SuiteCRM/SuiteCRM-Core
2
0
Fork 0
mirror of https://github.com/SuiteCRM/SuiteCRM-Core.git synced 2025-09-05 10:18:33 +08:00
Code Issues Projects Packages Activity Actions

Symfony 6.4 - Re-setup Security Controller

Browse source 
- Use attributes instead of annotations
- Adjust to new session changes
- Adjust to new symfony setup

[Legacy] Re-setup Security Controller

- Add method to check if user is enabled
This commit is contained in:
Clemente Raposo 2024-06-03 11:05:21 +01:00
parent 9463e4f6ec
commit bb7074b86b
3 changed files with 77 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

91
core/backend/Authentication/Controller/SecurityController.php
View file

@ -29,15 +29,16 @@
namespace App\Authentication\Controller;
use App\Authentication\LegacyHandler\Authentication;
use Exception;
use App\Module\Users\Entity\User;
use RuntimeException;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Http\Attribute\CurrentUser;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
/**
@ -54,26 +55,21 @@ class SecurityController extends AbstractController
/**
* @var RequestStack
*/
private $session;
private $requestStack;
/**
* SecurityController constructor.
* @param Authentication $authentication
* @param RequestStack $session
* @param RequestStack $requestStack
*/
public function __construct(Authentication $authentication, RequestStack $session)
public function __construct(Authentication $authentication, RequestStack $requestStack)
{
$this->authentication = $authentication;
$this->session = $session;
$this->requestStack = $requestStack;
}
/**
* @Route("/login", name="app_login", methods={"GET", "POST"})
* @param AuthenticationUtils $authenticationUtils
* @param Security $security
* @return JsonResponse
*/
public function login(AuthenticationUtils $authenticationUtils, Security $security): JsonResponse
#[Route('/login', name: 'app_login', methods: ["GET", "POST"])]
public function login(AuthenticationUtils $authenticationUtils, #[CurrentUser] ?User $user): JsonResponse
{
$error = $authenticationUtils->getLastAuthenticationError();
$isAppInstalled = $this->authentication->getAppInstallStatus();
@ -84,10 +80,18 @@ class SecurityController extends AbstractController
];
if ($error) {
return new JsonResponse(['active' => false], Response::HTTP_UNAUTHORIZED);
return $this->json([
'active' => false,
'message' => 'missing credentials'
], Response::HTTP_UNAUTHORIZED);
}
$user = $security->getUser();
if (null === $user) {
return $this->json([
'active' => false,
'message' => 'missing credentials',
], Response::HTTP_UNAUTHORIZED);
}
$data = $this->getResponseData($user, $appStatus);
@ -96,23 +100,18 @@ class SecurityController extends AbstractController
$data['redirect'] = $needsRedirect;
}
return new JsonResponse($data, Response::HTTP_OK);
$data['user'] = $user->getUserIdentifier();
return $this->json($data, Response::HTTP_OK);
}
/**
* @Route("/logout", name="app_logout", methods={"GET", "POST"})
* @throws Exception
*/
#[Route('/logout', name: 'app_logout', methods: ["GET", "POST"])]
public function logout(): void
{
throw new RuntimeException('This will be intercepted by the logout key');
}
/**
* @Route("/session-status", name="app_session_status", methods={"GET"})
* @param Security $security
* @return JsonResponse
*/
#[Route('/session-status', name: 'app_session_status', methods: ["GET"])]
public function sessionStatus(Security $security): JsonResponse
{
$isAppInstalled = $this->authentication->getAppInstallStatus();
@ -125,8 +124,8 @@ class SecurityController extends AbstractController
if (!$isAppInstalled) {
$response = new JsonResponse(['appStatus' => $appStatus], Response::HTTP_OK);
$response->headers->clearCookie('XSRF-TOKEN');
$this->session->invalidate();
$this->session->start();
$this->requestStack->getSession()->invalidate();
$this->requestStack->getSession()->start();
return $response;
}
@ -135,8 +134,8 @@ class SecurityController extends AbstractController
if ($isActive !== true) {
$response = new JsonResponse(['active' => false, 'appStatus' => $appStatus], Response::HTTP_OK);
$this->session->invalidate();
$this->session->start();
$this->requestStack->getSession()->invalidate();
$this->requestStack->getSession()->start();
$this->authentication->initLegacySystemSession();
return $response;
@ -145,8 +144,17 @@ class SecurityController extends AbstractController
$user = $security->getUser();
if ($user === null) {
$response = new JsonResponse(['active' => false, 'appStatus' => $appStatus], Response::HTTP_OK);
$this->session->invalidate();
$this->session->start();
$this->requestStack->getSession()->invalidate();
$this->requestStack->getSession()->start();
return $response;
}
$isUserActive = $this->authentication->isUserActive();
if ($isUserActive !== true) {
$response = new JsonResponse(['active' => false, 'appStatus' => $appStatus], Response::HTTP_OK);
$this->requestStack->getSession()->invalidate();
$this->requestStack->getSession()->start();
return $response;
}
@ -156,30 +164,19 @@ class SecurityController extends AbstractController
return new JsonResponse($data, Response::HTTP_OK);
}
/**
* @Route("/auth/login", name="native_auth_login", methods={"GET", "POST"})
* @param AuthenticationUtils $authenticationUtils
* @return JsonResponse
*/
public function nativeAuthLogin(AuthenticationUtils $authenticationUtils, Security $security): JsonResponse
#[Route('/auth/login', name: 'native_auth_login', methods: ["GET", "POST"])]
public function nativeAuthLogin(AuthenticationUtils $authenticationUtils, #[CurrentUser] ?User $user): JsonResponse
{
return $this->login($authenticationUtils, $security);
return $this->login($authenticationUtils, $user);
}
/**
* @Route("/auth/logout", name="native_auth_logout", methods={"GET", "POST"})
* @throws Exception
*/
#[Route('/auth/logout', name: 'native_auth_logout', methods: ["GET", "POST"])]
public function nativeAuthLogout(): void
{
$this->logout();
}
/**
* @Route("/auth/session-status", name="native_auth_session_status", methods={"GET"})
* @param Security $security
* @return JsonResponse
*/
#[Route('/auth/session-status', name: 'native_auth_session_status', methods: ["GET"])]
public function nativeAuthSessionStatus(Security $security): JsonResponse
{
return $this->sessionStatus($security);

17
core/backend/Authentication/LegacyHandler/Authentication.php
View file

@ -233,6 +233,23 @@ class Authentication extends LegacyHandler
return $result;
}
/**
* Check if user is active
* @return bool
*/
public function isUserActive(): bool
{
$this->init();
$authController = $this->getAuthenticationController();
$result = $authController->isUserActive();
$this->close();
return $result;
}
/**
* Check if suite app is installed
* @return bool

16
public/legacy/modules/Users/authentication/AuthenticationController.php
View file

@ -297,6 +297,22 @@ class AuthenticationController
return $this->authenticated;
}
/**
* This is called on every page hit.
* It returns true if the current session is authenticated or false otherwise
*
* @return bool
*/
public function isUserActive(): bool
{
global $current_user;
/** @var User $reloadedUser */
$reloadedUser = BeanFactory::getBean('Users', $current_user->id);
return $reloadedUser->isEnabled() ?? false;
}
/**
* Called when a user requests to logout. Should invalidate the session and redirect
* to the login page.