maj: sémantique, révision vérification ppassword

2022-12-14 16:38:46 +01:00
parent 52ecbae0c5
commit 441c0f563c
28 changed files with 314 additions and 207 deletions
--- a/src/Security/SQLLoginUserAuthenticator.php
+++ b/src/Security/SQLLoginUserAuthenticator.php
@ -0,0 +1,108 @@
+<?php
+
+namespace App\Security;
+
+use App\Entity\User;
+use App\Security\Hasher\PasswordEncoder;
+use App\Service\SQLLoginService;
+use App\SQLLogin\Exception\InvalidSQLPasswordException;
+use PDOException;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\RememberMeBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+
+class SQLLoginUserAuthenticator extends AbstractAuthenticator
+{
+    public const LOGIN_ROUTE = 'app_login';
+    public const ERROR_LOGIN = 'error_login';
+    public const ERROR_PASSWORD = 'error_password';
+    public const ERROR_PDO = 'error_pdo';
+
+    protected string $baseUrl;
+    private SQLLoginService $pdoService;
+    private UrlGeneratorInterface $router;
+    private PasswordEncoder $passwordHasher;
+
+    public function __construct(string $baseUrl, SQLLoginService $pdoService, UrlGeneratorInterface $router, PasswordEncoder $passwordHasher)
+    {
+        $this->baseUrl = $baseUrl;
+        $this->pdoService = $pdoService;
+        $this->router = $router;
+        $this->passwordHasher = $passwordHasher;
+    }
+
+    /**
+     * Called on every request to decide if this authenticator should be
+     * used for the request. Returning `false` will cause this authenticator
+     * to be skipped.
+     */
+    public function supports(Request $request): bool
+    {
+        return self::LOGIN_ROUTE === $request->attributes->get('_route') && $request->isMethod('POST');
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): ?Response
+    {
+        return new RedirectResponse($this->baseUrl.'/connect/login-accept');
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception);
+
+        return new RedirectResponse(
+            $this->router->generate('app_login')
+        );
+    }
+
+    public function authenticate(Request $request): Passport
+    {
+        $form = $request->request->get('login');
+        $login = $form['login'];
+        $plaintextPassword = $form['password'];
+        $rememberMe = isset($form['_remember_me']) ? true : false;
+        try {
+            // requête préparée
+            list($remoteHashedPassword, $remoteSalt) = $this->pdoService->fetchPassword($login);
+        } catch (PDOException $e) {
+            $request->getSession()->set(self::ERROR_PDO, true);
+            throw new AuthenticationException();
+        }
+        if ($remoteHashedPassword) {
+            try {
+                // Comparaison remote hash et hash du input password + salt
+                $this->passwordHasher->verify($remoteHashedPassword, $plaintextPassword, $remoteSalt);
+                $attributes = $this->pdoService->fetchDatas($login);
+                $user = new User($login, $remoteHashedPassword, $attributes, $rememberMe);
+
+                $loader = function (string $userIdentifier) use ($user) {
+                    return $user->getLogin() == $userIdentifier ? $user : null;
+                };
+                $passport = new SelfValidatingPassport(new UserBadge($login, $loader));
+                if ($rememberMe) {
+                    $passport->addBadge(new RememberMeBadge());
+                }
+                $passport->setAttribute('attributes', $user->getAttributes());
+
+                return $passport;
+            } catch (InvalidSQLPasswordException $e) {
+                $request->getSession()->set(self::ERROR_PASSWORD, true);
+                throw new AuthenticationException();
+            } catch (PDOException $e) {
+                $request->getSession()->set(self::ERROR_PDO, true);
+                throw new AuthenticationException();
+            }
+        }
+        $request->getSession()->set(self::ERROR_LOGIN, true);
+        throw new AuthenticationException();
+    }
+}