Skip to content

Commit

Permalink
Firewall implementation for SAML SSO support; some user information i…
Browse files Browse the repository at this point in the history 
…s hacked in that still needs to be addressed
  • Loading branch information
@alanhartless
alanhartless committed Dec 16, 2016
1 parent ac36238 commit 9217eaa
Show file tree
Hide file tree
Showing 9 changed files with 1,510 additions and 535 deletions.
2 changes: 1 addition & 1 deletion app/bundles/CoreBundle/Doctrine/Mapping/ClassMetadataBuilder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ public function createOneToMany($name, $targetEntity)
public function addId()
{
$this->createField('id', 'integer')
->isPrimaryKey()
->makePrimaryKey()
->generatedValue()
->build();
}
Expand Down
9 changes: 0 additions & 9 deletions app/bundles/CoreBundle/Loader/RouteLoader.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,15 +101,6 @@ public function load($resource, $type = null)
}
$collection->addCollection($secureCollection);

// SAML
$samlCollection = new RouteCollection();
$samlCollection->addCollection($this->import('@LightSamlSpBundle/Resources/config/routing.yml'));
$samlCollection->addPrefix('/saml');

if ($forceSSL) {
$samlCollection->setSchemes('https');
}
$collection->addCollection($samlCollection);
// Catch all
$event = new RouteEvent($this, 'catchall');
$dispatcher->dispatch(CoreEvents::BUILD_ROUTE, $event);
Expand Down
27 changes: 23 additions & 4 deletions app/bundles/UserBundle/Config/config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,13 @@
'path' => '/sso_login_check/{integration}',
'controller' => 'MauticUserBundle:Security:ssoLoginCheck',
],
'lightsaml_sp.login' => [
'path' => '/saml/login',
'controller' => 'LightSamlSpBundle:Default:login',
],
'lightsaml_sp.login_check' => [
'path' => '/saml/login_check',
],
'mautic_user_index' => [
'path' => '/users/{page}',
'controller' => 'MauticUserBundle:User:index',
Expand Down Expand Up @@ -104,6 +111,21 @@
'path' => '/passwordresetconfirm',
'controller' => 'MauticUserBundle:Public:passwordResetConfirm',
],
'lightsaml_sp.metadata' => [
'path' => '/saml/metadata.xml',
'controller' => 'LightSamlSpBundle:Default:metadata',
],

'lightsaml_sp.discovery' => [
'path' => '/saml/discovery',
'controller' => 'LightSamlSpBundle:Default:discovery',
],

'lightsaml_sp.sessions' => [
'path' => '/saml/sessions',
'controller' => 'LightSamlSpBundle:Default:sessions',
],

],
],

Expand Down Expand Up @@ -281,11 +303,8 @@
],
],
'parameters' => [
'saml_enabled' => 'no',
'idp_entity_id' => '',
'saml_enabled' => false,
'idp_entity_id' => '',
'idp_login_url' => '',
'idp_logout_url' => '',
'idp_ceritificate' => '',
],
];
21 changes: 12 additions & 9 deletions app/bundles/UserBundle/Entity/IdEntry.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,34 +11,37 @@
class IdEntry
{
/**
* @var string
* @var int
*/
protected $entityId;
protected $id;

/**
* @var integer
* @var string
*/
protected $id;
protected $entityId;

/**
* @var int
*/
protected $expiryTimestamp;

/**
* @param ORM\ClassMetadata $metadata
*/
public static function loadMetadata (ORM\ClassMetadata $metadata)
public static function loadMetadata(ORM\ClassMetadata $metadata)
{
$builder = new ClassMetadataBuilder($metadata);

$builder->setTable('saml_id_entry');

$builder->addId();
$builder->createField('id', 'string')
->makePrimaryKey()
->generatedValue('NONE')
->build();

$builder->createField('entityId', 'string')
->columnName('entity_id')
->makePrimaryKey()
->generatedValue('NONE')
->build();

Expand Down Expand Up @@ -98,7 +101,7 @@ public function getId()
}

/**
* @param string $id
* @param int $id
*
* @return IdEntry
*/
Expand All @@ -108,4 +111,4 @@ public function setId($id)

return $this;
}
}
}
17 changes: 16 additions & 1 deletion app/bundles/UserBundle/Entity/User.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,15 @@
use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
use Symfony\Component\Form\Form;
use Symfony\Component\Security\Core\User\AdvancedUserInterface;
use Symfony\Component\Security\Core\User\EquatableInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Validator\Constraints as Assert;
use Symfony\Component\Validator\Mapping\ClassMetadata;

/**
* Class User.
*/
class User extends FormEntity implements AdvancedUserInterface, \Serializable
class User extends FormEntity implements AdvancedUserInterface, \Serializable, EquatableInterface
{
/**
* @var int
Expand Down Expand Up @@ -863,4 +865,17 @@ public function getSignature()
{
return $this->signature;
}

/**
* @param UserInterface $user
*
* Needed for SAML to work correctly
*/
public function isEqualTo(UserInterface $user)
{
$thisUser = $this->getId().$this->getUsername().$this->getPassword();
$thatUser = $user->getId().$user->getUsername().$user->getPassword();

return $thisUser === $thatUser;
}
}
84 changes: 28 additions & 56 deletions app/bundles/UserBundle/Form/Type/ConfigType.php
View file
Original file line number Diff line number Diff line change
@@ -1,93 +1,65 @@
<?php
/**
* @package Mautic
* @copyright 2014 Mautic Contributors. All rights reserved.
* @copyright 2014 Mautic Contributors. All rights reserved
* @author Mautic
*
* @link http://mautic.org
*
* @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
*/

namespace Mautic\UserBundle\Form\Type;

use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\Validator\Constraints\NotBlank;
use Mautic\CoreBundle\Form\DataTransformer\ArrayStringTransformer;

/**
* Class ConfigType
*
* @package Mautic\UserBundle\Form\Type
* Class ConfigType.
*/
class ConfigType extends AbstractType
{
/**
* @param FormBuilderInterface $builder
* @param array $options
*/
public function buildForm (FormBuilderInterface $builder, array $options)
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->add(
'saml_enabled',
'yesno_button_group',
array(
[
'label' => 'mautic.user.config.form.saml.enabled',
'attr' => array(
'tooltip' => 'mautic.user.config.form.saml.enabled.tooltip'
)
)
'attr' => [
'tooltip' => 'mautic.user.config.form.saml.enabled.tooltip',
],
]
);

$builder->add(
'idp_entity_id',
'text',
array(
'label' => 'mautic.user.config.form.saml.idp.entity_id',
'label_attr' => array('class' => 'control-label'),
'attr' => array(
'class' => 'form-control',
'tooltip' => 'mautic.user.config.form.saml.idp.entity_id.tooltip'
)
)
);
$builder->add(
'idp_login_url',
'text',
array(
'label' => 'mautic.user.config.form.saml.idp.login_url',
'label_attr' => array('class' => 'control-label'),
'attr' => array(
'class' => 'form-control',
'tooltip' => 'mautic.user.config.form.saml.idp.login_url.tooltip'
),
'required' => false
)
);
$builder->add(
'idp_logout_url',
'text',
array(
'label' => 'mautic.user.config.form.saml.idp.logout_url',
'label_attr' => array('class' => 'control-label'),
'attr' => array(
'class' => 'form-control',
'tooltip' => 'mautic.user.config.form.saml.idp.logout_url.tooltip'
),
'required' => false
)
[
'label' => 'mautic.user.config.form.saml.idp.entity_id',
'label_attr' => ['class' => 'control-label'],
'attr' => [
'class' => 'form-control',
'tooltip' => 'mautic.user.config.form.saml.idp.entity_id.tooltip',
],
]
);

$builder->add(
'idp_ceritificate',
'textarea',
array(
'label' => 'mautic.user.config.form.saml.idp.certificate',
'label_attr' => array('class' => 'control-label'),
'attr' => array(
'class' => 'form-control',
[
'label' => 'mautic.user.config.form.saml.idp.certificate',
'label_attr' => ['class' => 'control-label'],
'attr' => [
'class' => 'form-control',
'tooltip' => 'mautic.user.config.form.saml.idp.certificate.tooltip',
'rows' => 10,
)
)
'rows' => 10,
],
]
);
}

Expand All @@ -98,4 +70,4 @@ public function getName()
{
return 'saml_config';
}
}
}
36 changes: 20 additions & 16 deletions app/bundles/UserBundle/Security/User/UserCreator.php
View file
Original file line number Diff line number Diff line change
@@ -1,35 +1,37 @@
<?php
/**
* @package Mautic
* @copyright 2014 Mautic Contributors. All rights reserved.
* @copyright 2014 Mautic Contributors. All rights reserved
* @author Mautic
*
* @link http://mautic.org
*
* @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
*/

namespace Mautic\UserBundle\Security\User;

use Mautic\UserBundle\Entity\User;
use Doctrine\Common\Persistence\ObjectManager;
use Doctrine\ORM\EntityManager;
use LightSaml\Model\Protocol\Response;
use LightSaml\SpBundle\Security\User\UserCreatorInterface;
use LightSaml\SpBundle\Security\User\UsernameMapperInterface;
use Mautic\UserBundle\Entity\User;
use Symfony\Component\Security\Core\User\UserInterface;

class UserCreator implements UserCreatorInterface
{
/** @var ObjectManager */
private $objectManager;
/** @var EntityManager */
private $entityManager;

/** @var UsernameMapperInterface */
private $usernameMapper;

/**
* @param ObjectManager $objectManager
* @param EntityManager $entityManager
* @param UsernameMapperInterface $usernameMapper
*/
public function __construct($objectManager, $usernameMapper)
public function __construct($entityManager, $usernameMapper)
{
$this->objectManager = $objectManager;
$this->entityManager = $entityManager;
$this->usernameMapper = $usernameMapper;
}

Expand All @@ -43,14 +45,16 @@ public function createUser(Response $response)
$username = $this->usernameMapper->getUsername($response);

$user = new User();
$user
->setUsername($username)
->setRoles(['ROLE_USER'])
;
$user->setUsername($username)
->setFirstName('Saml')
->setLastName('Saml')
->setPassword(1234)
->setEmail('[email protected]')
->setRole($this->entityManager->getReference('MauticUserBundle:Role', 1));

$this->objectManager->persist($user);
$this->objectManager->flush();
$this->entityManager->persist($user);
$this->entityManager->flush();

return $user;
}
}
}
Loading

0 comments on commit 9217eaa

Please sign in to comment.