Backport of #29 to stable10

appinfo/app.php

@@ -21,8 +21,6 @@
 
 require_once __DIR__ . '/../3rdparty/vendor/autoload.php';
 
-\OCP\App::registerAdmin('user_saml', 'admin');
-
 $urlGenerator = \OC::$server->getURLGenerator();
 $config = \OC::$server->getConfig();
 $request = \OC::$server->getRequest();

appinfo/info.xml

@@ -4,12 +4,17 @@
 	<name>SAML authentication</name>
 	<description>Authenticates user against a SAML backend, such as Shibboleth.</description>
 	<licence>AGPL</licence>
-	<author>Nextcloud</author>
-	<version>1.0.1</version>
+	<author>Lukas Reschke</author>
+	<version>1.1.0</version>
 	<dependencies>
 		<owncloud min-version="9.1" max-version="9.1" />
 	</dependencies>
+	<namespace>User_SAML</namespace>
 	<types>
 		<authentication/>
 	</types>
+	<settings>
+		<admin>\OCA\User_SAML\Settings\Admin</admin>
+		<admin-section>OCA\User_SAML\Settings\Section</admin-section>
+	</settings>
 </info>

lib/Settings/Admin.php

@@ -0,0 +1,111 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @author Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\User_SAML\Settings;
+
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IL10N;
+use OCP\IURLGenerator;
+use OCP\Settings\ISettings;
+
+class Admin implements ISettings {
+	/** @var IL10N */
+	private $l10n;
+
+	/** @var IURLGenerator */
+	private $urlGenerator;
+
+	/**
+	 * @param IL10N $l10n
+	 * @param IURLGenerator $urlGenerator
+	 */
+	public function __construct(IL10N $l10n,
+								IURLGenerator $urlGenerator) {
+		$this->l10n = $l10n;
+		$this->urlGenerator = $urlGenerator;
+	}
+
+	/**
+	 * @return TemplateResponse
+	 */
+	public function getForm() {
+		$serviceProviderFields = [
+			'x509cert' => $this->l10n->t('X.509 certificate of the Service Provider'),
+			'privateKey' => $this->l10n->t('Private key of the Service Provider'),
+		];
+		$securityOfferFields = [
+			'nameIdEncrypted' => $this->l10n->t('Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.'),
+			'authnRequestsSigned' => $this->l10n->t('Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]'),
+			'logoutRequestSigned' => $this->l10n->t('Indicates whether the  <samlp:logoutRequest> messages sent by this SP will be signed.'),
+			'logoutResponseSigned' => $this->l10n->t('Indicates whether the  <samlp:logoutResponse> messages sent by this SP will be signed.'),
+			'signMetadata' => $this->l10n->t('Whether the metadata should be signed.'),
+		];
+		$securityRequiredFields = [
+			'wantMessagesSigned' => $this->l10n->t('Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed.'),
+			'wantAssertionsSigned' => $this->l10n->t('Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]'),
+			'wantAssertionsEncrypted' => $this->l10n->t('Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted.'),
+			'wantNameId' => $this->l10n->t(' Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.'),
+			'wantNameIdEncrypted' => $this->l10n->t('Indicates a requirement for the NameID received by this SP to be encrypted.'),
+			'wantXMLValidation' => $this->l10n->t('Indicates if the SP will validate all received XMLs.'),
+		];
+		$generalSettings = [
+			'uid_mapping' => [
+				'text' => $this->l10n->t('Attribute to map the UID to.'),
+				'type' => 'line',
+				'required' => true,
+			],
+			'require_provisioned_account' => [
+				'text' => $this->l10n->t('Only allow authentication if an account is existent on some other backend. (e.g. LDAP)'),
+				'type' => 'checkbox',
+			],
+		];
+
+		$params = [
+			'sp' => $serviceProviderFields,
+			'security-offer' => $securityOfferFields,
+			'security-required' => $securityRequiredFields,
+			'general' => $generalSettings,
+		];
+
+		return new TemplateResponse('user_saml', 'admin', $params);
+	}
+
+	/**
+	 * @return string the section ID, e.g. 'sharing'
+	 */
+	public function getSection() {
+		return 'saml';
+	}
+
+	/**
+	 * @return int whether the form should be rather on the top or bottom of
+	 * the admin section. The forms are arranged in ascending order of the
+	 * priority values. It is required to return a value between 0 and 100.
+	 *
+	 * keep the server setting at the top, right after "server settings"
+	 */
+	public function getPriority() {
+		return 0;
+	}
+
+}

admin.php → lib/Settings/Section.php

@@ -2,6 +2,8 @@
 /**
  * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
  *
+ * @author Lukas Reschke <lukas@statuscode.ch>
+ *
  * @license GNU AGPL version 3 or any later version
  *
  * This program is free software: you can redistribute it and/or modify
@@ -19,7 +21,37 @@
  *
  */
 
-$app = new \OCA\User_SAML\AppInfo\Application();
-/** @var \OCA\User_SAML\Controller\SettingsController $controller */
-$controller = $app->getContainer()->query('SettingsController');
-return $controller->displayAdminPanel()->render();
+namespace OCA\User_SAML\Settings;
+
+use OCP\IL10N;
+use OCP\Settings\ISection;
+
+class Section implements ISection {
+	/** @var IL10N */
+	private $l;
+
+	public function __construct(IL10N $l) {
+		$this->l = $l;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function getID() {
+		return 'saml';
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function getName() {
+		return $this->l->t('SAML authentication');
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function getPriority() {
+		return 75;
+	}
+}

lib/controller/settingscontroller.php

@@ -21,13 +21,10 @@
 
 namespace OCA\User_SAML\Controller;
 
-use OCA\User_SAML\SAMLSettings;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\IL10N;
 use OCP\IRequest;
-use OCP\ISession;
-use OCP\IUserSession;
 
 class SettingsController extends Controller {
 	/** @var IL10N */
@@ -52,49 +49,4 @@ public function displayPersonalPanel() {
 		return new Http\TemplateResponse($this->appName, 'personal', [], 'blank');
 	}
 
-	/**
-	 * @return Http\TemplateResponse
-	 */
-	public function displayAdminPanel() {
-		$serviceProviderFields = [
-			'x509cert' => $this->l10n->t('X.509 certificate of the Service Provider'),
-			'privateKey' => $this->l10n->t('Private key of the Service Provider'),
-		];
-		$securityOfferFields = [
-			'nameIdEncrypted' => $this->l10n->t('Indicates that the nameID of the <samlp:logoutRequest> sent by this SP will be encrypted.'),
-			'authnRequestsSigned' => $this->l10n->t('Indicates whether the <samlp:AuthnRequest> messages sent by this SP will be signed. [Metadata of the SP will offer this info]'),
-			'logoutRequestSigned' => $this->l10n->t('Indicates whether the  <samlp:logoutRequest> messages sent by this SP will be signed.'),
-			'logoutResponseSigned' => $this->l10n->t('Indicates whether the  <samlp:logoutResponse> messages sent by this SP will be signed.'),
-			'signMetadata' => $this->l10n->t('Whether the metadata should be signed.'),
-		];
-		$securityRequiredFields = [
-			'wantMessagesSigned' => $this->l10n->t('Indicates a requirement for the <samlp:Response>, <samlp:LogoutRequest> and <samlp:LogoutResponse> elements received by this SP to be signed.'),
-			'wantAssertionsSigned' => $this->l10n->t('Indicates a requirement for the <saml:Assertion> elements received by this SP to be signed. [Metadata of the SP will offer this info]'),
-			'wantAssertionsEncrypted' => $this->l10n->t('Indicates a requirement for the <saml:Assertion> elements received by this SP to be encrypted.'),
-			'wantNameId' => $this->l10n->t(' Indicates a requirement for the NameID element on the SAMLResponse received by this SP to be present.'),
-			'wantNameIdEncrypted' => $this->l10n->t('Indicates a requirement for the NameID received by this SP to be encrypted.'),
-			'wantXMLValidation' => $this->l10n->t('Indicates if the SP will validate all received XMLs.'),
-		];
-		$generalSettings = [
-			'uid_mapping' => [
-				'text' => $this->l10n->t('Attribute to map the UID to.'),
-				'type' => 'line',
-				'required' => true,
-			],
-			'require_provisioned_account' => [
-				'text' => $this->l10n->t('Only allow authentication if an account is existent on some other backend. (e.g. LDAP)'),
-				'type' => 'checkbox',
-			],
-		];
-
-		$params = [
-			'sp' => $serviceProviderFields,
-			'security-offer' => $securityOfferFields,
-			'security-required' => $securityRequiredFields,
-			'general' => $generalSettings,
-		];
-
-		return new Http\TemplateResponse($this->appName, 'admin', $params, 'blank');
-	}
-
 }