FIX #14594 TIME 5:30 WIP azure saml connection

24969821 · Damien · c1d46c74 · 24969821 · 24969821
Verified Commit 24969821 authored 4 years ago by Damien
--- a/apps/maarch_entreprise/xml/login_method.xml
+++ b/apps/maarch_entreprise/xml/login_method.xml
@@ -24,4 +24,8 @@
        <ID>openam</ID>
        <ENABLED>false</ENABLED>
    </METHOD>
+    <METHOD>
+        <ID>azure_saml</ID>
+        <ENABLED>false</ENABLED>
+    </METHOD>
 </ROOT>
--- a/src/core/controllers/AuthenticationController.php
+++ b/src/core/controllers/AuthenticationController.php
@@ -315,6 +315,15 @@ class AuthenticationController
            if (!AuthenticationController::isUserAuthorized(['login' => $login])) {
                return $response->withStatus(403)->withJson(['errors' => 'Authentication unauthorized']);
            }
+        } elseif ($loggingMethod['id'] == 'azure_saml') {
+            $authenticated = AuthenticationController::azureSamlConnection();
+            if (!empty($authenticated['errors'])) {
+                return $response->withStatus(401)->withJson(['errors' => $authenticated['errors']]);
+            }
+            $login = strtolower($authenticated['login']);
+            if (!AuthenticationController::isUserAuthorized(['login' => $login])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Authentication unauthorized']);
+            }
        } else {
            return $response->withStatus(403)->withJson(['errors' => 'Logging method unauthorized']);
        }
@@ -635,6 +644,29 @@ class AuthenticationController
        return ['login' => $login];
    }

+    private static function azureSamlConnection()
+    {
+        $libDir = CoreConfigModel::getLibrariesDirectory();
+        if (!is_file($libDir . 'simplesamlphp/lib/_autoload.php')) {
+            return ['errors' => 'Library simplesamlphp not present'];
+        }
+
+        require_once($libDir . 'simplesamlphp/lib/_autoload.php');
+        $as = new \SimpleSAML\Auth\Simple('default-sp');
+        $as->requireAuth([
+            'ReturnTo'          => UrlController::getCoreUrl(),
+            'skipRedirection'   => true
+        ]);
+
+        $attributes = $as->getAttributes();
+        $login = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0];
+        if (empty($login)) {
+            return ['errors' => 'Authentication Failed : login not present in attributes'];
+        }
+
+        return ['login' => $login];
+    }
+
    public function getRefreshedToken(Request $request, Response $response)
    {
        $queryParams = $request->getQueryParams();