From 6d3ff3d5bad8f3d8be4b82cb40f0bae9c4cfb9c9 Mon Sep 17 00:00:00 2001
From: Bertrand Gauthier <bertrand.gauthier@unicaen.fr>
Date: Fri, 13 Jul 2018 14:57:04 +0200
Subject: [PATCH] =?UTF-8?q?Ajout=20d'une=20option=20de=20config=20d'activa?=
=?UTF-8?q?tion=20ou=20non=20de=20l'auth=20LDAP=20(nouvelle=20cl=C3=A9=20u?=
=?UTF-8?q?nicaen-auth=20>=20ldap=20>=20enabled).=20Pour=20l'instant,=20l'?=
=?UTF-8?q?impact=20est=20juste=20l'affichage=20ou=20pas=20du=20formulaire?=
=?UTF-8?q?=20de=20connexion=20LDAP.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
config/module.config.php | 14 ++-
config/unicaen-auth.global.php.dist | 13 +++
config/unicaen-auth.local.php.dist | 92 ++++++++++---------
src/UnicaenAuth/Options/ModuleOptions.php | 36 ++++++--
.../View/Helper/LdapConnectViewHelper.php | 73 +++++++++++++++
.../Helper/LdapConnectViewHelperFactory.php | 27 ++++++
.../View/Helper/ShibConnectViewHelper.php | 2 +-
.../View/Helper/partial/ldap-connect.phtml | 36 ++++++++
view/zfc-user/user/login.phtml | 35 +------
9 files changed, 248 insertions(+), 80 deletions(-)
create mode 100644 src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php
create mode 100644 src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php
create mode 100644 src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml
diff --git a/config/module.config.php b/config/module.config.php
index 3596431..67fc886 100644
--- a/config/module.config.php
+++ b/config/module.config.php
@@ -1,15 +1,26 @@
<?php
-use UnicaenAuth\Authentication\Adapter\ShibSimulatorAdapter;
use UnicaenAuth\Authentication\Storage\ShibSimulatorStorage;
use UnicaenAuth\Controller\AuthControllerFactory;
use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\ShibServiceFactory;
use UnicaenAuth\Service\UserContextFactory;
+use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
use UnicaenAuth\View\Helper\ShibConnectViewHelperFactory;
use UnicaenAuth\View\Helper\UserUsurpationHelperFactory;
$settings = [
+
+ /**
+ * Configuration de l'authentification LDAP.
+ */
+ 'ldap' => [
+ /**
+ * Possibilité ou non de s'authentifier via l'annuaire LDAP.
+ */
+ 'enabled' => true,
+ ],
+
/**
* Fournisseurs d'identité.
*/
@@ -442,6 +453,7 @@ return [
'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
'userUsurpation' => UserUsurpationHelperFactory::class,
+ 'ldapConnect' => LdapConnectViewHelperFactory::class,
'shibConnect' => ShibConnectViewHelperFactory::class,
],
'invokables' => [
diff --git a/config/unicaen-auth.global.php.dist b/config/unicaen-auth.global.php.dist
index b92e8ca..a703338 100644
--- a/config/unicaen-auth.global.php.dist
+++ b/config/unicaen-auth.global.php.dist
@@ -6,6 +6,17 @@
* drop this config file in it and change the values as you wish.
*/
$settings = [
+
+ /**
+ * Configuration de l'authentification LDAP.
+ */
+ 'ldap' => [
+ /**
+ * Possibilité ou non de s'authentifier via l'annuaire LDAP.
+ */
+ 'enabled' => true,
+ ],
+
/**
* Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit
* être enregistré/mis à jour dans la table des utilisateurs de l'appli.
@@ -25,6 +36,7 @@ $settings = [
$config = [
'unicaen-auth' => $settings,
+
'bjyauthorize' => [
/* this module uses a meta-role that inherits from any roles that should
* be applied to the active user. the identity provider tells us which
@@ -54,6 +66,7 @@ $config = [
'UnicaenAuth\Provider\Role\Username' => [],
],
],
+
'zfcuser' => [
/**
* Classe de l'entité représentant un utilisateur authentifiable.
diff --git a/config/unicaen-auth.local.php.dist b/config/unicaen-auth.local.php.dist
index 8cecd5d..0c3826e 100644
--- a/config/unicaen-auth.local.php.dist
+++ b/config/unicaen-auth.local.php.dist
@@ -1,45 +1,53 @@
<?php
-/**
- * Configuration locale du module UnicaenAuth.
- *
- * If you have a ./config/autoload/ directory set up for your project, you can
- * drop this config file in it and change the values as you wish.
- */
-$settings = [
- /**
- * Activation ou non de l'authentification Shibboleth.
- */
- 'shibboleth' => [
- 'enable' => false,
- ],
- /**
- * Paramètres de connexion au serveur CAS :
- * - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
- * - pour l'activer, renseigner les paramètres.
- */
- 'cas' => [
-// 'connection' => array(
-// 'default' => array(
-// 'params' => array(
-// 'hostname' => 'cas.unicaen.fr',
-// 'port' => 443,
-// 'version' => "2.0",
-// 'uri' => "",
-// 'debug' => false,
-// ),
-// ),
-// ),
- ],
- /**
- * Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité.
