Skip to content
Snippets Groups Projects
Commit cb28b510 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Merge de la branche 1.2.0.x-dev

parents e491c9ce fc06f5fd
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 1008 additions and 403 deletions
.gitignore
+ 1
1
View file @ cb28b510
Module.php
+ 48
58
View file @ cb28b510
......@@ -2,9 +2,18 @@
namespace UnicaenAuth;
use UnicaenAuth\Authentication\Adapter\Cas as CasAdapter;
use UnicaenAuth\Options\ModuleOptions;
use UnicaenAuth\Service\ShibService;
use Zend\EventManager\EventInterface;
use Zend\ModuleManager\Feature\AutoloaderProviderInterface;
use Zend\ModuleManager\Feature\ConfigProviderInterface;
use Zend\ModuleManager\Feature\ServiceProviderInterface;
use Zend\ServiceManager\Exception\ServiceNotFoundException;
use Zend\ServiceManager\ServiceLocatorInterface;
use Zend\View\Helper\Navigation;
use ZfcUser\Form\Login;
use ZfcUser\Form\LoginFilter;
/**
* Point d'entrée du module d'authentification Unicaen.
......@@ -14,7 +23,11 @@ use Zend\ModuleManager\Feature\ServiceProviderInterface;
class Module implements AutoloaderProviderInterface, ConfigProviderInterface, ServiceProviderInterface
{
/**
*
* @var ModuleOptions
*/
private $options;
/**
* @return array
* @see ConfigProviderInterface
*/
......@@ -23,10 +36,7 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
return include __DIR__ . '/config/module.config.php';
}
/**
*
* @return array
* @see AutoloaderProviderInterface
*/
......@@ -44,8 +54,6 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
];
}
/**
* This method is called once the MVC bootstrapping is complete,
* after the "loadModule.post" event, once $application->bootstrap() is called.
......@@ -54,9 +62,9 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
*
* @see BootstrapListenerInterface
*/
public function onBootstrap(\Zend\EventManager\EventInterface $e)
/* @var \Zend\Mvc\MvcEvent $e */
public function onBootstrap(EventInterface $e)
{
/* @var \Zend\Mvc\MvcEvent $e */
$application = $e->getApplication();
/* @var $services \Zend\ServiceManager\ServiceManager */
$services = $application->getServiceManager();
......@@ -65,63 +73,45 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
try {
$authorizeService = $services->get('BjyAuthorize\Service\Authorize');
/* @var $authorizeService \BjyAuthorize\Service\Authorize */
\Zend\View\Helper\Navigation::setDefaultAcl($authorizeService->getAcl());
\Zend\View\Helper\Navigation::setDefaultRole($authorizeService->getIdentity());
} catch (\Zend\ServiceManager\Exception\ServiceNotFoundException $snfe) {
Navigation::setDefaultAcl($authorizeService->getAcl());
Navigation::setDefaultRole($authorizeService->getIdentity());
} catch (ServiceNotFoundException $snfe) {
// pas de module BjyAuthorize : pas d'ACL
}
/* @var $options Options\ModuleOptions */
$options = $services->get('unicaen-auth_module_options');
/* @var $options ModuleOptions */
$this->options = $services->get('unicaen-auth_module_options');
// si l'auth CAS est demandée, modif de la route de connexion pour zapper le formulaire
if ($options->getCas() && php_sapi_name() !== 'cli') {
/* @var $router \Zend\Mvc\Router\Http\TreeRouteStack */
$router = $services->get('router');
$router->addRoutes([
// remplace les routes existantes (cf. config du module)
'zfcuser' => [
'type' => 'Literal',
'priority' => 1000,
'options' => [
'route' => '/auth',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'index',
],
],
'may_terminate' => true,
'child_routes' => [
'login' => [
'type' => 'Literal',
'options' => [
'route' => '/connexion',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'authenticate', // zappe l'action 'login'
],
],
],
'logout' => [
'type' => 'Literal',
'options' => [
'route' => '/deconnexion',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'logout',
],
],
],
],
],
]);
}
$this->reconfigureRoutesForAuth($services);
}
/**
* @param ServiceLocatorInterface $sl
*/
private function reconfigureRoutesForAuth(ServiceLocatorInterface $sl)
{
/* @var $router \Zend\Mvc\Router\Http\TreeRouteStack */
$router = $sl->get('router');
// si l'auth CAS est activée, modif de la route de connexion pour zapper le formulaire d'auth maison.
$isCasEnable = (bool) $this->options->getCas();
if ($isCasEnable && php_sapi_name() !== 'cli') {
/** @var CasAdapter $casAdapter */
$casAdapter = $sl->get('UnicaenAuth\Authentication\Adapter\Cas');
$casAdapter->reconfigureRoutesForCasAuth($router);
}
// si l'auth Shibboleth est activée, modif de la route de déconnexion pour réaliser la déconnexion Shibboleth.
