diff --git a/src/Controller/EtlController.php b/src/Controller/EtlController.php index 7713b47..ba5290f 100644 --- a/src/Controller/EtlController.php +++ b/src/Controller/EtlController.php @@ -1077,7 +1077,7 @@ class EtlController extends AbstractController } #[Route('/etl/connect/keycloak', name: 'connect_keycloak_etl_start')] - public function connectKeycloakEtlStart(ClientRegistry $clientRegistry): Response + public function connectKeycloakEtlStart(ClientRegistry $clientRegistry, Request $request): Response { $response = $clientRegistry ->getClient('keycloak_etl') @@ -1085,6 +1085,8 @@ class EtlController extends AbstractController $response->headers->set('Cache-Control', 'no-store, no-cache, must-revalidate'); $response->headers->set('Pragma', 'no-cache'); + $request->getSession()->save(); + return $response; } diff --git a/src/Controller/HomeController.php b/src/Controller/HomeController.php index c9fc95b..805014f 100644 --- a/src/Controller/HomeController.php +++ b/src/Controller/HomeController.php @@ -26,7 +26,7 @@ class HomeController extends AbstractController { #[Route('/intranet/connect/keycloak', name: 'connect_keycloak_start')] - public function connect(ClientRegistry $clientRegistry): Response + public function connect(ClientRegistry $clientRegistry, Request $request): Response { $response = $clientRegistry ->getClient('keycloak') @@ -34,6 +34,8 @@ class HomeController extends AbstractController $response->headers->set('Cache-Control', 'no-store, no-cache, must-revalidate'); $response->headers->set('Pragma', 'no-cache'); + $request->getSession()->save(); + return $response; } diff --git a/src/Security/EtlKeycloakAuthenticator.php b/src/Security/EtlKeycloakAuthenticator.php index 875d003..310683d 100644 --- a/src/Security/EtlKeycloakAuthenticator.php +++ b/src/Security/EtlKeycloakAuthenticator.php @@ -17,6 +17,7 @@ use Symfony\Component\Security\Http\Authenticator\Passport\Passport; use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Uid\Uuid; +use KnpU\OAuth2ClientBundle\Security\Exception\InvalidStateAuthenticationException; class EtlKeycloakAuthenticator extends OAuth2Authenticator implements AuthenticationEntryPointInterface { @@ -89,6 +90,10 @@ class EtlKeycloakAuthenticator extends OAuth2Authenticator implements Authentica public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response { + if ($exception instanceof InvalidStateAuthenticationException) { + return new RedirectResponse($this->router->generate('connect_keycloak_etl_start')); + } + $message = strtr($exception->getMessageKey(), $exception->getMessageData()); return new Response($message, Response::HTTP_FORBIDDEN); } diff --git a/src/Security/KeycloakAuthenticator.php b/src/Security/KeycloakAuthenticator.php index 72f35ab..5729847 100644 --- a/src/Security/KeycloakAuthenticator.php +++ b/src/Security/KeycloakAuthenticator.php @@ -18,6 +18,7 @@ use Symfony\Component\Security\Http\Authenticator\Passport\Passport; use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; use Symfony\Component\Uid\Uuid; +use KnpU\OAuth2ClientBundle\Security\Exception\InvalidStateAuthenticationException; class KeycloakAuthenticator extends OAuth2Authenticator implements AuthenticationEntryPointInterface { @@ -91,6 +92,10 @@ class KeycloakAuthenticator extends OAuth2Authenticator implements Authenticatio public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response { + if ($exception instanceof InvalidStateAuthenticationException) { + return new RedirectResponse($this->router->generate('connect_keycloak_start')); + } + $message = strtr($exception->getMessageKey(), $exception->getMessageData()); return new Response($message, Response::HTTP_FORBIDDEN); }