262 lines
9.4 KiB
PHP
Executable File
262 lines
9.4 KiB
PHP
Executable File
<?php
|
|
|
|
namespace App\Controller;
|
|
|
|
use App\Entity\User;
|
|
use App\Entity\Group;
|
|
use App\Service\ldapService as ldapService;
|
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
|
|
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
|
|
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
|
|
use Symfony\Component\EventDispatcher\EventDispatcher;
|
|
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
|
use Ramsey\Uuid\Uuid;
|
|
use App\Service\giteaService;
|
|
|
|
class SecurityController extends AbstractController
|
|
{
|
|
public function __construct(giteaService $giteaservice) { $this->giteaservice = $giteaservice; }
|
|
|
|
public function login(Request $request, AuthenticationUtils $authenticationUtils)
|
|
{
|
|
|
|
$auth_mode=$this->getParameter("appAuth");
|
|
switch($auth_mode) {
|
|
case "SQL":
|
|
return $this->loginMYSQL($request,$authenticationUtils);
|
|
break;
|
|
|
|
case "OAUTH":
|
|
return $this->loginOAUTH($request,$authenticationUtils);
|
|
break;
|
|
|
|
case "CAS":
|
|
return $this->loginCAS($request,$authenticationUtils);
|
|
break;
|
|
}
|
|
}
|
|
|
|
public function loginMYSQL(Request $request, AuthenticationUtils $authenticationUtils) {
|
|
return $this->render('Home/login.html.twig', array(
|
|
'last_username' => $authenticationUtils->getLastUsername(),
|
|
'error' => $authenticationUtils->getLastAuthenticationError(),
|
|
));
|
|
|
|
}
|
|
|
|
public function loginCAS(Request $request, AuthenticationUtils $authenticationUtils)
|
|
{
|
|
// Récupération de la cible de navigation
|
|
$redirect = $this->get('session')->get("_security.main.target_path");
|
|
|
|
// Init Client CAS
|
|
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('casHost'), intval($this->getParameter('casPort')), is_null($this->getParameter('casPath')) ? '' : $this->getParameter('casPath'), false);
|
|
\phpCAS::setNoCasServerValidation();
|
|
|
|
|
|
// Authentification
|
|
\phpCAS::forceAuthentication();
|
|
|
|
// Récupération UID
|
|
$username = \phpCAS::getUser();
|
|
|
|
// Récupération Attribut
|
|
$attributes = \phpCAS::getAttributes();
|
|
|
|
// Init
|
|
$email = "";
|
|
$lastname = "";
|
|
$firstname = "";
|
|
|
|
// Rechercher l'utilisateur
|
|
$em = $this->getDoctrine()->getManager();
|
|
if(isset($attributes[$this->getParameter('casUsername')]))
|
|
$username = $attributes[$this->getParameter('casUsername')];
|
|
|
|
if(isset($attributes[$this->getParameter('casEmail')]))
|
|
$email = $attributes[$this->getParameter('casEmail')];
|
|
|
|
if(isset($attributes[$this->getParameter('casLastname')]))
|
|
$lastname = $attributes[$this->getParameter('casLastname')];
|
|
|
|
if(isset($attributes[$this->getParameter('casFirstname')]))
|
|
$firstname = $attributes[$this->getParameter('casFirstname')];
|
|
|
|
$user = $em->getRepository('App:User')->findOneBy(array("username"=>$username));
|
|
$exists = $user ? true : false;
|
|
|
|
if (!$exists) {
|
|
if(empty($email)) $email = $username."@nomail.com";
|
|
|
|
$user = new User();
|
|
$key = Uuid::uuid4();
|
|
|
|
$user->setUsername($username);
|
|
$user->setLastname($lastname);
|
|
$user->setFirstname($firstname);
|
|
$user->setEmail($email);
|
|
$user->setApiKey($key);
|
|
|
|
$user->setPassword("CASPWD-".$username);
|
|
$user->setSalt("CASPWD-".$username);
|
|
|
|
$em->persist($user);
|
|
$em->flush();
|
|
}
|
|
else {
|
|
if(isset($lastname)) $user->setLastname($lastname);
|
|
if(isset($firstname)) $user->setFirstname($firstname);
|
|
if(isset($email)) $user->setEmail($email);
|
|
|
|
$em->persist($user);
|
|
$em->flush();
|
|
}
|
|
|
|
// Sauvegarde des attributes en session
|
|
$this->get('session')->set('attributes', $attributes);
|
|
|
|
// Autoconnexion
|
|
// Récupérer le token de l'utilisateur
|
|
$token = new UsernamePasswordToken($user, null, "main", $user->getRoles());
|
|
$this->get("security.token_storage")->setToken($token);
|
|
|
|
// Simuler l'evenement de connexion
|
|
$event = new InteractiveLoginEvent($request, $token);
|
|
$dispatcher = new EventDispatcher();
|
|
$dispatcher->dispatch($event);
|
|
|
|
// Redirection
|
|
if($redirect)
|
|
return $this->redirect($redirect);