$shibOptions = $this->options->getShibboleth();
$isShibEnable = array_key_exists('enable', $shibOptions) && (bool) $shibOptions['enable'];
if ($isShibEnable && php_sapi_name() !== 'cli') {
/** @var ShibService $shibService */
$shibService = $sl->get(ShibService::class);
$shibService->reconfigureRoutesForShibAuth($router);
}
}
/**
*
* @return array
* @see ServiceProviderInterface
*/
......@@ -132,8 +122,8 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
// verrue pour forcer le label de l'identifiant qqsoit l'options 'auth_identity_fields'
'zfcuser_login_form' => function ($sm) {
$options = $sm->get('zfcuser_module_options');
$form = new \ZfcUser\Form\Login(null, $options);
$form->setInputFilter(new \ZfcUser\Form\LoginFilter($options));
$form = new Login(null, $options);
$form->setInputFilter(new LoginFilter($options));
$form->get('identity')->setLabel("Username");
return $form;
......
composer.json
+ 1
1
View file @ cb28b510
......@@ -4,7 +4,7 @@
"repositories": [
{
"type": "composer",
"url": "https://dev.unicaen.fr/packagist"
"url": "https://gest.unicaen.fr/packagist"
}
],
"require": {
......
config/module.config.php
+ 35
4
View file @ cb28b510
<?php
use UnicaenAuth\Provider\Privilege\Privileges;
use UnicaenAuth\Controller\AuthControllerFactory;
use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\ShibServiceFactory;
use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
$settings = [
/**
* Fournisseurs d'identité.
*/
......@@ -119,6 +121,8 @@ return [
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'informatique-et-libertes', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'refresh-session', 'roles' => []],
['controller' => 'UnicaenAuth\Controller\Utilisateur', 'action' => 'selectionner-profil', 'roles' => []],
['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'shibboleth', 'roles' => []],
],
],
],
......@@ -167,6 +171,27 @@ return [
],
'router' => [
'routes' => [
'auth' => [
'type' => 'Literal',
'options' => [
'route' => '/auth',
'defaults' => [
'controller' => 'UnicaenAuth\Controller\Auth',
],
],
'may_terminate' => false,
'child_routes' => [
'shibboleth' => [
'type' => 'Literal',
'options' => [
'route' => '/shibboleth',
'defaults' => [
'action' => 'shibboleth',
],
],
],
],
],
'zfcuser' => [
'type' => 'Literal',
'priority' => 1000,
......@@ -346,12 +371,11 @@ return [
'invokables' => [
'UnicaenAuth\Authentication\Storage\Db' => 'UnicaenAuth\Authentication\Storage\Db',
'UnicaenAuth\Authentication\Storage\Ldap' => 'UnicaenAuth\Authentication\Storage\Ldap',
'UnicaenAuth\Authentication\Storage\Shib' => 'UnicaenAuth\Authentication\Storage\Shib',
'UnicaenAuth\View\RedirectionStrategy' => 'UnicaenAuth\View\RedirectionStrategy',
'UnicaenAuth\Service\UserContext' => 'UnicaenAuth\Service\UserContext',
'UnicaenAuth\Service\User' => 'UnicaenAuth\Service\User',
'UnicaenAuth\Service\Privilege' => 'UnicaenAuth\Service\PrivilegeService',
'UnicaenAuth\Service\CategoriePrivilege' => 'UnicaenAuth\Service\CategoriePrivilegeService',
'UnicaenAuth\Service\Role' => 'UnicaenAuth\Service\RoleService',
],
'abstract_factories' => [
'UnicaenAuth\Authentication\Adapter\AbstractFactory',
......@@ -367,8 +391,11 @@ return [
'UnicaenAuth\Provider\Role\Config' => 'UnicaenAuth\Provider\Role\ConfigServiceFactory',
'UnicaenAuth\Provider\Role\DbRole' => 'UnicaenAuth\Provider\Role\DbRoleServiceFactory',
'UnicaenAuth\Provider\Role\Username' => 'UnicaenAuth\Provider\Role\UsernameServiceFactory',
'UnicaenAuth\Service\Role' => 'UnicaenAuth\Service\RoleServiceFactory',
'UnicaenAuth\Service\Privilege' => 'UnicaenAuth\Service\PrivilegeServiceFactory',
'BjyAuthorize\Service\Authorize' => 'UnicaenAuth\Service\AuthorizeServiceFactory', // substituion
'zfcuser_redirect_callback' => 'UnicaenAuth\Authentication\RedirectCallbackFactory', // substituion
ShibService::class => ShibServiceFactory::class,
'MouchardCompleterAuth' => 'UnicaenAuth\Mouchard\MouchardCompleterAuthFactory',
],
'shared' => [
......@@ -384,6 +411,9 @@ return [
'UnicaenAuth\Controller\Utilisateur' => 'UnicaenAuth\Controller\UtilisateurController',
'UnicaenAuth\Controller\Droits' => 'UnicaenAuth\Controller\DroitsController',
],
'factories' => [
'UnicaenAuth\Controller\Auth' => AuthControllerFactory::class,
],
],
'form_elements' => [
......@@ -401,6 +431,7 @@ return [
'userInfo' => 'UnicaenAuth\View\Helper\UserInfoFactory',
'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
'shibConnect' => ShibConnectViewHelperFactory::class,
],
'invokables' => [
'appConnection' => 'UnicaenAuth\View\Helper\AppConnection',
......
config/unicaen-auth.global.php.dist
+ 14
0
View file @ cb28b510
......@@ -67,6 +67,20 @@ $config = [
if ($settings['enable_privileges']) {
$privileges = [
'unicaen-auth' => [
/**
* Classes représentant les entités rôle et privilège.
* - Entité rôle : héritant de \UnicaenAuth\Entity\Db\AbstractRole ou implémentant \UnicaenAuth\Entity\Db\RoleInterface.
* - Entité privilège : héritant de \UnicaenAuth\Entity\Db\AbstractPrivilege ou implémentant \UnicaenAuth\Entity\Db\PrivilegeInterface.
