error previous commit

Bundles/Ztec/Security/ActiveDirectoryBundle/Controller/DefaultController.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace Ztec\Security\ActiveDirectoryBundle\Controller;
+
+use Symfony\Bundle\FrameworkBundle\Controller\Controller;
+
+class DefaultController extends Controller
+{
+    public function indexAction($name)
+    {
+        return $this->render('ZtecSecurityActiveDirectoryBundle:Default:index.html.twig', array('name' => $name));
+    }
+}

Bundles/Ztec/Security/ActiveDirectoryBundle/DependencyInjection/Configuration.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace Ztec\Security\ActiveDirectoryBundle\DependencyInjection;
+
+use Symfony\Component\Config\Definition\Builder\TreeBuilder;
+use Symfony\Component\Config\Definition\ConfigurationInterface;
+
+/**
+ * This is the class that validates and merges configuration from your app/config files
+ *
+ * To learn more see {@link http://symfony.com/doc/current/cookbook/bundles/extension.html#cookbook-bundles-extension-config-class}
+ */
+class Configuration implements ConfigurationInterface
+{
+    /**
+     * {@inheritDoc}
+     */
+    public function getConfigTreeBuilder()
+    {
+        $treeBuilder = new TreeBuilder();
+        $rootNode = $treeBuilder->root('ztec_security_active_directory');
+
+        // Here you should define the parameters that are allowed to
+        // configure your bundle. See the documentation linked above for
+        // more information on that topic.
+
+        return $treeBuilder;
+    }
+}

Bundles/Ztec/Security/ActiveDirectoryBundle/DependencyInjection/ZtecSecurityActiveDirectoryExtension.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Ztec\Security\ActiveDirectoryBundle\DependencyInjection;
+
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\Config\FileLocator;
+use Symfony\Component\HttpKernel\DependencyInjection\Extension;
+use Symfony\Component\DependencyInjection\Loader;
+
+/**
+ * This is the class that loads and manages your bundle configuration
+ *
+ * To learn more see {@link http://symfony.com/doc/current/cookbook/bundles/extension.html}
+ */
+class ZtecSecurityActiveDirectoryExtension extends Extension
+{
+    /**
+     * {@inheritDoc}
+     */
+    public function load(array $configs, ContainerBuilder $container)
+    {
+
+
+        $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
+        $loader->load('services.yml');
+    }
+}

Bundles/Ztec/Security/ActiveDirectoryBundle/Resources/config/services.yml

@@ -0,0 +1,18 @@
+parameters:
+    ztec_security_active_directory_user_provider.class: Ztec\Security\ActiveDirectoryBundle\Security\User\adUserProvider
+    ztec_security_active_directory_authentication_provider.class: Ztec\Security\ActiveDirectoryBundle\Security\Authentication\AdAuthProvider
+    ztec_security_active_directory_service_adldap.class: Ztec\Security\ActiveDirectoryBundle\Service\AdldapService
+
+services:
+    ztec.security.active.directory.user.provider:
+        class: "%ztec_security_active_directory_user_provider.class%"
+        arguments: [ "@service_container", "@ztec.security.active.directory.service.adldap"]
+
+    ztec.security.active.directory.authentication.provider:
+        class: "%ztec_security_active_directory_authentication_provider.class%"
+        arguments: [ "@ztec.security.active.directory.user.provider", "", "@ztec.security.active.directory.service.adldap"]
+
+    ztec.security.active.directory.service.adldap:
+        class: "%ztec_security_active_directory_service_adldap.class%"
+        arguments: [ "@service_container" ]
+

Bundles/Ztec/Security/ActiveDirectoryBundle/Resources/doc/index.rst

@@ -0,0 +1,22 @@
+Active Directory authentication bundle
+============
+
+To use this bundle, place it into your vendors with composer
+
+add this config to the main app/config
+    ztec.security.active_directory.settings:
+            account_suffix : riper.fr # without the @ at the beginning
+            base_dn : DC=RIPER,DC=FR #The DN of the domain
+            domain_controllers : [ DC.riper.fr ] #Servers to use for ldap connexion (Random)
+            admin_username: #Null to use the userConnexion
+            admin_password: #Null to use the userConnexion
+            real_primarygroup : true #For Linux compatibility.
+            use_ssl : false #Set it true need configuration of the server to be usefull
+            use_tls : false #Set it true need configuration of the server to be usefull
+            recursive_groups : false #Used Only for group test (not userInfo)
+            sso : false
+            username_patterns: #Define pattern allowed. The first selector is the username
+              - /([^@]*)@riper.fr/i
+              - /RIPER\\(.*)/i
+              - /RIPER.FR\\(.*)/i
+              - /(.*)/i

Bundles/Ztec/Security/ActiveDirectoryBundle/Security/Authentication/AdAuthProvider.php

