From 41e11123daa2cea188fa8e18d876077306dfb3eb Mon Sep 17 00:00:00 2001 From: afornerot Date: Thu, 20 Jul 2023 14:53:57 +0200 Subject: [PATCH] app ldap connect --- .env | 4 +- Makefile | 3 + README.md | 15 ++- composer.json | 1 + composer.lock | 167 +++++++++++++++++++++++++++- config/bundles.php | 1 + docker-compose.yml | 10 +- public/images/noavatar.png | Bin 0 -> 936 bytes src/Controller/HydraController.php | 11 +- src/DataFixtures/AppFixtures.php | 107 ++++++++++++++++++ src/Service/LdapService.php | 24 +++- symfony.lock | 12 ++ templates/Home/home.html.twig | 18 ++- templates/Home/loginHYDRA.html.twig | 4 +- 14 files changed, 353 insertions(+), 24 deletions(-) create mode 100644 public/images/noavatar.png create mode 100644 src/DataFixtures/AppFixtures.php diff --git a/.env b/.env index 1b8a19c..c82b23d 100644 --- a/.env +++ b/.env @@ -31,7 +31,7 @@ LDAP_USERNAME=uid # Attribut id d'un user LDAP_FIRSTNAME=givenname # Attribut firstname d'un user LDAP_LASTNAME=sn # Attribut lastname d'un user LDAP_EMAIL=mail # Attribut email d'un user -LDAP_AVATAR=jpegPhoto # Attribut avatar d'un user +LDAP_AVATAR=jpegphoto # Attribut avatar d'un user LDAP_MEMBEROF=memberof # Attribut memberof d'un user LDAP_GROUPGID=gidnumber # Attribut gid d'un groupe LDAP_GROUPNAME=cn # Attribut name d'un groupe @@ -67,7 +67,7 @@ OAUTH_USERNAME=username OAUTH_EMAIL=email OAUTH_LASTNAME=lastname OAUTH_FIRSTNAME=firstname -OAUTH_AVATAR= +OAUTH_AVATAR=avatar OAUTH_AUTOSUBMIT=1 # if APP_AUTH = OPENID autocréer les users non existant OAUTH_AUTOUPDATE=1 # if APP_AUTH = OPENID automodifier les users existant diff --git a/Makefile b/Makefile index 2818532..d08046b 100755 --- a/Makefile +++ b/Makefile @@ -17,6 +17,9 @@ dockercomposeup: dockercomposedown: docker-compose stop +dockercomposeinit: + docker-compose exec app bin/console d:f:l + dockercomposesh: docker-compose exec app /bin/sh diff --git a/README.md b/README.md index 1e60027..75698de 100644 --- a/README.md +++ b/README.md @@ -10,11 +10,22 @@ Up make dockercomposeup ``` -Stop +Init ``` -make dockercomposestop +make dockercomposeinit ``` +Down +``` +make dockercomposedown +``` + +Sh +``` +make dockercomposesh +``` + + # KUBERNETES Suppression Cluster diff --git a/composer.json b/composer.json index 64cc53c..cbafe29 100644 --- a/composer.json +++ b/composer.json @@ -100,6 +100,7 @@ } }, "require-dev": { + "doctrine/doctrine-fixtures-bundle": "^3.4", "phpunit/phpunit": "^9.5", "symfony/browser-kit": "6.3.*", "symfony/css-selector": "6.3.*", diff --git a/composer.lock b/composer.lock index 8b41d36..f43318c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "6d4e45e1137c02bf343b5855dbbc822c", + "content-hash": "d59ce92ced50b5b5ee85302929f17c01", "packages": [ { "name": "brick/math", @@ -7633,6 +7633,171 @@ } ], "packages-dev": [ + { + "name": "doctrine/data-fixtures", + "version": "1.6.6", + "source": { + "type": "git", + "url": "https://github.com/doctrine/data-fixtures.git", + "reference": "4af35dadbfcf4b00abb2a217c4c8c8800cf5fcf4" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/data-fixtures/zipball/4af35dadbfcf4b00abb2a217c4c8c8800cf5fcf4", + "reference": "4af35dadbfcf4b00abb2a217c4c8c8800cf5fcf4", + "shasum": "" + }, + "require": { + "doctrine/deprecations": "^0.5.3 || ^1.0", + "doctrine/persistence": "^1.3.3 || ^2.0 || ^3.0", + "php": "^7.2 || ^8.0" + }, + "conflict": { + "doctrine/dbal": "<2.13", + "doctrine/orm": "<2.12", + "doctrine/phpcr-odm": "<1.3.0" + }, + "require-dev": { + "doctrine/coding-standard": "^11.0", + "doctrine/dbal": "^2.13 || ^3.0", + "doctrine/mongodb-odm": "^1.3.0 || ^2.0.0", + "doctrine/orm": "^2.12", + "ext-sqlite3": "*", + "phpstan/phpstan": "^1.5", + "phpunit/phpunit": "^8.5 || ^9.5 || ^10.0", + "symfony/cache": "^5.0 || ^6.0", + "vimeo/psalm": "^4.10 || ^5.9" + }, + "suggest": { + "alcaeus/mongo-php-adapter": "For using MongoDB ODM 1.3 with PHP 7 (deprecated)", + "doctrine/mongodb-odm": "For loading MongoDB ODM fixtures", + "doctrine/orm": "For loading ORM fixtures", + "doctrine/phpcr-odm": "For loading PHPCR ODM fixtures" + }, + "type": "library", + "autoload": { + "psr-4": { + "Doctrine\\Common\\DataFixtures\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Jonathan Wage", + "email": "jonwage@gmail.com" + } + ], + "description": "Data Fixtures for all Doctrine Object Managers", + "homepage": "https://www.doctrine-project.org", + "keywords": [ + "database" + ], + "support": { + "issues": "https://github.com/doctrine/data-fixtures/issues", + "source": "https://github.com/doctrine/data-fixtures/tree/1.6.6" + }, + "funding": [ + { + "url": "https://www.doctrine-project.org/sponsorship.html", + "type": "custom" + }, + { + "url": "https://www.patreon.com/phpdoctrine", + "type": "patreon" + }, + { + "url": "https://tidelift.com/funding/github/packagist/doctrine%2Fdata-fixtures", + "type": "tidelift" + } + ], + "time": "2023-04-20T13:08:54+00:00" + }, + { + "name": "doctrine/doctrine-fixtures-bundle", + "version": "3.4.4", + "source": { + "type": "git", + "url": "https://github.com/doctrine/DoctrineFixturesBundle.git", + "reference": "9ec3139c52a42e94c9fd1e95f8d2bca94326edfb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/doctrine/DoctrineFixturesBundle/zipball/9ec3139c52a42e94c9fd1e95f8d2bca94326edfb", + "reference": "9ec3139c52a42e94c9fd1e95f8d2bca94326edfb", + "shasum": "" + }, + "require": { + "doctrine/data-fixtures": "^1.3", + "doctrine/doctrine-bundle": "^1.11|^2.0", + "doctrine/orm": "^2.6.0", + "doctrine/persistence": "^1.3.7|^2.0|^3.0", + "php": "^7.1 || ^8.0", + "symfony/config": "^3.4|^4.3|^5.0|^6.0", + "symfony/console": "^3.4|^4.3|^5.0|^6.0", + "symfony/dependency-injection": "^3.4.47|^4.3|^5.0|^6.0", + "symfony/doctrine-bridge": "^3.4|^4.1|^5.0|^6.0", + "symfony/http-kernel": "^3.4|^4.3|^5.0|^6.0" + }, + "require-dev": { + "doctrine/coding-standard": "^9", + "phpstan/phpstan": "^1.4.10", + "phpunit/phpunit": "^7.5.20 || ^8.5.26 || ^9.5.20", + "symfony/phpunit-bridge": "^6.0.8", + "vimeo/psalm": "^4.22" + }, + "type": "symfony-bundle", + "autoload": { + "psr-4": { + "Doctrine\\Bundle\\FixturesBundle\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Doctrine Project", + "homepage": "https://www.doctrine-project.org" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony DoctrineFixturesBundle", + "homepage": "https://www.doctrine-project.org", + "keywords": [ + "Fixture", + "persistence" + ], + "support": { + "issues": "https://github.com/doctrine/DoctrineFixturesBundle/issues", + "source": "https://github.com/doctrine/DoctrineFixturesBundle/tree/3.4.4" + }, + "funding": [ + { + "url": "https://www.doctrine-project.org/sponsorship.html", + "type": "custom" + }, + { + "url": "https://www.patreon.com/phpdoctrine", + "type": "patreon" + }, + { + "url": "https://tidelift.com/funding/github/packagist/doctrine%2Fdoctrine-fixtures-bundle", + "type": "tidelift" + } + ], + "time": "2023-05-02T15:12:16+00:00" + }, { "name": "masterminds/html5", "version": "2.8.0", diff --git a/config/bundles.php b/config/bundles.php index 0457f99..12e7c8a 100644 --- a/config/bundles.php +++ b/config/bundles.php @@ -11,4 +11,5 @@ return [ Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true], Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true], Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true], + Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true], ]; diff --git a/docker-compose.yml b/docker-compose.yml index eabba5d..ca63ea2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,7 @@ services: redis-master: image: redis:6-alpine volumes: - - "./.data:/data" + - "./.data:/data:rw" ports: - "6379:6379" @@ -15,7 +15,7 @@ services: links: - redis-master volumes: - - "./.data:/data" + - "./.data:/data:rw" redis-sentinel: build: @@ -62,7 +62,7 @@ services: - ./.env:/app/.env:delegated environment: PHP_FPM_MEMORY_LIMIT: 128m - APP_ENV: PROD + APP_ENV: dev # Service hydra hydra: @@ -82,8 +82,8 @@ services: LOG_LEAK_SENSITIVE_VALUES: "true" HYDRA_URLS_SELF_ISSUER: http://127.0.0.1:7080 HYDRA_URLS_CONSENT: http://127.0.0.1:8080/hydra/consent - HYDRA_URLS_LOGIN: http://127.0.0.1:8080/hydra/loginsql - HYDRA_URLS_LOGOUT: http://127.0.0.1:8080/hydra/logoutsql + HYDRA_URLS_LOGIN: http://127.0.0.1:8080/hydra/loginldap + HYDRA_URLS_LOGOUT: http://127.0.0.1:8080/hydra/logoutldap HYDRA_URLS_ERROR: https://127.0.0.1:8080 HYDRA_DSN: postgres://symfony:changeme@postgres:5432/hydra HYDRA_ALLOW_INSECURE: "yes" diff --git a/public/images/noavatar.png b/public/images/noavatar.png new file mode 100644 index 0000000000000000000000000000000000000000..6867515811783b68c9a1dfd944cd5886a8ff5b60 GIT binary patch literal 936 zcmV;Z16TZsP))Tz12suR zK~#9!?b|_bR8<^?@#jA+#njS5YcvLG+ERsfVWY+fCM?tqQBw(P3MR56E(xEYVM$DM zB?|~20bRQ=BE(Iri8T>JQLBlu8q>5CTIOXjmk17)&h*}L&+z_|Su~xT&V71%?zwk5 zU}k1!W@ct)W@ct)W@cuEi9nL}Nmc#7YWAE-Nn2d5vB*P`uBdTeOB!^+^+kSJ(yW?yP0~v)xpw4d zvRS!Nm$DOQX;exSIe-aZUk=0V2aaT8de`xv(A~f+up_4-=Yhe9Sn!O#-{Bl11M~s! zdFiM(QNWl-y>!$s9XIZ|7|F|GM07dy{h?LJ0Y;SK7|XPDw6rpXUM^tFMTf5URU%_1 zANpJ(V;!%TdU6`_Z(vtMEO|!PuhEk^jyGA*x}QEtPf5C*(@mv57hOB{^OEK_ z5cy9@!!Ei0nSHH^$UjNyb-~7Bw@dm+($DJ%d|lERNo{34o)q4k9RUsiuLC30?#hYU zZO|Fu67Xe2{7~lOh=gYNR-gm8J8N$Pw<6+Z3a>wf8QlhK$sUz^wxreUu>!0_#BGOe zJZ>*A3Jhn<#Q@L`bOW8))0TjLfM0;?*)nn!_&y^3@>y=}z^_O;D``60rZuy*o09aY z-wA(k;Ma1xP{jSY3C+Vc5%HtBbTheEeR<-$7 zC0)$^wV|aW_euIjkKUD*z3C)rx1?`X9#fKrT52CHX&3N0@M6h+|I@%b5iwWv52|cJ z{Od_d*tgvk8aZ2|SlV=yyrq+bM+J*8-vU=RIJ10WY$L z+MA`-L?c&#?WMmml=MOi%xFc#kC>U6nVFfHnVFfHnVFecTJ8WKDAXMmroIRO0000< KMNUMnLSTZSVXSNb literal 0 HcmV?d00001 diff --git a/src/Controller/HydraController.php b/src/Controller/HydraController.php index d35688d..34b12b3 100644 --- a/src/Controller/HydraController.php +++ b/src/Controller/HydraController.php @@ -102,13 +102,13 @@ class HydraController extends AbstractController // S'il n'y a pas de challenge, on déclenche une bad request if (!