chore(login) #14318 : rework redirects during authentication flow

Reviewed-on: #60
Reviewed-by: Valentin Carroy <vcarroy@cadoles.com>

Jenkinsfile

@@ -4,7 +4,7 @@
 // Utilisation du pipeline partagé pour les applications Symfony de Cadoles
 // Le nom de l'image Docker passée en paramètre vous permet de préciser l'environnement de test
 // de votre application Symfony
-symfonyAppPipeline('ubuntu:22.04', [
+symfonyAppPipeline('ubuntu:25.04', [
     'hooks': [
         // Run docker image build, verification and publication stages
         'postSymfonyAppPipeline': {

composer.json

@@ -26,7 +26,6 @@
         "symfony/translation": "6.4.*",
         "symfony/twig-bundle": "6.4.*",
         "symfony/validator": "6.4.*",
-        "symfony/web-profiler-bundle": "6.4.*",
         "symfony/webpack-encore-bundle": "^1.16",
         "symfony/yaml": "6.4.*"
     },
@@ -81,6 +80,7 @@
     },
     "require-dev": {
         "rector/rector": "^2.1",
-        "symfony/debug-bundle": "6.4.*"
+        "symfony/debug-bundle": "6.4.*",
+        "symfony/web-profiler-bundle": "6.4.*"
     }
 }

composer.lock

@@ -6206,16 +6206,16 @@
         },
         {
             "name": "rector/rector",
-            "version": "2.1.0",
+            "version": "2.1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/rectorphp/rector.git",
-                "reference": "d513dea45a94394b660e15c155d1fa27826f8e30"
+                "reference": "d0917c069bb0d9bb06ed111cf052510f609015a4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/rectorphp/rector/zipball/d513dea45a94394b660e15c155d1fa27826f8e30",
-                "reference": "d513dea45a94394b660e15c155d1fa27826f8e30",
+                "url": "https://api.github.com/repos/rectorphp/rector/zipball/d0917c069bb0d9bb06ed111cf052510f609015a4",
+                "reference": "d0917c069bb0d9bb06ed111cf052510f609015a4",
                 "shasum": ""
             },
             "require": {
@@ -6254,7 +6254,7 @@
             ],
             "support": {
                 "issues": "https://github.com/rectorphp/rector/issues",
-                "source": "https://github.com/rectorphp/rector/tree/2.1.0"
+                "source": "https://github.com/rectorphp/rector/tree/2.1.1"
             },
             "funding": [
                 {
@@ -6262,7 +6262,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-06-24T20:26:57+00:00"
+            "time": "2025-07-10T11:31:31+00:00"
         },
         {
             "name": "symfony/debug-bundle",

misc/compose/hydra-sql/000-default.conf

@@ -8,7 +8,7 @@
     # Using SetHandler avoids issues with using ProxyPassMatch in combination
     # with mod_rewrite or mod_autoindex
     <FilesMatch \.php$>
-        SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://127.0.0.1:9000"
+        SetHandler "proxy:unix:/run/php/php8.4-fpm.sock|fcgi://127.0.0.1:9000"
         # for Unix sockets, Apache 2.4.10 or higher
         # SetHandler proxy:unix:/path/to/fpm.sock|fcgi://dummy
     </FilesMatch>

misc/compose/hydra-sql/Dockerfile

@@ -7,7 +7,7 @@ ARG https_proxy=
 
 ENV WAITFORIT_VERSION="v2.4.1"
 
-ARG PHP_VERSION="8.1"
+ARG PHP_VERSION="8.4"
 ENV PHP_VERSION $PHP_VERSION
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
@@ -68,14 +68,14 @@ RUN chmod +x /var/www/install-composer.sh &&\
 # On active les mods d'apache nécessaires
 RUN a2enmod rewrite
 RUN a2enmod proxy_fcgi setenvif
-RUN a2enconf php8.1-fpm
+RUN a2enconf php8.4-fpm
 RUN a2enmod proxy
 RUN a2enmod expires
 RUN a2enmod headers
 
 # On injecte les bonnes configs apache et php-fpm
 COPY 000-default.conf /etc/apache2/sites-available/000-default.conf
-COPY www.conf /etc/php/8.1/fpm/pool.d/www.conf
+COPY www.conf /etc/php/8.4/fpm/pool.d/www.conf
 
 EXPOSE 5000
 EXPOSE 80
@@ -83,8 +83,8 @@ EXPOSE 80
 WORKDIR /var/www
 
 # On démarre php-fpm une fois pour créer les sockets
-RUN service php8.1-fpm start
-RUN service php8.1-fpm stop
+RUN service php8.4-fpm start
+RUN service php8.4-fpm stop
 
 
 COPY docker-entrypoint.sh /docker-entrypoint.sh
@@ -99,7 +99,7 @@ RUN sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
 
 COPY rsyslog.conf /etc/rsyslog.d/var/www.conf
 COPY supervisor.ini /etc/supervisor/supervisor.ini
-COPY php.ini /etc/php/8.1/fpm/php.ini
+COPY php.ini /etc/php/8.4/fpm/php.ini
 
 VOLUME /container-lifecycle
 

misc/compose/hydra-sql/supervisor.ini

@@ -26,7 +26,7 @@ stderr_logfile_maxbytes=0
 
 [program:php-fpm]
 environment=HOSTNAME="%(ENV_HOSTNAME)s"
-command = /usr/sbin/php-fpm8.1 -F
+command = /usr/sbin/php-fpm8.4 -F
 autostart = true
 autorestart = true
 directory = /var/www

misc/compose/hydra-sql/www.conf

@@ -6,7 +6,7 @@ error_log=/dev/stderr
 user = www-data
 group = www-data
 
-listen = /run/php/php8.1-fpm.sock
+listen = /run/php/php8.4-fpm.sock
 
 listen.owner = www-data
 listen.group = www-data

rector.php

@@ -3,6 +3,7 @@
 declare(strict_types=1);
 
 use Rector\Config\RectorConfig;
+use Rector\Renaming\Rector\Class_\RenameAttributeRector;
 use Rector\Symfony\Set\SymfonySetList;
 
 return static function (RectorConfig $rectorConfig): void {
@@ -15,7 +16,13 @@ return static function (RectorConfig $rectorConfig): void {
         SymfonySetList::SYMFONY_61,
         SymfonySetList::SYMFONY_62,
         SymfonySetList::SYMFONY_63,
+        SymfonySetList::SYMFONY_64,
         SymfonySetList::SYMFONY_CODE_QUALITY,
         SymfonySetList::SYMFONY_CONSTRUCTOR_INJECTION,
     ]);
+
+    $rectorConfig->importShortClasses(false);
+    $rectorConfig->skip([
+        RenameAttributeRector::class
+    ]);
 };

src/Controller/MainController.php

@@ -20,7 +20,8 @@ class MainController extends AbstractController
     public function __construct(
         private readonly RequestStack $requestStack,
         private readonly HydraService $hydra,
-        private readonly Client $client
+        private readonly Client $client,
+        private readonly SQLLoginRequest $sqlLoginRequest
     ){
     }
 
@@ -40,7 +41,7 @@ class MainController extends AbstractController
     }
 
     #[Route('/connect/login-accept', name: 'app_login_accept', methods: ['GET'])]
-    public function loginAccept(SQLLoginRequest $sqlLoginRequest): RedirectResponse
+    public function loginAccept(): RedirectResponse
     {
         $user = $this->getUser();
 
@@ -54,7 +55,7 @@ class MainController extends AbstractController
 
         $subject = $user->getLogin();
 
-        $subjectRewriteExpression = $sqlLoginRequest->getSubjectRewriteExpression();
+        $subjectRewriteExpression = $this->sqlLoginRequest->getSubjectRewriteExpression();
         if (null != $subjectRewriteExpression) {
             $expressionLanguage = new ExpressionLanguage();
 

src/Hydra/HydraService.php

@@ -39,7 +39,7 @@ class HydraService extends AbstractController
         // si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
         $this->requestStack->getSession()->set('challenge', $loginRequestInfo['challenge']);
 
-        return new RedirectResponse($this->baseUrl.'/connect/login-accept');
+        return new RedirectResponse($this->baseUrl.'/login');
     }
 
     public function handleConsentRequest(Request $request): RedirectResponse

src/Security/SQLLoginUserAuthenticator.php

@@ -60,7 +60,7 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
     public function authenticate(Request $request): SelfValidatingPassport
     {
         $form = $request->request->all(key: 'login');
-        $login = $form['login'];
+        $login = \strtolower($form['login']);
         $plaintextPassword = $form['password'];
         $session = $request->getSession();
         try {

src/Service/SQLLoginService.php

@@ -28,7 +28,6 @@ class SQLLoginService extends AbstractController
     public function fetchPasswordAndDatas(string $login): array
     {
         $dataRequest = $this->sqlLoginRequest->getDatasRequest();
-        $login = \strtolower($login);
         $datas = $this->executeRequestWithLogin($dataRequest, $login);
 
         return $datas;