Cadoles
/
hydra-sql
19
0
Fork 0
Code Issues 7 Pull Requests 4 Projects Releases Wiki Activity

maj: sémantique, révision vérification ppassword
Cadoles/hydra-sql/pipeline/head This commit is unstable Details
Cadoles/hydra-sql/pipeline/pr-develop This commit is unstable Details

This commit is contained in:
Rudy Masson 2022-12-14 16:38:46 +01:00
parent 52ecbae0c5
commit 441c0f563c
28 changed files with 314 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
config/packages/security.yaml
View File

@ -2,11 +2,16 @@ security:
enable_authenticator_manager: true
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
app_hasher:
# the service ID of your custom hasher (the FQCN using the default services.yaml)
id: 'App\Security\Hasher\PasswordEncoder'
# App\Entity\User: 'sha256'
# Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
# algorithm: 'sha256'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
providers:
pdo_user_provider:
id: App\Security\PdoUserProvider
id: App\Security\SQLLoginUserProvider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
@ -16,7 +21,7 @@ security:
stateless: false
provider: pdo_user_provider
custom_authenticators:
- App\Security\PdoUserAuthenticator
- App\Security\SQLLoginUserAuthenticator
entry_point: form_login
form_login:

4
config/packages/twig.yaml
View File

@ -1,9 +1,9 @@
twig:
globals:
locales: "%app.supported_locales%"
default_path: '%kernel.project_dir%/templates'
form_themes:
- 'bootstrap_5_layout.html.twig'
globals:
locales: "%app.supported_locales%"
when@test:
twig:
strict_variables: true

8
config/pdo_configuration/pdo.yaml
View File

@ -1,8 +0,0 @@
pdo:
column_login_name: email
column_password_name: password
table_name: usager
data_to_fetch:
- email
- lastname
- firstname

12
config/services.yaml
View File

@ -24,6 +24,9 @@ parameters:
env(APP_LOCALES): "fr,en"
locales: '%env(APP_LOCALES)%'
app.supported_locales: ~
env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
pepper: '%env(resolve:PEPPER)%'
services:
# default configuration for services in *this* file
_defaults:
@ -39,11 +42,11 @@ services:
- '../src/Entity/'
- '../src/Kernel.php'
App\Security\PdoUserAuthenticator:
App\Security\SQLLoginUserAuthenticator:
arguments:
$baseUrl: '%base_url%'
App\Pdo\PdoRequest:
App\SQLLogin\SQLLoginRequest:
arguments:
$config: []
$dsn: "%database.dsn%"
@ -58,5 +61,10 @@ services:
App\EventListener\LocaleSubscriber:
arguments:
$defaultLocale: "%default_locale%"
App\Security\Hasher\PasswordEncoder:
arguments:
$pepper: '%pepper%'
$hashAlgo: '%hashAlgo%'
# add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones

9
config/sql_login_configuration/sql_login.yaml Normal file
View File

@ -0,0 +1,9 @@
sql_login:
login_column_name: email
password_column_name: password
salt_column_name: salt
table_name: usager
data_to_fetch:
- email
- lastname
- firstname

11
containers/compose/postgres/init-db.d/fill_lasql.sql
View File

@ -1,12 +1,15 @@
CREATE TABLE IF NOT EXISTS usager (
email VARCHAR ( 100 ) UNIQUE NOT NULL,
password VARCHAR ( 255 ) NOT NULL,
salt VARCHAR (255),
lastname VARCHAR ( 255 ) NOT NULL,
firstname VARCHAR ( 255 ) NOT NULL
);
INSERT INTO usager (email, password, salt, lastname, firstname) VALUES
('test1@test.com', '8ad4025044b77ae6a5e3fcf99e53e44b15db9a4ecf468be21cbc6b9fbdae6d9f', 'cesaltestunexemple', 'Locke', 'John'),
('test3@test.com', '504ae1c3e2f5fdaf41f868164dabcef21e17059f5f388b452718a1ce92692c67', 'cesaltestunautreexemple', 'Dupont', 'Henri');
INSERT INTO usager (email, password, lastname, firstname) VALUES
('test1@test.com', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', 'Locke', 'John'),
('test2@test.com', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', 'Dubois', 'Angela'),
('test3@test.com', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', 'Dupont', 'Henri'),
('test4@test.com', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', 'Durand', 'Isabelle');
('test4@test.com', '50626fa21f45a275cea0efff13ff78fd02234cade322da08b7191c7e9150141d', 'Durand', 'Isabelle'),
('test2@test.com', '50626fa21f45a275cea0efff13ff78fd02234cade322da08b7191c7e9150141d', 'Dubois', 'Angela');
GRANT ALL PRIVILEGES ON DATABASE usager TO lasql

45
readme.md
View File

@ -35,7 +35,25 @@ HYDRA_ADMIN_BASE_URL='http://hydra:4445'
DSN_REMOTE_DATABASE="pgsql:host='postgres';port=5432;dbname=lasql"
APP_LOCALES="fr,en"
```
## Tests password
### Postgres
```
Les mot de passe inscrits en bdd sont hachés en tenant compte du salt si non vide (cf données de la bdd plus bas) et du pepper inscrit en variable d'environnement (généré avec : bin2hex(random_bytes(32))
Il faut inscrire dans slq_login_configuration salt_column_name: salt
et conserver le pepper dans service.yaml
env(PEPPER): "257d62c24cd352c21b51c26dba678c8ff05011a89022aec106185bf67c69aa8b"
```
### mariadb
```
En plus de tester la connexion à une différente base de donnée, on teste le hashage de password sans salt ni pepper
Il faut mettre dans sql_login_configuration salt_column_name: ~
et dans service.yaml
env(PEPPER): ~
```
### test connexion mariadb
```
Modifier la variable d'environnement avec cette valeur
@ -45,13 +63,23 @@ DSN_REMOTE_DATABASE="mysql:host=mariadb;port=3306;dbname=lasql;"
## Données de test
un base de données postgres est montée dans l'environnement pour tester la connexion:
### postgres
```
|email|password|salt|lastname|firstname
|test1@test.com| 8ad4025044b77ae6a5e3fcf99e53e44b15db9a4ecf468be21cbc6b9fbdae6d9f| cesaltestunexemple| Locke|John|
|test2@test.com| 50626fa21f45a275cea0efff13ff78fd02234cade322da08b7191c7e9150141d| NULL| Dubois| Angela|
|test3@test.com| 504ae1c3e2f5fdaf41f868164dabcef21e17059f5f388b452718a1ce92692c67| cesaltestunautreexemple| Dupont| Henri|
|test4@test.com| 50626fa21f45a275cea0efff13ff78fd02234cade322da08b7191c7e9150141d| NULL| Durand|Isabelle|
```
utilisateurs disponibles au démarage:
('test1@test.com', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', 'Locke', 'John'),
('test2@test.com', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', 'Dubois', 'Angela'),
('test3@test.com', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', 'Dupont', 'Henri'),
('test4@test.com', '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92', 'Durand', 'Isabelle');
### mariadb (sans salt)
```
|email|password|lastname|firstname
|test1@test.com| 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92| Sassot|Charles|
|test2@test.com| 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92| Dubois| Angela|
|test3@test.com| 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92| Dupont| Henri|
|test4@test.com| 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92| Durand|Isabelle|
```
Mot de passe = '123456' hashé en par sha256
@ -61,8 +89,9 @@ Permet d'adapter les requetes SQL en indiquant les noms de colonnes nécessaires
pdo_configuration/pdo.yaml
```
pdo:
column_login_name: email
column_password_name: password
login_column_name: email
password_column_name: password
salt_column_name: ~
table_name: usager
data_to_fetch:
- email

15
src/Controller/LocaleController.php
View File

@ -3,14 +3,25 @@
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
class LocaleController extends AbstractController
{
#[Route(path: 'locale/{locale}', name: 'locale_change')]
public function changeLocal(string $locale, Request $request)
private ParameterBagInterface $params;
public function __construct(ParameterBagInterface $params)
{
$this->params = $params;
}
#[Route(path: 'locale/{locale?}', name: 'locale_change')]
public function changeLocal(?string $locale, Request $request)
{
if (empty($locale)) {
$locale = $this->params->get('default_locale');
}
// On stocke la langue dans la session
$request->getSession()->set('_locale', $locale);

14
src/Controller/SecurityController.php
View File

@ -3,7 +3,7 @@
namespace App\Controller;
use App\Form\LoginType;
use App\Security\PdoUserAuthenticator;
use App\Security\SQLLoginUserAuthenticator;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