*
* Valeurs par défaut :
* - 'role_entity_class' : 'UnicaenAuth\Entity\Db\Role'
* - 'privilege_entity_class' : 'UnicaenAuth\Entity\Db\Privilege'
*/
'role_entity_class' => 'UnicaenAuth\Entity\Db\Role',
'privilege_entity_class' => 'UnicaenAuth\Entity\Db\Privilege',
],
'bjyauthorize' => [
'resource_providers' => [
......
config/unicaen-auth.local.php.dist
+ 6
0
View file @ cb28b510
......@@ -6,6 +6,12 @@
* drop this config file in it and change the values as you wish.
*/
$settings = [
/**
* Activation ou non de l'authentification Shibboleth.
*/
'shibboleth' => [
'enable' => false,
],
/**
* Paramètres de connexion au serveur CAS :
* - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
......
src/UnicaenAuth/Authentication/Adapter/AbstractFactory.php
+ 14
7
View file @ cb28b510
<?php
namespace UnicaenAuth\Authentication\Adapter;
use UnicaenApp\Exception;
use UnicaenAuth\Authentication\Adapter\Cas;
use UnicaenAuth\Authentication\Adapter\Db;
use UnicaenAuth\Authentication\Adapter\Ldap;
use UnicaenApp\Exception\LogicException;
use Zend\EventManager\EventManager;
use Zend\EventManager\EventManagerAwareInterface;
use Zend\ServiceManager\AbstractFactoryInterface;
use Zend\ServiceManager\ServiceLocatorInterface;
......@@ -34,7 +34,7 @@ class AbstractFactory implements AbstractFactoryInterface
* @param ServiceLocatorInterface $serviceLocator
* @param $name
* @param $requestedName
* @return mixed
* @return \ZfcUser\Authentication\Adapter\AbstractAdapter
*/
public function createServiceWithName(ServiceLocatorInterface $serviceLocator, $name, $requestedName)
{
......@@ -48,12 +48,19 @@ class AbstractFactory implements AbstractFactoryInterface
case __NAMESPACE__ . '\Cas':
$adapter = new Cas();
break;
//
// NB: pour faire simple, la stratégie de créer un adapter pour l'auth Shibboleth n'a pas été retenue.
//
// case __NAMESPACE__ . '\Shib':
// $adapter = new Shib();
// break;
default:
throw new Exception("Service demandé inattendu : '$requestedName'!");
throw new LogicException("Service demandé inattendu : '$requestedName'!");
break;
}
if ($adapter instanceof \Zend\EventManager\EventManagerAwareInterface) {
if ($adapter instanceof EventManagerAwareInterface) {
/** @var EventManager $eventManager */
$eventManager = $serviceLocator->get('event_manager');
$adapter->setEventManager($eventManager);
$userService = $serviceLocator->get('unicaen-auth_user_service'); /* @var $userService \UnicaenAuth\Service\User */
......
src/UnicaenAuth/Authentication/Adapter/Cas.php
+ 45
0
View file @ cb28b510
......@@ -9,6 +9,7 @@ use Zend\Authentication\Result as AuthenticationResult;
use Zend\EventManager\EventManager;
use Zend\EventManager\EventManagerAwareInterface;
use Zend\EventManager\EventManagerInterface;
use Zend\Mvc\Router\Http\TreeRouteStack;
use Zend\ServiceManager\ServiceManager;
use Zend\ServiceManager\ServiceManagerAwareInterface;
use ZfcUser\Authentication\Adapter\AbstractAdapter;
......@@ -230,4 +231,48 @@ class Cas extends AbstractAdapter implements ServiceManagerAwareInterface, Event
$this->eventManager = $eventManager;
return $this;
}
/**
* @param TreeRouteStack $router
*/
public function reconfigureRoutesForCasAuth(TreeRouteStack $router)
{
$router->addRoutes([
// remplace les routes existantes (cf. config du module)
'zfcuser' => [
'type' => 'Literal',
'priority' => 1000,
'options' => [
'route' => '/auth',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'index',
],
],
'may_terminate' => true,
'child_routes' => [
'login' => [
'type' => 'Literal',
'options' => [
'route' => '/connexion',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'authenticate', // zappe l'action 'login'
],
],
],
'logout' => [
'type' => 'Literal',
'options' => [
'route' => '/deconnexion',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'logout',
],
],
],
],
],
]);
}
}
\ No newline at end of file
src/UnicaenAuth/Authentication/Adapter/Ldap.php
+ 102
24
View file @ cb28b510
<?php
namespace UnicaenAuth\Authentication\Adapter;
use UnicaenApp\Exception\RuntimeException;
use UnicaenApp\Mapper\Ldap\People as LdapPeopleMapper;
use UnicaenAuth\Options\ModuleOptions;
use Zend\Authentication\Exception\UnexpectedValueException;
use Zend\Authentication\Result as AuthenticationResult;
use UnicaenAuth\Service\User;
use Zend\Authentication\Adapter\Ldap as LdapAuthAdapter;
use Zend\Authentication\Result;
use Zend\EventManager\Event;
use Zend\Authentication\Exception\ExceptionInterface;
use Zend\Authentication\Result as AuthenticationResult;
use Zend\EventManager\EventManager;
use Zend\EventManager\EventManagerAwareInterface;
use Zend\EventManager\EventManagerInterface;
use Zend\Ldap\Exception\LdapException;
use Zend\ServiceManager\ServiceManager;
use Zend\ServiceManager\ServiceManagerAwareInterface;
use ZfcUser\Authentication\Adapter\AbstractAdapter;
......@@ -41,6 +42,11 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
*/
protected $ldapAuthAdapter;
/**
* @var LdapPeopleMapper
*/
protected $ldapPeopleMapper;
/**
* @var ModuleOptions
*/
......@@ -55,13 +61,18 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
*
* @param AuthEvent $e
* @return boolean
* @throws UnexpectedValueException
* @throws \Zend\Authentication\Adapter\Exception\ExceptionInterface
* @throws \Zend\Ldap\Exception\LdapException
* @see ChainableAdapter
*/
public function authenticate(AuthEvent $e)
{
if ($this->isSatisfied()) {
try {
$storage = $this->getStorage()->read();
} catch (ExceptionInterface $e) {
throw new RuntimeException("Erreur de lecture du storage");
}
$e->setIdentity($storage['identity'])
->setCode(AuthenticationResult::SUCCESS)
->setMessages(['Authentication successful.']);
......@@ -87,15 +98,54 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
return false;
}
// recherche de l'individu dans l'annuaire LDAP
$ldapPeople = $this->getLdapPeopleMapper()->findOneByUsername($username);
if (!$ldapPeople) {
$e
->setCode(AuthenticationResult::FAILURE)
->setMessages(['Authentication failed.']);
$this->setSatisfied(false);
return false;
}
$e->setIdentity($this->usernameUsurpe ?: $username);
$this->setSatisfied(true);
try {
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
} catch (ExceptionInterface $e) {
throw new RuntimeException("Erreur de concernant le storage");
}
$e->setCode(AuthenticationResult::SUCCESS)
->setMessages(['Authentication successful.']);
$this->getEventManager()->trigger('userAuthenticated', $e);
/* @var $userService User */
$userService = $this->getServiceManager()->get('unicaen-auth_user_service');
$userService->userAuthenticated($ldapPeople);
}
/**
* Extrait le loginUsurpateur et le loginUsurpé si l'identifiant spécifé est de la forme
* "loginUsurpateur=loginUsurpé".
