From 93c349e157dbc38ba6658bba614455a9d5cc8275 Mon Sep 17 00:00:00 2001 From: Nathan Boiron Date: Sat, 4 Apr 2026 01:20:43 +0200 Subject: [PATCH] =?UTF-8?q?D=C3=A9placement=20des=20pages=20d'authentifica?= =?UTF-8?q?tion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Les avoir à l'extérieur de `/admin` va à terme permettre de simplifier le firewall. --- app/config/packages/security.yaml | 10 +++--- app/config/routing.yml | 3 ++ app/config/routing/admin.yml | 11 ------- app/config/routing/auth.yml | 31 +++++++++++++++++++ htdocs/.htaccess | 2 +- .../UserMembership/UserService.php | 2 +- .../{Admin => Auth}/LoginAction.php | 10 +++--- .../{Admin => Auth}/LostPasswordAction.php | 4 +-- templates/admin/base_with_header.html.twig | 2 +- templates/event/ticket/ticket.html.twig | 4 +-- .../{admin => site/auth}/login.html.twig | 2 +- .../auth}/lost_password.html.twig | 2 +- templates/site/base.html.twig | 2 +- .../partials/impersonation_helper.html.twig | 2 +- templates/site/sitemap.html.twig | 2 +- tests/behat/bootstrap/AuthContext.php | 2 +- .../PasswordReset.feature | 2 +- 17 files changed, 58 insertions(+), 35 deletions(-) create mode 100644 app/config/routing/auth.yml rename sources/AppBundle/Controller/{Admin => Auth}/LoginAction.php (82%) rename sources/AppBundle/Controller/{Admin => Auth}/LostPasswordAction.php (92%) rename templates/{admin => site/auth}/login.html.twig (94%) rename templates/{admin => site/auth}/lost_password.html.twig (91%) rename tests/behat/features/{Admin => PublicSite}/PasswordReset.feature (91%) diff --git a/app/config/packages/security.yaml b/app/config/packages/security.yaml index 809a7bd22..31a2cbe3b 100644 --- a/app/config/packages/security.yaml +++ b/app/config/packages/security.yaml @@ -24,16 +24,16 @@ security: security: false legacy_secured_area: - pattern: ^(/admin/|/event/\w+/tickets|/association/techletter|/member) + pattern: ^(/admin/|/event/\w+/tickets|/association/techletter|/member|/login|/logout) provider: database_users logout: - path: /admin/logout + path: /logout target: / form_login: username_parameter: utilisateur password_parameter: mot_de_passe - login_path: admin_login - check_path: admin_login + login_path: app_login + check_path: app_login default_target_path: /member/ enable_csrf: true context: share_context @@ -51,7 +51,7 @@ security: access_control: - { path: ^/event/vote/, roles: ROLE_GITHUB } - { path: ^(/event/.*/(vote|cfp|speaker-infos)|/connect/github/check|/event/speaker-infos), roles: ROLE_GITHUB } - - { path: ^/admin/(login|register|password), roles: PUBLIC_ACCESS } + - { path: ^/(login|register|password-reset), roles: PUBLIC_ACCESS } - { path: ^/admin/techletter/members, roles: ROLE_ADMIN } - { path: ^/admin/techletter, roles: ROLE_VEILLE } - { path: ^/admin/company, roles: ROLE_COMPANY_MANAGER } diff --git a/app/config/routing.yml b/app/config/routing.yml index ca99c42b5..a315ba72d 100644 --- a/app/config/routing.yml +++ b/app/config/routing.yml @@ -86,3 +86,6 @@ presta_sitemap: global: resource: "routing/global.yml" + +auth: + resource: "routing/auth.yml" diff --git a/app/config/routing/admin.yml b/app/config/routing/admin.yml index 564f82532..d52a8b7ce 100644 --- a/app/config/routing/admin.yml +++ b/app/config/routing/admin.yml @@ -10,17 +10,6 @@ admin_void: path: /void defaults: {_controller: AppBundle\Controller\LegacyController::backOffice} -admin_login: - path: /login - defaults: {_controller: AppBundle\Controller\Admin\LoginAction} - -admin_logout: - path: /logout - -admin_password: - path: /password - defaults: {_controller: AppBundle\Controller\Admin\LostPasswordAction} - admin_members: resource: "admin_members.yml" prefix: /members diff --git a/app/config/routing/auth.yml b/app/config/routing/auth.yml new file mode 100644 index 000000000..a1f017c84 --- /dev/null +++ b/app/config/routing/auth.yml @@ -0,0 +1,31 @@ +app_login: + path: /login + defaults: {_controller: AppBundle\Controller\Auth\LoginAction} + +auth_old_login: + path: /admin/login + controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController + defaults: + route: 'app_login' + permanent: true + +app_logout: + path: /logout + +auth_old_logout: + path: /admin/logout + controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController + defaults: + route: 'app_logout' + permanent: true + +app_password_reset: + path: /password-reset + defaults: {_controller: AppBundle\Controller\Auth\LostPasswordAction} + +auth_old_password: + path: /admin/password + controller: Symfony\Bundle\FrameworkBundle\Controller\RedirectController + defaults: + route: 'app_password_reset' + permanent: true diff --git a/htdocs/.htaccess b/htdocs/.htaccess index 1023aa444..826d47b0e 100644 --- a/htdocs/.htaccess +++ b/htdocs/.htaccess @@ -54,4 +54,4 @@ RewriteRule ^ask/forum/? https://event.afup.org [R=301,L] RewriteRule ^ask/? / [R=301,L] ## This url are handled by symfony -RewriteRule (event|connect|_|association|talks|meetups|blog|admin|p|home|news|techno_watch|member|rss.xml)/? /index.php [END] +RewriteRule (event|connect|_|association|talks|meetups|blog|admin|p|home|news|techno_watch|member|login|logout|password-reset|rss.xml)/? /index.php [END] diff --git a/sources/AppBundle/Association/UserMembership/UserService.php b/sources/AppBundle/Association/UserMembership/UserService.php index 4942becde..caa9375d3 100644 --- a/sources/AppBundle/Association/UserMembership/UserService.php +++ b/sources/AppBundle/Association/UserMembership/UserService.php @@ -39,7 +39,7 @@ public function resetPassword(User $user): void $this->userRepository->save($user); $login = $user->getUsername(); - $url = $this->urlGenerator->generate('admin_login', [], UrlGeneratorInterface::ABSOLUTE_URL); + $url = $this->urlGenerator->generate('app_login', [], UrlGeneratorInterface::ABSOLUTE_URL); $message = new Message( 'AFUP : Mot de passe perdu ?', new MailUser($this->sender), diff --git a/sources/AppBundle/Controller/Admin/LoginAction.php b/sources/AppBundle/Controller/Auth/LoginAction.php similarity index 82% rename from sources/AppBundle/Controller/Admin/LoginAction.php rename to sources/AppBundle/Controller/Auth/LoginAction.php index 107b0803c..71c5b7add 100644 --- a/sources/AppBundle/Controller/Admin/LoginAction.php +++ b/sources/AppBundle/Controller/Auth/LoginAction.php @@ -2,18 +2,18 @@ declare(strict_types=1); -namespace AppBundle\Controller\Admin; +namespace AppBundle\Controller\Auth; use AppBundle\Twig\ViewRenderer; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Security\Http\Authentication\AuthenticationUtils; -class LoginAction +final readonly class LoginAction { public function __construct( - private readonly AuthenticationUtils $authenticationUtils, - private readonly ViewRenderer $view, + private AuthenticationUtils $authenticationUtils, + private ViewRenderer $view, ) {} public function __invoke(Request $request): Response @@ -29,7 +29,7 @@ public function __invoke(Request $request): Response $noDomain = parse_url($targetUri, PHP_URL_HOST) === null; $targetPath = $targetUri !== $actualUrl && $noDomain ? $targetUri : null; - return $this->view->render('admin/login.html.twig', [ + return $this->view->render('site/auth/login.html.twig', [ 'last_username' => $lastUsername, 'error' => $error, 'target_path' => $targetPath, diff --git a/sources/AppBundle/Controller/Admin/LostPasswordAction.php b/sources/AppBundle/Controller/Auth/LostPasswordAction.php similarity index 92% rename from sources/AppBundle/Controller/Admin/LostPasswordAction.php rename to sources/AppBundle/Controller/Auth/LostPasswordAction.php index 1116af008..6be9aa21c 100644 --- a/sources/AppBundle/Controller/Admin/LostPasswordAction.php +++ b/sources/AppBundle/Controller/Auth/LostPasswordAction.php @@ -2,7 +2,7 @@ declare(strict_types=1); -namespace AppBundle\Controller\Admin; +namespace AppBundle\Controller\Auth; use AppBundle\Association\UserMembership\UserService; use AppBundle\Twig\ViewRenderer; @@ -32,7 +32,7 @@ public function __invoke(Request $request): Response $this->addFlash('notice', 'Votre demande a été prise en compte. Si un compte correspond à cet email vous recevez un nouveau mot de passe rapidement.'); } - return $this->view->render('admin/lost_password.html.twig', [ + return $this->view->render('site/auth/lost_password.html.twig', [ 'form' => $form->createView(), 'title' => 'Mot de passe perdu', 'page' => 'motdepasse_perdu', diff --git a/templates/admin/base_with_header.html.twig b/templates/admin/base_with_header.html.twig index 5638241cd..8d1803bf4 100644 --- a/templates/admin/base_with_header.html.twig +++ b/templates/admin/base_with_header.html.twig @@ -100,7 +100,7 @@ Retour site
- Se déconnecter + Se déconnecter
diff --git a/templates/event/ticket/ticket.html.twig b/templates/event/ticket/ticket.html.twig index 6b3e3a0fd..2f0d5ca2f 100644 --- a/templates/event/ticket/ticket.html.twig +++ b/templates/event/ticket/ticket.html.twig @@ -84,7 +84,7 @@

