src/Controller/DefaultController.php line 32

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Controller;
  7. use App\Entity\User;
  8. use App\Security\Authenticate;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use OneLogin\Saml2\Auth;
  11. use OneLogin\Saml2\Response as AuthResponse;
  12. use RuntimeException;
  13. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  14. use Symfony\Component\HttpFoundation\Response;
  15. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  16. use Symfony\Component\Routing\Annotation\Route;
  17. use Symfony\Contracts\Translation\TranslatorInterface;
  19. class DefaultController extends AbstractController
  20. {
  21.     public const URL_USERNAME_ATTRIBUTE 'http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname';
  22.     public const PATTERN_RESPONSE_SAML '%<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">(.+)@convictionsrh.com</saml%';
  24.     public function __construct(
  25.         private readonly EntityManagerInterface $em,
  26.         private readonly TranslatorInterface $translator,
  27.         private readonly UserPasswordHasherInterface $passwordHasher
  28.     ) {
  29.     }
  31.     #[Route('/'name'index')]
  32.     public function index(): Response
  33.     {
  34.         return $this->redirectToRoute('editor_index');
  35.     }
  37.     #[Route('/acs'name'acs'methods: ['GET''POST'])]
  38.     public function acs(Authenticate $authenticate): Response
  39.     {
  40.         $oneloginSettings $this->getParameter('nbgrp_onelogin_saml.onelogin_settings');
  41.         if (!\is_array($oneloginSettings)) {
  42.             throw new \UnexpectedValueException($this->translator->trans('onelogin.exception.arraySettings'));
  43.         }
  45.         $auth = new Auth($oneloginSettings['default']);
  47.         if (!isset($_POST['SAMLResponse'])) {
  48.             return new Response(
  49.                 $this->translator->trans('onelogin.exception.authFailed'),
  50.                 Response::HTTP_BAD_REQUEST
  51.             );
  52.         }
  54.         $response = new AuthResponse($auth->getSettings(), $_POST['SAMLResponse']);
  56.         $attr $response->getAttributes();
  58.         $username $attr[self::URL_USERNAME_ATTRIBUTE][0] ?? null;
  59.         $user $this->em->getRepository(User::class)->findOneBy(['email' => $username]);
  61.         if (null === $user && preg_match(self::PATTERN_RESPONSE_SAML$response->document->saveHTML(), $matches)) {
  62.             $username $matches[1];
  63.             $user $this->em->getRepository(User::class)->findOneBy(['email' => $username]);
  64.         }
  66.         $responseMessage null;
  67.         if (null !== $user) {
  68.             if ($user->isDeleted()) {
  69.                 $responseMessage $this->translator->trans('onelogin.userDeleted');
  70.             }
  71.         } else {
  72.             $user = new User();
  73.             $user->setEmail($username);
  74.             $user->setDeleted(false);
  76.             // Create PWD.
  77.             $plainPassword substr(
  78.                 str_shuffle(
  79.                     strtolower(
  80.                         sha1(
  81.                             rand() . time() . uniqid()
  82.                         )
  83.                     )
  84.                 ),
  85.                 0,
  86.                 16
  87.             );
  88.             $encodedPassword $this->passwordHasher->hashPassword($user$plainPassword);
  90.             $user->setPassword($encodedPassword);
  91.             $this->em->persist($user);
  92.             $this->em->flush();
  93.         }
  95.         if (null !== $responseMessage) {
  96.             return new Response($responseMessageResponse::HTTP_FORBIDDEN);
  97.         }
  99.         echo $this->translator->trans('onelogin.connected', ['%username%' => $username]);
  101.         $authenticate->login($user);
  103.         return $this->redirectToRoute('editor_index');
  104.     }
  106.     #[Route('/connect'name'connect'methods: ['GET''POST'])]
  107.     public function connect(): Response
  108.     {
  109.         $auth = new Auth();
  110.         $metadata $auth->getSettings()->getSPMetadata();
  112.         $response = new Response($metadata);
  113.         $response->headers->set('Content-Type''xml');
  115.         return $response;
  116.     }
  118.     // This will never be executed: Symfony will intercept this first and handle the logout automatically.
  119.     #[Route('/logout'name'logout')]
  120.     public function logout(): void
  121.     {
  122.         throw new RuntimeException('This should never be reached!');
  123.     }
  124. }