$challenge) { - return $this->redirect('app_login'); + return $this->redirectToRoute('app_login'); } // On vérifie que la requête d'identification provient bien de hydra $response = $this->apiservice->run('GET', $this->getParameter('hydraLoginchallenge').$challenge, null); if (!$response) { - return $this->redirect('app_login'); + return $this->redirectToRoute('app_login'); } // si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect @@ -148,6 +148,7 @@ class HydraController extends AbstractController $email = "$username@nomail.fr"; $lastname = $username; $firstname = ' '; + $firstname = 'noavatar.png'; // Rechercher l'utilisateur if (isset($userldap[$this->getParameter('ldapFirstname')])) { @@ -162,9 +163,13 @@ class HydraController extends AbstractController $email = $userldap[$this->getParameter('ldapEmail')]; } + if (isset($userldap[$this->getParameter('ldapAvatar')])) { + $avatar = $userldap[$this->getParameter('ldapAvatar')]; + } + $response = $this->apiservice->run('PUT', $this->getParameter('hydraLoginchallengeaccept').$request->getSession()->get('hydraChallenge'), ['subject' => $email, 'acr' => 'string']); if (!$response || '200' != $response->code) { - return $this->redirect('app_login'); + return $this->redirectToRoute('app_login'); } $datas = [ diff --git a/src/DataFixtures/AppFixtures.php b/src/DataFixtures/AppFixtures.php new file mode 100644 index 0000000..461d46d --- /dev/null +++ b/src/DataFixtures/AppFixtures.php @@ -0,0 +1,107 @@ +kernel = $kernel; + $this->ldap = $ldapservice; + $this->output = new ConsoleOutput(); + } + + public function load(ObjectManager $manager): void + { + $this->manager = $manager; + + // Reset autoincrement + + // app:Init + $this->writeln('app:Init'); + $application = new Application($this->kernel); + $application->setAutoExit(false); + $input = new ArrayInput(['command' => 'app:Init']); + $boutput = new BufferedOutput(); + $application->run($input, $boutput); + $manager->flush(); + + $this->writeln('LDAP'); + $baseorganisation = $this->ldap->getParameter('basedn'); + + // Purge de la strucutre annuaire + $this->ldap->deleteByDN('ou=crous01,'.$baseorganisation, true); + $this->ldap->deleteByDN('ou=crous02,'.$baseorganisation, true); + + // Création de la structure + $this->ldap->addOrganisation('ou=crous01,'.$baseorganisation); + $this->ldap->addOrganisation('ou=users,ou=crous01,'.$baseorganisation); + $this->ldap->addOrganisation('ou=crous02,'.$baseorganisation); + $this->ldap->addOrganisation('ou=users,ou=crous02,'.$baseorganisation); + + // Création user + $this->submitUser('admin','NUO SSO','Administrateur','uid=admin,ou=users,ou=crous01,'.$baseorganisation); + $this->submitUser('user001','001','User','uid=user001,ou=users,ou=crous01,'.$baseorganisation); + $this->submitUser('user002','002','User','uid=user002,ou=users,ou=crous02,'.$baseorganisation); + } + + + private function submituser($username,$firstname,$lastname,$dn) + { + $user = new User(); + $user->setUsername($username); + $user->setPassword($username); + $user->setRoles(['ROLE_USER']); + $user->setFirstname($firstname); + $user->setLastname($lastname); + $user->setEmail($username.'@noreply.fr'); + + $this->ldap->fixtureUser($user,$dn); + + } + + private function writeln($string) + { + $this->output->writeln(' > '.