cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

new: [password auth] added setting to disable password auth 

- not needed in some cases for keycloak enabled instances
pull/92/head
iglocska 2022-02-25 00:33:00 +01:00
parent 79459838eb
commit 4902a3f8a6
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
3 changed files with 58 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/Model/Table/SettingProviders/CerebrateSettingsProvider.php
View File

@ -151,6 +151,17 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
],
'Authentication' => [
'Providers' => [
'PasswordAuth' => [
'password_auth.enabled' => [
'name' => 'Disable password authentication',
'type' => 'boolean',
'severity' => 'warning',
'description' => __('Enable username/password authentication.'),
'default' => true,
'test' => 'testEnabledAuth',
'authentication_type' => 'password_auth'
],
],
'KeyCloak' => [
'keycloak.enabled' => [
'name' => 'Enabled',
@ -158,6 +169,7 @@ class CerebrateSettingsProvider extends BaseSettingsProvider
'severity' => 'warning',
'description' => __('Enable keycloak authentication'),
'default' => false,
'authentication_type' => 'keycloak'
],
'keycloak.provider.applicationId' => [
'name' => 'Client ID',
@ -374,4 +386,24 @@ class CerebrateSettingValidator extends SettingValidator
}
return true;
}
public function testEnabledAuth($value, &$setting)
{
$providers = [
'password_auth',
'keycloak'
];
if (!$value) {
$foundEnabledAuth = __('Cannot make change - this would disable every possible authentication method.');
foreach ($providers as $provider) {
if ($provider !== $setting['authentication_type']) {
if (Configure::read($provider . '.enable')) {
$foundEnabledAuth = true;
}
}
}
return $foundEnabledAuth;
}
return true;
}
}

15
templates/Users/add.php
View File

@ -1,6 +1,11 @@
<?php
use Cake\Core\Configure;
$passwordRequired = false;
if ($this->request->getParam('action') === 'add') {
$dropdownData['individual'] = ['new' => __('New individual')] + $dropdownData['individual'];
if (!Configure::check('password_auth.enabled') || Configure::read('password_auth.enabled')) {
$passwordRequired = 'required';
}
}
echo $this->element('genericElements/Form/genericForm', [
'data' => [
@ -54,16 +59,18 @@
'field' => 'password',
'label' => __('Password'),
'type' => 'password',
'required' => $this->request->getParam('action') === 'add' ? 'required' : false,
'required' => $passwordRequired,
'autocomplete' => 'new-password',
'value' => ''
'value' => '',
'requirements' => (bool)$passwordRequired
],
[
'field' => 'confirm_password',
'label' => __('Confirm Password'),
'type' => 'password',
'required' => $this->request->getParam('action') === 'add' ? 'required' : false,
'autocomplete' => 'off'
'required' => $passwordRequired,
'autocomplete' => 'off',
'requirements' => (bool)$passwordRequired
],
[
'field' => 'role_id',

27
templates/Users/login.php
View File

@ -12,26 +12,29 @@ use Cake\Core\Configure;
'style' => ['filter: drop-shadow(4px 4px 4px #924da666);']
])
);
echo sprintf('<h4 class="text-uppercase fw-light mb-3">%s</h4>', __('Sign In'));
$template = [
'inputContainer' => '<div class="form-floating input {{type}}{{required}}">{{content}}</div>',
'formGroup' => '{{input}}{{label}}',
'submitContainer' => '<div class="submit d-grid">{{content}}</div>',
];
$this->Form->setTemplates($template);
echo $this->Form->create(null, ['url' => ['controller' => 'users', 'action' => 'login']]);
echo $this->Form->control('username', ['label' => 'Username', 'class' => 'form-control mb-2', 'placeholder' => __('Username')]);
echo $this->Form->control('password', ['type' => 'password', 'label' => 'Password', 'class' => 'form-control mb-3', 'placeholder' => __('Password')]);
echo $this->Form->control(__('Login'), ['type' => 'submit', 'class' => 'btn btn-primary']);
echo $this->Form->end();
if (!empty(Configure::read('security.registration.self-registration'))) {
echo '<div class="text-end">';
echo sprintf('<span class="text-secondary ms-auto" style="font-size: 0.8rem">%s <a href="/users/register" class="text-decoration-none link-primary fw-bold">%s</a></span>', __('Doesn\'t have an account?'), __('Sign up'));
echo '</div>';
if (!Configure::check('password_auth.enabled') || Configure::read('password_auth.enabled')) {
echo sprintf('<h4 class="text-uppercase fw-light mb-3">%s</h4>', __('Sign In'));
echo $this->Form->create(null, ['url' => ['controller' => 'users', 'action' => 'login']]);
echo $this->Form->control('username', ['label' => 'Username', 'class' => 'form-control mb-2', 'placeholder' => __('Username')]);
echo $this->Form->control('password', ['type' => 'password', 'label' => 'Password', 'class' => 'form-control mb-3', 'placeholder' => __('Password')]);
echo $this->Form->control(__('Login'), ['type' => 'submit', 'class' => 'btn btn-primary']);
echo $this->Form->end();
if (!empty(Configure::read('security.registration.self-registration'))) {
echo '<div class="text-end">';
echo sprintf('<span class="text-secondary ms-auto" style="font-size: 0.8rem">%s <a href="/users/register" class="text-decoration-none link-primary fw-bold">%s</a></span>', __('Don\'t have an account?'), __('Sign up'));
echo '</div>';
}
if (!empty(Configure::read('keycloak.enabled'))) {
echo sprintf('<div class="d-flex align-items-center my-2"><hr class="d-inline-block flex-grow-1"/><span class="mx-3 fw-light">%s</span><hr class="d-inline-block flex-grow-1"/></div>', __('Or'));
}
}
if (!empty(Configure::read('keycloak.enabled'))) {
echo sprintf('<div class="d-flex align-items-center my-2"><hr class="d-inline-block flex-grow-1"/><span class="mx-3 fw-light">%s</span><hr class="d-inline-block flex-grow-1"/></div>', __('Or'));
echo $this->Form->create(null, [
'url' => Cake\Routing\Router::url([
'prefix' => false,