Add translations

Add new configurations
Remove DI container from dependency
update documentation & readme

README.md

@@ -12,7 +12,7 @@ php_ldap
 
 ssl configuration for LDAP. see see http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
 
-Symfony 2.1
+Compatible with Symfony 2.1, 2.2 and 2.3.x
 
 
 Installation
@@ -41,9 +41,8 @@ You need to configure your domain specific information
             real_primarygroup : true #For Linux compatibility.
             use_ssl : false #Set it true need configuration of the server to be usefull
             use_tls : false #Set it true need configuration of the server to be usefull
-            recursive_groups : false #Used Only for group test (not userInfo)
 			recursive_grouproles: false #recursive group roles
-            sso : false #Use NTML. Not yet compatible with Symfony !!!
+			username_validation_pattern: /^[a-z0-9-.]+$/i #Regex that check the final username value (extracted from patterns below). Must be complient with you Active directory acceptance.
             username_patterns: #username is extracted from the string the user put into the login form
               - /([^@]*)@riper.fr/i  # like [email protected]
               - /RIPER\\(.*)/i #like RIPER\toto

Resources/config/services.yml

@@ -6,13 +6,13 @@ parameters:
 services:
     ztec.security.active.directory.user.provider:
         class: "%ztec_security_active_directory_user_provider.class%"
-        arguments: [ "@service_container", "@ztec.security.active.directory.service.adldap"]
+        arguments: [ "%ztec.security.active_directory.settings%", "@ztec.security.active.directory.service.adldap", "@translator"]
 
     ztec.security.active.directory.authentication.provider:
         class: "%ztec_security_active_directory_authentication_provider.class%"
-        arguments: [ "@ztec.security.active.directory.user.provider", "", "@ztec.security.active.directory.service.adldap"]
+        arguments: [ "@ztec.security.active.directory.user.provider", "", "@ztec.security.active.directory.service.adldap", "@translator"]
 
     ztec.security.active.directory.service.adldap:
         class: "%ztec_security_active_directory_service_adldap.class%"
-        arguments: [ "@service_container" ]
+        arguments: [ "%ztec.security.active_directory.settings%" ]
 

Resources/doc/index.rst

@@ -1,22 +1,78 @@
-Active Directory authentication bundle
-============
+Ztec/Security/ActiveDirectory
+======================================
 
-To use this bundle, place it into your vendors with composer
+This package is a bundle for symfony 2.1. It use the standard form_login security model to authenticate user from an Active Directory domain.
+It use LDAP as communication layer. So you need the LDAP extension installed on your server to make it work.
 
-add this config to the main app/config
-    ztec.security.active_directory.settings:
+Requirements
+----------------
+php 5.2.4
+
+php_ldap
+
+ssl configuration for LDAP. see see http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
+
+Symfony 2.1
+
+
+Installation
+----------------
+
+You need to add a package to your dependency list :
+
+    //composer.json
+    "ztec/security-active_directory": "dev-master"
+
+You need to enable the bundle into your kernel
+
+    //app/AppKernel.php
+    new Ztec\Security\ActiveDirectoryBundle\ZtecSecurityActiveDirectoryBundle(),
+
+You need to configure your domain specific information
+
+    //app/config/config.yml or app/config/parameters.yml
+    parameters:
+        ztec.security.active_directory.settings:
             account_suffix : riper.fr # without the @ at the beginning
             base_dn : DC=RIPER,DC=FR #The DN of the domain
-            domain_controllers : [ DC.riper.fr ] #Servers to use for ldap connexion (Random)
+            domain_controllers : [ baudrive.kim.riper.fr ] #Servers to use for ldap connexion (Random)
             admin_username: #Null to use the userConnexion
             admin_password: #Null to use the userConnexion
             real_primarygroup : true #For Linux compatibility.
             use_ssl : false #Set it true need configuration of the server to be usefull
             use_tls : false #Set it true need configuration of the server to be usefull
-            recursive_groups : false #Used Only for group test (not userInfo)
-            sso : false
-            username_patterns: #Define pattern allowed. The first selector is the username
-              - /([^@]*)@riper.fr/i
-              - /RIPER\\(.*)/i
-              - /RIPER.FR\\(.*)/i
-              - /(.*)/i
+			recursive_grouproles: false #recursive group roles
+            username_patterns: #username is extracted from the string the user put into the login form
+              - /([^@]*)@riper.fr/i  # like [email protected]
+              - /RIPER\\(.*)/i #like RIPER\toto
+              - /RIPER.FR\\(.*)/i #like RIEPER.FR\toto
+              - /(.*)/i #like toto
+
+You need to add security parameters
+
+    //app/config/security.yml
+    encoders:
+        Ztec\Security\ActiveDirectoryBundle\Security\User\adUser : plaintext #Active directory does not support encrypted password yet
+
+    providers:
+        my_active_directory_provider :
+              id: ztec.security.active.directory.user.provider
+
+    firewalls:
+        secured_area:
+            active_directory: #Sames parameters as form_login
+                    check_path: /demo/secured/login_check
+                    login_path: /demo/secured/login
+
+
+Useful information
+----------------------
+
+Roles are got from Active directory. The name is transform to match the ROLE system of Symfony2
+
+    Domain User => ROLE_DOMAIN_USER
+    Administrators = ROLE_ADMINISTRATORS
+
+Nested Group are not supported yet. Enabling the option wont affect the Role check
+
+SSL part of the lib isn't used yet and haven't been tested with Symfony