*
* @param string $identifiant Identifiant, éventuellement de la forme "loginUsurpateur=loginUsurpé"
* @return array
* [loginUsurpateur, loginUsurpé] si l'identifiant est de la forme "loginUsurpateur=loginUsurpé" ;
* [] sinon.
*/
static public function extractUsernamesUsurpation($identifiant)
{
if (strpos($identifiant, self::USURPATION_USERNAMES_SEP) > 0) {
list($identifiant, $usernameUsurpe) = explode(self::USURPATION_USERNAMES_SEP, $identifiant, 2);
return [
$identifiant,
$usernameUsurpe
];
}
return [];
}
/**
......@@ -104,6 +154,8 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
* @param string $username Identifiant de connexion
* @param string $credential Mot de passe
* @return boolean
* @throws \Zend\Authentication\Adapter\Exception\ExceptionInterface
* @throws \Zend\Ldap\Exception\LdapException
*/
public function authenticateUsername($username, $credential)
{
......@@ -111,20 +163,17 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
// - le format attendu est "loginUsurpateur=loginUsurpé"
// - le mot de passe attendu est celui du compte usurpateur (loginUsurpateur)
$this->usernameUsurpe = null;
if (strpos($username, self::USURPATION_USERNAMES_SEP) > 0) {
list($username, $this->usernameUsurpe) = explode(self::USURPATION_USERNAMES_SEP, $username, 2);
$usernames = self::extractUsernamesUsurpation($username);
if (count($usernames) === 2) {
list ($username, $this->usernameUsurpe) = $usernames;
if (!in_array($username, $this->getOptions()->getUsurpationAllowedUsernames())) {
$this->usernameUsurpe = null;
}
}
// LDAP auth
/** @var Result $result */
$result = $this->getLdapAuthAdapter()->setUsername($username)->setPassword($credential)->authenticate();
if ($result && count($result->getMessages())) {
// Obtenir le message LDAP
// $msg = preg_replace('/\[0x\d* \((.*)\):/','$1', $event->getParam('result')->getMessages()[1]);
......@@ -149,6 +198,31 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
return $success;
}
/**
* get ldap people mapper
*
* @return LdapPeopleMapper
*/
public function getLdapPeopleMapper()
{
if (null === $this->ldapPeopleMapper) {
$this->ldapPeopleMapper = $this->getServiceManager()->get('ldap_people_mapper');
}
return $this->ldapPeopleMapper;
}
/**
* set ldap people mapper
*
* @param LdapPeopleMapper $mapper
* @return self
*/
public function setLdapPeopleMapper(LdapPeopleMapper $mapper)
{
$this->ldapPeopleMapper = $mapper;
return $this;
}
/**
* @param ModuleOptions $options
*/
......@@ -250,6 +324,10 @@ class Ldap extends AbstractAdapter implements ServiceManagerAwareInterface, Even
*/
public function setEventManager(EventManagerInterface $eventManager)
{
$eventManager->setIdentifiers([
__NAMESPACE__,
__CLASS__,
]);
$this->eventManager = $eventManager;
return $this;
}
......
src/UnicaenAuth/Authentication/Storage/ChainableStorage.php
+ 4
10
View file @ cb28b510
......@@ -2,8 +2,6 @@
namespace UnicaenAuth\Authentication\Storage;
use UnicaenAuth\Authentication\Storage\ChainEvent;
interface ChainableStorage
{
/**
......@@ -11,25 +9,21 @@ interface ChainableStorage
*
* Behavior is undefined when storage is empty.
