Support de l'authentification locale.

config/module.config.php

@@ -6,11 +6,22 @@ use UnicaenAuth\Service\ShibService;
 use UnicaenAuth\Service\ShibServiceFactory;
 use UnicaenAuth\Service\UserContextFactory;
 use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
+use UnicaenAuth\View\Helper\LocalConnectViewHelperFactory;
 use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
 use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;
 
 $settings = [
 
+    /**
+     * Configuration de l'authentification locale.
+     */
+    'local' => [
+        /**
+         * Possibilité ou non de s'authentifier à l'aide d'un compte local.
+         */
+        'enabled' => true,
+    ],
+
     /**
      * Configuration de l'authentification LDAP.
      */
@@ -453,6 +464,7 @@ return [
             'userProfileSelect'          => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
             'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
             'userUsurpation'             => UserUsurpationHelperFactory::class,
+            'localConnect'               => LocalConnectViewHelperFactory::class,
             'ldapConnect'                => LdapConnectViewHelperFactory::class,
             'shibConnect'                => ShibConnectViewHelperFactory::class,
         ],

config/unicaen-auth.global.php.dist

@@ -7,6 +7,16 @@
  */
 $settings = [
 
+    /**
+     * Configuration de l'authentification locale.
+     */
+    'local' => [
+        /**
+         * Possibilité ou non de s'authentifier à l'aide d'un compte local.
+         */
+        'enabled' => true,
+    ],
+
     /**
      * Configuration de l'authentification LDAP.
      */

src/UnicaenAuth/Controller/AuthController.php

@@ -107,4 +107,26 @@ class AuthController extends AbstractActionController
             throw new RuntimeException("Impossible d'écrire dans le storage");
         }
     }
+
+    public function sendPasswordRenewalMailAction()
+    {
+        // lecture email fourni
+
+        // tester email connu dans table utilisateur
+
+        // générer / enregistrer token dans table utilisateur
+
+        // envoyer mail avec lien/token
+    }
+
+    public function changePasswordAction()
+    {
+        // lecture token fourni
+
+        // test token fourni existe dans table utilisateur
+
+        // afficher formulaire de màj
+
+        // màj password
+    }
 }
\ No newline at end of file

src/UnicaenAuth/Options/ModuleOptions.php

@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options;
  */
 class ModuleOptions extends \ZfcUser\Options\ModuleOptions
 {
+    /**
+     * Paramètres concernant l'authentification locale.
+     *
+     * @var array
+     */
+    protected $local = [];
+
     /**
      * Paramètres concernant l'authentification LDAP.
      *
@@ -46,6 +53,25 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
      */
     protected $entityManagerName = 'doctrine.entitymanager.orm_default';
 
+    /**
+     * @return array
+     */
+    public function getLocal()
+    {
+        return $this->local;
+    }
+
+    /**
+     * @param array $local
+     * @return self
+     */
+    public function setLocal(array $local)
+    {
+        $this->local = $local;
+
+        return $this;
+    }
+
     /**
      * Retourne les paramètres concernant l'authentification LDAP.
      *

src/UnicaenAuth/Service/ShibService.php

@@ -327,6 +327,9 @@ EOS;
         if ($this->getShibbolethSimulate()) {
             return '/';
         }
+        if ($this->getAuthenticatedUser() === null) {
+            return '/';
+        }
 
         $logoutRelativeUrl = '/Shibboleth.sso/Logout?return='; // NB: '?return=' semble obligatoire!
 

src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php

@@ -62,10 +62,12 @@ class LdapConnectViewHelper extends AbstractHelper
         }
 
         try {
-            return $this->getView()->render("ldap-connect", [
+            return $this->getView()->render("connect", [
+                'title' => null,
                 'enabled' => $this->enabled,
                 'form' => $this->form,
                 'redirect' => null,
+                'password_reset' => false,
             ]);
         } catch (\Exception $e) {
             return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';

src/UnicaenAuth/View/Helper/LocalConnectViewHelper.php

+<?php
+
+namespace UnicaenAuth\View\Helper;
+
+use Zend\Form\Form;
+use Zend\View\Helper\AbstractHelper;
+use Zend\View\Renderer\PhpRenderer;
+use Zend\View\Resolver\TemplatePathStack;
+
+/**
+ * Aide de vue dessinant le formulaire d'authentification locale,
+ * si l'authentification locale est activée.
+ *
+ * @method PhpRenderer getView()
+ * @author Unicaen
+ */
+class LocalConnectViewHelper extends AbstractHelper
+{
+    /**
+     * @var bool
+     */
+    protected $enabled = true;
+
+    /**
+     * @var Form
+     */
+    protected $form;
+
+    /**
+     * @param bool $enabled
+     * @return $this
+     */
+    public function setEnabled($enabled = true)
+    {
+        $this->enabled = $enabled;
+
+        return $this;
+    }
+
+    /**
+     * @param Form $form
+     * @return $this
+     */
+    public function __invoke(Form $form)
+    {
+        $this->form = $form;
+
+        $this->getView()->resolver()->attach(
+            new TemplatePathStack(['script_paths' => [__DIR__ . "/partial"]])
+        );
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function __toString()
+    {
+        if (! $this->enabled) {
+            return '';
+        }
+
+        try {
+            return $this->getView()->render("connect", [
+                'title' => "Avec un compte local",
+                'enabled' => $this->enabled,
+                'form' => $this->form,
+                'redirect' => null,
+                'password_reset' => true,
+            ]);
+        } catch (\Exception $e) {
+            return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';
+        }
+    }
+}
\ No newline at end of file

