src/Auth/Application/UseCase/IdempiereTokenOnLoginSuccessSubscriber.php line 36

Open in your IDE?
  1. <?php
  3. namespace App\Auth\Application\UseCase;
  5. use App\Auth\Application\Exception\BadLoginResponse;
  6. use App\Auth\Application\Exception\InvalidCredentials;
  7. use App\Auth\Application\Exception\LoginFailed;
  8. use App\Auth\Application\UseCase\LoginUseCase;
  9. use App\Entity\Idempiere\AdUser;
  10. use App\Repository\Idempiere\AdUserRepository;
  11. use Psr\Log\LoggerInterface;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Symfony\Component\HttpFoundation\RedirectResponse;
  14. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  15. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  16. use Symfony\Component\Security\Http\Event\LoginSuccessEvent;
  18. final class IdempiereTokenOnLoginSuccessSubscriber implements EventSubscriberInterface
  19. {
  20. public function __construct(
  21. private readonly LoginUseCase $loginUseCase,
  22. private readonly UrlGeneratorInterface $urlGenerator,
  23. private readonly TokenStorageInterface $tokenStorage,
  24. private readonly LoggerInterface $logger,
  25. private readonly AdUserRepository $userRepository
  26. ) {
  27. }
  29. public static function getSubscribedEvents(): array
  30. {
  31. return [
  32. LoginSuccessEvent::class => 'onLoginSuccess',
  33. ];
  34. }
  36. public function onLoginSuccess(LoginSuccessEvent $event): void
  37. {
  38. $request = $event->getRequest();
  39. $route = (string) $request->attributes->get('_route', '');
  41. // Solo para el login normal manejado por security form_login.
  42. if ($route !== 'app_login') {
  43. return;
  44. }
  46. if (!$request->hasSession()) {
  47. return;
  48. }
  49. $session = $request->getSession();
  51. $username = (string) $request->request->get('username', $request->request->get('_username', ''));
  52. $password = (string) $request->request->get('password', $request->request->get('_password', ''));
  54. if ($username === '' || $password === '') {
  55. return;
  56. }
  58. try {
  59. $roleId = $this->resolveRoleId($event);
  60. $dto = $this->loginUseCase->execute($username, $password, $roleId);
  62. $session->set('idempiere.token', $dto->token);
  63. $session->set('idempiere.refresh_token', $dto->refreshtoken);
  64. $session->set('idempiere.userId', $dto->userId);
  65. $session->set('idempiere.language', $dto->language);
  66. $session->set('idempiere.org', $dto->org);
  67. $session->set('idempiere.client', $dto->client);
  68. $session->set('idempiere.role', $dto->role);
  69. $session->set('idempiere.warehouse_id', $dto->warehouse);
  70. $session->set('idempiere.tree', $dto->tree);
  71. } catch (InvalidCredentials | BadLoginResponse | LoginFailed $e) {
  72. $this->logger->error('Idempiere token creation failed after successful app login.', [
  73. 'route' => $route,
  74. 'username' => $username,
  75. 'error' => $e->getMessage(),
  76. 'exception' => $e,
  77. ]);
  79. $session->invalidate();
  80. $this->tokenStorage->setToken(null);
  82. if ($request->hasSession()) {
  83. $request->getSession()->getFlashBag()->add('error', 'No se pudo crear token de iDempiere: ' . $e->getMessage());
  84. }
  86. $event->setResponse(new RedirectResponse($this->urlGenerator->generate('app_login')));
  87. }
  88. }
  90. private function resolveRoleId(LoginSuccessEvent $event): int
  91. {
  92. $user = $event->getAuthenticatedToken()->getUser();
  93. if (!$user instanceof AdUser) {
  94. return 0;
  95. }
  97. $roles = $this->userRepository->findRoles($user->getId());
  98. if (empty($roles)) {
  99. return 0;
  100. }
  102. $vendorRoleId = (int)($_ENV['IDEMPIERE_ROLE_ID'] ?? 0);
  104. // Si el usuario tiene el rol de vendedor, usarlo; si no, usar su primer rol
  105. foreach ($roles as $role) {
  106. if ((int)$role['ad_role_id'] === $vendorRoleId) {
  107. return $vendorRoleId;
  108. }
  109. }
  111. return (int)$roles[0]['ad_role_id'];
  112. }
  113. }