src/Controller/SecurityController.php line 72

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Event\User\UserLoginWithoutPasswordEvent;
  6. use App\Repository\UserRepository;
  7. use App\Service\NotificationService;
  8. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  9. use Symfony\Component\HttpFoundation\JsonResponse;
  10. use Symfony\Component\HttpFoundation\Request;
  11. use Symfony\Component\HttpFoundation\Response;
  12. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  13. use Symfony\Component\Routing\Annotation\Route;
  14. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  15. use Doctrine\ORM\EntityManagerInterface;
  16. use App\Entity\Company;
  17. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  18. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  19. use Symfony\Component\Mime\Address;
  20. // use Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  23. use Symfony\Contracts\HttpClient\HttpClientInterface;
  24. use Symfony\Component\Routing\Matcher\UrlMatcherInterface;
  25. use App\Service\DynamicHostService;
  27. class SecurityController extends AbstractController
  28. {
  29.     /**
  30.      * @Route("/login", name="app_login")
  31.      */
  32.     public function login(AuthenticationUtils $authenticationUtilsRequest $requestSessionInterface $session,EntityManagerInterface $entityManager,UrlMatcherInterface $urlMatcherInterface): Response
  33.     {
  34.         
  35.         $url $request->getUri();
  36.         $pattern "/^(https?:\/\/)?([a-zA-Z0-9.-]+)/";
  37.         preg_match($pattern$url$matches);
  38.         $sousDomaine $matches[2];
  39.         $company $entityManager->getRepository(Company::class)->findCompanyBySubDomain($sousDomaine);
  40.         if (null !== $request->query->get('redirect_to')) {
  41.             $session->set('redirect_to'$request->query->get('redirect_to'));
  43.             return $this->redirectToRoute('app_login');
  44.         }
  46.         if ($this->getUser()) {
  47.             if (null !== $redirect $session->get('redirect_to')) {
  48.                 $session->remove('redirect_to');
  49.             }
  50.             return $this->redirectToRoute('mission_index');
  51.         }
  53.         // get the login error if there is one
  54.         $error $authenticationUtils->getLastAuthenticationError();
  55.         // last username entered by the user
  56.         $lastUsername $authenticationUtils->getLastUsername();
  57.          if (isset($_COOKIE['PHPSESSID'])) {
  59.             setcookie('PHPSESSID'''time() - 14444444444444444'/''.my-flow.fr'truetrue);
  61.         }
  62.         return $this->render('security/login.html.twig', [
  63.             'last_username' => $lastUsername
  64.             'error' => $error,
  65.             'company' => $company
  66.         ]);
  67.     }
  69.      /**
  70.      * @Route("/login/request-login-without-password", name="request_login_without_password")
  71.      */
  72.     public function createAuthWithoutPassword(Request $request,EventDispatcherInterface $dispatcherEntityManagerInterface $entityManagerUserRepository $userRepository): Response JsonResponse
  73.     {
  74.       
  76.         if($request->isMethod('POST')){
  77.             $email $request->request->get('email');
  78.           
  79.             // if($email == null) {
  80.             //    return  $this->redirectToRoute('request_login_without_password',['message_login_without_password'=>'unknown-email']);
  81.             // }
  82.             
  83.             $users $userRepository->findAllUserByEmaiAndEmailParent($email);
  84.             $user null;
  85.             foreach ($users as $u) {
  86.                 if ($u->isEnabled() and !$u->isDeleted()) {
  87.                     $user $u;
  88.                     break;
  89.                 }
  90.             }
  91.             if($user == null ) {
  92.                return  $this->redirectToRoute('request_login_without_password',['message_login_without_password'=>'unknown-email']);
  93.             }
  95.             $token hash('sha256'uniqid(preg_replace('/\s/','-',$user->getFullName())));
  96.       
  97.             $user->setOneTimeLoginToken($token);
  98.             $entityManager->flush();
  100.             $event = new UserLoginWithoutPasswordEvent($user$token);
  101.             $dispatcher->dispatch($eventUserLoginWithoutPasswordEvent::NAME);
  103.             return  $this->redirectToRoute('app_login',['message_login_without_password'=>'send-success']);
  104.         }
  106.     
  107.        
  108.         return $this->render('security/login_without_password.html.twig', []);
  109.     }
  111.      /**
  112.      * @Route("/login/{token}", name="login-without-passWord")
  113.      */
  114.     public function loginWithoutPassWordHttpClientInterface $httpClientParameterBagInterface $parameterBag,  string $token,TokenStorageInterface $tokenStorage,  UserRepository $userRepository,EntityManagerInterface $entityManager,Request $request,DynamicHostService $dynamicHostService): Response
  115.     {
  117.         if ($request->query->get('role')) {
  118.             $request->getSession()->set('role_current_user'$request->query->get('role'));
  119.         }
  120.         $user $userRepository->findOneBy(['oneTimeLoginToken' => $token]);
  121.       
  122.         if($user){
  123.            if($user->isDeleted() or !$user->isEnabled()){
  125.                 return $this->redirectToRoute('app_login',['message_login_without_password'=>'not-enabled']);
  127.            }
  128.             $authenticatedToken = new UsernamePasswordToken($usernull'main'$user->getRoles());
  129.             
  130.             $tokenStorage->setToken($authenticatedToken);
  131.             // $user->setOneTimeLoginToken(null);
  132.             // $entityManager->flush();
  133.             $urlToRedirectCorrectly $dynamicHostService->getBackUrlByCompany($user?->getCompany());
  134.             if (in_array("ROLE_ADMIN"$user->getRoles()) || in_array("ROLE_SUBCONTRACTOR",$user->getRoles())) {
  135.                 
  136.                 return $this->redirect($urlToRedirectCorrectly);
  137.             }
  139.            ///////////////
  140.            $redirectToWp in_array("ROLE_AUTHOR"$user->getRoles()) || in_array("ROLE_EDITOR"$user->getRoles()) ? true false;
  142.            // $response = $httpClient->request('GET', $parameterBag->get('front_website_url'), [
  143.            //      'query' => [
  144.            //          'tsso' => hash('sha256', $user->getEmail() . $user->getEmail()),
  145.            //          'discount'=> 0
  146.            //      ],
  147.            //      'max_redirects' => 0,
  148.            //  ]);
  149.     
  150.            //  $headers = $response->getHeaders(false);
  151.            //  foreach ($headers['set-cookie'] ?? [] as $cookie) {
  152.            //      $infos = explode(';', $cookie);
  153.            //      [$name, $value] = explode('=', $infos[0]);
  154.     
  155.            //      foreach ($infos as $info) {
  156.            //          if (preg_match('#path#', $info)) {
  157.            //              [$str, $path] = explode('=', $info);
  158.            //          }
  159.            //      }
  160.     
  161.            //      setrawcookie($name, $value, 0, $path ?? '', str_replace('https://', '', $parameterBag->get('front_website_url')));
  162.            //  }
  164.             ////////////
  165.             $ch curl_init();
  166.             
  167.             $url "{$parameterBag->get('front_website_url')}/?tsso=" hash('sha256'$user->getEmail() . $user->getEmail());
  168.             curl_setopt($chCURLOPT_URL$url);
  169.             curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
  170.             $result curl_exec($ch);
  171.             curl_close($ch);
  172.             //set session if switch connection is active
  173.             if ($request->query->get('role')) {
  174.                 $request->getSession()->set('role_current_user'$request->query->get('role'));
  175.             }
  176.            
  177.             //end set session
  178.             return $redirectToWp ?  $this->redirect("{$parameterBag->get('front_website_url')}/wp-admin") : $this->redirect($urlToRedirectCorrectly);
  179.         }
  180.         
  181.         return $this->redirectToRoute('app_login',['message_login_without_password'=>'unknown-token']);
  182.         
  183.     }
  185.     /**
  186.      * @Route("/logout", name="app_logout")
  187.      */
  188.     public function logout(): void
  189.     {
  190.         // This method intentionally left blank.
  191.     }
  192. }