fix login sql : ajout d'un retry sur le login, suppression des options #45

Merged
mlamalle merged 4 commits from retour-43 into develop 2024-10-14 10:40:14 +02:00
10 changed files with 37 additions and 121 deletions
Showing only changes of commit 999e708ff7 - Show all commits

View File

@ -32,17 +32,9 @@ class SecurityController extends AbstractController
$loginForm->addError(new FormError($trans->trans('error.login', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_LOGIN);
}
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_CONFIGURATION)) {
$loginForm->addError(new FormError($trans->trans('error.configuration', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_CONFIGURATION);
}
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_DATA_TO_FETCH_CONFIGURATION)) {
$loginForm->addError(new FormError($trans->trans('error.data_to_fetch_configuration', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_DATA_TO_FETCH_CONFIGURATION);
}
if ($request->getSession()->has(SQLLoginUserAuthenticator::ERROR_SECURITY_PATTERN_CONFIGURATION)) {
$loginForm->addError(new FormError($trans->trans('error.security_pattern_configuration', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::ERROR_SECURITY_PATTERN_CONFIGURATION);
if ($request->getSession()->has(SQLLoginUserAuthenticator::TECHNICAL_ERROR)) {
$loginForm->addError(new FormError($trans->trans('error.technical', [], 'messages')));
$request->getSession()->remove(SQLLoginUserAuthenticator::TECHNICAL_ERROR);
}
}

View File

@ -1,9 +0,0 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class DatabaseConnectionException extends Exception
{
}

View File

@ -1,9 +0,0 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class InvalidSQLLoginAlgoException extends Exception
{
}

View File

@ -1,9 +0,0 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class LoginElementsConfigurationException extends Exception
{
}

View File

@ -1,9 +0,0 @@
<?php
namespace App\SQLLogin\Exception;
use Exception;
class NullPasswordColumnNameException extends Exception
{
}

View File

@ -88,7 +88,7 @@ class PasswordEncoder implements LegacyPasswordHasherInterface
foreach ($this->securityPattern as $term) {
if (self::PEPPER_PATTERN !== $term && self::PASSWORD_PATTERN !== $term && self::SALT_PATTERN !== $term) {
$this->loggerInterface->critical('La configuration du security pattern est invalide, les termes autorisés sont : '.self::PASSWORD_PATTERN.', '.self::SALT_PATTERN.' et '.self::PEPPER_PATTERN);
throw new SecurityPatternConfigurationException();
throw new SecurityPatternConfigurationException('La configuration du security pattern est invalide, les termes autorisés sont : '.self::PASSWORD_PATTERN.', '.self::SALT_PATTERN.' et '.self::PEPPER_PATTERN);
}
}
$completedPlainPassword = '';

View File

@ -10,6 +10,7 @@ use App\SQLLogin\Exception\EmptyResultException;
use App\SQLLogin\Exception\InvalidSQLPasswordException;
use App\SQLLogin\Exception\SecurityPatternConfigurationException;
use App\SQLLogin\SQLLoginRequest;
use PDOException;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@ -24,11 +25,7 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
{
public const LOGIN_ROUTE = 'app_login';
public const ERROR_LOGIN = 'error_login';
public const ERROR_PDO = 'error_pdo';
public const ERROR_SQL_LOGIN = 'error_sql_login';
public const ERROR_CONFIGURATION = 'error_configuration';
public const ERROR_DATA_TO_FETCH_CONFIGURATION = 'error_data_to_fetch_configuration';
public const ERROR_SECURITY_PATTERN_CONFIGURATION = 'error_security_pattern_configuration';
public const TECHNICAL_ERROR = 'technical_error';
private string $baseUrl;
@ -75,6 +72,14 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
$session = $request->getSession();
try {
$datas = $this->sqlLoginService->fetchPasswordAndDatas($login);
} catch (EmptyResultException $e) {
$session->set(self::ERROR_LOGIN, true);
throw new AuthenticationException();
} catch (DataToFetchConfigurationException|PDOException $e) {
\Sentry\captureException($e);
$session->set(self::TECHNICAL_ERROR, true);
throw new AuthenticationException();
}
$remoteHashedPassword = $datas[$this->sqlLoginRequest->getPasswordColumnName()];
unset($datas[$this->sqlLoginRequest->getPasswordColumnName()]);
$remoteSalt = null;
@ -82,20 +87,20 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
$remoteSalt = $datas[$this->sqlLoginRequest->getSaltColumnName()];
unset($datas[$this->sqlLoginRequest->getSaltColumnName()]);
}
} catch (EmptyResultException $e) {
$session->set(self::ERROR_LOGIN, true);
throw new AuthenticationException();
} catch (DataToFetchConfigurationException $e) {
$session->set(self::ERROR_DATA_TO_FETCH_CONFIGURATION, true);
throw new AuthenticationException();
}
if (null === $remoteHashedPassword) {
$remoteHashedPassword = '';
}
try {
// Comparaison remote hash et hash du input password + salt
$this->passwordHasher->verify($remoteHashedPassword, $plaintextPassword, $remoteSalt);
} catch (InvalidSQLPasswordException $e) {
$session->set(self::ERROR_LOGIN, true);
throw new AuthenticationException();
} catch (SecurityPatternConfigurationException $e) {
\Sentry\captureException($e);
$session->set(self::TECHNICAL_ERROR, true);
throw new AuthenticationException();
}
$user = new User($login, $remoteHashedPassword, $datas, $rememberMe);
$loader = function (string $userIdentifier) use ($user) {
return $user->getLogin() == $userIdentifier ? $user : null;
@ -107,13 +112,6 @@ class SQLLoginUserAuthenticator extends AbstractLoginFormAuthenticator
$passport->setAttribute('attributes', $user->getAttributes());
return $passport;
} catch (InvalidSQLPasswordException $e) {
$session->set(self::ERROR_LOGIN, true);
throw new AuthenticationException();
} catch (SecurityPatternConfigurationException $e) {
$session->set(self::ERROR_SECURITY_PATTERN_CONFIGURATION, true);
throw new AuthenticationException();
}
}
protected function getLoginUrl(Request $request): string

View File

@ -2,9 +2,7 @@
namespace App\Service;
use App\SQLLogin\Exception\DataToFetchConfigurationException;
use App\SQLLogin\Exception\EmptyResultException;
use App\SQLLogin\Exception\NullDataToFetchException;
use App\SQLLogin\SQLLoginConnect;
use App\SQLLogin\SQLLoginRequest;
use PDO;
@ -25,12 +23,8 @@ class SQLLoginService extends AbstractController
public function fetchPasswordAndDatas(string $login): array
{
try {
$dataRequest = $this->sqlLoginRequest->getDatasRequest();
$datas = $this->executeRequestWithLogin($dataRequest, $login);
} catch (NullDataToFetchException $e) {
throw new DataToFetchConfigurationException($e->getMessage());
}
return $datas;
}

View File

@ -9,25 +9,9 @@
<source>error.login</source>
<target>Incorrect login or password</target>
</trans-unit>
<trans-unit id="36t19qm" resname="error.sql_login">
<source>error.sql_login</source>
<target>Connection to database encountered a problem</target>
</trans-unit>
<trans-unit id="lBole_G" resname="error.pdo">
<source>error.pdo</source>
<target>Connection to database encountered a problem</target>
</trans-unit>
<trans-unit id="1QRR4uA" resname="error.configuration">
<source>error.configuration</source>
<target>Identification data references do not exist in the database</target>
</trans-unit>
<trans-unit id="4EPIhsV" resname="error.data_to_fetch_configuration">
<source>error.data_to_fetch_configuration</source>
<target>Data references to be transmitted do not exist</target>
</trans-unit>
<trans-unit id="6iuTNs3" resname="error.security_pattern_configuration">
<source>error.security_pattern_configuration</source>
<target>The security pattern is not allowed</target>
<trans-unit id="1QRR4uA" resname="error.technical">
<source>error.technical</source>
<target>A technical error happened, try again later</target>
</trans-unit>
</body>
</file>

View File

@ -9,25 +9,9 @@
<source>error.login</source>
<target>Login ou mot de passe inconnu</target>
</trans-unit>
<trans-unit id="36t19qm" resname="error.sql_login">
<source>error.sql_login</source>
<target>La connexion à la base de données a rencontré un problème</target>
</trans-unit>
<trans-unit id="lBole_G" resname="error.pdo">
<source>error.pdo</source>
<target>La connexion à la base de données a rencontré un problème</target>
</trans-unit>
<trans-unit id="1QRR4uA" resname="error.configuration">
<source>error.configuration</source>
<target>Les références de données d'identification n'existent pas dans la base de données</target>
</trans-unit>
<trans-unit id="4EPIhsV" resname="error.data_to_fetch_configuration">
<source>error.data_to_fetch_configuration</source>
<target>Les références de données à transmettre n'existent pas</target>
</trans-unit>
<trans-unit id="6iuTNs3" resname="error.security_pattern_configuration">
<source>error.security_pattern_configuration</source>
<target>Le patron de sécurité n'est pas autorisé</target>
<trans-unit id="1QRR4uA" resname="error.technical">
<source>error.technical</source>
<target>Une erreur technique s'est produite, rééssayez plus tard</target>
</trans-unit>
</body>
</file>