svg
This commit is contained in:
root
parent
b5f7aa4b0a
commit
35d061ff82
|
|
@ -12,3 +12,6 @@ twig:
|
||||||
appName: '%appName%'
|
appName: '%appName%'
|
||||||
appCron: '%appCron%'
|
appCron: '%appCron%'
|
||||||
appMasteridentity: '%appMasteridentity'
|
appMasteridentity: '%appMasteridentity'
|
||||||
|
sondeUse: '%sondeUse%'
|
||||||
|
sondeUrl: '%sondeUrl%'
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -47,15 +47,24 @@ parameters:
|
||||||
casLastname: '%env(resolve:CAS_LASTNAME)%'
|
casLastname: '%env(resolve:CAS_LASTNAME)%'
|
||||||
casFirstname: '%env(resolve:CAS_FIRSTNAME)%'
|
casFirstname: '%env(resolve:CAS_FIRSTNAME)%'
|
||||||
|
|
||||||
proxyUser: '%env(resolve:PROXY_USE)%'
|
proxyUse: '%env(resolve:PROXY_USE)%'
|
||||||
proxyHost: '%env(resolve:PROXY_HOST)%'
|
proxyHost: '%env(resolve:PROXY_HOST)%'
|
||||||
proxyPort: '%env(resolve:PROXY_PORT)%'
|
proxyPort: '%env(resolve:PROXY_PORT)%'
|
||||||
|
|
||||||
|
sondeUse: '%env(resolve:SONDE_USE)%'
|
||||||
|
sondeUrl: '%env(resolve:SONDE_URL)%'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
# default configuration for services in *this* file
|
# default configuration for services in *this* file
|
||||||
_defaults:
|
_defaults:
|
||||||
autowire: true # Automatically injects dependencies in your services.
|
autowire: true # Automatically injects dependencies in your services.
|
||||||
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
|
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
|
||||||
|
bind:
|
||||||
|
$ldapHost: '%ldapHost%'
|
||||||
|
$ldapPort: '%ldapPort%'
|
||||||
|
$ldapUser: '%ldapUser%'
|
||||||
|
$ldapPassword: '%ldapPassword%'
|
||||||
|
$ldapBasedn: '%ldapBasedn%'
|
||||||
|
|
||||||
# makes classes in src/ available to be used as services
|
# makes classes in src/ available to be used as services
|
||||||
# this creates a service per class whose id is the fully-qualified class name
|
# this creates a service per class whose id is the fully-qualified class name
|
||||||
|
|
@ -71,13 +80,6 @@ services:
|
||||||
|
|
||||||
# add more service definitions when explicit configuration is needed
|
# add more service definitions when explicit configuration is needed
|
||||||
# please note that last definitions always *replace* previous ones
|
# please note that last definitions always *replace* previous ones
|
||||||
app.session.listener:
|
|
||||||
public: true
|
|
||||||
class: App\Service\sessionListener
|
|
||||||
arguments: ['@service_container','@doctrine.orm.entity_manager',"@security.token_storage"]
|
|
||||||
tags:
|
|
||||||
- { name: kernel.event_listener, event: kernel.request, method: onDomainParse }
|
|
||||||
|
|
||||||
app.password.encoder:
|
app.password.encoder:
|
||||||
public: true
|
public: true
|
||||||
class: App\Service\passwordEncoder
|
class: App\Service\passwordEncoder
|
||||||
|
|
|
||||||
|
|
@ -56,3 +56,8 @@ CAS_FIRSTNAME=firstname
|
||||||
PROXY_USE=false
|
PROXY_USE=false
|
||||||
PROXY_HOST=
|
PROXY_HOST=
|
||||||
PROXY_PORT=
|
PROXY_PORT=
|
||||||
|
|
||||||
|
|
||||||
|
# Sonde statistic
|
||||||
|
SONDE_USE=false
|
||||||
|
SONDE_URL=
|
||||||
|
|
|
||||||
|
|
@ -47,7 +47,6 @@ class CronCommand extends Command
|
||||||
$appCron = $this->container->getParameter('appCron');
|
$appCron = $this->container->getParameter('appCron');
|
||||||
if(!$appCron)
|
if(!$appCron)
|
||||||
{
|
{
|
||||||
$this->writelnred('CRON désactivé');
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -122,9 +122,9 @@ class SynchroUsersCommand extends Command
