Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé...

Ajout d'une option de config d'activation ou non de l'auth LDAP (nouvelle clé unicaen-auth > ldap > enabled). Pour l'instant, l'impact est juste l'affichage ou pas du formulaire de connexion LDAP.

config/module.config.php

 <?php
 
-use UnicaenAuth\Authentication\Adapter\ShibSimulatorAdapter;
 use UnicaenAuth\Authentication\Storage\ShibSimulatorStorage;
 use UnicaenAuth\Controller\AuthControllerFactory;
 use UnicaenAuth\Service\ShibService;
 use UnicaenAuth\Service\ShibServiceFactory;
 use UnicaenAuth\Service\UserContextFactory;
+use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
 use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
 use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;
 
 $settings = [
+
+    /**
+     * Configuration de l'authentification LDAP.
+     */
+    'ldap' => [
+        /**
+         * Possibilité ou non de s'authentifier via l'annuaire LDAP.
+         */
+        'enabled' => true,
+    ],
+
     /**
      * Fournisseurs d'identité.
      */
@@ -442,6 +453,7 @@ return [
             'userProfileSelect'          => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
             'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
             'userUsurpation'             => UserUsurpationHelperFactory::class,
+            'ldapConnect'                => LdapConnectViewHelperFactory::class,
             'shibConnect'                => ShibConnectViewHelperFactory::class,
         ],
         'invokables' => [

config/unicaen-auth.global.php.dist

@@ -6,6 +6,17 @@
  * drop this config file in it and change the values as you wish.
  */
 $settings = [
+
+    /**
+     * Configuration de l'authentification LDAP.
+     */
+    'ldap' => [
+        /**
+         * Possibilité ou non de s'authentifier via l'annuaire LDAP.
+         */
+        'enabled' => true,
+    ],
+
     /**
      * Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit
      * être enregistré/mis à jour dans la table des utilisateurs de l'appli.
@@ -25,6 +36,7 @@ $settings = [
 
 $config = [
     'unicaen-auth' => $settings,
+
     'bjyauthorize' => [
         /* this module uses a meta-role that inherits from any roles that should
          * be applied to the active user. the identity provider tells us which
@@ -54,6 +66,7 @@ $config = [
             'UnicaenAuth\Provider\Role\Username' => [],
         ],
     ],
+
     'zfcuser'      => [
         /**
          * Classe de l'entité représentant un utilisateur authentifiable.

config/unicaen-auth.local.php.dist

 <?php
+
+return [
+    'unicaen-auth' => [
+
         /**
- * Configuration locale du module UnicaenAuth.
- *
- * If you have a ./config/autoload/ directory set up for your project, you can
- * drop this config file in it and change the values as you wish.
- */
-$settings = [
-    /**
-     * Activation ou non de l'authentification Shibboleth.
+         * Configuration de l'authentification Shibboleth.
          */
         'shibboleth' => [
             'enable' => false,
+            'simulate' => [
+                'eppn'        => 'gauthierb@unicaen.fr',
+                'supannEmpId' => '00021237',
             ],
+            'aliases' => [
+                'eppn'                   => 'HTTP_EPPN',
+                'mail'                   => 'HTTP_MAIL',
+                'eduPersonPrincipalName' => 'HTTP_EPPN',
+                'supannEtuId'            => 'HTTP_SUPANNETUID',
+                'supannEmpId'            => 'HTTP_SUPANNEMPID',
+                'supannCivilite'         => 'HTTP_SUPANNCIVILITE',
+                'displayName'            => 'HTTP_DISPLAYNAME',
+                'sn'                     => 'HTTP_SN',
+                'givenName'              => 'HTTP_GIVENNAME',
+            ],
+        ],
+
         /**
          * Paramètres de connexion au serveur CAS :
          * - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
          * - pour l'activer, renseigner les paramètres.
          */
         'cas' => [
-//        'connection' => array(
-//            'default' => array(
-//                'params' => array(
-//                    'hostname' => 'cas.unicaen.fr',
-//                    'port' => 443,
-//                    'version' => "2.0",
-//                    'uri' => "",
-//                    'debug' => false,
-//                ),
-//            ),
-//        ),
+            'connection' => [
+                'default' => [
+                    'params' => [
+                        'hostname' => 'cas.unicaen.fr',
+                        'port'     => 443,
+                        'version'  => "2.0",
+                        'uri'      => "",
+                        'debug'    => false,
+                    ],
                 ],
+            ],
+        ],
+
         /**
          * Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité.
          * NB: à réserver exclusivement aux tests.
          */
-//    'usurpation_allowed_usernames' => array(),
-];
-
-/**
- * You do not need to edit below this line
- */
-return [
-    'unicaen-auth' => $settings,
+        'usurpation_allowed_usernames' => [],
+    ],
 ];

src/UnicaenAuth/Options/ModuleOptions.php

@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options;
  */
 class ModuleOptions extends \ZfcUser\Options\ModuleOptions
 {
+    /**
+     * Paramètres concernant l'authentification LDAP.
+     *
+     * @var array
+     */
+    protected $ldap = [];
+
     /**
      * @var array
      */
@@ -39,6 +46,29 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
      */
     protected $entityManagerName = 'doctrine.entitymanager.orm_default';
 