*
* @throws InvalidArgumentException If reading contents from storage is impossible
* @return People
* @param \UnicaenAuth\Authentication\Storage\ChainEvent $e
*/
public function read(ChainEvent $e);
/**
* Writes $contents to storage
*
* @param mixed $contents
* @throws InvalidArgumentException If writing $contents to storage is impossible
* @return void
* @param \UnicaenAuth\Authentication\Storage\ChainEvent $e
*/
public function write(ChainEvent $e);
/**
* Clears contents from storage
*
* @throws InvalidArgumentException If clearing contents from storage is impossible
* @return void
* @param \UnicaenAuth\Authentication\Storage\ChainEvent $e
*/
public function clear(ChainEvent $e);
}
\ No newline at end of file
src/UnicaenAuth/Authentication/Storage/Shib.php 0 → 100644
+ 114
0
View file @ cb28b510
<?php
namespace UnicaenAuth\Authentication\Storage;
use UnicaenAuth\Entity\Shibboleth\ShibUser;
use UnicaenAuth\Options\ModuleOptions;
use UnicaenAuth\Service\ShibService;
use Zend\Authentication\Storage\Session;
use Zend\Authentication\Storage\StorageInterface;
use Zend\ServiceManager\ServiceLocatorAwareInterface;
use Zend\ServiceManager\ServiceLocatorAwareTrait;
use Zend\ServiceManager\ServiceManager;
/**
* Shibboleth authentication storage.
*
* @author Unicaen
*/
class Shib implements ChainableStorage, ServiceLocatorAwareInterface
{
use ServiceLocatorAwareTrait;
/**
* @var StorageInterface
*/
protected $storage;
/**
* @var ModuleOptions
*/
protected $options;
/**
* @var ShibUser
*/
protected $resolvedIdentity;
/**
* @var ServiceManager
*/
protected $serviceManager;
/**
* Returns the contents of storage
*
* Behavior is undefined when storage is empty.
*
* @param ChainEvent $e
* @return ShibUser
* @throws \Zend\Authentication\Exception\ExceptionInterface
*/
public function read(ChainEvent $e)
{
/** @var ShibService $shib */
$shib = $this->getServiceLocator()->get(ShibService::class);
$shibUser = $shib->getAuthenticatedUser();
$e->addContents('shib', $shibUser);
return $shibUser;
}
/**
* Writes $contents to storage
*
* @param ChainEvent $e
* @throws \Zend\Authentication\Exception\ExceptionInterface
*/
public function write(ChainEvent $e)
{
$contents = $e->getParam('contents');
$this->resolvedIdentity = null;
$this->getStorage()->write($contents);
}
/**
* Clears contents from storage
*
* @param ChainEvent $e
* @throws \Zend\Authentication\Exception\ExceptionInterface
*/
public function clear(ChainEvent $e)
{
$this->resolvedIdentity = null;
$this->getStorage()->clear();
}
/**
* getStorage
*
* @return StorageInterface
*/
public function getStorage()
{
if (null === $this->storage) {
$this->setStorage(new Session());
}
return $this->storage;
}
/**
* setStorage
*
* @param StorageInterface $storage
* @return self
*/
public function setStorage(StorageInterface $storage)
{
$this->storage = $storage;
return $this;
}
}
src/UnicaenAuth/Controller/AuthController.php 0 → 100644
+ 73
0
View file @ cb28b510
<?php
namespace UnicaenAuth\Controller;
use UnicaenApp\Exception\RuntimeException;
use UnicaenAuth\Service\Traits\ShibServiceAwareTrait;
use UnicaenAuth\Service\Traits\UserServiceAwareTrait;
use Zend\Authentication\AuthenticationService;
use Zend\Authentication\Exception\ExceptionInterface;
use Zend\Http\Response;
use Zend\Mvc\Controller\AbstractActionController;
use ZfcUser\Controller\Plugin\ZfcUserAuthentication;
/**
* Classe ajoutée lors de l'implémentation de l'auth Shibboleth.
*
* @method ZfcUserAuthentication zfcUserAuthentication()
* @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
*/
class AuthController extends AbstractActionController
{
use ShibServiceAwareTrait;
use UserServiceAwareTrait;
/**
* @return Response|array
*/
public function shibbolethAction()
{
$operation = $this->params()->fromRoute('operation');
if ($operation === 'deconnexion') {
// déconnexion applicative quoiqu'il arrive
$this->zfcUserAuthentication()->getAuthAdapter()->resetAdapters();
$this->zfcUserAuthentication()->getAuthAdapter()->logoutAdapters();
$this->zfcUserAuthentication()->getAuthService()->clearIdentity();
// déconnexion Shibboleth le cas échéant
if ($this->shibService->isShibbolethEnable()) {
$homeUrl = $this->url()->fromRoute('home', [], ['force_canonical' => true]);
$returnAbsoluteUrl = $this->params()->fromQuery('return', $homeUrl);
return $this->redirect()->toUrl($this->shibService->getLogoutUrl($returnAbsoluteUrl));
} else {
return []; // une page d'aide s'affichera
}
}
$shibUser = $this->shibService->getAuthenticatedUser();
if ($shibUser === null) {
return []; // une page d'aide s'affichera
}
/** @var AuthenticationService $authService */
$authService = $this->getServiceLocator()->get('zfcuser_auth_service');
try {
$authService->getStorage()->write($shibUser->getId());
} catch (ExceptionInterface $e) {
throw new RuntimeException("Impossible d'écrire dans le storage");
}
$this->userService->userAuthenticated($shibUser);
$redirectUrl = $this->params()->fromQuery('redirect', '/');
return $this->redirect()->toUrl($redirectUrl);
}
public function shibboleth()
{
}
}
\ No newline at end of file
src/UnicaenAuth/Controller/AuthControllerFactory.php 0 → 100644
+ 29
0
View file @ cb28b510
<?php
namespace UnicaenAuth\Controller;
use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\User as UserService;
use Zend\Mvc\Controller\ControllerManager;
class AuthControllerFactory
{
/**
* @param ControllerManager $cm
* @return AuthController
*/
public function __invoke(ControllerManager $cm)
{
/** @var ShibService $shibService */
$shibService = $cm->getServiceLocator()->get(ShibService::class);
/* @var $userService UserService */