|
||||||
// Options
|
// Options
|
||||||
$this->writeln('');
|
$this->writeln('');
|
||||||
$this->writeln('== OPTIONS ==========================================');
|
$this->writeln('== OPTIONS ==========================================');
|
||||||
|
$cn=$result["cn"];
|
||||||
$results = $this->ldap->search("type=Option", ['cn','description','gidNumber'], $this->ldap_basedn);
|
$results = $this->ldap->search("type=Option", ['cn','description','gidNumber'], $this->ldap_basedn);
|
||||||
foreach($results as $result) {
|
foreach($results as $result) {
|
||||||
$cn=$result["cn"];
|
|
||||||
$ldapfilter="(|(&(type=Option)(cn=$cn))(&(type=Equipe)(cn=profs-$cn))(&(ENTPersonProfils=Administratif)(divcod=$cn)))";
|
$ldapfilter="(|(&(type=Option)(cn=$cn))(&(type=Equipe)(cn=profs-$cn))(&(ENTPersonProfils=Administratif)(divcod=$cn)))";
|
||||||
|
|
||||||
$label="OPTION = ".$result["cn"];
|
$label="OPTION = ".$result["cn"];
|
||||||
|
|
@ -396,40 +396,63 @@ class SynchroUsersCommand extends Command
|
||||||
$appmasterurl = $this->container->getParameter("appMasterurl");
|
$appmasterurl = $this->container->getParameter("appMasterurl");
|
||||||
$appmasterkey = $this->container->getParameter("appMasterkey");
|
$appmasterkey = $this->container->getParameter("appMasterkey");
|
||||||
|
|
||||||
// Déclaration du proxy
|
// Généraltion de l'urol de communication
|
||||||
if(stripos($appmasterurl,"/")===0) {
|
if(stripos($appmasterurl,"/")===0) {
|
||||||
$url="https://".$this->container->getParameter("appWeburl").$appmasterurl;
|
$url="https://".$this->container->getParameter("appWeburl").$appmasterurl;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
$url=$appmasterurl;
|
$url=$appmasterurl;
|
||||||
|
|
||||||
$indomaine = (stripos($url,$this->container->getParameter("appWeburl"))!==false);
|
// Entete
|
||||||
|
|
||||||
|
|
||||||
$url="http://172.27.7.67/ninegate";
|
|
||||||
$indomaine=true;
|
|
||||||
|
|
||||||
// Recherche des élèments de masterIdentify
|
|
||||||
$headers = ['Accept' => 'application/json'];
|
$headers = ['Accept' => 'application/json'];
|
||||||
$query = [];
|
$query = [];
|
||||||
|
|
||||||
/* si hor domaine on utilise le proxy si proxy il y a */
|
// Paramétrage unirest
|
||||||
if(!$indomaine) {
|
\Unirest\Request::verifyPeer(false);
|
||||||
$proxyUse = $this->container->getParameter("proxyUser");
|
\Unirest\Request::verifyHost(false);
|
||||||
|
\Unirest\Request::timeout(5);
|
||||||
|
|
||||||
|
// Login sans proxy
|
||||||
|
try{
|
||||||
|
$response = \Unirest\Request::post($url.'/rest/login',$headers,["key"=>$appmasterkey]);
|
||||||
|
}
|
||||||
|
catch (\Exception $e) {
|
||||||
|
// On tente avec le proxy s'il y en a un
|
||||||
|
$proxyUse = $this->container->getParameter("proxyUse");
|
||||||
if($proxyUse) {
|
if($proxyUse) {
|
||||||
$proxyHost = $this->container->getParameter("proxyHost");
|
$proxyHost = $this->container->getParameter("proxyHost");
|
||||||
$proxyPort = $this->container->getParameter("proxyPort");
|
$proxyPort = $this->container->getParameter("proxyPort");
|
||||||
\Unirest\Request::proxy($proxyHost, $proxyPort, CURLPROXY_HTTP, true);
|
\Unirest\Request::proxy($proxyHost, $proxyPort, CURLPROXY_HTTP, true);
|
||||||
|
|
||||||
|
try{
|
||||||
|
$response = \Unirest\Request::post($url.'/rest/login/'.$appmasterkey,$headers,$query);
|
||||||
|
}
|
||||||
|
catch (\Exception $e) {
|
||||||
|