use Symfony\Component\Form\FormError;
@ -28,17 +28,17 @@ class SecurityController extends AbstractController
$loginForm = $this->createForm(LoginType::class, null);
$error = $authenticationUtils->getLastAuthenticationError();
if ($error) {
if ($request->getSession()->has(PdoUserAuthenticator::ERROR_LOGIN)) {
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_LOGIN)) {
$loginForm->get('login')->addError(new FormError($trans->trans('error.login', [], 'messages')));
$request->getSession()->remove(PdoUserAuthenticator::ERROR_LOGIN);
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_LOGIN);
}
if ($request->getSession()->has(PdoUserAuthenticator::ERROR_PASSWORD)) {
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_PASSWORD)) {
$loginForm->get('password')->addError(new FormError($trans->trans('error.password', [], 'messages')));
$request->getSession()->remove(PdoUserAuthenticator::ERROR_PASSWORD);
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_PASSWORD);
}
if ($request->getSession()->has(PdoUserAuthenticator::ERROR_PDO)) {
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_PDO)) {
$loginForm->addError(new FormError($trans->trans('error.pdo', [], 'messages')));
$request->getSession()->remove(PdoUserAuthenticator::ERROR_PDO);
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_PDO);
}
}

25
src/DependencyInjection/PdoConfiguration.php
View File

@ -1,25 +0,0 @@
<?php
namespace App\DependencyInjection;
use App\Pdo\PdoRequest;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
class PdoConfiguration implements ConfigurationInterface
{
public function getConfigTreeBuilder()
{
$treeBuilder = new TreeBuilder('pdo');
$treeBuilder->getRootNode()->children()
->scalarNode(PdoRequest::COLUMN_LOGIN_NAME)->isRequired()->cannotBeEmpty()->end()
->scalarNode(PdoRequest::COLUMN_PASSWORD_NAME)->isRequired()->cannotBeEmpty()->end()
->scalarNode(PdoRequest::TABLE_NAME)->isRequired()->cannotBeEmpty()->end()
->arrayNode(PdoRequest::DATA_TO_FETCH)
->scalarPrototype()->end()
->end()
->end();
return $treeBuilder;
}
}

26
src/DependencyInjection/SQLLoginConfiguration.php Normal file
View File

@ -0,0 +1,26 @@
<?php
namespace App\DependencyInjection;
use App\SQLLogin\SQLLoginRequest;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
class SQLLoginConfiguration implements ConfigurationInterface
{
public function getConfigTreeBuilder()
{
$treeBuilder = new TreeBuilder('sql_login');
$treeBuilder->getRootNode()->children()
->scalarNode(SQLLoginRequest::LOGIN_COLUMN_NAME)->isRequired()->cannotBeEmpty()->end()
->scalarNode(SQLLoginRequest::PASSWORD_COLUMN_NAME)->isRequired()->cannotBeEmpty()->end()
->scalarNode(SQLLoginRequest::SALT_COLUMN_NAME)->end()
->scalarNode(SQLLoginRequest::TABLE_NAME)->isRequired()->cannotBeEmpty()->end()
->arrayNode(SQLLoginRequest::DATA_TO_FETCH)
->scalarPrototype()->end()
->end()
->end();
return $treeBuilder;
}
}

8
src/DependencyInjection/PdoExtension.php → src/DependencyInjection/SQLLoginExtension.php
View File

@ -2,26 +2,26 @@
namespace App\DependencyInjection;
use App\Pdo\PdoRequest;
use App\SQLLogin\SQLLoginRequest;
use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\DependencyInjection\Extension\Extension;
class PdoExtension extends Extension implements CompilerPassInterface
class SQLLoginExtension extends Extension implements CompilerPassInterface
{
/** @var array */
protected $pdoConfig;
public function load(array $configs, ContainerBuilder $container)
{
$configuration = new PdoConfiguration();
$configuration = new SQLLoginConfiguration();
$config = $this->processConfiguration($configuration, $configs);
$this->pdoConfig = $config;
}
public function process(ContainerBuilder $container)
{
$definition = $container->getDefinition(PdoRequest::class);
$definition = $container->getDefinition(SQLLoginRequest::class);
$definition->replaceArgument('$config', $this->pdoConfig);
}
}

3
src/Entity/User.php
View File

@ -6,8 +6,7 @@ use Symfony\Component\Security\Core\User\UserInterface;
class User implements UserInterface
{
/** @var array */
protected $attributes;
protected array $attributes = [];
private string $login;
private string $password;
private bool $rememberMe;

7
src/EventListener/LogoutSubscriber.php
View File

@ -4,15 +4,16 @@ namespace App\EventListener;
use App\Hydra\HydraService;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Http\Event\LogoutEvent;
class LogoutSubscriber implements EventSubscriberInterface
{
private HydraService $hydra;
public function __construct(
private UrlGeneratorInterface $urlGenerator,
private HydraService $hydra
HydraService $hydra
) {
$this->hydra = $hydra;
}
public static function getSubscribedEvents(): array

8
src/Hydra/HydraService.php
View File

@ -3,29 +3,23 @@
namespace App\Hydra;
use App\Hydra\Exception\InvalidChallengeException;
use App\Services\PdoService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
class HydraService extends AbstractController
{
public SessionInterface $session;
public UrlGeneratorInterface $router;
public Client $client;
public PdoService $pdoServices;
public TokenStorageInterface $tokenStorage;
public function __construct(PdoService $pdoServices, Client $client, SessionInterface $session, UrlGeneratorInterface $router, TokenStorageInterface $tokenStorage)
public function __construct(Client $client, SessionInterface $session, TokenStorageInterface $tokenStorage)
{
$this->pdoServices = $pdoServices;
$this->session = $session;
$this->client = $client;
$this->router = $router;
$this->tokenStorage = $tokenStorage;
}

8
src/Kernel.php
View File

@ -2,7 +2,7 @@
namespace App;
use App\DependencyInjection\PdoExtension;
use App\DependencyInjection\SQLLoginExtension;
use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
use Symfony\Component\Config\Loader\LoaderInterface;
use Symfony\Component\DependencyInjection\ContainerBuilder;
@ -22,10 +22,10 @@ class Kernel extends BaseKernel
$this->microKernelConfigureContainer($loader);
$loader->load(function (ContainerBuilder $container) use ($loader) {
$envLanguage = \getenv('APP_LOCALES');
$envLanguage = getenv('APP_LOCALES');
$container->setParameter('app.supported_locales', explode(',', $envLanguage));
$container->registerExtension(new PdoExtension());
$loader->load($this->getConfigDir().'/pdo_configuration/*.{yml,yaml}', 'glob');
$container->registerExtension(new SQLLoginExtension());
$loader->load($this->getConfigDir().'/sql_login_configuration/*.{yml,yaml}', 'glob');
});
}
}

9
src/Pdo/Exception/InvalidLoginException.php
View File

@ -1,9 +0,0 @@
<?php
namespace App\Pdo\Exception;
use Exception;
class InvalidLoginException extends Exception
{
}

9
src/Pdo/Exception/InvalidPasswordException.php
View File

@ -1,9 +0,0 @@
<?php
namespace App\Pdo\Exception;
use Exception;
class InvalidPasswordException extends Exception
{
}

66
src/Pdo/PdoRequest.php
View File

@ -1,66 +0,0 @@
<?php
namespace App\Pdo;
class PdoRequest
{
public const DATA_TO_FETCH = 'data_to_fetch';
public const COLUMN_LOGIN_NAME = 'column_login_name';
public const COLUMN_PASSWORD_NAME = 'column_password_name';
public const TABLE_NAME = 'table_name';
protected array $config;
protected string $dsn;
protected string $user;
protected string $password;
public function __construct(array $config = [], string $dsn, string $user, string $password)
{
$this->config = $config;
$this->dsn = $dsn;
$this->user = $user;
$this->password = $password;
}
public function getDatabaseDsn()
{
return $this->dsn;
}
public function getDbUser()
