Auth: Extend the user.auth_source field #6046 (#6100)

chamilo · Feb 27, 2025 · 10e2051 · 10e2051
1 parent 2a481be
commit 10e2051
Show file tree

Hide file tree

Showing 38 changed files with 531 additions and 182 deletions.
diff --git a/public/main/admin/course_import.php b/public/main/admin/course_import.php
@@ -7,6 +7,8 @@
  * Copyright (c) 2005 Bart Mollet <[email protected]>.
  */
 
+use Chamilo\CoreBundle\Entity\UserAuthSource;
+
 /**
  * Validates imported data.
  *
@@ -167,7 +169,7 @@ function parse_csv_courses_data($file)
 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script();
 
-$defined_auth_sources[] = PLATFORM_AUTH_SOURCE;
+$defined_auth_sources[] = UserAuthSource::PLATFORM;
 
 if (isset($extAuthSource) && is_array($extAuthSource)) {
     $defined_auth_sources = array_merge($defined_auth_sources, array_keys($extAuthSource));

diff --git a/public/main/admin/ldap_synchro.php b/public/main/admin/ldap_synchro.php
@@ -95,7 +95,7 @@
 					$password = $val[0];
 					// Pour faciliter la gestion on ajoute le code "etape-annee"
 					$official_code = $etape."-".$annee;
-					$auth_source = "ldap";
+					$auth_source = ["ldap"];
 					// Pas de date d'expiration d'etudiant (a recuperer par rapport au shadow expire LDAP)
 					$expiration_date = '';
 					$active = 1;
@@ -126,7 +126,7 @@
                             $lastname,
                             $username,
                             null,
-                            null,
+                            [],
                             $email,
                             $status,
                             $official_code,

diff --git a/public/main/admin/user_add.php b/public/main/admin/user_add.php
@@ -2,8 +2,12 @@
 
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
+use Chamilo\CoreBundle\ServiceHelper\AuthenticationConfigHelper;
 
 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
@@ -15,6 +19,12 @@
 api_protect_admin_script(true);
 api_protect_limit_for_session_admin();
 
+/** @var AuthenticationConfigHelper $authenticationConfigHelper */
+$authenticationConfigHelper = Container::$container->get(AuthenticationConfigHelper::class);
+
+/** @var AccessUrl $accessUrl */
+$accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
 $is_platform_admin = api_is_platform_admin() ? 1 : 0;
 
 $message = null;
@@ -175,23 +185,24 @@ function updateStatus(){
 
 // Password
 $group = [];
+$extAuthSource = $authenticationConfigHelper->getAuthSourceAuthentications($accessUrl);
 $auth_sources = 0; //make available wider as we need it in case of form reset (see below)
 $nb_ext_auth_source_added = 0;
-if (isset($extAuthSource) && count($extAuthSource) > 0) {
+if (count($extAuthSource) > 0) {
     $auth_sources = [];
-    foreach ($extAuthSource as $key => $info) {
+    foreach ($extAuthSource as $key) {
         // @todo : make uniform external authentification configuration (ex : cas and external_login ldap)
         // Special case for CAS. CAS is activated from Chamilo > Administration > Configuration > CAS
         // extAuthSource always on for CAS even if not activated
         // same action for file user_edit.php
-        if ((CAS_AUTH_SOURCE == $key && 'true' === api_get_setting('cas_activate')) || (CAS_AUTH_SOURCE != $key)) {
+        if ((UserAuthSource::CAS == $key && 'true' === api_get_setting('cas_activate')) || (UserAuthSource::CAS != $key)) {
             $auth_sources[$key] = $key;
             $nb_ext_auth_source_added++;
         }
     }
     if ($nb_ext_auth_source_added > 0) {
         $group[] = $form->createElement('radio', 'password_auto', null, get_lang('External authentification').' ', 2);
-        $group[] = $form->createElement('select', 'auth_source', null, $auth_sources);
+        $group[] = $form->createElement('select', 'auth_source', null, $auth_sources, ['multiple' => 'multiple']);
         $group[] = $form->createElement('static', '', '', '<br />');
     }
 }
@@ -366,7 +377,7 @@ function updateStatus(){
             $auth_source = $user['password']['auth_source'];
             $password = 'PLACEHOLDER';
         } else {
-            $auth_source = PLATFORM_AUTH_SOURCE;
+            $auth_source = [UserAuthSource::PLATFORM];
             $password = '1' === $user['password']['password_auto'] ? api_generate_password() : $user['password']['password'];
         }
 

