From a5ce48110d97e2a5f67dd1341a42883d430b819d Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Fri, 23 Mar 2018 16:13:40 +0100
Subject: [PATCH 1/6] Adding SSO auth page customisation

---
 dicos/70_lemonldap_ng.xml | 24 ++++++++++++++++++++++++
 tmpl/lemonldap-ng.ini     |  6 +++++-
 tmpl/lmConf-1.js          | 12 +++++++++++-
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml
index 30bea97..9029c86 100644
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@@ -51,11 +51,23 @@
 			<variable name='ssoDebug' type='string' description="Activer le Debug pour la lib php-CAS" mode="expert">
 				<value>non</value>
 			</variable>
+			<variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection">
+				<value>non</value>
+			</variable>
+			<variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe">
+				<value>oui</value>
+			</variable>
+			<variable name='llRegisterAccount' type='oui/non' description="Permettre aux utilisateurs de créer un compte">
+				<value>oui</value>
+			</variable>
+			<variable name='llRegisterDB' type='string' description="Base de comptes pour l'enregistrement"/>
+			<variable name='llRegisterURL' type='string' description="Adresse de l'application de création de compte"/>
 		</family>
         <separators>
 		    <separator name="managerWebName">Configuration DNS</separator>
 		    <separator name="ldapScheme">Configuration LDAP</separator>
 		    <separator name="casAttribute">Configuration CAS</separator>
+		    <separator name="llCheckLogins">Personnalisation de la mire SSO</separator>
 		</separators>
 	</variables>
 	<constraints>
@@ -77,6 +89,9 @@
 		</fill>
 		<check name="valid_enum" target="ldapScheme">
 			<param>['ldaps','ldap']</param>
+        </check>
+		<check name="valid_enum" target="llRegisterDB">
+			<param>['LDAP','Demo','Custom']</param>
         </check>
 		<group master="casAttribute">
 			<slave>casLDAPAttribute</slave>
@@ -88,6 +103,14 @@
 			<target type='family'>LemonLDAP</target>
 			<target type='service_accesslist'>saLemon</target>
 		</condition>
+		<condition name='disabled_if_in' source='llRegisterAccount'>
+			<param>non</param>
+			<target type='variable'>llRegisterDB</target>
+		</condition>
+		<condition name='disabled_if_not_in' source='llRegisterDB'>
+			<param>Custom</param>
+			<target type='variable'>llRegisterURL</target>
+		</condition>
 	</constraints>
 	<help>
 		<variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>
@@ -95,5 +118,6 @@
 		<variable name='authWebName'>Nom DNS de service d'authentification de LemonLDAP::NG ex:auth.cadoles.com</variable>
 		<variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
 		<variable name='nginxBucketSize'>server_names_hash_bucket_size Taille du hash des noms de serveur pour NGINX</variable>
+		<variable name='llCheckLogins'>Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
 	</help>
 </creole>
diff --git a/tmpl/lemonldap-ng.ini b/tmpl/lemonldap-ng.ini
index a1bb9f5..8dda4dd 100644
--- a/tmpl/lemonldap-ng.ini
+++ b/tmpl/lemonldap-ng.ini
@@ -115,7 +115,11 @@ localStorageOptions={                             \
 ;portalSkin = pastel
 ; Modules displayed
 ;portalDisplayLogout = 1
-;portalDisplayResetPassword = 1
+%if %%llResetPassword == "oui"
+portalDisplayResetPassword = 1
+%else
+portalDisplayResetPassword = 0
+%end if
 ;portalDisplayChangePassword = 1
 ;portalDisplayAppslist = 1
 ;portalDisplayLoginHistory = 1
diff --git a/tmpl/lmConf-1.js b/tmpl/lmConf-1.js
index a4371bd..a48829b 100644
--- a/tmpl/lmConf-1.js
+++ b/tmpl/lmConf-1.js
@@ -39,7 +39,9 @@
         "%%managerWebName": {}
     },
     "vhostOptions": {
-        "%%managerWebName": {},
+        "%%managerWebName": {
+            "vhostHttps" : "1"
+        },
         "test1.%%nom_domaine_local": {},
         "test2.%%nom_domaine_local": {}
     },
@@ -195,7 +197,11 @@
     "mailSubject": "[LemonLDAP::NG] Your new password",
     "nginxCustomHandlers": {},
     "samlSPSSODescriptorAuthnRequestsSigned": 1,
+%if %%llResetPassword == "oui"
     "portalDisplayResetPassword": 1,
+%else
+    "portalDisplayResetPassword": 0,
+%end if
     "openIdSreg_timezone": "_timezone",
     "infoFormMethod": "get",
     "openIdAuthnLevel": 1,
@@ -342,7 +348,11 @@
     "activeTimer": 1,
     "cda": 0,
     "samlServicePublicKeySig": "",
+%if %%llCheckLogins == "oui"
     "portalCheckLogins": 1,
+%else
+    "portalCheckLogins": 0,
+%end if
     "CAS_authnLevel": 1,
     "macros": {
         "_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""