{
return $this->user;
}
public function getDbPassword()
{
return $this->password;
}
public function getNameLogin()
{
return $this->config[self::COLUMN_LOGIN_NAME];
}
public function getNamePassword()
{
return $this->config[self::COLUMN_PASSWORD_NAME];
}
public function getRequestScope()
{
$scope = '';
foreach ($this->config[self::DATA_TO_FETCH] as $data) {
$scope .= $data.',';
}
$scope = substr($scope, 0, -1);
$request = 'SELECT '.$scope.' FROM '.$this->config[self::TABLE_NAME].' WHERE '.$this->config[self::COLUMN_LOGIN_NAME].' = :'.$this->config[self::COLUMN_LOGIN_NAME].';';
return $request;
}
public function getRequestLogin()
{
return 'SELECT '.$this->config[self::COLUMN_PASSWORD_NAME].' FROM '.$this->config[self::TABLE_NAME].' WHERE '.$this->config[self::COLUMN_LOGIN_NAME].' = :'.$this->config[self::COLUMN_LOGIN_NAME].';';
}
}

9
src/SQLLogin/Exception/InvalidSQLLoginException.php Normal file
View File

@ -0,0 +1,9 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class InvalidSQLLoginException extends Exception
{
}

9
src/SQLLogin/Exception/InvalidSQLPasswordException.php Normal file
View File

@ -0,0 +1,9 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class InvalidSQLPasswordException extends Exception
{
}

6
src/Pdo/PdoConnect.php → src/SQLLogin/SQLLoginConnect.php
View File

@ -1,11 +1,11 @@
<?php
namespace App\Pdo;
namespace App\SQLLogin;
use PDO;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
class PdoConnect extends AbstractController
class SQLLoginConnect extends AbstractController
{
/**
* @var Singleton
@ -35,7 +35,7 @@ class PdoConnect extends AbstractController
public static function getInstance()
{
if (is_null(self::$_instance)) {
self::$_instance = new PdoConnect();
self::$_instance = new SQLLoginConnect();
}
return self::$_instance;

77
src/SQLLogin/SQLLoginRequest.php Normal file
View File

@ -0,0 +1,77 @@
<?php
namespace App\SQLLogin;
class SQLLoginRequest
{
public const DATA_TO_FETCH = 'data_to_fetch';
public const LOGIN_COLUMN_NAME = 'login_column_name';
public const SALT_COLUMN_NAME = 'salt_column_name';
public const PASSWORD_COLUMN_NAME = 'password_column_name';
public const TABLE_NAME = 'table_name';
protected array $config;
protected string $dsn;
protected string $user;
protected string $password;
public function __construct(array $config = [], string $dsn, string $user, string $password)
{
$this->config = $config;
$this->dsn = $dsn;
$this->user = $user;
$this->password = $password;
}
public function getDatabaseDsn()
{
return $this->dsn;
}
public function getDbUser()
{
return $this->user;
}
public function getDbPassword()
{
return $this->password;
}
public function getLoginColumnName()
{
return $this->config[self::LOGIN_COLUMN_NAME];
}
public function egtPasswordColumnName()
{
return $this->config[self::PASSWORD_COLUMN_NAME];
}
public function getSaltColumnName()
{
return $this->config[self::SALT_COLUMN_NAME];
}
public function getRequestScope()
{
$scope = '';
foreach ($this->config[self::DATA_TO_FETCH] as $data) {
$scope .= $data.',';
}
$scope = substr($scope, 0, -1);
$request = 'SELECT '.$scope.' FROM '.$this->config[self::TABLE_NAME].' WHERE '.$this->config[self::LOGIN_COLUMN_NAME].' = :'.$this->config[self::LOGIN_COLUMN_NAME].';';
return $request;
}
public function getRequestPassword()
{
$passwordColumns = $this->config[self::PASSWORD_COLUMN_NAME];
if (!empty($this->config[self::SALT_COLUMN_NAME])) {
$passwordColumns .= ', '.$this->config[self::SALT_COLUMN_NAME];
}
return 'SELECT '.$passwordColumns.' FROM '.$this->config[self::TABLE_NAME].' WHERE '.$this->config[self::LOGIN_COLUMN_NAME].' = :'.$this->config[self::LOGIN_COLUMN_NAME].';';
}
}

49
src/Security/Hasher/PasswordEncoder.php Normal file
View File

@ -0,0 +1,49 @@
<?php