src/UnicaenAuth/View/Helper/LocalConnectViewHelperFactory.php

+<?php
+
+namespace UnicaenAuth\View\Helper;
+
+use UnicaenAuth\Options\ModuleOptions;
+use Zend\View\HelperPluginManager;
+
+class LocalConnectViewHelperFactory
+{
+    /**
+     * @param HelperPluginManager $hpm
+     * @return LocalConnectViewHelper
+     */
+    public function __invoke(HelperPluginManager $hpm)
+    {
+        /** @var ModuleOptions $moduleOptions */
+        $moduleOptions = $hpm->getServiceLocator()->get('unicaen-auth_module_options');
+        $config = $moduleOptions->getLocal();
+
+        $enabled = isset($config['enabled']) && (bool) $config['enabled'];
+
+        $helper = new LocalConnectViewHelper();
+        $helper->setEnabled($enabled);
+
+        return $helper;
+    }
+}
\ No newline at end of file

src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php

@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper
         $shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true);
 
         return <<<EOS
-Se connecter via la 
+<h3 class="connect-title">Via la fédération d'identité</h3> 
 <a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a>
 EOS;
     }

src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml → src/UnicaenAuth/View/Helper/partial/connect.phtml

@@ -5,22 +5,30 @@ use Zend\Form\Form;
 /**
  * @var bool   $enabled
  * @var Form   $form
+ * @var string $title
  * @var string $redirect
  */
 ?>
 
+<?php if ($title): ?>
+    <h3 class="connect-title">
+        <?php echo $title ?>
+    </h3>
+<?php endif ?>
+
 <?php echo $this->form()->openTag($form) ?>
+
 <?php if (($errors = $this->formErrors($form))): ?>
     <p><?php echo $errors ?></p>
 <?php endif ?>
-<p>
+<p class="connect-identity">
     <?php
     $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
     echo $this->formLabel($identity);
     echo $this->formInput($identity);
     ?>
 </p>
-<p>
+<p class="connect-credentials">
     <?php
     $identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
     echo $this->formLabel($identity);
@@ -30,7 +38,9 @@ use Zend\Form\Form;
 <?php if ($redirect): ?>
     <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
 <?php endif ?>
-<p>
+
+<p class="connect-submit">
     <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
 </p>
+
 <?php echo $this->form()->closeTag() ?>

src/UnicaenAuth/View/Helper/partial/reset-password.phtml

+<?php
+
+use Zend\Form\Form;
+
+/**
+ * @var bool   $enabled
+ * @var Form   $form
+ * @var string $title
+ * @var string $redirect
+ */
+?>
+
+<?php if ($title): ?>
+    <h3 class="password-reset-title">
+        <?php echo $title ?>
+    </h3>
+<?php endif ?>
+
+<?php echo $this->form()->openTag($form) ?>
+
+<?php if (($errors = $this->formErrors($form))): ?>
+    <p><?php echo $errors ?></p>
+<?php endif ?>
+<p class="password-reset-identity">
+    <?php
+    $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
+    echo $this->formLabel($identity);
+    echo $this->formInput($identity);
+    ?>
+</p>
+<?php if ($redirect): ?>
+    <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
+<?php endif ?>
+
+<p class="password-reset-submit">
+    <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
+</p>
+
+<?php echo $this->form()->closeTag() ?>

view/zfc-user/user/login.phtml

-<?php $this->headTitle("Connexion") ?>
+<?php
+/**
+ * @var PhpRenderer $this
+ *
+ * @method LocalConnectViewHelper localConnect()
+ * @method LdapConnectViewHelper ldapConnect()
+ * @method ShibConnectViewHelper shibConnect()
+ */
+
+use UnicaenAuth\View\Helper\LdapConnectViewHelper;
+use UnicaenAuth\View\Helper\LocalConnectViewHelper;
+use UnicaenAuth\View\Helper\ShibConnectViewHelper;
+use Zend\Form\Form;
+use Zend\View\Renderer\PhpRenderer;
+
+$this->headTitle("Connexion") ?>
 
 <?php
+/** @var Form $form */
 $form = $this->loginForm;
 $form->prepare();
 $form->setAttributes([
@@ -25,9 +41,10 @@ $form->setAttributes([
 
     <div class="panel-body">
         <?php
+        $localAuthHtml = (string) $this->localConnect($form);
         $ldapAuthHtml  = (string) $this->ldapConnect($form);
         $shibAuthHtml  = (string) $this->shibConnect($form);
-        echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml]));
+        echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml, $localAuthHtml]));
         ?>
     </div>
 </div>