From 98733f3a01f5ba98a964b4704b5c05b5abca2755 Mon Sep 17 00:00:00 2001 From: rudy Date: Tue, 3 May 2022 15:09:42 +0200 Subject: [PATCH] factorisation --- config/services.yaml | 6 ++- src/Controller/MainController.php | 52 ++++++++++++-------- src/Entity/User.php | 61 ++---------------------- src/Form/UserType.php | 1 + src/Services/PdoServices.php | 7 ++- src/Validator/ExistingEmail.php | 18 ------- src/Validator/ExistingEmailValidator.php | 48 ------------------- supervisord.log | 52 ++++++++++++++++++++ supervisord.pid | 2 +- templates/login.html.twig | 20 ++++++-- 10 files changed, 114 insertions(+), 153 deletions(-) delete mode 100644 src/Validator/ExistingEmail.php delete mode 100644 src/Validator/ExistingEmailValidator.php diff --git a/config/services.yaml b/config/services.yaml index f81b2c1..e7b7edb 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -4,16 +4,20 @@ # Put parameters here that don't need to change on each machine where the app is deployed # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration parameters: - fetchDatas: "lastname, firstname, email, random " + fetchDatas: "lastname, firstname, email, random" # Paramètres de connexion base de données: "nome du serveur", "nom utilisateur", "mot de passe", "nom de la bdd", "port" urlDatabase: "%env(resolve:urlDatabase)%" dbUser: "%env(resolve:dbUser)%" dbPassword: "%env(resolve:dbPassword)%" queryHashPassword: "%env(resolve:queryHashPassword)%" + queryFetchDatas: "%env(resolve:queryFetchDatas)%" hashMethod: passwordColumnName: "password" userTableName: "USER" emailColumnName: "email" + urlLogoutSuccess: "http://portal.mse.local:8000/logout-success" + urlIssuer: + - "http://portal.mse.local:8000/" url_login_challenge: '%env(resolve:url_login_challenge)%' url_login_challenge_reject: '%env(resolve:url_login_challenge_reject)%' diff --git a/src/Controller/MainController.php b/src/Controller/MainController.php index ce9f3dd..adabe0e 100644 --- a/src/Controller/MainController.php +++ b/src/Controller/MainController.php @@ -14,14 +14,21 @@ use Symfony\Contracts\HttpClient\HttpClientInterface; use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Exception\BadRequestException; +use Symfony\Component\Routing\Generator\UrlGenerator; +use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationUtils; class MainController extends AbstractController { - /** + /** * @var Session */ private $session; + + /** + * @var UrlGeneratorInterface + */ + private $router; /** * @var HttpClientInterface @@ -29,11 +36,12 @@ class MainController extends AbstractController public $client; private $pdoServices; - public function __construct(PdoServices $pdoServices, HttpClientInterface $client, SessionInterface $session) + public function __construct(PdoServices $pdoServices, HttpClientInterface $client, SessionInterface $session, UrlGeneratorInterface $router) { $this->pdoServices = $pdoServices; $this->session = $session; $this->client = $client; + $this->router = $router; } /** @@ -67,45 +75,46 @@ class MainController extends AbstractController */ public function oauth(Request $request) { + if( $request->headers->get('referer') !== $this->router->generate('oauth_login', [], 0) && !in_array($request->headers->get('referer'), $this->getParameter('urlIssuer'))){ + throw new BadRequestException('Vous devez passer par le issuer pour vous connecter'); + } + $user = new User(); $loginForm = $this->createForm(UserType::class, $user); $loginForm->handleRequest($request); if($loginForm->isSubmitted() && $loginForm->isValid()){ $email = $loginForm->get('email')->getData(); - $dbh = $this->pdoServices->connection(); try { - //requête préparée - $query = $dbh->prepare($this->getParameter("queryHashPassword")."'".$email ."';"); - $query->execute(); - $hashPassword = $query->fetch(PDO::FETCH_ASSOC); + // requête préparée + $datas = $this->pdoServices->fetchDatas($email); - if(!$hashPassword){ + if(!$datas){ // Si le hash du password n'est pas trouvé, c'est que l'email n'existe pas, on retourne la page de login avec une erreur return $this->render('login.html.twig', [ - 'form'=>$loginForm->createView(), - "error"=> "mail non trouvé", + "form" => $loginForm->createView(), + "error_mail" => "mail non trouvé", ]); } - $hashPassword = array_values($hashPassword)[0]; + $hashPassword = $datas[$this->getParameter('passwordColumnName')]; $password = $loginForm->get('password')->getData(); if($this->pdoServices->verifyPassword($password, $hashPassword)){ - $this->session->set('datas', $this->pdoServices->fetchDatas($email)); + unset($datas[$this->getParameter('passwordColumnName')]); + $this->session->set('datas', $datas); $response = $this->client->request('PUT', $this->getParameter('url_login_challenge_accept').