$string.''); + } + + private function csv_to_array($csv, $delimiter = ';', $enclosure = '', $escape = '\\', $terminator = "\n") + { + $r = []; + $rows = explode($terminator, trim($csv)); + + $names = array_shift($rows); + $names = str_getcsv($names, $delimiter, $enclosure, $escape); + $nc = count($names); + foreach ($rows as $row) { + if (trim($row)) { + $values = str_getcsv($row, $delimiter, $enclosure, $escape); + if (!$values) { + $values = array_fill(0, $nc, null); + } + @$r[] = array_combine($names, $values); + } + } + + return $r; + } +} diff --git a/src/Service/LdapService.php b/src/Service/LdapService.php index e93e81f..0776e18 100755 --- a/src/Service/LdapService.php +++ b/src/Service/LdapService.php @@ -347,6 +347,28 @@ class LdapService // == Function User================================================================================================================================================== // ================================================================================================================================================================== + public function fixtureUser(User $user,$dn) + { + $connection = $this->connect(); + + $attrs = []; + $attrs['objectclass'] = $this->getObjectClassesUser(); + $this->fillAttributesUser($user, $attrs); + + foreach ($attrs as $key => $value) { + if (empty($value)) { + unset($attrs[$key]); + } + } + + $result = ldap_add($connection, $dn, $attrs); + if (!$result) { + $this->ldapError(); + } + + return $result; + } + public function addUser(User $user) { $connection = $this->connect(); @@ -643,8 +665,6 @@ class LdapService $attrs['sn'] = $user->getLastname(); $attrs['mail'] = $user->getEmail(); $attrs['displayname'] = $user->getFirstname().' '.$user->getLastname(); - $attrs['telephonenumber'] = $user->getTelephonenumber(); - $attrs['postaladdress'] = $user->getPostaladress(); $attrs['userpassword'] = $user->getPassword(); } diff --git a/symfony.lock b/symfony.lock index 0ef4ec6..a678fcb 100644 --- a/symfony.lock +++ b/symfony.lock @@ -22,6 +22,18 @@ "src/Repository/.gitignore" ] }, + "doctrine/doctrine-fixtures-bundle": { + "version": "3.4", + "recipe": { + "repo": "github.com/symfony/recipes", + "branch": "main", + "version": "3.0", + "ref": "1f5514cfa15b947298df4d771e694e578d4c204d" + }, + "files": [ + "src/DataFixtures/AppFixtures.php" + ] + }, "doctrine/doctrine-migrations-bundle": { "version": "3.2", "recipe": { diff --git a/templates/Home/home.html.twig b/templates/Home/home.html.twig index 4e305dc..0fa4c2b 100644 --- a/templates/Home/home.html.twig +++ b/templates/Home/home.html.twig @@ -15,6 +15,7 @@ + Login {% endif %} @@ -22,12 +23,17 @@ {% if app.user %}
-
- Avatar = {{ app.user.avatar }}
- login = {{ app.user.username }}
- firstname = {{ app.user.firstname }}
- lastname = {{ app.user.lastname }}
- email = {{ app.user.email }}
+
+
+ +
+ +
+ login = {{ app.user.username }}
+ firstname = {{ app.user.firstname }}
+ lastname = {{ app.user.lastname }}
+ email = {{ app.user.email }}
+
{% endif %} diff --git a/templates/Home/loginHYDRA.html.twig b/templates/Home/loginHYDRA.html.twig index f8f2ef3..d571115 100755 --- a/templates/Home/loginHYDRA.html.twig +++ b/templates/Home/loginHYDRA.html.twig @@ -30,8 +30,6 @@ {% block localscript %} {% endblock %} \ No newline at end of file