fix login sql : ajout d'un retry sur le login, suppression des options #45
|
@ -32,17 +32,9 @@ class SecurityController extends AbstractController
|
||||||
$loginForm->addError(new FormError($trans->trans('error.login', [], 'messages')));
|
$loginForm->addError(new FormError($trans->trans('error.login', [], 'messages')));
|
||||||
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_LOGIN);
|
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_LOGIN);
|
||||||
}
|
}
|
||||||
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_CONFIGURATION)) {
|
if ($request->getSession()->has(SQLLoginUserAuthenticator::TECHNICAL_ERROR)) {
|
||||||
$loginForm->addError(new FormError($trans->trans('error.configuration', [], 'messages')));
|
$loginForm->addError(new FormError($trans->trans('error.technical', [], 'messages')));
|
||||||
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_CONFIGURATION);
|
$request->getSession()->remove(SQLLoginUserAuthenticator::TECHNICAL_ERROR);
|
||||||
}
|
|
||||||
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_DATA_TO_FETCH_CONFIGURATION)) {
|
|
||||||
$loginForm->addError(new FormError($trans->trans('error.data_to_fetch_configuration', [], 'messages')));
|
|
||||||
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_DATA_TO_FETCH_CONFIGURATION);
|
|
||||||
}
|
|
||||||
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_SECURITY_PATTERN_CONFIGURATION)) {
|
|
||||||
$loginForm->addError(new FormError($trans->trans('error.security_pattern_configuration', [], 'messages')));
|
|
||||||
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_SECURITY_PATTERN_CONFIGURATION);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace App\SQLLogin\Exception;
|
|
||||||
|
|
||||||
use Exception;
|
|
||||||
|
|
||||||
class DatabaseConnectionException extends Exception
|
|
||||||
{
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace App\SQLLogin\Exception;
|
|
||||||
|
|
||||||
use Exception;
|
|
||||||
|
|
||||||
class InvalidSQLLoginAlgoException extends Exception
|
|
||||||
{
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace App\SQLLogin\Exception;
|
|
||||||
|
|
||||||
use Exception;
|
|
||||||
|
|
||||||
class LoginElementsConfigurationException extends Exception
|
|
||||||
{
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
namespace App\SQLLogin\Exception;
|
|
||||||
|
|
||||||
use Exception;
|
|
||||||
|
|
||||||
class NullPasswordColumnNameException extends Exception
|
|
||||||
{
|
|
||||||
}
|
|
|
@ -88,7 +88,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
|
||||||
foreach ($this->securityPattern as $term) {
|
foreach ($this->securityPattern as $term) {
|
||||||
if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
|
if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
|
||||||
$this->loggerInterface->critical('La configuration du security pattern est invalide, les termes autorisés sont : '.self::PASSWORD_PATTERN.', '.self::SALT_PATTERN.' et '.self::PEPPER_PATTERN);
|
$this->loggerInterface->critical('La configuration du security pattern est invalide, les termes autorisés sont : '.self::PASSWORD_PATTERN.', '.self::SALT_PATTERN.' et '.self::PEPPER_PATTERN);
|
||||||
throw new SecurityPatternConfigurationException();
|
throw new SecurityPatternConfigurationException('La configuration du security pattern est invalide, les termes autorisés sont : '.self::PASSWORD_PATTERN.', '.self::SALT_PATTERN.' et '.self::PEPPER_PATTERN);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$completedPlainPassword = '';
|
$completedPlainPassword = '';
|
||||||
|
|
|
@ -10,6 +10,7 @@ use App\SQLLogin\Exception\EmptyResultException;
|
||||||
use App\SQLLogin\Exception\InvalidSQLPasswordException;
|
use App\SQLLogin\Exception\InvalidSQLPasswordException;
|
||||||
use App\SQLLogin\Exception\SecurityPatternConfigurationException;
|
use App\SQLLogin\Exception\SecurityPatternConfigurationException;
|
||||||
use App\SQLLogin\SQLLoginRequest;
|
use App\SQLLogin\SQLLoginRequest;
|
||||||
|
use PDOException;
|
||||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
@ -24,11 +25,7 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
|
||||||
{
|
{
|
||||||
public const LOGIN_ROUTE = 'app_login';
|
public const LOGIN_ROUTE = 'app_login';
|
||||||
public const ERROR_LOGIN = 'error_login';
|
public const ERROR_LOGIN = 'error_login';
|
||||||
public const ERROR_PDO = 'error_pdo';
|
public const TECHNICAL_ERROR = 'technical_error';
|
||||||
public const ERROR_SQL_LOGIN = 'error_sql_login';
|
|
||||||
public const ERROR_CONFIGURATION = 'error_configuration';
|
|
||||||
public const ERROR_DATA_TO_FETCH_CONFIGURATION = 'error_data_to_fetch_configuration';
|
|
||||||
public const ERROR_SECURITY_PATTERN_CONFIGURATION = 'error_security_pattern_configuration';
|
|
||||||
|
|
||||||
private string $baseUrl;
|
private string $baseUrl;
|
||||||
|
|
||||||
|
@ -75,6 +72,14 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
|
||||||
$session = $request->getSession();
|
$session = $request->getSession();
|
||||||
try {
|
try {
|
||||||
$datas = $this->sqlLoginService->fetchPasswordAndDatas($login);
|
$datas = $this->sqlLoginService->fetchPasswordAndDatas($login);
|
||||||
|
} catch (EmptyResultException $e) {
|
||||||
|
$session->set(self::ERROR_LOGIN, true);
|
||||||
|
throw new AuthenticationException();
|
||||||
|
} catch (DataToFetchConfigurationException|PDOException $e) {
|
||||||
|
\Sentry\captureException($e);
|
||||||
|
$session->set(self::TECHNICAL_ERROR, true);
|
||||||
|
throw new AuthenticationException();
|
||||||
|
}
|
||||||
$remoteHashedPassword = $datas[$this->sqlLoginRequest->getPasswordColumnName()];
|
$remoteHashedPassword = $datas[$this->sqlLoginRequest->getPasswordColumnName()];
|
||||||
unset($datas[$this->sqlLoginRequest->getPasswordColumnName()]);
|
unset($datas[$this->sqlLoginRequest->getPasswordColumnName()]);
|
||||||
$remoteSalt = null;
|
$remoteSalt = null;
|
||||||
|
@ -82,20 +87,20 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
|
||||||
$remoteSalt = $datas[$this->sqlLoginRequest->getSaltColumnName()];
|
$remoteSalt = $datas[$this->sqlLoginRequest->getSaltColumnName()];
|
||||||
unset($datas[$this->sqlLoginRequest->getSaltColumnName()]);
|
unset($datas[$this->sqlLoginRequest->getSaltColumnName()]);
|
||||||
}
|
}
|
||||||
} catch (EmptyResultException $e) {
|
|
||||||
$session->set(self::ERROR_LOGIN, true);
|
|
||||||
throw new AuthenticationException();
|
|
||||||
} catch (DataToFetchConfigurationException $e) {
|
|
||||||
$session->set(self::ERROR_DATA_TO_FETCH_CONFIGURATION, true);
|
|
||||||
throw new AuthenticationException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (null === $remoteHashedPassword) {
|
if (null === $remoteHashedPassword) {
|
||||||
$remoteHashedPassword = '';
|
$remoteHashedPassword = '';
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
// Comparaison remote hash et hash du input password + salt
|
// Comparaison remote hash et hash du input password + salt
|
||||||
$this->passwordHasher->verify($remoteHashedPassword, $plaintextPassword, $remoteSalt);
|
$this->passwordHasher->verify($remoteHashedPassword, $plaintextPassword, $remoteSalt);
|
||||||
|
} catch (InvalidSQLPasswordException $e) {
|
||||||
|
$session->set(self::ERROR_LOGIN, true);
|
||||||
|
throw new AuthenticationException();
|
||||||
|
} catch (SecurityPatternConfigurationException $e) {
|
||||||
|
\Sentry\captureException($e);
|
||||||
|
$session->set(self::TECHNICAL_ERROR, true);
|
||||||
|
throw new AuthenticationException();
|
||||||
|
}
|
||||||
$user = new User($login, $remoteHashedPassword, $datas, $rememberMe);
|
$user = new User($login, $remoteHashedPassword, $datas, $rememberMe);
|
||||||
$loader = function (string $userIdentifier) use ($user) {
|
$loader = function (string $userIdentifier) use ($user) {
|
||||||
return $user->getLogin() == $userIdentifier ? $user : null;
|
return $user->getLogin() == $userIdentifier ? $user : null;
|
||||||
|
@ -107,13 +112,6 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
|
||||||
$passport->setAttribute('attributes', $user->getAttributes());
|
$passport->setAttribute('attributes', $user->getAttributes());
|
||||||
|
|
||||||
return $passport;
|
return $passport;
|
||||||
} catch (InvalidSQLPasswordException $e) {
|
|
||||||
$session->set(self::ERROR_LOGIN, true);
|
|
||||||
throw new AuthenticationException();
|
|
||||||
} catch (SecurityPatternConfigurationException $e) {
|
|
||||||
$session->set(self::ERROR_SECURITY_PATTERN_CONFIGURATION, true);
|
|
||||||
throw new AuthenticationException();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getLoginUrl(Request $request): string
|
protected function getLoginUrl(Request $request): string
|
||||||
|
|
|
@ -2,9 +2,7 @@
|
||||||
|
|
||||||
namespace App\Service;
|
namespace App\Service;
|
||||||
|
|
||||||
use App\SQLLogin\Exception\DataToFetchConfigurationException;
|
|
||||||
use App\SQLLogin\Exception\EmptyResultException;
|
use App\SQLLogin\Exception\EmptyResultException;
|
||||||
use App\SQLLogin\Exception\NullDataToFetchException;
|
|
||||||
use App\SQLLogin\SQLLoginConnect;
|
use App\SQLLogin\SQLLoginConnect;
|
||||||
use App\SQLLogin\SQLLoginRequest;
|
use App\SQLLogin\SQLLoginRequest;
|
||||||
use PDO;
|
use PDO;
|
||||||
|
@ -25,12 +23,8 @@ class SQLLoginService extends AbstractController
|
||||||
|
|
||||||
public function fetchPasswordAndDatas(string $login): array
|
public function fetchPasswordAndDatas(string $login): array
|
||||||
{
|
{
|
||||||
try {
|
|
||||||
$dataRequest = $this->sqlLoginRequest->getDatasRequest();
|
$dataRequest = $this->sqlLoginRequest->getDatasRequest();
|
||||||
$datas = $this->executeRequestWithLogin($dataRequest, $login);
|
$datas = $this->executeRequestWithLogin($dataRequest, $login);
|
||||||
} catch (NullDataToFetchException $e) {
|
|
||||||
throw new DataToFetchConfigurationException($e->getMessage());
|
|
||||||
}
|
|
||||||
|
|
||||||
return $datas;
|
return $datas;
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,25 +9,9 @@
|
||||||
<source>error.login</source>
|
<source>error.login</source>
|
||||||
<target>Incorrect login or password</target>
|
<target>Incorrect login or password</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="36t19qm" resname="error.sql_login">
|
<trans-unit id="1QRR4uA" resname="error.technical">
|
||||||
<source>error.sql_login</source>
|
<source>error.technical</source>
|
||||||
<target>Connection to database encountered a problem</target>
|
<target>A technical error happened, try again later</target>
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="lBole_G" resname="error.pdo">
|
|
||||||
<source>error.pdo</source>
|
|
||||||
<target>Connection to database encountered a problem</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="1QRR4uA" resname="error.configuration">
|
|
||||||
<source>error.configuration</source>
|
|
||||||
<target>Identification data references do not exist in the database</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="4EPIhsV" resname="error.data_to_fetch_configuration">
|
|
||||||
<source>error.data_to_fetch_configuration</source>
|
|
||||||
<target>Data references to be transmitted do not exist</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="6iuTNs3" resname="error.security_pattern_configuration">
|
|
||||||
<source>error.security_pattern_configuration</source>
|
|
||||||
<target>The security pattern is not allowed</target>
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -9,25 +9,9 @@
|
||||||
<source>error.login</source>
|
<source>error.login</source>
|
||||||
<target>Login ou mot de passe inconnu</target>
|
<target>Login ou mot de passe inconnu</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="36t19qm" resname="error.sql_login">
|
<trans-unit id="1QRR4uA" resname="error.technical">
|
||||||
<source>error.sql_login</source>
|
<source>error.technical</source>
|
||||||
<target>La connexion à la base de données a rencontré un problème</target>
|
<target>Une erreur technique s'est produite, rééssayez plus tard</target>
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="lBole_G" resname="error.pdo">
|
|
||||||
<source>error.pdo</source>
|
|
||||||
<target>La connexion à la base de données a rencontré un problème</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="1QRR4uA" resname="error.configuration">
|
|
||||||
<source>error.configuration</source>
|
|
||||||
<target>Les références de données d'identification n'existent pas dans la base de données</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="4EPIhsV" resname="error.data_to_fetch_configuration">
|
|
||||||
<source>error.data_to_fetch_configuration</source>
|
|
||||||
<target>Les références de données à transmettre n'existent pas</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="6iuTNs3" resname="error.security_pattern_configuration">
|
|
||||||
<source>error.security_pattern_configuration</source>
|
|
||||||
<target>Le patron de sécurité n'est pas autorisé</target>
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
Loading…
Reference in New Issue