src/Controller/SecurityController.php line 76

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Repository\UserRepository;
  6. use App\Services\OktaApiService;
  7. use Psr\Log\LoggerInterface;
  8. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  9. use Symfony\Component\Form\Extension\Core\Type\PasswordType;
  10. use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
  11. use Symfony\Component\HttpFoundation\RedirectResponse;
  12. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  13. use Symfony\Component\Routing\Annotation\Route;
  14. use Symfony\Component\HttpFoundation\Request;
  15. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  16. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  17. use App\Entity\User;
  18. use App\Form\UserType;
  19. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  21. class SecurityController extends AbstractController
  22. {
  23.     private $session;
  24.     private $okta;
  25.     private $userRepository;
  27.     public function __construct(
  28.         SessionInterface $session,
  29.         OktaApiService $okta,
  30.         UserRepository $UserRepository)
  31.     {
  32.         $this->session $session;
  33.         $this->okta $okta;
  34.         $this->userRepository $UserRepository;
  35.     }
  37.     /**
  38.      * @Route("/login", name="login", methods={"GET", "POST"})
  39.      */
  40.     public function login(AuthenticationUtils $authenticationUtils)
  41.     {
  42.         // get the login error if there is one
  43.         $error $authenticationUtils->getLastAuthenticationError();
  45.         // last username entered by the user
  46.         $lastUsername $authenticationUtils->getLastUsername();
  48.         return $this->render('security/login.html.twig', [
  49.             'last_username' => $lastUsername,
  50.             'error'         => $error,
  51.         ]);
  52.     }
  54.     /**
  55.      * @Route("/sso", name="sso", methods={"GET", "POST"})
  56.      */
  57.     public function sso(
  58.         AuthenticationUtils $authenticationUtils,
  59.         Request $request,
  60.         LoggerInterface $logger
  61.     )
  62.     {
  63. //        $logger->debug(
  64. //            sprintf(
  65. //                "%s",
  66. //                $request->attributes->get('_route')
  67. //            ), $request->query->all()
  68. //        );
  70.         return $this->redirect($this->okta->buildAuthorizeUrl());
  71.     }
  73.     /**
  74.      * @Route("/authorization-code/callback", name="callback")
  75.      */
  76.     public function callback(
  77.         Request $request,
  78.         LoggerInterface $logger
  79.     )
  80.     {
  81.         $token $this->okta->authorizeUser();
  83.         if (!$token) {
  84.             return $this->redirectToRoute('homepage');
  85.         }
  87.         $email $token->email;
  88.         $user $this->userRepository->findOneByEmail($email);
  90.         if (! $user) {
  91.             $user = new User();
  92.         }
  94.         // Manually authenticate the user
  95.         $token = new UsernamePasswordToken($usernull'main'$user->getRoles());
  96.         $this->get('security.token_storage')->setToken($token);
  97.         $this->get('session')->set('_security_main'serialize($token));
  99.         $user->setEmail($email);
  100.         $user->setToken($token);
  101.         $em $this->getDoctrine()->getManager();
  102.         $em->persist($user);
  103.         $em->flush();
  105.         $logger->debug(
  106.             sprintf(
  107.                 "%s by %s",
  108.                 $request->attributes->get('_route'),
  109.                 $this->getUser()->getUsername()
  110.             )
  111.         );
  113.         return $this->redirectToRoute('homepage');
  114.     }
  116.     /**
  117.      * @Route("/logout", name="app_logout", methods={"GET"})
  118.      */
  119.     public function logout() {
  121.         // Build logout url
  122.         $url $this->okta->logout();
  124.         // Empty sessions
  125.         $this->session->clear();
  126.         $this->session->invalidate();
  128.         // Empty security token. Without this the user can go back end browse NJ without beeing authenticated on Okta
  129.         $this->get('security.token_storage')->setToken(NULL);
  131.         return new RedirectResponse($url);
  133.         // controller can be blank: it will never be executed!
  134. //        throw new \Exception('Don\'t forget to activate logout in security.yaml');
  135.     }
  137.     /**
  138.      * @Route("/users", name="users", methods={"GET"})
  139.      */
  140.     public function users() {
  142.         $this->denyAccessUnlessGranted('ROLE_ADMIN');
  144.         $entityManager $this->getDoctrine()->getManager();
  145.         $users $entityManager->getRepository(User::class)->findAll();
  147.         return $this->render('security/users.html.twig', [
  148.             'users' => $users
  149.         ]);
  150.     }
  152.     /**
  153.      * @Route("/users/edit/{id}", name="users_edit", methods={"GET", "POST"})
  154.      */
  155.     public function edit($idRequest $requestUserPasswordEncoderInterface $passwordEncoder) {
  157.         $this->denyAccessUnlessGranted('ROLE_ADMIN');
  159.         // 1) build the form
  160.         if( $id == ) {
  161.             $user = new User();
  162.         } else {
  163.             $entityManager $this->getDoctrine()->getManager();
  164.             $user $entityManager->getRepository(User::class)->find($id);
  165.         }
  167.         $form $this->createForm(UserType::class, $user);
  168.         if( $id != ) {
  169.             $form->add('plainPassword'RepeatedType::class, array(
  170.                 'type' => PasswordType::class,
  171.                 'first_options'  => array('label' => 'Password'),
  172.                 'second_options' => array('label' => 'Repeat Password'),
  173.                 'required' => false,
  174.             ));
  175.         }
  177.         // 2) handle the submit (will only happen on POST)
  178.         $form->handleRequest($request);
  179.         if ($form->isSubmitted() && $form->isValid()) {
  181.             if( $id == || !empty($form['plainPassword']->getData()) ) {
  182.                 // 3) Encode the password (you could also do this via Doctrine listener)
  183.                 $password $passwordEncoder->encodePassword($user$user->getPlainPassword());
  184.                 $user->setPassword($password);
  185.             }
  187.             // 4) save the User!
  188.             $entityManager $this->getDoctrine()->getManager();
  189.             $entityManager->persist($user);
  190.             $entityManager->flush();
  192.             // ... do any other work - like sending them an email, etc
  193.             // maybe set a "flash" success message for the user
  195.             return $this->redirectToRoute('users');
  196.         }
  198.         return $this->render(
  199.             'security/edit.html.twig',
  200.             array('form' => $form->createView())
  201.         );
  203.     }
  204. }