src/Controller/AuthentificationController.php line 102

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\utilisateur\UtilisateurProfil;
  6. use App\Entity\utilisateur\Utilisateurs;
  7. use App\Form\administration\ResetMdpFormType;
  8. use App\Form\AuthentificationFormType;
  9. use App\Form\ForgetFormType;
  10. use App\Form\ResetFormType;
  11. use App\Form\CreatePasswordFormType;
  12. use App\Helpers\Helpers;
  13. use App\Repository\administration\UtilisateurSocieteRepository;
  14. use App\Repository\administration\UtilisateursRepository;
  15. use App\Repository\Utilisateur\UtilisateurSocieteAssociationRepository;
  16. use Doctrine\ORM\Mapping as ORM;
  17. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  18. use Symfony\Bundle\FrameworkBundle\Translation\Translator;
  19. use Symfony\Component\HttpFoundation\JsonResponse;
  20. use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
  21. use Symfony\Component\Routing\Annotation\Route;
  22. use Symfony\Component\HttpFoundation\Request;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Doctrine\ORM\EntityManagerInterface;
  25. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  26. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  27. use Symfony\Contracts\Translation\TranslatorInterface;
  28. use Symfony\Component\Mailer\MailerInterface;
  29. use Symfony\Component\Mime\Email;
  30. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  31. use Symfony\Component\Security\Csrf\CsrfToken;
  32. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  35. class AuthentificationController extends AbstractController
  36. {
  37. /**
  38. * @ORM\Column(type="string")
  39. */
  40. private $objectManager;
  42. private const MAINTENANCE_FILE = __DIR__ . '/../../var/.maintenance';
  44. public function __construct(EntityManagerInterface $objectManager) {
  45. $this->objectManager = $objectManager;
  46. }
  48. public function setConnectionSessions($res, $utilisateur, $utilisateurSocieteAssociation, $repository)
  49. {
  50. $token = new UsernamePasswordToken($res, null, 'main', $utilisateur->getRoles());
  51. $this->get('security.token_storage')->setToken($token);
  53. $this->get('session')->set('_security_main', serialize($token));
  55. $utilisateurProfil = new UtilisateurProfil($res->getFkUtilisateurProfil()->getIdUtilisateurProfil(),$res->getFkUtilisateurProfil()->getLibelle());
  57. $this->get('session')->set('profil', $res->getFkUtilisateurProfil());
  58. $this->get('session')->set('societe', $res->getFkUtilisateurSociete());
  60. $arrayListeSocieteAssocie = [$res->getFkUtilisateurSociete()->getIdUtilisateurSociete()];
  62. $listeSocieteAssocie = $utilisateurSocieteAssociation->findByFkUtilisateurSocieteIdParent($res->getFkUtilisateurSociete()->getIdUtilisateurSociete());
  64. foreach($listeSocieteAssocie as $associe){
  65. $arrayListeSocieteAssocie[] = $associe->getFkUtilisateurSocieteId()->getIdUtilisateurSociete();
  66. }
  68. $this->get('session')->set('ListeDeSesSociete', $arrayListeSocieteAssocie);
  70. $menu = $repository->getUtilisateurMenu($res->getIdUtilisateur(),$utilisateurProfil->getIdUtilisateurProfil());
  72. $this->get('session')->set('menu',$menu);
  73. $this->get('session')->set('user',$res->getIdUtilisateur());
  74. $this->get('session')->set('accesMemo', $res->getAccesMemo());
  75. $this->get('session')->set('accesElium', $res->getAccesElium());
  76. }
  78. /**
  79. * @Route("/{_locale<%app.supported_locales%>}/login", name="login")
  80. * @param Request $request
  81. * @param UtilisateursRepository $repository
  82. * @param TranslatorInterface $translator
  83. * @param UtilisateurSocieteAssociationRepository $utilisateurSocieteAssociation
  84. * @return Response
  85. * @throws \Doctrine\DBAL\Driver\Exception
  86. * @throws \Doctrine\DBAL\Exception
  87. * @param MailerInterface $mailer
  88. */
  89. public function authentification(Request $request, UtilisateursRepository $repository,TranslatorInterface $translator,
  90. UtilisateurSocieteAssociationRepository $utilisateurSocieteAssociation,
  91. CsrfTokenManagerInterface $csrfTokenManager, MailerInterface $mailer) : Response
  92. {
  93. $session = $request->getSession();
  94. $em = $this->getDoctrine()->getManager();
  95. $remainingAttemps = 3;
  97. if ($session->has('societe')) {
  98. return $this->redirectToRoute('index');
  99. }
  101. $utilisateur = new Utilisateurs();
  102. $form = $this->createForm(AuthentificationFormType::class, $utilisateur);
  103. $form->handleRequest($request);
  105. if ($form->isSubmitted() && $form->isValid()) {
  106. $identifiant = $request->request->get('authentification_form')['identifiant'];
  107. $pwd = $request->request->get('authentification_form')['motdepasse'];
  108. $submittedToken = $request->request->get('authentification_form')['_token'] ?? null;
  109. $connectionIsAllowed = false;
  111. if (!$csrfTokenManager->isTokenValid(new CsrfToken('task_item', $submittedToken))) {
  112. throw $this->createAccessDeniedException('Invalid CSRF token.');
  113. }
  115. if($identifiant && $pwd) {
  116. $hashedPwd = $repository->getHashedPwd($identifiant);
  117. if(!$hashedPwd) {
  118. $this->getLog($request, 'Fail', 'Wrong credentials - Email does not exist');
  119. $this->addFlash('danger', $translator->trans('message.error_auth'));
  120. return $this->render('authentification/index.html.twig', [
  121. 'form' => $form->createView(),
  122. 'remainingAttempts' => null,
  123. 'accountActivated' => null,
  124. ]);
  125. }
  126. }
  128. if (password_verify($pwd, $hashedPwd['pwd'])) {
  129. $connectionIsAllowed = true;
  130. }
  132. if($connectionIsAllowed) {
  133. $resLogin = $repository->logInManagement($identifiant);
  135. if($resLogin) {
  136. $this->setConnectionSessions($resLogin[0], $utilisateur, $utilisateurSocieteAssociation, $repository);
  137. $this->getLog($request, 'Success', 'Correct credentials');
  139. return $this->redirectToRoute('index');
  140. }
  141. // SI USER NOT VERIFIED OU COMPTE DESACTIVE //
  142. else {
  143. $this->getLog($request, 'Fail', 'Account not verified / Account blocked');
  145. $this->addFlash('danger', $translator->trans('message.error_auth'));
  146. return $this->render('authentification/index.html.twig', [
  147. 'form' => $form->createView(),
  148. 'remainingAttempts' => null,
  149. 'accountActivated' => null,
  150. ]);
  151. }
  152. }
  153. else {
  154. $user = $repository->findOneByIdentifiant($identifiant);
  156. if($user) {
  157. $remainingAttemps = $user->getNbEssaiAvantBloquage();
  159. if ($remainingAttemps > 0 && $user->getIsVerified() != 0) {
  160. $user->setNbEssaiAvantBloquage($remainingAttemps - 1);
  162. if (($remainingAttemps - 1) == 0) {
  163. $user->setCompteDesactive(true);
  165. $messageToReseller = new Email();
  166. $messageToReseller->from($_ENV['MAILER_SENDER']);
  167. $messageToReseller->to($identifiant);
  168. $messageToReseller->subject($translator->trans('mail.objet.account-blocked-reseller',[],'mail+intl-icu'));
  169. $corps = $translator->trans('mail.account-blocked-reseller',[],'mail+intl-icu');
  170. $corps = utf8_decode($corps);
  171. $messageToReseller->html($corps,'text/html','UTF-8');
  173. $messageAdmin = new Email();
  174. $messageAdmin->from($_ENV['MAILER_SENDER']);
  175. $messageAdmin->to('administratif@planet-monetic.fr');
  176. $messageAdmin->subject($translator->trans('mail.objet.account-blocked',[],'mail+intl-icu'));
  177. $corps = $translator->trans('mail.account-blocked',['%$identifiant%' => $identifiant],'mail+intl-icu');
  178. $corps = utf8_decode(str_replace('%identifiant%',$identifiant,$corps));
  179. $messageAdmin->html($corps,'text/html','UTF-8');
  181. $messageToDev = new Email();
  182. $messageToDev->from($_ENV['MAILER_SENDER']);
  183. $messageToDev->to('developpement@planet-monetic.fr');
  184. $messageToDev->subject($translator->trans('mail.objet.account-blocked',[],'mail+intl-icu'));
  185. $corps = $translator->trans('mail.account-blocked',['%$identifiant%' => $identifiant],'mail+intl-icu');
  186. $corps = utf8_decode(str_replace('%identifiant%',$identifiant,$corps));
  187. $messageToDev->html($corps,'text/html','UTF-8');
  189. $mailer->send($messageToReseller);
  190. $mailer->send($messageAdmin);
  191. $mailer->send($messageToDev);
  192. }
  194. $em->persist($user);
  195. $em->flush();
  196. }
  197. }
  198. $this->getLog($request, 'Fail', 'Wrong credentials - Invalid Password');
  200. $this->addFlash('danger', $translator->trans('message.error_auth'));
  201. return $this->render('authentification/index.html.twig', [
  202. 'form' => $form->createView(),
  203. 'remainingAttempts' => null,
  204. 'accountActivated' => null,
  205. ]);
  206. }
  208. }
  210. return $this->render('authentification/index.html.twig', [
  211. 'form' => $form->createView()
  212. ]);
  213. }
  215. /**
  216. * @Route("/{_locale<%app.supported_locales%>}/logout", name="app_logout", methods={"GET"})
  217. */
  218. public function logout()
  219. {
  220. }
  222. /**
  223. * @Route("/{_locale<%app.supported_locales%>}/forget", name="forget")
  224. * @param Request $request
  225. * @param UtilisateursRepository $repository
  226. * @param TranslatorInterface $translator
  227. * @param MailerInterface $mailer
  228. * @return Response
  229. */
  230. public function forget(Request $request, UtilisateursRepository $repository,TranslatorInterface $translator, MailerInterface $mailer) : Response
  231. {
  232. $utilisateur = new Utilisateurs();
  234. $form = $this->createForm(ForgetFormType::class, $utilisateur);
  235. $form->handleRequest($request);
  237. if ($form->isSubmitted() && $form->isValid()) {
  238. $res = $repository->findOneBy(['mail' => $utilisateur->getMail()]);
  240. if($res && $res->getIsVerified()) {
  242. $userInfosForLog = 'User : ' . $res->getNom() . $res->getPrenom() . ' reseller : ' . $res->getFkUtilisateurSociete()->getSociete();
  244. $lien = $this->createUrlToken($res, $request, 'reset');
  246. $message = new Email();
  247. $message->from($_ENV['MAILER_SENDER']);
  248. $message->to($utilisateur->getMail());
  249. $message->bcc('developpement@planet-monetic.fr');
  250. $message->subject($translator->trans('mail.objet.forget',[],'mail+intl-icu'));
  251. $corps = $translator->trans('mail.forget',['%lien%' => $lien],'mail+intl-icu');
  252. $corps = utf8_decode(str_replace('%lien%',$lien,$corps));
  253. $message->html($corps,'text/html','UTF-8');
  255. try{
  256. $mailer->send($message);
  258. $this->addFlash('success', $translator->trans('message.forgetsuccess'));
  259. } catch (TransportExceptionInterface $e) {
  260. $this->addFlash('danger', $translator->trans('message.forgeterror'));
  261. }
  262. } else if ($res && !$res->getIsVerified()) {
  263. $this->addFlash('danger', $translator->trans('message.account-not-activated'));
  264. } else {
  265. $this->addFlash('danger', $translator->trans('message.forgeterror'));
  266. }
  267. }
  268. return $this->render('authentification/forget.html.twig', ['form' => $form->createView()]);
  269. }
  271. private function createUrlToken($user, $request, $action) {
  272. $token = $user->getIdUtilisateur().'|'.date('Y-m-d H:i:s');
  273. $token = strtr(base64_encode(serialize($token)), '+/=', '-_,');
  275. $lien = $this->generateUrl(
  276. $action,
  277. ['t' => $token, '_locale' => $request->getLocale()],
  278. UrlGeneratorInterface::ABSOLUTE_URL
  279. );
  281. return $lien;
  282. }
  284. /**
  285. * @Route("/{_locale<%app.supported_locales%>}/reset", name="reset")
  286. * @param Request $request
  287. * @param TranslatorInterface $translator
  288. * @return Response
  289. */
  290. public function reset(Request $request, Helpers $helpers, TranslatorInterface $translator) : Response
  291. {
  292. if(empty($_GET['t'])){
  293. return $this->redirectToRoute('login');
  294. } else {
  295. $t = explode('|',unserialize(stripslashes(base64_decode(strtr($_GET['t'], '-_,','+/=')))));
  296. $id = $t[0];
  297. $date = $t[1];
  299. if((strtotime(date('Y-m-d H:i')) - strtotime($date))/ 60 > 60){
  300. throw new AccessDeniedException('');
  301. } else {
  302. $utilisateur = new Utilisateurs();
  303. $utilisateur->setIdUtilisateur($id);
  304. $form = $this->createForm(ResetFormType::class, $utilisateur);
  305. $form->handleRequest($request);
  307. if($form->isSubmitted() && $form->isValid()) {
  309. $resetMdpForm = $request->get('reset_form');
  311. //Si le mot de passe est valide
  312. $validationMdp = $helpers->checkMdp(null, $resetMdpForm['newmotdepasse'], $resetMdpForm['confirmmotdepasse'], 14, false);
  314. if($validationMdp) {
  315. $entityManager = $this->getDoctrine()->getManager();
  316. $utilisateur = $entityManager->getRepository(Utilisateurs::class)->find($form->get('idUtilisateur')->getData());
  317. $utilisateur->setMotDePasse(sha1($form->get('confirmmotdepasse')->getData()));
  319. $hashedPassword = password_hash($resetMdpForm['newmotdepasse'], PASSWORD_ARGON2ID, [
  320. 'memory_cost' => 65536,
  321. 'time_cost' => 4,
  322. 'threads' => 1,
  323. ]);
  325. $utilisateur->setPwd($hashedPassword);
  327. $entityManager->flush();
  329. return $this->redirectToRoute('login');
  330. }
  331. else {
  332. $this->addFlash('danger', $translator->trans('message.error_auth'));
  333. }
  334. }
  336. return $this->render('authentification/reset.html.twig', ['form' => $form->createView()]);
  337. }
  338. }
  340. }
  342. /**
  343. * Méthode pour reset mdp 1er connexion
  344. *
  345. * @Route("/{_locale<%app.supported_locales%>}/reset_mdp", name="reset_mdp")
  346. */
  347. public function resetMdp(Request $request, Helpers $helpers, TranslatorInterface $translator, UtilisateursRepository $utilisateurRepo,
  348. UtilisateurSocieteAssociationRepository $utilisateurSocieteAssociationRepo, UtilisateurSocieteRepository $utilisateurSocieteRepo)
  349. {
  350. $dateConnexion = new \DateTime();
  351. $em = $this->getDoctrine()->getManager();
  352. $form = $this->createForm(ResetMdpFormType::class);
  353. $form->handleRequest($request);
  355. //Si pas de connexion, mais accès direct via l'URL, on fait une redirection vers la page de login
  356. if(empty($this->get('session')->get('userTmp'))) {
  357. return $this->redirectToRoute('login');
  358. }
  360. if ($form->isSubmitted()) {
  361. $resetMdpForm = $request->get('reset_mdp_form');
  363. //Si le mot de passe est valide
  364. $validationMdp = $helpers->checkMdp($resetMdpForm['identifiant'], $resetMdpForm['motdepasse'], $resetMdpForm['motdepasse2'], 14);
  365. if($validationMdp) {
  366. $userTmp = $this->get('session')->get('userTmp');
  368. $user = $utilisateurRepo->findOneBy(['idUtilisateur' => $userTmp->getIdUtilisateur()]);
  370. if (!$user) {
  371. throw new \Exception('User not found');
  372. }
  374. $user->setIdentifiant($resetMdpForm['identifiant']);
  375. $user->setMail($resetMdpForm['identifiant']);
  377. // PASSWORD LOGIC //
  378. $maxLength = 128;
  379. if (mb_strlen($resetMdpForm['motdepasse']) > $maxLength) {
  380. throw new \InvalidArgumentException("Password cannot be longer than $maxLength characters.");
  381. }
  383. $user->setMotDePasse(sha1($resetMdpForm['motdepasse']));
  385. $hashedPassword = password_hash($resetMdpForm['motdepasse'], PASSWORD_ARGON2ID, [
  386. 'memory_cost' => 65536,
  387. 'time_cost' => 4,
  388. 'threads' => 1,
  389. ]);
  391. $user->setPwd($hashedPassword);
  392. // END PASSWORD LOGIC //
  394. $user->setDerniereConnexion($dateConnexion);
  395. $user->setAncienMotDePasse(NULL);
  396. $em->persist($user);
  397. $em->flush();
  399. //Création tous les sessions de connexion
  400. $utilisateur = new Utilisateurs();
  401. $this->setConnectionSessions($user, $utilisateur, $utilisateurSocieteAssociationRepo, $utilisateurRepo);
  403. return $this->redirectToRoute('index');
  404. }
  405. else {
  406. $this->addFlash('danger', $translator->trans('message.error_auth'));
  407. }
  409. }
  411. return $this->render('authentification/reset_mdp.html.twig', ['form' => $form->createView()]);
  412. }
  414. /**
  415. * @Route("/{_locale<%app.supported_locales%>}/create_password", name="create_password")
  416. * @param Request $request
  417. * @param TranslatorInterface $translator
  418. * @return Response
  419. */
  420. public function createPassword(Request $request, Helpers $helpers, TranslatorInterface $translator,
  421. UtilisateursRepository $utilisateurRepo,
  422. CsrfTokenManagerInterface $csrfTokenManager) : Response
  423. {
  424. if (empty($_GET['t'])) {
  425. return $this->redirectToRoute('login');
  426. } else {
  427. $t = explode('|', unserialize(stripslashes(base64_decode(strtr($_GET['t'], '-_,', '+/=')))));
  428. $id = $t[0];
  429. $date = $t[1];
  431. if ((strtotime(date('Y-m-d H:i')) - strtotime($date)) / 60 > 60) {
  432. throw new AccessDeniedException('');
  433. } else {
  434. $utilisateur = new Utilisateurs();
  435. $utilisateur->setIdUtilisateur($id);
  436. $form = $this->createForm(CreatePasswordFormType::class, $utilisateur);
  437. $form->handleRequest($request);
  439. if($form->isSubmitted() && $form->isValid()) {
  440. $submittedToken = $request->request->get('create_password_form')['_token'] ?? null;
  442. if (!$csrfTokenManager->isTokenValid(new CsrfToken('task_item', $submittedToken))) {
  443. throw $this->createAccessDeniedException('Invalid CSRF token.');
  444. }
  446. $createPasswordForm = $request->get('create_password_form');
  448. $validationMdp = $helpers->checkMdp($createPasswordForm['identifiant'], $createPasswordForm['newmotdepasse'], $createPasswordForm['confirmmotdepasse'], 14);
  450. if ($validationMdp) {
  451. $em = $this->getDoctrine()->getManager();
  452. $utilisateur = $em->getRepository(Utilisateurs::class)->find($form->get('idUtilisateur')->getData());
  453. if ($form->get('identifiant')->getData() == $utilisateur->getIdentifiant()) {
  454. $utilisateur->setMotDePasse(sha1($form->get('confirmmotdepasse')->getData()));
  456. $hashedPassword = password_hash($form->get('confirmmotdepasse')->getData(), PASSWORD_ARGON2ID, [
  457. 'memory_cost' => 65536,
  458. 'time_cost' => 4,
  459. 'threads' => 1,
  460. ]);
  462. $utilisateur->setPwd($hashedPassword);
  464. $utilisateur->setIsVerified(1);
  465. $em->flush();
  467. return $this->redirectToRoute('login');
  468. }
  469. else {
  470. $this->addFlash('danger', $translator->trans('message.error_auth'));
  471. }
  472. }
  473. else {
  474. $this->addFlash('danger', $translator->trans('message.error_auth'));
  475. }
  476. }
  477. }
  478. return $this->render('authentification/create_password.html.twig', ['form' => $form->createView()]);
  479. }
  480. }
  482. public function getLog($request, $status, $reason)
  483. {
  484. $userIp = $request->getClientIp();
  486. $userIdentifiant = $request->request->get('authentification_form')['identifiant'];
  488. $date = date('d-m-Y');
  489. $month = date('F');
  490. $year = date('Y');
  491. $dateLog = date('d-m-Y');
  492. $timeLog = date('H-i-s');
  494. // create folder if not exist
  495. if (!file_exists($this->getParameter('kernel.project_dir') . '/public/works/logs/connection_attempts_logs/' . $month . $year)) {
  496. mkdir($this->getParameter('kernel.project_dir') . '/public/works/logs/connection_attempts_logs/' . $month . $year, 0755, true);
  497. }
  499. $log = fopen($this->getParameter('kernel.project_dir') . '/public/works/logs/connection_attempts_logs/' . $month . $year .'/connection-log-'. $date . '.txt', 'a+');
  500. fwrite($log,
  501. "\n" .
  502. '************** Login attempt **************' . "\n" .
  503. 'IP address : ' . $userIp . "\n" .
  504. 'Status : ' . $status . "\n" .
  505. 'Login : ' . $userIdentifiant . "\n" .
  506. 'Reason : ' . $reason . "\n" .
  507. 'On the : ' . $dateLog . ' at ' . $timeLog . "\n" .
  508. '******************************************' . "\n");
  509. fclose($log);
  510. }
  511. }