die("Erreur de communication API = ".$e->getMessage()."\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
die("Erreur de communication API = ".$e->getMessage()."\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if($response->code!="200")
|
||||||
|
die("Erreur sur clé API\n");
|
||||||
|
|
||||||
|
|
||||||
$this->writeln('');
|
$this->writeln('');
|
||||||
$this->writeln('== GROUPS ============================================');
|
$this->writeln('== GROUPS ============================================');
|
||||||
|
|
||||||
// Récupération des informations groups issus du masteridentity
|
// Récupération des informations groups issus du masteridentity
|
||||||
$response = \Unirest\Request::get($url.'/rest/groups/'.$appmasterkey,$headers,$query);
|
try{
|
||||||
|
$response = \Unirest\Request::post($url.'/rest/groups',$headers,["key"=>$appmasterkey]);
|
||||||
|
}
|
||||||
|
catch (\Exception $e) {
|
||||||
|
die("Erreur de communication API = ".$e->getMessage()."\n");
|
||||||
|
}
|
||||||
|
|
||||||
$lstgroups=[];
|
$lstgroups=[];
|
||||||
if($response->code="200" && is_object($response->body)) {
|
if($response->code=="200" && is_object($response->body)) {
|
||||||
$apigroups=$response->body;
|
$apigroups=$response->body;
|
||||||
foreach($apigroups as $apigroup) {
|
foreach($apigroups as $apigroup) {
|
||||||
array_push($lstgroups,$apigroup->id);
|
array_push($lstgroups,$apigroup->id);
|
||||||
|
|
@ -449,15 +472,21 @@ class SynchroUsersCommand extends Command
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else die("Erreur de communication");
|
else die("Erreur de communication = ".print_r($response,true));
|
||||||
|
|
||||||
$this->writeln('');
|
$this->writeln('');
|
||||||
$this->writeln('== USERS ============================================');
|
$this->writeln('== USERS ============================================');
|
||||||
|
|
||||||
// Récupération des informations utilisateurs issus du masteridentity
|
// Récupération des informations utilisateurs issus du masteridentity
|
||||||
$response = \Unirest\Request::get($url.'/rest/users/'.$appmasterkey,$headers,$query);
|
try{
|
||||||
|
$response = \Unirest\Request::post($url.'/rest/users',$headers,["key"=>$appmasterkey]);
|
||||||
|
}
|
||||||
|
catch (\Exception $e) {
|
||||||
|
die("Erreur de communication API = ".$e->getMessage()."\n");
|
||||||
|
}
|
||||||
|
|
||||||
$lstusers=[];
|
$lstusers=[];
|
||||||
if($response->code="200"&&is_object($response->body)) {
|
if($response->code=="200"&&is_object($response->body)) {
|
||||||
$apiusers=$response->body;
|
$apiusers=$response->body;
|
||||||
foreach($apiusers as $apiuser) {
|
foreach($apiusers as $apiuser) {
|
||||||
array_push($lstusers,$apiuser->username);
|
array_push($lstusers,$apiuser->username);
|
||||||
|
|
@ -477,6 +506,17 @@ class SynchroUsersCommand extends Command
|
||||||
$user->setEmail($apiuser->email);
|
$user->setEmail($apiuser->email);
|
||||||
$user->setAvatar($apiuser->avatar);
|
$user->setAvatar($apiuser->avatar);
|
||||||
|
|
||||||
|
if(in_array($apiuser->username,$this->container->getParameter("ldapAdmins")))
|
||||||
|
$role="ROLE_ADMIN";
|
||||||
|
else
|
||||||
|
$role=($apiuser->role=="ROLE_ANIM"?"ROLE_MASTER":$apiuser->role);
|
||||||
|
|
||||||
|
if(!$user->hasRole($role)) {
|
||||||
|
$roles=$user->getRoles();
|
||||||
|
array_push($roles,$role);
|
||||||
|
$user->setRoles($roles);
|
||||||
|
}
|
||||||
|
|
||||||
$this->em->persist($user);
|
$this->em->persist($user);
|
||||||
$this->em->flush();
|
