first commit

config/packages/framework.yaml

@@ -8,7 +8,9 @@ framework:
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
     session:
-        handler_id: null
+        handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler
+        save_path: '@Redis'        
+        gc_probability: null
         cookie_secure: auto
         cookie_samesite: lax
         storage_factory_id: session.storage.factory.native

config/packages/security.yaml

@@ -1,29 +1,44 @@
 security:
-    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
     password_hashers:
-        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
-    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
+        Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface:
+            id: 'App\Service\PasswordEncoder'
+
     providers:
-        users_in_memory: { memory: null }
+        main:
+            entity:
+                class: App\Entity\User
+                property: username
+
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
+
         main:
-            lazy: true
-            provider: users_in_memory
+            pattern:   ^/
+            provider:  main
+            context: maincontext
+            user_checker: App\Service\UserChecker
+            form_login:
+                login_path: app_login
+                check_path: app_login
+                default_target_path: app_home
+                use_referer: true
+                csrf_parameter: _csrf_security_token
+                csrf_token_id: a_private_string
 
-            # activate different ways to authenticate
-            # https://symfony.com/doc/current/security.html#the-firewall
+            logout:
+                invalidate_session: true
+                path: app_kill
+                target: app_home
 
-            # https://symfony.com/doc/current/security/impersonating_user.html
-            # switch_user: true
-
-    # Easy way to control access for large sections of your site
-    # Note: Only the *first* access control that matches will be used
     access_control:
-        # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
+        - { path: ^/all, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_MASTER, ROLE_MANAGER, ROLE_USER] }
+        - { path: ^/user, roles: [ROLE_USER] }
+        - { path: ^/manager, roles: [ROLE_MANAGER] }
+        - { path: ^/master, roles: [ROLE_MASTER] }
+        - { path: ^/modo, roles: [ROLE_MODO] }
+        - { path: ^/admin, roles: [ROLE_ADMIN] }
 
 when@test:
     security:

config/packages/twig.yaml

@@ -1,5 +1,9 @@
 twig:
     default_path: '%kernel.project_dir%/templates'
+    form_themes:
+        - 'Form/fields.html.twig'    
+    globals:
+      appMasteridentity: '%appMasteridentity%'
 
 when@test:
     twig:

config/routes.yaml

@@ -1,5 +1,44 @@
-controllers:
-    resource:
-        path: ../src/Controller/
-        namespace: App\Controller
-    type: attribute
+#== Home ========================================================================================================
+app_home:
+    path: /
+    controller: App\Controller\HomeController::home
+
+#== Security ====================================================================================================
+#-- Access public
+app_login:
+    path:   /login
+    controller: App\Controller\SecurityController::login
+
+app_loginldapcheck:
+    path:   /loginldapcheck
+    controller: App\Controller\SecurityController::loginldapcheck
+
+app_loginopenidcallback:
+    path:   /oauth2/callback
+    controller: App\Controller\SecurityController::loginopenidcallback
+
+app_logout:
+    path:   /logout
+    controller: App\Controller\SecurityController::logout    
+
+#== Hydra =======================================================================================================
+#-- Access public
+app_hydra_loginsql:
+    path: /hydra/loginsql
+    controller: App\Controller\HydraController::loginsql
+
+app_hydra_checkloginsql:
+    path: /hydra/checkloginsql
+    controller: App\Controller\HydraController::checkloginsql
+
+app_hydra_loginldap:
+    path: /hydra/loginldap
+    controller: App\Controller\HydraController::loginldap
+
+app_hydra_checkloginldap:
+    path: /hydra/checkloginldap
+    controller: App\Controller\HydraController::checkloginldap
+
+app_hydra_consent:
+    path: /hydra/consent
+    controller: App\Controller\HydraController::consent    

config/services.yaml

@@ -1,18 +1,82 @@
-# This file is the entry point to configure your own services.
-# Files in the packages/ subdirectory configure your dependencies.
-
-# Put parameters here that don't need to change on each machine where the app is deployed
-# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
 parameters:
+  app_env: '%env(resolve:APP_ENV)%'
+  appSecret: '%env(resolve:APP_SECRET)%'
+  appAuth: '%env(resolve:APP_AUTH)%'
+  appMasteridentity: '%env(resolve:APP_MASTERIDENTITY)%'
+  appSynchro: '%env(resolve:APP_SYNCHRO)%'
+
+  ldapHost: '%env(resolve:LDAP_HOST)%'
+  ldapPort: '%env(resolve:LDAP_PORT)%'
+  ldapUsetls: '%env(resolve:LDAP_USETLS)%'
+  ldapUserwriter: '%env(resolve:LDAP_USERWRITER)%'
+  ldapUser: '%env(resolve:LDAP_USER)%'
+  ldapPassword: '%env(resolve:LDAP_PASSWORD)%'
+  ldapBasedn: '%env(resolve:LDAP_BASEDN)%'
+  ldapBaseorganisation: '%env(resolve:LDAP_BASEORGANISATION)%'
+  ldapBaseniveau01: '%env(resolve:LDAP_BASENIVEAU01)%'
+  ldapBaseniveau02: '%env(resolve:LDAP_BASENIVEAU02)%'
+  ldapBaseniveau03: '%env(resolve:LDAP_BASENIVEAU03)%'
+  ldapBaseniveau04: '%env(resolve:LDAP_BASENIVEAU04)%'
+  ldapBasegroup: '%env(resolve:LDAP_BASEGROUP)%'
+  ldapBaseuser: '%env(resolve:LDAP_BASEUSER)%'
+  ldapUsername: '%env(resolve:LDAP_USERNAME)%'
+  ldapFirstname: '%env(resolve:LDAP_FIRSTNAME)%'
+  ldapLastname: '%env(resolve:LDAP_LASTNAME)%'
+  ldapEmail: '%env(resolve:LDAP_EMAIL)%'
+  ldapAvatar: '%env(resolve:LDAP_AVATAR)%'
+  ldapMemberof: '%env(resolve:LDAP_MEMBEROF)%'
+  ldapGroupgid: '%env(resolve:LDAP_GROUPGID)%'
+  ldapGroupname: '%env(resolve:LDAP_GROUPNAME)%'
+  ldapGroupmember: '%env(resolve:LDAP_GROUPMEMBER)%'
+  ldapGroupmemberisdn: '%env(resolve:LDAP_GROUPMEMBERISDN)%'
+  ldapFiltergroup: '%env(resolve:LDAP_FILTERGROUP)%'
+  ldapFilteruser: '%env(resolve:LDAP_FILTERUSER)%'  
+  ldapAutosubmit: '%env(resolve:LDAP_AUTOSUBMIT)%'  
+  ldapAutoupdate: '%env(resolve:LDAP_AUTOUPDATE)%'  
+
+  casHost: '%env(resolve:CAS_HOST)%'
+  casPort: '%env(resolve:CAS_PORT)%'
+  casPath: '%env(resolve:CAS_PATH)%'
+  casUsername: '%env(resolve:CAS_USERNAME)%'
+  casEmail: '%env(resolve:CAS_EMAIL)%'
+  casLastname: '%env(resolve:CAS_LASTNAME)%'
+  casFirstname: '%env(resolve:CAS_FIRSTNAME)%'
+  casAvatar: '%env(resolve:CAS_AVATAR)%'
+  casNiveau01: '%env(resolve:CAS_NIVEAU01)%'
+  casGroup: '%env(resolve:CAS_GROUP)%'
+  casAutosubmit: '%env(resolve:CAS_AUTOSUBMIT)%'  
+  casAutoupdate: '%env(resolve:CAS_AUTOUPDATE)%'  
+
+  oauthClientid: '%env(resolve:OAUTH_CLIENTID)%'
+  oauthClientsecret: '%env(resolve:OAUTH_CLIENTSECRET)%'
+  oauthLoginurl: '%env(resolve:OAUTH_LOGINURL)%'
+  oauthLogouturl: '%env(resolve:OAUTH_LOGOUTURL)%'
+  oauthTokenurl: '%env(resolve:OAUTH_TOKENURL)%'
+  oauthUserinfo: '%env(resolve:OAUTH_USERINFO)%'
+  oauthUsername: '%env(resolve:OAUTH_USERNAME)%'
+  oauthEmail: '%env(resolve:OAUTH_EMAIL)%'
+  oauthLastname: '%env(resolve:OAUTH_LASTNAME)%'
+  oauthFirstname: '%env(resolve:OAUTH_FIRSTNAME)%'
+  oauthAvatar: '%env(resolve:OAUTH_AVATAR)%'
+  oauthNiveau01: '%env(resolve:OAUTH_NIVEAU01)%'
+  oauthGroup: '%env(resolve:OAUTH_GROUP)%'
+  oauthAutosubmit: '%env(resolve:OAUTH_AUTOSUBMIT)%'  
+  oauthAutoupdate: '%env(resolve:OAUTH_AUTOUPDATE)%' 
+  
+  proxyUse: '%env(resolve:PROXY_USE)%'
+  proxyHost: '%env(resolve:PROXY_HOST)%'
+  proxyPort: '%env(resolve:PROXY_PORT)%'
+
+  hydraLoginchallenge: '%env(resolve:HYDRA_LOGINCHALLENGE)%'
+  hydraLoginchallengeaccept: '%env(resolve:HYDRA_LOGINCHALLENGEACCEPT)%'
+  hydraConsentchallenge: '%env(resolve:HYDRA_CONSENTCHALLENGE)%'
+  hydraConsentchallengeaccept: '%env(resolve:HYDRA_CONSENTCHALLENGEACCEPT)%'
 
 services:
-    # default configuration for services in *this* file
     _defaults:
         autowire: true      # Automatically injects dependencies in your services.
         autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
 
-    # makes classes in src/ available to be used as services
-    # this creates a service per class whose id is the fully-qualified class name
     App\:
         resource: '../src/'
         exclude:
@@ -20,5 +84,36 @@ services:
             - '../src/Entity/'
             - '../src/Kernel.php'
 
-    # add more service definitions when explicit configuration is needed
-    # please note that last definitions always *replace* previous ones
+    Redis:
+        class: Predis\Client
+        arguments:
+            - 
+                - 
+                  scheme: 'tcp'
+                  host: '%env(resolve:REDIS_HOST)%'
+                  port: '%env(resolve:REDIS_PORT)%'
+            -
+              replication: 'sentinel'
+              service: '%env(resolve:REDIS_SERVICE)%' 
+              connection_timeout: 100
+              read_write_timeout: 300
+
+    Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler:
+        arguments:
+            - '@Redis'
+            
+    App\Entity\User:
+        public: true
+        arguments: ['@security.password_hasher']
+
+    App\Command\InitCommand:
+        public: true
+        arguments: ['@service_container','@doctrine.orm.entity_manager']
+    
+    App\Service\ApiService:
+        public: true
+
+    App\Service\LdapService:
+        public: true
+        arguments: ["@service_container"]
+