diff --git a/src/Controller/SecurityController.php b/src/Controller/SecurityController.php index 1dc02674..9c8ec590 100644 --- a/src/Controller/SecurityController.php +++ b/src/Controller/SecurityController.php @@ -3,9 +3,11 @@ namespace App\Controller; use App\Exception\AppException; +use App\Security\KeycloakToken; use App\Security\User; use KnpU\OAuth2ClientBundle\Client\ClientRegistry; use KnpU\OAuth2ClientBundle\Client\Provider\KeycloakClient; +use League\OAuth2\Client\Token\AccessToken; use Stevenmaguire\OAuth2\Client\Provider\Keycloak; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface; @@ -87,6 +89,28 @@ public function userInfoEdit(ClientRegistry $clientRegistry): RedirectResponse return $this->redirect($accountUrl); } + #[Route('/login/entree-carto/', name: 'login_entree_carto', methods: ['GET'])] + public function loginEntreeCarto(Request $request): RedirectResponse + { + /** @var ?AccessToken */ + $token = $request->getSession()->get(KeycloakToken::SESSION_KEY); + + // un token null signifie qu'on n'est pas connecté, donc on fait la connexion sur cartes d'abord. Après la connexion on revient ici et envoie le token à entree-carto par une redirection + if (null === $token) { + $request->getSession()->set('login_entree_carto', 1); + + return new RedirectResponse($this->generateUrl('cartesgouvfr_security_login')); + } + $tokenArray = $token->jsonSerialize(); + + // $entreeCartoLoginCallbackUrl = $this->generateUrl('cartesgouvfr_app', [], UrlGeneratorInterface::ABSOLUTE_URL).'cartes'; + $entreeCartoLoginCallbackUrl = 'http://localhost:5173/cartes.gouv.fr-entree-carto/login'; + + return new RedirectResponse($entreeCartoLoginCallbackUrl.'?'.http_build_query([ + 'token' => json_encode($tokenArray), + ])); + } + private function testLogin( TokenStorageInterface $tokenStorage, Request $request, diff --git a/src/Security/KeycloakAuthenticator.php b/src/Security/KeycloakAuthenticator.php index 230e7098..66e4835e 100644 --- a/src/Security/KeycloakAuthenticator.php +++ b/src/Security/KeycloakAuthenticator.php @@ -27,6 +27,7 @@ class KeycloakAuthenticator extends OAuth2Authenticator implements Authenticatio public const LOGIN_ROUTE = 'cartesgouvfr_security_login'; public const LOGIN_CHECK_ROUTE = 'cartesgouvfr_security_login_check'; + public const LOGIN_ENTREE_CARTO = 'cartesgouvfr_security_login_entree_carto'; public const SUCCESS_ROUTE = 'cartesgouvfr_app'; public const HOME_ROUTE = 'cartesgouvfr_app'; @@ -92,11 +93,16 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token, $targetPath = $this->getTargetPath($request->getSession(), $firewallName); $sessionExpired = $request->getSession()->get('session_expired'); + $loginEntreeCarto = $request->getSession()->get('login_entree_carto'); if (!is_null($sessionExpired) && 1 === intval($sessionExpired)) { $redirectUrl = $this->router->generate(self::HOME_ROUTE, ['session_expired_login_success' => 1], RouterInterface::ABSOLUTE_URL); $request->getSession()->remove('session_expired'); + } if (!is_null($loginEntreeCarto) && 1 === intval($loginEntreeCarto)) { + $redirectUrl = $this->router->generate(self::LOGIN_ENTREE_CARTO, [], RouterInterface::ABSOLUTE_URL); + + $request->getSession()->remove('login_entree_carto'); } else { $redirectUrl = $referer ?? $targetPath ?? $this->router->generate(self::SUCCESS_ROUTE, [], RouterInterface::ABSOLUTE_URL); $redirectUrl = str_replace('authentication_failed=1', '', $redirectUrl);