feat: Add sso login

docker/Dockerfile

@@ -16,6 +16,11 @@ ARG fqdn
 ARG max_upload_size
 ARG php_memory_limit="256M"
 
+ENV SSO_ENABLED=false
+ENV SSO_ONLY=false
+ENV SSO_CLAIM_USERNAME_TYPE=userInfo
+ENV SSO_CLAIM_USERNAME_VALUE=client_id
+
 # PACKAGES INSTALL
 
 # Install dependencies

docker/config/php/www.conf

@@ -436,6 +436,13 @@ pm.max_spare_servers = 3
 ;env[TMP] = /tmp
 ;env[TMPDIR] = /tmp
 ;env[TEMP] = /tmp
+env["SSO_ENABLED"] = $SSO_ENABLED
+env["SSO_PROVIDER_URL"] = $SSO_PROVIDER_URL
+env["SSO_CLIENT_ID"] = $SSO_CLIENT_ID
+env["SSO_CLIENT_SECRET"] = $SSO_CLIENT_SECRET
+env["SSO_CLAIM_USERNAME_TYPE"] = $SSO_CLAIM_USERNAME_TYPE
+env["SSO_CLAIM_USERNAME_VALUE"] = $SSO_CLAIM_USERNAME_VALUE
+env["SSO_ONLY"] = $SSO_ONLY
 
 ; Additional php.ini defines, specific to this pool of workers. These settings
 ; overwrite the values previously defined in the php.ini. The directives are the

docker/init

@@ -35,7 +35,7 @@ fi
 if [ -f "/etc/init.d/syslog-ng" ];then
     /usr/sbin/service syslog-ng start
 fi
-/usr/sbin/service php8.3-fpm start
+/etc/init.d/php8.3-fpm start
 /usr/sbin/service nginx start
 /usr/sbin/service postfix start
 

www/controllers/Login.php

@@ -188,7 +188,7 @@ public function addUser(string $username, string $role)
         /**
          *  Insert new user in database
          */
-        $this->model->addUser($username, $hashedPassword, $role);
+        $this->model->addUserLocal($username, $hashedPassword, $role);
 
         $myhistory = new \Controllers\History();
         $myhistory->set($_SESSION['username'], "Created user: <b>$username</b>", 'success');
@@ -199,6 +199,55 @@ public function addUser(string $username, string $role)
         return $password;
     }
 
+    public function addUserSSO(string $username, string $firstName, string $lastName, string $email, string $role)
+    {
+        $username = Common::validateData($username);
+        $firstName = Common::validateData($firstName);
+        $lastName = Common::validateData($lastName);
+        $email = Common::validateData($email);
+
+        /**
+         *  Check that email is a valid email address
+         */
+        if (Common::validateMail($email) === false) {
+            $email = null;
+        }
+
+        /**
+         *  Check that username does not contain invalid characters
+         */
+        if (Common::isAlphanumDash($username) === false) {
+            throw new Exception('Username cannot contain special characters except hyphen and underscore');
+        }
+
+        /**
+         *  Check that username does not already exist
+         */
+        if ($this->userExistsLocal($username) === true) {
+            throw new Exception('Username <b>' . $username . '</b> already exists (local)');
+        }
+
+        /**
+         *  Converting role as Id
+         */
+        if ($role == "super-administrator") {
+            $role = 1;
+        }
+        if ($role == "administrator") {
+            $role = 2;
+        }
+        if ($role == "usage") {
+            $role = 3;
+        }
+
+        if ($this->model->userExists($username) === true) {
+            $this->model->edit($username, $firstName, $lastName, $email);
+            $this->model->updateRole($username, $role);
+        } else {
+            $this->model->addUserSSO($username, $firstName, $lastName, $email, $role);
+        }
+    }
+
     /**
      *  Check that specified username / password couple matches with database
      */
@@ -209,7 +258,7 @@ public function checkUsernamePwd(string $username, string $password)
         /**
          *  Check that user exists in database
          */
-        if ($this->userExists($username) !== true) {
+        if ($this->userExistsLocal($username) !== true) {
             throw new Exception('Invalid login and/or password');
         }
 
@@ -262,8 +311,8 @@ public function edit(string $username, string $firstName = null, string $lastNam
         /**
          *  Check that user exists
          */
-        if (!$this->userExists($username)) {
-            throw new Exception("User <b>$username</b> does not exist");
+        if (!$this->userExistsLocal($username)) {
+            throw new Exception("User <b>$username</b> does not exist (local)");
         }
 
