2019-03-12 14:50:57 +01:00
< ? php
namespace Cadoles\CASBundle\Controller ;
use Symfony\Bundle\FrameworkBundle\Controller\Controller ;
use Symfony\Component\HttpFoundation\Request ;
use Symfony\Component\HttpFoundation\Response ;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken ;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent ;
use Symfony\Component\EventDispatcher\EventDispatcher ;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface ;
use Cadoles\CoreBundle\Entity\User ;
2020-09-30 14:56:00 +02:00
use Cadoles\CoreBundle\Entity\Group ;
2019-03-12 14:50:57 +01:00
class SecurityController extends Controller
{
public function metadataAction ()
{
return parent :: metadataAction ();
}
public function loginAction ( Request $request )
{
2021-03-04 17:02:39 +01:00
// Récupération de la cible de navigation
2020-02-25 11:10:33 +01:00
$redirect = $request -> get ( " redirect " );
2021-03-04 17:02:39 +01:00
2019-03-12 14:50:57 +01:00
// Masteridentity
$masteridentity = $this -> getParameter ( " masteridentity " );
// Init Client CAS
2020-09-30 13:55:31 +02:00
\phpCAS :: setDebug ( " /var/log/phpcas/phpCAS-ninegate.log " );
2021-07-12 10:32:14 +02:00
if ( $this -> getParameter ( " cas_type " ) == " client " )
@ \phpCAS :: client ( CAS_VERSION_2_0 , $this -> getParameter ( 'cas_host' ), $this -> getParameter ( 'cas_port' ), is_null ( $this -> getParameter ( 'cas_path' )) ? '' : $this -> getParameter ( 'cas_path' ), false );
else
@ \phpCAS :: proxy ( CAS_VERSION_2_0 , $this -> getParameter ( 'cas_host' ), $this -> getParameter ( 'cas_port' ), is_null ( $this -> getParameter ( 'cas_path' )) ? '' : $this -> getParameter ( 'cas_path' ), false );
2019-03-12 14:50:57 +01:00
\phpCAS :: setNoCasServerValidation ();
2021-03-04 17:02:39 +01:00
2019-03-12 14:50:57 +01:00
// Authentification
\phpCAS :: forceAuthentication ();
// Récupération UID
$username = \phpCAS :: getUser ();
// Récupération Attribut
$attributes = \phpCAS :: getAttributes ();
2021-01-21 16:00:15 +01:00
// Init
$email = " " ;
$lastname = " " ;
$firstname = " " ;
2019-03-12 14:50:57 +01:00
// Rechercher l'utilisateur
$em = $this -> getDoctrine () -> getManager ();
if ( isset ( $attributes [ $this -> getParameter ( 'user_attr_cas_username' )]))
$username = $attributes [ $this -> getParameter ( 'user_attr_cas_username' )];
2021-03-04 17:02:39 +01:00
2019-03-12 14:50:57 +01:00
if ( isset ( $attributes [ $this -> getParameter ( 'user_attr_cas_mail' )]))
$email = $attributes [ $this -> getParameter ( 'user_attr_cas_mail' )];
2021-03-04 17:02:39 +01:00
2019-03-12 14:50:57 +01:00
if ( isset ( $attributes [ $this -> getParameter ( 'user_attr_cas_lastname' )]))
$lastname = $attributes [ $this -> getParameter ( 'user_attr_cas_lastname' )];
2021-03-04 17:02:39 +01:00
2019-03-12 14:50:57 +01:00
if ( isset ( $attributes [ $this -> getParameter ( 'user_attr_cas_firstname' )]))
$firstname = $attributes [ $this -> getParameter ( 'user_attr_cas_firstname' )];
$user = $em -> getRepository ( 'CadolesCoreBundle:User' ) -> findOneBy ( array ( " username " => $username ));
$exists = $user ? true : false ;
if ( ! $exists ) {
if ( $masteridentity == " SQL " ) {
// C'est pas normal que l'on puisse se connecter alors que l'utilisateur n'est pas connu en base
// La base étant le maitre de l'identité
throw $this -> createNotFoundException ( 'Permission denied' );
}
if ( $masteridentity == " LDAP " ) {
// Normalement la synchronisation des comptes aurait du générer le compte en base c'est donc pas normal
// Peut-être juste relancer une synchronisation
2021-09-14 11:40:18 +02:00
// On tente une synchronisation via methode SSO
$masteridentity = " SSO " ;
// throw $this->createNotFoundException('Permission denied. Need to synchronize LDAP ? Contact your administrator');
2019-03-12 14:50:57 +01:00
}
if ( $masteridentity == " SSO " ) {
2021-01-21 17:24:21 +01:00
if ( empty ( $email )) $email = $username . " @nomail.com " ;
2022-12-09 09:18:52 +01:00
// On s'assure qu'il n'y a pas déjà un utilisateur avec le même mail
$usermail = $em -> getRepository ( 'CadolesCoreBundle:User' ) -> findOneBy ( array ( " email " => $email ));
if ( $usermail ) {
return $this -> render ( 'CadolesCoreBundle:Registration:info.html.twig' , [
'useheader' => true ,
'usemenu' => false ,
'usesidebar' => false ,
2022-12-09 11:50:38 +01:00
'infotitle' => " Première connexion " ,
2022-12-09 09:18:52 +01:00
'info' => " Votre compte ne peut être activé car votre adresse mel est déjà utilisée par un autre compte utilisateur.<br>Nous sommes désolés du désagrément et vous invitons à contacter un administrateur. " ,
'mode' => " error " ,
'redirectto' => " " ,
]);
}
2019-03-12 14:50:57 +01:00
// Là c'est normal que potentiellement il n'existe pas il faut donc l'autogénérer
$user = new User ();
// On calcule le niveau01 de l'utilisateur
$niveau01 = $em -> getRepository ( 'CadolesCoreBundle:Niveau01' ) -> calculateNiveau01 ( $attributes );
2021-09-14 11:40:18 +02:00
if ( ! $niveau01 ) {
$niveau01 = $em -> getRepository ( 'CadolesCoreBundle:Niveau01' ) -> findAll ()[ 0 ];
//throw $this->createNotFoundException('Permission denied. No Organisation Niveau 01 match');
}
2019-03-12 14:50:57 +01:00
$user -> setUsername ( $username );
$user -> setEmail ( $email );
$user -> setLastname ( $lastname );
$user -> setFirstname ( $firstname );
$user -> setPassword ( " CASPWD- " . $username );
$user -> setSalt ( " CASPWD- " . $username );
2021-03-04 17:02:39 +01:00
2019-03-12 14:50:57 +01:00
$user -> setNiveau01 ( $niveau01 );
$user -> setSiren ( $niveau01 -> getSiren ());
$user -> setSiret ( " " );
$user -> setAvatar ( " noavatar.png " );
$user -> setVisible ( true );
$user -> setAuthlevel ( " simple " );
2021-04-27 10:09:19 +02:00
$user -> setBelongingpopulation ( " agent " );
2019-03-12 14:50:57 +01:00
$user -> setRole ( " ROLE_USER " );
2021-03-04 17:02:39 +01:00
if ( in_array ( $username , $this -> getParameter ( " ldap_usersadmin " )))
2020-09-30 14:56:00 +02:00
$user -> setRole ( " ROLE_ADMIN " );
2019-03-12 14:50:57 +01:00
$em -> persist ( $user );
$em -> flush ();
2020-09-30 14:56:00 +02:00
// Génération auto des groupes
$this -> submitGroup ( $attributes );
2019-03-12 14:50:57 +01:00
// On calcule les groupes de l'utilisateur
2021-03-04 17:02:39 +01:00
$user = $em -> getRepository ( 'CadolesCoreBundle:Group' ) -> calculateGroup ( $user , $attributes );
2020-09-30 13:55:31 +02:00
2019-03-12 14:50:57 +01:00
}
}
else {
// Mise à jour des valeurs uniquement si le maitre de l'identité est le SSO
if ( $masteridentity == " SSO " ) {
// On calcule le niveau01 de l'utilisateur
$niveau01 = $em -> getRepository ( 'CadolesCoreBundle:Niveau01' ) -> calculateNiveau01 ( $attributes );
if ( ! $niveau01 )
throw $this -> createNotFoundException ( 'Permission denied. No Organisation Niveau 01 match' );
// On s'assure que le niveau 02 appartient bien au niveau 01 calculé
$sameniveau01 = ( ! is_null ( $user -> getNiveau02 ()) && $niveau01 == $user -> getNiveau02 () -> getNiveau01 ());
$user -> setLastname ( $lastname );
$user -> setFirstname ( $firstname );
$user -> setEmail ( $email );
2020-10-21 15:26:12 +02:00
if ( ! $sameniveau01 ) {
$user -> setNiveau01 ( $niveau01 );
$user -> setNiveau02 ( null );
}
2021-03-04 17:02:39 +01:00
if ( in_array ( $username , $this -> getParameter ( " ldap_usersadmin " )))
2020-09-30 14:56:00 +02:00
$user -> setRole ( " ROLE_ADMIN " );
// Génération auto des groupes
$this -> submitGroup ( $attributes );
2020-09-30 13:55:31 +02:00
// On calcule les groupes de l'utilisateur
$user = $em -> getRepository ( 'CadolesCoreBundle:Group' ) -> calculateGroup ( $user , $attributes );
2019-03-12 14:50:57 +01:00
$em -> persist ( $user );
$em -> flush ();
}
}
// Sauvegarde des attributes en session
$this -> get ( 'session' ) -> set ( 'attributes' , $attributes );
2020-11-19 15:08:51 +01:00
// Sauvegarde des ssoitems en session
$ssoitems = [];
if ( $this -> getParameter ( 'ssosynchroitem' )) {
$user_attr_cas_item = $this -> getParameter ( 'user_attr_cas_item' );
if ( array_key_exists ( $user_attr_cas_item , $attributes )) {
if ( ! is_array ( $attributes [ $user_attr_cas_item ])) {
$attributes [ $user_attr_cas_item ] = [ $attributes [ $user_attr_cas_item ]];
}
$ssoitems = $attributes [ $user_attr_cas_item ];
}
2021-03-04 17:02:39 +01:00
}
2020-11-19 15:08:51 +01:00
$this -> get ( 'session' ) -> set ( 'ssoitems' , $ssoitems );
2019-03-12 14:50:57 +01:00
// Autoconnexion
// Récupérer le token de l'utilisateur
$token = new UsernamePasswordToken ( $user , null , " main " , $user -> getRoles ());
$this -> get ( " security.token_storage " ) -> setToken ( $token );
// Simuler l'evenement de connexion
$event = new InteractiveLoginEvent ( $request , $token );
$dispatcher = new EventDispatcher ();
$dispatcher -> dispatch ( " security.interactive_login " , $event );
2020-06-09 09:53:25 +02:00
// On enregistre sa visite
$user -> setVisitedate ( new \DateTime ());
$user -> setVisitecpt ( $user -> getVisitecpt () + 1 );
$em -> persist ( $user );
$em -> flush ();
2020-02-25 11:10:33 +01:00
if ( $redirect )
return $this -> redirect ( $redirect );
else
return $this -> redirect ( $this -> generateUrl ( 'cadoles_core_home' ));
2019-03-12 14:50:57 +01:00
}
public function logoutAction () {
// Init Client CAS
\phpCAS :: setDebug ( false );
2021-07-12 10:32:14 +02:00
if ( $this -> getParameter ( " cas_type " ) == " client " )
@ \phpCAS :: client ( CAS_VERSION_2_0 , $this -> getParameter ( 'cas_host' ), $this -> getParameter ( 'cas_port' ), is_null ( $this -> getParameter ( 'cas_path' )) ? '' : $this -> getParameter ( 'cas_path' ), true );
else
@ \phpCAS :: proxy ( CAS_VERSION_2_0 , $this -> getParameter ( 'cas_host' ), $this -> getParameter ( 'cas_port' ), is_null ( $this -> getParameter ( 'cas_path' )) ? '' : $this -> getParameter ( 'cas_path' ), true );
2019-03-12 14:50:57 +01:00
\phpCAS :: setNoCasServerValidation ();
2019-04-05 11:52:31 +02:00
2019-03-12 14:50:57 +01:00
// Logout
$url = $this -> generateUrl ( 'cadoles_core_home' , array (), UrlGeneratorInterface :: ABSOLUTE_URL );
\phpCAS :: logout ( array ( " service " => $url ));
}
2020-09-30 13:55:31 +02:00
public function testAction () {
$em = $this -> getDoctrine () -> getManager ();
// Init Client CAS
\phpCAS :: setDebug ( " /var/log/phpcas/phpCAS-ninegate.log " );
2021-07-12 10:32:14 +02:00
if ( $this -> getParameter ( " cas_type " ) == " client " )
@ \phpCAS :: client ( CAS_VERSION_2_0 , $this -> getParameter ( 'cas_host' ), $this -> getParameter ( 'cas_port' ), is_null ( $this -> getParameter ( 'cas_path' )) ? '' : $this -> getParameter ( 'cas_path' ), false );
else
@ \phpCAS :: proxy ( CAS_VERSION_2_0 , $this -> getParameter ( 'cas_host' ), $this -> getParameter ( 'cas_port' ), is_null ( $this -> getParameter ( 'cas_path' )) ? '' : $this -> getParameter ( 'cas_path' ), false );
2020-09-30 13:55:31 +02:00
\phpCAS :: setNoCasServerValidation ();
2021-03-04 17:02:39 +01:00
2020-09-30 13:55:31 +02:00
// Authentification
\phpCAS :: forceAuthentication ();
// Récupération UID
$username = \phpCAS :: getUser ();
// Récupération Attribut
$attributes = \phpCAS :: getAttributes ();
$user = $em -> getRepository ( 'CadolesCoreBundle:User' ) -> findOneBy ( array ( " username " => $username ));
2021-03-04 17:02:39 +01:00
2020-09-30 14:56:00 +02:00
// On calcule le niveau01 de l'utilisateur
2020-09-30 13:55:31 +02:00
$niveau01 = $em -> getRepository ( 'CadolesCoreBundle:Niveau01' ) -> calculateNiveau01 ( $attributes );
2020-09-30 14:56:00 +02:00
// Génération auto des groupes
2021-03-04 17:02:39 +01:00
$groups = $this -> submitGroup ( $attributes );
2020-09-30 14:56:00 +02:00
// On calcule les groupes de l'utilisateur
2020-09-30 13:55:31 +02:00
$user = $em -> getRepository ( 'CadolesCoreBundle:Group' ) -> calculateGroup ( $user , $attributes );
return $this -> render ( 'CadolesCASBundle:Test:test.html.twig' ,[
'useheader' => true ,
'usemenu' => false ,
2021-03-04 17:02:39 +01:00
'usesidebar' => false ,
2020-09-30 13:55:31 +02:00
'attributes' => $attributes ,
'user' => $user ,
'username' => $username ,
2021-03-04 17:02:39 +01:00
'niveau01' => $niveau01 ,
]);
2020-09-30 13:55:31 +02:00
}
2020-09-30 14:56:00 +02:00
private function submitGroup ( $attributes ) {
$em = $this -> getDoctrine () -> getManager ();
if ( ! $this -> getParameter ( 'ssosynchrogroup' ))
return null ;
$user_attr_cas_group = $this -> getParameter ( 'user_attr_cas_group' );
// Si l'utilisateur possège l'attribut groupe dans ses attributs
if ( array_key_exists ( $user_attr_cas_group , $attributes )) {
if ( ! is_array ( $attributes [ $user_attr_cas_group ])) {
$attributes [ $user_attr_cas_group ] = [ $attributes [ $user_attr_cas_group ]];
}
foreach ( $attributes [ $user_attr_cas_group ] as $ssogroup ) {
2021-03-04 17:02:39 +01:00
$basedn = $this -> getParameter ( 'ldap_basedn' );
$name = $ssogroup ;
if ( $basedn != " " ) {
// Si présence du basedn dans le nom du groupe = nous sommes en présence d'un DN = on récupere donc comme nom que son cn
if ( stripos ( $name , $basedn ) !== false ) {
$tbname = explode ( " , " , $name );
$tbname = explode ( " = " , $tbname [ 0 ]);
$name = $tbname [ 1 ];
}
}
2020-09-30 14:56:00 +02:00
// Recherche du groupe
2021-03-04 17:02:39 +01:00
$group = $em -> getRepository ( " CadolesCoreBundle:Group " ) -> findOneBy ([ " label " => $name ]);
2020-09-30 14:56:00 +02:00
if ( ! $group ) {
$group = new Group ();
2021-03-04 17:02:39 +01:00
$group -> setLabel ( $name );
2020-09-30 14:56:00 +02:00
$group -> setFgcancreatepage ( false );
$group -> setFgcancreateblog ( false );
$group -> setFgcancreatecalendar ( false );
2021-03-04 17:02:39 +01:00
$group -> setFgcancreateproject ( false );
$group -> setFgcanshare ( false );
2020-09-30 14:56:00 +02:00
$group -> setFgopen ( false );
2021-03-04 17:02:39 +01:00
$group -> setFgall ( false );
2020-09-30 14:56:00 +02:00
}
2021-03-04 17:02:39 +01:00
2020-09-30 14:56:00 +02:00
$group -> setAttributes ( '{"' . $user_attr_cas_group . '":"' . $ssogroup . '"}' );
$group -> setFgtemplate ( false );
$em -> persist ( $group );
2021-03-04 17:02:39 +01:00
$em -> flush ();
2020-09-30 14:56:00 +02:00
}
}
}
2021-07-05 14:07:18 +02:00
function imapunreadAction () {
2021-07-12 10:32:14 +02:00
if ( $this -> getParameter ( " active_imapunread " ) && $this -> getParameter ( " cas_type " ) == " proxy " ) {
2021-07-05 14:07:18 +02:00
$ip = $this -> getParameter ( " imapundread_ip " );
// Init Client CAS
\phpCAS :: setDebug ( " /var/log/phpcas/phpCAS-ninegate.log " );
@ \phpCAS :: proxy ( CAS_VERSION_2_0 , $this -> getParameter ( 'cas_host' ), $this -> getParameter ( 'cas_port' ), is_null ( $this -> getParameter ( 'cas_path' )) ? '' : $this -> getParameter ( 'cas_path' ), false );
\phpCAS :: setNoCasServerValidation ();
\phpCAS :: forceAuthentication ();
$pt = \phpCAS :: retrievePT ( 'imap://' . $ip , $t , $f );
$a = \phpCAS :: serviceMail ( " { " . $ip . " :993/imap/ssl/novalidate-cert} " , " imap:// " . $ip , 0 , $errc , $err , $pt );
$unseen = imap_status ( $a , " { " . $ip . " :993/imap/ssl/novalidate-cert}INBOX " , SA_UNSEEN );
$count = $unseen -> unseen ;
$response = new Response ( json_encode ( $count ));
}
else
$response = new Response ( json_encode ( " " ));
$response -> headers -> set ( 'Content-Type' , 'application/json' );
return $response ;
}
2019-03-12 14:50:57 +01:00
}