Commit ecfc8ff5 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Support de l'authentification locale.

parent cb8ef280
...@@ -6,11 +6,22 @@ use UnicaenAuth\Service\ShibService; ...@@ -6,11 +6,22 @@ use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\ShibServiceFactory; use UnicaenAuth\Service\ShibServiceFactory;
use UnicaenAuth\Service\UserContextFactory; use UnicaenAuth\Service\UserContextFactory;
use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory; use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
use UnicaenAuth\View\Helper\LocalConnectViewHelperFactory;
use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory; use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
use UnicaenAuth\View\Helper\UserUsurpationHelperFactory; use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;
$settings = [ $settings = [
/**
* Configuration de l'authentification locale.
*/
'local' => [
/**
* Possibilité ou non de s'authentifier à l'aide d'un compte local.
*/
'enabled' => true,
],
/** /**
* Configuration de l'authentification LDAP. * Configuration de l'authentification LDAP.
*/ */
...@@ -453,6 +464,7 @@ return [ ...@@ -453,6 +464,7 @@ return [
'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory', 'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory', 'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
'userUsurpation' => UserUsurpationHelperFactory::class, 'userUsurpation' => UserUsurpationHelperFactory::class,
'localConnect' => LocalConnectViewHelperFactory::class,
'ldapConnect' => LdapConnectViewHelperFactory::class, 'ldapConnect' => LdapConnectViewHelperFactory::class,
'shibConnect' => ShibConnectViewHelperFactory::class, 'shibConnect' => ShibConnectViewHelperFactory::class,
], ],
......
...@@ -7,6 +7,16 @@ ...@@ -7,6 +7,16 @@
*/ */
$settings = [ $settings = [
/**
* Configuration de l'authentification locale.
*/
'local' => [
/**
* Possibilité ou non de s'authentifier à l'aide d'un compte local.
*/
'enabled' => true,
],
/** /**
* Configuration de l'authentification LDAP. * Configuration de l'authentification LDAP.
*/ */
......
...@@ -107,4 +107,26 @@ class AuthController extends AbstractActionController ...@@ -107,4 +107,26 @@ class AuthController extends AbstractActionController
throw new RuntimeException("Impossible d'écrire dans le storage"); throw new RuntimeException("Impossible d'écrire dans le storage");
} }
} }
public function sendPasswordRenewalMailAction()
{
// lecture email fourni
// tester email connu dans table utilisateur
// générer / enregistrer token dans table utilisateur
// envoyer mail avec lien/token
}
public function changePasswordAction()
{
// lecture token fourni
// test token fourni existe dans table utilisateur
// afficher formulaire de màj
// màj password
}
} }
\ No newline at end of file
...@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options; ...@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options;
*/ */
class ModuleOptions extends \ZfcUser\Options\ModuleOptions class ModuleOptions extends \ZfcUser\Options\ModuleOptions
{ {
/**
* Paramètres concernant l'authentification locale.
*
* @var array
*/
protected $local = [];
/** /**
* Paramètres concernant l'authentification LDAP. * Paramètres concernant l'authentification LDAP.
* *
...@@ -46,6 +53,25 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions ...@@ -46,6 +53,25 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
*/ */
protected $entityManagerName = 'doctrine.entitymanager.orm_default'; protected $entityManagerName = 'doctrine.entitymanager.orm_default';
/**
* @return array
*/
public function getLocal()
{
return $this->local;
}
/**
* @param array $local
* @return self
*/
public function setLocal(array $local)
{
$this->local = $local;
return $this;
}
/** /**
* Retourne les paramètres concernant l'authentification LDAP. * Retourne les paramètres concernant l'authentification LDAP.
* *
......
...@@ -327,6 +327,9 @@ EOS; ...@@ -327,6 +327,9 @@ EOS;
if ($this->getShibbolethSimulate()) { if ($this->getShibbolethSimulate()) {
return '/'; return '/';
} }
if ($this->getAuthenticatedUser() === null) {
return '/';
}
$logoutRelativeUrl = '/Shibboleth.sso/Logout?return='; // NB: '?return=' semble obligatoire! $logoutRelativeUrl = '/Shibboleth.sso/Logout?return='; // NB: '?return=' semble obligatoire!
......
...@@ -62,10 +62,12 @@ class LdapConnectViewHelper extends AbstractHelper ...@@ -62,10 +62,12 @@ class LdapConnectViewHelper extends AbstractHelper
} }
try { try {
return $this->getView()->render("ldap-connect", [ return $this->getView()->render("connect", [
'title' => null,
'enabled' => $this->enabled, 'enabled' => $this->enabled,
'form' => $this->form, 'form' => $this->form,
'redirect' => null, 'redirect' => null,
'password_reset' => false,
]); ]);
} catch (\Exception $e) { } catch (\Exception $e) {
return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>'; return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';
......
<?php
namespace UnicaenAuth\View\Helper;
use Zend\Form\Form;
use Zend\View\Helper\AbstractHelper;
use Zend\View\Renderer\PhpRenderer;
use Zend\View\Resolver\TemplatePathStack;
/**
* Aide de vue dessinant le formulaire d'authentification locale,
* si l'authentification locale est activée.
