Cadoles/nineskeletor
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix(continuous-integration): correction php-cs-fixer
All checks were successful
Cadoles/nineskeletor/pipeline/pr-master This commit looks good
Details

Browse Source
This commit is contained in:
Arnaud Fornerot
2022-09-23 16:14:15 +02:00
parent 5f3cc51f5c
commit b78f54b76c
70 changed files with 5943 additions and 5549 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
src/Controller/HydraController.php
View File

@ -1,27 +1,24 @@
<?php
namespace App\Controller;
use App\Form\LoginType;
use App\Service\ApiService;
use App\Service\LdapService;
use App\Service\PasswordEncoder;
use Doctrine\Persistence\ManagerRegistry;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Doctrine\Persistence\ManagerRegistry;
use App\Service\ApiService;
use App\Service\PasswordEncoder;
use App\Service\LdapService;
use App\Form\LoginType;
class HydraController extends AbstractController
{
private $apiservice;
private $passwordencoder;
private $ldapservice;
public function __construct(ApiService $apiservice,LdapService $ldapservice,PasswordEncoder $passwordencoder)
public function __construct(ApiService $apiservice, LdapService $ldapservice, PasswordEncoder $passwordencoder)
{
$this->apiservice = $apiservice;
$this->passwordencoder = $passwordencoder;
@ -29,19 +26,19 @@ class HydraController extends AbstractController
}
public function loginsql(Request $request): Response
{
{
$challenge = $request->query->get('login_challenge');
// S'il n'y a pas de challenge, on déclenche une bad request
if (!$challenge) {
throw new BadRequestException('pas de challenge');
}
// On vérifie que la requête d'identification provient bien de hydra
$response = $this->apiservice->run("GET",$this->getParameter('hydraLoginchallenge').$challenge,null);
if(!$response)
$response = $this->apiservice->run('GET', $this->getParameter('hydraLoginchallenge').$challenge, null);
if (!$response) {
throw new BadRequestException('challenge invalide');
}
// si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
$request->getSession()->set('hydraChallenge', $challenge);
@ -51,60 +48,65 @@ class HydraController extends AbstractController
// Récupération des data du formulaire
$form->handleRequest($request);
// Affichage du formulaire
return $this->render("Home/loginHYDRA.html.twig", [
"useheader"=>false,
"usemenu"=>false,
"usesidebar"=>false,
"form"=>$form->createView(),
"mode"=>"SQL",
return $this->render('Home/loginHYDRA.html.twig', [
'useheader' => false,
'usemenu' => false,
'usesidebar' => false,
'form' => $form->createView(),
'mode' => 'SQL',
]);
}
public function checkloginsql(Request $request,ManagerRegistry $em) {
$username=$request->get('login')["username"];
$password=$request->get('login')["password"];
public function checkloginsql(Request $request, ManagerRegistry $em)
{
$username = $request->get('login')['username'];
$password = $request->get('login')['password'];
// user exist ?
$user=$em->getRepository("App\Entity\User")->findOneBy(["username"=>$username]);
if(!$user) return $this->redirect($this->generateUrl('app_hydra_loginsql',["login_challenge"=>$request->getSession()->get("hydraChallenge")]));
$user = $em->getRepository("App\Entity\User")->findOneBy(['username' => $username]);
if (!$user) {
return $this->redirect($this->generateUrl('app_hydra_loginsql', ['login_challenge' => $request->getSession()->get('hydraChallenge')]));
}
$islogin=$this->passwordencoder->verify($user->getPassword(),$password,$user->getSalt());
if(!$islogin) return $this->redirect($this->generateUrl('app_hydra_loginsql',["login_challenge"=>$request->getSession()->get("hydraChallenge")]));
$islogin = $this->passwordencoder->verify($user->getPassword(), $password, $user->getSalt());
if (!$islogin) {
return $this->redirect($this->generateUrl('app_hydra_loginsql', ['login_challenge' => $request->getSession()->get('hydraChallenge')]));
}
$response = $this->apiservice->run("PUT",$this->getParameter('hydraLoginchallengeaccept').$request->getSession()->get('hydraChallenge'),["subject"=>$user->getEmail(),"acr"=>"string"]);
if(!$response||$response->code!="200")
$response = $this->apiservice->run('PUT', $this->getParameter('hydraLoginchallengeaccept').$request->getSession()->get('hydraChallenge'), ['subject' => $user->getEmail(), 'acr' => 'string']);
if (!$response || '200' != $response->code) {
throw new BadRequestException('login accept invalide');
}
$datas=[
"username"=>$user->getUsername(),
"email"=>$user->getEmail(),
"firstname"=>$user->getFirstname(),
"lastname"=>$user->getLastname()
$datas = [
'username' => $user->getUsername(),
'email' => $user->getEmail(),
'firstname' => $user->getFirstname(),
'lastname' => $user->getLastname(),
];
$request->getSession()->set("datas",$datas);
$request->getSession()->set('datas', $datas);
$redirect = $response->body->redirect_to;
$redirect=$response->body->redirect_to;
return $this->redirect($redirect, 301);
}
public function loginldap(Request $request): Response
{
{
$challenge = $request->query->get('login_challenge');
// S'il n'y a pas de challenge, on déclenche une bad request
if (!$challenge) {
throw new BadRequestException('pas de challenge');
}
// On vérifie que la requête d'identification provient bien de hydra
$response = $this->apiservice->run("GET",$this->getParameter('hydraLoginchallenge').$challenge,null);
if(!$response)
$response = $this->apiservice->run('GET', $this->getParameter('hydraLoginchallenge').$challenge, null);
if (!$response) {
throw new BadRequestException('challenge invalide');
}
// si le challenge est validé par hydra, on le stocke en session pour l'utiliser par la suite et on redirige vers une route interne protégée qui va déclencher l'identification FranceConnect
$request->getSession()->set('hydraChallenge', $challenge);
@ -114,62 +116,66 @@ class HydraController extends AbstractController
// Récupération des data du formulaire
$form->handleRequest($request);
// Affichage du formulaire
return $this->render("Home/loginHYDRA.html.twig", [
"useheader"=>false,
"usemenu"=>false,
"usesidebar"=>false,
"form"=>$form->createView(),
"mode"=>"LDAP",
return $this->render('Home/loginHYDRA.html.twig', [
'useheader' => false,
'usemenu' => false,
'usesidebar' => false,
'form' => $form->createView(),
'mode' => 'LDAP',
]);
}
public function checkloginldap(Request $request,ManagerRegistry $em) {
$username=$request->get('login')["username"];
$password=$request->get('login')["password"];
public function checkloginldap(Request $request, ManagerRegistry $em)
{
$username = $request->get('login')['username'];
$password = $request->get('login')['password'];
// L'utilisateur se co à l'annuaire ?
$userldap=$this->ldapservice->userconnect($username,$password);
if(!$userldap)
return $this->redirect($this->generateUrl('app_hydra_loginldap',["login_challenge"=>$request->getSession()->get("hydraChallenge")]));
$userldap = $this->ldapservice->userconnect($username, $password);
if (!$userldap) {
return $this->redirect($this->generateUrl('app_hydra_loginldap', ['login_challenge' => $request->getSession()->get('hydraChallenge')]));
}
$userldap=$userldap[0];
$userldap = $userldap[0];
// Init
$email = "$username@nomail.fr";
$lastname = $username;
$firstname = " ";
$firstname = ' ';
// Rechercher l'utilisateur
if(isset($userldap[$this->getParameter('ldapFirstname')]))
if (isset($userldap[$this->getParameter('ldapFirstname')])) {
$firstname = $userldap[$this->getParameter('ldapFirstname')];
if(isset($userldap[$this->getParameter('ldapLastname')]))
}
if (isset($userldap[$this->getParameter('ldapLastname')])) {
$lastname = $userldap[$this->getParameter('ldapLastname')];
if(isset($userldap[$this->getParameter('ldapEmail')]))
}
if (isset($userldap[$this->getParameter('ldapEmail')])) {
$email = $userldap[$this->getParameter('ldapEmail')];
}
$response = $this->apiservice->run("PUT",$this->getParameter('hydraLoginchallengeaccept').$request->getSession()->get('hydraChallenge'),["subject"=>$email,"acr"=>"string"]);
if(!$response||$response->code!="200")
$response = $this->apiservice->run('PUT', $this->getParameter('hydraLoginchallengeaccept').$request->getSession()->get('hydraChallenge'), ['subject' => $email, 'acr' => 'string']);
if (!$response || '200' != $response->code) {
throw new BadRequestException('login accept invalide');
}
$datas=[
"username"=>$username,
"email"=>$email,
"firstname"=>$firstname,
"lastname"=>$lastname
$datas = [
'username' => $username,
'email' => $email,
'firstname' => $firstname,
'lastname' => $lastname,
];
$request->getSession()->set("datas",$datas);
$request->getSession()->set('datas', $datas);
$redirect = $response->body->redirect_to;
$redirect=$response->body->redirect_to;
return $this->redirect($redirect, 301);
}
public function consent(Request $request)
{
$challenge = $request->query->get('consent_challenge');
@ -178,20 +184,22 @@ class HydraController extends AbstractController
}
// On vérifie que la requête d'identification provient bien de hydra
$response = $this->apiservice->run("GET",$this->getParameter('hydraConsentchallenge').$challenge,null);
if(!$response)
$response = $this->apiservice->run('GET', $this->getParameter('hydraConsentchallenge').$challenge, null);
if (!$response) {
throw new BadRequestException('challenge invalide');
}
$response = $this->apiservice->run("PUT",$this->getParameter('hydraConsentchallengeaccept').$challenge,[
$response = $this->apiservice->run('PUT', $this->getParameter('hydraConsentchallengeaccept').$challenge, [
'grant_scope' => ['openid', 'offline_access'],
'session' => ['id_token' => $request->getSession()->get('datas')]
'session' => ['id_token' => $request->getSession()->get('datas')],
]);
if(!$response)
if (!$response) {
throw new BadRequestException('challenge not accept');
}
$redirect = $response->body->redirect_to;
$redirect=$response->body->redirect_to;
return $this->redirect($redirect, 301);
}
}
}
}