$userService = $cm->getServiceLocator()->get('unicaen-auth_user_service');
$controller = new AuthController();
$controller->setShibService($shibService);
$controller->setUserService($userService);
return $controller;
}
}
\ No newline at end of file
src/UnicaenAuth/Controller/DroitsController.php
+ 0
22
View file @ cb28b510
......@@ -2,8 +2,6 @@
namespace UnicaenAuth\Controller;
use UnicaenAuth\Entity\Db\Privilege;
use UnicaenAuth\Entity\Db\Role;
use UnicaenAuth\Form\Droits\Traits\RoleFormAwareTrait;
use UnicaenAuth\Service\Traits\PrivilegeServiceAwareTrait;
use UnicaenAuth\Service\Traits\RoleServiceAwareTrait;
......@@ -11,11 +9,9 @@ use Zend\Form\Form;
use Zend\Mvc\Controller\AbstractActionController;
use Zend\View\Model\ViewModel;
/**
* Description of DroitsController
*
*
* @author Laurent LÉCLUSE <laurent.lecluse at unicaen.fr>
*/
class DroitsController extends AbstractActionController
......@@ -24,19 +20,11 @@ class DroitsController extends AbstractActionController
use RoleFormAwareTrait;
use PrivilegeServiceAwareTrait;
/**
*
* @return type
*/
public function indexAction()
{
return [];
}
public function rolesAction()
{
$roles = $this->getServiceRole()->getList();
......@@ -44,8 +32,6 @@ class DroitsController extends AbstractActionController
return compact('roles');
}
public function roleEditionAction()
{
$roleId = $this->params()->fromRoute('role');
......@@ -79,8 +65,6 @@ class DroitsController extends AbstractActionController
return compact('form', 'title', 'errors');
}
public function roleSuppressionAction()
{
$roleId = $this->params()->fromRoute('role');
......@@ -101,8 +85,6 @@ class DroitsController extends AbstractActionController
return compact('role', 'title', 'form', 'errors');
}
public function privilegesAction()
{
$ps = $this->getServicePrivilege()->getList();
......@@ -123,8 +105,6 @@ class DroitsController extends AbstractActionController
return compact('privileges', 'roles');
}
public function privilegesModifierAction()
{
$roleId = $this->params()->fromPost('role');
......@@ -151,8 +131,6 @@ class DroitsController extends AbstractActionController
return $viewModel;
}
public function getFormSupprimer()
{
$form = new Form();
......
src/UnicaenAuth/Entity/Db/AbstractPrivilege.php 0 → 100644
+ 227
0
View file @ cb28b510
<?php
namespace UnicaenAuth\Entity\Db;
use Doctrine\Common\Collections\Collection;
use UnicaenAuth\Provider\Privilege\Privileges;
use Zend\Permissions\Acl\Resource\ResourceInterface;
use Doctrine\ORM\Mapping as ORM;
/**
* Privilege entity abstract mother class.
*
* @ORM\MappedSuperclass
*/
abstract class AbstractPrivilege implements PrivilegeInterface, ResourceInterface
{
/**
* @var int
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;
/**
* @var string
* @ORM\Column(name="code", type="string", length=150, unique=false, nullable=false)
*/
protected $code;
/**
* @var string
* @ORM\Column(name="libelle", type="string", length=200, unique=false, nullable=false)
*/
protected $libelle;
/**
* @var int
* @ORM\Column(name="ordre", type="integer", unique=false, nullable=true)
*/
protected $ordre;
/**
* @var CategoriePrivilege
* @ORM\ManyToOne(targetEntity="CategoriePrivilege", inversedBy="privilege")
* @ORM\JoinColumn(name="categorie_id", referencedColumnName="id")
*/
protected $categorie;
/**
* @ORM\ManyToMany(targetEntity="UnicaenAuth\Entity\Db\Role",cascade={"all"})
* @ORM\JoinTable(
* name="role_privilege",
* joinColumns={@ORM\JoinColumn(name="privilege_id", referencedColumnName="id", onDelete="cascade")},
* inverseJoinColumns={@ORM\JoinColumn(name="role_id", referencedColumnName="id", onDelete="cascade")}
*
* )
*/
protected $role;
/**
* Constructor
*/
public function __construct()
{
$this->role = new \Doctrine\Common\Collections\ArrayCollection();
}
/**
* Set code
*
* @param string $code
*
* @return Privilege
*/
public function setCode($code)
{
$this->code = $code;
return $this;
}
/**
* Get code
*
* @return string
*/
public function getCode()
{
return $this->code;
}
public function getFullCode()
{
return $this->getCategorie()->getCode() . '-' . $this->getCode();
}
/**
* Set libelle
*
* @param string $libelle
*
* @return Privilege
*/
public function setLibelle($libelle)
{
$this->libelle = $libelle;
return $this;
}
/**
* Get libelle
*
* @return string
*/
public function getLibelle()
{
return $this->libelle;
}
/**
*
* @return integer
*/
function getOrdre()
{
return $this->ordre;
}
/**
*
* @param integer $ordre
*
* @return self
*/
function setOrdre($ordre)
{
$this->ordre = $ordre;
return $this;
}
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set categorie
*
* @param CategoriePrivilege $categorie
*
* @return self
*/
public function setCategorie(CategoriePrivilege $categorie = null)
{
$this->categorie = $categorie;
return $this;
}
/**
* Get categorie
*
* @return CategoriePrivilege
*/
public function getCategorie()
{
return $this->categorie;
}
/**
* Add role
*
* @param RoleInterface $role
*
* @return self
*/
public function addRole(RoleInterface $role)
{
$this->role->add($role);
return $this;
}
/**
* Remove role
*
* @param RoleInterface $role
*/
public function removeRole(RoleInterface $role)
{
$this->role->removeElement($role);
}
/**
* Get role
*
* @return Collection
*/
public function getRole()
{
return $this->role;
}
/**
* @return string
*/
public function __toString()
{
return $this->getLibelle();
}
/**
* @return string
*/
public function getResourceId()
{
return Privileges::getResourceId($this);
}
}
\ No newline at end of file
src/UnicaenAuth/Entity/Db/AbstractRole.php 0 → 100644
+ 202
0
View file @ cb28b510
<?php
namespace UnicaenAuth\Entity\Db;
use Doctrine\ORM\Mapping as ORM;
/**
* Role entity abstract mother class.
