feat: désactiver login iam via une variable d'environnement #559

IGNF · Nov 20, 2024 · 27a2575 · 27a2575
1 parent 8a86eeb
commit 27a2575
Show file tree

Hide file tree

Showing 9 changed files with 65 additions and 5 deletions.
diff --git a/.env b/.env
@@ -16,6 +16,7 @@ IAM_URL=https://url.to/openid-connect-endpoint
 IAM_REALM=
 IAM_CLIENT_ID=registered_app_name
 IAM_CLIENT_SECRET=
+IAM_LOGIN_DISABLED=0
 
 # chemin public du répertoire de sortie pour webpack
 ENCORE_PUBLIC_PATH=/build/

diff --git a/assets/i18n/i18n.ts b/assets/i18n/i18n.ts
@@ -50,7 +50,8 @@ export type ComponentKey =
     | typeof import("../entrepot/pages/service/TableSelection").i18n
     | typeof import("../entrepot/pages/service/AccessRestrictions").i18n
     | typeof import("../entrepot/pages/service/wms-vector/UploadStyleFile").i18n
-    | typeof import("../espaceco/pages/communities/EspaceCoCommunitiesTr").i18n;
+    | typeof import("../espaceco/pages/communities/EspaceCoCommunitiesTr").i18n
+    | typeof import("../pages/LoginDisabled").i18n;
 
 export type Translations<L extends Language> = GenericTranslations<ComponentKey, Language, typeof fallbackLanguage, L>;
 export type LocalizedString = Parameters<typeof resolveLocalizedString>[0];

diff --git a/assets/i18n/languages/en.tsx b/assets/i18n/languages/en.tsx
@@ -34,6 +34,7 @@ import { RightsEnTranslations } from "../Rights";
 import { StyleEnTranslations } from "../Style";
 import type { Translations } from "../i18n";
 import { DatasheetUploadFormEnTranslations } from "../../entrepot/pages/datasheet/DatasheetNew/DatasheetUploadForm";
+import { LoginDisabledEnTranslations } from "../../pages/LoginDisabled";
 
 export const translations: Translations<"en"> = {
     Common: commonEnTranslations,
@@ -71,4 +72,5 @@ export const translations: Translations<"en"> = {
     DatasheetUploadForm: DatasheetUploadFormEnTranslations,
     DatasheetList: DatasheetListEnTranslations,
     AccessRestrictions: AccessRestrictionsEnTranslations,
+    LoginDisabled: LoginDisabledEnTranslations,
 };
diff --git a/assets/i18n/languages/fr.tsx b/assets/i18n/languages/fr.tsx
@@ -34,6 +34,7 @@ import { BreadcrumbFrTranslations } from "../Breadcrumb";
 import { RightsFrTranslations } from "../Rights";
 import { StyleFrTranslations } from "../Style";
 import type { Translations } from "../i18n";
+import { LoginDisabledFrTranslations } from "../../pages/LoginDisabled";
 
 export const translations: Translations<"fr"> = {
     Common: commonFrTranslations,
@@ -71,4 +72,5 @@ export const translations: Translations<"fr"> = {
     DatasheetUploadForm: DatasheetUploadFormFrTranslations,
     DatasheetList: DatasheetListFrTranslations,
     AccessRestrictions: AccessRestrictionsFrTranslations,
+    LoginDisabled: LoginDisabledFrTranslations,
 };
diff --git a/assets/pages/LoginDisabled.tsx b/assets/pages/LoginDisabled.tsx
@@ -0,0 +1,42 @@
+import { fr } from "@codegouvfr/react-dsfr";
+import Alert from "@codegouvfr/react-dsfr/Alert";
+import Button from "@codegouvfr/react-dsfr/Button";
+
+import AppLayout from "../components/Layout/AppLayout";
+import { declareComponentKeys, Translations, useTranslation } from "../i18n/i18n";
+import { routes } from "../router/router";
+
+const LoginDisabled = () => {
+    const { t } = useTranslation("LoginDisabled");
+
+    return (
+        <AppLayout documentTitle={t("title")}>
+            <h1>{t("title")}</h1>
+
+            <Alert severity="warning" description={t("description")} closable={false} small />
+
+            <Button linkProps={routes.home().link} className={fr.cx("fr-mt-2v")}>
+                {t("back_to_home")}
+            </Button>
+        </AppLayout>
+    );
+};
+
+export default LoginDisabled;
+
+export const { i18n } = declareComponentKeys<"title" | "description" | "back_to_home">()({
+    LoginDisabled,
+});
+
+export const LoginDisabledFrTranslations: Translations<"fr">["LoginDisabled"] = {
+    title: "Connexion momentanément désactivée",
+    description:
+        "L’accès à la partie connectée du site cartes.gouv.fr est temporairement indisponible en raison de travaux de maintenance de la Géoplateforme. Le reste du site reste accessible. Nous vous remercions de votre compréhension.",
+    back_to_home: "Revenir à l’accueil",
+};
+
+export const LoginDisabledEnTranslations: Translations<"en">["LoginDisabled"] = {
+    title: undefined,
+    description: undefined,
+    back_to_home: undefined,
+};
diff --git a/assets/router/RouterRenderer.tsx b/assets/router/RouterRenderer.tsx
@@ -24,6 +24,7 @@ const Accessibility = lazy(() => import("../pages/footer/Accessibility"));
 const LegalNotice = lazy(() => import("../pages/footer/LegalNotice"));
 const PersonalData = lazy(() => import("../pages/footer/PersonalData"));
 const TermsOfService = lazy(() => import("../pages/footer/TermsOfService"));
+const LoginDisabled = lazy(() => import("../pages/LoginDisabled"));
 
