diff --git a/config/module.config.php b/config/module.config.php index 35964316df3aeb5f0eb530fa9b6030feffe6d9d4..67fc8863ca698882a4bd9d6cfa7ae0777b802717 100644 --- a/config/module.config.php +++ b/config/module.config.php @@ -1,15 +1,26 @@ <?php -use UnicaenAuth\Authentication\Adapter\ShibSimulatorAdapter; use UnicaenAuth\Authentication\Storage\ShibSimulatorStorage; use UnicaenAuth\Controller\AuthControllerFactory; use UnicaenAuth\Service\ShibService; use UnicaenAuth\Service\ShibServiceFactory; use UnicaenAuth\Service\UserContextFactory; +use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory; use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory; use UnicaenAuth\View\Helper\UserUsurpationHelperFactory; $settings = [ + + /** + * Configuration de l'authentification LDAP. + */ + 'ldap' => [ + /** + * Possibilité ou non de s'authentifier via l'annuaire LDAP. + */ + 'enabled' => true, + ], + /** * Fournisseurs d'identité. */ @@ -442,6 +453,7 @@ return [ 'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory', 'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory', 'userUsurpation' => UserUsurpationHelperFactory::class, + 'ldapConnect' => LdapConnectViewHelperFactory::class, 'shibConnect' => ShibConnectViewHelperFactory::class, ], 'invokables' => [ diff --git a/config/unicaen-auth.global.php.dist b/config/unicaen-auth.global.php.dist index b92e8cad1f7755c1894e4db12288a30668e3cc27..a7033382608692774da0acab779d4a7fdfd69aff 100644 --- a/config/unicaen-auth.global.php.dist +++ b/config/unicaen-auth.global.php.dist @@ -6,6 +6,17 @@ * drop this config file in it and change the values as you wish. */ $settings = [ + + /** + * Configuration de l'authentification LDAP. + */ + 'ldap' => [ + /** + * Possibilité ou non de s'authentifier via l'annuaire LDAP. + */ + 'enabled' => true, + ], + /** * Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit * être enregistré/mis à jour dans la table des utilisateurs de l'appli. @@ -25,6 +36,7 @@ $settings = [ $config = [ 'unicaen-auth' => $settings, + 'bjyauthorize' => [ /* this module uses a meta-role that inherits from any roles that should * be applied to the active user. the identity provider tells us which @@ -54,6 +66,7 @@ $config = [ 'UnicaenAuth\Provider\Role\Username' => [], ], ], + 'zfcuser' => [ /** * Classe de l'entité représentant un utilisateur authentifiable. diff --git a/config/unicaen-auth.local.php.dist b/config/unicaen-auth.local.php.dist index 8cecd5de4426a9112b652beb74c454e0e88c31fe..0c3826e4389948b413566a9e6daac8f09fb1b38a 100644 --- a/config/unicaen-auth.local.php.dist +++ b/config/unicaen-auth.local.php.dist @@ -1,45 +1,53 @@ <?php -/** - * Configuration locale du module UnicaenAuth. - * - * If you have a ./config/autoload/ directory set up for your project, you can - * drop this config file in it and change the values as you wish. - */ -$settings = [ - /** - * Activation ou non de l'authentification Shibboleth. - */ - 'shibboleth' => [ - 'enable' => false, - ], - /** - * Paramètres de connexion au serveur CAS : - * - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide. - * - pour l'activer, renseigner les paramètres. - */ - 'cas' => [ -// 'connection' => array( -// 'default' => array( -// 'params' => array( -// 'hostname' => 'cas.unicaen.fr', -// 'port' => 443, -// 'version' => "2.0", -// 'uri' => "", -// 'debug' => false, -// ), -// ), -// ), - ], - /** - * Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité. - * NB: à réserver exclusivement aux tests. - */ -// 'usurpation_allowed_usernames' => array(), -]; -/** - * You do not need to edit below this line - */ return [ - 'unicaen-auth' => $settings, -]; \ No newline at end of file + 'unicaen-auth' => [ + + /** + * Configuration de l'authentification Shibboleth. + */ + 'shibboleth' => [ + 'enable' => false, + 'simulate' => [ + 'eppn' => 'gauthierb@unicaen.fr', + 'supannEmpId' => '00021237', + ], + 'aliases' => [ + 'eppn' => 'HTTP_EPPN', + 'mail' => 'HTTP_MAIL', + 'eduPersonPrincipalName' => 'HTTP_EPPN', + 