*
* @method PhpRenderer getView()
* @author Unicaen
*/
class LocalConnectViewHelper extends AbstractHelper
{
/**
* @var bool
*/
protected $enabled = true;
/**
* @var Form
*/
protected $form;
/**
* @param bool $enabled
* @return $this
*/
public function setEnabled($enabled = true)
{
$this->enabled = $enabled;
return $this;
}
/**
* @param Form $form
* @return $this
*/
public function __invoke(Form $form)
{
$this->form = $form;
$this->getView()->resolver()->attach(
new TemplatePathStack(['script_paths' => [__DIR__ . "/partial"]])
);
return $this;
}
/**
* @return string
*/
public function __toString()
{
if (! $this->enabled) {
return '';
}
try {
return $this->getView()->render("connect", [
'title' => "Avec un compte local",
'enabled' => $this->enabled,
'form' => $this->form,
'redirect' => null,
'password_reset' => true,
]);
} catch (\Exception $e) {
return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';
}
}
}
\ No newline at end of file
<?php
namespace UnicaenAuth\View\Helper;
use UnicaenAuth\Options\ModuleOptions;
use Zend\View\HelperPluginManager;
class LocalConnectViewHelperFactory
{
/**
* @param HelperPluginManager $hpm
* @return LocalConnectViewHelper
*/
public function __invoke(HelperPluginManager $hpm)
{
/** @var ModuleOptions $moduleOptions */
$moduleOptions = $hpm->getServiceLocator()->get('unicaen-auth_module_options');
$config = $moduleOptions->getLocal();
$enabled = isset($config['enabled']) && (bool) $config['enabled'];
$helper = new LocalConnectViewHelper();
$helper->setEnabled($enabled);
return $helper;
}
}
\ No newline at end of file
...@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper ...@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper
$shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true); $shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true);
return <<<EOS return <<<EOS
Se connecter via la <h3 class="connect-title">Via la fédération d'identité</h3>
<a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a> <a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a>
EOS; EOS;
} }
......
...@@ -5,22 +5,30 @@ use Zend\Form\Form; ...@@ -5,22 +5,30 @@ use Zend\Form\Form;
/** /**
* @var bool $enabled * @var bool $enabled
* @var Form $form * @var Form $form
* @var string $title
* @var string $redirect * @var string $redirect
*/ */
?> ?>
<?php if ($title): ?>
<h3 class="connect-title">
<?php echo $title ?>
</h3>
<?php endif ?>
<?php echo $this->form()->openTag($form) ?> <?php echo $this->form()->openTag($form) ?>
<?php if (($errors = $this->formErrors($form))): ?> <?php if (($errors = $this->formErrors($form))): ?>
<p><?php echo $errors ?></p> <p><?php echo $errors ?></p>
<?php endif ?> <?php endif ?>
<p> <p class="connect-identity">
<?php <?php
$identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']); $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity); echo $this->formLabel($identity);
echo $this->formInput($identity); echo $this->formInput($identity);
?> ?>
</p> </p>
<p> <p class="connect-credentials">
<?php <?php
$identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']); $identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity); echo $this->formLabel($identity);
...@@ -30,7 +38,9 @@ use Zend\Form\Form; ...@@ -30,7 +38,9 @@ use Zend\Form\Form;
<?php if ($redirect): ?> <?php if ($redirect): ?>
<input type="hidden" name="redirect" value="<?php echo $redirect ?>"/> <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
<?php endif ?> <?php endif ?>
<p>
<p class="connect-submit">
<?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?> <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
</p> </p>
<?php echo $this->form()->closeTag() ?> <?php echo $this->form()->closeTag() ?>
<?php
use Zend\Form\Form;
/**
* @var bool $enabled
* @var Form $form
* @var string $title
* @var string $redirect
*/
?>
<?php if ($title): ?>
<h3 class="password-reset-title">
<?php echo $title ?>
</h3>
<?php endif ?>
<?php echo $this->form()->openTag($form) ?>
<?php if (($errors = $this->formErrors($form))): ?>
<p><?php echo $errors ?></p>
<?php endif ?>
<p class="password-reset-identity">
<?php
$identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
echo $this->formLabel($identity);
echo $this->formInput($identity);
?>
</p>
<?php if ($redirect): ?>
<input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
<?php endif ?>
<p class="password-reset-submit">
<?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
</p>
<?php echo $this->form()->closeTag() ?>
<?php $this->headTitle("Connexion") ?> <?php
/**
* @var PhpRenderer $this
*
* @method LocalConnectViewHelper localConnect()
* @method LdapConnectViewHelper ldapConnect()
* @method ShibConnectViewHelper shibConnect()
*/
use UnicaenAuth\View\Helper\LdapConnectViewHelper;
use UnicaenAuth\View\Helper\LocalConnectViewHelper;
use UnicaenAuth\View\Helper\ShibConnectViewHelper;
use Zend\Form\Form;
use Zend\View\Renderer\PhpRenderer;
$this->headTitle("Connexion") ?>
<?php <?php
/** @var Form $form */
$form = $this->loginForm; $form = $this->loginForm;
$form->prepare(); $form->prepare();
$form->setAttributes([ $form->setAttributes([
...@@ -25,9 +41,10 @@ $form->setAttributes([ ...@@ -25,9 +41,10 @@ $form->setAttributes([
<div class="panel-body"> <div class="panel-body">
<?php <?php
$ldapAuthHtml = (string) $this->ldapConnect($form); $localAuthHtml = (string) $this->localConnect($form);
$shibAuthHtml = (string) $this->shibConnect($form); $ldapAuthHtml = (string) $this->ldapConnect($form);
echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml])); $shibAuthHtml = (string) $this->shibConnect($form);
echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml, $localAuthHtml]));
?> ?>
</div> </div>
</div> </div>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment