Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
lib
unicaen
auth
Commits
fb477fb9
Commit
fb477fb9
authored
Mar 16, 2018
by
Bertrand Gauthier
Browse files
Work in progress
parent
e3e9cf98
Changes
6
Hide whitespace changes
Inline
Side-by-side
Module.php
View file @
fb477fb9
...
...
@@ -2,9 +2,19 @@
namespace
UnicaenAuth
;
use
UnicaenAuth\Authentication\Adapter\Cas
as
CasAdapter
;
use
UnicaenAuth\Options\ModuleOptions
;
use
UnicaenAuth\Service\ShibService
;
use
Zend\EventManager\EventInterface
;
use
Zend\ModuleManager\Feature\AutoloaderProviderInterface
;
use
Zend\ModuleManager\Feature\ConfigProviderInterface
;
use
Zend\ModuleManager\Feature\ServiceProviderInterface
;
use
Zend\Mvc\Router\Http\TreeRouteStack
;
use
Zend\ServiceManager\Exception\ServiceNotFoundException
;
use
Zend\ServiceManager\ServiceLocatorInterface
;
use
Zend\View\Helper\Navigation
;
use
ZfcUser\Form\Login
;
use
ZfcUser\Form\LoginFilter
;
/**
* Point d'entrée du module d'authentification Unicaen.
...
...
@@ -14,7 +24,11 @@ use Zend\ModuleManager\Feature\ServiceProviderInterface;
class
Module
implements
AutoloaderProviderInterface
,
ConfigProviderInterface
,
ServiceProviderInterface
{
/**
*
* @var ModuleOptions
*/
private
$options
;
/**
* @return array
* @see ConfigProviderInterface
*/
...
...
@@ -23,10 +37,7 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
return
include
__DIR__
.
'/config/module.config.php'
;
}
/**
*
* @return array
* @see AutoloaderProviderInterface
*/
...
...
@@ -44,8 +55,6 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
];
}
/**
* This method is called once the MVC bootstrapping is complete,
* after the "loadModule.post" event, once $application->bootstrap() is called.
...
...
@@ -54,9 +63,9 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
*
* @see BootstrapListenerInterface
*/
public
function
onBootstrap
(
\
Zend\EventManager\EventInterface
$e
)
/* @var \Zend\Mvc\MvcEvent $e */
public
function
onBootstrap
(
EventInterface
$e
)
{
/* @var \Zend\Mvc\MvcEvent $e */
$application
=
$e
->
getApplication
();
/* @var $services \Zend\ServiceManager\ServiceManager */
$services
=
$application
->
getServiceManager
();
...
...
@@ -65,63 +74,45 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
try
{
$authorizeService
=
$services
->
get
(
'BjyAuthorize\Service\Authorize'
);
/* @var $authorizeService \BjyAuthorize\Service\Authorize */
\
Zend\View\Helper\
Navigation
::
setDefaultAcl
(
$authorizeService
->
getAcl
());
\
Zend\View\Helper\
Navigation
::
setDefaultRole
(
$authorizeService
->
getIdentity
());
}
catch
(
\
Zend\ServiceManager\Exception\
ServiceNotFoundException
$snfe
)
{
Navigation
::
setDefaultAcl
(
$authorizeService
->
getAcl
());
Navigation
::
setDefaultRole
(
$authorizeService
->
getIdentity
());
}
catch
(
ServiceNotFoundException
$snfe
)
{
// pas de module BjyAuthorize : pas d'ACL
}
/* @var $options
Options\
ModuleOptions */
$options
=
$services
->
get
(
'unicaen-auth_module_options'
);
/* @var $options ModuleOptions */
$
this
->
options
=
$services
->
get
(
'unicaen-auth_module_options'
);
// si l'auth CAS est demandée, modif de la route de connexion pour zapper le formulaire
if
(
$options
->
getCas
()
&&
php_sapi_name
()
!==
'cli'
)
{
/* @var $router \Zend\Mvc\Router\Http\TreeRouteStack */
$router
=
$services
->
get
(
'router'
);
$router
->
addRoutes
([
// remplace les routes existantes (cf. config du module)
'zfcuser'
=>
[
'type'
=>
'Literal'
,
'priority'
=>
1000
,
'options'
=>
[
'route'
=>
'/auth'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'index'
,
],
],
'may_terminate'
=>
true
,
'child_routes'
=>
[
'login'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/connexion'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'authenticate'
,
// zappe l'action 'login'
],
],
],
'logout'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/deconnexion'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'logout'
,
],
],
],
],
],
]);
}
$this
->
reconfigureRoutesForAuth
(
$services
);
}
/**
* @param ServiceLocatorInterface $sl
*/
private
function
reconfigureRoutesForAuth
(
ServiceLocatorInterface
$sl
)
{
/* @var $router \Zend\Mvc\Router\Http\TreeRouteStack */
$router
=
$sl
->
get
(
'router'
);
// si l'auth CAS est activée, modif de la route de connexion pour zapper le formulaire d'auth maison.