@@ -0,0 +1,63 @@
+<?php
+namespace Ztec\Security\ActiveDirectoryBundle\Security\Authentication ;
+
+use Symfony\Component\Security\Core\Authentication\Provider\AuthenticationProviderInterface ;
+use Ztec\Security\ActiveDirectoryBundle\Security\User\adUserProvider ;
+use Ztec\Security\ActiveDirectoryBundle\Security\User\adUser ;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException ;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Ztec\Security\ActiveDirectoryBundle\Service\AdldapService ;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+
+class AdAuthProvider implements AuthenticationProviderInterface{
+
+    /**
+     * @var \Ztec\Security\ActiveDirectoryBundle\Security\User\adUserProvider
+     */
+    private $userProvider ;
+
+    public function __construct(adUserProvider $userProvider,$config, AdldapService $AdldapService){
+        $this->userProvider = $userProvider ;
+        $this->config = $config ;
+        $this->AdldapService = $AdldapService ;
+    }
+
+    /**
+     * Attempts to authenticates a TokenInterface object.
+     *
+     * @param TokenInterface $token The TokenInterface instance to authenticate
+     *
+     * @return TokenInterface An authenticated TokenInterface instance, never null
+     *
+     * @throws AuthenticationException if the authentication fails
+     */
+    public function authenticate(TokenInterface $token)
+    {
+        $Adldap = $this->AdldapService->getInstance();
+        $User = $this->userProvider->loadUserByUsername($token->getUsername());
+        if($User instanceof adUser){
+            if(!$Adldap->authenticate($User->getUsername(),$token->getCredentials())){
+                throw new BadCredentialsException('The credentials are wrong');
+            }
+            $User->setPassword($token->getCredentials());
+            $this->userProvider->fetchData($User,$Adldap);
+        }
+
+        $newToken = new UsernamePasswordToken($User, $token->getCredentials(), "ztec.security.active.directory.user.provider", $User->getRoles()) ;
+
+        return $newToken ;
+    }
+
+    /**
+     * Checks whether this provider supports the given token.
+     *
+     * @param TokenInterface $token A TokenInterface instance
+     *
+     * @return Boolean true if the implementation supports the Token, false otherwise
+     */
+    function supports(TokenInterface $token)
+    {
+        return $token instanceof UsernamePasswordToken ;
+    }
+}

Bundles/Ztec/Security/ActiveDirectoryBundle/Security/Factory/AdAuthFactory.php

@@ -0,0 +1,53 @@
+<?php
+namespace Ztec\Security\ActiveDirectoryBundle\Security\Factory ;
+
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\DefinitionDecorator;
+use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\Config\Definition\Builder\NodeDefinition;
+use  Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AbstractFactory ;
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FormLoginFactory ;
+
+class AdAuthFactory extends  FormLoginFactory {
+
+
+    public function __construct(){
+        parent::__construct();
+        $this->addOption('account_suffix', 'domain.local');
+    }
+
+    /**
+     * Subclasses must return the id of a service which implements the
+     * AuthenticationProviderInterface.
+     *
+     * @param ContainerBuilder $container
+     * @param string           $id             The unique id of the firewall
+     * @param array            $config         The options array for this listener
+     * @param string           $userProviderId The id of the user provider
+     *
+     * @return string never null, the id of the authentication provider
+     */
+    protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId)
+    {
+
+        $providerId = 'security.authentication.provider.ztec.active_directory.'.$id;
+        $container
+            ->setDefinition($providerId, new DefinitionDecorator('ztec.security.active.directory.authentication.provider'))
+            ->replaceArgument(0, new Reference("ztec.security.active.directory.user.provider"))
+            ->replaceArgument(1, $config)
+        ;
+        //exit();
+        return $providerId ;
+    }
+
+    /*public function getListenerId(){
+        return
+    }*/
+
+
+    public function getKey()
+    {
+        return 'active_directory' ;
+    }
+}

Bundles/Ztec/Security/ActiveDirectoryBundle/Security/User/adUser.php

@@ -0,0 +1,103 @@
+<?php
+namespace Ztec\Security\ActiveDirectoryBundle\Security\User ;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class adUser implements UserInterface
+{
+
+    private $username;
+    private $password;
+    private $salt;
+    private $roles;
+
+
+    public function __construct($username,$password,array $roles)
+    {
+        $this->username = $username;
+        $this->password = $password ;
+        $this->salt = '';
+        $this->roles = $roles ;
+    }
+
+    /**
+     * Returns the password used to authenticate the user.
+     *
+     * This should be the encoded password. On authentication, a plain-text
+     * password will be salted, encoded, and then compared to this value.
+     *
+     * @return string The password
+     */
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    public function setPassword($password){
+        $this->password = $password ;
+    }
+
+    /**
+     * Returns the salt that was originally used to encode the password.
+     *
+     * This can return null if the password was not encoded using a salt.
+     *
+     * @return string The salt
+     */
+    public function getSalt()
+    {
+        return null ;
+    }
+
+    /**
+     * Returns the username used to authenticate the user.
+     *
+     * @return string The username
+     */
+    public function getUsername()
+    {
+        return $this->username;
+    }
+
+    /**
+     * Removes sensitive data from the user.
+     *
+     * This is important if, at any given point, sensitive information like
+     * the plain-text password is stored on this object.
+     *
+     * @return void
+     */
+    public function eraseCredentials()
+    {
+        //return void ;
+    }
+
+    /**
+     * Returns the roles granted to the user.
+     *
+     * <code>
+     * public function getRoles()
+     * {
+     *     return array('ROLE_USER');
+     * }
+     * </code>
+     *
+     * Alternatively, the roles might be stored on a ``roles`` property,
+     * and populated in any number of different ways when the user object
+     * is created.
+     *
+     * @return array Role[] The user roles
+     */
+    public function getRoles()
+    {
+        return  $this->roles ;
+    }
+
+    public function setRoles(array $roles){
+        $this->roles = $roles ;
+    }
+
+
+
+
+}