Cadoles
/
hydra-sql
21
0
Fork 0
Code Issues 4 Pull Requests 1 Projects Releases Wiki Activity

fix login sql : ajout d'un retry sur le login, suppression des options #45

Merged
mlamalle merged 4 commits from retour-43 into develop 2024-10-14 10:40:14 +02:00
Conversation 15 Commits 4 Files Changed 12 +37 -121
10 changed files with 37 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 999e708ff7 - Show all commits

14
src/Controller/SecurityController.php
View File

@ -32,17 +32,9 @@ class SecurityController extends AbstractController
$loginForm->addError(new FormError($trans->trans('error.login', [], 'messages'))); $loginForm->addError(new FormError($trans->trans('error.login', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_LOGIN); $request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_LOGIN);
} }
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_CONFIGURATION)) { if ($request->getSession()->has(SQLLoginUserAuthenticator::TECHNICAL_ERROR)) {
$loginForm->addError(new FormError($trans->trans('error.configuration', [], 'messages'))); $loginForm->addError(new FormError($trans->trans('error.technical', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_CONFIGURATION); $request->getSession()->remove(SQLLoginUserAuthenticator::TECHNICAL_ERROR);
}
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_DATA_TO_FETCH_CONFIGURATION)) {
$loginForm->addError(new FormError($trans->trans('error.data_to_fetch_configuration', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_DATA_TO_FETCH_CONFIGURATION);
}
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_SECURITY_PATTERN_CONFIGURATION)) {
$loginForm->addError(new FormError($trans->trans('error.security_pattern_configuration', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_SECURITY_PATTERN_CONFIGURATION);
} }
} }

9
src/SQLLogin/Exception/DatabaseConnectionException.php
View File

@ -1,9 +0,0 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class DatabaseConnectionException extends Exception
{
}

9
src/SQLLogin/Exception/InvalidSQLLoginAlgoException.php
View File

@ -1,9 +0,0 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class InvalidSQLLoginAlgoException extends Exception
{
}

9
src/SQLLogin/Exception/LoginElementsConfigurationException.php
View File

@ -1,9 +0,0 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class LoginElementsConfigurationException extends Exception
{
}

9
src/SQLLogin/Exception/NullPasswordColumnNameException.php
View File

@ -1,9 +0,0 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class NullPasswordColumnNameException extends Exception
{
}

2
src/Security/Hasher/PasswordEncoder.php
View File

@ -88,7 +88,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
foreach ($this->securityPattern as $term) { foreach ($this->securityPattern as $term) {
if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) { if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
$this->loggerInterface->critical('La configuration du security pattern est invalide, les termes autorisés sont : '.self::PASSWORD_PATTERN.', '.self::SALT_PATTERN.' et '.self::PEPPER_PATTERN); $this->loggerInterface->critical('La configuration du security pattern est invalide, les termes autorisés sont : '.self::PASSWORD_PATTERN.', '.self::SALT_PATTERN.' et '.self::PEPPER_PATTERN);
throw new SecurityPatternConfigurationException(); throw new SecurityPatternConfigurationException('La configuration du security pattern est invalide, les termes autorisés sont : '.self::PASSWORD_PATTERN.', '.self::SALT_PATTERN.' et '.self::PEPPER_PATTERN);
} }
} }
$completedPlainPassword = ''; $completedPlainPassword = '';

38
src/Security/SQLLoginUserAuthenticator.php
View File

@ -10,6 +10,7 @@ use App\SQLLogin\Exception\EmptyResultException;
use App\SQLLogin\Exception\InvalidSQLPasswordException; use App\SQLLogin\Exception\InvalidSQLPasswordException;
use App\SQLLogin\Exception\SecurityPatternConfigurationException; use App\SQLLogin\Exception\SecurityPatternConfigurationException;
use App\SQLLogin\SQLLoginRequest; use App\SQLLogin\SQLLoginRequest;
use PDOException;
use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@ -24,11 +25,7 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
{ {
public const LOGIN_ROUTE = 'app_login'; public const LOGIN_ROUTE = 'app_login';
public const ERROR_LOGIN = 'error_login'; public const ERROR_LOGIN = 'error_login';
public const ERROR_PDO = 'error_pdo'; public const TECHNICAL_ERROR = 'technical_error';
public const ERROR_SQL_LOGIN = 'error_sql_login';
public const ERROR_CONFIGURATION = 'error_configuration';
public const ERROR_DATA_TO_FETCH_CONFIGURATION = 'error_data_to_fetch_configuration';
public const ERROR_SECURITY_PATTERN_CONFIGURATION = 'error_security_pattern_configuration';
private string $baseUrl; private string $baseUrl;
@ -75,6 +72,14 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
$session = $request->getSession(); $session = $request->getSession();
try { try {
$datas = $this->sqlLoginService->fetchPasswordAndDatas($login); $datas = $this->sqlLoginService->fetchPasswordAndDatas($login);
} catch (EmptyResultException $e) {
$session->set(self::ERROR_LOGIN, true);
throw new AuthenticationException();
} catch (DataToFetchConfigurationException|PDOException $e) {
\Sentry\captureException($e);
$session->set(self::TECHNICAL_ERROR, true);
throw new AuthenticationException();
}
$remoteHashedPassword = $datas[$this->sqlLoginRequest->getPasswordColumnName()]; $remoteHashedPassword = $datas[$this->sqlLoginRequest->getPasswordColumnName()];
unset($datas[$this->sqlLoginRequest->getPasswordColumnName()]); unset($datas[$this->sqlLoginRequest->getPasswordColumnName()]);
$remoteSalt = null; $remoteSalt = null;
@ -82,20 +87,20 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
$remoteSalt = $datas[$this->sqlLoginRequest->getSaltColumnName()]; $remoteSalt = $datas[$this->sqlLoginRequest->getSaltColumnName()];
unset($datas[$this->sqlLoginRequest->getSaltColumnName()]); unset($datas[$this->sqlLoginRequest->getSaltColumnName()]);
} }
} catch (EmptyResultException $e) {
$session->set(self::ERROR_LOGIN, true);
throw new AuthenticationException();
} catch (DataToFetchConfigurationException $e) {
$session->set(self::ERROR_DATA_TO_FETCH_CONFIGURATION, true);
throw new AuthenticationException();
}
if (null === $remoteHashedPassword) { if (null === $remoteHashedPassword) {
$remoteHashedPassword = ''; $remoteHashedPassword = '';
} }
try { try {
// Comparaison remote hash et hash du input password + salt // Comparaison remote hash et hash du input password + salt
$this->passwordHasher->verify($remoteHashedPassword, $plaintextPassword, $remoteSalt); $this->passwordHasher->verify($remoteHashedPassword, $plaintextPassword, $remoteSalt);
} catch (InvalidSQLPasswordException $e) {
$session->set(self::ERROR_LOGIN, true);
throw new AuthenticationException();
} catch (SecurityPatternConfigurationException $e) {
\Sentry\captureException($e);
$session->set(self::TECHNICAL_ERROR, true);
throw new AuthenticationException();
}
$user = new User($login, $remoteHashedPassword, $datas, $rememberMe); $user = new User($login, $remoteHashedPassword, $datas, $rememberMe);
$loader = function (string $userIdentifier) use ($user) { $loader = function (string $userIdentifier) use ($user) {
return $user->getLogin() == $userIdentifier ? $user : null; return $user->getLogin() == $userIdentifier ? $user : null;
@ -107,13 +112,6 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
$passport->setAttribute('attributes', $user->getAttributes()); $passport->setAttribute('attributes', $user->getAttributes());
return $passport; return $passport;
} catch (InvalidSQLPasswordException $e) {
$session->set(self::ERROR_LOGIN, true);
throw new AuthenticationException();
} catch (SecurityPatternConfigurationException $e) {
$session->set(self::ERROR_SECURITY_PATTERN_CONFIGURATION, true);
throw new AuthenticationException();
}
} }
protected function getLoginUrl(Request $request): string protected function getLoginUrl(Request $request): string

6
src/Service/SQLLoginService.php
View File

@ -2,9 +2,7 @@
namespace App\Service; namespace App\Service;
use App\SQLLogin\Exception\DataToFetchConfigurationException;
use App\SQLLogin\Exception\EmptyResultException; use App\SQLLogin\Exception\EmptyResultException;
use App\SQLLogin\Exception\NullDataToFetchException;
use App\SQLLogin\SQLLoginConnect; use App\SQLLogin\SQLLoginConnect;
use App\SQLLogin\SQLLoginRequest; use App\SQLLogin\SQLLoginRequest;
use PDO; use PDO;
@ -25,12 +23,8 @@ class SQLLoginService extends AbstractController
public function fetchPasswordAndDatas(string $login): array public function fetchPasswordAndDatas(string $login): array
{ {
try {
$dataRequest = $this->sqlLoginRequest->getDatasRequest(); $dataRequest = $this->sqlLoginRequest->getDatasRequest();
$datas = $this->executeRequestWithLogin($dataRequest, $login); $datas = $this->executeRequestWithLogin($dataRequest, $login);
} catch (NullDataToFetchException $e) {
throw new DataToFetchConfigurationException($e->getMessage());
}
return $datas; return $datas;
} }

22
translations/messages.en.xlf
View File

@ -9,25 +9,9 @@
<source>error.login</source> <source>error.login</source>
<target>Incorrect login or password</target> <target>Incorrect login or password</target>
</trans-unit> </trans-unit>
<trans-unit id="36t19qm" resname="error.sql_login"> <trans-unit id="1QRR4uA" resname="error.technical">
<source>error.sql_login</source> <source>error.technical</source>
<target>Connection to database encountered a problem</target> <target>A technical error happened, try again later</target>
</trans-unit>
<trans-unit id="lBole_G" resname="error.pdo">
<source>error.pdo</source>
<target>Connection to database encountered a problem</target>
</trans-unit>
<trans-unit id="1QRR4uA" resname="error.configuration">
<source>error.configuration</source>
<target>Identification data references do not exist in the database</target>
</trans-unit>
<trans-unit id="4EPIhsV" resname="error.data_to_fetch_configuration">
<source>error.data_to_fetch_configuration</source>
<target>Data references to be transmitted do not exist</target>
</trans-unit>
<trans-unit id="6iuTNs3" resname="error.security_pattern_configuration">
<source>error.security_pattern_configuration</source>
<target>The security pattern is not allowed</target>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

22
translations/messages.fr.xlf
View File

@ -9,25 +9,9 @@
<source>error.login</source> <source>error.login</source>
<target>Login ou mot de passe inconnu</target> <target>Login ou mot de passe inconnu</target>
</trans-unit> </trans-unit>
<trans-unit id="36t19qm" resname="error.sql_login"> <trans-unit id="1QRR4uA" resname="error.technical">
<source>error.sql_login</source> <source>error.technical</source>
<target>La connexion à la base de données a rencontré un problème</target> <target>Une erreur technique s'est produite, rééssayez plus tard</target>
</trans-unit>
<trans-unit id="lBole_G" resname="error.pdo">
<source>error.pdo</source>
<target>La connexion à la base de données a rencontré un problème</target>
</trans-unit>
<trans-unit id="1QRR4uA" resname="error.configuration">
<source>error.configuration</source>
<target>Les références de données d'identification n'existent pas dans la base de données</target>
</trans-unit>
<trans-unit id="4EPIhsV" resname="error.data_to_fetch_configuration">
<source>error.data_to_fetch_configuration</source>
<target>Les références de données à transmettre n'existent pas</target>
</trans-unit>
<trans-unit id="6iuTNs3" resname="error.security_pattern_configuration">
<source>error.security_pattern_configuration</source>
<target>Le patron de sécurité n'est pas autorisé</target>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>