Initial implementation of Authenticators, PasswordAuthenticator, and …

…SshKeyAuthenticator (CFM-43, CFM-181, CFM-183)

README.md

@@ -1,5 +1,5 @@
 # COmanage Registry (Pupal Eclosion)
 
-This is the development repository for COmanage Registry v5.0.0.
+This is the repository for COmanage Registry v5+.
 
-For production deployments, see [this repository](https://github.com/Internet2/comanage-registry) instead.
+For v4, see [this repository](https://github.com/Internet2/comanage-registry) instead.

app/availableplugins/PasswordAuthenticator/README.md

@@ -0,0 +1,11 @@
+# PasswordAuthenticator plugin for CakePHP
+
+## Installation
+
+You can install this plugin into your CakePHP application using [composer](https://getcomposer.org).
+
+The recommended way to install composer packages is:
+
+```
+composer require your-name-here/password-authenticator
+```

app/availableplugins/PasswordAuthenticator/composer.json

@@ -0,0 +1,24 @@
+{
+    "name": "your-name-here/password-authenticator",
+    "description": "PasswordAuthenticator plugin for CakePHP",
+    "type": "cakephp-plugin",
+    "license": "MIT",
+    "require": {
+        "php": ">=7.2",
+        "cakephp/cakephp": "4.6.*"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^8.5 || ^9.3"
+    },
+    "autoload": {
+        "psr-4": {
+            "PasswordAuthenticator\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "PasswordAuthenticator\\Test\\": "tests/",
+            "Cake\\Test\\": "vendor/cakephp/cakephp/tests/"
+        }
+    }
+}

app/availableplugins/PasswordAuthenticator/config/plugin.json

@@ -0,0 +1,39 @@
+{
+  "types": {
+    "authenticator": [
+      "PasswordAuthenticators"
+    ]
+  },
+  "schema": {
+    "tables": {
+      "password_authenticators": {
+        "columns": {
+          "id": {},
+          "authenticator_id": {},
+          "source_mode": { "type": "string", "size": 2 },
+          "min_length": { "type": "integer" },
+          "max_length": { "type": "integer" },
+          "format_crypt_php": { "type": "boolean" },
+          "format_plaintext": { "type": "boolean" },
+          "format_sha1_ldap": { "type": "boolean" }
+        },
+        "indexes": {
+          "password_authenticators_i1": { "columns": [ "authenticator_id" ]}
+        }
+      },
+      "passwords": {
+        "columns": {
+          "id": {},
+          "password_authenticator_id": { "type": "integer", "foreignkey": { "table": "password_authenticators", "column": "id" }, "notnull": true },
+          "person_id": {},
+          "password": { "type": "string", "size": 256 },
+          "type": { "type": "string", "size": 2 }
+        },
+        "indexes": {
+          "passwords_i1": { "columns": [ "password_authenticator_id" ]},
+          "passwords_i2": { "columns": [ "person_id" ]}
+        }
+      }
+    }
+  }
+}

app/availableplugins/PasswordAuthenticator/phpunit.xml.dist

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+    colors="true"
+    processIsolation="false"
+    stopOnFailure="false"
+    bootstrap="tests/bootstrap.php"
+    >
+    <php>
+        <ini name="memory_limit" value="-1"/>
+        <ini name="apc.enable_cli" value="1"/>
+    </php>
+
+    <!-- Add any additional test suites you want to run here -->
+    <testsuites>
+        <testsuite name="PasswordAuthenticator">
+            <directory>tests/TestCase/</directory>
+        </testsuite>
+    </testsuites>
+
+    <!-- Setup fixture extension -->
+    <extensions>
+        <extension class="Cake\TestSuite\Fixture\PHPUnitExtension" />
+    </extensions>
+
+    <filter>
+        <whitelist>
+            <directory suffix=".php">src/</directory>
+        </whitelist>
+    </filter>
+</phpunit>

app/availableplugins/PasswordAuthenticator/resources/locales/en_US/password_authenticator.po

