PHRAS-4007: Auth provider - add keycloak provider - openid (#4462)

* keycloak provider * add readme * comment regenarete password * add exclusive option to provider an column can_renew_passwor to user * default exclusive false * always compatible with psauth * bump image tag .env * bump Version to 4.1.8-rc9 * bump version to rc12 * add autoconnect
2025-10-14 05:23:21 +00:00 · 2024-04-30 15:15:56 +03:00
parent b0eba5217c
commit d6849fd580
32 changed files with 1421 additions and 369 deletions
--- a/lib/classes/patch/418RC12PHRAS4007.php
+++ b/lib/classes/patch/418RC12PHRAS4007.php
@@ -0,0 +1,98 @@
+<?php
+
+use Alchemy\Phrasea\Application;
+use Alchemy\Phrasea\Core\Configuration\PropertyAccess;
+
+class patch_418RC12PHRAS4007 implements patchInterface
+{
+    /** @var string */
+    private $release = '4.1.8-rc12';
+
+    /** @var array */
+    private $concern = [base::APPLICATION_BOX];
+
+    /**
+     * {@inheritdoc}
+     */
+    public function get_release()
+    {
+        return $this->release;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getDoctrineMigrations()
+    {
+        return [];
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function require_all_upgrades()
+    {
+        return false;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function concern()
+    {
+        return $this->concern;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function apply(base $base, Application $app)
+    {
+        if ($base->get_base_type() === base::DATA_BOX) {
+            $this->patch_databox($base, $app);
+        } elseif ($base->get_base_type() === base::APPLICATION_BOX) {
+            $this->patch_appbox($base, $app);
+        }
+
+        return true;
+    }
+
+    private function patch_databox(databox $databox, Application $app)
+    {
+    }
+
+    private function patch_appbox(base $appbox, Application $app)
+    {
+        /** @var PropertyAccess $conf */
+        $conf = $app['conf'];
+
+        $providers = $conf->get(['authentication', 'providers']);
+        $providersType = array_column($app['conf']->get(['authentication', 'providers']), 'type');
+
+        // set an example of setting if not exist
+        if (!in_array('openid', $providersType)) {
+            $providers['openid-1'] = [
+                'enabled' => false,
+                'display' => false,
+                'title' => 'openid 1',
+                'type' => 'openid',
+                'options' => [
+                    'client-id'     => 'client_id',
+                    'client-secret' => 'client_secret',
+                    'base-url'      => 'https://keycloak.phrasea.local',
+                    'realm-name'    => 'phrasea',
+                    'exclusive'     => false,
+                    'icon-uri'      => null,
+                    'birth-group'   => '_firstlog',
+                    'everyone-group' => '_everyone',
+                    'metamodel'     => '_metamodel',
+                    'model-gpfx'    => '_M_',
+                    'model-upfx'    => '_U_',
+                    'auto-logout'   => false
+                ]
+            ];
+
+            $conf->set(['authentication', 'providers'], $providers);
+        }
+    }
+}