$this->em->flush();
|
||||||
}
|
}
|
||||||
|
|
@ -494,6 +534,8 @@ class SynchroUsersCommand extends Command
|
||||||
|
|
||||||
$this->writeln($group->getName());
|
$this->writeln($group->getName());
|
||||||
|
|
||||||
|
$usergroups=[];
|
||||||
|
if($tabgroups[$group->getIdexternal()])
|
||||||
$usergroups = $tabgroups[$group->getIdexternal()]["users"];
|
$usergroups = $tabgroups[$group->getIdexternal()]["users"];
|
||||||
$tbusers=[];
|
$tbusers=[];
|
||||||
foreach($usergroups as $user) {
|
foreach($usergroups as $user) {
|
||||||
|
|
@ -622,13 +664,19 @@ class SynchroUsersCommand extends Command
|
||||||
$user->setFirstname($firstname);
|
$user->setFirstname($firstname);
|
||||||
$user->setEmail($email);
|
$user->setEmail($email);
|
||||||
|
|
||||||
|
// Definition du role
|
||||||
if(in_array($username,$usersadmin))
|
if(in_array($username,$usersadmin))
|
||||||
$user->setRoles(["ROLE_ADMIN"]);
|
$role="ROLE_ADMIN";
|
||||||
else {
|
else {
|
||||||
$ldapfilter="(|(&(uid=".$user->getUsername().")(ENTPersonProfils=enseignant))(&(uid=".$user->getUsername().")(typeadmin=0))(&(uid=".$user->getUsername().")(typeadmin=2)))";
|
$ldapfilter="(|(&(uid=".$user->getUsername().")(ENTPersonProfils=enseignant))(&(uid=".$user->getUsername().")(typeadmin=0))(&(uid=".$user->getUsername().")(typeadmin=2)))";
|
||||||
$results = $this->ldap->search($ldapfilter, ['uid'], $this->ldap_basedn);
|
$results = $this->ldap->search($ldapfilter, ['uid'], $this->ldap_basedn);
|
||||||
if($results) $user->setRoles(["ROLE_MASTER"]);
|
if($results) $role="ROLE_MASTER";
|
||||||
else $user->setRoles(["ROLE_USER"]);
|
else $role="ROLE_USER";
|
||||||
|
}
|
||||||
|
if(!$user->hasRole($role)) {
|
||||||
|
$roles=$user->getRoles();
|
||||||
|
array_push($roles,$role);
|
||||||
|
$user->setRoles($roles);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->em->persist($user);
|
$this->em->persist($user);
|
||||||
|
|
@ -640,8 +688,20 @@ class SynchroUsersCommand extends Command
|
||||||
$user->setFirstname($firstname);
|
$user->setFirstname($firstname);
|
||||||
$user->setEmail($email);
|
$user->setEmail($email);
|
||||||
|
|
||||||
|
// Definition du role
|
||||||
if(in_array($username,$usersadmin))
|
if(in_array($username,$usersadmin))
|
||||||
$user->setRole("ROLE_ADMIN");
|
$role="ROLE_ADMIN";
|
||||||
|
else {
|
||||||
|
$ldapfilter="(|(&(uid=".$user->getUsername().")(ENTPersonProfils=enseignant))(&(uid=".$user->getUsername().")(typeadmin=0))(&(uid=".$user->getUsername().")(typeadmin=2)))";
|
||||||
|
$results = $this->ldap->search($ldapfilter, ['uid'], $this->ldap_basedn);
|
||||||
|
if($results) $role="ROLE_MASTER";
|
||||||
|
else $role="ROLE_USER";
|
||||||
|
}
|
||||||
|
if(!$user->hasRole($role)) {
|
||||||
|
$roles=$user->getRoles();
|
||||||
|
array_push($roles,$role);
|
||||||
|
$user->setRoles($roles);
|
||||||
|
}
|
||||||
|
|
||||||
$this->em->persist($user);
|
$this->em->persist($user);
|
||||||
$this->em->flush();
|
$this->em->flush();
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,8 @@
|
||||||
namespace App\Controller;
|
namespace App\Controller;
|
||||||
|
|
||||||
use App\Entity\User;
|
use App\Entity\User;
|
||||||
|
use App\Entity\Group;
|
||||||
|
use App\Service\ldapService as ldapService;
|
||||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
|
|
@ -20,6 +22,13 @@ use jasig\phpcas\CAS;
|
||||||
|
|
||||||
class SecurityController extends AbstractController
|
class SecurityController extends AbstractController
