src/Controller/EntraController.php line 42

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Services\AuthService;
  6. use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
  7. use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
  8. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  9. use Symfony\Component\HttpFoundation\Request;
  10. use Symfony\Component\HttpFoundation\RedirectResponse;
  11. use Symfony\Component\Routing\Annotation\Route;
  12. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  13. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  14. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  15. use Symfony\Component\Security\Http\Util\TargetPathTrait;
  16. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  17. use Symfony\Contracts\HttpClient\HttpClientInterface;
  18. use JMS\Serializer\SerializerInterface;
  19. use Psr\Log\LoggerInterface;
  20. use Lcobucci\JWT\Signer\Hmac\Sha256;
  21. use Lcobucci\JWT\Signer\Key\InMemory;
  22. use Symfony\Component\HttpFoundation\Response;
  23. use Lcobucci\JWT\Configuration;
  24. use Lcobucci\JWT\UnencryptedToken;
  25. use Symfony\Component\Uid\Uuid;
  27. class EntraController extends AbstractController
  28. {
  29.     use TargetPathTrait;
  31.     private $entra_url;
  32.     private $jwtConfig;
  33.     private $discoveryKeysUrl;
  34.     private $httpClient;
  36.     private $logger;
  37.     private $authService;
  39.     public function __construct(ParameterBagInterface $parameterBagLoggerInterface $loggerHttpClientInterface $httpClientAuthService $authService)
  40.     {
  41.         $this->entra_url $parameterBag->get('entra_parameters')['entra_url'];
  42.         $this->applicationObjectId $parameterBag->get('entra_parameters')['entra_object_id'];
  43.         $this->discoveryKeysUrl $this->entra_url '/discovery/keys';
  44.         $this->logger $logger;
  45.         $this->httpClient $httpClient;
  46.         $this->authService $authService;
  47.         $this->jwtConfig Configuration::forSymmetricSigner(
  48.             new \Lcobucci\JWT\Signer\Hmac\Sha256(),
  49.             InMemory::plainText('temporary-secret-key')
  50.         );
  51.     }
  53.     /**
  54.      * Start OAuth process with Entra Server
  55.      *
  56.      * @Route("/connect/entra", name="connect_entra_start")
  57.      */
  58.     public function connectAction(Request $requestClientRegistry $clientRegistrySessionInterface $session)
  59.     {
  60.         // Generate a unique ID for this login attempt
  61.         $authId Uuid::v4()->toRfc4122();
  63.         //Generate the code verifier
  64.         $codeVerifier bin2hex(random_bytes(64));
  65.         $codeChallenge strtr(rtrim(base64_encode(hash('sha256'$codeVerifiertrue)), '='), '+/''-_');
  67.         // Store the code verifier with the unique authId in session
  68.         $session->set('oauth2_code_verifier_' $authId$codeVerifier);
  70.         //store the target path with the unique authId in session
  71.         if ($request->get('retryRedirectUrl') == null) {
  72.             $targetPath $session->get('_security.main.target_path');
  73.             if ($targetPath != null) {
  74.                 $session->set('login_redirect_url_' $authId$targetPath);
  75.             }
  76.         } else {
  77.             $session->set('login_redirect_url_' $authId$request->get('retryRedirectUrl'));
  78.         }
  81.         return $clientRegistry
  82.             ->getClient('entra_id_external'// key used in config/packages/knpu_oauth2_client.yaml
  83.             ->redirect(["email""openid""profile""offline_access"], [
  84.                 'code_challenge' => $codeChallenge,
  85.                 'code_challenge_method' => 'S256',
  86.                 'state' => $authId// Pass the unique ID as the state parameter
  87.                 'route' => $request->headers->get('request_uri')
  88.             ]);
  89.     }
  91.     /**
  92.      * Callback after Entra connexion
  93.      *
  94.      * @Route("/connect/entra/check", name="connect_entra_check")
  95.      */
  96.     public function connectCheckAction(Request $requestClientRegistry $clientRegistry)
  97.     {
  98.         //blank because we are using a Symfony authenticator
  99.     }
  101.     /**
  102.      * @Route("/logout", name="app_logout")
  103.      */
  104.     public function logout(Request $requestSessionInterface $sessionTokenStorageInterface $tokenStorage): RedirectResponse
  105.     {
  106.         $session->invalidate();
  107.         $tokenStorage->setToken(null);
  108.         $azureLogoutUrl $this->entra_url '/oauth2/v2.0/logout?post_logout_redirect_uri=' urlencode($this->generateUrl('homepage', [], UrlGeneratorInterface::ABSOLUTE_URL));
  110.         return $this->redirect($azureLogoutUrl);
  111.         // Symfony gère automatiquement le processus de déconnexion
  112.         // Si vous avez besoin d'une logique supplémentaire, vous pouvez l'ajouter ici
  113.     }
  115.     /**
  116.      * @Route("/soft-logout", name="app_soft_logout")
  117.      */
  118.     public function softLogout(Request $requestSessionInterface $sessionTokenStorageInterface $tokenStorage): Response
  119.     {
  120.         $session->invalidate();
  121.         $tokenStorage->setToken(null);
  123.         return new Response('Logout successful'Response::HTTP_OK);
  124.     }
  126.     /**
  127.      * @Route("/slo", name="app_slo", methods={"GET"}) #TODO TEST
  128.      */
  129.     public function slo(Request $request): Response
  130.     {
  131.         $this->logger->info('Slo endpoint called');
  132.         $sid $request->get('sid');
  133.         $this->logger->info('sid: ' $sid);
  134.         $sessionExists $this->authService->getSessionBySid($sid);
  135.         if ($sessionExists) {
  136.             $this->container->get('security.token_storage')->setToken(null);
  137.             $request->getSession()->invalidate();
  138.             return new Response('Logout successful'Response::HTTP_OK);
  139.         }
  140.         return new Response('Invalid logout request'Response::HTTP_BAD_REQUEST);
  141.     }
  143. }