src/Controller/SecurityController.php line 300

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Constants\Setting;
  6. use App\Constants\Setting as SettingConst;
  7. use App\Constants\Sso;
  8. use App\Entity\User;
  9. use App\Exception\EncryptionException;
  10. use App\Factory\Security\SecurityFormFactory;
  11. use App\Form\Type\LoginType;
  12. use App\Services\Common\ModuleSettingService;
  13. use App\Services\Common\SettingService;
  14. use App\Services\Common\User\WorkflowUser;
  15. use App\Services\Common\UserService;
  16. use App\Services\DTV\YamlConfig\YamlReader;
  17. use App\Services\Security\EncryptionManager;
  18. use App\Services\Security\RegisterService;
  19. use Doctrine\ORM\EntityManagerInterface;
  20. use Exception;
  21. use LogicException;
  22. use Psr\Container\ContainerExceptionInterface;
  23. use Psr\Container\NotFoundExceptionInterface;
  24. use Psr\Log\LoggerInterface;
  25. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  26. use Symfony\Component\HttpFoundation\RedirectResponse;
  27. use Symfony\Component\HttpFoundation\Request;
  28. use Symfony\Component\HttpFoundation\Response;
  29. use Symfony\Component\Routing\Annotation\Route;
  30. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  31. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  32. use Symfony\Component\Translation\TranslatableMessage;
  33. use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
  34. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  36. /**
  37. * Controller qui gère la sécurité
  38. */
  39. class SecurityController extends AbstractController
  40. {
  41. private YamlReader $yamlReader;
  42. private SecurityFormFactory $formFactory;
  43. private SettingService $settingService;
  44. private EntityManagerInterface $em;
  45. private RegisterService $registerService;
  46. private EncryptionManager $encryptionManager;
  47. private WorkflowUser $workflowUser;
  48. private LoggerInterface $logger;
  49. private string $env;
  50. private UserService $userService;
  51. private ModuleSettingService $moduleSettingService;
  53. public function __construct(YamlReader $yamlReader, SecurityFormFactory $formFactory, SettingService $settingService, EntityManagerInterface $em, RegisterService $registerService, EncryptionManager $encryptionManager, WorkflowUser $workflowUser, LoggerInterface $logger, string $env, UserService $userService, ModuleSettingService $moduleSettingService)
  54. {
  55. $this->yamlReader = $yamlReader;
  56. $this->formFactory = $formFactory;
  57. $this->settingService = $settingService;
  58. $this->em = $em;
  59. $this->registerService = $registerService;
  60. $this->encryptionManager = $encryptionManager;
  61. $this->workflowUser = $workflowUser;
  62. $this->logger = $logger;
  63. $this->env = $env;
  64. $this->userService = $userService;
  65. $this->moduleSettingService = $moduleSettingService;
  66. }
  68. /**
  69. * Formulaire de connexion
  70. *
  71. * @Route("/login", name="app_login")
  72. *
  73. * @param AuthenticationUtils $authenticationUtils
  74. * @param Request $request
  75. *
  76. * @return Response
  77. *
  78. * @throws EncryptionException
  79. * @throws ResetPasswordExceptionInterface
  80. * @throws TransportExceptionInterface
  81. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  82. */
  83. public function login(AuthenticationUtils $authenticationUtils, Request $request): Response
  84. {
  85. return $this->processLogin($authenticationUtils, $request);
  86. }
  88. /**
  89. * Formulaire de connexion secondaire
  90. *
  91. * @Route("/login-admin", name="app_login_admin")
  92. *
  93. * @param AuthenticationUtils $authenticationUtils
  94. * @param Request $request
  95. *
  96. * @return Response
  97. * @throws EncryptionException
  98. * @throws ResetPasswordExceptionInterface
  99. * @throws TransportExceptionInterface
  100. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  101. */
  102. public function loginAdmin(AuthenticationUtils $authenticationUtils, Request $request): Response
  103. {
  104. if($this->settingService->isExist(Setting::SSO_SETTINGS) && $this->moduleSettingService->isModuleActive(Sso::MODULE_NAME))
  105. {
  106. return $this->processLogin($authenticationUtils, $request, 'security/login_admin.html.twig');
  107. }
  109. throw $this->createNotFoundException();
  110. }
  112. /**
  113. * @throws TransportExceptionInterface
  114. * @throws ResetPasswordExceptionInterface
  115. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  116. * @throws EncryptionException
  117. * @throws Exception
  118. */
  119. protected function processLogin(AuthenticationUtils $authenticationUtils, Request $request, ?string $twigPath = null): Response
  120. {
  121. // On gère ici si on est sur un Portail/enfant
  122. $setting = $this->settingService->getSettingFromName(SettingConst::PORTAL_CHILDREN);
  123. $values = $setting !== NULL ? json_decode($setting->getValue(), TRUE) : [];
  124. $hasParent = !empty($values['parent_url']);
  126. if($hasParent)
  127. {
  128. $header = $request->headers;
  130. if($header->has('q') || $request->query->get('q'))
  131. {
  132. $q = base64_decode($header->get('q') ?? $request->query->get('q'));
  134. try
  135. {
  136. $q = $this->encryptionManager->decrypt($q);
  137. } catch(Exception $e)
  138. {
  139. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  140. $this->logger->error('Erreur lors du décryptage du token de connexion', ['error' => $e->getMessage()]);
  141. return $this->redirectToRoute('app_login');
  142. }
  144. $q = json_decode($q, TRUE);
  146. $user = $this->em->getRepository(User::class)->findOneByEmailOrExtension([
  147. 'email' => $q['email'],
  148. 'extension1' => $q['extension1'],
  149. 'extension2' => $q['extension2'],
  150. ]);
  152. if($user instanceof User)
  153. {
  154. if($q['email'] !== $user->getEmail())
  155. {
  156. $user
  157. ->setEmail($q['email'])
  158. ->setFirstname($q['firstName'])
  159. ->setLastname($q['lastName'])
  160. ->setRoles($q['roles'])
  161. ;
  163. $this->registerService->registerReplaceFakeUserBySellerCode($user, $q['extension1'], TRUE);
  164. }
  166. // Gestion du cas où l'utilisateur existe en BDD (pas en fakeUser) mais ne s'est pas encore connecté à la plateforme
  167. if($q['cguAt'] !== NULL && $user->getStatus() === 'cgu_pending')
  168. {
  169. $this->workflowUser->acceptCGU($user);
  170. $user->setCguAt(new \DateTime($q['cguAt']));
  171. $this->em->flush();
  172. }
  174. // Créer un token de connexion
  175. $token = new UsernamePasswordToken($user, 'app', $user->getRoles());
  177. // Stocker le token dans le token storage
  178. try
  179. {
  180. $this->container->get('security.token_storage')->setToken($token);
  181. } catch(NotFoundExceptionInterface|ContainerExceptionInterface $e)
  182. {
  183. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  184. $this->logger->error('Erreur lors de la récupération du token storage', ['error' => $e->getMessage()]);
  186. return $this->redirectToRoute('front_homepage');
  187. }
  188. }
  189. else
  190. {
  191. // on delog l'user
  192. $this->get('security.token_storage')->setToken(NULL);
  193. $this->logger->info('L\'utilisateur n\'existe pas en BDD', ['email' => $q['email']]);
  194. $request->getSession()->invalidate();
  195. }
  196. }
  197. }
  199. // Redirige sur la home-page si l'user est connecté
  200. if($this->getUser()) return $this->redirectToRoute('front_homepage');
  202. $user = $this->userService->initUser();
  204. $config = $this->yamlReader->getFrontSecurity();
  205. $configLogin = $config['login'];
  207. $globalRegister = $this->yamlReader->getRegister();
  208. $globalRegisterEnabled = $globalRegister['enabled'];
  210. $configRegister = $configLogin['sections']['section_register'] ?? FALSE;
  212. $hasFormRegister = FALSE;
  213. $formRegister = FALSE;
  215. if($globalRegisterEnabled && is_array($configRegister) && $configRegister['enabled'])
  216. {
  217. // Création du formulaire d'inscription
  218. try
  219. {
  220. $formRegister = $this->formFactory->generateRegisterForm($user);
  221. $hasFormRegister = TRUE;
  222. } catch(Exception $e)
  223. {
  224. throw $this->createNotFoundException($e->getMessage());
  225. }
  226. $formRegister->handleRequest($request);
  228. if($formRegister->isSubmitted())
  229. {
  230. // Validation spécifique du formulaire d'inscription
  232. try
  233. {
  234. $formRegister = $this->formFactory->postValidateRegisterForm($formRegister);
  235. } catch(Exception $e)
  236. {
  237. if($this->env != 'prod') throw $e;
  238. $this->addFlash('danger', new TranslatableMessage('impossible d\'exécuter la post validation du formulaire', []));
  239. $this->logger->error('Erreur lors de la post validation du formulaire d\'inscription', ['error' => $e->getMessage()]);
  240. $referer = $request->headers->get('referer');
  242. return $this->redirect($referer);
  243. }
  245. if($formRegister->isValid())
  246. {
  247. // Post traitement du formulaire d'inscription
  248. try
  249. {
  250. $response = $this->formFactory->postProcessingRegisterForm($formRegister, $user);
  251. } catch(Exception $e)
  252. {
  253. if($this->env != 'prod') throw $e;
  254. $this->addFlash('danger', 'impossible d\'exécuter le post traitement du formulaire');
  255. $this->logger->error('Erreur lors du post traitement du formulaire d\'inscription', ['error' => $e->getMessage()]);
  256. $referer = $request->headers->get('referer');
  258. return $this->redirect($referer);
  259. } catch(TransportExceptionInterface $e)
  260. {
  261. if($this->env != 'prod') throw $e;
  262. $this->addFlash('danger', 'impossible d\'exécuter le post traitement du formulaire');
  263. $this->logger->error('Erreur lors du post traitement du formulaire d\'inscription', ['error' => $e->getMessage()]);
  264. $referer = $request->headers->get('referer');
  266. return $this->redirect($referer);
  267. }
  269. if($response['message'] !== NULL)
  270. {
  271. $this->addFlash('success', $response['message']);
  272. }
  274. return $this->redirectToRoute($response['route']);
  275. }
  276. }
  277. }
  279. $formLogin = $this->createForm(LoginType::class);
  281. // get the login error if there is one
  282. $error = $authenticationUtils->getLastAuthenticationError();
  284. // last username entered by the user
  285. $lastUsername = $authenticationUtils->getLastUsername();
  286. if(!$twigPath)
  287. {
  288. $twigPath = 'security/login.html.twig';
  290. if(isset($configLogin['folder']) && !in_array($configLogin['folder'], [FALSE, '', NULL], TRUE))
  291. {
  292. $twigPath = 'security/' . $configLogin['folder'] . '/login.html.twig';
  293. }
  294. }
  296. return $this->render($twigPath, [
  297. 'last_username' => $lastUsername,
  298. 'error' => $error,
  299. 'loginForm' => $formLogin->createView(),
  300. 'registrationForm' => $hasFormRegister ? $formRegister->createView() : FALSE,
  301. 'hasFormRegister' => $hasFormRegister
  302. ]);
  303. }
  305. /**
  306. * Déconnexion
  307. *
  308. * @Route("/universal_logout", name="universal_logout")
  309. *
  310. * @return RedirectResponse
  311. */
  312. public function universalLogout(): RedirectResponse
  313. {
  314. if($this->isSamlSsoEnabled()) return $this->redirectToRoute('saml_logout');
  316. return $this->redirectToRoute('app_logout');
  317. }
  319. /**
  320. * Déconnexion
  321. *
  322. * @Route("/logout", name="app_logout")
  323. *
  324. * @return void
  325. */
  326. public function logout(): void
  327. {
  328. throw new LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.',);
  329. }
  331. private function isSamlSsoEnabled(): bool
  332. {
  333. if(!$this->moduleSettingService->isModuleActive(Sso::MODULE_NAME) || !$this->settingService->isExist(Setting::SSO_SETTINGS)) return false;
  335. $ssoSettings = $this->settingService->getSettingFromName(Setting::SSO_SETTINGS, true, true);
  337. return is_array($ssoSettings) && !empty($ssoSettings['ssoType']) && strtolower((string)$ssoSettings['ssoType']) === Sso::SSO_SAML;
  338. }
  339. }