         /**
@@ -292,8 +341,8 @@ public function changePassword(string $username, string $actualPassword, string
         /**
          *  Check that user exists
          */
-        if ($this->userExists($username) !== true) {
-            throw new Exception("User <b>$username</b> does not exist");
+        if ($this->userExistsLocal($username) !== true) {
+            throw new Exception("User <b>$username</b> does not exist (local)");
         }
 
         /**
@@ -532,6 +581,14 @@ public function deleteUser(string $id)
         $myhistory->set($_SESSION['username'], "Delete user <b>$username</b>", 'success');
     }
 
+    /**
+     *  Check if user exists in database and is local
+     */
+    public function userExistsLocal(string $username): bool
+    {
+        return $this->model->userExists($username, 'local');
+    }
+
     /**
      *  Check if user exists in database
      */

www/models/Login.php

@@ -142,14 +142,33 @@ public function getUsers()
     /**
      *  Add a new user in database
      */
-    public function addUser(string $username, string $hashedPassword, string $role)
+    public function addUserLocal(string $username, string $hashedPassword, string $role): void
+    {
+        $this->addUser($username, $hashedPassword, $role, $username, null, null, 'local');
+    }
+
+    /**
+     *  Add a new user in database
+     */
+    public function addUserSSO(string $username, string $firstName, string $lastName, $email, string $role): void
+    {
+        $this->addUser($username, null, $role, $firstName, $lastName, $email, 'sso');
+    }
+
+    /**
+     *  Add a new user in database
+     */
+    public function addUser(string $username, string $hashedPassword = null, string $role, string $firstName, string $lastName = null, string $email = null, string $type): void
     {
         try {
-            $stmt = $this->db->prepare("INSERT INTO users ('Username', 'Password', 'First_name', 'Role', 'State', 'Type') VALUES (:username, :password, :firstName, :role, 'active', 'local')");
+            $stmt = $this->db->prepare("INSERT INTO users ('Username', 'Password', 'First_name', 'Last_name', 'Email', 'Role', 'State', 'Type') VALUES (:username, :password, :firstName, :lastName, :email, :role, 'active', :type)");
             $stmt->bindValue(':username', $username);
             $stmt->bindValue(':password', $hashedPassword);
-            $stmt->bindValue(':firstName', $username);
+            $stmt->bindValue(':firstName', $firstName);
+            $stmt->bindValue(':lastName', $lastName);
+            $stmt->bindValue(':email', $email);
             $stmt->bindValue(':role', $role);
+            $stmt->bindValue(':type', $type);
             $stmt->execute();
         } catch (\Exception $e) {
             $this->db->logError($e);
@@ -162,7 +181,7 @@ public function addUser(string $username, string $hashedPassword, string $role)
     public function edit(string $username, string $firstName = null, string $lastName = null, string $email = null)
     {
         try {
-            $stmt = $this->db->prepare("UPDATE users SET First_name = :firstName, Last_name = :lastName, Email = :email WHERE Username = :username and State = 'active' AND Type = 'local'");
+            $stmt = $this->db->prepare("UPDATE users SET First_name = :firstName, Last_name = :lastName, Email = :email WHERE Username = :username and State = 'active'");
             $stmt->bindValue(':username', $username);
             $stmt->bindValue(':firstName', $firstName);
             $stmt->bindValue(':lastName', $lastName);
@@ -179,7 +198,7 @@ public function edit(string $username, string $firstName = null, string $lastNam
     public function deleteUser(string $id)
     {
         try {
-            $stmt = $this->db->prepare("UPDATE users SET State = 'deleted', Api_key = null, Password = null WHERE Id = :id and Type = 'local'");
+            $stmt = $this->db->prepare("UPDATE users SET State = 'deleted', Api_key = null, Password = null WHERE Id = :id");
             $stmt->bindValue(':id', $id);
             $result = $stmt->execute();
         } catch (\Exception $e) {
@@ -188,14 +207,17 @@ public function deleteUser(string $id)
     }
 
