ninegitea/src/Controller/SecurityController.php

265 lines
9.6 KiB
PHP
Raw Normal View History

2021-07-20 13:04:47 +02:00
<?php
namespace App\Controller;
use App\Entity\User;
use App\Entity\Group;
use App\Service\ldapService as ldapService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Ramsey\Uuid\Uuid;
use App\Service\giteaService;
class SecurityController extends AbstractController
{
public function __construct(giteaService $giteaservice) { $this->giteaservice = $giteaservice; }
public function login(Request $request, AuthenticationUtils $authenticationUtils)
{
$auth_mode=$this->getParameter("appAuth");
switch($auth_mode) {
case "SQL":
return $this->loginMYSQL($request,$authenticationUtils);
break;
case "OAUTH":
return $this->loginOAUTH($request,$authenticationUtils);
break;
case "CAS":
return $this->loginCAS($request,$authenticationUtils);
break;
}
}
public function loginMYSQL(Request $request, AuthenticationUtils $authenticationUtils) {
return $this->render('Home/login.html.twig', array(
'last_username' => $authenticationUtils->getLastUsername(),
'error' => $authenticationUtils->getLastAuthenticationError(),
));
}
public function loginCAS(Request $request, AuthenticationUtils $authenticationUtils)
{
// Récupération de la cible de navigation
$redirect = $this->get('session')->get("_security.main.target_path");
// Init Client CAS
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('casHost'), intval($this->getParameter('casPort')), is_null($this->getParameter('casPath')) ? '' : $this->getParameter('casPath'), false);
\phpCAS::setNoCasServerValidation();
// Authentification
\phpCAS::forceAuthentication();
// Récupération UID
$username = \phpCAS::getUser();
// Récupération Attribut
$attributes = \phpCAS::getAttributes();
// Init
$email = "";
$lastname = "";
$firstname = "";
// Rechercher l'utilisateur
$em = $this->getDoctrine()->getManager();
if(isset($attributes[$this->getParameter('casUsername')]))
$username = $attributes[$this->getParameter('casUsername')];
if(isset($attributes[$this->getParameter('casEmail')]))
$email = $attributes[$this->getParameter('casEmail')];
if(isset($attributes[$this->getParameter('casLastname')]))
$lastname = $attributes[$this->getParameter('casLastname')];
if(isset($attributes[$this->getParameter('casFirstname')]))
$firstname = $attributes[$this->getParameter('casFirstname')];
$user = $em->getRepository('App:User')->findOneBy(array("username"=>$username));
$exists = $user ? true : false;
if (!$exists) {
if(empty($email)) $email = $username."@nomail.com";
$user = new User();
$key = Uuid::uuid4();
$user->setUsername($username);
$user->setLastname($lastname);
$user->setFirstname($firstname);
$user->setEmail($email);
$user->setApiKey($key);
$user->setPassword("CASPWD-".$username);
$user->setSalt("CASPWD-".$username);
$em->persist($user);
$em->flush();
}
else {
if(isset($lastname)) $user->setLastname($lastname);
if(isset($firstname)) $user->setFirstname($firstname);
if(isset($email)) $user->setEmail($email);
$em->persist($user);
$em->flush();
}
// Sauvegarde des attributes en session
$this->get('session')->set('attributes', $attributes);
// Autoconnexion
// Récupérer le token de l'utilisateur
$token = new UsernamePasswordToken($user, null, "main", $user->getRoles());
$this->get("security.token_storage")->setToken($token);
// Simuler l'evenement de connexion
$event = new InteractiveLoginEvent($request, $token);
$dispatcher = new EventDispatcher();
$dispatcher->dispatch($event);
// Redirection
if($redirect)
return $this->redirect($redirect);
else
return $this->redirect($this->generateUrl('app_home'));
}
public function loginOAUTH() {
/*
OAUTH_CLIENTID=
OAUTH_CLIENTSECRET=
