diff --git a/Caddyfile b/Caddyfile
index e26631a..c364b53 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,15 +1,11 @@
:80 {
- # Force HTTP, désactive auto-HTTPS
+ # Force HTTP pour le développement
http://localhost {
+ root * /app/public
php_server
- route {
- file_server
- @php path *.php /index.php
- php_fastcgi @php unix//run/php/php-fpm.sock
- }
+ encode gzip
log {
output stdout
}
- encode gzip
}
}
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index a74be25..8c29b52 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,6 +4,8 @@ RUN apt-get update && apt-get install -y \
unzip \
&& rm -rf /var/lib/apt/lists/*
+RUN cp $PHP_INI_DIR/php.ini-development ./php.ini
+
# Installe Composer
COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer
# Installe les extensions PHP nécessaires pour Symfony (pdo_mysql par exemple, si tu utilises MySQL)
diff --git a/src/Controller/MainController.php b/src/Controller/MainController.php
index a3cce21..73f13dc 100644
--- a/src/Controller/MainController.php
+++ b/src/Controller/MainController.php
@@ -4,11 +4,14 @@ namespace App\Controller;
use App\Form\CodeType;
use App\Hydra\Client;
+use App\Hydra\HydraService;
use App\Service\CodeService;
use App\Service\CookieService;
use App\Service\DeviceService;
use App\Service\MailerService;
+use Psr\Log\LoggerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpClient\Exception\ClientException;
use Symfony\Component\HttpFoundation\Cookie;
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
use Symfony\Component\HttpFoundation\RedirectResponse;
@@ -17,6 +20,7 @@ use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\Mime\Email;
use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
class MainController extends AbstractController
{
@@ -24,7 +28,9 @@ class MainController extends AbstractController
private readonly CodeService $codeService,
private readonly Client $client,
private readonly CookieService $cookieService,
- private readonly MailerService $mailer
+ private readonly MailerService $mailer,
+ private readonly UrlGeneratorInterface $router,
+ private readonly HydraService $hydraService
){
@@ -34,13 +40,12 @@ class MainController extends AbstractController
{
return new Response('Hello world
');
}
- #[Route('/2fa', name: 'app_2fa')]
- public function doubleFacteur(Request $request): Response
+ #[Route('/2fa', name: 'app_2fa', methods: ['GET', 'POST'])]
+ public function doubleFacteur(Request $request, LoggerInterface $logger): Response
{
$loginChallenge = $request->query->get('loginchallenge');
$identifier = $request->query->get('identifier');
$res = $this->client->fetchLoginRequestInfo($loginChallenge);
- $loginRequestInfo = $res->toArray();
if (200 !== $res->getStatusCode()) {
throw new BadRequestException();
}
@@ -50,7 +55,8 @@ class MainController extends AbstractController
'subject' => $identifier,
'remember' => true,
])->toArray();
-
+ // dd($loginAcceptRes);
+
return new RedirectResponse($loginAcceptRes['redirect_to']);
}
@@ -62,22 +68,28 @@ class MainController extends AbstractController
if ($form->isSubmitted() && $form->isValid()){
$cookie = null;
- if($form->get('remember_device')){
+ if($form->get('remember_device')->getData()){
$cookie = $this->cookieService->createCookie($identifier);
}
+ try{
- $loginAcceptRes = $this->client->acceptLoginRequest($loginChallenge, [
- 'subject' => $identifier,
- 'remember' => true,
- ])->toArray();
+ $loginAcceptRes = $this->client->acceptLoginRequest($loginChallenge, [
+ 'subject' => $identifier,
+ 'remember' => true,
+ ])->toArray();
+ }catch(ClientException $e){
+ dump($e);
+ }
-
