src/Controller/Main/SecurityController.php line 126

Open in your IDE?
  1. <?php
  3. namespace App\Controller\Main;
  5. use App\Security\LoginFormAuthenticator;
  6. use App\Security\UserProvider;
  7. use App\Services\Admin\UserService;
  8. use App\Services\Main\SecurityService;
  9. use OneLogin\Saml2\Auth;
  10. use OneLogin\Saml2\Settings;
  11. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  12. use Symfony\Component\HttpFoundation\Request;
  13. use Symfony\Component\HttpFoundation\RequestStack;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\Routing\Annotation\Route;
  16. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  17. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  18. use Symfony\Contracts\HttpClient\Exception\DecodingExceptionInterface;
  20. /**
  21.  * Class SecurityController.
  22.  */
  23. class SecurityController extends AbstractController
  24. {
  25.     private const ERROR_UNKNOW_TOKEN 'unknown_privateToken';
  27.     /**
  28.      * @var SecurityService
  29.      */
  30.     private SecurityService $securityService;
  32.     /**
  33.      * @var UserService
  34.      */
  35.     private UserService $userService;
  37.     /**
  38.      * @var LoginFormAuthenticator
  39.      */
  40.     private LoginFormAuthenticator $loginFormAuthenticator;
  42.     /**
  43.      * SecurityController constructor.
  44.      *
  45.      * @param SecurityService $securityService
  46.      * @param UserService $userService
  47.      * @param LoginFormAuthenticator $loginFormAuthenticator
  48.      */
  49.     public function __construct(
  50.         SecurityService $securityService,
  51.         UserService $userService,
  52.         LoginFormAuthenticator $loginFormAuthenticator
  53.     ) {
  54.         $this->securityService $securityService;
  55.         $this->userService $userService;
  56.         $this->loginFormAuthenticator $loginFormAuthenticator;
  57.     }
  59.     /**
  60.      * @Route("/", name="app.login")
  61.      *
  62.      * @param AuthenticationUtils $authenticationUtils
  63.      *
  64.      * @return Response
  65.      */
  66.     public function login(AuthenticationUtils $authenticationUtils): Response
  67.     {
  68.         if ($this->getUser()) {
  69.             return $this->redirectToRoute('dashboard.index');
  70.         }
  72.         // get the login error if there is one
  73.         $error $authenticationUtils->getLastAuthenticationError();
  74.         $options = [
  75.             'twoAuthRequired' => false,
  76.         ];
  77.         $messageData = [];
  78.         $errorMessage null;
  79.         if (null !== $error) {
  80.             $errorMessage $error->getMessage();
  81.             if (empty($errorMessage)) {
  82.                 $errorMessage $error->getMessageKey();
  83.             }
  84.             if (str_contains($errorMessage'security.twoAuth.required')) {
  85.                 $messageData $error->getMessageData();
  86.                 $options['twoAuthRequired'] = true;
  87.                 if (null !== $messageData['twoAuthToken']) {
  88.                     $this->addFlash(
  89.                         'danger',
  90.                         ('expiredToken' === $messageData['mailError'])
  91.                             ? 'security.twoAuth.expiredToken'
  92.                             'security.twoAuth.wrongToken'
  93.                     );
  94.                 }
  95.                 $this->addFlash('info'$errorMessage);
  96.             } else {
  97.                 $this->addFlash('danger'$errorMessage);
  98.             }
  99.         }
  101.         $loginForm $this->createForm('App\Form\Main\LoginType'null$options);
  103.         $lastUsername $authenticationUtils->getLastUsername();
  104.         if (!empty($lastUsername)) {
  105.             $loginForm->get('login')->setData($lastUsername);
  106.         }
  108.         return $this->render('security/login.html.twig', [
  109.             'loginForm' => $loginForm->createView(),
  110.             'last_username' => $lastUsername,
  111.             'last_password' => $messageData['password'] ?? null,
  112.             'isTwoAuthVerification' => $options['twoAuthRequired'],
  113.             'isTwoAuthMail' => ($options['twoAuthRequired'] && 'security.twoAuth.required.mail' === $errorMessage),
  114.         ]);
  115.     }
  117.     /**
  118.      * @Route("/login/forgot-password", name="app.forgot")
  119.      *
  120.      * @param Request $request
  121.      *
  122.      * @throws DecodingExceptionInterface
  123.      *
  124.      * @return Response
  125.      */
  126.     public function forgotPassword(Request $request): Response
  127.     {
  128.         if ($this->getUser()) {
  129.             return $this->redirectToRoute('dashboard.index');
  130.         }
  132.         $recoverPasswordForm $this->createForm('App\Form\Main\RecoverPasswordType');
  134.         $recoverPasswordForm->handleRequest($request);
  135.         if ($recoverPasswordForm->isSubmitted()) {
  136.             if ($recoverPasswordForm->isValid()) {
  137.                 $login $recoverPasswordForm->get('login')->getData();
  139.                 $responseArray $this->securityService->requestPasswordRecovery($login);
  141.                 if (!$responseArray['error']) {
  142.                     $this->addFlash('info''security.password.forgot.confirmation');
  143.                 } else {
  144.                     $this->addFlash('danger'$responseArray['message']);
  145.                 }
  146.             } else {
  147.                 $this->addFlash('danger''security.password.forgot.error.invalid');
  148.             }
  149.         }
  151.         return $this->render('security/forgotPassword.html.twig', [
  152.             'recoverPasswordForm' => $recoverPasswordForm->createView(),
  153.             'passwordRecovery' => $passwordRecovery ?? null,
  154.         ]);
  155.     }
  157.     /**
  158.      * @Route("/login/reset-password/{privateToken}", name="app.password.reset")
  159.      *
  160.      * @param $privateToken
  161.      * @param Request $request
  162.      *
  163.      * @throws DecodingExceptionInterface
  164.      *
  165.      * @return Response
  166.      */
  167.     public function resetPassword($privateTokenRequest $request): Response
  168.     {
  169.         if ($this->getUser()) {
  170.             return $this->redirectToRoute('dashboard.index');
  171.         }
  173.         $responseArray $this->securityService->getPasswordRecoveryByKey($privateToken);
  174.         if ($responseArray['error']) {
  175.             if (self::ERROR_UNKNOW_TOKEN === $responseArray['message']) {
  176.                 $this->addFlash('danger''security.password.reset.error.notfound');
  177.             } else {
  178.                 $this->addFlash('danger''global.errors.undefined');
  179.             }
  181.             return $this->redirectToRoute('root');
  182.         }
  184.         return $this->forward('App\Controller\Main\SecurityController::definePassword', [], $responseArray['content']);
  185.     }
  187.     /**
  188.      * @Route("/login/define-password", name="app.definePassword")
  189.      *
  190.      * @throws DecodingExceptionInterface
  191.      *
  192.      * @return Response
  193.      */
  194.     public function definePassword(Request $request): Response
  195.     {
  196.         if ($this->getUser()) {
  197.             $this->addFlash('danger''security.password.expired.label');
  198.             $this->logout();
  199.         }
  201.         $definePasswordForm $this->createForm('App\Form\Main\DefinePasswordType', [], [
  202.             'action' => $this->generateUrl('app.definePassword'),
  203.         ]);
  205.         $definePasswordForm->handleRequest($request);
  207.         if ($definePasswordForm->isSubmitted()) {
  208.             if ($definePasswordForm->isValid()) {
  209.                 $resetRequest $this->securityService->handleDefinePassword(
  210.                     $definePasswordForm->get('login')->getData(),
  211.                     $definePasswordForm->get('password')->getData()
  212.                 );
  214.                 $responseArray $resetRequest->getArrayResponse();
  215.                 if ($responseArray['error']) {
  216.                     $this->addFlash('danger''security.firstLogin.error');
  217.                 } else {
  218.                     return $this->redirectToRoute('app.login');
  219.                 }
  220.             } else {
  221.                 $this->addFlash('danger''security.firstLogin.error');
  222.             }
  223.         }
  225.         $rgpdOptions $request->query->get('rgpdOptions');
  227.         if (empty($rgpdOptions)) {
  228.             return $this->redirectToRoute('app.login');
  229.         }
  231.         return $this->render('security/definePassword.html.twig', [
  232.             'definePasswordForm' => $definePasswordForm->createView(),
  233.             'rgpdOptions' => $rgpdOptions,
  234.             'login' => $request->query->get('login'),
  235.         ]);
  236.     }
  238.     /**
  239.      * @Route("/login/first-login", name="app.firstLogin")
  240.      *
  241.      * @param Request $request
  242.      *
  243.      * @throws DecodingExceptionInterface
  244.      *
  245.      * @return Response
  246.      */
  247.     public function firstLogin(Request $request): Response
  248.     {
  249.         if ($this->getUser()) {
  250.             return $this->redirectToRoute('dashboard.index');
  251.         }
  253.         $firstLoginForm $this->createForm('App\Form\Main\FirstLoginType');
  254.         $firstLoginForm->handleRequest($request);
  256.         if ($firstLoginForm->isSubmitted()) {
  257.             if ($firstLoginForm->isValid()) {
  258.                 $resetRequest $this->securityService->handleFirstLogin(
  259.                     $firstLoginForm->get('email')->getData(),
  260.                     $firstLoginForm->get('login')->getData()
  261.                 );
  263.                 if (!$resetRequest->getArrayResponse()['error']) {
  264.                     return $this->forward(
  265.                         'App\Controller\Main\SecurityController::definePassword',
  266.                         [],
  267.                         $resetRequest->getContent()
  268.                     );
  269.                 }
  271.                 $this->addFlash('danger''security.firstLogin.error');
  272.             } else {
  273.                 $this->addFlash('danger''security.firstLogin.error');
  274.             }
  275.         }
  277.         return $this->render('security/firstLogin.html.twig', [
  278.             'firstLoginForm' => $firstLoginForm->createView(),
  279.         ]);
  280.     }
  282.     /**
  283.      * @Route("/logout", name="app.logout")
  284.      */
  285.     public function logout(): void
  286.     {
  287.     }
  289.     /**
  290.      * @Route("/classic-logout", name="app.logout.classic")
  291.      */
  292.     public function classicLogout()
  293.     {
  294.         //TODO: call API to delete refresh_token
  295.         $response $this->redirectToRoute('app.login');
  296.         $response->headers->clearCookie('PHPSESSID');
  298.         return $response;
  299.     }
  301.     /**
  302.      * @Route("/saml-login/{custId}", name="app.samlLogin", methods={"POST"})
  303.      * 
  304.      * @param string $custId
  305.      */
  306.     public function samlLogin(string $custIdRequest $request)
  307.     {
  308.         if ('' === $custId) {
  309.             return $this->redirectToRoute('root');
  310.         }
  312.         $settings $this->getParameter('hslavich_onelogin_saml');
  314.         $customerSettings $this->securityService->updateSSOParameters($settings$custId);
  316.         if (false !== $customerSettings) {
  317.             $auth = new Auth($customerSettings);
  319.             $auth->processResponse(null);
  321.             $errors $auth->getErrors();
  323.             if (!$auth->isAuthenticated()) {
  324.                 return $this->redirectToRoute('root');
  325.             }
  327.             $samlUserdata $auth->getAttributes();
  329.             $_SESSION['samlUserdata'] = $samlUserdata;
  331.             if (isset($samlUserdata['token'])) {
  332.                 $credential = [
  333.                     'ssoToken' => $samlUserdata['token'][0],
  334.                 ];
  335.                 $user $this->loginFormAuthenticator->getUser($credential, new UserProvider($this->securityService));
  337.                 $token = new UsernamePasswordToken($usernull'main'$user->getRoles());
  339.                 $this->get('security.token_storage')->setToken($token);
  340.                 $this->get('session')->set('_security_main'serialize($token));
  341.             }
  342.         }
  344.         return $this->redirectToRoute('root');
  345.     }
  347.     /**
  348.      * @Route("/get-metadata", name="app.getMetadata")
  349.      */
  350.     public function getMetadata()
  351.     {
  352.         $settings $this->getParameter('hslavich_onelogin_saml');
  354.         try {
  355.             $settings = new Settings($settingstrue);
  356.             $content $settings->getSPMetadata();
  357.             $errors $settings->validateMetadata($content);
  359.             if (empty($errors)) {
  360.                 $response = new Response($content);
  361.                 $response->headers->set('Content-Type''text/xml');
  363.                 return $response;
  364.             }
  366.             throw new OneLogin_Saml2_Error('Invalid SP metadata: '.implode(', '$errors), OneLogin_Saml2_Error::METADATA_SP_INVALID);
  367.         } catch (Exception $e) {
  368.             $content $e->getMessage();
  369.         }
  371.         return new Response(
  372.             $content
  373.         );
  374.     }
  376.     /**
  377.      * @Route("/login/define-two-auth", name="app.defineTwoAuth")
  378.      *
  379.      * @param RequestStack $requestStack
  380.      *
  381.      * @throws DecodingExceptionInterface
  382.      * 
  383.      * @return Response
  384.      */
  385.     public function defineTwoAuth(RequestStack $requestStack): Response
  386.     {
  387.         $session $requestStack->getSession();
  388.         $loginInformations $session->get('login-informations');
  389.         $qrCode $this->userService->getMyTotpQrCode();
  390.         $user $this->getUser();
  391.         //Logout user and clear this sentive information from session
  392.         $this->classicLogout();
  394.         return $this->render('security/defineTwoAuth.html.twig', [
  395.             'qrCode' => $qrCode,
  396.             'login' => $loginInformations['login'],
  397.             'password' => $loginInformations['password'],
  398.             'user' => $user,
  399.         ]);
  400.     }
  402.     /**
  403.      * @Route("/oauth/{customerId}/{authType}", name="oauth")
  404.      *
  405.      * @param RequestStack $requestStack
  406.      *
  407.      * @throws DecodingExceptionInterface
  408.      * 
  409.      * @return Response
  410.      */
  411.     public function oAuthResponse(Request $requeststring $customerIdstring $authType): Response
  412.     {
  413.         $parameters = [];
  414.         switch ($authType) {
  415.             case 'azure':
  416.                 $parameters = ['customerId' => $customerId'code' => $request->query->get('code')];
  418.                 break;
  419.             default:
  420.                 //TODO: add error message
  421.                 return $this->redirectToRoute('root');
  422.         }
  424.         $tokens $this->securityService->authWithOauth($authType$parameters);
  425.         if (empty($tokens['token']) || empty($tokens['refresh_token'])) {
  426.             return $this->redirectToRoute('app.login');
  427.         }
  428.         $user $this->loginFormAuthenticator->getUser([], new UserProvider($this->securityService), $tokens);
  430.         $token = new UsernamePasswordToken($usernull'main'$user->getRoles());
  432.         $this->get('security.token_storage')->setToken($token);
  433.         $this->get('session')->set('_security_main'serialize($token));
  435.         return $this->redirectToRoute('root');
  436.     }
  437. }