From a4a3d52746371fc570aefb5c8d50fab14b9b96d9 Mon Sep 17 00:00:00 2001
From: afornerot <afornerot@cadoles.com>
Date: Fri, 23 Mar 2018 16:22:02 +0100
Subject: [PATCH 2/6] ajout variable llSkin

---
 dicos/70_lemonldap_ng.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml
index 9029c86..23fdb77 100644
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@@ -62,6 +62,9 @@
 			</variable>
 			<variable name='llRegisterDB' type='string' description="Base de comptes pour l'enregistrement"/>
 			<variable name='llRegisterURL' type='string' description="Adresse de l'application de création de compte"/>
+			<variable name='llSkin' type='string' description="Skin utilisé par LemonLDAP::NG">
+				<value>bootstrap</value>
+			</variable>
 		</family>
         <separators>
 		    <separator name="managerWebName">Configuration DNS</separator>
@@ -111,6 +114,10 @@
 			<param>Custom</param>
 			<target type='variable'>llRegisterURL</target>
 		</condition>
+		<check name='valid_enum' target='llSkin'>
+			<param>['bootstrap','dark','impact','pastel']</param>
+			<param name="checkval">False</param>
+		</check>		
 	</constraints>
 	<help>
 		<variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>

From 0f25183778d079b37b4d3467d35012735db87c9e Mon Sep 17 00:00:00 2001
From: afornerot <afornerot@cadoles.com>
Date: Fri, 23 Mar 2018 16:56:54 +0100
Subject: [PATCH 3/6] ajout du template lemonldap-ng.ini et utilisation de la
 variable llSkin

---
 dicos/70_lemonldap_ng.xml | 1 +
 tmpl/lemonldap-ng.ini     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml
index 23fdb77..2494fc2 100644
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@@ -7,6 +7,7 @@
 		<file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/>
 		<file filelist='lemon' name='/etc/nginx/sites-available/test-nginx.conf' mkdir='True' rm='True'/>
 		<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/>
+		<file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
 		<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
 		<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
 		<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
diff --git a/tmpl/lemonldap-ng.ini b/tmpl/lemonldap-ng.ini
index 8dda4dd..c41aba4 100644
--- a/tmpl/lemonldap-ng.ini
+++ b/tmpl/lemonldap-ng.ini
@@ -112,7 +112,7 @@ localStorageOptions={                             \
 
 ; PORTAL CUSTOMIZATION
 ; Name of the skin
-;portalSkin = pastel
+portalSkin = %%llSkin
 ; Modules displayed
 ;portalDisplayLogout = 1
 %if %%llResetPassword == "oui"

From 2afe4dceb41eea313dd30b7671bac2f672948d90 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Mon, 26 Mar 2018 09:56:38 +0200
Subject: [PATCH 4/6] GenConfig clean up

