src/EventListener/OAuth2/AuthorizationCodeListener.php line 27

Open in your IDE?
  1. <?php
  3. namespace App\EventListener\OAuth2;
  5. use App\Entity\Commons\OAuth2\User;
  6. use App\Oauth2\Grant\AuthCodeGrant;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use Cdp\Users\Transverse\Entity\Commons\Accounts;
  9. use Nyholm\Psr7\Response;
  10. use Symfony\Component\HttpFoundation\RequestStack;
  11. use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEvent;
  12. use Twig\Environment;
  14. class AuthorizationCodeListener
  15. {
  16.     protected RequestStack $requestStack;
  17.     protected Environment $templating;
  18.     protected EntityManagerInterface $commonsEm;
  20.     public function __construct(RequestStack $requestStackEnvironment $templatingEntityManagerInterface $commonsEm)
  21.     {
  22.         $this->requestStack $requestStack;
  23.         $this->templating $templating;
  24.         $this->commonsEm $commonsEm;
  25.     }
  27.     public function onAuthorizationRequestResolve(AuthorizationRequestResolveEvent $event)
  28.     {
  29.         // Si personne n'est loggué
  30.         // -> Ne devrait jamais arriver car le security va rerouter sur oauth2_auth_login si pas de user en session
  31.         if (null === $event->getUser()) {
  32.             $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
  33.             return;
  34.         }
  36.         $user $event->getUser();
  37.         $request $this->requestStack->getMasterRequest();
  39.         // Si on a déjà sélectionné un account précedement, on skip
  40.         if ($request->getSession()->has(AuthCodeGrant::PARAMETER_ACCOUNT)) {
  41.             $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
  42.             return;
  43.         }
  45.         $account null;
  47.         // Depuis le template de selection l'account est simplement passé en GET
  48.         if ($accountId $request->query->get(AuthCodeGrant::PARAMETER_ACCOUNT)) {
  49.             $account $this->commonsEm->find(Accounts::class, $accountId);
  51.             if (!$account) {
  52.                 $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
  53.                 return;
  54.             }
  56.             if ($account->getUser() != $user) {
  57.                 $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_DENIED);
  58.                 return;
  59.             }
  60.         }
  62.         if (null === $account) {
  63.             // $accounts = $this->commonsEm->getRepository(Accounts::class)->findBy([
  64.             //     'user' => $user,
  65.             // ]);
  67.             $qb $this->commonsEm->createQueryBuilder();
  68.             $qb
  69.                 ->select('a')
  70.                 ->from(Accounts::class, 'a')
  71.                 ->andWhere('a.user = :user')
  72.                 ->setParameter("user"$user)
  73.                 ->innerJoin('a.fond''fond')
  74.                 ->orderBy('fond.libelle''ASC')
  75.             ;
  76.             
  77.             $accounts $qb->getQuery()->getResult();
  79.             // Si le user n'a qu'un seul account, on passe l'étape de selection
  80.             if (=== count($accounts)) {
  81.                 return $this->onSuccessAccountSelection($event$accounts[0]);
  82.             }
  84.             $content $this->templating->render('sso/choose_account.html.twig', [
  85.                 'accounts' => $accounts,
  86.             ]);
  88.             $response = new Response(200, [], $content);
  89.             $event->setResponse($response);
  91.             return;
  92.         } else {
  93.             return $this->onSuccessAccountSelection($event$account);
  94.         }
  95.     }
  97.     protected function onSuccessAccountSelection(AuthorizationRequestResolveEvent $eventAccounts $account)
  98.     {
  99.         $request $this->requestStack->getMasterRequest();
  101.         // On set en $_SESSION pour pouvoir l'integrer dans l'authorization_code
  102.         $request->getSession()->set(AuthCodeGrant::PARAMETER_ACCOUNT$account->getId());
  104.         $event->resolveAuthorization(AuthorizationRequestResolveEvent::AUTHORIZATION_APPROVED);
  106.         return;
  107.     }
  108. }