src/Controller/SecurityController.php line 140

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Constants\Setting;
  6. use App\Constants\Setting as SettingConst;
  7. use App\Constants\Modules;
  8. use App\Constants\Synchronisation;
  9. use App\Constants\Sso;
  10. use App\Entity\User;
  11. use App\Exception\EncryptionException;
  12. use App\Factory\Security\SecurityFormFactory;
  13. use App\Form\Type\LoginType;
  14. use App\Services\Common\ModuleSettingService;
  15. use App\Services\Common\SettingService;
  16. use App\Services\Common\User\WorkflowUser;
  17. use App\Services\Common\UserService;
  18. use App\Services\DTV\YamlConfig\YamlReader;
  19. use App\Services\Security\EncryptionManager;
  20. use App\Services\Security\RegisterService;
  21. use DateTime;
  22. use Doctrine\ORM\EntityManagerInterface;
  23. use Exception;
  24. use LogicException;
  25. use Psr\Container\ContainerExceptionInterface;
  26. use Psr\Container\NotFoundExceptionInterface;
  27. use Psr\Log\LoggerInterface;
  28. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  29. use Symfony\Component\HttpFoundation\RedirectResponse;
  30. use Symfony\Component\HttpFoundation\Request;
  31. use Symfony\Component\HttpFoundation\Response;
  32. use Symfony\Component\Routing\Annotation\Route;
  33. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  34. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  35. use Symfony\Component\Translation\TranslatableMessage;
  36. use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
  37. use SymfonyCasts\Bundle\ResetPassword\Exception\ResetPasswordExceptionInterface;
  39. /**
  40. * Controller qui gère la sécurité
  41. */
  42. class SecurityController extends AbstractController
  43. {
  44. private YamlReader $yamlReader;
  45. private SecurityFormFactory $formFactory;
  46. private SettingService $settingService;
  47. private EntityManagerInterface $em;
  48. private RegisterService $registerService;
  49. private EncryptionManager $encryptionManager;
  50. private WorkflowUser $workflowUser;
  51. private LoggerInterface $logger;
  52. private string $env;
  53. private UserService $userService;
  54. private ModuleSettingService $moduleSettingService;
  56. public function __construct(
  57. YamlReader $yamlReader,
  58. SecurityFormFactory $formFactory,
  59. SettingService $settingService,
  60. EntityManagerInterface $em,
  61. RegisterService $registerService,
  62. EncryptionManager $encryptionManager,
  63. WorkflowUser $workflowUser,
  64. LoggerInterface $logger,
  65. string $env,
  66. UserService $userService,
  67. ModuleSettingService $moduleSettingService
  68. ) {
  69. $this->yamlReader = $yamlReader;
  70. $this->formFactory = $formFactory;
  71. $this->settingService = $settingService;
  72. $this->em = $em;
  73. $this->registerService = $registerService;
  74. $this->encryptionManager = $encryptionManager;
  75. $this->workflowUser = $workflowUser;
  76. $this->logger = $logger;
  77. $this->env = $env;
  78. $this->userService = $userService;
  79. $this->moduleSettingService = $moduleSettingService;
  80. }
  82. /**
  83. * Formulaire de connexion
  84. *
  85. * @Route("/login", name="app_login")
  86. *
  87. * @param AuthenticationUtils $authenticationUtils
  88. * @param Request $request
  89. *
  90. * @return Response
  91. *
  92. * @throws EncryptionException
  93. * @throws ResetPasswordExceptionInterface
  94. * @throws TransportExceptionInterface
  95. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  96. */
  97. public function login(AuthenticationUtils $authenticationUtils, Request $request): Response
  98. {
  99. if ($this->getUser() instanceof User || $request->query->has('q') || $request->query->has(Synchronisation::LOGIN_SKIP_QUERY_PARAMETER)) {
  100. return $this->processLogin($authenticationUtils, $request);
  101. }
  103. if ($this->shouldStartSynchronizationOnLogin($request)) {
  104. return new RedirectResponse($this->generateUrl('synchronisation_start'));
  105. }
  107. return $this->processLogin($authenticationUtils, $request);
  108. }
  110. /**
  111. * Formulaire de connexion secondaire
  112. *
  113. * @Route("/login-admin", name="app_login_admin")
  114. *
  115. * @param AuthenticationUtils $authenticationUtils
  116. * @param Request $request
  117. *
  118. * @return Response
  119. * @throws EncryptionException
  120. * @throws ResetPasswordExceptionInterface
  121. * @throws TransportExceptionInterface
  122. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  123. */
  124. public function loginAdmin(AuthenticationUtils $authenticationUtils, Request $request): Response
  125. {
  126. if ($this->settingService->isExist(Setting::SSO_SETTINGS) && $this->moduleSettingService->isModuleActive(Modules::SSO_CONNECTION)) {
  127. return $this->processLogin($authenticationUtils, $request, 'security/login_admin.html.twig');
  128. }
  130. throw $this->createNotFoundException();
  131. }
  133. /**
  134. * @throws TransportExceptionInterface
  135. * @throws ResetPasswordExceptionInterface
  136. * @throws \Symfony\Component\Mailer\Exception\TransportExceptionInterface
  137. * @throws EncryptionException
  138. * @throws Exception
  139. */
  140. protected function processLogin(
  141. AuthenticationUtils $authenticationUtils,
  142. Request $request,
  143. ?string $twigPath = null
  144. ): Response {
  145. // On gère ici si on est sur un Portail/enfant
  146. $setting = $this->settingService->getSettingFromName(SettingConst::PORTAL_CHILDREN);
  147. $values = $setting !== null ? json_decode($setting->getValue(), true) : [];
  148. $hasParent = !empty($values['parent_url']);
  150. if ($hasParent) {
  151. $header = $request->headers;
  153. if ($header->has('q') || $request->query->get('q')) {
  154. $q = base64_decode($header->get('q') ?? $request->query->get('q'));
  156. try {
  157. $q = $this->encryptionManager->decrypt($q);
  158. } catch (Exception $e) {
  159. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  160. $this->logger->error(
  161. 'Erreur lors du décryptage du token de connexion',
  162. ['error' => $e->getMessage()]
  163. );
  164. return $this->redirectToRoute('app_login', $request->query->has(Synchronisation::LOGIN_SKIP_QUERY_PARAMETER) ? [Synchronisation::LOGIN_SKIP_QUERY_PARAMETER => 1] : []);
  165. }
  167. $q = json_decode($q, true);
  169. $user = $this->em->getRepository(User::class)->findOneByEmailOrExtension([
  170. 'email' => $q['email'],
  171. 'extension1' => $q['extension1'],
  172. 'extension2' => $q['extension2'],
  173. ]);
  175. if ($user instanceof User) {
  176. if ($q['email'] !== $user->getEmail()) {
  177. $user
  178. ->setEmail($q['email'])
  179. ->setFirstname($q['firstName'])
  180. ->setLastname($q['lastName'])
  181. ->setRoles($q['roles']);
  183. $this->registerService->registerReplaceFakeUserBySellerCode($user, $q['extension1'], true);
  184. }
  186. // Gestion du cas où l'utilisateur existe en BDD (pas en fakeUser) mais ne s'est pas encore connecté à la plateforme
  187. if ($q['cguAt'] !== null && $user->getStatus() === 'cgu_pending') {
  188. $this->workflowUser->acceptCGU($user);
  189. $user->setCguAt(new DateTime($q['cguAt']));
  190. $this->em->flush();
  191. }
  193. // Créer un token de connexion
  194. $token = new UsernamePasswordToken($user, 'app', $user->getRoles());
  196. // Stocker le token dans le token storage
  197. try {
  198. $this->container->get('security.token_storage')->setToken($token);
  199. } catch (NotFoundExceptionInterface|ContainerExceptionInterface $e) {
  200. $this->addFlash('danger', 'Un problème est survenu lors de la connexion');
  201. $this->logger->error(
  202. 'Erreur lors de la récupération du token storage',
  203. ['error' => $e->getMessage()]
  204. );
  206. return $this->redirectToRoute('front_homepage');
  207. }
  208. } else {
  209. // on delog l'user
  210. $this->get('security.token_storage')->setToken(null);
  211. $this->logger->info('L\'utilisateur n\'existe pas en BDD', ['email' => $q['email']]);
  212. $request->getSession()->invalidate();
  213. }
  214. }
  215. }
  217. if ($this->getUser()) {
  218. return $this->redirectToRoute('front_homepage');
  219. }
  221. $user = $this->userService->initUser();
  223. $config = $this->yamlReader->getFrontSecurity();
  224. $configLogin = $config['login'];
  226. $globalRegister = $this->yamlReader->getRegister();
  227. $globalRegisterEnabled = $globalRegister['enabled'];
  229. $configRegister = $configLogin['sections']['section_register'] ?? false;
  231. $hasFormRegister = false;
  232. $formRegister = false;
  234. if ($globalRegisterEnabled && is_array($configRegister) && $configRegister['enabled']) {
  235. // Création du formulaire d'inscription
  236. try {
  237. $formRegister = $this->formFactory->generateRegisterForm($user);
  238. $hasFormRegister = true;
  239. } catch (Exception $e) {
  240. throw $this->createNotFoundException($e->getMessage());
  241. }
  242. $formRegister->handleRequest($request);
  244. if ($formRegister->isSubmitted()) {
  245. // Validation spécifique du formulaire d'inscription
  247. try {
  248. $formRegister = $this->formFactory->postValidateRegisterForm($formRegister);
  249. } catch (Exception $e) {
  250. if ($this->env != 'prod') {
  251. throw $e;
  252. }
  253. $this->addFlash(
  254. 'danger',
  255. new TranslatableMessage('impossible d\'exécuter la post validation du formulaire', [])
  256. );
  257. $this->logger->error(
  258. 'Erreur lors de la post validation du formulaire d\'inscription',
  259. ['error' => $e->getMessage()]
  260. );
  261. $referer = $request->headers->get('referer');
  263. return $this->redirect($referer);
  264. }
  266. if ($formRegister->isValid()) {
  267. // Post traitement du formulaire d'inscription
  268. try {
  269. $response = $this->formFactory->postProcessingRegisterForm($formRegister, $user);
  270. } catch (Exception $e) {
  271. if ($this->env != 'prod') {
  272. throw $e;
  273. }
  274. $this->addFlash('danger', 'impossible d\'exécuter le post traitement du formulaire');
  275. $this->logger->error(
  276. 'Erreur lors du post traitement du formulaire d\'inscription',
  277. ['error' => $e->getMessage()]
  278. );
  279. $referer = $request->headers->get('referer');
  281. return $this->redirect($referer);
  282. } catch (TransportExceptionInterface $e) {
  283. if ($this->env != 'prod') {
  284. throw $e;
  285. }
  286. $this->addFlash('danger', 'impossible d\'exécuter le post traitement du formulaire');
  287. $this->logger->error(
  288. 'Erreur lors du post traitement du formulaire d\'inscription',
  289. ['error' => $e->getMessage()]
  290. );
  291. $referer = $request->headers->get('referer');
  293. return $this->redirect($referer);
  294. }
  296. if ($response['message'] !== null) {
  297. $this->addFlash('success', $response['message']);
  298. }
  300. return $this->redirectToRoute($response['route']);
  301. }
  302. }
  303. }
  305. $formLogin = $this->createForm(LoginType::class);
  307. // get the login error if there is one
  308. $error = $authenticationUtils->getLastAuthenticationError();
  310. // last username entered by the user
  311. $lastUsername = $authenticationUtils->getLastUsername();
  312. if (!$twigPath) {
  313. $twigPath = 'security/login.html.twig';
  315. if (isset($configLogin['folder']) && !in_array($configLogin['folder'], [false, '', null], true)) {
  316. $twigPath = 'security/' . $configLogin['folder'] . '/login.html.twig';
  317. }
  318. }
  320. return $this->render($twigPath, [
  321. 'last_username' => $lastUsername,
  322. 'error' => $error,
  323. 'loginForm' => $formLogin->createView(),
  324. 'registrationForm' => $hasFormRegister ? $formRegister->createView() : false,
  325. 'hasFormRegister' => $hasFormRegister
  326. ]);
  327. }
  329. /**
  330. * Déconnexion
  331. *
  332. * @Route("/universal_logout", name="universal_logout")
  333. *
  334. * @return RedirectResponse
  335. */
  336. public function universalLogout(): RedirectResponse
  337. {
  338. if ($this->isSamlSsoEnabled()) {
  339. return $this->redirectToRoute('saml_logout');
  340. }
  342. return $this->redirectToRoute('app_logout');
  343. }
  345. /**
  346. * Déconnexion
  347. *
  348. * @Route("/logout", name="app_logout")
  349. *
  350. * @return void
  351. */
  352. public function logout(): void
  353. {
  354. throw new LogicException(
  355. 'This method can be blank - it will be intercepted by the logout key on your firewall.',
  356. );
  357. }
  359. private function isSamlSsoEnabled(): bool
  360. {
  361. if (!$this->moduleSettingService->isModuleActive(Modules::SSO_CONNECTION) || !$this->settingService->isExist(Setting::SSO_SETTINGS)) {
  362. return false;
  363. }
  365. $ssoSettings = $this->settingService->getSettingFromName(Setting::SSO_SETTINGS, true, true);
  367. return is_array($ssoSettings) && !empty($ssoSettings['ssoType']) && strtolower((string)$ssoSettings['ssoType']) === Sso::SSO_SAML;
  368. }
  370. private function shouldStartSynchronizationOnLogin(Request $request): bool
  371. {
  372. if (!$request->isMethod(Request::METHOD_GET)) {
  373. return false;
  374. }
  376. if ($request->query->has(Synchronisation::LOGIN_SKIP_QUERY_PARAMETER)) {
  377. return false;
  378. }
  380. return $this->moduleSettingService->isModuleActive(Modules::SYNCHRONISATION) && $this->settingService->isExist(Setting::SYNCHRONISATION_SETTINGS);
  381. }
  382. }