*
* @ORM\MappedSuperclass
*/
abstract class AbstractRole implements RoleInterface
{
/**
* @var int
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;
/**
* @var string
* @ORM\Column(name="role_id", type="string", length=255, unique=true, nullable=false)
*/
protected $roleId;
/**
* @var boolean
* @ORM\Column(name="is_default", type="boolean", nullable=true)
*/
protected $isDefault = false;
/**
* @var Role
* @ORM\ManyToOne(targetEntity="Role")
*/
protected $parent;
/**
* @var string
* @ORM\Column(name="ldap_filter", type="string", length=255, unique=true, nullable=true)
*/
protected $ldapFilter;
/**
* @var \Doctrine\Common\Collections\Collection
* @ORM\ManyToMany(targetEntity="UnicaenAuth\Entity\Db\User")
* @ORM\JoinTable(name="user_role_linker",
* joinColumns={@ORM\JoinColumn(name="user_id", referencedColumnName="id")},
* inverseJoinColumns={@ORM\JoinColumn(name="role_id", referencedColumnName="id")}
* )
*/
protected $users;
/**
* Get the id.
*
* @return int
*/
public function getId()
{
return $this->id;
}
/**
* Set the id.
*
* @param int $id
*
* @return self
*/
public function setId($id)
{
$this->id = (int)$id;
return $this;
}
/**
* Get the role id.
*
* @return string
*/
public function getRoleId()
{
return $this->roleId;
}
/**
* Set the role id.
*
* @param string $roleId
*
* @return self
*/
public function setRoleId($roleId)
{
$this->roleId = (string)$roleId;
return $this;
}
/**
* Is this role the default one ?
*
* @return boolean
*/
public function getIsDefault()
{
return $this->isDefault;
}
/**
* Set this role as the default one.
*
* @param boolean $isDefault
*
* @return self
*/
public function setIsDefault($isDefault)
{
$this->isDefault = (boolean)$isDefault;
return $this;
}
/**
* Get the parent role
*
* @return Role
*/
public function getParent()
{
return $this->parent;
}
/**
* Set the parent role.
*
* @param RoleInterface $parent
*
* @return self
*/
public function setParent(RoleInterface $parent = null)
{
$this->parent = $parent;
return $this;
}
/**
* @return string
*/
public function getLdapFilter()
{
return $this->ldapFilter;
}
/**
* @param string $ldapFilter
*
* @return Role
*/
public function setLdapFilter($ldapFilter)
{
$this->ldapFilter = $ldapFilter;
return $this;
}
/**
* Get users.
*
* @return array
*/
public function getUsers()
{
return $this->users->getValues();
}
/**
* Add a user to the role.
*
* @param UserInterface $user
*
* @return void
*/
public function addUser(UserInterface $user)
{
$this->users[] = $user;
}
/**
*
* @return string
*/
public function __toString()
{
return $this->getRoleId();
}
}
\ No newline at end of file
src/UnicaenAuth/Entity/Db/AbstractUser.php
+ 5
6
View file @ cb28b510
......@@ -6,7 +6,6 @@ use BjyAuthorize\Provider\Role\ProviderInterface;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\Mapping as ORM;
use ZfcUser\Entity\UserInterface;
/**
* User entity abstract mother class.
......@@ -216,11 +215,11 @@ abstract class AbstractUser implements UserInterface, ProviderInterface
/**
* Add a role to the user.
*
* @param Role $role
* @param RoleInterface $role
*
* @return void
*/
public function addRole(Role $role)
public function addRole(RoleInterface $role)
{
$this->roles->add($role);
}
......
src/UnicaenAuth/Entity/Db/CategoriePrivilege.php
+ 3
26
View file @ cb28b510
......@@ -2,6 +2,7 @@
namespace UnicaenAuth\Entity\Db;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
/**
......@@ -43,18 +44,14 @@ class CategoriePrivilege
*/
private $privilege;
/**
* Constructor
*/
public function __construct()
{
$this->privilege = new \Doctrine\Common\Collections\ArrayCollection();
$this->privilege = new ArrayCollection();
}
/**
* Set code
*
......@@ -69,8 +66,6 @@ class CategoriePrivilege
return $this;
}
/**
* Get code
*
......@@ -81,8 +76,6 @@ class CategoriePrivilege
return $this->code;
}
/**
* Set libelle
*
......@@ -97,8 +90,6 @@ class CategoriePrivilege
return $this;
}
/**
* Get libelle
*
......@@ -109,8 +100,6 @@ class CategoriePrivilege
return $this->libelle;
}
/**
*
* @return integer
......@@ -120,8 +109,6 @@ class CategoriePrivilege
return $this->ordre;
}
/**
*
* @param integer $ordre
......@@ -135,8 +122,6 @@ class CategoriePrivilege
return $this;
}
/**
* Get id
*
......@@ -147,8 +132,6 @@ class CategoriePrivilege
return $this->id;
}
/**
* Add privilege
*
......@@ -163,8 +146,6 @@ class CategoriePrivilege
return $this;
}
/**
* Remove privilege
*
......@@ -175,8 +156,6 @@ class CategoriePrivilege
$this->privilege->removeElement($privilege);
}
/**
* Get privilege
*
......@@ -187,8 +166,6 @@ class CategoriePrivilege
return $this->privilege;
}
/**
* @return string
*/
......
