From 6667f44aac0894fab46d2a1cbcec9811904856a8 Mon Sep 17 00:00:00 2001 From: rudy Date: Fri, 19 Sep 2025 11:32:11 +0200 Subject: [PATCH] ajout param enabled 2fa, trusted headers --- .env | 3 ++- compose.yml | 34 ++++++++++++++++++++----------- config/packages/framework.yaml | 9 +++++++- config/services.yaml | 1 + src/Controller/MainController.php | 6 ++++-- 5 files changed, 37 insertions(+), 16 deletions(-) diff --git a/.env b/.env index d1d5fec..0c016c0 100644 --- a/.env +++ b/.env @@ -45,4 +45,5 @@ ALTCHA_DELAY=100 ALTCHA_MOCK_ERROR=false ALTCHA_ENABLED=true -ENABLED_2FA=true \ No newline at end of file +ENABLED_2FA=true +URL_2FA=http://localhost:8070/2fa \ No newline at end of file diff --git a/compose.yml b/compose.yml index 50a0e1d..6aad46e 100644 --- a/compose.yml +++ b/compose.yml @@ -123,17 +123,17 @@ services: - postgres:/var/lib/pgsql/data - /etc/localtime:/etc/localtime:ro - pgadmin: - image: dpage/pgadmin4 - ports: - - 8085:80 - restart: always - environment: - PGADMIN_DEFAULT_EMAIL: admin@admin.com - PGADMIN_DEFAULT_PASSWORD: admin - PGADMIN_SERVER_JSON_FILE: /pgadminfile/server.json - volumes: - - ./misc/compose/pgadmin:/pgadminfile/:ro + # pgadmin: + # image: dpage/pgadmin4 + # ports: + # - 8085:80 + # restart: always + # environment: + # PGADMIN_DEFAULT_EMAIL: admin@admin.com + # PGADMIN_DEFAULT_PASSWORD: admin + # PGADMIN_SERVER_JSON_FILE: /pgadminfile/server.json + # volumes: + # - ./misc/compose/pgadmin:/pgadminfile/:ro mariadb: image: mariadb:10.10 environment: @@ -169,7 +169,17 @@ services: ports: - "8070:80" # Mappe le port 80 du conteneur sur 8081 de l'hôte depends_on: - - mariadb # Si tu utilises la DB partagée + - postgres # Si tu utilises la DB partagée + pgweb: + container_name: pgweb + restart: always + image: sosedoff/pgweb + ports: + - "8095:8081" + environment: + - PGWEB_DATABASE_URL=postgres://lasql:lasql@postgres:5432/lasql?sslmode=disable + depends_on: + - postgres volumes: postgres: mariadb: diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml index a078eb2..c342c79 100644 --- a/config/packages/framework.yaml +++ b/config/packages/framework.yaml @@ -29,7 +29,14 @@ framework: php_errors: log: true error_controller: App\Controller\CustomErrorController::show - + trusted_headers: + [ + "x-forwarded-for", + "x-forwarded-host", + "x-forwarded-proto", + "x-forwarded-port", + "x-forwarded-prefix", + ] when@test: framework: test: true diff --git a/config/services.yaml b/config/services.yaml index 8d42b10..79d9370 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -53,6 +53,7 @@ services: $baseUrl: '%base_url%' App\Controller\MainController: arguments: + $url2fa: '%env(string:URL_2FA)%' $enabled2fa: '%env(bool:ENABLED_2FA)%' App\SQLLogin\SQLLoginRequest: arguments: diff --git a/src/Controller/MainController.php b/src/Controller/MainController.php index d15a4fd..2a692db 100644 --- a/src/Controller/MainController.php +++ b/src/Controller/MainController.php @@ -21,6 +21,7 @@ class MainController extends AbstractController private readonly RequestStack $requestStack, private readonly HydraService $hydra, private readonly Client $client, + private readonly string $url2fa, private readonly bool $enabled2fa ) { } @@ -43,8 +44,6 @@ class MainController extends AbstractController #[Route('/connect/login-accept', name: 'app_login_accept', methods: ['GET'])] public function loginAccept(SQLLoginRequest $sqlLoginRequest): RedirectResponse { - dd($this->enabled2fa); - $user = $this->getUser(); if (!$user instanceof User) { @@ -64,6 +63,9 @@ class MainController extends AbstractController $subject = $expressionLanguage->evaluate($subjectRewriteExpression, $user->getAttributes()); } + if ($this->url2fa) { + return $this->redirect($this->url2fa.'?loginchallenge='.$challenge.'&identifier='.$subject); + } $loginAcceptRes = $this->client->acceptLoginRequest($challenge, [ 'subject' => $subject, 'remember' => true,