From 32250088128754f53fc223b6cf542310d4527c26 Mon Sep 17 00:00:00 2001 From: Iker Ibarguren Date: Thu, 13 Nov 2025 09:08:16 +0100 Subject: [PATCH] Add recipe for pasaia-udala/auth-bundle 1.2. Remove old recipe. (#1879) * Add recipe for pasaia-udala/auth-bundle 1.2 (euskeraz) * Remove empty security.yaml to fix validation error * Add security.yaml with complete authentication configuration * Add Symfony Flex recipe and remove deprecated old recipe - Added complete .recipe/ structure for automatic installation - Includes security.yaml with LDAP and Certificate authenticators - Removed old unused recipe * Fix YAML indentation to 4 spaces as required by recipes-contrib * Add default value for LDAP_ENCRYPTION env var to fix validation * Remove parameters section and hardcode encryption default value * Trigger CI: bundle now requires PHP >= 8.1 (v1.2.1) * Remove security.yaml to avoid overriding user's security configuration * Translate post-install.txt to english and add security.yaml example --- .../config/packages/pasaiako_udala_auth.yaml | 23 +++++++ .../config/routes/pasaiako_udala_auth.yaml | 23 +++++++ pasaia-udala/auth-bundle/1.2/manifest.json | 16 +++++ pasaia-udala/auth-bundle/1.2/post-install.txt | 69 +++++++++++++++++++ .../config/packages/pasaiako_udala_auth.yaml | 5 -- .../0.1/config/packages/security.yaml.dist | 27 -------- .../config/routes/pasaiako_udala_auth.yaml | 3 - pasaiakoudala/authbundle/0.1/manifest.json | 14 ---- pasaiakoudala/authbundle/0.1/post-install.txt | 6 -- 9 files changed, 131 insertions(+), 55 deletions(-) create mode 100644 pasaia-udala/auth-bundle/1.2/config/packages/pasaiako_udala_auth.yaml create mode 100644 pasaia-udala/auth-bundle/1.2/config/routes/pasaiako_udala_auth.yaml create mode 100644 pasaia-udala/auth-bundle/1.2/manifest.json create mode 100644 pasaia-udala/auth-bundle/1.2/post-install.txt delete mode 100644 pasaiakoudala/authbundle/0.1/config/packages/pasaiako_udala_auth.yaml delete mode 100644 pasaiakoudala/authbundle/0.1/config/packages/security.yaml.dist delete mode 100644 pasaiakoudala/authbundle/0.1/config/routes/pasaiako_udala_auth.yaml delete mode 100644 pasaiakoudala/authbundle/0.1/manifest.json delete mode 100644 pasaiakoudala/authbundle/0.1/post-install.txt diff --git a/pasaia-udala/auth-bundle/1.2/config/packages/pasaiako_udala_auth.yaml b/pasaia-udala/auth-bundle/1.2/config/packages/pasaiako_udala_auth.yaml new file mode 100644 index 00000000..aff5e827 --- /dev/null +++ b/pasaia-udala/auth-bundle/1.2/config/packages/pasaiako_udala_auth.yaml @@ -0,0 +1,23 @@ +pasaiako_udala_auth: + server: + host: '%env(LDAP_HOST)%' + port: '%env(int:LDAP_PORT)%' + encryption: 'none' + base_dn: '%env(LDAP_BASE_DN)%' + user_dn_pattern: '%env(LDAP_USER_DN_PATTERN)%' + bind_dn: '%env(default::LDAP_BIND_DN)%' + bind_password: '%env(default::LDAP_BIND_PASSWORD)%' + + role_mapping: + # Mapea tus grupos LDAP a roles de Symfony + # Ejemplo: + # informatika: ROLE_ADMIN + # langilea: ROLE_USER + + default_role: ROLE_USER + + group_search: + enabled: true + base_dn: null + filter: '(member={user_dn})' + recursive: true diff --git a/pasaia-udala/auth-bundle/1.2/config/routes/pasaiako_udala_auth.yaml b/pasaia-udala/auth-bundle/1.2/config/routes/pasaiako_udala_auth.yaml new file mode 100644 index 00000000..7b056904 --- /dev/null +++ b/pasaia-udala/auth-bundle/1.2/config/routes/pasaiako_udala_auth.yaml @@ -0,0 +1,23 @@ +# Rutas del bundle de autenticación (ejemplo - personalizar según necesidad) +# Descomentar y adaptar según tu aplicación + +# app_auth_selector: +# path: /auth-selector +# controller: App\Controller\SecurityController::authSelector + +# app_login_ldap: +# path: /login/ldap +# controller: App\Controller\SecurityController::loginLdap + +# app_logout: +# path: /logout +# methods: GET + +# OAuth2 routes (si usas autenticación por certificado) +# app_oauth_connect: +# path: /oauth/connect +# controller: App\Controller\OAuth2Controller::connect + +# app_oauth_check: +# path: /oauth/check +# controller: App\Controller\OAuth2Controller::check diff --git a/pasaia-udala/auth-bundle/1.2/manifest.json b/pasaia-udala/auth-bundle/1.2/manifest.json new file mode 100644 index 00000000..8d4eb692 --- /dev/null +++ b/pasaia-udala/auth-bundle/1.2/manifest.json @@ -0,0 +1,16 @@ +{ + "bundles": { + "PasaiaUdala\\AuthBundle\\PasaiakoUdalaAuthBundle": ["all"] + }, + "copy-from-recipe": { + "config/": "%CONFIG_DIR%/" + }, + "env": { + "LDAP_HOST": "ldap.example.com", + "LDAP_PORT": "389", + "LDAP_BASE_DN": "dc=example,dc=com", + "LDAP_USER_DN_PATTERN": "uid={username},ou=users,dc=example,dc=com", + "LDAP_BIND_DN": "", + "LDAP_BIND_PASSWORD": "" + } +} diff --git a/pasaia-udala/auth-bundle/1.2/post-install.txt b/pasaia-udala/auth-bundle/1.2/post-install.txt new file mode 100644 index 00000000..7df98386 --- /dev/null +++ b/pasaia-udala/auth-bundle/1.2/post-install.txt @@ -0,0 +1,69 @@ +# PasaiakoUdalaAuthBundle - Post-install message + +## Configuration completed + +The **PasaiakoUdalaAuthBundle** has been installed successfully. + +### Next steps + +1. **Configure environment variables** in your `.env` file: + - Update values for `LDAP_HOST`, `LDAP_BASE_DN`, `LDAP_USER_DN_PATTERN`, etc. + - Set `LDAP_BIND_DN` and `LDAP_BIND_PASSWORD` if your LDAP server requires a service account for searches. + +2. **Review the configuration** in `config/packages/pasaiako_udala_auth.yaml`: + - Adjust LDAP-to-Symfony role mapping under the `role_mapping` section. + - Verify the LDAP server parameters match your infrastructure. + +3. **Configure Symfony Security** in `config/packages/security.yaml`. + + Add this configuration to your `config/packages/security.yaml` file: + + ```yaml + security: + providers: + ldap_user_provider: + id: PasaiaUdala\AuthBundle\Security\LdapUserProvider + + firewalls: + main: + lazy: true + provider: ldap_user_provider + entry_point: PasaiaUdala\AuthBundle\Security\LdapAuthenticator + + custom_authenticators: + - PasaiaUdala\AuthBundle\Security\LdapAuthenticator + - PasaiaUdala\AuthBundle\Security\CertificateAuthenticator + + logout: + path: app_logout + target: app_auth_selector + + access_control: + - { path: ^/login, roles: PUBLIC_ACCESS } + - { path: ^/oauth, roles: PUBLIC_ACCESS } + - { path: ^/auth-selector, roles: PUBLIC_ACCESS } + - { path: ^/, roles: ROLE_USER } + ``` + + **IMPORTANT**: If you use multiple authenticators, define the `entry_point`. + +4. **Create controllers** if they do not exist: + - `SecurityController` to handle LDAP login and the auth selector. + - `OAuth2Controller` if you use certificate-based (Izenpe) authentication. + - See the bundle documentation at `vendor/pasaia-udala/auth-bundle/docs/INSTALLATION.md` for details. + +5. **Verify the installation**: + ```bash + php bin/console