Security/Authentication/AdAuthProvider.php

@@ -3,6 +3,7 @@
 namespace Ztec\Security\ActiveDirectoryBundle\Security\Authentication;
 
 use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface;
+use Symfony\Component\Translation\TranslatorInterface;
 use Ztec\Security\ActiveDirectoryBundle\Security\User\adUserProvider;
 use Ztec\Security\ActiveDirectoryBundle\Security\User\adUser;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -18,12 +19,21 @@ class AdAuthProvider implements AuthenticationProviderInterface
      * @var \Ztec\Security\ActiveDirectoryBundle\Security\User\adUserProvider
      */
     private $userProvider;
+    /**
+     * @var TranslatorInterface
+     */
+    private $translator;
 
-    public function __construct(adUserProvider $userProvider, $config, AdldapService $AdldapService)
-    {
-        $this->userProvider = $userProvider;
-        $this->config = $config;
+    public function __construct(
+        adUserProvider $userProvider,
+        array $config,
+        AdldapService $AdldapService,
+        TranslatorInterface $translator
+    ) {
+        $this->userProvider  = $userProvider;
+        $this->config        = $config;
         $this->AdldapService = $AdldapService;
+        $this->translator    = $translator;
     }
 
     /**
@@ -38,10 +48,13 @@ public function __construct(adUserProvider $userProvider, $config, AdldapService
     public function authenticate(TokenInterface $token)
     {
         $Adldap = $this->AdldapService->getInstance();
-        $User = $this->userProvider->loadUserByUsername($token->getUsername());
+        $User   = $this->userProvider->loadUserByUsername($token->getUsername());
         if ($User instanceof adUser) {
             if (!$Adldap->authenticate($User->getUsername(), $token->getCredentials())) {
-                throw new BadCredentialsException('The credentials are wrong');
+                $msg = $this->translator->trans(
+                    'ztec.security.active_directory.wrong_credential'
+                ); //'The credentials are wrong'
+                throw new BadCredentialsException($msg);
             }
             $User->setPassword($token->getCredentials());
             $this->userProvider->fetchData($User, $Adldap);

Security/Factory/AdAuthFactory.php

@@ -7,7 +7,7 @@
 use Symfony\Component\DependencyInjection\DefinitionDecorator;
 use Symfony\Component\DependencyInjection\Reference;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
-use  Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FormLoginFactory;
 
 class AdAuthFactory extends FormLoginFactory
@@ -24,23 +24,24 @@ public function __construct()
      * AuthenticationProviderInterface.
      *
      * @param ContainerBuilder $container
-     * @param string           $id             The unique id of the firewall
-     * @param array            $config         The options array for this listener
-     * @param string           $userProviderId The id of the user provider
+     * @param string $id             The unique id of the firewall
+     * @param array $config         The options array for this listener
+     * @param string $userProviderId The id of the user provider
      *
      * @return string never null, the id of the authentication provider
      */
     protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId)
     {
 
-        $providerId = 'security.authentication.provider.ztec.active_directory.'.$id;
+        $providerId = 'security.authentication.provider.ztec.active_directory.' . $id;
         $container
             ->setDefinition(
                 $providerId,
                 new DefinitionDecorator('ztec.security.active.directory.authentication.provider')
             )
             ->replaceArgument(0, new Reference("ztec.security.active.directory.user.provider"))
             ->replaceArgument(1, $config);
+
         //exit();
         return $providerId;
     }