Login Keycloak solo per utenti autorizzati

2025-11-14 11:44:52 +01:00
parent cf4cb2679b
commit 9c2ea5b8ff
3 changed files with 41 additions and 4 deletions
--- a/docker/php/config.php
+++ b/docker/php/config.php
@@ -43,5 +43,8 @@ if (AUTH_TYPE === 'keycloak') {
    if (!defined('KEYCLOAK_CLIENT_SECRET')) {
        define('KEYCLOAK_CLIENT_SECRET',''); // Client Secret per Keycloak (ad esempio abcdefghijklm)
    }
    if (!defined('KEYCLOAK_ALLOWED_USERS')) {
        define('KEYCLOAK_ALLOWED_USERS',[]); // Contiene i nomi utente degli utenti autorizzati ad accedere all'amministrazione
    }
 }
 ?>
--- a/htdocs/admin/login.php
+++ b/htdocs/admin/login.php
@@ -72,10 +72,41 @@ else if (AUTH_TYPE === 'keycloak') {
  $oidc->setRedirectURL('https://' . APP_DOMAIN . '/admin/login.php');
  $oidc->authenticate();
  $userinfo = $oidc->getVerifiedClaims();
-  $_SESSION['admin'] = $userinfo->preferred_username;
+  if (in_array($userinfo->preferred_username, KEYCLOAK_ALLOWED_USERS, true) || empty(KEYCLOAK_ALLOWED_USERS)) {
-  $_SESSION['auth_type'] = 'keycloak';
+    $_SESSION['admin'] = $userinfo->preferred_username;
-  header("Location: index.php");
+    $_SESSION['auth_type'] = 'keycloak';
-  exit;
+    header("Location: index.php");
    exit;
  } else {
    http_response_code(403);
    echo <<<HTML
 <!DOCTYPE html>
 <html>
 <head>
  <title>Login Admin</title>
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <link rel="stylesheet" href="style.css">
 </head>
 <body>
  <div class="navbar">
    <div class="logo">Admin Dashboard</div>
    <div class="links">
      <a href="/">Torna al sito</a>
    </div>
  </div>
  <!-- Container login -->
  <div class="login-container">
    <h1>Login Admin</h1>
 <br><div class='error'>Non sei autorizzato ad accedere a questa parte del sito.</div>
 </div>
 <p style="text-align: center;">Copyright (C) 2025 EmmeV. - Released under <a href="https://git.vichingo455.freeddns.org/emmev-code/orario/src/branch/stable/LICENSE.txt" target="_blank">GNU AGPL 3.0 License</a>.</p>
 </body>
 </html>
 HTML;
    exit;
  }
  } catch (Exception $e) {
    http_response_code(500);
      echo <<<HTML
--- a/htdocs/config/config.php
+++ b/htdocs/config/config.php
@@ -43,5 +43,8 @@ if (AUTH_TYPE === 'keycloak') {
    if (!defined('KEYCLOAK_CLIENT_SECRET')) {
        define('KEYCLOAK_CLIENT_SECRET',''); // Client Secret per Keycloak (ad esempio abcdefghijklm)
    }
    if (!defined('KEYCLOAK_ALLOWED_USERS')) {
        define('KEYCLOAK_ALLOWED_USERS',[]); // Contiene i nomi utente degli utenti autorizzati ad accedere all'amministrazione
    }
 }
 ?>