 const Me = lazy(() => import("../entrepot/pages/users/Me"));
 const MyAccessKeys = lazy(() => import("../entrepot/pages/users/MyAccessKeys"));
@@ -108,6 +109,8 @@ const RouterRenderer: FC = () => {
                 return <TermsOfService />;
             case "service_status":
                 return <ServiceStatus />;
+            case "login_disabled":
+                return <LoginDisabled />;
             case "my_account":
                 return <Me />;
             case "my_access_keys":

diff --git a/assets/router/router.ts b/assets/router/router.ts
@@ -6,7 +6,7 @@ export const appRoot = SymfonyRouting.getBaseUrl(); // (document.getElementById(
 export const catalogueUrl = (document.getElementById("app_env") as HTMLDivElement)?.dataset?.["catalogueUrl"] ?? "/catalogue";
 
 const routeDefs = {
-    // routes non protégées (doivent être listées plus bas dans publicRoutes)
+    // NOTE : routes non protégées (doivent être listées plus bas dans publicRoutes)
     home: defineRoute(
         {
             authentication_failed: param.query.optional.number,
@@ -34,8 +34,9 @@ const routeDefs = {
     join: defineRoute(`${appRoot}/nous-rejoindre`),
     terms_of_service: defineRoute(`${appRoot}/cgu`),
     service_status: defineRoute(`${appRoot}/niveau-de-service`),
+    login_disabled: defineRoute(`${appRoot}/connexion-desactivee`),
 
-    // routes protégées
+    // NOTE : routes protégées
     // utilisateur
     my_account: defineRoute(`${appRoot}/mon-compte`),
     my_access_keys: defineRoute(`${appRoot}/mes-cles`),
@@ -252,4 +253,5 @@ export const publicRoutes: typeof knownRoutes = [
     "join",
     "terms_of_service",
     "service_status",
+    "login_disabled",
 ];
diff --git a/config/parameters.yaml b/config/parameters.yaml
@@ -9,6 +9,7 @@ parameters:
     iam_realm: "%env(resolve:IAM_REALM)%"
     iam_client_id: "%env(resolve:IAM_CLIENT_ID)%"
     iam_client_secret: "%env(resolve:IAM_CLIENT_SECRET)%"
+    iam_login_disabled: "%env(resolve:IAM_LOGIN_DISABLED)%"
 
     sandbox_service_account:
         client_id: "%env(resolve:SANDBOX_SERVICE_ACCOUNT_CLIENT_ID)%"

diff --git a/src/Controller/SecurityController.php b/src/Controller/SecurityController.php
@@ -12,6 +12,7 @@
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
@@ -30,8 +31,13 @@ public function login(
         ClientRegistry $clientRegistry,
         ParameterBagInterface $params,
         TokenStorageInterface $tokenStorage,
-        RouterInterface $router
+        RouterInterface $router,
     ): RedirectResponse {
+        $iamLoginDisabled = boolval($params->get('iam_login_disabled'));
+        if ($iamLoginDisabled) {
+            return $this->redirect($this->generateUrl('cartesgouvfr_app', [], UrlGeneratorInterface::ABSOLUTE_URL).'connexion-desactivee');
+        }
+
         $referer = $request->headers->get('referer');
         $request->getSession()->set('referer', $referer);
 
@@ -84,7 +90,7 @@ public function userInfoEdit(ClientRegistry $clientRegistry): RedirectResponse
     private function testLogin(
         TokenStorageInterface $tokenStorage,
         Request $request,
-        RouterInterface $router
+        RouterInterface $router,
     ): RedirectResponse {
         $user = User::getTestUser();