environnement complet autonome, révision complete de la méthode, ajout de configuration
This commit is contained in:
85
src/Hydra/HydraService.php
Normal file
85
src/Hydra/HydraService.php
Normal file
@ -0,0 +1,85 @@
|
||||
<?php
|
||||
|
||||
namespace App\Hydra;
|
||||
|
||||
use App\Hydra\Exception\InvalidChallengeException;
|
||||
use App\Services\PdoService;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
|
||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||
|
||||
class HydraService extends AbstractController
|
||||
{
|
||||
public SessionInterface $session;
|
||||
public UrlGeneratorInterface $router;
|
||||
public Client $client;
|
||||
public PdoService $pdoServices;
|
||||
public TokenStorageInterface $tokenStorage;
|
||||
|
||||
public function __construct(PdoService $pdoServices, Client $client, SessionInterface $session, UrlGeneratorInterface $router, TokenStorageInterface $tokenStorage)
|
||||
{
|
||||
$this->pdoServices = $pdoServices;
|
||||
$this->session = $session;
|
||||
$this->client = $client;
|
||||
$this->router = $router;
|
||||
$this->tokenStorage = $tokenStorage;
|
||||
}
|
||||
|
||||
public function handleLoginRequest(Request $request)
|
||||
{
|
||||
$challenge = $request->query->get('login_challenge');
|
||||
// S'il n'y a pas de challenge, on déclenche une bad request
|
||||
if (empty($challenge)) {
|
||||
throw new InvalidChallengeException();
|
||||
}
|
||||
// Fetch Hydra login request info
|
||||
$res = $this->client->fetchLoginRequestInfo($challenge);
|
||||
$loginRequestInfo = $res->toArray();
|
||||
if (200 !== $res->getStatusCode()) {
|
||||
$this->session->clear();
|
||||
throw new BadRequestException('pas de code 200');
|
||||
}
|
||||
// si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
|
||||
$this->session->set('challenge', $loginRequestInfo['challenge']);
|
||||
|
||||
return $this->redirectToRoute('app_login');
|
||||
}
|
||||
|
||||
public function handleConsentRequest(Request $request)
|
||||
{
|
||||
$challenge = $request->query->get('consent_challenge');
|
||||
if (!$challenge) {
|
||||
throw new BadRequestException("Le challenge n'est pas disponible");
|
||||
}
|
||||
|
||||
$consentRequestInfo = $this->client->fetchConsentRequestInfo($challenge)->toArray();
|
||||
/** @var User */
|
||||
$user = $this->getUser();
|
||||
$consentAcceptResponse = $this->client->acceptConsentRequest($consentRequestInfo['challenge'], [
|
||||
'grant_scope' => $consentRequestInfo['requested_scope'],
|
||||
'session' => [
|
||||
'id_token' => $user->getAttributes(),
|
||||
],
|
||||
])->toArray();
|
||||
|
||||
return new RedirectResponse($consentAcceptResponse['redirect_to']);
|
||||
}
|
||||
|
||||
public function handleLogoutRequest(Request $request)
|
||||
{
|
||||
$logoutChallenge = $request->get('logout_challenge');
|
||||
if (empty($logoutChallenge)) {
|
||||
throw new InvalidChallengeException();
|
||||
}
|
||||
$logoutRequestInfo = $this->client->fetchLogoutRequestInfo($logoutChallenge)->toArray();
|
||||
$logoutAcceptRes = $this->client->acceptLogoutRequest($logoutRequestInfo['challenge'])->toArray();
|
||||
$this->session->clear();
|
||||
$this->tokenStorage->setToken();
|
||||
|
||||
return new RedirectResponse($logoutAcceptRes['redirect_to']);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user