'supannEtuId' => 'HTTP_SUPANNETUID', + 'supannEmpId' => 'HTTP_SUPANNEMPID', + 'supannCivilite' => 'HTTP_SUPANNCIVILITE', + 'displayName' => 'HTTP_DISPLAYNAME', + 'sn' => 'HTTP_SN', + 'givenName' => 'HTTP_GIVENNAME', + ], + ], + + /** + * Paramètres de connexion au serveur CAS : + * - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide. + * - pour l'activer, renseigner les paramètres. + */ + 'cas' => [ + 'connection' => [ + 'default' => [ + 'params' => [ + 'hostname' => 'cas.unicaen.fr', + 'port' => 443, + 'version' => "2.0", + 'uri' => "", + 'debug' => false, + ], + ], + ], + ], + + /** + * Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité. + * NB: à réserver exclusivement aux tests. + */ + 'usurpation_allowed_usernames' => [], + ], +]; diff --git a/src/UnicaenAuth/Options/ModuleOptions.php b/src/UnicaenAuth/Options/ModuleOptions.php index 0ce96ee961de6ca1cd6b6252199505f3759519c4..7939d37cb4ca47550e4ba2d38ca1a4c93a9cb175 100644 --- a/src/UnicaenAuth/Options/ModuleOptions.php +++ b/src/UnicaenAuth/Options/ModuleOptions.php @@ -9,6 +9,13 @@ namespace UnicaenAuth\Options; */ class ModuleOptions extends \ZfcUser\Options\ModuleOptions { + /** + * Paramètres concernant l'authentification LDAP. + * + * @var array + */ + protected $ldap = []; + /** * @var array */ @@ -39,6 +46,29 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions */ protected $entityManagerName = 'doctrine.entitymanager.orm_default'; + /** + * Retourne les paramètres concernant l'authentification LDAP. + * + * @return array + */ + public function getLdap() + { + return $this->ldap; + } + + /** + * Spécifie les paramètres concernant l'authentification LDAP. + * + * @param array $ldap + * @return self + */ + public function setLdap(array $ldap) + { + $this->ldap = $ldap; + + return $this; + } + /** * set usernames allowed to make usurpation * @@ -89,8 +119,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions return $this->saveLdapUserInDatabase; } - - /** * @return string */ @@ -99,8 +127,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions return $this->ldapUsername; } - - /** * @param string $ldapUsername * @@ -113,8 +139,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions return $this; } - - /** * set cas connection params * diff --git a/src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php b/src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php new file mode 100644 index 0000000000000000000000000000000000000000..f6c8050eb4589eb52a31a4a1d6ee8a0cbdeb39fa --- /dev/null +++ b/src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php @@ -0,0 +1,73 @@ +<?php + +namespace UnicaenAuth\View\Helper; + +use Zend\Form\Form; +use Zend\View\Helper\AbstractHelper; +use Zend\View\Renderer\PhpRenderer; +use Zend\View\Resolver\TemplatePathStack; + +/** + * Aide de vue dessinant le formulaire d'authentification LDAP, + * si l'authentification LDAP est activée. + * + * @method PhpRenderer getView() + * @author Unicaen + */ +class LdapConnectViewHelper extends AbstractHelper +{ + /** + * @var bool + */ + protected $enabled = true; + + /** + * @var Form + */ + protected $form; + + /** + * @param bool $enabled + * @return $this + */ + public function setEnabled($enabled = true) + { + $this->enabled = $enabled; + + return $this; + } + + /** + * @param Form $form + * @return $this + */ + public function __invoke(Form $form) + { + $this->form = $form; + + $this->getView()->resolver()->attach( + new TemplatePathStack(['script_paths' => [__DIR__ . "/partial"]]) + ); + + return $this; + } + + /** + * @return string + */ + public function __toString() + { + if (! $this->enabled) { + return ''; + } + + try { + return $this->getView()->render("ldap-connect", [ + 'enabled' => $this->enabled, + 'form' => $this->form, + ]); + } catch (\Exception $e) { + return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>'; + } + } +} \ No newline at end of file diff --git a/src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php b/src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php