|
||||||
{
|
{
|
||||||
|
private $ldapService;
|
||||||
|
|
||||||
|
public function __construct(ldapService $ldapService)
|
||||||
|
{
|
||||||
|
$this->ldapService = $ldapService;
|
||||||
|
}
|
||||||
|
|
||||||
public function login(Request $request, AuthenticationUtils $authenticationUtils)
|
public function login(Request $request, AuthenticationUtils $authenticationUtils)
|
||||||
{
|
{
|
||||||
$auth_mode=$this->getParameter("appAuth");
|
$auth_mode=$this->getParameter("appAuth");
|
||||||
|
|
@ -45,7 +54,7 @@ class SecurityController extends AbstractController
|
||||||
public function logincas(Request $request, AuthenticationUtils $authenticationUtils)
|
public function logincas(Request $request, AuthenticationUtils $authenticationUtils)
|
||||||
{
|
{
|
||||||
// Récupération de la cible de navigation
|
// Récupération de la cible de navigation
|
||||||
$redirect = $request->get("redirect");
|
$redirect = $this->get('session')->get("_security.main.target_path");
|
||||||
|
|
||||||
// Init Client CAS
|
// Init Client CAS
|
||||||
$alias=$this->getParameter('appAlias');
|
$alias=$this->getParameter('appAlias');
|
||||||
|
|
@ -98,8 +107,6 @@ class SecurityController extends AbstractController
|
||||||
$user->setPassword("CASPWD-".$username);
|
$user->setPassword("CASPWD-".$username);
|
||||||
$user->setSalt("CASPWD-".$username);
|
$user->setSalt("CASPWD-".$username);
|
||||||
|
|
||||||
$user->setRoles(["ROLE_STUDENT"]);
|
|
||||||
|
|
||||||
$em->persist($user);
|
$em->persist($user);
|
||||||
$em->flush();
|
$em->flush();
|
||||||
}
|
}
|
||||||
|
|
@ -112,6 +119,14 @@ class SecurityController extends AbstractController
|
||||||
$em->flush();
|
$em->flush();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$masteridentity=$this->getParameter("appMasteridentity");
|
||||||
|
if($masteridentity=="Ninegate") {
|
||||||
|
$this->updateNinegate($user);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$this->updateLDAP($user);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// Autoconnexion
|
// Autoconnexion
|
||||||
// Récupérer le token de l'utilisateur
|
// Récupérer le token de l'utilisateur
|
||||||
|
|
@ -170,4 +185,174 @@ class SecurityController extends AbstractController
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
private function updateNinegate($user) {
|
||||||
|
$em = $this->getDoctrine()->getManager();
|
||||||
|
$appmasterurl = $this->getParameter("appMasterurl");
|
||||||
|
$appmasterkey = $this->getParameter("appMasterkey");
|
||||||
|
|
||||||
|
// Généraltion de l'urol de communication
|
||||||
|
if(stripos($appmasterurl,"/")===0) {
|
||||||
|
$url="https://".$this->getParameter("appWeburl").$appmasterurl;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
$url=$appmasterurl;
|
||||||
|
|
||||||
|
// Entete
|
||||||
|
$headers = ['Accept' => 'application/json'];
|
||||||
|
$query = [];
|
||||||
|
|
||||||
|
// Paramétrage unirest
|
||||||
|
\Unirest\Request::verifyPeer(false);
|
||||||
|
\Unirest\Request::verifyHost(false);
|
||||||
|
\Unirest\Request::timeout(5);
|
||||||
|
|
||||||
|
// Login sans proxy
|
||||||
|
try{
|
||||||
|
$response = \Unirest\Request::post($url.'/rest/login',$headers,["key"=>$appmasterkey]);
|
||||||
|
}
|
||||||
|
catch (\Exception $e) {
|
||||||
|
// On tente avec le proxy s'il y en a un
|
||||||
|
$proxyUse = $this->getParameter("proxyUse");
|
||||||
|
if($proxyUse) {
|
||||||
|
$proxyHost = $this->getParameter("proxyHost");
|
||||||
|
