cguUserService = $cguUserService; } #[Route(path: '/login', name: 'app_login')] public function login(AuthenticationUtils $authenticationUtils): Response { // get the login error if there is one $error = $authenticationUtils->getLastAuthenticationError(); // last username entered by the user $lastUsername = $authenticationUtils->getLastUsername(); return $this->render('security/login.html.twig', [ 'last_username' => $lastUsername, 'error' => $error, ]); } #[Route(path: '/sso_logout', name: 'sso_logout')] public function ssoLogout(RequestStack $stack, LoggerInterface $logger, AccessTokenService $accessTokenService, Security $security): Response { // Invalidate the session and revoke tokens try{ if( $stack->getSession()->invalidate()){ $accessTokenService->revokeTokens($security->getUser()->getUserIdentifier()); $security->logout(false); $logger->info("Logout successfully"); // Redirect back to the client (or to a “you are logged out” page) return $this->redirect('/'); } }catch (\Exception $e){ $logger->log(LogLevel::ERROR, 'Error invalidating session: ' . $e->getMessage()); } // If something goes wrong, redirect to the index page return $this->redirectToRoute('app_index'); } #[Route(path: '/consent', name: 'app_consent')] public function consent(Request $request): Response { // Handle form submission if ($request->isMethod('POST')) { // Check if user declined consent if (!$request->request->has('decline')) { // User accepted the CGU, save this in the database $this->cguUserService->acceptLatestCgu($this->getUser()); } // Redirect back to the OAuth authorization endpoint with all the query parameters return $this->redirectToRoute('oauth2_authorize', $request->query->all()); } // For GET requests, just show the consent form return $this->render('security/consent.html.twig'); } #[Route('/password_setup/{id}', name: 'password_setup', methods: ['GET'])] public function password_setup(int $id, Request $request): Response { $error = $request->get('error'); $user = $this->userRepository->find($id); if (!$user) { throw $this->createNotFoundException(self::NOT_FOUND); } $token = $request->get('token'); if (empty($token) || !$this->userService->isPasswordTokenValid($user, $token)) { $error = 'Le lien de définition du mot de passe est invalide ou a expiré. Veuillez en demander un nouveau.'; $this->logger->warning($user->getUserIdentifier(). " tried to use an invalid or expired password setup token."); } return $this->render('security/password_setup.html.twig', [ 'id' => $id, 'token' => $token, 'error' => $error, ]); } #[Route('/password_reset/{id}', name: 'password_reset', methods: ['POST'])] public function password_reset(int $id): Response { $user = $this->userRepository->find($id); if (!$user) { throw $this->createNotFoundException(self::NOT_FOUND); } $newPassword = $_POST['_password'] ?? null; $confirmPassword = $_POST['_passwordConfirm'] ?? null; if ($newPassword !== $confirmPassword) { $error = 'Les mots de passe ne correspondent pas. Veuillez réessayer.'; $this->logger->warning($user->getUserIdentifier(). " provided non-matching passwords during password reset."); return $this->redirectToRoute('password_setup', [ 'id' => $id, 'token' => $_POST['token'] ?? '', 'error'=> $error]); } if (!$this->userService->isPasswordStrong($newPassword)) { $error = 'Le mot de passe ne respecte pas les critères de sécurité. Veuillez en choisir un autre.'; $this->logger->warning($user->getUserIdentifier(). " provided a weak password during password reset."); return $this->redirectToRoute('password_setup', ['id' => $id, 'token' => $_POST['token'] ?? '', 'error'=> $error]); } $this->userService->updateUserPassword($user, $newPassword); $orgId = $this->userService->getOrgFromToken( $_POST['token']); $uo = $this->uoRepository->findOneBy(['users' => $user, 'organization' => $orgId]); if($uo){ $uo->setStatut("ACCEPTED"); $uo->setIsActive(true); $this->entityManager->persist($uo); $this->entityManager->flush(); } return $this->redirectToRoute('app_index'); } }