factorisation
This commit is contained in:
@ -14,14 +14,21 @@ use Symfony\Contracts\HttpClient\HttpClientInterface;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
||||
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
|
||||
use Symfony\Component\Routing\Generator\UrlGenerator;
|
||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
|
||||
|
||||
class MainController extends AbstractController
|
||||
{
|
||||
/**
|
||||
/**
|
||||
* @var Session
|
||||
*/
|
||||
private $session;
|
||||
|
||||
/**
|
||||
* @var UrlGeneratorInterface
|
||||
*/
|
||||
private $router;
|
||||
|
||||
/**
|
||||
* @var HttpClientInterface
|
||||
@ -29,11 +36,12 @@ class MainController extends AbstractController
|
||||
public $client;
|
||||
private $pdoServices;
|
||||
|
||||
public function __construct(PdoServices $pdoServices, HttpClientInterface $client, SessionInterface $session)
|
||||
public function __construct(PdoServices $pdoServices, HttpClientInterface $client, SessionInterface $session, UrlGeneratorInterface $router)
|
||||
{
|
||||
$this->pdoServices = $pdoServices;
|
||||
$this->session = $session;
|
||||
$this->client = $client;
|
||||
$this->router = $router;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -67,45 +75,46 @@ class MainController extends AbstractController
|
||||
*/
|
||||
public function oauth(Request $request)
|
||||
{
|
||||
if( $request->headers->get('referer') !== $this->router->generate('oauth_login', [], 0) && !in_array($request->headers->get('referer'), $this->getParameter('urlIssuer'))){
|
||||
throw new BadRequestException('Vous devez passer par le issuer pour vous connecter');
|
||||
}
|
||||
|
||||
$user = new User();
|
||||
$loginForm = $this->createForm(UserType::class, $user);
|
||||
$loginForm->handleRequest($request);
|
||||
if($loginForm->isSubmitted() && $loginForm->isValid()){
|
||||
$email = $loginForm->get('email')->getData();
|
||||
$dbh = $this->pdoServices->connection();
|
||||
try {
|
||||
//requête préparée
|
||||
$query = $dbh->prepare($this->getParameter("queryHashPassword")."'".$email ."';");
|
||||
$query->execute();
|
||||
$hashPassword = $query->fetch(PDO::FETCH_ASSOC);
|
||||
// requête préparée
|
||||
$datas = $this->pdoServices->fetchDatas($email);
|
||||
|
||||
if(!$hashPassword){
|
||||
if(!$datas){
|
||||
// Si le hash du password n'est pas trouvé, c'est que l'email n'existe pas, on retourne la page de login avec une erreur
|
||||
return $this->render('login.html.twig', [
|
||||
'form'=>$loginForm->createView(),
|
||||
"error"=> "mail non trouvé",
|
||||
"form" => $loginForm->createView(),
|
||||
"error_mail" => "mail non trouvé",
|
||||
|
||||
]);
|
||||
}
|
||||
$hashPassword = array_values($hashPassword)[0];
|
||||
$hashPassword = $datas[$this->getParameter('passwordColumnName')];
|
||||
$password = $loginForm->get('password')->getData();
|
||||
|
||||
if($this->pdoServices->verifyPassword($password, $hashPassword)){
|
||||
$this->session->set('datas', $this->pdoServices->fetchDatas($email));
|
||||
unset($datas[$this->getParameter('passwordColumnName')]);
|
||||
$this->session->set('datas', $datas);
|
||||
$response = $this->client->request('PUT', $this->getParameter('url_login_challenge_accept').$this->session->get('challenge'), [
|
||||
'json' => [
|
||||
'subject' => $email,
|
||||
],
|
||||
]);
|
||||
// On initie l'acceptation du login challenge émis par hydra et on récupère l'url de redirection
|
||||
// dd($response->toArray());
|
||||
$redirect_to = $response->toArray()['redirect_to'];
|
||||
return $this->redirect($redirect_to, 301);
|
||||
|
||||
}else{
|
||||
return $this->render('login.html.twig', [
|
||||
'form'=>$loginForm->createView(),
|
||||
"error"=> "Le mot de passe est incorrect"
|
||||
"error_password"=> "Le mot de passe est incorrect"
|
||||
|
||||
]);
|
||||
}
|
||||
@ -113,14 +122,9 @@ class MainController extends AbstractController
|
||||
}catch (\Exception $e){
|
||||
dd($e);
|
||||
}
|
||||
// $rememberMe = $loginForm->get('rememberMe')->getData();
|
||||
|
||||
}
|
||||
|
||||
return $this->render('login.html.twig', [
|
||||
'form'=>$loginForm->createView(),
|
||||
"error_mail"=>false,
|
||||
"error_password"=>false
|
||||
]);
|
||||
}
|
||||
|
||||
@ -162,4 +166,14 @@ class MainController extends AbstractController
|
||||
return $this->redirect($redirect_to, 301);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @Route("/oauth/logout", name="app_logout")
|
||||
*/
|
||||
public function logout()
|
||||
{
|
||||
$this->session->clear();
|
||||
|
||||
return $this->redirect($this->getParameter('urlLogoutSuccess'));
|
||||
}
|
||||
}
|
||||
@ -3,19 +3,13 @@
|
||||
namespace App\Entity;
|
||||
|
||||
use App\Validator as AcmeAssert;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
|
||||
class User implements UserInterface
|
||||
class User
|
||||
{
|
||||
/**
|
||||
* @AcmeAssert\ExistingEmail()
|
||||
*/
|
||||
private $email;
|
||||
private string $email;
|
||||
|
||||
private $password;
|
||||
private $datas;
|
||||
private $rememberMe;
|
||||
private $roles;
|
||||
private string $password;
|
||||
private string $rememberMe;
|
||||
|
||||
public function getEmail(): ?string
|
||||
{
|
||||
@ -29,7 +23,6 @@ class User implements UserInterface
|
||||
return $this;
|
||||
}
|
||||
|
||||
|
||||
public function getPassword(): string
|
||||
{
|
||||
return $this->password;
|
||||
@ -42,20 +35,6 @@ class User implements UserInterface
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function addData($data): self
|
||||
{
|
||||
if (!$this->datas->contains($data)) {
|
||||
$this->datas[] = $data;
|
||||
}
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getDatas()
|
||||
{
|
||||
return $this->datas;
|
||||
}
|
||||
|
||||
public function getRememberMe(): string
|
||||
{
|
||||
return $this->rememberMe;
|
||||
@ -67,36 +46,4 @@ class User implements UserInterface
|
||||
|
||||
return $this;
|
||||
}
|
||||
public function getUserIdentifier()
|
||||
{
|
||||
return $this->email;
|
||||
}
|
||||
|
||||
public function getRoles(){
|
||||
return $this->roles;
|
||||
}
|
||||
|
||||
public function setRoles(array $roles): self
|
||||
{
|
||||
$this->roles = $roles;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getSalt(){
|
||||
return '';
|
||||
}
|
||||
|
||||
public function eraseCredentials(){
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getUsername(){
|
||||
return $this->email;
|
||||
}
|
||||
|
||||
public function __toString()
|
||||
{
|
||||
return $this->email;
|
||||
}
|
||||
}
|
||||
@ -18,6 +18,7 @@ class UserType extends AbstractType
|
||||
{
|
||||
$builder
|
||||
->add('email', EmailType::class, [
|
||||
"required"=>true
|
||||
])
|
||||
->add("password", PasswordType::class, [
|
||||
"attr" => ["class" => "password-field"],
|
||||
|
||||
@ -25,7 +25,9 @@ class PdoServices extends AbstractController
|
||||
{
|
||||
try {
|
||||
$dbh = $this->connection();
|
||||
$datas = $dbh->query("SELECT " . $this->getParameter('fetchDatas'). " from USER where email = '" . $email . "';")->fetch(PDO::FETCH_ASSOC);
|
||||
$query = $dbh->prepare($this->getParameter('queryFetchDatas'));
|
||||
$query->execute(['email'=> $email]);
|
||||
$datas = $query->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
} catch (PDOException $e) {
|
||||
print "Erreur !: " . $e->getMessage() . "<br/>";
|
||||
@ -48,9 +50,6 @@ class PdoServices extends AbstractController
|
||||
default:
|
||||
return password_verify($password, $hashedPassword);
|
||||
break;
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1,18 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Validator;
|
||||
|
||||
use Symfony\Component\Validator\Constraint;
|
||||
|
||||
/**
|
||||
* @Annotation
|
||||
*/
|
||||
class ExistingEmail extends Constraint
|
||||
{
|
||||
public $message = 'Le mail "{{ string }}" n\'existe pas.';
|
||||
|
||||
public function validatedBy()
|
||||
{
|
||||
return static::class.'Validator';
|
||||
}
|
||||
}
|
||||
@ -1,48 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Validator;
|
||||
|
||||
use PDO;
|
||||
use App\Services\PdoServices;
|
||||
use App\Validator\ExistingEmail;
|
||||
use Symfony\Component\Validator\Constraint;
|
||||
use Symfony\Component\Validator\ConstraintValidator;
|
||||
use Symfony\Component\Validator\Exception\UnexpectedTypeException;
|
||||
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
|
||||
|
||||
class ExistingEmailValidator extends ConstraintValidator
|
||||
{
|
||||
|
||||
private PdoServices $pdoServices;
|
||||
public $params;
|
||||
public function __construct(PdoServices $pdoServices, ParameterBagInterface $params)
|
||||
{
|
||||
$this->pdoServices = $pdoServices;
|
||||
$this->params = $params;
|
||||
}
|
||||
public function validate($value, Constraint $constraint)
|
||||
{
|
||||
if (!$constraint instanceof ExistingEmail) {
|
||||
throw new UnexpectedTypeException($constraint, ExistingEmail::class);
|
||||
}
|
||||
|
||||
// custom constraints should ignore null and empty values to allow
|
||||
// other constraints (NotBlank, NotNull, etc.) to take care of that
|
||||
if (null === $value || '' === $value) {
|
||||
return;
|
||||
}
|
||||
$dbh = $this->pdoServices->connection();
|
||||
|
||||
$query = $dbh->prepare($this->params->get("queryHashPassword")."'".$value ."';");
|
||||
$query->execute();
|
||||
$hashPassword = $query->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if(!$hashPassword){
|
||||
$this->context->buildViolation(
|
||||
$constraint->message
|
||||
)->setParameter('{{ string }}', $value)
|
||||
->addViolation()
|
||||
;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user