debug:container | grep -i ldap + php bin/console debug:config pasaiako_udala_auth + ``` + +### Additional documentation + +- Full installation guide: `vendor/pasaia-udala/auth-bundle/docs/INSTALLATION.md` +- Advanced LDAP configuration: `vendor/pasaia-udala/auth-bundle/docs/LDAP.md` +- Izenpe / OAuth2 configuration: `vendor/pasaia-udala/auth-bundle/docs/IZENPE.md` +- Customizing templates: `vendor/pasaia-udala/auth-bundle/docs/TEMPLATES.md` +- Troubleshooting: `vendor/pasaia-udala/auth-bundle/docs/TROUBLESHOOTING.md` + +Thank you! diff --git a/pasaiakoudala/authbundle/0.1/config/packages/pasaiako_udala_auth.yaml b/pasaiakoudala/authbundle/0.1/config/packages/pasaiako_udala_auth.yaml deleted file mode 100644 index 813187f2..00000000 --- a/pasaiakoudala/authbundle/0.1/config/packages/pasaiako_udala_auth.yaml +++ /dev/null @@ -1,5 +0,0 @@ -pasaiako_udala_auth: - route_after_successfull_login: "default" - LDAP_ADMIN_TALDEAK: "Rol-taldea1, Rol-taldea2" - LDAP_KUDEATU_TALDEAK: "Rol-taldea1, Rol-taldea2" - LDAP_USER_TALDEA: "Rol-taldea1, Rol-taldea2" diff --git a/pasaiakoudala/authbundle/0.1/config/packages/security.yaml.dist b/pasaiakoudala/authbundle/0.1/config/packages/security.yaml.dist deleted file mode 100644 index ec06e106..00000000 --- a/pasaiakoudala/authbundle/0.1/config/packages/security.yaml.dist +++ /dev/null @@ -1,27 +0,0 @@ -security: - enable_authenticator_manager: true - password_hashers: - PasaiakoUdala\AuthBundle\Entity\User: - algorithm: auto - - providers: - database_users: - entity: { class: PasaiakoUdala\AuthBundle\Entity\User, property: username } - - firewalls: - dev: - pattern: ^/(_(profiler|wdt)|css|images|js)/ - security: false - main: - # pattern: ^/ - lazy: true - provider: database_users - custom_authenticator: paud.form.auth - logout: - path: pasaiakoudala_auth_logout - # target: default - - - access_control: - # - { path: ^/login, roles: PUBLIC_ACCESS } - - { path: ^/admin, roles: ROLE_ADMIN } diff --git a/pasaiakoudala/authbundle/0.1/config/routes/pasaiako_udala_auth.yaml b/pasaiakoudala/authbundle/0.1/config/routes/pasaiako_udala_auth.yaml deleted file mode 100644 index a1a18000..00000000 --- a/pasaiakoudala/authbundle/0.1/config/routes/pasaiako_udala_auth.yaml +++ /dev/null @@ -1,3 +0,0 @@ -pasaiako_udala_auth: - resource: '@PasaiakoUdalaAuthBundle/Resources/config/routes.xml' - prefix: / diff --git a/pasaiakoudala/authbundle/0.1/manifest.json b/pasaiakoudala/authbundle/0.1/manifest.json deleted file mode 100644 index c602e544..00000000 --- a/pasaiakoudala/authbundle/0.1/manifest.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "bundles": { - "PasaiakoUdala\\AuthBundle\\PasaiakoUdalaAuthBundle": ["all"] - }, - "copy-from-recipe": { - "config/": "%CONFIG_DIR%/" - }, - "env": { - "LDAP_IP": "XXX.XXX.XXX.XXX", - "LDAP_BASE_DN": "DC=DOMAIN,DC=net", - "LDAP_SEARCH_DN": "CN=LDAPUSER,CN=Users,DC=pasaia,DC=net", - "LDAP_PASSWD": "LDAP_PASSWD" - } -} diff --git a/pasaiakoudala/authbundle/0.1/post-install.txt b/pasaiakoudala/authbundle/0.1/post-install.txt deleted file mode 100644 index 3b0726f9..00000000 --- a/pasaiakoudala/authbundle/0.1/post-install.txt +++ /dev/null @@ -1,6 +0,0 @@ -* eguneratu datu basea, erabiltzailearen taula sortzeko -php bin/console - -* moldatu security.yaml fitxategia -rm config/package/security.yaml -mv config/package/security.yaml.dist config/package/security.yaml