From a448e2b0e6777d4466554a9c7d59a10b051bdd0e Mon Sep 17 00:00:00 2001
From: Guillaume Heurtier <guillaume.heurtier@maarch.org>
Date: Thu, 22 Oct 2020 12:21:07 +0200
Subject: [PATCH] FEAT #13268 TIME 3:30 migrate sso config + back admin sso
---
migration/20.10/migrate.sh | 1 +
migration/20.10/migrateSsoMapping.php | 44 +++++++++++++++++++
.../controllers/ConfigurationController.php | 27 +++++++++++-
3 files changed, 70 insertions(+), 2 deletions(-)
create mode 100644 migration/20.10/migrateSsoMapping.php
diff --git a/migration/20.10/migrate.sh b/migration/20.10/migrate.sh
index 2d57c272017..09c5afd7fe4 100755
--- a/migration/20.10/migrate.sh
+++ b/migration/20.10/migrate.sh
@@ -9,4 +9,5 @@ php ./migrateCustomLang.php
php ./migrateBasketListDisplay.php
php ./migrateTemplates.php
php ./migrateSavedQueries.php
+php ./migrateSsoMapping.php
php ./migrateCustomXml.php # mettre en dernier
diff --git a/migration/20.10/migrateSsoMapping.php b/migration/20.10/migrateSsoMapping.php
new file mode 100644
index 00000000000..5419ccadfe1
--- /dev/null
+++ b/migration/20.10/migrateSsoMapping.php
@@ -0,0 +1,44 @@
+<?php
+
+require '../../vendor/autoload.php';
+
+chdir('../..');
+
+$customs = scandir('custom');
+
+
+foreach ($customs as $custom) {
+ if (in_array($custom, ['custom.json', 'custom.xml', '.', '..'])) {
+ continue;
+ }
+
+ \SrcCore\models\DatabasePDO::reset();
+ new \SrcCore\models\DatabasePDO(['customId' => $custom]);
+
+ $configuration = [];
+
+ $path = "custom/{$custom}/apps/maarch_entreprise/xml/mapping_sso.xml";
+ if (file_exists($path)) {
+ if (!is_readable($path)) {
+ printf("[ERROR] Fichier {$path} non lisible.\n");
+ continue;
+ }
+ $loadedXml = simplexml_load_file($path);
+
+ if (!empty($loadedXml)) {
+ $configuration['uri'] = (string)$loadedXml->WEB_SSO_URL;
+
+ $configuration['mapping'] = [];
+
+ if (isset($loadedXml->USER_ID)) {
+ $configuration['mapping'][] = [
+ 'ssoId' => (string)$loadedXml->USER_ID,
+ 'maarchId' => 'login'
+ ];
+ }
+ $configuration = !empty($configuration) ? json_encode($configuration, JSON_UNESCAPED_SLASHES) : '{}';
+ \Configuration\models\ConfigurationModel::create(['privilege' => 'admin_sso', 'value' => $configuration]);
+ printf("Migration mapping SSO (CUSTOM {$custom}) : fichier de configuration mapping_sso.xml trouvé et migré.\n");
+ }
+ }
+}
diff --git a/src/app/configuration/controllers/ConfigurationController.php b/src/app/configuration/controllers/ConfigurationController.php
index 77f540ca0b0..3a5cf5fdb74 100755
--- a/src/app/configuration/controllers/ConfigurationController.php
+++ b/src/app/configuration/controllers/ConfigurationController.php
@@ -26,7 +26,11 @@ class ConfigurationController
{
public function getByPrivilege(Request $request, Response $response, array $args)
{
- if (!PrivilegeController::hasPrivilege(['privilegeId' => $args['privilege'], 'userId' => $GLOBALS['id']])) {
+ if (in_array($args['privilege'], ['admin_sso'])) {
+ if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_connections', 'userId' => $GLOBALS['id']])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+ }
+ } elseif (!PrivilegeController::hasPrivilege(['privilegeId' => $args['privilege'], 'userId' => $GLOBALS['id']])) {
return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
}
@@ -44,7 +48,11 @@ class ConfigurationController
public function update(Request $request, Response $response, array $args)
{
- if (!PrivilegeController::hasPrivilege(['privilegeId' => $args['privilege'], 'userId' => $GLOBALS['id']])) {
+ if (in_array($args['privilege'], ['admin_sso'])) {
+ if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_connections', 'userId' => $GLOBALS['id']])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+ }
+ } elseif (!PrivilegeController::hasPrivilege(['privilegeId' => $args['privilege'], 'userId' => $GLOBALS['id']])) {
return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
}
@@ -93,6 +101,21 @@ class ConfigurationController
}
$data = ['listDisplay' => $data['listDisplay'], 'listEvent' => $data['listEvent']];
+ } elseif ($args['privilege'] == 'admin_sso') {
+ if (!Validator::notEmpty()->stringType()->validate($data['uri'])) {
+ return $response->withStatus(400)->withJson(['errors' => 'Body uri is empty or not a string']);
+ }
+ if (!Validator::notEmpty()->arrayType()->validate($data['mapping'])) {
+ return $response->withStatus(400)->withJson(['errors' => 'Body mapping is empty or not an array']);
+ }
+ foreach ($data['mapping'] as $key => $mapping) {
+ if (!Validator::notEmpty()->stringType()->validate($mapping['ssoId'])) {
+ return $response->withStatus(400)->withJson(['errors' => "Body mapping[$key]['ssoId'] is empty or not a string"]);
+ }
+ if (!Validator::notEmpty()->stringType()->validate($mapping['maarchId'])) {
+ return $response->withStatus(400)->withJson(['errors' => "Body mapping[$key]['maarchId'] is empty or not a string"]);
+ }
+ }
}
$data = json_encode($data);
--
GitLab