namespace App\Security\Hasher;
use App\SQLLogin\Exception\InvalidSQLPasswordException;
use Symfony\Component\PasswordHasher\Exception\InvalidPasswordException;
use Symfony\Component\PasswordHasher\Hasher\CheckPasswordLengthTrait;
use Symfony\Component\PasswordHasher\LegacyPasswordHasherInterface;
class PasswordEncoder implements LegacyPasswordHasherInterface
{
use CheckPasswordLengthTrait;
protected ?string $pepper;
protected string $hashAlgo;
public function __construct(?string $pepper, string $hashAlgo)
{
$this->pepper = $pepper;
$this->hashAlgo = $hashAlgo;
}
public function hash(string $plainPassword, string $salt = null): string
{
if ($this->isPasswordTooLong($plainPassword)) {
throw new InvalidPasswordException();
}
$hash = hash($this->hashAlgo, $plainPassword.$salt.$this->pepper);
return $hash;
}
public function verify(string $hashedPassword, string $plainPassword, string $salt = null): bool
{
if ('' === $plainPassword || $this->isPasswordTooLong($plainPassword)) {
return false;
}
if ($this->hash($plainPassword, $salt) === $hashedPassword) {
return true;
} else {
throw new InvalidSQLPasswordException();
}
}
public function needsRehash(string $hashedPassword): bool
{
return false;
}
}

25
src/Security/PdoUserAuthenticator.php → src/Security/SQLLoginUserAuthenticator.php
View File

@ -3,8 +3,9 @@
namespace App\Security;
use App\Entity\User;
use App\Pdo\Exception\InvalidPasswordException;
use App\Services\PdoService;
use App\Security\Hasher\PasswordEncoder;
use App\Service\SQLLoginService;
use App\SQLLogin\Exception\InvalidSQLPasswordException;
use PDOException;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
@ -19,7 +20,7 @@ use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
class PdoUserAuthenticator extends AbstractAuthenticator
class SQLLoginUserAuthenticator extends AbstractAuthenticator
{
public const LOGIN_ROUTE = 'app_login';
public const ERROR_LOGIN = 'error_login';
@ -27,14 +28,16 @@ class PdoUserAuthenticator extends AbstractAuthenticator
public const ERROR_PDO = 'error_pdo';
protected string $baseUrl;
private PdoService $pdoService;
private SQLLoginService $pdoService;
private UrlGeneratorInterface $router;
private PasswordEncoder $passwordHasher;
public function __construct(string $baseUrl, PdoService $pdoService, UrlGeneratorInterface $router)
public function __construct(string $baseUrl, SQLLoginService $pdoService, UrlGeneratorInterface $router, PasswordEncoder $passwordHasher)
{
$this->baseUrl = $baseUrl;
$this->pdoService = $pdoService;
$this->router = $router;
$this->passwordHasher = $passwordHasher;
}
/**
@ -65,20 +68,22 @@ class PdoUserAuthenticator extends AbstractAuthenticator
{
$form = $request->request->get('login');
$login = $form['login'];
$password = $form['password'];
$plaintextPassword = $form['password'];
$rememberMe = isset($form['_remember_me']) ? true : false;
try {
// requête préparée
$remoteHashedPassword = $this->pdoService->fetchPassword($login);
list($remoteHashedPassword, $remoteSalt) = $this->pdoService->fetchPassword($login);
} catch (PDOException $e) {
$request->getSession()->set(self::ERROR_PDO, true);
throw new AuthenticationException();
}
if ($remoteHashedPassword) {
try {
$this->pdoService->verifyPassword($password, $remoteHashedPassword);
// Comparaison remote hash et hash du input password + salt
$this->passwordHasher->verify($remoteHashedPassword, $plaintextPassword, $remoteSalt);
$attributes = $this->pdoService->fetchDatas($login);
$user = new User($login, $password, $attributes, $rememberMe);
$user = new User($login, $remoteHashedPassword, $attributes, $rememberMe);
$loader = function (string $userIdentifier) use ($user) {
return $user->getLogin() == $userIdentifier ? $user : null;
};
