ajout param enabled 2fa, trusted headers

2025-09-19 11:32:11 +02:00
parent 148f05ef79
commit 6667f44aac
5 changed files with 37 additions and 16 deletions
--- a/.env
+++ b/.env
@@ -45,4 +45,5 @@ ALTCHA_DELAY=100
 ALTCHA_MOCK_ERROR=false
 ALTCHA_ENABLED=true

-ENABLED_2FA=true
+ENABLED_2FA=true
+URL_2FA=http://localhost:8070/2fa
--- a/compose.yml
+++ b/compose.yml
@@ -123,17 +123,17 @@ services:
      - postgres:/var/lib/pgsql/data
      - /etc/localtime:/etc/localtime:ro

-  pgadmin:
-    image: dpage/pgadmin4
-    ports:
-      - 8085:80
-    restart: always
-    environment:
-      PGADMIN_DEFAULT_EMAIL: admin@admin.com
-      PGADMIN_DEFAULT_PASSWORD: admin
-      PGADMIN_SERVER_JSON_FILE: /pgadminfile/server.json
-    volumes:
-      - ./misc/compose/pgadmin:/pgadminfile/:ro
+  # pgadmin:
+  #   image: dpage/pgadmin4
+  #   ports:
+  #     - 8085:80
+  #   restart: always
+  #   environment:
+  #     PGADMIN_DEFAULT_EMAIL: admin@admin.com
+  #     PGADMIN_DEFAULT_PASSWORD: admin
+  #     PGADMIN_SERVER_JSON_FILE: /pgadminfile/server.json
+  #   volumes:
+  #     - ./misc/compose/pgadmin:/pgadminfile/:ro
  mariadb:
    image: mariadb:10.10
    environment:
@@ -169,7 +169,17 @@ services:
      ports:
        - "8070:80"  # Mappe le port 80 du conteneur sur 8081 de l'hôte
      depends_on:
-        - mariadb  # Si tu utilises la DB partagée  
+        - postgres  # Si tu utilises la DB partagée  
+  pgweb:
+    container_name: pgweb
+    restart: always
+    image: sosedoff/pgweb
+    ports: 
+      - "8095:8081" 
+    environment:
+      - PGWEB_DATABASE_URL=postgres://lasql:lasql@postgres:5432/lasql?sslmode=disable
+    depends_on:
+      - postgres
 volumes:
  postgres:
  mariadb:
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -29,7 +29,14 @@ framework:
    php_errors:
        log: true
    error_controller: App\Controller\CustomErrorController::show
-
+    trusted_headers:
+        [
+        "x-forwarded-for",
+        "x-forwarded-host",
+        "x-forwarded-proto",
+        "x-forwarded-port",
+        "x-forwarded-prefix",
+        ]
 when@test:
    framework:
        test: true
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -53,6 +53,7 @@ services:
            $baseUrl: '%base_url%'
    App\Controller\MainController:
        arguments:
+            $url2fa: '%env(string:URL_2FA)%'
            $enabled2fa: '%env(bool:ENABLED_2FA)%'
    App\SQLLogin\SQLLoginRequest:
        arguments:
--- a/src/Controller/MainController.php
+++ b/src/Controller/MainController.php
@@ -21,6 +21,7 @@ class MainController extends AbstractController
        private readonly RequestStack $requestStack,
        private readonly HydraService $hydra,
        private readonly Client $client,
+        private readonly string $url2fa,
        private readonly bool $enabled2fa
    ) {
    }
@@ -43,8 +44,6 @@ class MainController extends AbstractController
    #[Route('/connect/login-accept', name: 'app_login_accept', methods: ['GET'])]
    public function loginAccept(SQLLoginRequest $sqlLoginRequest): RedirectResponse
    {
-        dd($this->enabled2fa);
-
        $user = $this->getUser();

        if (!$user instanceof User) {
@@ -64,6 +63,9 @@ class MainController extends AbstractController
            $subject = $expressionLanguage->evaluate($subjectRewriteExpression, $user->getAttributes());
        }

+        if ($this->url2fa) {
+            return $this->redirect($this->url2fa.'?loginchallenge='.$challenge.'&identifier='.$subject);
+        }
        $loginAcceptRes = $this->client->acceptLoginRequest($challenge, [
            'subject' => $subject,
            'remember' => true,