hydra-sql/src/Controller/MainController.php

<?php


namespace App\Controller;

use PDO;
use App\Entity\User;
use App\Form\UserType;
use App\Services\PdoServices;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Contracts\HttpClient\HttpClientInterface;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;

class MainController extends AbstractController
{
        /**
     * @var Session
     */
    private $session;

    /**
     * @var HttpClientInterface
     */
    public $client;
    private $pdoServices;

    public function __construct(PdoServices $pdoServices, HttpClientInterface $client, SessionInterface $session)
    {
        $this->pdoServices = $pdoServices;
        $this->session = $session;
        $this->client = $client;
    }

    /**
     * @Route("/oauth/login", name="app_login")
     */
    public function loginOidc(Request $request)
    {
        $challenge = $request->query->get('login_challenge');
        // S'il n'y a pas de challenge, on déclenche une bad request
        if(!$challenge){
            throw new BadRequestException('pas de challenge');
        }
        //On vérifie que la requête d'identification provient bien de hydra
        $response = $this->client->request('GET', $this->getParameter('url_login_challenge').$challenge, [
            'headers' => [
                'Content-Type: application/json',
            ],
        ]);
        if (200 !== $response->getStatusCode()) {
            $this->session->clear();
            throw new BadRequestException('pa de code 200');
        }
        // si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
        $this->session->set('challenge', $challenge);

        return $this->redirectToRoute('oauth_login');
    }

    /**
     * @Route("/oauth/connect", name="oauth_login")
     */
    public function oauth(Request $request)
    {
        $user = new User();
        $loginForm = $this->createForm(UserType::class, $user);
        $loginForm->handleRequest($request);
        if($loginForm->isSubmitted() && $loginForm->isValid()){
            $email = $loginForm->get('email')->getData();
            $dbh = $this->pdoServices->connection();
            try {
                //requête préparée
                $query = $dbh->prepare($this->getParameter("queryHashPassword")."'".$email ."';");
                $query->execute();
                $hashPassword = $query->fetch(PDO::FETCH_ASSOC);

                if(!$hashPassword){
                    // Si le hash du password n'est pas trouvé, c'est que l'email n'existe pas, on retourne la page de login avec une erreur
                    return $this->render('login.html.twig', [
                        'form'=>$loginForm->createView(),
                        "error"=> "mail non trouvé",

                    ]);
                }
                $hashPassword = array_values($hashPassword)[0];
                $password = $loginForm->get('password')->getData();

                if($this->pdoServices->verifyPassword($password, $hashPassword)){
                    $this->session->set('datas', $this->pdoServices->fetchDatas($email));
                    $response = $this->client->request('PUT', $this->getParameter('url_login_challenge_accept').$this->session->get('challenge'), [
                        'json' => [
                                'subject' => $email,
                        ],
                    ]);
                    // On initie l'acceptation du login challenge émis par hydra et on récupère l'url de redirection
                    // dd($response->toArray());
                    $redirect_to = $response->toArray()['redirect_to'];
                    return $this->redirect($redirect_to, 301);

                }else{
                    return $this->render('login.html.twig', [
                        'form'=>$loginForm->createView(),
                        "error"=> "Le mot de passe est incorrect"

                    ]);
                }
                
            }catch (\Exception $e){
                dd($e);
            }
            // $rememberMe = $loginForm->get('rememberMe')->getData();

        }

        return $this->render('login.html.twig', [
            'form'=>$loginForm->createView(),
            "error_mail"=>false,
            "error_password"=>false 
        ]);
    }

    /**
     * @Route("/oauth/consent", name="consent")
     */
    public function consent(Request $request)
    {
        $challenge = $request->query->get('consent_challenge');
        if (!$challenge) {
            throw new BadRequestException("Le challenge n'est pas disponible");
        }

        // Vérification du consent_challenge avec hydra
        $response = $this->client->request('GET', $this->getParameter('url_consent_challenge').$challenge, [
            'headers' => [
                'Content-Type: application/json',
            ],
        ]);
        if(200!== $response->getStatusCode()){
            $this->session->clear();
            throw new BadRequestException("Le challenge n'est pas authorisé");
        }
        $response = $this->client->request('PUT', $this->getParameter('url_consent_challenge_accept').$challenge, [
            'headers' => [
                'Content-Type: application/json',
            ],
            'json' => [
                'grant_scope' => ['openid', 'offline_access'],
                'session' => [
                    'id_token' => [
                      'user' => $this->session->get('datas'),
                    ],
                  ],
            ],
        ]);
        $redirect_to = $response->toArray()['redirect_to'];

        return $this->redirect($redirect_to, 301);

    }
}