OAUTH_LOGINURL=https://forge.cadoles.com/login/oauth/authorize
OAUTH_LOGOUTURL=https://forge.cadoles.com/user/logout
OAUTH_TOKENURL=https://forge.cadoles.com/login/oauth/access_token
*/
// https://[YOUR-GITEA-URL]/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI& response_type=code&state=STATE
$callback=$this->generateUrl('app_login_callback', array(), UrlGeneratorInterface::ABSOLUTE_URL);
$this->get('session')->set('giteacallback', $callback);
$url=$this->getParameter("oauthLoginurl")."?client_id=".$this->getParameter("oauthClientid")."&redirect_uri=".$callback."&response_type=code&state=STATE";
return $this->redirect($url);
}
public function callback(Request $request) {
$this->get('session')->set('giteacode', $request->get("code"));
$token=$this->giteaservice->gettoken();
// Rechercher l'utilisateur associé au token
$giteauser=$this->giteaservice->getuser();
if(!$giteauser) die("Problème d'accès avec GITEA - no user");
// Sauvegarde du user gitea en session
$this->get('session')->set('giteauser', json_decode(json_encode($giteauser), true));
// Recherche du user gitea dans ninegitea
$em = $this->getDoctrine()->getManager();
$user = $em->getRepository('App:User')->findOneBy(array("username"=>$giteauser->login));
$exists = $user ? true : false;
if (!$exists) {
if(empty($giteauser->email)) $email = $giteauser->login."@nomail.com";
$user = new User();
$key = Uuid::uuid4();
$user->setUsername($giteauser->login);
$user->setEmail($giteauser->email);
$user->setApiKey($key);
$user->setRoles(["ROLE_USER"]);
2023-12-22 13:53:10 +01:00
$user->setAvatar("noavatar.png");
2021-07-20 13:04:47 +02:00
$user->setPassword("OAUTH-".$giteauser->login);
$user->setSalt("OAUTH-".$giteauser->login);
if(in_array($giteauser->login,$this->getParameter("appAdmins")))
$user->setRoles(["ROLE_ADMIN"]);
$em->persist($user);
$em->flush();
}
else {
if(isset($email)) $user->setEmail($giteauser->email);
if(in_array($giteauser->login,$this->getParameter("appAdmins")))
$user->setRoles(["ROLE_ADMIN"]);
$em->persist($user);
$em->flush();
}
// Autoconnexion
// Récupérer le token de l'utilisateur
$token = new UsernamePasswordToken($user, null, "main", $user->getRoles());
$this->get("security.token_storage")->setToken($token);
// Simuler l'evenement de connexion
$event = new InteractiveLoginEvent($request, $token);
$dispatcher = new EventDispatcher();
$dispatcher->dispatch($event);
// Redirection
$redirect = $this->get('session')->get("_security.main.target_path");
if($redirect)
return $this->redirect($redirect);
else
return $this->redirect($this->generateUrl('app_home'));
}
public function logout() {
$auth_mode=$this->getParameter("appAuth");
switch($auth_mode) {
case "SQL":
return $this->logoutMYSQL();
break;
case "CAS":
return $this->logoutCAS();
break;
}
}
public function logoutMYSQL() {
$this->get('security.token_storage')->setToken(null);
$this->get('session')->invalidate();
return $this->redirect($this->generateUrl("app_home"));
}
public function logoutcas() {
$this->get('security.token_storage')->setToken(null);
$this->get('session')->invalidate();
// Init Client CAS
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('casHost'), intval($this->getParameter('casPort')), is_null($this->getParameter('casPath')) ? '' : $this->getParameter('casPath'), false);
\phpCAS::setNoCasServerValidation();
// Logout
$url=$this->generateUrl('app_home', array(), UrlGeneratorInterface::ABSOLUTE_URL);
\phpCAS::logout(array("service"=>$url));
return true;
}
public function casdebug() {
$attributes = $this->get('session')->get('attributes');
return $this->render('Home/casdebug.html.twig',[
"useheader" => true,
"usesidebar" => false,
"attributes" => $attributes,
]);
}
}