groupe SSO de type DN

This commit is contained in:
afornerot 2021-03-04 17:02:39 +01:00
parent c7c10ded30
commit fc094ab57e
1 changed files with 41 additions and 29 deletions

View File

@ -22,17 +22,17 @@ class SecurityController extends Controller
public function loginAction(Request $request) public function loginAction(Request $request)
{ {
// Récupération de la cible de navigation // Récupération de la cible de navigation
$redirect = $request->get("redirect"); $redirect = $request->get("redirect");
// Masteridentity // Masteridentity
$masteridentity=$this->getParameter("masteridentity"); $masteridentity=$this->getParameter("masteridentity");
// Init Client CAS // Init Client CAS
\phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log"); \phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log");
@\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false); \phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false);
\phpCAS::setNoCasServerValidation(); \phpCAS::setNoCasServerValidation();
// Authentification // Authentification
\phpCAS::forceAuthentication(); \phpCAS::forceAuthentication();
@ -52,13 +52,13 @@ class SecurityController extends Controller
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
if(isset($attributes[$this->getParameter('user_attr_cas_username')])) if(isset($attributes[$this->getParameter('user_attr_cas_username')]))
$username = $attributes[$this->getParameter('user_attr_cas_username')]; $username = $attributes[$this->getParameter('user_attr_cas_username')];
if(isset($attributes[$this->getParameter('user_attr_cas_mail')])) if(isset($attributes[$this->getParameter('user_attr_cas_mail')]))
$email = $attributes[$this->getParameter('user_attr_cas_mail')]; $email = $attributes[$this->getParameter('user_attr_cas_mail')];
if(isset($attributes[$this->getParameter('user_attr_cas_lastname')])) if(isset($attributes[$this->getParameter('user_attr_cas_lastname')]))
$lastname = $attributes[$this->getParameter('user_attr_cas_lastname')]; $lastname = $attributes[$this->getParameter('user_attr_cas_lastname')];
if(isset($attributes[$this->getParameter('user_attr_cas_firstname')])) if(isset($attributes[$this->getParameter('user_attr_cas_firstname')]))
$firstname = $attributes[$this->getParameter('user_attr_cas_firstname')]; $firstname = $attributes[$this->getParameter('user_attr_cas_firstname')];
@ -96,7 +96,7 @@ class SecurityController extends Controller
$user->setPassword("CASPWD-".$username); $user->setPassword("CASPWD-".$username);
$user->setSalt("CASPWD-".$username); $user->setSalt("CASPWD-".$username);
$user->setNiveau01($niveau01); $user->setNiveau01($niveau01);
$user->setSiren($niveau01->getSiren()); $user->setSiren($niveau01->getSiren());
$user->setSiret(""); $user->setSiret("");
@ -105,8 +105,8 @@ class SecurityController extends Controller
$user->setVisible(true); $user->setVisible(true);
$user->setAuthlevel("simple"); $user->setAuthlevel("simple");
$user->setRole("ROLE_USER"); $user->setRole("ROLE_USER");
if(in_array($username,$this->getParameter("ldap_usersadmin"))) if(in_array($username,$this->getParameter("ldap_usersadmin")))
$user->setRole("ROLE_ADMIN"); $user->setRole("ROLE_ADMIN");
$em->persist($user); $em->persist($user);
@ -116,7 +116,7 @@ class SecurityController extends Controller
$this->submitGroup($attributes); $this->submitGroup($attributes);
// On calcule les groupes de l'utilisateur // On calcule les groupes de l'utilisateur
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes); $user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
} }
} }
@ -138,7 +138,7 @@ class SecurityController extends Controller
$user->setNiveau01($niveau01); $user->setNiveau01($niveau01);
$user->setNiveau02(null); $user->setNiveau02(null);
} }
if(in_array($username,$this->getParameter("ldap_usersadmin"))) if(in_array($username,$this->getParameter("ldap_usersadmin")))
$user->setRole("ROLE_ADMIN"); $user->setRole("ROLE_ADMIN");
// Génération auto des groupes // Génération auto des groupes
@ -166,7 +166,7 @@ class SecurityController extends Controller
} }
$ssoitems=$attributes[$user_attr_cas_item]; $ssoitems=$attributes[$user_attr_cas_item];
