chore(login) #14318 : rework redirects during authentication flow

.env

@@ -14,7 +14,7 @@
 # https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
 
 ###> symfony/framework-bundle ###
-APP_ENV=dev
+APP_ENV=prod
 APP_SECRET=406ccaa0c76a451fdcc2307ea146cbef
 URL_LINK="http://localhost"
 
@@ -44,5 +44,3 @@ ALTCHA_WORKERS=8
 ALTCHA_DELAY=100
 ALTCHA_MOCK_ERROR=false
 ALTCHA_ENABLED=true
-
-ENABLED_2FA=true

compose.yml

@@ -59,6 +59,7 @@ services:
       - HASH_ALGO_LEGACY="sha256"
       - SECURITY_PATTERN=password,salt,pepper
       - CADDY_HTTP_PORT=8071
+
   oidc-test:
     image: bornholm/oidc-test:v0.0.0-1-g936a77e
     environment:
@@ -157,19 +158,6 @@ services:
     image: reg.cadoles.com/cadoles/altcha:2024.10.29-develop.1213.22e038b
     environment:
       ALTCHA_HMAC_KEY: 'change_me'
-  hydra-2fa:
-      build:
-        context: ../hydra-2fa  # Répertoire du sous-projet
-        dockerfile: Dockerfile
-      volumes:
-        - ../hydra-2fa:/app  # Montage pour synchronisation en temps réel (ajuste si le WORKDIR change)
-      environment:
-        - APP_ENV=dev
-        - APP_DEBUG=1  # Pour mode debug en dev
-      ports:
-        - "8070:80"  # Mappe le port 80 du conteneur sur 8081 de l'hôte
-      depends_on:
-        - mariadb  # Si tu utilises la DB partagée  
 volumes:
   postgres:
   mariadb:

config/services.yaml

@@ -51,9 +51,7 @@ services:
     App\Hydra\HydraService:
         arguments:
             $baseUrl: '%base_url%'
-    App\Controller\MainController:
-        arguments:
-            $enabled2fa: '%env(bool:ENABLED_2FA)%'
+
     App\SQLLogin\SQLLoginRequest:
         arguments:
             $config: []

misc/images/hydra-sql-base/Dockerfile

@@ -1,5 +1,5 @@
 ARG NODE_OPTIONS="--openssl-legacy-provider" \
-    PHP_PKG_VERSION="8.4.11-r0" \
+    PHP_PKG_VERSION="8.4.5-r0" \
     ENCORE_MODE="production" \
     APP_ENV="prod" \
     BASE_PATH="" \
@@ -20,4 +20,4 @@ ARG NODE_OPTIONS="--openssl-legacy-provider" \
         BASE_PATH=${BASE_PATH} \
         APP_LOCALES=${APP_LOCALES}"
 
-FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-base-2025.9.1-stable.1652.6889275
+FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-base-2025.6.12-stable.1038.48ea3b9

misc/images/hydra-sql-standalone/Dockerfile

@@ -1,5 +1,5 @@
 ARG NODE_OPTIONS="--openssl-legacy-provider" \
-    PHP_PKG_VERSION="8.4.11-r0" \
+    PHP_PKG_VERSION="8.4.5-r0" \
     ENCORE_MODE="production" \
     APP_ENV="prod" \
     BASE_PATH="" \
@@ -20,5 +20,5 @@ ARG NODE_OPTIONS="--openssl-legacy-provider" \
         BASE_PATH=${BASE_PATH} \
         APP_LOCALES=${APP_LOCALES}"
 
-FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-standalone-2025.9.1-stable.1652.6889275
+FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-standalone-2025.6.12-stable.1038.48ea3b9
 USER www-data

src/Controller/MainController.php

@@ -21,8 +21,8 @@ class MainController extends AbstractController
         private readonly RequestStack $requestStack,
         private readonly HydraService $hydra,
         private readonly Client $client,
-        private readonly bool $enabled2fa
-    ) {
+        private readonly SQLLoginRequest $sqlLoginRequest
+    ){
     }
 
     #[Route('/', name: 'app_home')]
@@ -41,10 +41,8 @@ class MainController extends AbstractController
     }
 
     #[Route('/connect/login-accept', name: 'app_login_accept', methods: ['GET'])]
-    public function loginAccept(SQLLoginRequest $sqlLoginRequest): RedirectResponse
+    public function loginAccept(): RedirectResponse
     {
-        dd($this->enabled2fa);
-
         $user = $this->getUser();
 
         if (!$user instanceof User) {
@@ -57,7 +55,7 @@ class MainController extends AbstractController
 
         $subject = $user->getLogin();
 
-        $subjectRewriteExpression = $sqlLoginRequest->getSubjectRewriteExpression();
+        $subjectRewriteExpression = $this->sqlLoginRequest->getSubjectRewriteExpression();
         if (null != $subjectRewriteExpression) {
             $expressionLanguage = new ExpressionLanguage();
 

src/Hydra/HydraService.php

@@ -39,7 +39,7 @@ class HydraService extends AbstractController
         // si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
         $this->requestStack->getSession()->set('challenge', $loginRequestInfo['challenge']);
 
-        return new RedirectResponse($this->baseUrl.'/connect/login-accept');
+        return new RedirectResponse($this->baseUrl.'/login');
     }
 
     public function handleConsentRequest(Request $request): RedirectResponse