diff --git a/Dockerfile b/Dockerfile index 726ad0673a..1ce8b27978 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM alchemyfr/phraseanet-base:1.1.0 AS builder +FROM alchemyfr/phraseanet-base:1.2.0 AS builder COPY --from=composer:2.1.6 /usr/bin/composer /usr/bin/composer @@ -72,7 +72,7 @@ CMD [] # Phraseanet install and setup application image ######################################################################### -FROM alchemyfr/phraseanet-base:1.1.0 AS phraseanet-setup +FROM alchemyfr/phraseanet-base:1.2.0 AS phraseanet-setup COPY --from=builder --chown=app /var/alchemy/Phraseanet /var/alchemy/Phraseanet ADD ./docker/phraseanet/root / @@ -85,7 +85,7 @@ CMD [] # Phraseanet web application image ######################################################################### -FROM alchemyfr/phraseanet-base:1.1.0 AS phraseanet-fpm +FROM alchemyfr/phraseanet-base:1.2.0 AS phraseanet-fpm COPY --from=builder --chown=app /var/alchemy/Phraseanet /var/alchemy/Phraseanet ADD ./docker/phraseanet/root / @@ -97,7 +97,7 @@ CMD ["php-fpm", "-F"] # Phraseanet worker application image ######################################################################### -FROM alchemyfr/phraseanet-base:1.1.0 AS phraseanet-worker +FROM alchemyfr/phraseanet-base:1.2.0 AS phraseanet-worker COPY --from=builder --chown=app /var/alchemy/Phraseanet /var/alchemy/Phraseanet ADD ./docker/phraseanet/root / @@ -139,7 +139,7 @@ HEALTHCHECK CMD wget --spider http://127.0.0.1/login || nginx -s reload || exit # phraseanet adapted simplesaml service provider ######################################################################### -FROM alchemyfr/phraseanet-base:1.1.0 AS phraseanet-saml-sp +FROM alchemyfr/phraseanet-base:1.2.0 AS phraseanet-saml-sp RUN apt-get update \ && apt-get install -y \ apt-transport-https \ diff --git a/config/configuration.sample.yml b/config/configuration.sample.yml index f3290f093e..b466b237cf 100644 --- a/config/configuration.sample.yml +++ b/config/configuration.sample.yml @@ -220,6 +220,7 @@ authentication: realm-name: phrasea exclusive: false icon-uri: null + usegroups: false birth-group: _firstlog everyone-group: _everyone metamodel: _metamodel diff --git a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php index 6e8b794af5..89b17cbb95 100644 --- a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php +++ b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php @@ -349,13 +349,14 @@ public function onCallback(Request $request) $userName = $data['email'];// login to be an email } + $usegroups = isset($this->config['usegroups']) ? $this->config['usegroups'] : false; $userUA = $this->CreateUser([ 'id' => $distantUserId = $data['sub'], 'login' => $userName, 'firstname' => isset($data['given_name']) ? $data['given_name'] : '', 'lastname' => isset($data['family_name']) ? $data['family_name'] : '' , 'email' => isset($data['email']) ? $data['email'] : '', - '_groups' => isset($data['groups']) ? $data['groups'] : '' + '_groups' => isset($data['groups']) && $usegroups ? $data['groups'] : '' ]); $userAuthProviderRepository = $this->getUsrAuthProviderRepository(); @@ -488,8 +489,8 @@ private function CreateUser(Array $data) $this->debug(sprintf("found user \"%s\" with id=%s \n", $login, $userUA->getId())); // if the id provider does NOT return groups, the new user will get "birth" privileges - if (!is_array($data['_groups']) && array_key_exists('birth-group', $this->config)) { - $data['_groups'] = [$this->config['birth-group']]; + if (!is_array($data['_groups']) && array_key_exists('birth-group', $this->config) && trim($this->config['birth-group']) !== '') { + $data['_groups'] = [trim($this->config['birth-group'])]; } } else { @@ -534,8 +535,8 @@ private function CreateUser(Array $data) } // add "everyone-group" - if(array_key_exists('everyone-group', $this->config)) { - $models[] = ['name' => $this->config['model-gpfx'] . $this->config['everyone-group'], 'autocreate' => true]; + if(array_key_exists('everyone-group', $this->config) && trim($this->config['everyone-group']) !== '') { + $models[] = ['name' => $this->config['model-gpfx'] . trim($this->config['everyone-group']), 'autocreate' => true]; } // add a specific model for the user diff --git a/lib/classes/patch/4111PHRAS4106.php b/lib/classes/patch/4111PHRAS4106.php new file mode 100644 index 0000000000..040c6cb594 --- /dev/null +++ b/lib/classes/patch/4111PHRAS4106.php @@ -0,0 +1,65 @@ +release; + } + /** + * {@inheritdoc} + */ + public function concern() + { + return $this->concern; + } + /** + * {@inheritdoc} + */ + public function require_all_upgrades() + { + return false; + } + /** + * {@inheritdoc} + */ + public function getDoctrineMigrations() + { + return []; + } + /** + * {@inheritdoc} + */ + public function apply(base $appbox, Application $app) + { + /** @var PropertyAccess $conf */ + $conf = $app['conf']; + foreach ($app['conf']->get(['authentication', 'providers'], []) as $providerId => $data) { + if ($data['type'] === "openid") { + if(!isset($data['options']['usegroups'])) { + $data['options']['usegroups'] = false; + + $providerConfig[$providerId] = $data; + + $conf->merge(['authentication', 'providers'], $providerConfig); + } + } + } + + return true; + } +} diff --git a/lib/conf.d/configuration.yml b/lib/conf.d/configuration.yml index 5ed205980a..ba8aa39090 100644 --- a/lib/conf.d/configuration.yml +++ b/lib/conf.d/configuration.yml @@ -237,6 +237,7 @@ authentication: realm-name: phrasea exclusive: false icon-uri: null + usegroups: false birth-group: _firstlog everyone-group: _everyone metamodel: _metamodel