chore(login) #14318 : rework redirects during authentication flow

2025-08-26 16:39:27 +02:00
7 changed files with 12 additions and 30 deletions
--- a/.env
+++ b/.env
@@ -14,7 +14,7 @@
 # https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration

 ###> symfony/framework-bundle ###
-APP_ENV=dev
+APP_ENV=prod
 APP_SECRET=406ccaa0c76a451fdcc2307ea146cbef
 URL_LINK="http://localhost"

@@ -44,5 +44,3 @@ ALTCHA_WORKERS=8
 ALTCHA_DELAY=100
 ALTCHA_MOCK_ERROR=false
 ALTCHA_ENABLED=true
-
-ENABLED_2FA=true
--- a/compose.yml
+++ b/compose.yml
@@ -59,6 +59,7 @@ services:
      - HASH_ALGO_LEGACY="sha256"
      - SECURITY_PATTERN=password,salt,pepper
      - CADDY_HTTP_PORT=8071
+
  oidc-test:
    image: bornholm/oidc-test:v0.0.0-1-g936a77e
    environment:
@@ -157,19 +158,6 @@ services:
    image: reg.cadoles.com/cadoles/altcha:2024.10.29-develop.1213.22e038b
    environment:
      ALTCHA_HMAC_KEY: 'change_me'
-  hydra-2fa:
-      build:
-        context: ../hydra-2fa  # Répertoire du sous-projet
-        dockerfile: Dockerfile
-      volumes:
-        - ../hydra-2fa:/app  # Montage pour synchronisation en temps réel (ajuste si le WORKDIR change)
-      environment:
-        - APP_ENV=dev
-        - APP_DEBUG=1  # Pour mode debug en dev
-      ports:
-        - "8070:80"  # Mappe le port 80 du conteneur sur 8081 de l'hôte
-      depends_on:
-        - mariadb  # Si tu utilises la DB partagée  
 volumes:
  postgres:
  mariadb:
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -51,9 +51,7 @@ services:
    App\Hydra\HydraService:
        arguments:
            $baseUrl: '%base_url%'
-    App\Controller\MainController:
-        arguments:
-            $enabled2fa: '%env(bool:ENABLED_2FA)%'
+
    App\SQLLogin\SQLLoginRequest:
        arguments:
            $config: []
--- a/misc/images/hydra-sql-base/Dockerfile
+++ b/misc/images/hydra-sql-base/Dockerfile
@@ -1,5 +1,5 @@
 ARG NODE_OPTIONS="--openssl-legacy-provider" \
-    PHP_PKG_VERSION="8.4.11-r0" \
+    PHP_PKG_VERSION="8.4.5-r0" \
    ENCORE_MODE="production" \
    APP_ENV="prod" \
    BASE_PATH="" \
@@ -20,4 +20,4 @@ ARG NODE_OPTIONS="--openssl-legacy-provider" \
        BASE_PATH=${BASE_PATH} \
        APP_LOCALES=${APP_LOCALES}"

-FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-base-2025.9.1-stable.1652.6889275
+FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-base-2025.6.12-stable.1038.48ea3b9
--- a/misc/images/hydra-sql-standalone/Dockerfile
+++ b/misc/images/hydra-sql-standalone/Dockerfile
@@ -1,5 +1,5 @@
 ARG NODE_OPTIONS="--openssl-legacy-provider" \
-    PHP_PKG_VERSION="8.4.11-r0" \
+    PHP_PKG_VERSION="8.4.5-r0" \
    ENCORE_MODE="production" \
    APP_ENV="prod" \
    BASE_PATH="" \
@@ -20,5 +20,5 @@ ARG NODE_OPTIONS="--openssl-legacy-provider" \
        BASE_PATH=${BASE_PATH} \
        APP_LOCALES=${APP_LOCALES}"

-FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-standalone-2025.9.1-stable.1652.6889275
+FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.4-standalone-2025.6.12-stable.1038.48ea3b9
 USER www-data
--- a/src/Controller/MainController.php
+++ b/src/Controller/MainController.php
@@ -21,7 +21,7 @@ class MainController extends AbstractController
        private readonly RequestStack $requestStack,
        private readonly HydraService $hydra,
        private readonly Client $client,
-        private readonly bool $enabled2fa
+        private readonly SQLLoginRequest $sqlLoginRequest
    ){
    }

@@ -41,10 +41,8 @@ class MainController extends AbstractController
    }

    #[Route('/connect/login-accept', name: 'app_login_accept', methods: ['GET'])]
-    public function loginAccept(SQLLoginRequest $sqlLoginRequest): RedirectResponse
+    public function loginAccept(): RedirectResponse
    {
-        dd($this->enabled2fa);
-
        $user = $this->getUser();

        if (!$user instanceof User) {
@@ -57,7 +55,7 @@ class MainController extends AbstractController

        $subject = $user->getLogin();

-        $subjectRewriteExpression = $sqlLoginRequest->getSubjectRewriteExpression();
+        $subjectRewriteExpression = $this->sqlLoginRequest->getSubjectRewriteExpression();
        if (null != $subjectRewriteExpression) {
            $expressionLanguage = new ExpressionLanguage();

--- a/src/Hydra/HydraService.php
+++ b/src/Hydra/HydraService.php
@@ -39,7 +39,7 @@ class HydraService extends AbstractController
        // si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
        $this->requestStack->getSession()->set('challenge', $loginRequestInfo['challenge']);

-        return new RedirectResponse($this->baseUrl.'/connect/login-accept');
+        return new RedirectResponse($this->baseUrl.'/login');
    }

    public function handleConsentRequest(Request $request): RedirectResponse