new file mode 100644 index 0000000000000000000000000000000000000000..71717d22997a8fbcde97b7d898b11c6dfc020354 --- /dev/null +++ b/src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php @@ -0,0 +1,27 @@ +<?php + +namespace UnicaenAuth\View\Helper; + +use UnicaenAuth\Options\ModuleOptions; +use Zend\View\HelperPluginManager; + +class LdapConnectViewHelperFactory +{ + /** + * @param HelperPluginManager $hpm + * @return LdapConnectViewHelper + */ + public function __invoke(HelperPluginManager $hpm) + { + /** @var ModuleOptions $moduleOptions */ + $moduleOptions = $hpm->getServiceLocator()->get('unicaen-auth_module_options'); + $ldapArrayConfig = $moduleOptions->getLdap(); + + $ldapEnabled = isset($ldapArrayConfig['enabled']) && (bool) $ldapArrayConfig['enabled']; + + $helper = new LdapConnectViewHelper(); + $helper->setEnabled($ldapEnabled); + + return $helper; + } +} \ No newline at end of file diff --git a/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php b/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php index 477ddf603ee7843c61482db6866c86fcda1fa64c..9a9751ee7c5399cae7a5bcceedbe3b662c0f3e33 100644 --- a/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php +++ b/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php @@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper $shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true); return <<<EOS -Se connecter plutôt avec la +Se connecter via la <a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a> EOS; } diff --git a/src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml b/src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml new file mode 100644 index 0000000000000000000000000000000000000000..6fc01da6751e29fba39050bf5bb7237498f7ba56 --- /dev/null +++ b/src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml @@ -0,0 +1,36 @@ +<?php + +use Zend\Form\Form; + +/** + * @var bool $enabled + * @var Form $form + * @var string $redirect + */ +?> + +<?php echo $this->form()->openTag($form) ?> +<?php if (($errors = $this->formErrors($form))): ?> + <p><?php echo $errors ?></p> +<?php endif ?> +<p> + <?php + $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']); + echo $this->formLabel($identity); + echo $this->formInput($identity); + ?> +</p> +<p> + <?php + $identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']); + echo $this->formLabel($identity); + echo $this->formInput($identity); + ?> +</p> +<?php if ($redirect): ?> + <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/> +<?php endif ?> +<p> + <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?> +</p> +<?php echo $this->form()->closeTag() ?> diff --git a/view/zfc-user/user/login.phtml b/view/zfc-user/user/login.phtml index 99a0546c7f235a2aebfc0a601e23d512d1d5d9c8..51ba37390a0dcb801c09daf49fd39697c1cbd45a 100644 --- a/view/zfc-user/user/login.phtml +++ b/view/zfc-user/user/login.phtml @@ -24,36 +24,11 @@ $form->setAttributes([ </div> <div class="panel-body"> - <?php echo $this->form()->openTag($form) ?> - <?php if (($errors = $this->formErrors($this->loginForm))): ?> - <p><?php echo $errors ?></p> - <?php endif ?> - <p> - <?php - $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']); - echo $this->formLabel($identity); - echo $this->formInput($identity); - ?> - </p> - <p> - <?php - $identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']); - echo $this->formLabel($identity); - echo $this->formInput($identity); - ?> - </p> - <?php if ($this->redirect): ?> - <input type="hidden" name="redirect" value="<?php echo $this->redirect ?>" /> - <?php endif ?> - <p> - <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?> - </p> - <?php echo $this->form()->closeTag() ?> - - <hr> - - <!-- Connexion Shibboleth (si activée) --> - <?php echo $this->shibConnect() ?> + <?php + $ldapAuthHtml = (string) $this->ldapConnect($form); + $shibAuthHtml = (string) $this->shibConnect($form); + echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml])); + ?> </div> </div>