$isCasEnable
=
(
bool
)
$this
->
options
->
getCas
();
if
(
$isCasEnable
&&
php_sapi_name
()
!==
'cli'
)
{
/** @var CasAdapter $casAdapter */
$casAdapter
=
$sl
->
get
(
'UnicaenAuth\Authentication\Adapter\Cas'
);
$casAdapter
->
reconfigureRoutesForCasAuth
(
$router
);
}
// si l'auth Shibboleth est activée, modif de la route de déconnexion pour réaliser la déconnexion Shibboleth.
$shibOptions
=
$this
->
options
->
getShibboleth
();
$isShibEnable
=
array_key_exists
(
'enable'
,
$shibOptions
)
&&
(
bool
)
$shibOptions
[
'enable'
];
if
(
$isShibEnable
&&
php_sapi_name
()
!==
'cli'
)
{
/** @var ShibService $shibService */
$shibService
=
$sl
->
get
(
ShibService
::
class
);
$shibService
->
reconfigureRoutesForShibAuth
(
$router
);
}
}
/**
*
* @return array
* @see ServiceProviderInterface
*/
...
...
@@ -132,8 +123,8 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
// verrue pour forcer le label de l'identifiant qqsoit l'options 'auth_identity_fields'
'zfcuser_login_form'
=>
function
(
$sm
)
{
$options
=
$sm
->
get
(
'zfcuser_module_options'
);
$form
=
new
\
ZfcUser\Form\
Login
(
null
,
$options
);
$form
->
setInputFilter
(
new
\
ZfcUser\Form\
LoginFilter
(
$options
));
$form
=
new
Login
(
null
,
$options
);
$form
->
setInputFilter
(
new
LoginFilter
(
$options
));
$form
->
get
(
'identity'
)
->
setLabel
(
"Username"
);
return
$form
;
...
...
src/UnicaenAuth/Authentication/Adapter/Cas.php
View file @
fb477fb9
...
...
@@ -9,6 +9,7 @@ use Zend\Authentication\Result as AuthenticationResult;
use
Zend\EventManager\EventManager
;
use
Zend\EventManager\EventManagerAwareInterface
;
use
Zend\EventManager\EventManagerInterface
;
use
Zend\Mvc\Router\Http\TreeRouteStack
;
use
Zend\ServiceManager\ServiceManager
;
use
Zend\ServiceManager\ServiceManagerAwareInterface
;
use
ZfcUser\Authentication\Adapter\AbstractAdapter
;
...
...
@@ -230,4 +231,48 @@ class Cas extends AbstractAdapter implements ServiceManagerAwareInterface, Event
$this
->
eventManager
=
$eventManager
;
return
$this
;
}
/**
* @param TreeRouteStack $router
*/
public
function
reconfigureRoutesForCasAuth
(
TreeRouteStack
$router
)
{
$router
->
addRoutes
([
// remplace les routes existantes (cf. config du module)
'zfcuser'
=>
[
'type'
=>
'Literal'
,
'priority'
=>
1000
,
'options'
=>
[
'route'
=>
'/auth'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'index'
,
],
],
'may_terminate'
=>
true
,
'child_routes'
=>
[
'login'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/connexion'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'authenticate'
,
// zappe l'action 'login'
],
],
],
'logout'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/deconnexion'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'logout'
,
],
],
],
],
],
]);
}
}
\ No newline at end of file
src/UnicaenAuth/Controller/AuthController.php
View file @
fb477fb9
...
...
@@ -9,10 +9,12 @@ use Zend\Authentication\AuthenticationService;
use
Zend\Authentication\Exception\ExceptionInterface
;
use
Zend\Http\Response
;
use
Zend\Mvc\Controller\AbstractActionController
;
use
ZfcUser\Controller\Plugin\ZfcUserAuthentication
;
/**
* Classe ajoutée lors de l'implémentation de l'auth Shibboleth.
*
* @method ZfcUserAuthentication zfcUserAuthentication()
* @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
*/
class
AuthController
extends
AbstractActionController
...
...
