src/Controller/SecurityController.php line 85

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Constants\Setting;
  6. use App\Constants\Setting as SettingConst;
  7. use App\Constants\Sso;
  8. use App\Entity\User;
  9. use App\Exception\EncryptionException;
  10. use App\Factory\Security\SecurityFormFactory;
  11. use App\Form\Type\LoginType;
  12. use App\Services\Common\ModuleSettingService;
  13. use App\Services\Common\SettingService;
  14. use App\Services\Common\User\WorkflowUser;
  15. use App\Services\Common\UserService;
  16. use App\Services\DTV\YamlConfig\YamlReader;
  17. use App\Services\Security\EncryptionManager;
  18. use App\Services\Security\RegisterService;
  19. use DateTime;
  20. use Doctrine\ORM\EntityManagerInterface;
  21. use Exception;
  22. use LogicException;
  23. use Psr\Container\ContainerExceptionInterface;
  24. use Psr\Container\NotFoundExceptionInterface;
  25. use Psr\Log\LoggerInterface;
  26. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  27. use Symfony\Component\HttpFoundation\RedirectResponse;
  28. use Symfony\Component\HttpFoundation\Request;
  29. use Symfony\Component\HttpFoundation\Response;
  30. use Symfony\Component\Routing\Annotation\Route;
  31. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  32. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  33. use Symfony\Component\Translation\TranslatableMessage;
  34. use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
  35. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  37. /**
  38. * Controller qui gère la sécurité
  39. */
  40. class SecurityController extends AbstractController
  41. {
  42. private YamlReader $yamlReader;
  43. private SecurityFormFactory $formFactory;
  44. private SettingService $settingService;
  45. private EntityManagerInterface $em;
  46. private RegisterService $registerService;
  47. private EncryptionManager $encryptionManager;
  48. private WorkflowUser $workflowUser;
  49. private LoggerInterface $logger;
  50. private string $env;
  51. private UserService $userService;
  52. private ModuleSettingService $moduleSettingService;
  54. public function __construct(YamlReader $yamlReader, SecurityFormFactory $formFactory, SettingService $settingService, EntityManagerInterface $em, RegisterService $registerService, EncryptionManager $encryptionManager, WorkflowUser $workflowUser, LoggerInterface $logger, string $env, UserService $userService, ModuleSettingService $moduleSettingService)
  55. {
  56. $this->yamlReader = $yamlReader;
  57. $this->formFactory = $formFactory;
  58. $this->settingService = $settingService;
  59. $this->em = $em;
  60. $this->registerService = $registerService;
  61. $this->encryptionManager = $encryptionManager;
  62. $this->workflowUser = $workflowUser;
  63. $this->logger = $logger;
  64. $this->env = $env;
  65. $this->userService = $userService;
  66. $this->moduleSettingService = $moduleSettingService;
  67. }
  69. /**
  70. * Formulaire de connexion
  71. *
  72. * @Route("/login", name="app_login")
  73. *
  74. * @param AuthenticationUtils $authenticationUtils
  75. * @param Request $request
  76. *
  77. * @return Response
  78. *
  79. * @throws EncryptionException
  80. * @throws ResetPasswordExceptionInterface
  81. * @throws TransportExceptionInterface
  82. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  83. */
  84. public function login(AuthenticationUtils $authenticationUtils, Request $request): Response
  85. {
  86. return $this->processLogin($authenticationUtils, $request);
  87. }
  89. /**
  90. * Formulaire de connexion secondaire
  91. *
  92. * @Route("/login-admin", name="app_login_admin")
  93. *
  94. * @param AuthenticationUtils $authenticationUtils
  95. * @param Request $request
  96. *
  97. * @return Response
  98. * @throws EncryptionException
  99. * @throws ResetPasswordExceptionInterface
  100. * @throws TransportExceptionInterface
  101. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  102. */
  103. public function loginAdmin(AuthenticationUtils $authenticationUtils, Request $request): Response
