parti-renaissance · ottaviano · Dec 7, 2022
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -527,8 +527,9 @@ security:
             entry_point: App\Security\LoginFormGuardAuthenticator
 
     access_control:
-        - { path: '^/parametres', roles: [ROLE_USER] }
-        - { path: '^/espace-adherent', roles: [ROLE_ADHERENT] }
+        - { path: '^/parametres', host: '%app_host%', roles: [ROLE_USER] }
+        - { path: '^/espace-adherent', host: '%app_host%', roles: [ROLE_ADHERENT] }
+        - { path: '^/(espace-adherent|parametres)', host: '%renaissance_host%', roles: [ROLE_RENAISSANCE_ADHERENT] }
         - { path: '^/admin/login', roles: [IS_AUTHENTICATED_ANONYMOUSLY] }
         - { path: '^/admin/(2fa|logout)', role: [IS_AUTHENTICATED_2FA_IN_PROGRESS] }
         - { path: '^/admin', roles: [ROLE_ADMIN_DASHBOARD] }

diff --git a/src/Controller/EnMarche/AdherentController.php b/src/Controller/EnMarche/AdherentController.php
@@ -96,10 +96,6 @@ public function pinInterestsAction(
             return $this->render('adherent/renaissance_profile.html.twig');
         }
 
-        if ($isRenaissanceApp && !$adherent->isRenaissanceUser()) {
-            return $this->redirectToRoute('homepage');
-        }
-
         $form = $this
             ->createForm(AdherentInterestsFormType::class, $adherent)
             ->handleRequest($request)

diff --git a/src/Controller/EnMarche/UserController.php b/src/Controller/EnMarche/UserController.php
@@ -58,10 +58,6 @@ public function profileAction(
             return $this->render('adherent/renaissance_profile.html.twig');
         }
 
-        if ($isRenaissanceApp && !$adherent->isRenaissanceUser()) {
-            return $this->redirect($this->generateUrl('homepage', [], UrlGeneratorInterface::ABSOLUTE_URL));
-        }
-
         $adherentProfile = AdherentProfile::createFromAdherent($adherent);
 
         $form = $this

diff --git a/src/Controller/Renaissance/Formation/DownloadController.php b/src/Controller/Renaissance/Formation/DownloadController.php
@@ -7,15 +7,13 @@
 use App\Storage\FileRequestHandler;
 use Doctrine\ORM\EntityManagerInterface;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Entity;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/espace-adherent/formations/{id}/telecharger", name="app_renaissance_adherent_formation_download", methods={"GET"})
  * @Entity("formation", expr="repository.findOneVisible(id)")
- * @IsGranted("RENAISSANCE_ADHERENT")
  */
 class DownloadController extends AbstractController
 {

diff --git a/src/Controller/Renaissance/Formation/ListController.php b/src/Controller/Renaissance/Formation/ListController.php
@@ -4,14 +4,12 @@
 
 use App\Entity\Adherent;
 use App\Repository\AdherentFormation\FormationRepository;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/espace-adherent/formations", name="app_renaissance_adherent_formation_list", methods={"GET"})
- * @IsGranted("RENAISSANCE_ADHERENT")
  */
 class ListController extends AbstractController
 {

diff --git a/src/Controller/Renaissance/LocalElection/CandidaciesListController.php b/src/Controller/Renaissance/LocalElection/CandidaciesListController.php
@@ -11,7 +11,7 @@
 
 /**
  * @Route("/elections-departementales", name="app_renaissance_departmental_election_lists", methods="GET")
- * @IsGranted("ROLE_ADHERENT")
+ * @IsGranted("ROLE_RENAISSANCE_ADHERENT")
  */
 class CandidaciesListController extends AbstractController
 {

diff --git a/src/Entity/Adherent.php b/src/Entity/Adherent.php
@@ -62,8 +62,6 @@
 use Ramsey\Uuid\Uuid;
 use Ramsey\Uuid\UuidInterface;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
-use Symfony\Component\Security\Core\Encoder\EncoderAwareInterface;
-use Symfony\Component\Security\Core\User\EquatableInterface;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Serializer\Annotation\Groups;
@@ -105,7 +103,7 @@
  *
  * @UniqueTerritorialCouncilMember(qualities={"referent", "lre_manager", "referent_jam"})
  */
-class Adherent implements UserInterface, UserEntityInterface, GeoPointInterface, EncoderAwareInterface, MembershipInterface, ReferentTaggableEntity, ZoneableEntity, EntityMediaInterface, EquatableInterface, UuidEntityInterface, MailchimpCleanableContactInterface, PasswordAuthenticatedUserInterface
+class Adherent implements UserInterface, UserEntityInterface, GeoPointInterface, MembershipInterface, ReferentTaggableEntity, ZoneableEntity, EntityMediaInterface, UuidEntityInterface, MailchimpCleanableContactInterface, PasswordAuthenticatedUserInterface
 {
     use EntityCrudTrait;
     use EntityIdentityTrait;
@@ -1031,6 +1029,10 @@ public function getRoles()
             $roles[] = 'ROLE_ADHERENT';
         }
 
+        if ($this->isRenaissanceAdherent()) {
+            $roles[] = 'ROLE_RENAISSANCE_ADHERENT';
+        }
+
         if ($this->isReferent()) {
             $roles[] = 'ROLE_REFERENT';
         }
@@ -1249,22 +1251,18 @@ public function hasLegacyPassword(): bool
         return null !== $this->oldPassword;
     }
 
-    public function getEncoderName(): ?string
+    public function getSalt()
     {
-        if ($this->hasLegacyPassword()) {
-            return 'legacy_encoder';
-        }
-
-        return null;
     }
 
-    public function getSalt()
+    public function getUserIdentifier(): string
     {
+        return $this->emailAddress;
     }
 
-    public function getUsername()
+    public function getUsername(): string
     {
-        return $this->emailAddress;
+        return $this->getUserIdentifier();
     }
 
     public function eraseCredentials()

diff --git a/src/Security/Voter/RenaissanceAdherentVoter.php b/src/Security/Voter/RenaissanceAdherentVoter.php
diff --git a/tests/Controller/EnMarche/CommitteeControllerTest.php b/tests/Controller/EnMarche/CommitteeControllerTest.php
@@ -113,9 +113,6 @@ public function testAuthenticatedCommitteeHostCanUnfollowCommittee()
 
         $crawler = $this->client->request(Request::METHOD_GET, $committeeUrl);
 
-        // Ex-host should be allow to follow again
-        $this->assertTrue($this->seeFollowLink($crawler));
-
         $this->logout($this->client);
         $this->getEntityManager(Adherent::class)->clear();
 

diff --git a/tests/Controller/Renaissance/AdherentControllerTest.php b/tests/Controller/Renaissance/AdherentControllerTest.php
@@ -66,8 +66,7 @@ public function testProfileActionIsNotAccessibleForEMAdherent(string $profilePag
 
         $this->client->request(Request::METHOD_GET, $profilePage);
 
-        $this->assertResponseStatusCode(Response::HTTP_FOUND, $this->client->getResponse());
-        $this->assertClientIsRedirectedTo('http://test.enmarche.code/', $this->client, false);
+        $this->assertResponseStatusCode(Response::HTTP_FORBIDDEN, $this->client->getResponse());
     }
 
     public function provideProfilePage(): \Generator