129 lines
4.6 KiB
PHP
129 lines
4.6 KiB
PHP
<?php
|
|
|
|
/*
|
|
* To change this license header, choose License Headers in Project Properties.
|
|
* To change this template file, choose Tools | Templates
|
|
* and open the template in the editor.
|
|
*/
|
|
|
|
/**
|
|
* Description of CasAuthenticator
|
|
*
|
|
* @author belhadjali
|
|
*/
|
|
|
|
namespace App\Session\AuthBundle\Security;
|
|
|
|
use App\Session\AuthBundle\Security\Interfaces\AuthInterface;
|
|
use App\Session\AuthBundle\Events\OnAuthenticationFailureEvent;
|
|
use App\Session\AuthBundle\Events\OnAuthenticationSuccessEvent;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\Security\Core\User\UserInterface;
|
|
use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
|
use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
|
|
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
|
use Symfony\Component\HttpFoundation\RedirectResponse;
|
|
use Symfony\Component\Security\Guard\AuthenticatorInterface;
|
|
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
|
|
|
class RsaAuthenticator extends AbstractFormLoginAuthenticator implements LogoutSuccessHandlerInterface, AuthenticatorInterface
|
|
{
|
|
private $authService;
|
|
private $urlGenerator;
|
|
private $dispatcher;
|
|
|
|
public function __construct(AuthInterface $authService, array $config, UrlGeneratorInterface $urlGenerator, EventDispatcherInterface $dispatcher)
|
|
{
|
|
$this->urlGenerator = $urlGenerator;
|
|
//Récupérer le service déaclaré authService
|
|
$this->authService = $authService;
|
|
$this->config = $config;
|
|
$this->dispatcher = $dispatcher;
|
|
}
|
|
|
|
/**
|
|
* Called on every request. Return whatever credentials you want,
|
|
* or null to stop authentication.
|
|
*/
|
|
public function getCredentials(Request $request)
|
|
{
|
|
if (!isset($_SERVER['HTTP_CT_REMOTE_USER']) || empty($_SERVER['HTTP_CT_REMOTE_USER'])) {
|
|
$this->returnRequest = $request->getUri();
|
|
throw new \LogicException("Impossible de continuer sous RSA : L'entête HTTP_CT_REMOTE_USER est vide ou manquante");
|
|
}
|
|
return true;
|
|
}
|
|
|
|
public function getUser($credentials, UserProviderInterface $userProvider)
|
|
{
|
|
$username = $_SERVER['HTTP_CT_REMOTE_USER'];
|
|
$user = $userProvider->loadUserByUsername($username);
|
|
return $user;
|
|
}
|
|
|
|
public function checkCredentials($credentials, UserInterface $user)
|
|
{
|
|
$this->authService->ctrlAccess($user);
|
|
// check credentials - e.g. make sure the password is valid
|
|
// no credential check is needed in this case
|
|
// return true to cause authentication success
|
|
return true;
|
|
}
|
|
|
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
|
|
{
|
|
$event = new OnAuthenticationSuccessEvent($request, $token, $providerKey);
|
|
$this->dispatcher->dispatch(OnAuthenticationSuccessEvent::NAME, $event);
|
|
|
|
$this->authService->onSuccess($token);
|
|
// on success, let the request continue
|
|
}
|
|
|
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
|
|
{
|
|
$event = new OnAuthenticationFailureEvent($request, $exception);
|
|
$this->dispatcher->dispatch(OnAuthenticationFailureEvent::NAME, $event);
|
|
|
|
return $this->authService->onAuthenticationFailure($exception);
|
|
}
|
|
|
|
/**
|
|
* Called when authentication is needed, but it's not sent
|
|
*/
|
|
// public function start(Request $request, AuthenticationException $authException = null) {
|
|
// $url = $this->router->generate('login');
|
|
// return new RedirectResponse($url);
|
|
// }
|
|
|
|
public function supportsRememberMe()
|
|
{
|
|
return false;
|
|
}
|
|
|
|
//implementation LogoutSuccessHandlerInterface
|
|
public function onLogoutSuccess(Request $request)
|
|
{
|
|
$redirect = (isset($_SERVER['HTTP_FREDUURLRETOUR'])) ? $_SERVER['HTTP_FREDUURLRETOUR'] : $this->config['rsa']['logout_url'];
|
|
return new RedirectResponse($redirect);
|
|
}
|
|
|
|
protected function getLoginUrl()
|
|
{
|
|
$return_request = urlencode($this->returnRequest);
|
|
$params = "?CT_ORIG_URL=" . $return_request;
|
|
return $this->config['rsa']['login_url'] . $params;
|
|
}
|
|
|
|
public function supports(Request $request)
|
|
{
|
|
if (isset($this->config['environment']) && $this->config['environment'] == "test") {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
}
|