$proxyPort = $this->getParameter("proxyPort");
|
||||||
|
\Unirest\Request::proxy($proxyHost, $proxyPort, CURLPROXY_HTTP, true);
|
||||||
|
|
||||||
|
try{
|
||||||
|
$response = \Unirest\Request::post($url.'/rest/login',$headers,["key"=>$appmasterkey]);
|
||||||
|
}
|
||||||
|
catch (\Exception $e) {
|
||||||
|
die("Erreur de communication API = ".$e->getMessage()."\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
die("Erreur de communication API = ".$e->getMessage()."\n");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if($response->code!="200")
|
||||||
|
die("Erreur sur clé API\n");
|
||||||
|
|
||||||
|
// Récupération des informations du user
|
||||||
|
try{
|
||||||
|
$response = \Unirest\Request::post($url.'/rest/user/'.$user->getUsername(),$headers,["key"=>$appmasterkey]);
|
||||||
|
}
|
||||||
|
catch (\Exception $e) {
|
||||||
|
die("Erreur de communication API = ".$e->getMessage()."\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
if($response->code=="200"&&is_object($response->body)) {
|
||||||
|
// Mise à jour du user
|
||||||
|
$user->setLastname($response->body->user->lastname);
|
||||||
|
$user->setFirstname($response->body->user->firstname);
|
||||||
|
$user->setEmail($response->body->user->email);
|
||||||
|
$user->setAvatar($response->body->user->avatar);
|
||||||
|
|
||||||
|
// Definition du role du user
|
||||||
|
if(in_array($user->getUsername(),$this->getParameter("ldapAdmins")))
|
||||||
|
$role="ROLE_ADMIN";
|
||||||
|
else
|
||||||
|
$role=($response->body->user->role=="ROLE_ANIM"?"ROLE_MASTER":$response->body->user->role);
|
||||||
|
|
||||||
|
if(!$user->hasRole($role)) {
|
||||||
|
$roles=$user->getRoles();
|
||||||
|
array_push($roles,$role);
|
||||||
|
$user->setRoles($roles);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sauvegarde user
|
||||||
|
$em->persist($user);
|
||||||
|
$em->flush();
|
||||||
|
|
||||||
|
// Mise à jour des groupes
|
||||||
|
$groups=$response->body->groups;
|
||||||
|
$mygroup=[];
|
||||||
|
|
||||||
|
foreach($groups as $groupexternal) {
|
||||||
|
array_push($mygroup,$groupexternal->id);
|
||||||
|
|
||||||
|
// Le groupe existe-t-il
|
||||||
|
$group=$em->getRepository("App:Group")->findOneBy(["idexternal"=>$groupexternal->id]);
|
||||||
|
if(!$group)
|
||||||
|
$group = new Group();
|
||||||
|
$group->setIdexternal($groupexternal->id);
|
||||||
|
$group->setName($groupexternal->title);
|
||||||
|
|
||||||
|
if(!$group->getUsers()->contains($user))
|
||||||
|
$group->addUser($user);
|
||||||
|
|
||||||
|
$em->persist($group);
|
||||||
|
$em->flush();
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach($user->getGroups() as $group) {
|
||||||
|
if($group->getIdexternal()) {
|
||||||
|
if(!in_array($group->getIdexternal(),$mygroup)) {
|
||||||
|
$user->removeGroup($group);
|
||||||
|
|
||||||
|
$em->persist($user);
|
||||||
|
$em->flush();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private function updateLDAP($user) {
|
||||||
|
$em = $this->getDoctrine()->getManager();
|
||||||
|
|
||||||
|
$ldap_basedn = $this->getParameter('ldapBasedn');
|
||||||
|
$ldap_username = $this->getParameter('ldapUsername');
|
||||||
|
$ldap_firstname = $this->getParameter('ldapFirstname');
|
||||||
|
$ldap_lastname = $this->getParameter('ldapLastname');
|
||||||
|
$ldap_email = $this->getParameter('ldapEmail');
|
||||||
|
$ldap_admins = $this->getParameter('ldapAdmins');
|
||||||
|
$ldap_model = $this->getParameter('ldapModel');
|
||||||
|