---
 dicos/70_lemonldap_ng.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml
index 2494fc2..a54b0ed 100644
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@@ -52,6 +52,9 @@
 			<variable name='ssoDebug' type='string' description="Activer le Debug pour la lib php-CAS" mode="expert">
 				<value>non</value>
 			</variable>
+			<variable name='llSkin' type='string' description="Skin utilisé par LemonLDAP::NG">
+				<value>bootstrap</value>
+			</variable>
 			<variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection">
 				<value>non</value>
 			</variable>
@@ -63,15 +66,12 @@
 			</variable>
 			<variable name='llRegisterDB' type='string' description="Base de comptes pour l'enregistrement"/>
 			<variable name='llRegisterURL' type='string' description="Adresse de l'application de création de compte"/>
-			<variable name='llSkin' type='string' description="Skin utilisé par LemonLDAP::NG">
-				<value>bootstrap</value>
-			</variable>
 		</family>
         <separators>
 		    <separator name="managerWebName">Configuration DNS</separator>
 		    <separator name="ldapScheme">Configuration LDAP</separator>
 		    <separator name="casAttribute">Configuration CAS</separator>
-		    <separator name="llCheckLogins">Personnalisation de la mire SSO</separator>
+		    <separator name="llSkin">Personnalisation de la mire SSO</separator>
 		</separators>
 	</variables>
 	<constraints>
@@ -118,7 +118,7 @@
 		<check name='valid_enum' target='llSkin'>
 			<param>['bootstrap','dark','impact','pastel']</param>
 			<param name="checkval">False</param>
-		</check>		
+		</check>
 	</constraints>
 	<help>
 		<variable name='activerLemon'>Activer l'hébergement d'une place de marché HTTP pour OpenNebula</variable>

From 51519eae55a138041e69f3508fdb8ed7629c1536 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Mon, 26 Mar 2018 11:05:26 +0200
Subject: [PATCH 5/6] Adding Custom Register URL option to template

---
 tmpl/lmConf-1.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tmpl/lmConf-1.js b/tmpl/lmConf-1.js
index a48829b..0396416 100644
--- a/tmpl/lmConf-1.js
+++ b/tmpl/lmConf-1.js
@@ -218,7 +218,7 @@
     "slaveAuthnLevel": 2,
     "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
     "Soap": 1,
-    "registerDB": "Demo",
+    "registerDB": "%%llRegisterDB",
     "locationRules": {
         "%%managerWebName": {
             "default": "$uid eq \"%%lemonAdmin\""
@@ -398,7 +398,11 @@
     "oidcOPMetaDataOptions": null,
     "samlSPSSODescriptorWantAssertionsSigned": 1,
     "samlOrganizationName": "%%samlOrganizationName",
+%if %%llRegisterDB == "Custom"
+    "registerUrl": "%%llRegisterURL",
+%else
     "registerUrl": "https://%%authWebName/register.pl",
+%end if
     "casAccessControlPolicy": "none",
     "multiValuesSeparator": ";",
     "ldapPort": %%ldapServerPort

From 5f5c5359f771b505a7882b26e298cd75867a0e4f Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Mon, 26 Mar 2018 11:21:28 +0200
Subject: [PATCH 6/6] Fixing Custom URL option

---
 tmpl/lmConf-1.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tmpl/lmConf-1.js b/tmpl/lmConf-1.js
index 0396416..26117a5 100644
--- a/tmpl/lmConf-1.js
+++ b/tmpl/lmConf-1.js
@@ -218,7 +218,11 @@
     "slaveAuthnLevel": 2,
     "samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
     "Soap": 1,
+%if %%llRegisterDB == "Custom"
+    "registerDB": "Null",
+%else
     "registerDB": "%%llRegisterDB",
+%end if
     "locationRules": {
         "%%managerWebName": {
             "default": "$uid eq \"%%lemonAdmin\""