diff --git a/public/main/admin/user_edit.php b/public/main/admin/user_edit.php
@@ -2,8 +2,12 @@
 
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
+use Chamilo\CoreBundle\ServiceHelper\AuthenticationConfigHelper;
 use ChamiloSession as Session;
 use Chamilo\CoreBundle\Component\Utils\ActionIcon;
 
@@ -21,6 +25,12 @@
 $userObj = api_get_user_entity($user_id);
 $illustrationRepo = Container::getIllustrationRepository();
 
+/** @var AuthenticationConfigHelper $authenticationConfigHelper */
+$authenticationConfigHelper = Container::$container->get(AuthenticationConfigHelper::class);
+
+/** @var AccessUrl $accessUrl */
+$accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
 $htmlHeadXtra[] = '
 <script>
 var is_platform_id = "'.$is_platform_admin.'";
@@ -192,33 +202,37 @@ function confirmation(name) {
     $form->addRule('username', get_lang('This login is already in use'), 'username_available', $user_data['username']);
 }
 
-if (isset($extAuthSource) && !empty($extAuthSource) && count($extAuthSource) > 0) {
-    $form->addLabel(
-        get_lang('External authentification'),
-        $userInfo['auth_source']
-    );
+$extAuthSource = $authenticationConfigHelper->getAuthSourceAuthentications($accessUrl);
+
+if (!empty($extAuthSource) && count($extAuthSource) > 0) {
+    foreach ($userInfo['auth_sources'] as $userAuthSource) {
+        $form->addLabel(
+            get_lang('External authentification'),
+            $userAuthSource
+        );
+    }
 }
 
 // Password
 $form->addElement('radio', 'reset_password', get_lang('Password'), get_lang('Don\'t reset password'), 0);
 $nb_ext_auth_source_added = 0;
-if (isset($extAuthSource) && !empty($extAuthSource) && count($extAuthSource) > 0) {
+if (!empty($extAuthSource) && count($extAuthSource) > 0) {
     $auth_sources = [];
-    foreach ($extAuthSource as $key => $info) {
+    foreach ($extAuthSource as $key) {
         // @todo : make uniform external authentication configuration (ex : cas and external_login ldap)
         // Special case for CAS. CAS is activated from Chamilo > Administration > Configuration > CAS
         // extAuthSource always on for CAS even if not activated
         // same action for file user_add.php
-        if ((CAS_AUTH_SOURCE == $key && 'true' === api_get_setting('cas_activate')) || (CAS_AUTH_SOURCE != $key)) {
+        if ((UserAuthSource::CAS == $key && 'true' === api_get_setting('cas_activate')) || (UserAuthSource::CAS != $key)) {
             $auth_sources[$key] = $key;
             $nb_ext_auth_source_added++;
         }
     }
     if ($nb_ext_auth_source_added > 0) {
         // @todo check the radio button for external authentification and select the external authentication in the menu
         $group[] = $form->createElement('radio', 'reset_password', null, get_lang('External authentification').' ', 3);
-        $group[] = $form->createElement('select', 'auth_source', null, $auth_sources);
-        $group[] = $form->createElement('static', '', '', '<br />');
+        $group[] = $form->createElement('select', 'auth_source', null, $auth_sources, ['multiple' => 'multiple']);
+        $group[] = $form->createElement('static', '', '', '<br />', []);
         $form->addGroup($group, 'password', null, null, false);
     }
 }
@@ -380,6 +394,8 @@ function confirmation(name) {
 
 // Set default values
 $user_data['reset_password'] = 0;
+$user_data['auth_source'] = $userInfo['auth_sources'];
+
 if (!$hideFields) {
     $expiration_date = $user_data['expiration_date'];
     if (empty($expiration_date)) {

diff --git a/public/main/admin/user_export.php b/public/main/admin/user_export.php
@@ -2,6 +2,10 @@
 
 /* For licensing terms, see /license.txt */
 
+use Chamilo\CoreBundle\Entity\AccessUrl;
+use Chamilo\CoreBundle\Framework\Container;
+use Chamilo\CoreBundle\ServiceHelper\AccessUrlHelper;
+
 $cidReset = true;
 
 require_once __DIR__.'/../inc/global.inc.php';
@@ -18,6 +22,9 @@
 $tool_name = get_lang('Export users list');
 $interbreadcrumb[] = ["url" => 'index.php', "name" => get_lang('Administration')];
 
+/** @var AccessUrl $accessUrl */
+$accessUrl = Container::$container->get(AccessUrlHelper::class)->getCurrent();
+
 set_time_limit(0);
 $coursesSessions = [];
 $coursesSessions[''] = '--';
@@ -87,12 +94,8 @@
 
     $sql = "SELECT
                 u.id 	AS UserId,
-                u.lastname 	AS LastName,
-                u.firstname 	AS FirstName,
                 u.email 		AS Email,
-                u.username	AS UserName,
                 ".(('none' != api_get_configuration_value('password_encryption')) ? " " : "u.password AS Password, ")."
-                u.auth_source	AS AuthSource,
                 u.status		AS Status,
                 u.official_code	AS OfficialCode,
                 u.phone		AS Phone,
@@ -171,6 +174,12 @@
 
     $res = Database::query($sql);
     while ($user = Database::fetch_assoc($res)) {
+        $userEntity = api_get_user_entity($user['UserId']);
+        $user['LastName'] = $userEntity->getLastname();
+        $user['FirstName'] = $userEntity->getFirstname();
+        $user['UserName'] = $userEntity->getUsername();
+        $user['AuthSource'] = implode(', ', $userEntity->getAuthSourcesAuthentications($accessUrl));
+
         $student_data = UserManager:: get_extra_user_data(
             $user['UserId'],
             true,

diff --git a/public/main/admin/user_import.php b/public/main/admin/user_import.php
@@ -3,6 +3,7 @@
 /* For licensing terms, see /license.txt */
 
 use Chamilo\CoreBundle\Entity\ExtraFieldOptions;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use ChamiloSession as Session;
 
 /**
@@ -163,7 +164,7 @@ function complete_missing_data($user)
     }
     // 4. Set authsource if not allready set.
     if (empty($user['AuthSource'])) {
-        $user['AuthSource'] = PLATFORM_AUTH_SOURCE;
+        $user['AuthSource'] = UserAuthSource::PLATFORM;
     }
 
     if (empty($user['ExpiryDate'])) {
@@ -233,7 +234,7 @@ function save_data($users, $sendMail = false)
                 $user['language'],
                 $user['PhoneNumber'],
                 '',
-                $user['AuthSource'],
+                [$user['AuthSource']],
                 $user['ExpiryDate'],
                 1,
                 0,
@@ -494,7 +495,7 @@ function processUsers(&$users, $sendMail)
 }
 
 $this_section = SECTION_PLATFORM_ADMIN;
-$defined_auth_sources[] = PLATFORM_AUTH_SOURCE;
+$defined_auth_sources[] = UserAuthSource::PLATFORM;
 if (isset($extAuthSource) && is_array($extAuthSource)) {
     $defined_auth_sources = array_merge($defined_auth_sources, array_keys($extAuthSource));
 }

diff --git a/public/main/admin/user_update_import.php b/public/main/admin/user_update_import.php
@@ -6,6 +6,7 @@
  * This tool allows platform admins to add users by uploading a CSV or XML file.
  */
 
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Symfony\Component\DomCrawler\Crawler;
 
 $cidReset = true;
@@ -112,7 +113,7 @@ function updateUsers(
             $userName = isset($user['NewUserName']) ? $user['NewUserName'] : $userInfo['username'];
             $changePassMethod = 0;
             $password = null;
-            $authSource = $userInfo['auth_source'];
+            $authSource = $userInfo['auth_sources'];
 
             if ($resetPassword) {
                 $changePassMethod = 1;
@@ -122,8 +123,8 @@ function updateUsers(
                     $password = $user['Password'];
                 }
 
-                if (isset($user['AuthSource']) && $user['AuthSource'] != $authSource) {
-                    $authSource = $user['AuthSource'];
+                if (isset($user['AuthSource']) && !in_array($user['AuthSource'], $authSource)) {
+                    $authSource = [$user['AuthSource']];
                     $changePassMethod = 3;
                 }
             }
@@ -267,7 +268,7 @@ function parse_xml_data($file)
 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true, null);
 
-$defined_auth_sources[] = PLATFORM_AUTH_SOURCE;
+$defined_auth_sources[] = UserAuthSource::PLATFORM;
 if (isset($extAuthSource) && is_array($extAuthSource)) {
     $defined_auth_sources = array_merge($defined_auth_sources, array_keys($extAuthSource));
 }

diff --git a/public/main/auth/inscription.php b/public/main/auth/inscription.php
@@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use Chamilo\CoreBundle\Framework\Container;
 use Chamilo\CoreBundle\ServiceHelper\ContainerHelper;
 use ChamiloSession as Session;
@@ -928,7 +929,7 @@
             $values['language'],
             $phone,
             null,
-            PLATFORM_AUTH_SOURCE,
+            [UserAuthSource::PLATFORM],
             null,
             1,
             0,

diff --git a/public/main/auth/lostPassword.php b/public/main/auth/lostPassword.php
@@ -14,6 +14,9 @@
  *
  * @todo refactor, move relevant functions to code libraries
  */
+
+use Chamilo\CoreBundle\Entity\UserAuthSource;
+
 require_once __DIR__.'/../inc/global.inc.php';
 
 // Custom pages
@@ -118,7 +121,7 @@
         exit;
     }
 
-    if ('extldap' === $user['auth_source']) {
+    if (in_array(UserAuthSource::CAS, $user['auth_sources'])) {
         Display::addFlash(
             Display::return_message(get_lang('Could not reset password, contact your helpdesk.'), 'info', false)
         );

diff --git a/public/main/auth/profile.php b/public/main/auth/profile.php
@@ -2,6 +2,7 @@
 /* For licensing terms, see /license.txt */
 
 use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\Entity\UserAuthSource;
 use ChamiloSession as Session;
 use Chamilo\CoreBundle\Component\Utils\ActionIcon;
 use Chamilo\CoreBundle\Component\Utils\ToolIcon;
@@ -299,7 +300,7 @@ function show_image(image,width,height) {
 }
 
 //    PASSWORD, if auth_source is platform
-if (PLATFORM_AUTH_SOURCE == $user_data['auth_source'] &&
+if (in_array(UserAuthSource::PLATFORM, $user_data['auth_sources']) &&
     in_array('password', $profileList)
 ) {
     $form->addElement('password', 'password0', [get_lang('Pass'), get_lang('Enter2passToChange')], ['size' => 40]);
@@ -402,7 +403,7 @@ function show_image(image,width,height) {
     }
 
     $allow_users_to_change_email_with_no_password = true;
-    if (isset($user_data['auth_source']) && PLATFORM_AUTH_SOURCE == $user_data['auth_source'] &&
+    if (isset($user_data['auth_sources']) && in_array(UserAuthSource::PLATFORM, $user_data['auth_sources']) &&
         'false' === api_get_setting('allow_users_to_change_email_with_no_password')
     ) {
         $allow_users_to_change_email_with_no_password = false;