- dump($loginAcceptRes);
$response = new RedirectResponse($loginAcceptRes['redirect_to']);
-
- null !== $cookie ?: $response->headers->setCookie($cookie);
+ if ($cookie !== null) {
+ $response->headers->setCookie($cookie);
+ }
+
+
return $response;
}
+ dump('here');
return $this->render('base.html.twig', [
'form'=>$form
]);
diff --git a/src/Form/CodeType.php b/src/Form/CodeType.php
index c75e535..2766858 100644
--- a/src/Form/CodeType.php
+++ b/src/Form/CodeType.php
@@ -26,7 +26,7 @@ class CodeType extends AbstractType
],
])
->add('remember_device', CheckboxType::class, [
- 'label'=>('Se souvenir de cet ordinateur'),
+ 'label'=>'Se souvenir de cet ordinateur',
'required'=> false,
'mapped'=>false,
])
diff --git a/src/Hydra/HydraService.php b/src/Hydra/HydraService.php
index 79c7540..252e452 100644
--- a/src/Hydra/HydraService.php
+++ b/src/Hydra/HydraService.php
@@ -52,10 +52,7 @@ class HydraService extends AbstractController
}
$consentRequestInfo = $this->client->fetchConsentRequestInfo($challenge)->toArray();
- $user = $this->getUser();
- if (!$user instanceof User) {
- throw new AccessDeniedException('Utilisateur non autorisé.');
- }
+
$consentAcceptResponse = $this->client->acceptConsentRequest($consentRequestInfo['challenge'], [
'grant_scope' => $consentRequestInfo['requested_scope'],
'session' => [
@@ -63,6 +60,7 @@ class HydraService extends AbstractController
],
])->toArray();
+ dd(vars: $consentAcceptResponse);
return new RedirectResponse($consentAcceptResponse['redirect_to']);
}
diff --git a/src/Service/CookieService.php b/src/Service/CookieService.php
index 9bd1141..e1fed2c 100644
--- a/src/Service/CookieService.php
+++ b/src/Service/CookieService.php
@@ -11,30 +11,33 @@ class CookieService
public function __construct(
private readonly ParameterBagInterface $params
){}
- private const COOKIE_2FA = 'user_info-2fa';
+ private const COOKIE_2FA = 'remember_2fa';
public function isValid(Request $request, string $login): bool
{
$cookieValue = $request->cookies->get(self::COOKIE_2FA);
if(!$cookieValue){
+
return false;
}
+
[$encodedData, $signature] = explode('.', $cookieValue);
$dataJson = base64_decode($encodedData);
$secret = $this->params->get('kernel.secret');
if (hash_hmac('sha256', $dataJson, $secret) !== $signature) {
- return false; // Signature invalide
+ return false;
}
$data = json_decode($dataJson, true);
if (!$data || $data['login'] !== $login) {
- return false; // Login non correspondant
+ return false;
}
- // Recalculer la validité avec la durée paramétrable actuelle
- $duration = new \DateInterval($this->params->get('app.2fa_remember_duration')); // ex. P30D
- $expirationTime = $data['created_at'] + $duration->format('%s'); // Convertir en secondes
+ $duration = new \DateInterval($this->params->get('app.2fa_remember_duration'));
+ $createdAt = (new \DateTimeImmutable())->setTimestamp($data['created_at']);
+ $expirationTime = $createdAt->add($duration)->getTimestamp();
+
if (time() > $expirationTime) {
- return false; // Expiré selon la durée actuelle
+ return false;
}
return true;
@@ -63,7 +66,7 @@ class CookieService
->withSecure($this->params->get('kernel.environment') === 'prod')
->withHttpOnly(true)
->withSameSite('Lax')
- ->withPath('/hydra-otp')
+ ->withPath('/')
;
}
}
\ No newline at end of file
diff --git a/templates/base.html.twig b/templates/base.html.twig
index 2c70eee..961b2c8 100644
--- a/templates/base.html.twig
+++ b/templates/base.html.twig
@@ -7,9 +7,6 @@
{% block stylesheets %}
{% endblock %}
- {% block javascripts %}
- {% block importmap %}{{ importmap('app') }}{% endblock %}
- {% endblock %}