     /**
-     *  Check if user exists by returning its informations
+     *  Check if user exists
      */
-    public function userExists(string $username)
+    public function userExists(string $username, string $type = null): bool
     {
-        $user = '';
-
         try {
-            $stmt = $this->db->prepare("SELECT * FROM users WHERE Username = :username AND State = 'active' AND Type = 'local'");
+            if (empty($type)) {
+                $stmt = $this->db->prepare("SELECT * FROM users WHERE Username = :username AND State = 'active'");
+            } else {
+                $stmt = $this->db->prepare("SELECT * FROM users WHERE Username = :username AND State = 'active' AND Type = :type");
+                $stmt->bindValue(':type', $type);
+            }
             $stmt->bindValue(':username', $username);
             $result = $stmt->execute();
         } catch (\Exception $e) {
@@ -230,12 +252,27 @@ public function updatePassword(string $username, string $hashedPassword)
     public function updateApiKey(string $username, string $apiKey)
     {
         try {
-            $stmt = $this->db->prepare("UPDATE users SET Api_key = :apikey WHERE Username = :username and State = 'active' and Type = 'local'");
+            $stmt = $this->db->prepare("UPDATE users SET Api_key = :apikey WHERE Username = :username and State = 'active'");
             $stmt->bindValue(':username', $username);
             $stmt->bindValue(':apikey', $apiKey);
             $stmt->execute();
         } catch (\Exception $e) {
             $this->db->logError($e);
         }
     }
+
+    /**
+     *  Update user role in database
+     */
+    public function updateRole(string $username, string $role): void
+    {
+        try {
+            $stmt = $this->db->prepare("UPDATE users SET Role = :role WHERE Username = :username and State = 'active'");
+            $stmt->bindValue(':username', $username);
+            $stmt->bindValue(':role', $role);
+            $stmt->execute();
+        } catch (\Exception $e) {
+            $this->db->logError($e);
+        }
+    }
 }

www/views/includes/containers/settings/health.inc.php

@@ -156,6 +156,8 @@
                                     <?php
                                     if ($user['Type'] == 'local') {
                                         echo 'Local account';
+                                    } elseif ($user['Type'] == 'sso') {
+                                        echo 'SSO account';
                                     } ?>
                                 </p>
                             </div>
@@ -165,9 +167,11 @@
                             <div class="flex column-gap-10 justify-end">
                                 <?php
                                 if ($user['Username'] != 'admin') : ?>
+                                    <?php if ($user['Type'] == 'local') : ?>
                                     <p class="reset-password-btn" user-id="<?= $user['Id'] ?>" username="<?= $user['Username'] ?>" title="Reset password of user <?= $user['Username'] ?>">
                                         <img src="/assets/icons/update.svg" class="icon-lowopacity" />
                                     </p>
+                                    <?php endif; ?>
                                     <p class="delete-user-btn" user-id="<?= $user['Id'] ?>" username="<?= $user['Username'] ?>" title="Delete user <?= $user['Username'] ?>">
                                         <img src="/assets/icons/delete.svg" class="icon-lowopacity" />
                                     </p>

www/views/includes/panels/general/userspace.inc.php

@@ -25,19 +25,22 @@
     <form id="user-edit-info" autocomplete="off">
         <input type="hidden" name="username" value="<?= $_SESSION['username'] ?>" />
         <h6>FIRST NAME</h6>
-        <input type="text" class="input-large" name="first-name" value="<?php echo !empty($_SESSION['first_name']) ? $_SESSION['first_name'] : ''; ?>">
+        <input type="text" class="input-large" name="first-name" value="<?php echo !empty($_SESSION['first_name']) ? $_SESSION['first_name'] : ''; ?>" <?php echo $_SESSION['type'] != 'local' ? 'readonly' : ''; ?>>
 
         <h6>LAST NAME</h6>
-        <input type="text" class="input-large" name="last-name" value="<?php echo !empty($_SESSION['last_name']) ? $_SESSION['last_name'] : ''; ?>">
+        <input type="text" class="input-large" name="last-name" value="<?php echo !empty($_SESSION['last_name']) ? $_SESSION['last_name'] : ''; ?>" <?php echo $_SESSION['type'] != 'local' ? 'readonly' : ''; ?>>
 
         <h6>EMAIL</h6>
-        <input type="email" class="input-large" name="email" value="<?php echo !empty($_SESSION['email']) ? $_SESSION['email'] : ''; ?>">
+        <input type="email" class="input-large" name="email" value="<?php echo !empty($_SESSION['email']) ? $_SESSION['email'] : ''; ?>" <?php echo $_SESSION['type'] != 'local' ? 'readonly' : ''; ?>>
 
         <br><br>
-        <button class="btn-small-green">Save</button>
+        <?php if ($_SESSION['type'] == 'local') : ?>
+            <button class="btn-small-green">Save</button>
+        <?php endif; ?>
     </form>
 </div>
 
+<?php if ($_SESSION['type'] == 'local') : ?>
 <h5>CHANGE PASSWORD</h5>
 
 <div>
@@ -56,6 +59,7 @@
         <button class="btn-small-green">Save</button>
     </form>
 </div>
+<?php endif; ?>
 
 <?php
 $content = ob_get_clean();