$fieldstoread = array($ldap_username,$ldap_firstname,$ldap_lastname,$ldap_email);
|
||||||
|
|
||||||
|
if($ldap_model=="scribe") {
|
||||||
|
$ldap_filtergroup="(&(type=Groupe)(cn=*))";
|
||||||
|
$ldap_filteruser="(&(uid=*)(objectclass=inetOrgPerson)(!(description=Computer)))";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$ldap_filtergroup=$this->getParameter('ldapFiltergroup');
|
||||||
|
$ldap_filteruser=$this->getParameter('ldapFilteruser');
|
||||||
|
}
|
||||||
|
|
||||||
|
// On recherche l'utilisateur dans l'annuaire
|
||||||
|
$results = $this->ldapService->search(str_replace("*",$user->getUsername(),$ldap_filteruser), $fieldstoread, $ldap_basedn);
|
||||||
|
foreach($results as $result) {
|
||||||
|
if(!isset($result[$ldap_lastname])) $result[$ldap_lastname] = "";
|
||||||
|
if(!isset($result[$ldap_firstname])) $result[$ldap_firstname] = "";
|
||||||
|
$result[$ldap_email]=strtolower($result[$ldap_email]);
|
||||||
|
$result[$ldap_email]=utf8_encode($result[$ldap_email]);
|
||||||
|
|
||||||
|
// Mise à jour du user
|
||||||
|
$user->setLastname($result[$ldap_lastname]);
|
||||||
|
$user->setFirstname($result[$ldap_firstname]);
|
||||||
|
$user->setEmail($result[$ldap_email]);
|
||||||
|
|
||||||
|
// Definition du role
|
||||||
|
if(in_array($user->getUsername(),$ldap_admins))
|
||||||
|
$role="ROLE_ADMIN";
|
||||||
|
else {
|
||||||
|
$ldapfilter="(|(&(uid=".$user->getUsername().")(ENTPersonProfils=enseignant))(&(uid=".$user->getUsername().")(typeadmin=0))(&(uid=".$user->getUsername().")(typeadmin=2)))";
|
||||||
|
$results = $this->ldapService->search($ldapfilter, ['uid'], $ldap_basedn);
|
||||||
|
if($results) $role="ROLE_MASTER";
|
||||||
|
else $role="ROLE_USER";
|
||||||
|
}
|
||||||
|
if(!$user->hasRole($role)) {
|
||||||
|
$roles=$user->getRoles();
|
||||||
|
array_push($roles,$role);
|
||||||
|
$user->setRoles($roles);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Sauvegarde user
|
||||||
|
$em->persist($user);
|
||||||
|
$em->flush();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -91,10 +91,9 @@ class User implements UserInterface, \Serializable
|
||||||
private $groups;
|
private $groups;
|
||||||
|
|
||||||
|
|
||||||
public function __construct(Container $container)
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->groups = new ArrayCollection();
|
$this->groups = new ArrayCollection();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getUsername(): ?string
|
public function getUsername(): ?string
|
||||||
|
|
|
||||||
|
|
@ -16,13 +16,13 @@ class ldapService
|
||||||
|
|
||||||
private $connection = null;
|
private $connection = null;
|
||||||
|
|
||||||
public function __construct($host, $port, $user, $password, $basedn)
|
public function __construct($ldapHost, $ldapPort, $ldapUser, $ldapPassword, $ldapBasedn)
|
||||||
{
|
{
|
||||||
$this->host = $host;
|
$this->host = $ldapHost;
|
||||||
$this->port = $port;
|
$this->port = $ldapPort;
|
||||||
$this->user = $user;
|
$this->user = $ldapUser;
|
||||||
$this->password = $password;
|
$this->password = $ldapPassword;
|
||||||
$this->basedn = $basedn;
|
$this->basedn = $ldapBasedn;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function connect() {
|
public function connect() {
|
||||||
|
|
|
||||||
|
|
@ -1,69 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace App\Service;
|
|
||||||
|
|
||||||
use Symfony\Component\DependencyInjection\ContainerInterface;
|
|
||||||
use Symfony\Component\EventDispatcher\EventDispatcher;
|
|
||||||
use Symfony\Component\EventDispatcher\Event;
|
|
||||||
use Symfony\Component\HttpFoundation\Session\Session;
|
|
||||||
use Doctrine\ORM\EntityManager;
|
|
||||||
|
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
|
|
||||||
|
|
||||||
class sessionListener {
|
|
||||||
protected $container;
|
|
||||||
protected $em;
|
|
||||||
|
|
||||||
public function __construct($container, EntityManager $em, TokenStorageInterface $token_storage)
|
|
||||||
{
|
|
||||||
$this->container = $container;
|
|
||||||
$this->em = $em;
|
|
||||||
$this->token_storage = $token_storage;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function haveRole($roles,$tohave) {
|
|
||||||
$haverole=false;
|
|
||||||
if($roles=="") {
|
|
||||||
if(empty($tohave)) $haverole=true;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
foreach($roles as $role) {
|
|
||||||
if(in_array($role,$tohave))
|
|
||||||
$haverole=true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return $haverole;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function onDomainParse(Event $event) {
|
|
||||||
$session = new Session();
|
|
||||||
|
|
||||||
// Utilisateur en cours
|
|
||||||
$curentuserid=0;
|
|
||||||
$token = $this->token_storage->getToken();
|
|
||||||
if(!$token) return;
|
|
||||||
$curentuser=$token->getUser();
|
|
||||||
|
|
||||||
// Roles actif
|
|
||||||
if($curentuser=="anon.") $roles=[];
|
|
||||||
else $roles=$curentuser->getRoles();
|
|
||||||
|
|
||||||
$regen=false;
|
|
||||||
if (!$session->get('isuser') && $curentuser!="anon.") {
|
|
||||||
$regen=true;
|
|
||||||
$session->set('isuser',true);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($session->get('isuser') && $curentuser=="anon.") {
|
|
||||||
$regen=true;
|
|
||||||
$session->set('isuser',false);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Initialisation de la session
|
|
||||||
if($regen) {
|
|
||||||
$session->set('activeactivity',true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -10,7 +10,7 @@ APP_WEBURL=%%web_url
|
||||||
APP_AUTH=CAS
|
APP_AUTH=CAS
|
||||||
APP_ALIAS=nineskeletor
|
APP_ALIAS=nineskeletor
|
||||||
APP_NAME=Nineskeletor
|
APP_NAME=Nineskeletor
|
||||||
APP_CRON=true
|
APP_CRON=1
|
||||||
APP_MASTERIDENTITY=%%nineskeletor_masteridentity
|
APP_MASTERIDENTITY=%%nineskeletor_masteridentity
|
||||||
%if %%getVar("nineskeletor_masteridentity", 'LDAP') == "LDAP"
|
%if %%getVar("nineskeletor_masteridentity", 'LDAP') == "LDAP"
|
||||||
APP_MASTERURL=
|
APP_MASTERURL=
|
||||||
|
|
@ -99,11 +99,24 @@ CAS_FIRSTNAME=firstname
|
||||||
|
|
||||||
# Proxy
|
# Proxy
|
||||||
%if %%activer_proxy_client == 'oui'
|
%if %%activer_proxy_client == 'oui'
|
||||||
PROXY_USE=true
|
PROXY_USE=1
|
||||||
PROXY_HOST=%%proxy_client_adresse
|
PROXY_HOST=%%proxy_client_adresse
|
||||||
PROXY_PORT=%%proxy_client_port
|
PROXY_PORT=%%proxy_client_port
|
||||||
%else
|
%else
|
||||||
PROXY_USE=false
|
PROXY_USE=0
|
||||||
PROXY_HOST=
|
PROXY_HOST=
|
||||||
PROXY_PORT=
|
PROXY_PORT=
|
||||||
%end if
|
%end if
|
||||||
|
|
||||||
|
|
||||||
|
# Sonde statistic
|
||||||
|
%if %%getVar("activer_sondepiwik_local", 'non') == "oui"
|
||||||
|
SONDE_USE=1
|
||||||
|
SONDE_URL=/sondepiwik/envoleTrackeur.js.php
|
||||||
|
%else if %%getVar("activer_piwik", 'non') == "oui"
|
||||||
|
SONDE_USE=1
|
||||||
|
SONDE_URL=/piwik/envoleTrackeur.js.php
|
||||||
|
%else
|
||||||
|
SONDE_USE=0
|
||||||
|
SONDE_URL=
|
||||||
|
%end if
|
||||||
Loading…
Reference in New Issue