WIP
This commit is contained in:
Matthieu
@@ -5,10 +5,12 @@ declare(strict_types=1);
|
||||
namespace App\Controller;
|
||||
|
||||
use App\Repository\ProfileRepository;
|
||||
use Symfony\Component\DependencyInjection\Attribute\Autowire;
|
||||
use Symfony\Component\HttpFoundation\JsonResponse;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||
use Symfony\Component\RateLimiter\RateLimiterFactory;
|
||||
use Symfony\Component\Routing\Attribute\Route;
|
||||
|
||||
final class SessionProfileController
|
||||
@@ -16,6 +18,8 @@ final class SessionProfileController
|
||||
public function __construct(
|
||||
private readonly ProfileRepository $profiles,
|
||||
private readonly UserPasswordHasherInterface $passwordHasher,
|
||||
#[Autowire(service: 'limiter.login')]
|
||||
private readonly RateLimiterFactory $loginLimiter,
|
||||
) {}
|
||||
|
||||
#[Route('/api/session/profile', name: 'api_session_profile_get', methods: ['GET'])]
|
||||
@@ -56,6 +60,11 @@ final class SessionProfileController
|
||||
return new JsonResponse(['message' => 'Session indisponible.'], JsonResponse::HTTP_INTERNAL_SERVER_ERROR);
|
||||
}
|
||||
|
||||
$limiter = $this->loginLimiter->create($request->getClientIp());
|
||||
if (!$limiter->consume()->isAccepted()) {
|
||||
return new JsonResponse(['message' => 'Trop de tentatives. Réessayez dans une minute.'], JsonResponse::HTTP_TOO_MANY_REQUESTS);
|
||||
}
|
||||
|
||||
$payload = $request->toArray();
|
||||
$profileId = $payload['profileId'] ?? null;
|
||||
|
||||
@@ -64,24 +73,24 @@ final class SessionProfileController
|
||||
}
|
||||
|
||||
$profile = $this->profiles->find($profileId);
|
||||
if (!$profile || !$profile->isActive()) {
|
||||
return new JsonResponse(['message' => 'Profil introuvable ou inactif.'], JsonResponse::HTTP_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$password = $payload['password'] ?? '';
|
||||
if ('' === $password) {
|
||||
return new JsonResponse(['message' => 'Mot de passe requis.'], JsonResponse::HTTP_BAD_REQUEST);
|
||||
}
|
||||
|
||||
$loginFailed = new JsonResponse(['message' => 'Identifiants invalides.'], JsonResponse::HTTP_UNAUTHORIZED);
|
||||
|
||||
if (!$profile || !$profile->isActive()) {
|
||||
return $loginFailed;
|
||||
}
|
||||
|
||||
if (!$profile->getPassword()) {
|
||||
return new JsonResponse(
|
||||
['message' => 'Ce profil n\'a pas de mot de passe. Contactez un administrateur.'],
|
||||
JsonResponse::HTTP_FORBIDDEN,
|
||||
);
|
||||
return $loginFailed;
|
||||
}
|
||||
|
||||
if (!$this->passwordHasher->isPasswordValid($profile, $password)) {
|
||||
return new JsonResponse(['message' => 'Mot de passe incorrect.'], JsonResponse::HTTP_UNAUTHORIZED);
|
||||
return $loginFailed;
|
||||
}
|
||||
|
||||
$session->migrate(true);
|
||||
|
||||
Reference in New Issue
Block a user