  104. {
  105. if($this->settingService->isExist(Setting::SSO_SETTINGS) && $this->moduleSettingService->isModuleActive(Sso::MODULE_NAME))
  106. {
  107. return $this->processLogin($authenticationUtils, $request, 'security/login_admin.html.twig');
  108. }
  110. throw $this->createNotFoundException();
  111. }
  113. /**
  114. * @throws TransportExceptionInterface
  115. * @throws ResetPasswordExceptionInterface
  116. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  117. * @throws EncryptionException
  118. * @throws Exception
  119. */
  120. protected function processLogin(AuthenticationUtils $authenticationUtils, Request $request, ?string $twigPath = null): Response
  121. {
  122. // On gère ici si on est sur un Portail/enfant
  123. $setting = $this->settingService->getSettingFromName(SettingConst::PORTAL_CHILDREN);
  124. $values = $setting !== NULL ? json_decode($setting->getValue(), TRUE) : [];
  125. $hasParent = !empty($values['parent_url']);
  127. if($hasParent)
  128. {
  129. $header = $request->headers;
  131. if($header->has('q') || $request->query->get('q'))
  132. {
  133. $q = base64_decode($header->get('q') ?? $request->query->get('q'));
  135. try
  136. {
  137. $q = $this->encryptionManager->decrypt($q);
  138. } catch(Exception $e)
  139. {
  140. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  141. $this->logger->error('Erreur lors du décryptage du token de connexion', ['error' => $e->getMessage()]);
  142. return $this->redirectToRoute('app_login');
  143. }
  145. $q = json_decode($q, TRUE);
  147. $user = $this->em->getRepository(User::class)->findOneByEmailOrExtension([
  148. 'email' => $q['email'],
  149. 'extension1' => $q['extension1'],
  150. 'extension2' => $q['extension2'],
  151. ]);
  153. if($user instanceof User)
  154. {
  155. if($q['email'] !== $user->getEmail())
  156. {
  157. $user
  158. ->setEmail($q['email'])
  159. ->setFirstname($q['firstName'])
  160. ->setLastname($q['lastName'])
  161. ->setRoles($q['roles'])
  162. ;
  164. $this->registerService->registerReplaceFakeUserBySellerCode($user, $q['extension1'], TRUE);
  165. }
  167. // Gestion du cas où l'utilisateur existe en BDD (pas en fakeUser) mais ne s'est pas encore connecté à la plateforme
  168. if($q['cguAt'] !== NULL && $user->getStatus() === 'cgu_pending')
  169. {
  170. $this->workflowUser->acceptCGU($user);
  171. $user->setCguAt(new DateTime($q['cguAt']));
  172. $this->em->flush();
  173. }
  175. // Créer un token de connexion
  176. $token = new UsernamePasswordToken($user, 'app', $user->getRoles());
  178. // Stocker le token dans le token storage
  179. try
  180. {
  181. $this->container->get('security.token_storage')->setToken($token);
  182. } catch(NotFoundExceptionInterface|ContainerExceptionInterface $e)
  183. {
  184. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  185. $this->logger->error('Erreur lors de la récupération du token storage', ['error' => $e->getMessage()]);
  187. return $this->redirectToRoute('front_homepage');
  188. }
  189. }
  190. else
  191. {
  192. // on delog l'user
  193. $this->get('security.token_storage')->setToken(NULL);
  194. $this->logger->info('L\'utilisateur n\'existe pas en BDD', ['email' => $q['email']]);
  195. $request->getSession()->invalidate();
  196. }
  197. }
  198. }
  200. // Redirige sur la home-page si l'user est connecté
  201. if($this->getUser()) return $this->redirectToRoute('front_homepage');
  203. $user = $this->userService->initUser();
  205. $config = $this->yamlReader->getFrontSecurity();
  206. $configLogin = $config['login'];
  208. $globalRegister = $this->yamlReader->getRegister();
  209. $globalRegisterEnabled = $globalRegister['enabled'];
  211. $configRegister = $configLogin['sections']['section_register'] ?? FALSE;
  213. $hasFormRegister = FALSE;
  214. $formRegister = FALSE;
  216. if($globalRegisterEnabled && is_array($configRegister) && $configRegister['enabled'])
  217. {
  218. // Création du formulaire d'inscription
  219. try
  220. {
  221. $formRegister = $this->formFactory->generateRegisterForm($user);
  222. $hasFormRegister = TRUE;
  223. } catch(Exception $e)
  224. {
  225. throw $this->createNotFoundException($e->getMessage());
  226. }
  227. $formRegister->handleRequest($request);
  229. if($formRegister->isSubmitted())
  230. {
  231. // Validation spécifique du formulaire d'inscription
  233. try
  234. {
  235. $formRegister = $this->formFactory->postValidateRegisterForm($formRegister);
  236. } catch(Exception $e)
  237. {
  238. if($this->env != 'prod') throw $e;
  239. $this->addFlash('danger', new TranslatableMessage('impossible d\'exécuter la post validation du formulaire', []));
  240. $this->logger->error('Erreur lors de la post validation du formulaire d\'inscription', ['error' => $e->getMessage()]);
  241. $referer = $request->headers->get('referer');
  243. return $this->redirect($referer);
  244. }
  246. if($formRegister->isValid())
  247. {
  248. // Post traitement du formulaire d'inscription
  249. try
  250. {
  251. $response = $this->formFactory->postProcessingRegisterForm($formRegister, $user);
  252. } catch(Exception $e)
  253. {
  254. if($this->env != 'prod') throw $e;
  255. $this->addFlash('danger', 'impossible d\'exécuter le post traitement du formulaire');
  256. $this->logger->error('Erreur lors du post traitement du formulaire d\'inscription', ['error' => $e->getMessage()]);
  257. $referer = $request->headers->get('referer');
  259. return $this->redirect($referer);
  260. } catch(TransportExceptionInterface $e)
  261. {
  262. if($this->env != 'prod') throw $e;
  263. $this->addFlash('danger', 'impossible d\'exécuter le post traitement du formulaire');
  264. $this->logger->error('Erreur lors du post traitement du formulaire d\'inscription', ['error' => $e->getMessage()]);
  265. $referer = $request->headers->get('referer');
  267. return $this->redirect($referer);
  268. }
  270. if($response['message'] !== NULL)
  271. {
  272. $this->addFlash('success', $response['message']);
  273. }
  275. return $this->redirectToRoute($response['route']);
  276. }
  277. }
  278. }
  280. $formLogin = $this->createForm(LoginType::class);
  282. // get the login error if there is one
  283. $error = $authenticationUtils->getLastAuthenticationError();
  285. // last username entered by the user
  286. $lastUsername = $authenticationUtils->getLastUsername();
  287. if(!$twigPath)
  288. {
  289. $twigPath = 'security/login.html.twig';
  291. if(isset($configLogin['folder']) && !in_array($configLogin['folder'], [FALSE, '', NULL], TRUE))
  292. {
  293. $twigPath = 'security/' . $configLogin['folder'] . '/login.html.twig';
  294. }
  295. }
  297. return $this->render($twigPath, [
  298. 'last_username' => $lastUsername,
  299. 'error' => $error,
  300. 'loginForm' => $formLogin->createView(),
  301. 'registrationForm' => $hasFormRegister ? $formRegister->createView() : FALSE,
  302. 'hasFormRegister' => $hasFormRegister
  303. ]);
  304. }
  306. /**
  307. * Déconnexion
  308. *
  309. * @Route("/universal_logout", name="universal_logout")
  310. *
  311. * @return RedirectResponse
  312. */
  313. public function universalLogout(): RedirectResponse
  314. {
  315. if($this->isSamlSsoEnabled()) return $this->redirectToRoute('saml_logout');
  317. return $this->redirectToRoute('app_logout');
  318. }
  320. /**
  321. * Déconnexion
  322. *
  323. * @Route("/logout", name="app_logout")
  324. *
  325. * @return void
  326. */
  327. public function logout(): void
  328. {
  329. throw new LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.',);
  330. }
  332. private function isSamlSsoEnabled(): bool
  333. {
  334. if(!$this->moduleSettingService->isModuleActive(Sso::MODULE_NAME) || !$this->settingService->isExist(Setting::SSO_SETTINGS)) return false;
  336. $ssoSettings = $this->settingService->getSettingFromName(Setting::SSO_SETTINGS, true, true);
  338. return is_array($ssoSettings) && !empty($ssoSettings['ssoType']) && strtolower((string)$ssoSettings['ssoType']) === Sso::SSO_SAML;
  339. }
  340. }