src/Controller/SecurityController.php line 94

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Constants\Setting;
  6. use App\Constants\Setting as SettingConst;
  7. use App\Constants\Sso;
  8. use App\Entity\User;
  9. use App\Factory\Security\SecurityFormFactory;
  10. use App\Form\Type\LoginType;
  11. use App\Services\Common\ModuleSettingService;
  12. use App\Services\Common\SettingService;
  13. use App\Services\Common\User\WorkflowUser;
  14. use App\Services\Common\UserService;
  15. use App\Services\DTV\YamlConfig\YamlReader;
  16. use App\Services\Security\EncryptionManager;
  17. use App\Services\Security\RegisterService;
  18. use Doctrine\ORM\EntityManagerInterface;
  19. use Exception;
  20. use LogicException;
  21. use Psr\Container\ContainerExceptionInterface;
  22. use Psr\Container\NotFoundExceptionInterface;
  23. use Psr\Log\LoggerInterface;
  24. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  25. use Symfony\Component\HttpFoundation\Request;
  26. use Symfony\Component\HttpFoundation\Response;
  27. use Symfony\Component\Routing\Annotation\Route;
  28. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  29. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  30. use Symfony\Component\Translation\TranslatableMessage;
  31. use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
  34. /**
  35. * Controller qui gère la sécurité
  36. */
  37. class SecurityController extends AbstractController
  38. {
  39. private YamlReader $yamlReader;
  40. private SecurityFormFactory $formFactory;
  41. private SettingService $settingService;
  42. private EntityManagerInterface $em;
  43. private RegisterService $registerService;
  44. private EncryptionManager $encryptionManager;
  45. private WorkflowUser $workflowUser;
  46. private LoggerInterface $logger;
  47. private string $env;
  48. private UserService $userService;
  49. private ModuleSettingService $moduleSettingService;
  52. public function __construct(
  53. YamlReader $yamlReader,
  54. SecurityFormFactory $formFactory,
  55. SettingService $settingService,
  56. EntityManagerInterface $em,
  57. RegisterService $registerService,
  58. EncryptionManager $encryptionManager,
  59. WorkflowUser $workflowUser,
  60. LoggerInterface $logger,
  61. string $env,
  62. UserService $userService,
  63. ModuleSettingService $moduleSettingService
  64. ) {
  65. $this->yamlReader = $yamlReader;
  66. $this->formFactory = $formFactory;
  67. $this->settingService = $settingService;
  68. $this->em = $em;
  69. $this->registerService = $registerService;
  70. $this->encryptionManager = $encryptionManager;
  71. $this->workflowUser = $workflowUser;
  72. $this->logger = $logger;
  73. $this->env = $env;
  74. $this->userService = $userService;
  75. $this->moduleSettingService = $moduleSettingService;
  76. }
  79. /**
  80. * Formulaire de connexion
  81. *
  82. * @Route("/login", name="app_login")
  83. *
  84. * @param AuthenticationUtils $authenticationUtils
  85. * @param Request $request
  86. *
  87. * @return Response
  88. *
  89. * @throws Exception
  90. * @throws TransportExceptionInterface
  91. */
  92. public function login(AuthenticationUtils $authenticationUtils, Request $request): Response
  93. {
  94. return $this->processLogin($authenticationUtils, $request);
  95. }
  97. /**
  98. * Formulaire de connexion secondaire
  99. *
  100. * @Route("/login-admin", name="app_login_admin")
  101. *
  102. * @param AuthenticationUtils $authenticationUtils
  103. * @param Request $request
  104. *
  105. * @throws Exception
  106. * @throws TransportExceptionInterface
  107. */
  108. public function loginAdmin(AuthenticationUtils $authenticationUtils, Request $request): Response
  109. {
  110. if($this->settingService->isExist(Setting::SSO_SETTINGS) && $this->moduleSettingService->isModuleActive(Sso::MODULE_NAME))
  111. {
  112. return $this->processLogin($authenticationUtils, $request, 'security/login_admin.html.twig');
  113. }
  115. throw $this->createNotFoundException();
  116. }
  118. protected function processLogin(AuthenticationUtils $authenticationUtils, Request $request, ?string $twigPath = null): Response
  119. {
  120. // On gère ici si on est sur un Portail/enfant
  121. $setting = $this->settingService->getSettingFromName(SettingConst::PORTAL_CHILDREN);
  122. $values = $setting !== NULL ? json_decode($setting->getValue(), TRUE) : [];
  123. $hasParent = !empty($values[ 'parent_url' ]);
  125. if ($hasParent)
  126. {
  127. $header = $request->headers;
  129. if ($header->has('q') || $request->query->get('q')) {
  130. $q = base64_decode($header->get('q') ?? $request->query->get('q'));
  132. try {
  133. $q = $this->encryptionManager->decrypt($q);
  134. } catch (Exception $e) {
  135. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  136. $this->logger->error('Erreur lors du décryptage du token de connexion', ['error' => $e->getMessage()]);
  137. return $this->redirectToRoute('app_login');
  138. }
  140. $q = json_decode($q, TRUE);
  142. $user = $this->em->getRepository(User::class)->findOneByEmailOrExtension(
  143. [
  144. 'email' => $q[ 'email' ],
  145. 'extension1' => $q[ 'extension1' ],
  146. 'extension2' => $q[ 'extension2' ],
  147. ]
  148. );
  150. if ($user instanceof User)
  151. {
  152. if ($q[ 'email' ] !== $user->getEmail()) {
  153. $user
  154. ->setEmail($q[ 'email' ])
  155. ->setFirstname($q[ 'firstName' ])
  156. ->setLastname($q[ 'lastName' ])
  157. ->setRoles($q[ 'roles' ])
  158. ;
  160. $this->registerService->registerReplaceFakeUserBySellerCode(
  161. $user,
  162. $q[ 'extension1' ],
  163. TRUE
  164. );
  165. }
  167. // Gestion du cas ou le user existe en BDD (pas en fakeUser) mais ne s'est pas encore connecté à la plateforme
  168. if ($q[ 'cguAt' ] !== NULL && $user->getStatus() === 'cgu_pending') {
  169. $this->workflowUser->acceptCGU($user);
  170. $user->setCguAt(new \DateTime($q[ 'cguAt' ]));
  171. $this->em->flush();
  172. }
  174. // Créer un token de connexion
  175. $token = new UsernamePasswordToken($user, 'app', $user->getRoles());
  177. // Stocker le token dans le token storage
  178. try {
  179. $this->container->get('security.token_storage')->setToken($token);
  180. } catch (NotFoundExceptionInterface|ContainerExceptionInterface $e) {
  181. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  182. $this->logger->error('Erreur lors de la récupération du token storage', ['error' => $e->getMessage()]);
  184. return $this->redirectToRoute('front_homepage');
  185. }
  186. } else {
  187. // on delog l'user
  188. $this->get('security.token_storage')->setToken(NULL);
  189. $this->logger->info('L\'utilisateur n\'existe pas en BDD', ['email' => $q[ 'email' ]]);
  190. $request->getSession()->invalidate();
  191. }
  192. }
  193. }
  195. // Redirige sur la home-page si l'user est connecté
  196. if ($this->getUser()) return $this->redirectToRoute('front_homepage');
  198. $user = $this->userService->initUser();
  200. $config = $this->yamlReader->getFrontSecurity();
  201. $configLogin = $config[ 'login' ];
  203. $globalRegister = $this->yamlReader->getRegister();
  204. $globalRegisterEnabled = $globalRegister[ 'enabled' ];
  206. $configRegister = $configLogin[ 'sections' ][ 'section_register' ] ?? FALSE;
  208. $hasFormRegister = FALSE;
  209. $formRegister = FALSE;
  211. if ($globalRegisterEnabled && is_array($configRegister) && $configRegister[ 'enabled' ])
  212. {
  213. // Création du formulaire d'inscription
  214. try {
  215. $formRegister = $this->formFactory->generateRegisterForm($user);
  216. $hasFormRegister = TRUE;
  217. } catch (Exception $e) {
  218. throw $this->createNotFoundException($e->getMessage());
  219. }
  220. $formRegister->handleRequest($request);
  222. if ($formRegister->isSubmitted())
  223. {
  224. // Validation spécifique du formulaire d'inscription
  226. try {
  227. $formRegister = $this->formFactory->postValidateRegisterForm($formRegister);
  228. } catch (Exception $e)
  229. {
  230. if($this->env != 'prod') throw $e;
  231. $this->addFlash(
  232. 'danger',
  233. new TranslatableMessage('impossible d\'exécuter la post validation du formulaire', [])
  234. );
  235. $this->logger->error('Erreur lors de la post validation du formulaire d\'inscription', ['error' => $e->getMessage()]);
  236. $referer = $request->headers->get('referer');
  238. return $this->redirect($referer);
  239. }
  241. if ($formRegister->isValid())
  242. {
  243. // Post traitement du formulaire d'inscription
  244. try {
  245. $response = $this->formFactory->postProcessingRegisterForm($formRegister, $user);
  246. }
  247. catch (Exception $e)
  248. {
  249. if($this->env != 'prod') throw $e;
  250. $this->addFlash(
  251. 'danger',
  252. 'impossible d\'exécuter le post traitement du formulaire'
  253. );
  254. $this->logger->error('Erreur lors du post traitement du formulaire d\'inscription', ['error' => $e->getMessage()]);
  255. $referer = $request->headers->get('referer');
  257. return $this->redirect($referer);
  258. }
  259. catch (TransportExceptionInterface $e)
  260. {
  261. if($this->env != 'prod') throw $e;
  262. $this->addFlash(
  263. 'danger',
  264. 'impossible d\'exécuter le post traitement du formulaire'
  265. );
  266. $this->logger->error('Erreur lors du post traitement du formulaire d\'inscription', ['error' => $e->getMessage()]);
  267. $referer = $request->headers->get('referer');
  269. return $this->redirect($referer);
  270. }
  272. if ($response[ 'message' ] !== NULL) {
  273. $this->addFlash('success', $response[ 'message' ]);
  274. }
  276. return $this->redirectToRoute($response[ 'route' ]);
  277. }
  278. }
  279. }
  281. $formLogin = $this->createForm(LoginType::class);
  283. // get the login error if there is one
  284. $error = $authenticationUtils->getLastAuthenticationError();
  286. // last username entered by the user
  287. $lastUsername = $authenticationUtils->getLastUsername();
  288. if(!$twigPath)
  289. {
  290. $twigPath = 'security/login.html.twig';
  292. if (isset($configLogin[ 'folder' ])
  293. && !in_array($configLogin[ 'folder' ], [FALSE, '', NULL], TRUE)
  294. ) {
  295. $twigPath = 'security/' . $configLogin[ 'folder' ] . '/login.html.twig';
  296. }
  297. }
  299. return $this->render($twigPath, [
  300. 'last_username' => $lastUsername,
  301. 'error' => $error,
  302. 'loginForm' => $formLogin->createView(),
  303. 'registrationForm' => $hasFormRegister ? $formRegister->createView() : FALSE,
  304. 'hasFormRegister' => $hasFormRegister
  305. ]);
  306. }
  308. /**
  309. * Déconnexion
  310. *
  311. * @Route("/logout", name="app_logout")
  312. *
  313. * @return void
  314. */
  315. public function logout(): void
  316. {
  317. throw new LogicException(
  318. 'This method can be blank - it will be intercepted by the logout key on your firewall.',
  319. );
  320. }
  321. }