src/Common/Controller/SecurityController.php line 14

Open in your IDE?
  1. <?php
  3. namespace PaperKite\Common\Controller;
  5. use Lightbulb\Symfony\Exception\ServiceUnavailableException;
  6. use LogicException;
  7. use OneLogin\Saml2\Error;
  8. use OneLogin\Saml2\ValidationError;
  9. use PaperKite\EmployeeApi\Service\EmployeeAuthenticationService;
  10. use PaperKite\EmployeeApi\Service\SamlService;
  11. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\Routing\Annotation\Route;
  16. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  17. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  18. use Symfony\Component\Security\Http\Authenticator\Token\PostAuthenticationToken;
  20. class SecurityController extends AbstractController
  21. {
  22.     #[Route(path'/login'name'security_login')]
  23.     public function login(AuthenticationUtils $authenticationUtilsSamlService $samlService): Response
  24.     {
  25.         if ($this->getUser()) {
  26.             return $this->redirectToRoute('admin_dashboard');
  27.         }
  29.         // get the login error if there is one
  30.         $error $authenticationUtils->getLastAuthenticationError();
  31.         // last username entered by the user
  32.         $lastUsername $authenticationUtils->getLastUsername();
  34.         return $this->render('@EasyAdmin/page/login.html.twig', [
  35.             'last_username' => $lastUsername,
  36.             'error' => $error,
  37.             'csrf_token_intention' => 'authenticate',
  38.             'page_title' => 'Connexion',
  39.             'target_path' => $this->generateUrl('admin_dashboard'),
  40.             'username_label' => 'Username',
  41.             'password_label' => 'Password',
  42.             'username_parameter' => 'username',
  43.             'password_parameter' => 'password',
  44.             'forgot_password_enabled' => true,
  45.             'forgot_password_path' => $samlService->getSsoLoginUrl(),
  46.             'forgot_password_label' => 'SSO Login',
  47.         ]);
  48.     }
  50.     /**
  51.      * @throws ValidationError
  52.      * @throws ServiceUnavailableException
  53.      * @throws Error
  54.      */
  55.     #[Route(name'employee_sso_login_check'methods: ['POST'])]
  56.     public function postSsoLoginToken(Request $requestSamlService $samlServiceEmployeeAuthenticationService $employeeAuthenticationServiceTokenStorageInterface $tokenStorage): RedirectResponse
  57.     {
  58.         $employee $samlService->handleSamlToken();
  60.         if (str_contains($request->get('RelayState'), 'employee-api')) {
  61.             $authCode $employeeAuthenticationService->setAuthCode($employee);
  63.             return new RedirectResponse($this->getParameter('app_url') . $this->getParameter('app_sso_login_route') . '?authCode=' $authCode);
  64.         } else {
  65.             // Manually authenticate the user for web interface
  66.             $token = new PostAuthenticationToken($employee'main'$employee->getRoles());
  67.             $tokenStorage->setToken($token);
  69.             return new RedirectResponse($this->generateUrl('admin_dashboard'));
  70.         }
  71.     }
  73.     #[Route(path'/logout'name'security_logout')]
  74.     public function logout()
  75.     {
  76.         throw new LogicException('This should never be reached!');
  77.     }
  78. }