{{ "Attention votre cotisation ne sera plus valable le jour de l'évènement. Vous pouvez commander des billets au tarif AFUP mais vous devrez renouveler votre cotisation pour pouvoir accéder à l'évènement."|trans }}

{% endif %} {% else %} -

Pour acheter des places au tarif AFUP, vous devez vous connecter.

+

Pour acheter des places au tarif AFUP, vous devez vous connecter.

{% endif %} {% endif %} @@ -374,4 +374,4 @@ }); {# Debut block conversion linkedIn Insights #} -{% endblock %} \ No newline at end of file +{% endblock %} diff --git a/templates/admin/login.html.twig b/templates/site/auth/login.html.twig similarity index 94% rename from templates/admin/login.html.twig rename to templates/site/auth/login.html.twig index 3903c9219..5366a13cb 100644 --- a/templates/admin/login.html.twig +++ b/templates/site/auth/login.html.twig @@ -25,7 +25,7 @@
-

Mot de passe perdu

+

Mot de passe perdu

Adhésion à l'AFUP

diff --git a/templates/admin/lost_password.html.twig b/templates/site/auth/lost_password.html.twig similarity index 91% rename from templates/admin/lost_password.html.twig rename to templates/site/auth/lost_password.html.twig index d6640415f..1a36578ff 100644 --- a/templates/admin/lost_password.html.twig +++ b/templates/site/auth/lost_password.html.twig @@ -25,7 +25,7 @@

- Retour au formulaire de connexion + Retour au formulaire de connexion

diff --git a/templates/site/base.html.twig b/templates/site/base.html.twig index c82f94d20..9699cde2b 100644 --- a/templates/site/base.html.twig +++ b/templates/site/base.html.twig @@ -27,7 +27,7 @@ {% if app.user.canAccessAdmin %} Administration {% endif %} - Se déconnecter + Se déconnecter {% else %} Se connecter Adhérer diff --git a/templates/site/partials/impersonation_helper.html.twig b/templates/site/partials/impersonation_helper.html.twig index 70c90c918..9881926ce 100644 --- a/templates/site/partials/impersonation_helper.html.twig +++ b/templates/site/partials/impersonation_helper.html.twig @@ -20,7 +20,7 @@
- Déconnexion + Déconnexion
Retourner au compte d'origine diff --git a/templates/site/sitemap.html.twig b/templates/site/sitemap.html.twig index bc4163808..1c481e750 100644 --- a/templates/site/sitemap.html.twig +++ b/templates/site/sitemap.html.twig @@ -22,7 +22,7 @@

Historique des conférences

diff --git a/tests/behat/bootstrap/AuthContext.php b/tests/behat/bootstrap/AuthContext.php index effc52fa2..20a88725b 100644 --- a/tests/behat/bootstrap/AuthContext.php +++ b/tests/behat/bootstrap/AuthContext.php @@ -25,7 +25,7 @@ public function iAmLoggedInAsAdmin(): void #[Given('I am logged-in with the user :username and the password :password')] public function iAmLoggedInWithTheUserAndThePassword(string $username, string $password): void { - $this->minkContext->visitPath('/admin/login'); + $this->minkContext->visitPath('/login'); $this->minkContext->fillField('utilisateur', $username); $this->minkContext->fillField('mot_de_passe', $password); $this->minkContext->pressButton('Se connecter'); diff --git a/tests/behat/features/Admin/PasswordReset.feature b/tests/behat/features/PublicSite/PasswordReset.feature similarity index 91% rename from tests/behat/features/Admin/PasswordReset.feature rename to tests/behat/features/PublicSite/PasswordReset.feature index 8576faa46..d278fb3aa 100644 --- a/tests/behat/features/Admin/PasswordReset.feature +++ b/tests/behat/features/PublicSite/PasswordReset.feature @@ -5,4 +5,4 @@ Feature: Password Reset Scenario: L'utilisateur reçoit une URL de connexion complète dans l'e-mail de réinitialisation du mot de passe. When I request a password reset for "edmond.dupont@mycorp.fr" Then I should receive an email - And the email should contain a full URL starting with "https://apachephptest:80/admin/login" + And the email should contain a full URL starting with "https://apachephptest:80/login"