- * NB: à réserver exclusivement aux tests.
- */
-// 'usurpation_allowed_usernames' => array(),
-];
-/**
- * You do not need to edit below this line
- */
return [
- 'unicaen-auth' => $settings,
-];
\ No newline at end of file
+ 'unicaen-auth' => [
+
+ /**
+ * Configuration de l'authentification Shibboleth.
+ */
+ 'shibboleth' => [
+ 'enable' => false,
+ 'simulate' => [
+ 'eppn' => 'gauthierb@unicaen.fr',
+ 'supannEmpId' => '00021237',
+ ],
+ 'aliases' => [
+ 'eppn' => 'HTTP_EPPN',
+ 'mail' => 'HTTP_MAIL',
+ 'eduPersonPrincipalName' => 'HTTP_EPPN',
+ 'supannEtuId' => 'HTTP_SUPANNETUID',
+ 'supannEmpId' => 'HTTP_SUPANNEMPID',
+ 'supannCivilite' => 'HTTP_SUPANNCIVILITE',
+ 'displayName' => 'HTTP_DISPLAYNAME',
+ 'sn' => 'HTTP_SN',
+ 'givenName' => 'HTTP_GIVENNAME',
+ ],
+ ],
+
+ /**
+ * Paramètres de connexion au serveur CAS :
+ * - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
+ * - pour l'activer, renseigner les paramètres.
+ */
+ 'cas' => [
+ 'connection' => [
+ 'default' => [
+ 'params' => [
+ 'hostname' => 'cas.unicaen.fr',
+ 'port' => 443,
+ 'version' => "2.0",
+ 'uri' => "",
+ 'debug' => false,
+ ],
+ ],
+ ],
+ ],
+
+ /**
+ * Identifiants de connexion LDAP autorisés à faire de l'usurpation d'identité.
+ * NB: à réserver exclusivement aux tests.
+ */
+ 'usurpation_allowed_usernames' => [],
+ ],
+];
diff --git a/src/UnicaenAuth/Options/ModuleOptions.php b/src/UnicaenAuth/Options/ModuleOptions.php
index 0ce96ee..7939d37 100644
--- a/src/UnicaenAuth/Options/ModuleOptions.php
+++ b/src/UnicaenAuth/Options/ModuleOptions.php
@@ -9,6 +9,13 @@ namespace UnicaenAuth\Options;
*/
class ModuleOptions extends \ZfcUser\Options\ModuleOptions
{
+ /**
+ * Paramètres concernant l'authentification LDAP.
+ *
+ * @var array
+ */
+ protected $ldap = [];
+
/**
* @var array
*/
@@ -39,6 +46,29 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
*/
protected $entityManagerName = 'doctrine.entitymanager.orm_default';
+ /**
+ * Retourne les paramètres concernant l'authentification LDAP.
+ *
+ * @return array
+ */
+ public function getLdap()
+ {
+ return $this->ldap;
+ }
+
+ /**
+ * Spécifie les paramètres concernant l'authentification LDAP.
+ *
+ * @param array $ldap
+ * @return self
+ */
+ public function setLdap(array $ldap)
+ {
+ $this->ldap = $ldap;
+
+ return $this;
+ }
+
/**
* set usernames allowed to make usurpation
*
@@ -89,8 +119,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this->saveLdapUserInDatabase;
}
-
-
/**
* @return string
*/
@@ -99,8 +127,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this->ldapUsername;
}
-
-
/**
* @param string $ldapUsername
*
@@ -113,8 +139,6 @@ class ModuleOptions extends \ZfcUser\Options\ModuleOptions
return $this;
}
-
-
/**
* set cas connection params
*
diff --git a/src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php b/src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php
new file mode 100644
index 0000000..f6c8050
--- /dev/null
+++ b/src/UnicaenAuth/View/Helper/LdapConnectViewHelper.php
@@ -0,0 +1,73 @@
+<?php
+
+namespace UnicaenAuth\View\Helper;
+
+use Zend\Form\Form;
+use Zend\View\Helper\AbstractHelper;
+use Zend\View\Renderer\PhpRenderer;
+use Zend\View\Resolver\TemplatePathStack;
+
+/**
+ * Aide de vue dessinant le formulaire d'authentification LDAP,
+ * si l'authentification LDAP est activée.
