vendor/nen/kennisbank-platform/src/Nen/Controller/SecurityController.php line 43

Open in your IDE?
  1. <?php
  3. namespace Nen\Bundle\KennisbankPlatformBundle\Controller;
  5. use Doctrine\ORM\EntityManagerInterface;
  6. use Lexik\Bundle\JWTAuthenticationBundle\Encoder\JWTEncoderInterface;
  7. use Nen\Bundle\KennisbankPlatformBundle\Entity\BoltPage;
  8. use App\Entity\Company;
  9. use App\Entity\User;
  10. use Nen\Bundle\KennisbankPlatformBundle\Exceptions\IncompleteTokenRequestException;
  11. use Nen\Bundle\KennisbankPlatformBundle\Exceptions\InvalidPartnerException;
  12. use Nen\Bundle\KennisbankPlatformBundle\Exceptions\TokenRequestException;
  13. use Nen\Bundle\KennisbankPlatformBundle\Form\LoginType;
  14. use Nen\Bundle\KennisbankPlatformBundle\NenConnect\NenConnectException;
  15. use Nen\Bundle\KennisbankPlatformBundle\NenConnect\NenConnectSingleSignOn;
  16. use Nen\Bundle\KennisbankPlatformBundle\Repository\PartnerLoginUserRepository;
  17. use Nen\Bundle\KennisbankPlatformBundle\Repository\UserRepository;
  18. use Nen\Bundle\KennisbankPlatformBundle\Security\GlobalUserLoginFormFactory;
  19. use Nen\Bundle\KennisbankPlatformBundle\Security\ManualUserLogin;
  20. use Nen\Bundle\KennisbankPlatformBundle\Support\CodeGeneratorInterface;
  21. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Entity;
  22. use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
  23. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  24. use Symfony\Component\Form\FormError;
  25. use Symfony\Component\HttpFoundation\JsonResponse;
  26. use Symfony\Component\HttpFoundation\RedirectResponse;
  27. use Symfony\Component\HttpFoundation\Request;
  28. use Symfony\Component\HttpFoundation\Response;
  29. use Symfony\Component\Routing\Annotation\Route;
  30. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  31. use Symfony\Component\Security\Core\Exception\AccountExpiredException;
  32. use Symfony\Component\Security\Core\Exception\CustomUserMessageAccountStatusException;
  33. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  34. use function Symfony\Component\Translation\t;
  36. class SecurityController extends AbstractController
  37. {
  38.     /**
  39.      * @Route("/inloggen", name="login")
  40.      *
  41.      * @Entity("page", expr="repository.findOneBySystemSectionAndSlug('inloggen')")
  42.      */
  43.     public function login(Request $requestBoltPage $pageAuthenticationUtils $utils): Response
  44.     {
  45.         $data = ['page' => $page];
  47.         $form $this->createForm(LoginType::class, [
  48.            'username' => $utils->getLastUsername() ?: $request->cookies->get('wmn_username')
  49.         ]);
  51.         $form->handleRequest($request);
  53.         $error $utils->getLastAuthenticationError();
  55.         if ($error !== null) {
  56.             if ($error instanceof CustomUserMessageAccountStatusException) {
  57.                 $data['expired'] = $error->getMessage();
  58.             } else {
  59.                 $form->addError(new FormError('Ongeldige combinatie van e-mailadres en wachtwoord.'));
  60.             }
  61.         }
  63.         $data['form'] = $form->createView();
  65.         if ($request->isXmlHttpRequest()) {
  66.             return $this->render('@KennisbankPlatform/security/modal/login.html.twig'$data);
  67.         }
  69.         return $this->render('@KennisbankPlatform/security/login.html.twig'$data);
  70.     }
  73.     /**
  74.      * @Route("/inloggen/partner/token", name="partner_login_token_request")
  75.      *
  76.      * @param Request $request
  77.      * @return Response
  78.      */
  79.     public function partnerLoginTokenRequest(
  80.         Request $request,
  81.         JWTEncoderInterface $JWTEncoder,
  82.         PartnerLoginUserRepository $partnerLoginUserRepository
  83.     ) {
  84.         $clientName null;
  85.         $clientId   null;
  86.         $secret     null;
  87.         $userId     null;
  89.         $missingParameters = [];
  91.         $parameters = [
  92.             'client_name' => 'clientName',
  93.             'client_id'   => 'clientId',
  94.             'secret'      => 'secret',
  95.             'user_id'     => 'userId',
  97.         ];
  99.         foreach ($parameters as $key => $value) {
  100.             if (empty(${$value} = $request->query->get($key))) {
  101.                 $missingParameters[] = $key;
  102.             }
  103.         }
  105.         try {
  106.             if (count($missingParameters)) {
  107.                 throw new IncompleteTokenRequestException(implode(', '$missingParameters));
  108.             }
  110.             $partners $this->getParameter('partner_login');
  112.             if (!array_key_exists($clientName$partners)) {
  113.                 throw new InvalidPartnerException();
  114.             }
  116.             if ($partners[$clientName]['id'] !== $clientId || $partners[$clientName]['secret'] !== $secret) {
  117.                 throw new InvalidPartnerException();
  118.             }
  120.             //request is valid
  122.             $redirect $this->generateUrl('home', [], UrlGeneratorInterface::ABSOLUTE_URL);
  124.             //lookup user
  125.             $user $partnerLoginUserRepository->findOneBy(
  126.                 [
  127.                     'partnerName'   => $clientName,
  128.                     'partnerUserId' => $userId,
  129.                 ]
  130.             );
  132.             $tokenData = [
  133.                 'exp' => time() + 300
  134.                 // 5 min expiration. User should be redirected immediately, so no need for long exp time
  135.             ];
  137.             //user not found, set redirect to login page
  138.             if (!$user) {
  139.                 $tokenData['username']   = '';
  140.                 $tokenData['clientName'] = $clientName;
  141.                 $tokenData['userId']     = $userId;
  142.                 $tokenData['exp']        = time() + 3600// 1 hour expiration so there is enough time to create an account
  143.             } else {
  144.                 $tokenData['username'] = $user->getUser()->getUsername();
  145.             }
  147.             //create JWT
  148.             $token $JWTEncoder->encode($tokenData);
  149.         } catch (TokenRequestException $e) {
  150.             return new JsonResponse(['error' => $e->getMessage()], 400);
  151.         }
  153.         //return JWT
  154.         return new JsonResponse(['token' => $token]);
  155.     }
  158.     /**
  159.      * @Route("/nen-connect", name="security_nen_connect_sso")
  160.      *
  161.      * @IsGranted("ROLE_USER")
  162.      *
  163.      * @param NenConnectSingleSignOn $sso
  164.      * @return RedirectResponse
  165.      */
  166.     public function nenConnectSso(NenConnectSingleSignOn $sso)
  167.     {
  168.         /** @var User $user */
  169.         $user $this->getUser();
  171.         try {
  172.             $url $sso->getSingleSignOnUrl($user);
  173.         } catch (NenConnectException $e) {
  174.             $this->addFlash('error't('Op dit moment is het niet mogelijk om in te loggen via NEN Connect. Probeer het later nog een keer.'));
  176.             return $this->redirectToRoute('home');
  177.         }
  179.         return $this->redirect($url);
  180.     }
  181. }