feat: get authsources configuration from database

italia · Jun 22, 2023 · 5dffcb1 · 5dffcb1
1 parent 7bd048e
commit 5dffcb1
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 9 deletions.
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "config": {
-        "version": "3.15.1",
+        "version": "3.16.0",
         "allow-plugins": {
             "simplesamlphp/composer-module-installer": true
         }

diff --git a/setup/config/authsources.tpl b/setup/config/authsources.tpl
@@ -1,11 +1,56 @@
-<?php
+<?php 
 
-$config = array(
-    'admin' => array(
-        'core:AdminPassword',
-    ),
+use SimpleSAML\Configuration;
+use SimpleSAML\Database;
 
-    {{AUTHSOURCE_SPID}}
+define('AUTHSOURCES_DATABASE_TABLE', 'authsources');
+
+$ssp_config = Configuration::getInstance();
+$authsources_storage = $ssp_config->getString('authsources.storage', 'file');
+
+if($authsources_storage=='database') {
+
+    $db = Database::getInstance();
+    $authsources_database_table = $ssp_config->getString('authsources.database_table', AUTHSOURCES_DATABASE_TABLE);
+
+    // create table if not exists
+    $db->write(sprintf("
+        CREATE TABLE IF NOT EXISTS $authsources_database_table (
+            `id` VARCHAR(255) PRIMARY KEY NOT NULL, 
+            `entity_data` JSON NOT NULL,
+            `_disabled` enum('N','Y') NOT NULL DEFAULT 'N'
+        );
+    "));
+    
+    // get config from database
+    $statement = $db->read("SELECT `id`, `entity_data` FROM `" . $authsources_database_table . "` WHERE `_disabled`='N'");
+    $authsources = $statement->fetchAll();
     
-    {{AUTHSOURCE_CIE}}
-);
+    $config = [
+        // This is a authentication source which handles admin authentication.
+        'admin' => [
+            // The default is to use core:AdminPassword, but it can be replaced with
+            // any authentication source.
+
+            'core:AdminPassword',
+        ],
+    ];
+
+    // compile config
+    foreach($authsources as $as) {
+        $config[$as['id']] = json_decode($as['entity_data'], true);
+    }
+
+} else {
+
+    $config = array(
+        'admin' => array(
+            'core:AdminPassword',
+        ),
+
+        {{AUTHSOURCE_SPID}}
+
+        {{AUTHSOURCE_CIE}}
+    );
+
+}
diff --git a/setup/config/config.tpl b/setup/config/config.tpl
@@ -235,6 +235,14 @@ $config = array(
      */
     'database.persistent' => false,
 
+    /*
+     * Authsources storage
+     * if authsources.storage => 'database' get authsource configuration from database table 'authsources.database_table'
+     * else get authsource configuration from file /config/authsources.php (as default)
+     */
+    'authsources.storage' => 'file',
+    'authsources.database_table' => 'authsources',
+
     /*
      * Database slave configuration is optional as well. If you are only
      * running a single database server, leave this blank. If you have