@@ -25,10 +27,28 @@ class AuthController extends AbstractActionController
*/
public
function
shibbolethAction
()
{
$operation
=
$this
->
params
()
->
fromRoute
(
'operation'
);
if
(
$operation
===
'deconnexion'
)
{
// déconnexion applicative quoiqu'il arrive
$this
->
zfcUserAuthentication
()
->
getAuthAdapter
()
->
resetAdapters
();
$this
->
zfcUserAuthentication
()
->
getAuthAdapter
()
->
logoutAdapters
();
$this
->
zfcUserAuthentication
()
->
getAuthService
()
->
clearIdentity
();
// déconnexion Shibboleth le cas échéant
if
(
$this
->
shibService
->
isShibbolethEnable
())
{
$homeUrl
=
$this
->
url
()
->
fromRoute
(
'home'
,
[],
[
'force_canonical'
=>
true
]);
$returnAbsoluteUrl
=
$this
->
params
()
->
fromQuery
(
'return'
,
$homeUrl
);
return
$this
->
redirect
()
->
toUrl
(
$this
->
shibService
->
getLogoutUrl
(
$returnAbsoluteUrl
));
}
else
{
return
[];
// une page d'aide s'affichera
}
}
$shibUser
=
$this
->
shibService
->
getAuthenticatedUser
();
if
(
$shibUser
===
null
)
{
return
[];
//
la
page d'aide s'affiche
return
[];
//
une
page d'aide s'affiche
ra
}
/** @var AuthenticationService $authService */
...
...
@@ -45,4 +65,9 @@ class AuthController extends AbstractActionController
return
$this
->
redirect
()
->
toUrl
(
$redirectUrl
);
}
public
function
shibboleth
()
{
}
}
\ No newline at end of file
src/UnicaenAuth/Service/ShibService.php
View file @
fb477fb9
...
...
@@ -5,6 +5,7 @@ namespace UnicaenAuth\Service;
use
UnicaenApp\Exception\RuntimeException
;
use
UnicaenAuth\Entity\Shibboleth\ShibUser
;
use
UnicaenAuth\Options\ModuleOptions
;
use
Zend\Mvc\Router\Http\TreeRouteStack
;
/**
* Shibboleth service
...
...
@@ -102,6 +103,23 @@ EOS;
return
$shibUser
;
}
/**
* Retourne l'URL de déconnexion Shibboleth.
*
* @param string $returnAbsoluteUrl Eventuelle URL *absolue* de retour après déconnexion
* @return string
*/
public
function
getLogoutUrl
(
$returnAbsoluteUrl
=
null
)
{
$logoutRelativeUrl
=
'/Shibboleth.sso/Logout?return='
;
// NB: '?return=' semble obligatoire!
if
(
$returnAbsoluteUrl
)
{
$logoutRelativeUrl
.
=
urlencode
(
$returnAbsoluteUrl
);
}
return
$logoutRelativeUrl
;
}
/**
* @param ModuleOptions $options
*/
...
...
@@ -109,4 +127,49 @@ EOS;
{
$this
->
options
=
$options
;
}
/**
* @param TreeRouteStack $router
*/
public
function
reconfigureRoutesForShibAuth
(
TreeRouteStack
$router
)
{
$router
->
addRoutes
([
// remplace les routes existantes (cf. config du module)
'zfcuser'
=>
[
'type'
=>
'Literal'
,
'priority'
=>
1000
,
'options'
=>
[
'route'
=>
'/auth'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'action'
=>
'index'
,
],
],
'may_terminate'
=>
true
,
'child_routes'
=>
[
'login'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/connexion'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
// NB: lorsque l'auth Shibboleth est activée, la page propose
'action'
=>
'login'
,
// 2 possibilités d'auth : LDAP et Shibboleth.
],
],
],
'logout'
=>
[
'type'
=>
'Segment'
,
'options'
=>
[
'route'
=>
'/:operation/shibboleth/'
,
'defaults'
=>
[
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
'action'
=>
'shibboleth'
,
'operation'
=>
'deconnexion'
],
],
],
],
],
]);
}
}
\ No newline at end of file
src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php
View file @
fb477fb9
...
...
@@ -41,7 +41,8 @@ class ShibConnectViewHelper extends AbstractHelper
$shibUrl
=
$this
->
getView
()
->
url
(
'auth/shibboleth'
,
[],
[
'query'
=>
$this
->
getView
()
->
queryParams
()],
true
);
return
<<<EOS
<a href="$shibUrl" class="btn btn-info btn-lg">Se connecter via la fédération d'identité</a>
Se connecter plutôt avec la
<a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a>
EOS;
}
}
\ No newline at end of file
view/zfc-user/user/login.phtml
View file @
fb477fb9
...
...