|
|
else
|
|
return $this->redirect($this->generateUrl('app_home'));
|
|
}
|
|
|
|
public function loginOAUTH() {
|
|
$callback=$this->generateUrl('app_login_callback', array(), UrlGeneratorInterface::ABSOLUTE_URL);
|
|
$callback=str_replace("http://",$this->getParameter("appProtocol")."://",$callback);
|
|
$this->get('session')->set('giteacallback', $callback);
|
|
$url=$this->getParameter("oauthLoginurl")."?client_id=".$this->getParameter("oauthClientid")."&redirect_uri=".$callback."&response_type=code&state=STATE";
|
|
return $this->redirect($url);
|
|
}
|
|
|
|
public function callback(Request $request) {
|
|
$this->get('session')->set('giteacode', $request->get("code"));
|
|
$token=$this->giteaservice->gettoken();
|
|
|
|
// Rechercher l'utilisateur associé au token
|
|
$giteauser=$this->giteaservice->getuser();
|
|
if(!$giteauser) die("Problème d'accès avec GITEA - no user");
|
|
|
|
// Sauvegarde du user gitea en session
|
|
$this->get('session')->set('giteauser', json_decode(json_encode($giteauser), true));
|
|
|
|
// Recherche du user gitea dans ninegitea
|
|
$em = $this->getDoctrine()->getManager();
|
|
$user = $em->getRepository('App:User')->findOneBy(array("username"=>$giteauser->login));
|
|
$exists = $user ? true : false;
|
|
|
|
if (!$exists) {
|
|
if(empty($giteauser->email)) $email = $giteauser->login."@nomail.com";
|
|
|
|
$user = new User();
|
|
$key = Uuid::uuid4();
|
|
|
|
$user->setUsername($giteauser->login);
|
|
$user->setEmail($giteauser->email);
|
|
$user->setApiKey($key);
|
|
$user->setRoles(["ROLE_USER"]);
|
|
$user->setAvatar("noavatar.png");
|
|
|
|
$user->setPassword("OAUTH-".$giteauser->login);
|
|
$user->setSalt("OAUTH-".$giteauser->login);
|
|
|
|
if(in_array($giteauser->login,$this->getParameter("appAdmins")))
|
|
$user->setRoles(["ROLE_ADMIN"]);
|
|
|
|
$em->persist($user);
|
|
$em->flush();
|
|
}
|
|
else {
|
|
if(isset($email)) $user->setEmail($giteauser->email);
|
|
if(in_array($giteauser->login,$this->getParameter("appAdmins")))
|
|
$user->setRoles(["ROLE_ADMIN"]);
|
|
|
|
$em->persist($user);
|
|
$em->flush();
|
|
}
|
|
|
|
// Autoconnexion
|
|
// Récupérer le token de l'utilisateur
|
|
$token = new UsernamePasswordToken($user, null, "main", $user->getRoles());
|
|
$this->get("security.token_storage")->setToken($token);
|
|
|
|
// Simuler l'evenement de connexion
|
|
$event = new InteractiveLoginEvent($request, $token);
|
|
$dispatcher = new EventDispatcher();
|
|
$dispatcher->dispatch($event);
|
|
|
|
// Redirection
|
|
$redirect = $this->get('session')->get("_security.main.target_path");
|
|
if($redirect) {
|
|
$redirect=str_replace("http://",$this->getParameter("appProtocol")."://",$redirect);
|
|
|
|
}
|
|
else {
|
|
$redirect=$this->generateUrl('app_home');
|
|
$redirect=str_replace("http://",$this->getParameter("appProtocol")."://",$redirect);
|
|
}
|
|
return $this->redirect($redirect);
|
|
|
|
}
|
|
|
|
public function logout() {
|
|
$auth_mode=$this->getParameter("appAuth");
|
|
switch($auth_mode) {
|
|
case "SQL":
|
|
return $this->logoutMYSQL();
|
|
break;
|
|
|
|
case "CAS":
|
|
return $this->logoutCAS();
|
|
break;
|
|
}
|
|
|
|
}
|
|
|
|
public function logoutMYSQL() {
|
|
$this->get('security.token_storage')->setToken(null);
|
|
$this->get('session')->invalidate();
|
|
|
|
return $this->redirect($this->generateUrl("app_home"));
|
|
}
|
|
|
|
public function logoutcas() {
|
|
$this->get('security.token_storage')->setToken(null);
|
|
$this->get('session')->invalidate();
|
|
|
|
// Init Client CAS
|
|
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('casHost'), intval($this->getParameter('casPort')), is_null($this->getParameter('casPath')) ? '' : $this->getParameter('casPath'), false);
|
|
\phpCAS::setNoCasServerValidation();
|
|
|
|
|
|
// Logout
|
|
$url=$this->generateUrl('app_home', array(), UrlGeneratorInterface::ABSOLUTE_URL);
|
|
\phpCAS::logout(array("service"=>$url));
|
|
|
|
return true;
|
|
}
|
|
|
|
public function casdebug() {
|
|
$attributes = $this->get('session')->get('attributes');
|
|
|
|
return $this->render('Home/casdebug.html.twig',[
|
|
"useheader" => true,
|
|
"usesidebar" => false,
|
|
"attributes" => $attributes,
|
|
]);
|
|
}
|
|
}
|