Cadoles/hydra-sql
22
0
Fork 0
Code Issues 5 Pull Requests 3 Projects Releases Wiki Activity

Compare commits

base: Cadoles:poc-2fa
Branches Tags
Cadoles:develop Cadoles:frankenphp Cadoles:poc-2fa Cadoles:issue-14318 Cadoles:issue-4707 Cadoles:issue-mse-4332 Cadoles:issue-39 Cadoles:redis-prefix-ttl Cadoles:issue-14 Cadoles:issue-16 Cadoles:master Cadoles:staging
Cadoles:v01
..
compare: Cadoles:201172689806bb55162654550b161641a70ed273
Branches Tags
Cadoles:frankenphp Cadoles:poc-2fa Cadoles:develop Cadoles:issue-14318 Cadoles:issue-4707 Cadoles:issue-mse-4332 Cadoles:issue-39 Cadoles:redis-prefix-ttl Cadoles:issue-14 Cadoles:issue-16 Cadoles:master Cadoles:staging
Cadoles:v01

1 Commits
poc-2fa ... 2011726898

Author SHA1 Message Date
Gauthier DUPONT
2011726898 chore(symfony) #57 : bump symfony to version 6.4 and fix deprecations
Some checks failed
Cadoles/hydra-sql/pipeline/pr-develop There was a failure building this commit
Details
2025-07-16 14:14:41 +02:00
12 changed files with 38 additions and 136 deletions
Expand all files Collapse all files

9
.env
View File

@@ -14,7 +14,7 @@
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration # https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
###> symfony/framework-bundle ### ###> symfony/framework-bundle ###
APP_ENV=dev APP_ENV=prod
APP_SECRET=406ccaa0c76a451fdcc2307ea146cbef APP_SECRET=406ccaa0c76a451fdcc2307ea146cbef
URL_LINK="http://localhost" URL_LINK="http://localhost"
@@ -25,7 +25,7 @@ DB_USER="lasql"
DB_PASSWORD="lasql" DB_PASSWORD="lasql"
ISSUER_URL="http://localhost:8000" ISSUER_URL="http://localhost:8000"
BASE_URL='http://localhost:8083' BASE_URL='http://localhost:8080'
# connexion hydra # connexion hydra
HYDRA_ADMIN_BASE_URL='http://hydra:4445' HYDRA_ADMIN_BASE_URL='http://hydra:4445'
APP_LOCALES="fr,en" APP_LOCALES="fr,en"
@@ -43,7 +43,4 @@ ALTCHA_DEBUG=false
ALTCHA_WORKERS=8 ALTCHA_WORKERS=8
ALTCHA_DELAY=100 ALTCHA_DELAY=100
ALTCHA_MOCK_ERROR=false ALTCHA_MOCK_ERROR=false
ALTCHA_ENABLED=false ALTCHA_ENABLED=true
ENABLED_2FA=true
URL_2FA=http://localhost:8084/2fa

2
Jenkinsfile vendored
View File

@@ -4,7 +4,7 @@
// Utilisation du pipeline partagé pour les applications Symfony de Cadoles // Utilisation du pipeline partagé pour les applications Symfony de Cadoles
// Le nom de l'image Docker passée en paramètre vous permet de préciser l'environnement de test // Le nom de l'image Docker passée en paramètre vous permet de préciser l'environnement de test
// de votre application Symfony // de votre application Symfony
symfonyAppPipeline('ubuntu:25.04', [ symfonyAppPipeline('ubuntu:24.04', [
'hooks': [ 'hooks': [
// Run docker image build, verification and publication stages // Run docker image build, verification and publication stages
'postSymfonyAppPipeline': { 'postSymfonyAppPipeline': {

84
compose.yml
View File

@@ -1,26 +1,4 @@
services: services:
hydra-dispatcher:
image: reg.cadoles.com/cadoles/hydra-dispatcher-standalone:2025.9.2-develop.1152.3cd1c49
ports:
- 8082:80
environment:
- APP_ENV=prod
- APP_DEBUG=false
- PHP_FPM_MEMORY_LIMIT=256m
- CADDY_HTTP_PORT=80
- HYDRA_ADMIN_BASE_URL=http://hydra:4445
- HYDRA_BASE_URL=http://hydra:4444
- HYDRA_REWRITE_ISSUER=yes
- HYDRA_ORIGINAL_ISSUER=http://localhost:8081
- HYDRA_NEW_ISSUER=http://localhost:8082
- DEFAULT_LOCALE=fr
- DISABLE_APP_AUTO_SELECT=false
- APP_LOCALES=fr,en
- HYDRA_ADMIN_AUTHORIZED_HOSTS=10.0.0.0/8,172.16.0.0/12,172.19.0.0/12,192.168.0.0/16
- REDIS_DSN=redis://redis:6379
- TRUSTED_PROXIES=REMOTE_ADDR
volumes:
- ./misc/compose/dispatcher/:/app/config/hydra/
hydra-sql: hydra-sql:
build: build:
context: . context: .
@@ -34,7 +12,7 @@ services:
- http_proxy=${http_proxy} - http_proxy=${http_proxy}
- https_proxy=${https_proxy} - https_proxy=${https_proxy}
ports: ports:
- 8083:8071 - 8082:8071
tmpfs: tmpfs:
- /var/www/var/logs:uid=${FIXUID:-1000},gid=${FIXGID:-1000} - /var/www/var/logs:uid=${FIXUID:-1000},gid=${FIXGID:-1000}
- /var/www/var/cache:uid=${FIXUID:-1000},gid=${FIXGID:-1000} - /var/www/var/cache:uid=${FIXUID:-1000},gid=${FIXGID:-1000}
@@ -44,7 +22,6 @@ services:
- hydra - hydra
depends_on: depends_on:
- redis - redis
- hydra-dispatcher
extra_hosts: extra_hosts:
- "localhost:127.0.0.1" - "localhost:127.0.0.1"
- "localhost:host-gateway" - "localhost:host-gateway"
@@ -71,10 +48,10 @@ services:
- APP_ENV=dev - APP_ENV=dev
- PHP_FPM_MEMORY_LIMIT=128m - PHP_FPM_MEMORY_LIMIT=128m
- APP_LOCALES=fr,en - APP_LOCALES=fr,en
- HYDRA_ADMIN_BASE_URL=http://hydra-dispatcher - HYDRA_ADMIN_BASE_URL=http://hydra:4445
- TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR,localhost - TRUSTED_PROXIES=127.0.0.1,REMOTE_ADDR,localhost
- ISSUER_URL=http://localhost:8000 - ISSUER_URL=http://localhost:8000
- BASE_URL=http://localhost:8083 - BASE_URL=http://localhost:8082
- DB_USER=lasql - DB_USER=lasql
- DB_PASSWORD=lasql - DB_PASSWORD=lasql
- DEFAULT_LOCALE=fr - DEFAULT_LOCALE=fr
@@ -82,8 +59,7 @@ services:
- HASH_ALGO_LEGACY="sha256" - HASH_ALGO_LEGACY="sha256"
- SECURITY_PATTERN=password,salt,pepper - SECURITY_PATTERN=password,salt,pepper
- CADDY_HTTP_PORT=8071 - CADDY_HTTP_PORT=8071
- ENABLED_2FA=true
- URL_2FA=http://localhost:8084/2fa
oidc-test: oidc-test:
image: bornholm/oidc-test:v0.0.0-1-g936a77e image: bornholm/oidc-test:v0.0.0-1-g936a77e
environment: environment:
@@ -109,8 +85,8 @@ services:
- HYDRA_ALLOW_INSECURE=yes - HYDRA_ALLOW_INSECURE=yes
- HYDRA_URLS_SELF_ISSUER=http://localhost:8081/ - HYDRA_URLS_SELF_ISSUER=http://localhost:8081/
- HYDRA_URLS_LOGOUT=http://localhost:8082/logout - HYDRA_URLS_LOGOUT=http://localhost:8082/logout
- HYDRA_URLS_LOGIN=http://localhost:8082/login - HYDRA_URLS_LOGIN=http://localhost:8082/
- HYDRA_URLS_CONSENT=http://localhost:8082/consent - HYDRA_URLS_CONSENT=http://localhost:8082/connect/consent
- HYDRA_URLS_ERROR=http://localhost:8082/error - HYDRA_URLS_ERROR=http://localhost:8082/error
- HYDRA_LEVEL=debug - HYDRA_LEVEL=debug
- HYDRA_DSN=postgres://lasql:lasql@postgres:5432/hydra - HYDRA_DSN=postgres://lasql:lasql@postgres:5432/hydra
@@ -128,7 +104,7 @@ services:
"wget", "wget",
"--spider", "--spider",
"-q", "-q",
"http://localhost:4444/.well-known/openid-configuration", "http://127.0.0.1:4444/.well-known/openid-configuration",
] ]
interval: 10s interval: 10s
timeout: 10s timeout: 10s
@@ -148,17 +124,17 @@ services:
- postgres:/var/lib/pgsql/data - postgres:/var/lib/pgsql/data
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
# pgadmin: pgadmin:
# image: dpage/pgadmin4 image: dpage/pgadmin4
# ports: ports:
# - 8085:80 - 8085:80
# restart: always restart: always
# environment: environment:
# PGADMIN_DEFAULT_EMAIL: admin@admin.com PGADMIN_DEFAULT_EMAIL: admin@admin.com
# PGADMIN_DEFAULT_PASSWORD: admin PGADMIN_DEFAULT_PASSWORD: admin
# PGADMIN_SERVER_JSON_FILE: /pgadminfile/server.json PGADMIN_SERVER_JSON_FILE: /pgadminfile/server.json
# volumes: volumes:
# - ./misc/compose/pgadmin:/pgadminfile/:ro - ./misc/compose/pgadmin:/pgadminfile/:ro
mariadb: mariadb:
image: mariadb:10.10 image: mariadb:10.10
environment: environment:
@@ -182,30 +158,6 @@ services:
image: reg.cadoles.com/cadoles/altcha:2024.10.29-develop.1213.22e038b image: reg.cadoles.com/cadoles/altcha:2024.10.29-develop.1213.22e038b
environment: environment:
ALTCHA_HMAC_KEY: 'change_me' ALTCHA_HMAC_KEY: 'change_me'
hydra-2fa:
build:
context: ../hydra-2fa # Répertoire du sous-projet
dockerfile: Dockerfile
volumes:
- ../hydra-2fa:/app # Montage pour synchronisation en temps réel (ajuste si le WORKDIR change)
environment:
- APP_ENV=dev
- APP_DEBUG=1 # Pour mode debug en dev
- CADDY_GLOBAL_OPTIONS=debug # Activer le mode debug
ports:
- "8084:80" # Mappe le port 80 du conteneur sur 8081 de l'hôte
depends_on:
- postgres # Si tu utilises la DB partagée
# pgweb:
# container_name: pgweb
# restart: always
# image: sosedoff/pgweb
# ports:
# - "8085:8081"
# environment:
# - PGWEB_DATABASE_URL=postgres://lasql:lasql@postgres:5432/lasql?sslmode=disable
# depends_on:
# - postgres
volumes: volumes:
postgres: postgres:
mariadb: mariadb:

4
composer.json
View File

@@ -26,6 +26,7 @@
"symfony/translation": "6.4.*", "symfony/translation": "6.4.*",
"symfony/twig-bundle": "6.4.*", "symfony/twig-bundle": "6.4.*",
"symfony/validator": "6.4.*", "symfony/validator": "6.4.*",
"symfony/web-profiler-bundle": "6.4.*",
"symfony/webpack-encore-bundle": "^1.16", "symfony/webpack-encore-bundle": "^1.16",
"symfony/yaml": "6.4.*" "symfony/yaml": "6.4.*"
}, },
@@ -80,7 +81,6 @@
}, },
"require-dev": { "require-dev": {
"rector/rector": "^2.1", "rector/rector": "^2.1",
"symfony/debug-bundle": "6.4.*", "symfony/debug-bundle": "6.4.*"
"symfony/web-profiler-bundle": "6.4.*"
} }
} }

9
config/packages/framework.yaml
View File

@@ -29,14 +29,7 @@ framework:
php_errors: php_errors:
log: true log: true
error_controller: App\Controller\CustomErrorController::show error_controller: App\Controller\CustomErrorController::show
trusted_headers:
[
"x-forwarded-for",
"x-forwarded-host",
"x-forwarded-proto",
"x-forwarded-port",
"x-forwarded-prefix",
]
when@test: when@test:
framework: framework:
test: true test: true

5
config/services.yaml
View File

@@ -51,10 +51,7 @@ services:
App\Hydra\HydraService: App\Hydra\HydraService:
arguments: arguments:
$baseUrl: '%base_url%' $baseUrl: '%base_url%'
App\Controller\MainController:
arguments:
$url2fa: '%env(string:URL_2FA)%'
$enabled2fa: '%env(bool:ENABLED_2FA)%'
App\SQLLogin\SQLLoginRequest: App\SQLLogin\SQLLoginRequest:
arguments: arguments:
$config: [] $config: []

33
misc/compose/dispatcher/example.yml
View File

@@ -1,33 +0,0 @@
hydra:
apps:
- id: hydra-sql
title:
fr: Hydra Sql
en: Hydra Sql En
description:
fr: Authentification via adresse courriel
en: Authentication by email address
icon_url: http://placehold.jp/84x123.png
login_url: http://localhost:8083/login
consent_url: http://localhost:8083/consent
options:
text_libre:
fr: "Connexion avec mot de passe"
en: "Login with password"
logout_url: http://localhost:8083/logout
attributes_rewrite_configuration:
mail:
replace: email
rules:
- "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
webhook:
enabled: false
api_url: http://hydra-dispatcher/test
api_key: ~
api_method: POST
webhook_post_login:
enabled: false
api_url: http://hydra-dispatcher/test
api_key: ~
api_method: POST
connected_user_redirect_url: '/'

4
misc/images/hydra-sql-base/Dockerfile
View File

@@ -1,5 +1,5 @@
ARG NODE_OPTIONS="--openssl-legacy-provider" \ ARG NODE_OPTIONS="--openssl-legacy-provider" \
PHP_PKG_VERSION="8.4.11-r0" \ PHP_PKG_VERSION="8.4.5-r0" \
ENCORE_MODE="production" \ ENCORE_MODE="production" \
APP_ENV="prod" \ APP_ENV="prod" \
BASE_PATH="" \ BASE_PATH="" \
@@ -20,4 +20,4 @@ ARG NODE_OPTIONS="--openssl-legacy-provider" \
BASE_PATH=${BASE_PATH} \ BASE_PATH=${BASE_PATH} \
APP_LOCALES=${APP_LOCALES}" APP_LOCALES=${APP_LOCALES}"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-base-2025.9.1-stable.1652.6889275 FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-base-2025.6.12-stable.1038.48ea3b9

4
misc/images/hydra-sql-standalone/Dockerfile
View File

@@ -1,5 +1,5 @@
ARG NODE_OPTIONS="--openssl-legacy-provider" \ ARG NODE_OPTIONS="--openssl-legacy-provider" \
PHP_PKG_VERSION="8.4.11-r0" \ PHP_PKG_VERSION="8.4.5-r0" \
ENCORE_MODE="production" \ ENCORE_MODE="production" \
APP_ENV="prod" \ APP_ENV="prod" \
BASE_PATH="" \ BASE_PATH="" \
@@ -20,5 +20,5 @@ ARG NODE_OPTIONS="--openssl-legacy-provider" \
BASE_PATH=${BASE_PATH} \ BASE_PATH=${BASE_PATH} \
APP_LOCALES=${APP_LOCALES}" APP_LOCALES=${APP_LOCALES}"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-standalone-2025.9.1-stable.1652.6889275 FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-standalone-2025.6.12-stable.1038.48ea3b9
USER www-data USER www-data

11
src/Controller/MainController.php
View File

@@ -20,10 +20,8 @@ class MainController extends AbstractController
public function __construct( public function __construct(
private readonly RequestStack $requestStack, private readonly RequestStack $requestStack,
private readonly HydraService $hydra, private readonly HydraService $hydra,
private readonly Client $client, private readonly Client $client
private readonly string $url2fa, ){
private readonly bool $enabled2fa
) {
} }
#[Route('/', name: 'app_home')] #[Route('/', name: 'app_home')]
@@ -63,9 +61,6 @@ class MainController extends AbstractController
$subject = $expressionLanguage->evaluate($subjectRewriteExpression, $user->getAttributes()); $subject = $expressionLanguage->evaluate($subjectRewriteExpression, $user->getAttributes());
} }
if ($this->url2fa) {
return $this->redirect($this->url2fa.'?loginchallenge='.$challenge.'&identifier='.$subject);
}
$loginAcceptRes = $this->client->acceptLoginRequest($challenge, [ $loginAcceptRes = $this->client->acceptLoginRequest($challenge, [
'subject' => $subject, 'subject' => $subject,
'remember' => true, 'remember' => true,
@@ -75,7 +70,7 @@ class MainController extends AbstractController
} }
#[Route('/connect/consent', name: 'app_consent')] #[Route('/connect/consent', name: 'app_consent')]
public function consent(Request $request): Response public function consent(Request $request): RedirectResponse
{ {
return $this->hydra->handleConsentRequest($request); return $this->hydra->handleConsentRequest($request);
} }

8
src/Security/SQLLoginUserAuthenticator.php
View File

@@ -32,7 +32,7 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
private readonly SQLLoginService $sqlLoginService, private readonly SQLLoginService $sqlLoginService,
private readonly PasswordEncoder $passwordHasher, private readonly PasswordEncoder $passwordHasher,
private readonly SQLLoginRequest $sqlLoginRequest private readonly SQLLoginRequest $sqlLoginRequest
) { ){
} }
/** /**
@@ -60,7 +60,7 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
public function authenticate(Request $request): SelfValidatingPassport public function authenticate(Request $request): SelfValidatingPassport
{ {
$form = $request->request->all(key: 'login'); $form = $request->request->all(key: 'login');
$login = \strtolower($form['login']); $login = $form['login'];
$plaintextPassword = $form['password']; $plaintextPassword = $form['password'];
$session = $request->getSession(); $session = $request->getSession();
try { try {
@@ -101,10 +101,10 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
if ($user->getLogin() !== $userIdentifier) { if ($user->getLogin() !== $userIdentifier) {
throw new UserNotFoundException(sprintf('User "%s" not found.', $userIdentifier)); throw new UserNotFoundException(sprintf('User "%s" not found.', $userIdentifier));
} }
return $user; return $user;
}; };
$passport = new SelfValidatingPassport(new UserBadge($login, $loader)); $passport = new SelfValidatingPassport(new UserBadge($login, $loader));
$passport->setAttribute('attributes', $user->getAttributes()); $passport->setAttribute('attributes', $user->getAttributes());

1
src/Service/SQLLoginService.php
View File

@@ -28,6 +28,7 @@ class SQLLoginService extends AbstractController
public function fetchPasswordAndDatas(string $login): array public function fetchPasswordAndDatas(string $login): array
{ {
$dataRequest = $this->sqlLoginRequest->getDatasRequest(); $dataRequest = $this->sqlLoginRequest->getDatasRequest();
$login = \strtolower($login);
$datas = $this->executeRequestWithLogin($dataRequest, $login); $datas = $this->executeRequestWithLogin($dataRequest, $login);
return $datas; return $datas;