+    /**
+     * Retourne les paramètres concernant l'authentification LDAP.
+     *
+     * @return array
+     */
+    public function getLdap()
+    {
+        return $this->ldap;
+    }
+
+    /**
+     * Spécifie les paramètres concernant l'authentification LDAP.
+     *
+     * @param array $ldap
+     * @return self
+     */
+    public function setLdap(array $ldap)
+    {
+        $this->ldap = $ldap;
+
+        return $this;
+    }
+
     /**
      * set usernames allowed to make usurpation
      *
@@ -89,8 +119,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
         return $this->saveLdapUserInDatabase;
     }
 
-
-
     /**
      * @return string
      */
@@ -99,8 +127,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
         return $this->ldapUsername;
     }
 
-
-
     /**
      * @param string $ldapUsername
      *
@@ -113,8 +139,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
         return $this;
     }
 
-
-
     /**
      * set cas connection params
      *

src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php

+<?php
+
+namespace UnicaenAuth\View\Helper;
+
+use Zend\Form\Form;
+use Zend\View\Helper\AbstractHelper;
+use Zend\View\Renderer\PhpRenderer;
+use Zend\View\Resolver\TemplatePathStack;
+
+/**
+ * Aide de vue dessinant le formulaire d'authentification LDAP,
+ * si l'authentification LDAP est activée.
+ *
+ * @method PhpRenderer getView()
+ * @author Unicaen
+ */
+class LdapConnectViewHelper extends AbstractHelper
+{
+    /**
+     * @var bool
+     */
+    protected $enabled = true;
+
+    /**
+     * @var Form
+     */
+    protected $form;
+
+    /**
+     * @param bool $enabled
+     * @return $this
+     */
+    public function setEnabled($enabled = true)
+    {
+        $this->enabled = $enabled;
+
+        return $this;
+    }
+
+    /**
+     * @param Form $form
+     * @return $this
+     */
+    public function __invoke(Form $form)
+    {
+        $this->form = $form;
+
+        $this->getView()->resolver()->attach(
+            new TemplatePathStack(['script_paths' => [__DIR__ . "/partial"]])
+        );
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function __toString()
+    {
+        if (! $this->enabled) {
+            return '';
+        }
+
+        try {
+            return $this->getView()->render("ldap-connect", [
+                'enabled' => $this->enabled,
+                'form' => $this->form,
+            ]);
+        } catch (\Exception $e) {
+            return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';
+        }
+    }
+}
\ No newline at end of file

src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php

+<?php
+
+namespace UnicaenAuth\View\Helper;
+
+use UnicaenAuth\Options\ModuleOptions;
+use Zend\View\HelperPluginManager;
+
+class LdapConnectViewHelperFactory
+{
+    /**
+     * @param HelperPluginManager $hpm
+     * @return LdapConnectViewHelper
+     */
+    public function __invoke(HelperPluginManager $hpm)
+    {
+        /** @var ModuleOptions $moduleOptions */
+        $moduleOptions = $hpm->getServiceLocator()->get('unicaen-auth_module_options');
+        $ldapArrayConfig = $moduleOptions->getLdap();
+
+        $ldapEnabled = isset($ldapArrayConfig['enabled']) && (bool) $ldapArrayConfig['enabled'];
+
+        $helper = new LdapConnectViewHelper();
+        $helper->setEnabled($ldapEnabled);
+
+        return $helper;
+    }
+}
\ No newline at end of file

src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php

@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper
         $shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true);
 
         return <<<EOS
-Se connecter plutôt avec la 
+Se connecter via la 
 <a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a>
 EOS;
     }

src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml

+<?php
+
+use Zend\Form\Form;
+
+/**
+ * @var bool   $enabled
+ * @var Form   $form
+ * @var string $redirect
+ */
+?>
+
+<?php echo $this->form()->openTag($form) ?>
+<?php if (($errors = $this->formErrors($form))): ?>
+    <p><?php echo $errors ?></p>
+<?php endif ?>
+<p>
+    <?php
+    $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
+    echo $this->formLabel($identity);
+    echo $this->formInput($identity);
+    ?>
+</p>
+<p>
+    <?php
+    $identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
+    echo $this->formLabel($identity);
+    echo $this->formInput($identity);
+    ?>
+</p>
+<?php if ($redirect): ?>
+    <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
+<?php endif ?>
+<p>
+    <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
+</p>
+<?php echo $this->form()->closeTag() ?>

view/zfc-user/user/login.phtml

@@ -24,36 +24,11 @@ $form->setAttributes([
     </div>
 
     <div class="panel-body">
-        <?php echo $this->form()->openTag($form) ?>
-        <?php if (($errors = $this->formErrors($this->loginForm))): ?>
-            <p><?php echo $errors ?></p>
-        <?php endif ?>
-        <p>
         <?php
-            $identity = $form->get($name     = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
-            echo $this->formLabel($identity);
-            echo $this->formInput($identity);
+        $ldapAuthHtml = (string) $this->ldapConnect($form);
+        $shibAuthHtml = (string) $this->shibConnect($form);
+        echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml]));
         ?>
-        </p>
-        <p>
-            <?php
-            $identity = $form->get($name     = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
-            echo $this->formLabel($identity);
-            echo $this->formInput($identity);
-            ?>
-        </p>
-        <?php if ($this->redirect): ?>
-            <input type="hidden" name="redirect" value="<?php echo $this->redirect ?>" />
-        <?php endif ?>
-        <p>
-            <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
-        </p>
-        <?php echo $this->form()->closeTag() ?>
-
-        <hr>
-
-        <!-- Connexion Shibboleth (si activée) -->
-        <?php echo $this->shibConnect() ?>
     </div>
 </div>