src/UnicaenAuth/Entity/Db/Privilege.php
+ 2
244
View file @ cb28b510
......@@ -2,257 +2,15 @@
namespace UnicaenAuth\Entity\Db;
use UnicaenAuth\Provider\Privilege\Privileges;
use Zend\Permissions\Acl\Resource\ResourceInterface;
use Doctrine\ORM\Mapping as ORM;
/**
* Privilege entity class.
*
* @ORM\Entity
* @ORM\Table(name="privilege")
*/
class Privilege implements ResourceInterface
class Privilege extends AbstractPrivilege
{
/**
* @var int
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @var string
* @ORM\Column(name="code", type="string", length=150, unique=false, nullable=false)
*/
private $code;
/**
* @var string
* @ORM\Column(name="libelle", type="string", length=200, unique=false, nullable=false)
*/
private $libelle;
/**
* @var int
* @ORM\Column(name="ordre", type="integer", unique=false, nullable=true)
*/
private $ordre;
/**
* @var CategoriePrivilege
* @ORM\ManyToOne(targetEntity="CategoriePrivilege", inversedBy="privilege")
* @ORM\JoinColumn(name="categorie_id", referencedColumnName="id")
*/
private $categorie;
/**
* @ORM\ManyToMany(targetEntity="UnicaenAuth\Entity\Db\Role",cascade={"all"})
* @ORM\JoinTable(
* name="role_privilege",
* joinColumns={@ORM\JoinColumn(name="privilege_id", referencedColumnName="id", onDelete="cascade")},
* inverseJoinColumns={@ORM\JoinColumn(name="role_id", referencedColumnName="id", onDelete="cascade")}
*
* )
*/
private $role;
/**
* Constructor
*/
public function __construct()
{
$this->role = new \Doctrine\Common\Collections\ArrayCollection();
}
/**
* Set code
*
* @param string $code
*
* @return Privilege
*/
public function setCode($code)
{
$this->code = $code;
return $this;
}
/**
* Get code
*
* @return string
*/
public function getCode()
{
return $this->code;
}
public function getFullCode()
{
return $this->getCategorie()->getCode() . '-' . $this->getCode();
}
/**
* Set libelle
*
* @param string $libelle
*
* @return Privilege
*/
public function setLibelle($libelle)
{
$this->libelle = $libelle;
return $this;
}
/**
* Get libelle
*
* @return string
*/
public function getLibelle()
{
return $this->libelle;
}
/**
*
* @return integer
*/
function getOrdre()
{
return $this->ordre;
}
/**
*
* @param integer $ordre
*
* @return self
*/
function setOrdre($ordre)
{
$this->ordre = $ordre;
return $this;
}
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set categorie
*
* @param CategoriePrivilege $categorie
*
* @return self
*/
public function setCategorie(CategoriePrivilege $categorie = null)
{
$this->categorie = $categorie;
return $this;
}
/**
* Get categorie
*
* @return CategoriePrivilege
*/
public function getCategorie()
{
return $this->categorie;
}
/**
* Add role
*
* @param Role $role
*
* @return self
*/
public function addRole(Role $role)
{
$this->role->add($role);
return $this;
}
/**
* Remove role
*
* @param Role $role
*/
public function removeRole(Role $role)
{
$this->role->removeElement($role);
}
/**
* Get role
*
* @return \Doctrine\Common\Collections\Collection
*/
public function getRole()
{
return $this->role;
}
/**
* @return string
*/
public function __toString()
{
return $this->getLibelle();
}
/**
* @return string
*/
public function getResourceId()
{
return Privileges::getResourceId($this);
}
}
src/UnicaenAuth/Entity/Db/PrivilegeInterface.php 0 → 100644
+ 83
0
View file @ cb28b510
<?php
namespace UnicaenAuth\Entity\Db;
use Doctrine\Common\Collections\Collection;
interface PrivilegeInterface
{
/**
* @param string $code
* @return self
*/
public function setCode($code);
/**
* @return string
*/
public function getCode();
/**
* @return string
*/
public function getFullCode();
/**
* @param string $libelle
* @return self
*/
public function setLibelle($libelle);
/**
* @return string
*/
public function getLibelle();
/**
* @return integer
*/
function getOrdre();
/**
* @param integer $ordre
* @return self
*/
function setOrdre($ordre);
/**
* @return integer
*/
public function getId();
/**
* @param CategoriePrivilege $categorie
* @return self
*/
public function setCategorie(CategoriePrivilege $categorie = null);
/**
* @return CategoriePrivilege
*/
public function getCategorie();
/**
* @param RoleInterface $role
* @return self
*/
public function addRole(RoleInterface $role);
/**
* @param RoleInterface $role
*/
public function removeRole(RoleInterface $role);
/**
* @return Collection
*/
public function getRole();
/**
* @return string
*/
public function __toString();
}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment