src/Controller/SecurityController.php line 93

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Constants\Setting;
  6. use App\Constants\Setting as SettingConst;
  7. use App\Constants\Sso;
  8. use App\Entity\User;
  9. use App\Factory\Security\SecurityFormFactory;
  10. use App\Form\Type\LoginType;
  11. use App\Services\Common\ModuleSettingService;
  12. use App\Services\Common\SettingService;
  13. use App\Services\Common\User\WorkflowUser;
  14. use App\Services\Common\UserService;
  15. use App\Services\DTV\YamlConfig\YamlReader;
  16. use App\Services\Security\EncryptionManager;
  17. use App\Services\Security\RegisterService;
  18. use Doctrine\ORM\EntityManagerInterface;
  19. use Exception;
  20. use LogicException;
  21. use Psr\Container\ContainerExceptionInterface;
  22. use Psr\Container\NotFoundExceptionInterface;
  23. use Psr\Log\LoggerInterface;
  24. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  25. use Symfony\Component\HttpFoundation\RedirectResponse;
  26. use Symfony\Component\HttpFoundation\Request;
  27. use Symfony\Component\HttpFoundation\Response;
  28. use Symfony\Component\Routing\Annotation\Route;
  29. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  30. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  31. use Symfony\Component\Translation\TranslatableMessage;
  32. use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
  35. /**
  36. * Controller qui gère la sécurité
  37. */
  38. class SecurityController extends AbstractController
  39. {
  40. private YamlReader $yamlReader;
  41. private SecurityFormFactory $formFactory;
  42. private SettingService $settingService;
  43. private EntityManagerInterface $em;
  44. private RegisterService $registerService;
  45. private EncryptionManager $encryptionManager;
  46. private WorkflowUser $workflowUser;
  47. private LoggerInterface $logger;
  48. private string $env;
  49. private UserService $userService;
  50. private ModuleSettingService $moduleSettingService;
  53. public function __construct(
  54. YamlReader $yamlReader,
  55. SecurityFormFactory $formFactory,
  56. SettingService $settingService,
  57. EntityManagerInterface $em,
  58. RegisterService $registerService,
  59. EncryptionManager $encryptionManager,
  60. WorkflowUser $workflowUser,
  61. LoggerInterface $logger,
  62. string $env,
  63. UserService $userService,
  64. ModuleSettingService $moduleSettingService
  65. ) {
  66. $this->yamlReader = $yamlReader;
  67. $this->formFactory = $formFactory;
  68. $this->settingService = $settingService;
  69. $this->em = $em;
  70. $this->registerService = $registerService;
  71. $this->encryptionManager = $encryptionManager;
  72. $this->workflowUser = $workflowUser;
  73. $this->logger = $logger;
  74. $this->env = $env;
  75. $this->userService = $userService;
  76. $this->moduleSettingService = $moduleSettingService;
  77. }
  80. /**
  81. * Formulaire de connexion
  82. *
  83. * @Route("/login", name="app_login")
  84. *
  85. * @param AuthenticationUtils $authenticationUtils
  86. * @param Request $request
  87. *
  88. * @return Response
  89. *
  90. * @throws Exception
  91. * @throws TransportExceptionInterface
  92. */
  93. public function login(AuthenticationUtils $authenticationUtils, Request $request): Response
  94. {
  95. return $this->processLogin($authenticationUtils, $request);
  96. }
  98. /**
  99. * Formulaire de connexion secondaire
  100. *
  101. * @Route("/login-admin", name="app_login_admin")
  102. *
  103. * @param AuthenticationUtils $authenticationUtils
  104. * @param Request $request
  105. *
  106. * @throws Exception
  107. * @throws TransportExceptionInterface
  108. */
  109. public function loginAdmin(AuthenticationUtils $authenticationUtils, Request $request): Response
  110. {
  111. if($this->settingService->isExist(Setting::SSO_SETTINGS) && $this->moduleSettingService->isModuleActive(Sso::MODULE_NAME))
  112. {
  113. return $this->processLogin($authenticationUtils, $request, 'security/login_admin.html.twig');
  114. }
  116. throw $this->createNotFoundException();
  117. }
  119. protected function processLogin(AuthenticationUtils $authenticationUtils, Request $request, ?string $twigPath = null): Response
  120. {
  121. // On gère ici si on est sur un Portail/enfant
  122. $setting = $this->settingService->getSettingFromName(SettingConst::PORTAL_CHILDREN);
  123. $values = $setting !== NULL ? json_decode($setting->getValue(), TRUE) : [];
  124. $hasParent = !empty($values[ 'parent_url' ]);
  126. if ($hasParent)
  127. {
  128. $header = $request->headers;
  130. if ($header->has('q') || $request->query->get('q')) {
  131. $q = base64_decode($header->get('q') ?? $request->query->get('q'));
  133. try {
  134. $q = $this->encryptionManager->decrypt($q);
  135. } catch (Exception $e) {
  136. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  137. $this->logger->error('Erreur lors du décryptage du token de connexion', ['error' => $e->getMessage()]);
  138. return $this->redirectToRoute('app_login');
  139. }
  141. $q = json_decode($q, TRUE);
  143. $user = $this->em->getRepository(User::class)->findOneByEmailOrExtension(
  144. [
  145. 'email' => $q[ 'email' ],
  146. 'extension1' => $q[ 'extension1' ],
  147. 'extension2' => $q[ 'extension2' ],
  148. ]
  149. );
  151. if ($user instanceof User)
  152. {
  153. if ($q[ 'email' ] !== $user->getEmail()) {
  154. $user
  155. ->setEmail($q[ 'email' ])
  156. ->setFirstname($q[ 'firstName' ])
  157. ->setLastname($q[ 'lastName' ])
  158. ->setRoles($q[ 'roles' ])
  159. ;
  161. $this->registerService->registerReplaceFakeUserBySellerCode(
  162. $user,
  163. $q[ 'extension1' ],
  164. TRUE
  165. );
  166. }
  168. // Gestion du cas ou le user existe en BDD (pas en fakeUser) mais ne s'est pas encore connecté à la plateforme
  169. if ($q[ 'cguAt' ] !== NULL && $user->getStatus() === 'cgu_pending') {
  170. $this->workflowUser->acceptCGU($user);
  171. $user->setCguAt(new \DateTime($q[ 'cguAt' ]));
  172. $this->em->flush();
  173. }
  175. // Créer un token de connexion
  176. $token = new UsernamePasswordToken($user, 'app', $user->getRoles());
  178. // Stocker le token dans le token storage
  179. try {
  180. $this->container->get('security.token_storage')->setToken($token);
  181. } catch (NotFoundExceptionInterface|ContainerExceptionInterface $e) {
  182. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  183. $this->logger->error('Erreur lors de la récupération du token storage', ['error' => $e->getMessage()]);
  185. return $this->redirectToRoute('front_homepage');
  186. }
  187. } else {
  188. // on delog l'user
  189. $this->get('security.token_storage')->setToken(NULL);
  190. $this->logger->info('L\'utilisateur n\'existe pas en BDD', ['email' => $q[ 'email' ]]);
  191. $request->getSession()->invalidate();
  192. }
  193. }
  194. }
  196. // Redirige sur la home-page si l'user est connecté
  197. if ($this->getUser()) return $this->redirectToRoute('front_homepage');
  199. $user = $this->userService->initUser();
  201. $config = $this->yamlReader->getFrontSecurity();
  202. $configLogin = $config[ 'login' ];
  204. $globalRegister = $this->yamlReader->getRegister();
  205. $globalRegisterEnabled = $globalRegister[ 'enabled' ];
  207. $configRegister = $configLogin[ 'sections' ][ 'section_register' ] ?? FALSE;
  209. $hasFormRegister = FALSE;
  210. $formRegister = FALSE;
  212. if ($globalRegisterEnabled && is_array($configRegister) && $configRegister[ 'enabled' ])
  213. {
  214. // Création du formulaire d'inscription
  215. try {
  216. $formRegister = $this->formFactory->generateRegisterForm($user);
  217. $hasFormRegister = TRUE;
  218. } catch (Exception $e) {
  219. throw $this->createNotFoundException($e->getMessage());
  220. }
  221. $formRegister->handleRequest($request);
  223. if ($formRegister->isSubmitted())
  224. {
  225. // Validation spécifique du formulaire d'inscription
  227. try {
  228. $formRegister = $this->formFactory->postValidateRegisterForm($formRegister);
  229. } catch (Exception $e)
  230. {
  231. if($this->env != 'prod') throw $e;
  232. $this->addFlash(
  233. 'danger',
  234. new TranslatableMessage('impossible d\'exécuter la post validation du formulaire', [])
  235. );
  236. $this->logger->error('Erreur lors de la post validation du formulaire d\'inscription', ['error' => $e->getMessage()]);
  237. $referer = $request->headers->get('referer');
  239. return $this->redirect($referer);
  240. }
  242. if ($formRegister->isValid())
  243. {
  244. // Post traitement du formulaire d'inscription
  245. try {
  246. $response = $this->formFactory->postProcessingRegisterForm($formRegister, $user);
  247. }
  248. catch (Exception $e)
  249. {
  250. if($this->env != 'prod') throw $e;
  251. $this->addFlash(
  252. 'danger',
  253. 'impossible d\'exécuter le post traitement du formulaire'
  254. );
  255. $this->logger->error('Erreur lors du post traitement du formulaire d\'inscription', ['error' => $e->getMessage()]);
  256. $referer = $request->headers->get('referer');
  258. return $this->redirect($referer);
  259. }
  260. catch (TransportExceptionInterface $e)
  261. {
  262. if($this->env != 'prod') throw $e;
  263. $this->addFlash(
  264. 'danger',
  265. 'impossible d\'exécuter le post traitement du formulaire'
  266. );
  267. $this->logger->error('Erreur lors du post traitement du formulaire d\'inscription', ['error' => $e->getMessage()]);
  268. $referer = $request->headers->get('referer');
  270. return $this->redirect($referer);
  271. }
  273. if ($response[ 'message' ] !== NULL) {
  274. $this->addFlash('success', $response[ 'message' ]);
  275. }
  277. return $this->redirectToRoute($response[ 'route' ]);
  278. }
  279. }
  280. }
  282. $formLogin = $this->createForm(LoginType::class);
  284. // get the login error if there is one
  285. $error = $authenticationUtils->getLastAuthenticationError();
  287. // last username entered by the user
  288. $lastUsername = $authenticationUtils->getLastUsername();
  289. if(!$twigPath)
  290. {
  291. $twigPath = 'security/login.html.twig';
  293. if (isset($configLogin[ 'folder' ])
  294. && !in_array($configLogin[ 'folder' ], [FALSE, '', NULL], TRUE)
  295. ) {
  296. $twigPath = 'security/' . $configLogin[ 'folder' ] . '/login.html.twig';
  297. }
  298. }
  300. return $this->render($twigPath, [
  301. 'last_username' => $lastUsername,
  302. 'error' => $error,
  303. 'loginForm' => $formLogin->createView(),
  304. 'registrationForm' => $hasFormRegister ? $formRegister->createView() : FALSE,
  305. 'hasFormRegister' => $hasFormRegister
  306. ]);
  307. }
  309. /**
  310. * Déconnexion
  311. *
  312. * @Route("/universal_logout", name="universal_logout")
  313. *
  314. * @return RedirectResponse
  315. */
  316. public function universalLogout(): RedirectResponse
  317. {
  318. // Vérifie si SAML est activé et si l'utilisateur est un utilisateur SAML
  319. if ($_ENV['SAML_ENABLED']) {
  320. // Redirige vers la route SAML logout
  321. return $this->redirectToRoute('saml_logout');
  322. }
  324. // Sinon redirige vers le logout standard Symfony
  325. return $this->redirectToRoute('app_logout');
  326. }
  328. /**
  329. * Déconnexion
  330. *
  331. * @Route("/logout", name="app_logout")
  332. *
  333. * @return void
  334. */
  335. public function logout(): void
  336. {
  337. throw new LogicException(
  338. 'This method can be blank - it will be intercepted by the logout key on your firewall.',
  339. );
  340. }
  341. }