ajout param enabled 2fa, trusted headers

Update compose to use
2025-09-19 11:32:11 +02:00 · 2025-09-18 10:39:18 +02:00
5 changed files with 57 additions and 17 deletions
--- a/.env
+++ b/.env
@@ -14,7 +14,7 @@
 # https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration

 ###> symfony/framework-bundle ###
-APP_ENV=prod
+APP_ENV=dev
 APP_SECRET=406ccaa0c76a451fdcc2307ea146cbef
 URL_LINK="http://localhost"

@@ -44,3 +44,6 @@ ALTCHA_WORKERS=8
 ALTCHA_DELAY=100
 ALTCHA_MOCK_ERROR=false
 ALTCHA_ENABLED=true
+
+ENABLED_2FA=true
+URL_2FA=http://localhost:8070/2fa
--- a/compose.yml
+++ b/compose.yml
@@ -59,7 +59,6 @@ services:
      - HASH_ALGO_LEGACY="sha256"
      - SECURITY_PATTERN=password,salt,pepper
      - CADDY_HTTP_PORT=8071
-
  oidc-test:
    image: bornholm/oidc-test:v0.0.0-1-g936a77e
    environment:
@@ -124,17 +123,17 @@ services:
      - postgres:/var/lib/pgsql/data
      - /etc/localtime:/etc/localtime:ro

-  pgadmin:
-    image: dpage/pgadmin4
-    ports:
-      - 8085:80
-    restart: always
-    environment:
-      PGADMIN_DEFAULT_EMAIL: admin@admin.com
-      PGADMIN_DEFAULT_PASSWORD: admin
-      PGADMIN_SERVER_JSON_FILE: /pgadminfile/server.json
-    volumes:
-      - ./misc/compose/pgadmin:/pgadminfile/:ro
+  # pgadmin:
+  #   image: dpage/pgadmin4
+  #   ports:
+  #     - 8085:80
+  #   restart: always
+  #   environment:
+  #     PGADMIN_DEFAULT_EMAIL: admin@admin.com
+  #     PGADMIN_DEFAULT_PASSWORD: admin
+  #     PGADMIN_SERVER_JSON_FILE: /pgadminfile/server.json
+  #   volumes:
+  #     - ./misc/compose/pgadmin:/pgadminfile/:ro
  mariadb:
    image: mariadb:10.10
    environment:
@@ -158,6 +157,29 @@ services:
    image: reg.cadoles.com/cadoles/altcha:2024.10.29-develop.1213.22e038b
    environment:
      ALTCHA_HMAC_KEY: 'change_me'
+  hydra-2fa:
+      build:
+        context: ../hydra-2fa  # Répertoire du sous-projet
+        dockerfile: Dockerfile
+      volumes:
+        - ../hydra-2fa:/app  # Montage pour synchronisation en temps réel (ajuste si le WORKDIR change)
+      environment:
+        - APP_ENV=dev
+        - APP_DEBUG=1  # Pour mode debug en dev
+      ports:
+        - "8070:80"  # Mappe le port 80 du conteneur sur 8081 de l'hôte
+      depends_on:
+        - postgres  # Si tu utilises la DB partagée  
+  pgweb:
+    container_name: pgweb
+    restart: always
+    image: sosedoff/pgweb
+    ports: 
+      - "8095:8081" 
+    environment:
+      - PGWEB_DATABASE_URL=postgres://lasql:lasql@postgres:5432/lasql?sslmode=disable
+    depends_on:
+      - postgres
 volumes:
  postgres:
  mariadb:
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -29,7 +29,14 @@ framework:
    php_errors:
        log: true
    error_controller: App\Controller\CustomErrorController::show
-
+    trusted_headers:
+        [
+        "x-forwarded-for",
+        "x-forwarded-host",
+        "x-forwarded-proto",
+        "x-forwarded-port",
+        "x-forwarded-prefix",
+        ]
 when@test:
    framework:
        test: true
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -51,7 +51,10 @@ services:
    App\Hydra\HydraService:
        arguments:
            $baseUrl: '%base_url%'
-
+    App\Controller\MainController:
+        arguments:
+            $url2fa: '%env(string:URL_2FA)%'
+            $enabled2fa: '%env(bool:ENABLED_2FA)%'
    App\SQLLogin\SQLLoginRequest:
        arguments:
            $config: []
--- a/src/Controller/MainController.php
+++ b/src/Controller/MainController.php
@@ -20,8 +20,10 @@ class MainController extends AbstractController
    public function __construct(
        private readonly RequestStack $requestStack,
        private readonly HydraService $hydra,
-        private readonly Client $client
-    ){
+        private readonly Client $client,
+        private readonly string $url2fa,
+        private readonly bool $enabled2fa
+    ) {
    }

    #[Route('/', name: 'app_home')]
@@ -61,6 +63,9 @@ class MainController extends AbstractController
            $subject = $expressionLanguage->evaluate($subjectRewriteExpression, $user->getAttributes());
        }

+        if ($this->url2fa) {
+            return $this->redirect($this->url2fa.'?loginchallenge='.$challenge.'&identifier='.$subject);
+        }
        $loginAcceptRes = $this->client->acceptLoginRequest($challenge, [
            'subject' => $subject,
            'remember' => true,
Author	SHA1	Message	Date
rudy	6667f44aac	ajout param enabled 2fa, trusted headers Some checks failed Cadoles/hydra-sql/pipeline/head There was a failure building this commit Details	2025-09-19 11:32:11 +02:00
rudy	148f05ef79	Update compose to use Some checks reported errors Cadoles/hydra-sql/pipeline/head Something is wrong with the build of this commit Details	2025-09-18 10:39:18 +02:00