
'unicaen-auth'
=>
__DIR__
.
'/../view'
,
],
],
'translator'
=>
[
'translator'
=>
[
'translation_file_patterns'
=>
[
[
'type'
=>
'gettext'
,
...
...
@@ -222,34 +222,34 @@ return [
],
],
],
'router'
=>
[
'router'
=>
[
'routes'
=>
[
'zfcuser'
=>
[
'type'
=>
'Literal'
,
'priority'
=>
1000
,
'options'
=>
[
'route'
=>
'/auth'
,
'zfcuser'
=>
[
'type'
=>
'Literal'
,
'priority'
=>
1000
,
'options'
=>
[
'route'
=>
'/auth'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'index'
,
],
],
'may_terminate'
=>
true
,
'child_routes'
=>
[
'login'
=>
[
'type'
=>
'Literal'
,
'child_routes'
=>
[
'login'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/connexion'
,
'route'
=>
'/connexion'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'login'
,
],
],
],
'logout'
=>
[
'type'
=>
'Literal'
,
'logout'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/deconnexion'
,
'route'
=>
'/deconnexion'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'logout'
,
...
...
@@ -257,9 +257,9 @@ return [
],
],
'register'
=>
[
'type'
=>
'Literal'
,
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/creation-compte'
,
'route'
=>
'/creation-compte'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'register'
,
...
...
@@ -269,8 +269,8 @@ return [
],
],
'utilisateur'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/utilisateur'
,
'defaults'
=>
[
'__NAMESPACE__'
=>
'UnicaenAuth\Controller'
,
...
...
@@ -279,16 +279,16 @@ return [
],
],
'may_terminate'
=>
true
,
'child_routes'
=>
[
'child_routes'
=>
[
'default'
=>
[
'type'
=>
'Segment'
,
'options'
=>
[
'route'
=>
'/:action[/:id]'
,
'route'
=>
'/:action[/:id]'
,
'constraints'
=>
[
'action'
=>
'[a-zA-Z][a-zA-Z0-9_-]*'
,
'id'
=>
'[0-9]*'
,
],
'defaults'
=>
[
'defaults'
=>
[
'action'
=>
'index'
,
],
],
...
...
@@ -298,16 +298,16 @@ return [
],
],
// All navigation-related configuration is collected in the 'navigation' key
'navigation'
=>
[
'navigation'
=>
[
// The DefaultNavigationFactory we configured uses 'default' as the sitemap key
'default'
=>
[
// And finally, here is where we define our page hierarchy
'home'
=>
[
'pages'
=>
[
'login'
=>
[
'label'
=>
_
(
"Connexion"
),
'route'
=>
'zfcuser/login'
,
'visible'
=>
false
,
'login'
=>
[
'label'
=>
_
(
"Connexion"
),
'route'
=>
'zfcuser/login'
,
'visible'
=>
false
,
],
'register'
=>
[
'label'
=>
_
(
"Enregistrement"
),
...
...
@@ -318,4 +318,19 @@ return [
],
],
],
'view_helpers'
=>
[
'factories'
=>
[
'userConnection'
=>
'UnicaenAuth\View\Helper\UserConnectionFactory'
,
'userCurrent'
=>
'UnicaenAuth\View\Helper\UserCurrentFactory'
,
'userStatus'
=>
'UnicaenAuth\View\Helper\UserStatusFactory'
,
'userProfile'
=>
'UnicaenAuth\View\Helper\UserProfileFactory'
,
'userInfo'
=>
'UnicaenAuth\View\Helper\UserInfoFactory'
,
'userProfileSelect'
=>
'UnicaenAuth\View\Helper\UserProfileSelectFactory'
,
'userProfileSelectRadioItem'
=>
'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory'
,
],
'invokables'
=>
[
'appConnection'
=>
'UnicaenAuth\View\Helper\AppConnection'
,
],
],
];
\ No newline at end of file
data/schema_mysql.sql
View file @
87b6f3a7
...
...
@@ -14,6 +14,7 @@ CREATE TABLE IF NOT EXISTS `user_role` (
`role_id`
VARCHAR
(
64
)
NOT
NULL
,
`is_default`
TINYINT
(
1
)
NOT
NULL
DEFAULT
0
,
`parent_id`
INT
(
11
)
NULL
DEFAULT
NULL
,
`ldap_filter`
varchar
(
255
)
CHARACTER
SET
utf8
DEFAULT
NULL
,
PRIMARY
KEY
(
`id`
),
UNIQUE
INDEX
`unique_role`
(
`role_id`
ASC
),
INDEX
`idx_parent_id`
(
`parent_id`
ASC
),
...
...
src/UnicaenAuth/Entity/Db/Role.php
View file @
87b6f3a7
...
...
@@ -2,7 +2,7 @@
/**
* BjyAuthorize Module (https://github.com/bjyoungblood/BjyAuthorize)
*
* @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
* @link
https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
...
...
@@ -45,6 +45,12 @@ class Role implements HierarchicalRoleInterface
*/
protected
$parent
;
/**
* @var string
* @ORM\Column(name="ldap_filter", type="string", length=255, unique=true, nullable=true)
*/
protected
$ldapFilter
;
/**
* @var \Doctrine\Common\Collections\Collection
* @ORM\ManyToMany(targetEntity="UnicaenAuth\Entity\Db\User")
...
...
@@ -55,6 +61,8 @@ class Role implements HierarchicalRoleInterface
*/
protected
$users
;
/**
* Get the id.
*
...
...
@@ -65,6 +73,8 @@ class Role implements HierarchicalRoleInterface
return
$this
->
id
;
}
/**
* Set the id.
*
...
...
@@ -75,9 +85,12 @@ class Role implements HierarchicalRoleInterface
public
function
setId
(
$id
)
{
$this
->
id
=
(
int
)
$id
;
return
$this
;
}
/**
* Get the role id.
*
...
...
@@ -88,6 +101,8 @@ class Role implements HierarchicalRoleInterface
return
$this
->
roleId
;
}
/**
* Set the role id.
*
...
...
@@ -97,10 +112,13 @@ class Role implements HierarchicalRoleInterface
*/
public
function
setRoleId
(
$roleId
)
{
$this
->
roleId
=
(
string
)
$roleId
;
$this
->
roleId
=
(
string
)
$roleId
;
return
$this
;
}
/**
* Is this role the default one ?
*
...
...
@@ -111,6 +129,8 @@ class Role implements HierarchicalRoleInterface
return
$this
->
isDefault
;
}
/**
* Set this role as the default one.
*
...
...
@@ -120,10 +140,13 @@ class Role implements HierarchicalRoleInterface
*/
public
function
setIsDefault
(
$isDefault
)
{
$this
->
isDefault
=
(
boolean
)
$isDefault
;
$this
->
isDefault
=
(
boolean
)
$isDefault
;
return
$this
;
}
/**
* Get the parent role
*
...
...
@@ -134,6 +157,8 @@ class Role implements HierarchicalRoleInterface
return
$this
->
parent
;
}
/**
* Set the parent role.
*
...
...
@@ -144,9 +169,36 @@ class Role implements HierarchicalRoleInterface
public
function
setParent
(
Role
$parent
)
{
$this
->
parent
=
$parent
;
return
$this
;
}
/**
* @return string
*/
public
function
getLdapFilter
()
{
return
$this
->
ldapFilter
;
}
/**
* @param string $ldapFilter
*
* @return Role
*/
public
function
setLdapFilter
(
$ldapFilter
)
{
$this
->
ldapFilter
=
$ldapFilter
;
return
$this
;
}
/**
* Get users.
*
...
...
@@ -157,6 +209,8 @@ class Role implements HierarchicalRoleInterface
return
$this
->
users
->
getValues
();
}
/**
* Add a user to the role.
*
...
...
@@ -168,9 +222,11 @@ class Role implements HierarchicalRoleInterface
{
$this
->
users
[]
=
$user
;
}
/**
*
*
* @return string
*/
public
function
__toString
()
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment