Allow switching between native and ldap login

- Add base ldap service configuration - Add dynamic login configuration selection based on env - Add default env options for ldap
2025-09-04 10:14:13 +08:00 · 2022-06-30 11:49:17 +01:00 · 2022-06-30 11:49:17 +01:00 · db6afc52fc
commit db6afc52fc
parent 0c79491581
4 changed files with 122 additions and 17 deletions
--- a/config/packages/security.php
+++ b/config/packages/security.php
@ -0,0 +1,90 @@
+<?php
+/**
+ * SuiteCRM is a customer relationship management program developed by SalesAgility Ltd.
+ * Copyright (C) 2022 SalesAgility Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Affero General Public License version 3 as published by the
+ * Free Software Foundation with the addition of the following permission added
+ * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
+ * IN WHICH THE COPYRIGHT IS OWNED BY SALESAGILITY, SALESAGILITY DISCLAIMS THE
+ * WARRANTY OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * In accordance with Section 7(b) of the GNU Affero General Public License
+ * version 3, these Appropriate Legal Notices must retain the display of the
+ * "Supercharged by SuiteCRM" logo. If the display of the logos is not reasonably
+ * feasible for technical reasons, the Appropriate Legal Notices must display
+ * the words "Supercharged by SuiteCRM".
+ */
+
+namespace Symfony\Component\DependencyInjection\Loader\Configurator;
+
+use App\Security\UserChecker;
+use Symfony\Component\DependencyInjection\Container;
+use Symfony\Component\Ldap\Ldap;
+
+/** @var $container Container */
+if (!isset($container)) {
+    return;
+}
+
+return static function (ContainerConfigurator $containerConfig) {
+
+    $env = $_ENV ?? [];
+    $authType = $env['AUTH_TYPE'] ?? 'native';
+
+    $baseFirewall = [
+        'dev' => [
+            'pattern' => '^/(_(profiler|wdt)|css|images|js)/',
+            'user_checker' => UserChecker::class,
+            'security' => false
+        ],
+        'main' => [
+            'lazy' => true,
+            'logout' => [
+                'path' => 'app_logout'
+            ]
+        ]
+    ];
+
+    if ($authType === 'native') {
+        $containerConfig->extension('security', [
+            'firewalls' => array_merge_recursive($baseFirewall, [
+                'main' => [
+                    'json_login' => [
+                        'check_path' => 'app_login',
+                    ],
+                ],
+            ])
+        ]);
+
+        return;
+    }
+
+    if ($authType === 'ldap') {
+        $containerConfig->extension('security', [
+            'firewalls' => array_merge_recursive($baseFirewall, [
+                'main' => [
+                    'json_login_ldap' => [
+                        'check_path' => 'app_login',
+                        'service' => Ldap::class,
+                        'dn_string' => '%env(LDAP_DN_STRING)%',
+                        'query_string' => '%env(LDAP_QUERY_STRING)%',
+                        'search_dn' => '%env(LDAP_SEARCH_DN)%',
+                        'search_password' => '%env(LDAP_SEARCH_PASSWORD)%',
+                    ],
+                ],
+            ])
+        ]);
+    }
+
+};
+
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -12,23 +12,6 @@ security:
      entity:
        class: App\Module\Users\Entity\User

-  firewalls:
-    dev:
-      pattern: ^/(_(profiler|wdt)|css|images|js)/
-      user_checker: App\Security\UserChecker
-      security: false
-    main:
-      anonymous: true
-      lazy: true
-      user_checker: App\Security\UserChecker
-      guard:
-        authenticators:
-          - App\Security\LoginFormAuthenticator
-      json_login:
-        check_path: app_login
-      logout:
-        path: app_logout
-
  # Note: Only the *first* access control that matches will be used
  access_control:
    - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
--- a/config/services.yaml
+++ b/config/services.yaml
@ -8,6 +8,22 @@ parameters:
  legacy.path: '/legacy'
  legacy.session_name: 'LEGACYSESSID'
  default_session_name: 'PHPSESSID'
+  auth_type: '%env(AUTH_TYPE)%'
+
+services:
+  Symfony\Component\Ldap\Ldap:
+    arguments: [ '@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter' ]
+    tags:
+      - ldap
+  Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
+    arguments:
+      - host: '%env(LDAP_HOST)%'
+        port: '%env(LDAP_PORT)%'
+        encryption: '%env(LDAP_ENCRYPTION)%'
+        options:
+          protocol_version: '%env(LDAP_PROTOCOL_VERSION)%'
+          referrals: '%env(LDAP_REFERRALS)%'
+

 imports:
  - { resource: services/**/*.yaml }