@@ -11,51 +11,61 @@ $form->setAttributes([
?>
<style>
#div-connexion
{
max-width
:
350px
;
margin
:
auto
;
}
.div-connexion
{
max-width
:
350px
;
margin
:
auto
auto
30px
;
}
.div-connexion
h2
{
margin
:
0
;
}
.div-connexion
.btn-primary
{
margin
:
10px
0
;
}
.div-connexion
.btn-success
{
margin
:
10px
0
;
display
:
inline-block
;
}
</style>
<div
id
=
"div-connexion"
>
<div
class
=
"div-connexion
panel panel-primary
"
>
<h1
class=
"page-header"
>
<?php
echo
$this
->
translate
(
"Connexion"
);
?>
</h1>
<div
class=
"panel-heading"
>
<h2>
<?php
echo
$this
->
translate
(
"Connexion"
);
?>
</h2>
</div>
<?php
echo
$this
->
form
()
->
openTag
(
$form
)
?>
<div
class=
"panel-body"
>
<?php
echo
$this
->
form
()
->
openTag
(
$form
)
?>
<?php
if
((
$errors
=
$this
->
formErrors
(
$this
->
loginForm
)))
:
?>
<p>
<?php
echo
$errors
?>
</p>
<?php
endif
?>
<p>
<?php
$identity
=
$form
->
get
(
$name
=
'identity'
)
->
setAttributes
([
'id'
=>
$name
,
'class'
=>
'form-control'
]);
echo
$this
->
formLabel
(
$identity
);
echo
$this
->
formInput
(
$identity
);
?>
</p>
<p>
<?php
$identity
=
$form
->
get
(
$name
=
'credential'
)
->
setAttributes
([
'id'
=>
$name
,
'class'
=>
'form-control'
]);
echo
$this
->
formLabel
(
$identity
);
echo
$this
->
formInput
(
$identity
);
?>
</p>
<?php
if
(
$this
->
redirect
)
:
?>
<input
type=
"hidden"
name=
"redirect"
value=
"
<?php
echo
$this
->
redirect
?>
"
/>
<?php
endif
?>
<p>
<?php
echo
$this
->
formButton
(
$form
->
get
(
'submit'
)
->
setAttribute
(
'class'
,
'btn btn-primary'
))
?>
</p>
<?php
echo
$this
->
form
()
->
closeTag
()
?>
<?php
if
((
$errors
=
$this
->
formErrors
(
$this
->
loginForm
)))
:
?>
<p>
<?php
echo
$errors
?>
</p>
<?php
endif
?>
<hr>
<p>
<?php
$identity
=
$form
->
get
(
$name
=
'identity'
)
->
setAttributes
([
'id'
=>
$name
,
'class'
=>
'form-control'
]);
echo
$this
->
formLabel
(
$identity
);
echo
$this
->
formInput
(
$identity
);
?>
</p>
<p>
<?php
$identity
=
$form
->
get
(
$name
=
'credential'
)
->
setAttributes
([
'id'
=>
$name
,
'class'
=>
'form-control'
]);
echo
$this
->
formLabel
(
$identity
);
echo
$this
->
formInput
(
$identity
);
?>
</p>
<?php
if
(
$this
->
redirect
)
:
?>
<input
type=
"hidden"
name=
"redirect"
value=
"
<?php
echo
$this
->
redirect
?>
"
/>
<?php
endif
?>
<p>
<?php
echo
$this
->
formButton
(
$form
->
get
(
'submit'
)
->
setAttribute
(
'class'
,
'btn btn-primary btn-block'
))
?>
</p>
<!-- Connexion Shibboleth (si activée) -->
<?php
echo
$this
->
shibConnect
()
?>
</div>
</div>
<?php
echo
$this
->
form
()
->
closeTag
()
?>
<!-- Bouton de connexion Shibboleth -->
<?php
echo
$this
->
shibConnect
()
?>
<!-- Création d'un compte local (si autorisée) -->
<?php
if
(
$this
->
enableRegistration
)
:
?>
<div
id=
"div-connexion"
class=
"panel panel-primary"
>
<?php
echo
$this
->
translate
(
"Not registered?"
);
?>
<a
href=
"
<?php
echo
$this
->
url
(
'zfcuser/register'
)
.
(
$this
->
redirect
?
'?redirect='
.
$this
->
redirect
:
''
)
?>
"
>
<?php
echo
$this
->
translate
(
"Sign up!"
);
?>
</a>
</div>
<?php
endif
;
?>
<?php
if
(
$this
->
enableRegistration
)
:
?>
<?php
echo
$this
->
translate
(
"Not registered?"
);
?>
<a
href=
"
<?php
echo
$this
->
url
(
'zfcuser/register'
)
.
(
$this
->
redirect
?
'?redirect='
.
$this
->
redirect
:
''
)
?>
"
>
<?php
echo
$this
->
translate
(
"Sign up!"
);
?>
</a>
<?php
endif
;
?>
</div>
<script
type=
"text/javascript"
>
// focus sur le 1er champ vide
$
(
"
input
"
).
filter
(
function
()
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment