<?php
namespace App\Controller;
use App\Entity\Usuario;
use App\Security\LoginAuthenticator;
use App\Service\Microsoft;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
class SecurityController extends AbstractController
{
#[Route('/login', name: 'app_login')]
public function login(AuthenticationUtils $authenticationUtils): Response
{
// if ($this->getUser()) {
// return $this->redirectToRoute('target_path');
// }
$tenant = "conalepmexedu.onmicrosoft.com";
$client_id = "211ac272-40bc-4a7d-b0f9-222d60baf6c0";
$response_type = "token+id_token";
$redirect_uri = "https%3A%2F%2Fti.conalepmex.edu.mx%2Fsigmec%2FprocessLogin";
$response_mode = "form_post";
$scope = "user.read+openid+profile+email";
$state = "12345";
$nonce = "678910";
$link = "https://login.microsoftonline.com/$tenant/oauth2/v2.0/authorize?client_id=$client_id&response_type=$response_type&redirect_uri=$redirect_uri&response_mode=$response_mode&scope=$scope&state=$state&nonce=$nonce";
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', ['last_username' => $lastUsername, 'error' => $error, 'link' => $link]);
}
#[Route('/logout', name: 'app_logout')]
public function logout(): void
{
throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
}
#[Route('/processLogin', name: 'app_microsoft', methods: ['POST'])]
public function loginMicrosoft(Request $request, Microsoft $ms, EntityManagerInterface $em, UserAuthenticatorInterface $userAuthenticator, LoginAuthenticator $authenticator): Response
{
$token = $request->request->get('access_token');
if (empty($token))
throw new CustomUserMessageAuthenticationException('Username could not be found.');
$info = $ms->OIDCUserInfo($token);
$user = $em->getRepository(Usuario::class)->findOneBy(['correo' => $info['email']]);
if (!$user) {
$this->addFlash('danger', 'Usuario no encontrado. Solicitar acceso al sistema.');
throw new CustomUserMessageAuthenticationException('Username could not be found.');
}
if ($user->getEstatus() == "Pendiente") {
$this->addFlash('danger', 'La solicitud de acceso no ha sido evaluada.');
throw new CustomUserMessageAuthenticationException('Access request pending evaluation.');
}
if ($user->getEstatus() == "Rechazado") {
$this->addFlash('danger', 'La solicitud de acceso fue rechazada.');
throw new CustomUserMessageAuthenticationException('Access request has been rejected.');
}
if ($user->getEstatus() == "Suspendido") {
$this->addFlash('danger', 'Las credenciales de acceso han sido suspendidas.');
throw new CustomUserMessageAuthenticationException('Access credentials suspended.');
}
$userAuthenticator->authenticateUser($user, $authenticator, $request);
return $this->redirectToRoute('homepage');
}
}