$this->session->get('challenge'), [ 'json' => [ 'subject' => $email, ], ]); // On initie l'acceptation du login challenge émis par hydra et on récupère l'url de redirection - // dd($response->toArray()); $redirect_to = $response->toArray()['redirect_to']; return $this->redirect($redirect_to, 301); }else{ return $this->render('login.html.twig', [ 'form'=>$loginForm->createView(), - "error"=> "Le mot de passe est incorrect" + "error_password"=> "Le mot de passe est incorrect" ]); } @@ -113,14 +122,9 @@ class MainController extends AbstractController }catch (\Exception $e){ dd($e); } - // $rememberMe = $loginForm->get('rememberMe')->getData(); - } - return $this->render('login.html.twig', [ 'form'=>$loginForm->createView(), - "error_mail"=>false, - "error_password"=>false ]); } @@ -162,4 +166,14 @@ class MainController extends AbstractController return $this->redirect($redirect_to, 301); } + + /** + * @Route("/oauth/logout", name="app_logout") + */ + public function logout() + { + $this->session->clear(); + + return $this->redirect($this->getParameter('urlLogoutSuccess')); + } } \ No newline at end of file diff --git a/src/Entity/User.php b/src/Entity/User.php index e333398..46a4e8a 100644 --- a/src/Entity/User.php +++ b/src/Entity/User.php @@ -3,19 +3,13 @@ namespace App\Entity; use App\Validator as AcmeAssert; -use Symfony\Component\Security\Core\User\UserInterface; -class User implements UserInterface +class User { - /** - * @AcmeAssert\ExistingEmail() - */ - private $email; + private string $email; - private $password; - private $datas; - private $rememberMe; - private $roles; + private string $password; + private string $rememberMe; public function getEmail(): ?string { @@ -29,7 +23,6 @@ class User implements UserInterface return $this; } - public function getPassword(): string { return $this->password; @@ -42,20 +35,6 @@ class User implements UserInterface return $this; } - public function addData($data): self - { - if (!$this->datas->contains($data)) { - $this->datas[] = $data; - } - - return $this; - } - - public function getDatas() - { - return $this->datas; - } - public function getRememberMe(): string { return $this->rememberMe; @@ -67,36 +46,4 @@ class User implements UserInterface return $this; } - public function getUserIdentifier() - { - return $this->email; - } - - public function getRoles(){ - return $this->roles; - } - - public function setRoles(array $roles): self - { - $this->roles = $roles; - - return $this; - } - - public function getSalt(){ - return ''; - } - - public function eraseCredentials(){ - return $this; - } - - public function getUsername(){ - return $this->email; - } - - public function __toString() - { - return $this->email; - } } \ No newline at end of file diff --git a/src/Form/UserType.php b/src/Form/UserType.php index d5f6c88..6e1f371 100644 --- a/src/Form/UserType.php +++ b/src/Form/UserType.php @@ -18,6 +18,7 @@ class UserType extends AbstractType { $builder ->add('email', EmailType::class, [ + "required"=>true ]) ->add("password", PasswordType::class, [ "attr" => ["class" => "password-field"], diff --git a/src/Services/PdoServices.php b/src/Services/PdoServices.php index 7b53cc9..2cd99cd 100644 --- a/src/Services/PdoServices.php +++ b/src/Services/PdoServices.php @@ -25,7 +25,9 @@ class PdoServices extends AbstractController { try { $dbh = $this->connection(); - $datas = $dbh->query("SELECT " . $this->getParameter('fetchDatas'). " from USER where email = '" . $email . "';")->fetch(PDO::FETCH_ASSOC); + $query = $dbh->prepare($this->getParameter('queryFetchDatas')); + $query->execute(['email'=> $email]); + $datas = $query->fetch(PDO::FETCH_ASSOC); } catch (PDOException $e) { print "Erreur !: " . $e->getMessage() . "
"; @@ -48,9 +50,6 @@ class PdoServices extends AbstractController default: return password_verify($password, $hashedPassword); break; - - - } } diff --git a/src/Validator/ExistingEmail.php b/src/Validator/ExistingEmail.php deleted file mode 100644 index 0ba5942..0000000 --- a/src/Validator/ExistingEmail.php +++ /dev/null @@ -1,18 +0,0 @@ -pdoServices = $pdoServices; - $this->params = $params; - } - public function validate($value, Constraint $constraint) - { - if (!$constraint instanceof ExistingEmail) { - throw new UnexpectedTypeException($constraint, ExistingEmail::class); - } - - // custom constraints should ignore null and empty values to allow - // other constraints (NotBlank, NotNull, etc.) to take care of that - if (null === $value || '' === $value) { - return; - } - $dbh = $this->pdoServices->connection(); - - $query = $dbh->prepare($this->params->get("queryHashPassword")."'".$value ."';"); - $query->execute(); - $hashPassword = $query->fetch(PDO::FETCH_ASSOC); - - if(!$hashPassword){ - $this->context->buildViolation( - $constraint->message - )->setParameter('{{ string }}', $value) - ->addViolation() - ; - } - } -} \ No newline at end of file diff --git a/supervisord.log b/supervisord.log index 67fd959..809054b 100644 --- a/supervisord.log +++ b/supervisord.log @@ -4248,3 +4248,55 @@ 2022-05-02 15:14:44,772 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022-05-02 15:14:44,773 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2022-05-02 15:14:44,773 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 10:10:40,758 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. +2022-05-03 10:10:41,070 INFO RPC interface 'supervisor' initialized +2022-05-03 10:10:41,071 CRIT Server 'unix_http_server' running without any HTTP authentication checking +2022-05-03 10:10:41,071 INFO supervisord started with pid 13 +2022-05-03 10:10:42,073 INFO spawned: 'apache2' with pid 14 +2022-05-03 10:10:42,074 INFO spawned: 'php-fpm' with pid 15 +2022-05-03 10:10:42,075 INFO spawned: 'rsyslog' with pid 16 +2022-05-03 10:10:43,153 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 10:10:43,153 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 10:10:43,154 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:34:50,492 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. +2022-05-03 11:34:50,494 INFO RPC interface 'supervisor' initialized +2022-05-03 11:34:50,494 CRIT Server 'unix_http_server' running without any HTTP authentication checking +2022-05-03 11:34:50,494 INFO supervisord started with pid 25 +2022-05-03 11:34:51,497 INFO spawned: 'apache2' with pid 26 +2022-05-03 11:34:51,499 INFO spawned: 'php-fpm' with pid 27 +2022-05-03 11:34:51,500 INFO spawned: 'rsyslog' with pid 28 +2022-05-03 11:34:52,524 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:34:52,524 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:34:52,524 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:43:10,052 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. +2022-05-03 11:43:10,054 INFO RPC interface 'supervisor' initialized +2022-05-03 11:43:10,054 CRIT Server 'unix_http_server' running without any HTTP authentication checking +2022-05-03 11:43:10,054 INFO supervisord started with pid 26 +2022-05-03 11:43:11,057 INFO spawned: 'apache2' with pid 27 +2022-05-03 11:43:11,058 INFO spawned: 'php-fpm' with pid 28 +2022-05-03 11:43:11,059 INFO spawned: 'rsyslog' with pid 29 +2022-05-03 11:43:12,075 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:43:12,075 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:43:12,075 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:54:33,580 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. +2022-05-03 11:54:33,885 INFO RPC interface 'supervisor' initialized +2022-05-03 11:54:33,885 CRIT Server 'unix_http_server' running without any HTTP authentication checking +2022-05-03 11:54:33,885 INFO supervisord started with pid 12 +2022-05-03 11:54:34,889 INFO spawned: 'apache2' with pid 13 +2022-05-03 11:54:34,892 INFO spawned: 'php-fpm' with pid 14 +2022-05-03 11:54:34,895 INFO spawned: 'rsyslog' with pid 15 +2022-05-03 11:54:35,921 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:54:35,921 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 11:54:35,922 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 14:32:10,672 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. +2022-05-03 14:32:10,978 INFO RPC interface 'supervisor' initialized +2022-05-03 14:32:10,978 CRIT Server 'unix_http_server' running without any HTTP authentication checking +2022-05-03 14:32:10,979 INFO supervisord started with pid 12 +2022-05-03 14:32:11,981 INFO spawned: 'apache2' with pid 13 +2022-05-03 14:32:11,984 INFO spawned: 'php-fpm' with pid 14 +2022-05-03 14:32:11,985 INFO spawned: 'rsyslog' with pid 15 +2022-05-03 14:32:11,997 INFO exited: rsyslog (exit status 1; not expected) +2022-05-03 14:32:13,008 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 14:32:13,009 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) +2022-05-03 14:32:13,011 INFO spawned: 'rsyslog' with pid 77 +2022-05-03 14:32:14,019 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) diff --git a/supervisord.pid b/supervisord.pid index 7273c0f..48082f7 100644 --- a/supervisord.pid +++ b/supervisord.pid @@ -1 +1 @@ -25 +12 diff --git a/templates/login.html.twig b/templates/login.html.twig index 157f992..312ca56 100644 --- a/templates/login.html.twig +++ b/templates/login.html.twig @@ -22,7 +22,7 @@ display:flex; flex-direction: column; } - .form-errors{ + .form-error{ color: red; } @@ -32,11 +32,21 @@ {% block body %}
{{ form_start(form)}} -
- {% if error is defined %}{{ error }}{% endif %} +
+ {{ form_row(form.email) }} + {% if error_mail is defined %} +
{{ error_mail }}
+ {% endif %} +
+
+ {{ form_row(form.password) }} + {% if error_password is defined %} +
{{ error_password }}
+ {% endif %} +
+
+ {{ form_row(form.rememberMe) }}
- {{ form_widget(form)}} - {{ form_end(form)}}