+ *
+ * @method PhpRenderer getView()
+ * @author Unicaen
+ */
+class LdapConnectViewHelper extends AbstractHelper
+{
+ /**
+ * @var bool
+ */
+ protected $enabled = true;
+
+ /**
+ * @var Form
+ */
+ protected $form;
+
+ /**
+ * @param bool $enabled
+ * @return $this
+ */
+ public function setEnabled($enabled = true)
+ {
+ $this->enabled = $enabled;
+
+ return $this;
+ }
+
+ /**
+ * @param Form $form
+ * @return $this
+ */
+ public function __invoke(Form $form)
+ {
+ $this->form = $form;
+
+ $this->getView()->resolver()->attach(
+ new TemplatePathStack(['script_paths' => [__DIR__ . "/partial"]])
+ );
+
+ return $this;
+ }
+
+ /**
+ * @return string
+ */
+ public function __toString()
+ {
+ if (! $this->enabled) {
+ return '';
+ }
+
+ try {
+ return $this->getView()->render("ldap-connect", [
+ 'enabled' => $this->enabled,
+ 'form' => $this->form,
+ ]);
+ } catch (\Exception $e) {
+ return '<p>' . $e->getMessage() . '</p><p>' . $e->getTraceAsString() . '</p>';
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php b/src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php
new file mode 100644
index 0000000..71717d2
--- /dev/null
+++ b/src/UnicaenAuth/View/Helper/LdapConnectViewHelperFactory.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace UnicaenAuth\View\Helper;
+
+use UnicaenAuth\Options\ModuleOptions;
+use Zend\View\HelperPluginManager;
+
+class LdapConnectViewHelperFactory
+{
+ /**
+ * @param HelperPluginManager $hpm
+ * @return LdapConnectViewHelper
+ */
+ public function __invoke(HelperPluginManager $hpm)
+ {
+ /** @var ModuleOptions $moduleOptions */
+ $moduleOptions = $hpm->getServiceLocator()->get('unicaen-auth_module_options');
+ $ldapArrayConfig = $moduleOptions->getLdap();
+
+ $ldapEnabled = isset($ldapArrayConfig['enabled']) && (bool) $ldapArrayConfig['enabled'];
+
+ $helper = new LdapConnectViewHelper();
+ $helper->setEnabled($ldapEnabled);
+
+ return $helper;
+ }
+}
\ No newline at end of file
diff --git a/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php b/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php
index 477ddf6..9a9751e 100644
--- a/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php
+++ b/src/UnicaenAuth/View/Helper/ShibConnectViewHelper.php
@@ -41,7 +41,7 @@ class ShibConnectViewHelper extends AbstractHelper
$shibUrl = $this->getView()->url('auth/shibboleth', [], ['query' => $this->getView()->queryParams()], true);
return <<<EOS
-Se connecter plutôt avec la
+Se connecter via la
<a href="$shibUrl" class="btn btn-success btn-lg">Fédération d'identité Renater</a>
EOS;
}
diff --git a/src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml b/src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml
new file mode 100644
index 0000000..6fc01da
--- /dev/null
+++ b/src/UnicaenAuth/View/Helper/partial/ldap-connect.phtml
@@ -0,0 +1,36 @@
+<?php
+
+use Zend\Form\Form;
+
+/**
+ * @var bool $enabled
+ * @var Form $form
+ * @var string $redirect
+ */
+?>
+
+<?php echo $this->form()->openTag($form) ?>
+<?php if (($errors = $this->formErrors($form))): ?>
+ <p><?php echo $errors ?></p>
+<?php endif ?>
+<p>
+ <?php
+ $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
+ echo $this->formLabel($identity);
+ echo $this->formInput($identity);
+ ?>
+</p>
+<p>
+ <?php
+ $identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
+ echo $this->formLabel($identity);
+ echo $this->formInput($identity);
+ ?>
+</p>
+<?php if ($redirect): ?>
+ <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
+<?php endif ?>
+<p>
+ <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
+</p>
+<?php echo $this->form()->closeTag() ?>
diff --git a/view/zfc-user/user/login.phtml b/view/zfc-user/user/login.phtml
index 99a0546..51ba373 100644
--- a/view/zfc-user/user/login.phtml
+++ b/view/zfc-user/user/login.phtml
@@ -24,36 +24,11 @@ $form->setAttributes([
</div>
<div class="panel-body">
- <?php echo $this->form()->openTag($form) ?>
- <?php if (($errors = $this->formErrors($this->loginForm))): ?>
- <p><?php echo $errors ?></p>
- <?php endif ?>
- <p>
- <?php
- $identity = $form->get($name = 'identity')->setAttributes(['id' => $name, 'class' => 'form-control']);
- echo $this->formLabel($identity);
- echo $this->formInput($identity);
- ?>
- </p>
- <p>
- <?php
- $identity = $form->get($name = 'credential')->setAttributes(['id' => $name, 'class' => 'form-control']);
- echo $this->formLabel($identity);
- echo $this->formInput($identity);
- ?>
- </p>
- <?php if ($this->redirect): ?>
- <input type="hidden" name="redirect" value="<?php echo $this->redirect ?>" />
- <?php endif ?>
- <p>
- <?php echo $this->formButton($form->get('submit')->setAttribute('class', 'btn btn-primary')) ?>
- </p>
- <?php echo $this->form()->closeTag() ?>
-
- <hr>
-
- <!-- Connexion Shibboleth (si activée) -->
- <?php echo $this->shibConnect() ?>
+ <?php
+ $ldapAuthHtml = (string) $this->ldapConnect($form);
+ $shibAuthHtml = (string) $this->shibConnect($form);
+ echo implode('<hr>', array_filter([$ldapAuthHtml, $shibAuthHtml]));
+ ?>
</div>
</div>
--
GitLab