@@ -0,0 +1,107 @@
+# COmanage Registry Localizations (password_authenticator domain)
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @link          https://www.internet2.edu/comanage COmanage Project
+# @package       registry-plugins
+# @since         COmanage Registry v5.2.0
+# @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+
+msgid "controller.PasswordAuthenticators"
+msgstr "{0,plural,=1{Password Authenticator} other{Password Authenticators}}"
+
+msgid "controller.Passwords"
+msgstr "{0,plural,=1{Password} other{Passwords}}"
+
+msgid "enumeration.PasswordEncodingEnum.CR"
+msgstr "Crypt"
+
+msgid "enumeration.PasswordEncodingEnum.EX"
+msgstr "External"
+
+msgid "enumeration.PasswordEncodingEnum.NO"
+msgstr "Plain"
+
+msgid "enumeration.PasswordEncodingEnum.SH"
+msgstr "SSHA"
+
+msgid "enumeration.PasswordSourceEnum.AG"
+msgstr "Autogenerate"
+
+msgid "enumeration.PasswordSourceEnum.EX"
+msgstr "External"
+
+msgid "enumeration.PasswordSourceEnum.SL"
+msgstr "Self Select"
+
+msgid "error.Passwords.current"
+msgstr "Incorrect current password"
+
+msgid "error.Passwords.len.max"
+msgstr "Password cannot be more than {0} characters"
+
+msgid "error.Passwords.len.min"
+msgstr "Password must be at least {0} characters"
+
+msgid "error.Passwords.match"
+msgstr "New passwords do not match"
+
+msgid "field.PasswordAuthenticators.source_mode"
+msgstr "Password Source"
+
+msgid "field.PasswordAuthenticators.min_length"
+msgstr "Minimum Password Length"
+
+msgid "field.PasswordAuthenticators.min_length.desc"
+msgstr "Must be between 8 and 64 characters (inclusive), default is 8"
+
+msgid "field.PasswordAuthenticators.max_length"
+msgstr "Maximum Password Length"
+
+msgid "field.PasswordAuthenticators.max_length.desc"
+msgstr "Must be between 8 and 64 characters (inclusive), default is 64 for Self Select and 16 for Autogenerate"
+
+msgid "field.PasswordAuthenticators.format_crypt_php"
+msgstr "Store as Crypt"
+
+msgid "field.PasswordAuthenticators.format_crypt_php.desc"
+msgstr "The password will be stored in Crypt format (required for Self Select)"
+
+msgid "field.PasswordAuthenticators.format_plaintext"
+msgstr "Store as Plain Text"
+
+msgid "field.PasswordAuthenticators.format_plaintext.desc"
+msgstr "If enabled, the password will be stored unhashed in the database"
+
+msgid "field.PasswordAuthenticators.format_sha1_ldap"
+msgstr "Store as Salted SHA 1"
+
+msgid "field.PasswordAuthenticators.format_sha1_ldap.desc"
+msgstr "If enabled, the password will be stored in Salted SHA 1 format"
+
+msgid "field.Passwords.password2"
+msgstr "Password (Again)"
+
+msgid "operation.set"
+msgstr "Set Password for {0}"
+
+msgid "result.Passwords.modified"
+msgstr "Last changed {0} UTC"
+
+msgid "result.Passwords.set"
+msgstr "Password {0} Set"

app/availableplugins/PasswordAuthenticator/src/Controller/AppController.php

@@ -0,0 +1,10 @@
+<?php
+declare(strict_types=1);
+
+namespace PasswordAuthenticator\Controller;
+
+use App\Controller\AppController as BaseController;
+
+class AppController extends BaseController
+{
+}

app/availableplugins/PasswordAuthenticator/src/Controller/PasswordAuthenticatorsController.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * COmanage Registry Password Authenticators Controller
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.2.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PasswordAuthenticator\Controller;
+
+use App\Controller\StandardPluginController;
+
+class PasswordAuthenticatorsController extends StandardPluginController {
+  public $paginate = [
+    'order' => [
+      'PasswordAuthenticators.id' => 'asc'
+    ]
+  ];
+}

app/availableplugins/PasswordAuthenticator/src/Controller/PasswordsController.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * COmanage Registry Passwords Controller
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.2.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types=1);
+
+namespace PasswordAuthenticator\Controller;
+
+use Cake\ORM\TableRegistry;
+use App\Controller\SingleAuthenticatorController;
+use App\Lib\Enum\ProvisioningContextEnum;
+
+class PasswordsController extends SingleAuthenticatorController {
+  public $paginate = [
+    'order' => [
+      'Passwords.id' => 'asc'
+    ]
+  ];
+}

app/availableplugins/PasswordAuthenticator/src/Lib/Enum/PasswordEncodingEnum.php

@@ -0,0 +1,39 @@
+<?php
+/**
+ * COmanage Registry Password Encoding Enum
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.2.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types = 1);
+
+namespace PasswordAuthenticator\Lib\Enum;
+
+use App\Lib\Enum\StandardEnum;
+
+class PasswordEncodingEnum extends StandardEnum {
+  const Crypt    = 'CR';    // Crypt/bcrypt/etc as implemented by php's password_hash
+  const External = 'EX';    // Externally defined (ie: managed outside of Registry)
+  const Plain    = 'NO';    // Not hashed
+  const SSHA     = 'SH';    // Salted SHA 1 as intended for LDAP
+}

app/availableplugins/PasswordAuthenticator/src/Lib/Enum/PasswordSourceEnum.php

@@ -0,0 +1,38 @@
+<?php
+/**
+ * COmanage Registry Password Source Enum
+ *
+ * Portions licensed to the University Corporation for Advanced Internet
+ * Development, Inc. ("UCAID") under one or more contributor license agreements.
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * @link          https://www.internet2.edu/comanage COmanage Project
+ * @package       registry-plugins
+ * @since         COmanage Registry v5.2.0
+ * @license       Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ */
+
+declare(strict_types = 1);
+
+namespace PasswordAuthenticator\Lib\Enum;
+
+use App\Lib\Enum\StandardEnum;
+
+class PasswordSourceEnum extends StandardEnum {
+  const Autogenerate  = 'AG';
+  const External      = 'EX'; // ie: set over API
+  const SelfSelect    = 'SL';
+}