@ -89,7 +94,7 @@ class PdoUserAuthenticator extends AbstractAuthenticator
$passport->setAttribute('attributes', $user->getAttributes());
return $passport;
} catch (InvalidPasswordException $e) {
} catch (InvalidSQLPasswordException $e) {
$request->getSession()->set(self::ERROR_PASSWORD, true);
throw new AuthenticationException();
} catch (PDOException $e) {

2
src/Security/PdoUserProvider.php → src/Security/SQLLoginUserProvider.php
View File

@ -9,7 +9,7 @@ use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\UserProviderInterface;
class PdoUserProvider implements UserProviderInterface
class SQLLoginUserProvider implements UserProviderInterface
{
protected RequestStack $requestStack;

44
src/Services/PdoService.php → src/Service/SQLLoginService.php
View File

@ -1,25 +1,23 @@
<?php
namespace App\Services;
namespace App\Service;
use App\SQLLogin\SQLLoginConnect;
use App\SQLLogin\SQLLoginRequest;
use PDO;
use PDOException;
use App\Pdo\PdoConnect;
use App\Pdo\PdoRequest;
use Sentry\captureException;
use App\Pdo\Exception\InvalidPasswordException;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
class PdoService extends AbstractController
class SQLLoginService extends AbstractController
{
private $params;
public PdoRequest $pdoRequest;
public SQLLoginRequest $sqlLoginRequest;
public function __construct(ParameterBagInterface $params, PdoRequest $pdoRequest)
public function __construct(ParameterBagInterface $params, SQLLoginRequest $sqlLoginRequest)
{
$this->params = $params;
$this->pdoRequest = $pdoRequest;
$this->sqlLoginRequest = $sqlLoginRequest;
}
public function fetchDatas($login)
@ -28,11 +26,11 @@ class PdoService extends AbstractController
$dbh = $this->getConnection();
// forge de la requête
$request = $this->pdoRequest->getRequestScope();
$request = $this->sqlLoginRequest->getRequestScope();
// Préparation de la requête
$query = $dbh->prepare($request);
$query->execute([$this->pdoRequest->getNameLogin() => $login]);
$query->execute([$this->sqlLoginRequest->getLoginColumnName() => $login]);
$datas = $query->fetch(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
\Sentry\captureException($e);
@ -52,9 +50,9 @@ class PdoService extends AbstractController
{
try {
$dbh = $this->getConnection();
$request = $this->pdoRequest->getRequestLogin();
$request = $this->sqlLoginRequest->getRequestPassword();
$query = $dbh->prepare($request);
$query->execute([$this->pdoRequest->getNameLogin() => $login]);
$query->execute([$this->sqlLoginRequest->getLoginColumnName() => $login]);
$password = $query->fetch(PDO::FETCH_ASSOC);
} catch (PDOException $e) {
\Sentry\captureException($e);
@ -62,7 +60,10 @@ class PdoService extends AbstractController
throw new PDOException();
}
if ($password) {
return $password[$this->pdoRequest->getNamePassword()];
return [
$password[$this->sqlLoginRequest->egtPasswordColumnName()],
isset($password[$this->sqlLoginRequest->getSaltColumnName()]) ? $password[$this->sqlLoginRequest->getSaltColumnName()] : null,
];
}
return false;
@ -71,19 +72,8 @@ class PdoService extends AbstractController
public function getConnection()
{
// Appel du singleton
$pdo = PdoConnect::getInstance();
$pdo = SQLLoginConnect::getInstance();
// Connection bdd
return $pdo->connect($this->pdoRequest->getDatabaseDsn(), $this->pdoRequest->getDbUser(), $this->pdoRequest->getDbPassword());
}
public function verifyPassword($password, $hashedPassword)
{
$hashAlgo = $this->params->get('hashAlgo') ?? 'sha256';
if ($hashedPassword === hash($hashAlgo, $password)) {
return true;
} else {
throw new InvalidPasswordException();
}
return $pdo->connect($this->sqlLoginRequest->getDatabaseDsn(), $this->sqlLoginRequest->getDbUser(), $this->sqlLoginRequest->getDbPassword());
}
}

2
supervisord.pid
View File

@ -1 +1 @@
123
134