diff --git a/assets/vue/store/security.js b/assets/vue/store/security.js index b8d8bc57a8..41db84c78f 100644 --- a/assets/vue/store/security.js +++ b/assets/vue/store/security.js @@ -27,7 +27,7 @@ export default { return state.isAuthenticated; }, isAdmin(state, getters) { - return getters.hasRole('ROLE_ADMIN'); + return getters.isAuthenticated && getters.hasRole('ROLE_ADMIN'); }, getUser(state) { return state.user; diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 3dc529d0f1..3986865fbe 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -59,7 +59,6 @@ security: login_path: /login use_forward: false check_path: /login -# success_handler: chamilo_core.listener.login_success_handler failure_path: null guard: authenticators: diff --git a/config/services.yaml b/config/services.yaml index 53da7f281e..160dff2aaa 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -82,7 +82,6 @@ services: class: APY\DataGridBundle\Grid\GridRegistry public: true - League\Flysystem\MountManager: '@oneup_flysystem.mount_manager' # Voters diff --git a/src/CoreBundle/Controller/SecurityController.php b/src/CoreBundle/Controller/SecurityController.php index 56cb13ef00..81ce181fe6 100644 --- a/src/CoreBundle/Controller/SecurityController.php +++ b/src/CoreBundle/Controller/SecurityController.php @@ -5,27 +5,45 @@ namespace Chamilo\CoreBundle\Controller; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; +use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Security\Http\Authentication\AuthenticationUtils; +use Symfony\Component\Serializer\Encoder\JsonEncoder; +use Symfony\Component\Serializer\SerializerInterface; /** * Class SecurityController. */ class SecurityController extends AbstractController { + private $serializer; + + public function __construct(SerializerInterface $serializer) + { + $this->serializer = $serializer; + } + /** - * @Route("/login", name="login") + * Route("/login", name="login") */ public function login(AuthenticationUtils $authenticationUtils): Response { + error_log('login'); $error = $authenticationUtils->getLastAuthenticationError(); $lastUsername = $authenticationUtils->getLastUsername(); - return $this->render('@ChamiloCore/Index/vue.html.twig', [ - 'last_username' => $lastUsername, - 'error' => $error, - ]); + /** @var User $user */ + + $user = $this->getUser(); + $data = []; + if ($user) { + $userClone = clone $user; + $userClone->setPassword(''); + $data = $this->serializer->serialize($userClone, JsonEncoder::FORMAT); + } + + return new JsonResponse($data, Response::HTTP_OK, [], true); } /** @@ -36,9 +54,12 @@ class SecurityController extends AbstractController $error = $authenticationUtils->getLastAuthenticationError(); $lastUsername = $authenticationUtils->getLastUsername(); - return $this->render('@ChamiloCore/login.html.twig', [ - 'last_username' => $lastUsername, - 'error' => $error, - ]); + /** @var User $user */ + $user = $this->getUser(); + $userClone = clone $user; + $userClone->setPassword(''); + $data = $this->serializer->serialize($userClone, JsonEncoder::FORMAT); + + return new JsonResponse($data, Response::HTTP_OK, [], true); } } diff --git a/src/CoreBundle/Security/LoginFormAuthenticator.php b/src/CoreBundle/Security/LoginFormAuthenticator.php index 71e6c7590b..b500826cee 100644 --- a/src/CoreBundle/Security/LoginFormAuthenticator.php +++ b/src/CoreBundle/Security/LoginFormAuthenticator.php @@ -10,8 +10,10 @@ use Chamilo\CoreBundle\Hook\HookFactory; use Chamilo\CoreBundle\Repository\UserRepository; use Doctrine\ORM\EntityManagerInterface; use Symfony\Component\Form\FormFactoryInterface; +use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\RouterInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; @@ -24,9 +26,12 @@ use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Security\Csrf\CsrfToken; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; +use Symfony\Component\Security\Guard\AbstractGuardAuthenticator; use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator; use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface; use Symfony\Component\Security\Http\Util\TargetPathTrait; +use Symfony\Component\Serializer\Encoder\JsonEncoder; +use Symfony\Component\Serializer\SerializerInterface; /** * Class LoginFormAuthenticator. @@ -41,10 +46,11 @@ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements P private $passwordEncoder; //private $formFactory; private $hookFactory; - //private $userRepository; + private $userRepository; private $csrfTokenManager; private $urlGenerator; private $entityManager; + public $serializer; public function __construct( EntityManagerInterface $entityManager, @@ -53,17 +59,19 @@ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements P UserPasswordEncoderInterface $passwordEncoder, //FormFactoryInterface $formFactory, HookFactory $hookFactory, - //UserRepository $userRepository, - CsrfTokenManagerInterface $csrfTokenManager + UserRepository $userRepository, + CsrfTokenManagerInterface $csrfTokenManager, + SerializerInterface $serializer ) { $this->router = $router; $this->passwordEncoder = $passwordEncoder; //$this->formFactory = $formFactory; $this->hookFactory = $hookFactory; - // $this->userRepository = $userRepository; + $this->userRepository = $userRepository; $this->csrfTokenManager = $csrfTokenManager; $this->entityManager = $entityManager; $this->urlGenerator = $urlGenerator; + $this->serializer = $serializer; } public function supports(Request $request): bool @@ -79,7 +87,7 @@ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements P $data = json_decode($request->getContent(), true); $username = $data['username']; $password = $data['password']; - //$token = $data['csrf_token']; + //$token = $data['csrf_token']; } else { $username = $request->request->get('username'); $password = $request->request->get('password'); @@ -106,12 +114,12 @@ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements P */ public function getUser($credentials, UserProviderInterface $userProvider) { - $token = new CsrfToken('authenticate', $credentials['csrf_token']); + /*$token = new CsrfToken('authenticate', $credentials['csrf_token']); if (!$this->csrfTokenManager->isTokenValid($token)) { - //throw new InvalidCsrfTokenException(); - } - - $user = $this->entityManager->getRepository(User::class)->findOneBy(['username' => $credentials['username']]); + throw new InvalidCsrfTokenException(); + }*/ + /** @var User $user */ + $user = $this->userRepository->findOneBy(['username' => $credentials['username']]); if (!$user) { // fail authentication with a custom error @@ -151,27 +159,59 @@ class LoginFormAuthenticator extends AbstractFormLoginAuthenticator implements P return $credentials['password']; } - public function onAuthenticationFailure(Request $request, AuthenticationException $exception): RedirectResponse + public function onAuthenticationFailure(Request $request, AuthenticationException $exception) + { + /*$request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); + + return new RedirectResponse($this->router->generate('login'));*/ + + $data = [ + // you may want to customize or obfuscate the message first + 'message' => strtr($exception->getMessageKey(), $exception->getMessageData()), + + // or to translate this message + // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData()) + ]; + + return new JsonResponse($data, Response::HTTP_UNAUTHORIZED); + } + + public function start(Request $request, AuthenticationException $authException = null) { - $request->getSession()->set(Security::AUTHENTICATION_ERROR, $exception); + $data = [ + // you might translate this message + 'message' => 'Authentication Required', + ]; - return new RedirectResponse($this->router->generate('login')); + return new JsonResponse($data, Response::HTTP_UNAUTHORIZED); } /** * @param string $providerKey */ - public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey): RedirectResponse + public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey) { - if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { + /*if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) { return new RedirectResponse($targetPath); } - return new RedirectResponse($this->urlGenerator->generate('home')); + return new RedirectResponse($this->urlGenerator->generate('home'));*/ + + $user = $token->getUser(); + $userClone = clone $user; + $userClone->setPassword(''); + $data = $this->serializer->serialize($userClone, JsonEncoder::FORMAT); + + return new JsonResponse($data, Response::HTTP_OK, [], true); } public function getLoginUrl(): RedirectResponse { return $this->urlGenerator->generate(self::LOGIN_ROUTE); } + + public function supportsRememberMe() + { + return false; + } }