} }
} }
$this->get('session')->set('ssoitems', $ssoitems); $this->get('session')->set('ssoitems', $ssoitems);
// Autoconnexion // Autoconnexion
@ -194,7 +194,7 @@ class SecurityController extends Controller
public function logoutAction() { public function logoutAction() {
// Init Client CAS // Init Client CAS
\phpCAS::setDebug(false); \phpCAS::setDebug(false);
@\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), true); \phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), true);
\phpCAS::setNoCasServerValidation(); \phpCAS::setNoCasServerValidation();
@ -208,9 +208,9 @@ class SecurityController extends Controller
// Init Client CAS // Init Client CAS
\phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log"); \phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log");
@\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false); \phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false);
\phpCAS::setNoCasServerValidation(); \phpCAS::setNoCasServerValidation();
// Authentification // Authentification
\phpCAS::forceAuthentication(); \phpCAS::forceAuthentication();
@ -221,12 +221,12 @@ class SecurityController extends Controller
// Récupération Attribut // Récupération Attribut
$attributes = \phpCAS::getAttributes(); $attributes = \phpCAS::getAttributes();
$user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username)); $user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username));
// On calcule le niveau01 de l'utilisateur // On calcule le niveau01 de l'utilisateur
$niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes); $niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes);
// Génération auto des groupes // Génération auto des groupes
$groups=$this->submitGroup($attributes); $groups=$this->submitGroup($attributes);
// On calcule les groupes de l'utilisateur // On calcule les groupes de l'utilisateur
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes); $user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
@ -234,12 +234,12 @@ class SecurityController extends Controller
return $this->render('CadolesCASBundle:Test:test.html.twig',[ return $this->render('CadolesCASBundle:Test:test.html.twig',[
'useheader' => true, 'useheader' => true,
'usemenu' => false, 'usemenu' => false,
'usesidebar' => false, 'usesidebar' => false,
'attributes' => $attributes, 'attributes' => $attributes,
'user' => $user, 'user' => $user,
'username' => $username, 'username' => $username,
'niveau01' => $niveau01, 'niveau01' => $niveau01,
]); ]);
} }
@ -258,26 +258,38 @@ class SecurityController extends Controller
} }
foreach($attributes[$user_attr_cas_group] as $ssogroup) { foreach($attributes[$user_attr_cas_group] as $ssogroup) {
$basedn=$this->getParameter('ldap_basedn');
$name=$ssogroup;
if($basedn!="") {
// Si présence du basedn dans le nom du groupe = nous sommes en présence d'un DN = on récupere donc comme nom que son cn
if(stripos($name,$basedn)!==false) {
$tbname=explode(",",$name);
$tbname=explode("=",$tbname[0]);
$name=$tbname[1];
}
}
// Recherche du groupe // Recherche du groupe
$group=$em->getRepository("CadolesCoreBundle:Group")->findOneBy(["label"=>$ssogroup]); $group=$em->getRepository("CadolesCoreBundle:Group")->findOneBy(["label"=>$name]);
if(!$group) { if(!$group) {
$group=new Group(); $group=new Group();
$group->setLabel($ssogroup); $group->setLabel($name);
$group->setFgcancreatepage(false); $group->setFgcancreatepage(false);
$group->setFgcancreateblog(false); $group->setFgcancreateblog(false);
$group->setFgcancreatecalendar(false); $group->setFgcancreatecalendar(false);
$group->setFgcancreateproject(false); $group->setFgcancreateproject(false);
$group->setFgcanshare(false); $group->setFgcanshare(false);
$group->setFgopen(false); $group->setFgopen(false);
$group->setFgall(false); $group->setFgall(false);
} }
$group->setAttributes('{"'.$user_attr_cas_group.'":"'.$ssogroup.'"}'); $group->setAttributes('{"'.$user_attr_cas_group.'":"'.$ssogroup.'"}');
$group->setFgtemplate(false); $group->setFgtemplate(false);
$em->persist($group); $em->persist($group);
$em->flush(); $em->flush();
} }
} }