2022-08-27 18:24:56 +02:00
< ? php
2022-09-23 16:14:15 +02:00
2022-08-27 18:24:56 +02:00
namespace App\Controller ;
2022-09-23 16:14:15 +02:00
use App\Form\LoginType ;
use App\Service\ApiService ;
use App\Service\LdapService ;
use App\Service\PasswordEncoder ;
use Doctrine\Persistence\ManagerRegistry ;
2022-08-27 18:24:56 +02:00
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController ;
2022-09-23 16:14:15 +02:00
use Symfony\Component\HttpFoundation\Exception\BadRequestException ;
2022-08-27 18:24:56 +02:00
use Symfony\Component\HttpFoundation\Request ;
use Symfony\Component\HttpFoundation\Response ;
class HydraController extends AbstractController
{
private $apiservice ;
private $passwordencoder ;
private $ldapservice ;
2022-09-23 16:14:15 +02:00
public function __construct ( ApiService $apiservice , LdapService $ldapservice , PasswordEncoder $passwordencoder )
2022-08-27 18:24:56 +02:00
{
$this -> apiservice = $apiservice ;
$this -> passwordencoder = $passwordencoder ;
$this -> ldapservice = $ldapservice ;
}
public function loginsql ( Request $request ) : Response
2022-09-23 16:14:15 +02:00
{
2022-08-27 18:24:56 +02:00
$challenge = $request -> query -> get ( 'login_challenge' );
// S'il n'y a pas de challenge, on déclenche une bad request
if ( ! $challenge ) {
throw new BadRequestException ( 'pas de challenge' );
}
2022-09-23 16:14:15 +02:00
2022-08-27 18:24:56 +02:00
// On vérifie que la requête d'identification provient bien de hydra
2022-09-23 16:14:15 +02:00
$response = $this -> apiservice -> run ( 'GET' , $this -> getParameter ( 'hydraLoginchallenge' ) . $challenge , null );
if ( ! $response ) {
2022-08-27 18:24:56 +02:00
throw new BadRequestException ( 'challenge invalide' );
2022-09-23 16:14:15 +02:00
}
2022-08-27 18:24:56 +02:00
// si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
$request -> getSession () -> set ( 'hydraChallenge' , $challenge );
// Création du formulaire
$form = $this -> createForm ( LoginType :: class );
// Récupération des data du formulaire
$form -> handleRequest ( $request );
// Affichage du formulaire
2022-09-23 16:14:15 +02:00
return $this -> render ( 'Home/loginHYDRA.html.twig' , [
'useheader' => false ,
'usemenu' => false ,
'usesidebar' => false ,
'form' => $form -> createView (),
'mode' => 'SQL' ,
2022-08-27 18:24:56 +02:00
]);
}
2022-09-23 16:14:15 +02:00
public function checkloginsql ( Request $request , ManagerRegistry $em )
{
$username = $request -> get ( 'login' )[ 'username' ];
$password = $request -> get ( 'login' )[ 'password' ];
2022-08-27 18:24:56 +02:00
// user exist ?
2022-09-23 16:14:15 +02:00
$user = $em -> getRepository ( " App \ Entity \ User " ) -> findOneBy ([ 'username' => $username ]);
if ( ! $user ) {
return $this -> redirect ( $this -> generateUrl ( 'app_hydra_loginsql' , [ 'login_challenge' => $request -> getSession () -> get ( 'hydraChallenge' )]));
}
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$islogin = $this -> passwordencoder -> verify ( $user -> getPassword (), $password , $user -> getSalt ());
if ( ! $islogin ) {
return $this -> redirect ( $this -> generateUrl ( 'app_hydra_loginsql' , [ 'login_challenge' => $request -> getSession () -> get ( 'hydraChallenge' )]));
}
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$response = $this -> apiservice -> run ( 'PUT' , $this -> getParameter ( 'hydraLoginchallengeaccept' ) . $request -> getSession () -> get ( 'hydraChallenge' ), [ 'subject' => $user -> getEmail (), 'acr' => 'string' ]);
if ( ! $response || '200' != $response -> code ) {
2022-08-27 18:24:56 +02:00
throw new BadRequestException ( 'login accept invalide' );
2022-09-23 16:14:15 +02:00
}
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$datas = [
'username' => $user -> getUsername (),
'email' => $user -> getEmail (),
'firstname' => $user -> getFirstname (),
'lastname' => $user -> getLastname (),
2022-08-27 18:24:56 +02:00
];
2022-09-23 16:14:15 +02:00
$request -> getSession () -> set ( 'datas' , $datas );
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$redirect = $response -> body -> redirect_to ;
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
return $this -> redirect ( $redirect , 301 );
2022-08-27 18:24:56 +02:00
}
public function loginldap ( Request $request ) : Response
2022-09-23 16:14:15 +02:00
{
2022-08-27 18:24:56 +02:00
$challenge = $request -> query -> get ( 'login_challenge' );
// S'il n'y a pas de challenge, on déclenche une bad request
if ( ! $challenge ) {
throw new BadRequestException ( 'pas de challenge' );
}
2022-09-23 16:14:15 +02:00
2022-08-27 18:24:56 +02:00
// On vérifie que la requête d'identification provient bien de hydra
2022-09-23 16:14:15 +02:00
$response = $this -> apiservice -> run ( 'GET' , $this -> getParameter ( 'hydraLoginchallenge' ) . $challenge , null );
if ( ! $response ) {
2022-08-27 18:24:56 +02:00
throw new BadRequestException ( 'challenge invalide' );
2022-09-23 16:14:15 +02:00
}
2022-08-27 18:24:56 +02:00
// si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
$request -> getSession () -> set ( 'hydraChallenge' , $challenge );
// Création du formulaire
$form = $this -> createForm ( LoginType :: class );
// Récupération des data du formulaire
$form -> handleRequest ( $request );
// Affichage du formulaire
2022-09-23 16:14:15 +02:00
return $this -> render ( 'Home/loginHYDRA.html.twig' , [
'useheader' => false ,
'usemenu' => false ,
'usesidebar' => false ,
'form' => $form -> createView (),
'mode' => 'LDAP' ,
2022-08-27 18:24:56 +02:00
]);
}
2022-09-23 16:14:15 +02:00
public function checkloginldap ( Request $request , ManagerRegistry $em )
{
$username = $request -> get ( 'login' )[ 'username' ];
$password = $request -> get ( 'login' )[ 'password' ];
2022-08-27 18:24:56 +02:00
// L'utilisateur se co à l'annuaire ?
2022-09-23 16:14:15 +02:00
$userldap = $this -> ldapservice -> userconnect ( $username , $password );
if ( ! $userldap ) {
return $this -> redirect ( $this -> generateUrl ( 'app_hydra_loginldap' , [ 'login_challenge' => $request -> getSession () -> get ( 'hydraChallenge' )]));
}
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$userldap = $userldap [ 0 ];
2022-08-27 18:24:56 +02:00
// Init
$email = " $username @nomail.fr " ;
$lastname = $username ;
2022-09-23 16:14:15 +02:00
$firstname = ' ' ;
2022-08-27 18:24:56 +02:00
// Rechercher l'utilisateur
2022-09-23 16:14:15 +02:00
if ( isset ( $userldap [ $this -> getParameter ( 'ldapFirstname' )])) {
2022-08-27 18:24:56 +02:00
$firstname = $userldap [ $this -> getParameter ( 'ldapFirstname' )];
2022-09-23 16:14:15 +02:00
}
if ( isset ( $userldap [ $this -> getParameter ( 'ldapLastname' )])) {
2022-08-27 18:24:56 +02:00
$lastname = $userldap [ $this -> getParameter ( 'ldapLastname' )];
2022-09-23 16:14:15 +02:00
}
if ( isset ( $userldap [ $this -> getParameter ( 'ldapEmail' )])) {
2022-08-27 18:24:56 +02:00
$email = $userldap [ $this -> getParameter ( 'ldapEmail' )];
2022-09-23 16:14:15 +02:00
}
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$response = $this -> apiservice -> run ( 'PUT' , $this -> getParameter ( 'hydraLoginchallengeaccept' ) . $request -> getSession () -> get ( 'hydraChallenge' ), [ 'subject' => $email , 'acr' => 'string' ]);
if ( ! $response || '200' != $response -> code ) {
2022-08-27 18:24:56 +02:00
throw new BadRequestException ( 'login accept invalide' );
2022-09-23 16:14:15 +02:00
}
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$datas = [
'username' => $username ,
'email' => $email ,
'firstname' => $firstname ,
'lastname' => $lastname ,
2022-08-27 18:24:56 +02:00
];
2022-09-23 16:14:15 +02:00
$request -> getSession () -> set ( 'datas' , $datas );
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$redirect = $response -> body -> redirect_to ;
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
return $this -> redirect ( $redirect , 301 );
2022-08-27 18:24:56 +02:00
}
public function consent ( Request $request )
{
$challenge = $request -> query -> get ( 'consent_challenge' );
if ( ! $challenge ) {
throw new BadRequestException ( " Le challenge n'est pas disponible " );
}
// On vérifie que la requête d'identification provient bien de hydra
2022-09-23 16:14:15 +02:00
$response = $this -> apiservice -> run ( 'GET' , $this -> getParameter ( 'hydraConsentchallenge' ) . $challenge , null );
if ( ! $response ) {
2022-08-27 18:24:56 +02:00
throw new BadRequestException ( 'challenge invalide' );
2022-09-23 16:14:15 +02:00
}
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$response = $this -> apiservice -> run ( 'PUT' , $this -> getParameter ( 'hydraConsentchallengeaccept' ) . $challenge , [
2022-08-27 18:24:56 +02:00
'grant_scope' => [ 'openid' , 'offline_access' ],
2022-09-23 16:14:15 +02:00
'session' => [ 'id_token' => $request -> getSession () -> get ( 'datas' )],
2022-08-27 18:24:56 +02:00
]);
2022-09-23 16:14:15 +02:00
if ( ! $response ) {
2022-08-27 18:24:56 +02:00
throw new BadRequestException ( 'challenge not accept' );
2022-09-23 16:14:15 +02:00
}
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
$redirect = $response -> body -> redirect_to ;
2022-08-27 18:24:56 +02:00
2022-09-23 16:14:15 +02:00
return $this -> redirect ( $redirect , 301 );
}
}