From e67d5dbe63c6ec415174e8a1d5e8618f96fde604 Mon Sep 17 00:00:00 2001
From: ubc-tuehoang <tuehoang@yahoo.com>
Date: Tue, 19 Nov 2024 11:21:24 -0800
Subject: [PATCH] updating guard to test

---
 Boxfile                       |   2 +-
 Dockerfile                    |   2 +-
 app/config/guard-override.php | 104 ++++++++++++++++++++++++++++++++++
 3 files changed, 106 insertions(+), 2 deletions(-)
 create mode 100644 app/config/guard-override.php

diff --git a/Boxfile b/Boxfile
index 8fc36b3fb..bd538c049 100644
--- a/Boxfile
+++ b/Boxfile
@@ -16,7 +16,7 @@ web1:
   php_display_errors: "0"
   after_build:
     - "mv app/config/database.pagoda.php app/config/database.php"
-    - "mv app/plugins/guard/config/guard_default.php app/config/guard.php"
+    - "mv app/config/guard-override.php app/config/guard.php"
   cron:
     - "*/15 * * * *": "cake/console/cake send_emails"
 db1:
diff --git a/Dockerfile b/Dockerfile
index 6847c1ae8..4b2b1ba71 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.0-fpm
+FROM php:8.3-fpm
 
 RUN apt-get update && apt-get install --no-install-recommends --no-install-suggests  -y \
         libpng-dev \
diff --git a/app/config/guard-override.php b/app/config/guard-override.php
new file mode 100644
index 000000000..924f63a12
--- /dev/null
+++ b/app/config/guard-override.php
@@ -0,0 +1,104 @@
+<?php
+
+//$config['Guard.AuthModule.Name'] = 'Ldap';    // Using LDAP module
+//$config['Guard.AuthModule.Name'] = 'Shibboleth';    // Using Shibboleth module
+//$config['Guard.AuthModule.Name'] = getenv('IPEER_AUTH') ? getenv('IPEER_AUTH') : 'Default';     // Using default (build-in) module
+
+$config['Guard.AuthModule.Name'] = 'Default';   
+
+$config['Guard.AuthModule.Default'] = array();
+$config['Guard.AuthModule.Shibboleth'] = array(
+    'sessionInitiatorURL' => 'https://%HOST%/Shibboleth.sso/Login',
+    'logoutURL'           => 'https://%HOST%/Shibboleth.sso/Logout',
+    'fieldMapping'        => array(
+        'eppn'        => 'username',
+        'affiliation' => 'role',
+    ),
+    'mappingRules'        => array(
+        'eppn'        => array('/@ubc.ca/' => ''),
+        'affiliation' => array('/staff@ubc.ca/' => 'admin'),
+    ),
+    'loginError'          => 'You have successfully logged in through Shibboleth. But you do not have access this appliction.',
+    'loginImageButton'    => '',
+    'loginTextButton'     => 'Login',
+);
+
+$config['Guard.AuthModule.Ldap'] = array(
+    'host' => 'ldaps://ldap.school.ca/',
+    'port' => 636,
+    'serviceUsername' => 'uid=USERNAME, ou=Special Users, o=school.ca', // username to connect to LDAP
+    'servicePassword' => 'PASSWORD', // password to connect to LDAP
+    'baseDn' => 'ou=Campus Login, o=school.ca',
+    'usernameField' => 'uid',
+    'attributeSearchFilters' => array(
+//        'uid',
+    ),
+    'attributeMap' => array(
+//        'username' => 'uid',
+    ),
+    'fallbackInternal' => true,
+);
+
+$config['Guard.AuthModule.Cwl'] = array(
+    'sessionInitiatorURL' => 'https://www.auth.cwl.ubc.ca/auth/login',
+    'applicationID'       => 'ServiceName',
+    'applicationPassword' => 'ServicePassword',
+    'fieldMapping'        => array(
+        'eppn'        => 'username',
+        'affiliation' => 'role',
+    ),
+    'mappingRules'        => array(
+        'eppn'        => array('/@ubc.ca/' => ''),
+        'affiliation' => array('/staff@ubc.ca/' => 'admin'),
+    ),
+    'loginError'          => 'You have successfully logged in. But you do not have access this appliction.',
+    'loginImageButton'    => '',
+    'loginTextButton'     => 'Login',
+    // CWL XML-RPC interface URLs: https://www.auth.verf.cwl.ubc.ca/auth/rpc (for verification)
+    //                             https://www.auth.cwl.ubc.ca/auth/rpc
+    'RPCURL'              => "https://www.auth.cwl.ubc.ca",
+    'RPCPath'             => "/auth/rpc",
+
+    /**
+     * the name of the function being called through XML-RPC. this is
+     * prepended with 'session.' later
+     */
+    //$CWLFunctionName    => 'getLoginName',
+    'functionName'        => 'getIdentities',
+
+    /**
+     * the application's ID/name and password as given by the CWL team
+     */
+    'applicationID'       => '',
+    'applicationPassword' => '',
+);
+
+function override_from_env(&$config) {
+    $prefix = 'IPEER_AUTH_'.strtoupper($config['Guard.AuthModule.Name']).'_';
+    $auth_config = &$config['Guard.AuthModule.' . $config['Guard.AuthModule.Name']];
+    foreach($_ENV as $k => $v) {
+        if (0 === strpos($k, $prefix)) {
+            $key_str = substr($k, strlen($prefix)-strlen($k));
+            $keys = explode('_', $key_str);
+            $step = &$auth_config;
+            foreach($keys as $i => $key) {
+                if (!array_key_exists($key, $step)) {
+                    $step[$key] = ($i == count($keys) - 1) ? $v : array();
+                }elseif (array_key_exists($key, $step) && $i == count($keys) - 1) {
+                    if (is_bool($step[$key])) {
+                        $step[$key] = filter_var($v, FILTER_VALIDATE_BOOLEAN);
+                    } elseif (is_int($step[$key])) {
+                        $step[$key] = filter_var($v, FILTER_VALIDATE_INT);
+                    } elseif (is_array($step[$key])) {
+                        $step[$key] = json_decode($v, true);
+                    } else {
+                        $step[$key] = $v;
+                    }
+                }
+                $step = &$step[$key];
+            }
+        }
+    }
+}
+
+override_from_env($config);
\ No newline at end of file