OTP : configuration via kc_action, login redirige vers profil

- auth/otp_setup.php : déclenche CONFIGURE_TOTP via kc_action Keycloak - Tuile OTP pointe vers otp_setup.php (plus de lien externe vers la console) - Bouton Activer en btn-primary, Reconfigurer en btn-outline - login.php : redirige vers /profile.php si déjà connecté Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-04 00:46:05 +02:00 · 2026-05-04 00:46:05 +02:00 · f5f831dfb0
commit f5f831dfb0
parent fcdd094e26
3 changed files with 28 additions and 5 deletions
--- a/web/auth/login.php
+++ b/web/auth/login.php
@ -6,7 +6,7 @@ require_once __DIR__ . '/../inc/oidc.php';
 session_start_safe();

 if (current_user()) {
-    header('Location: /dashboard.php');
+    header('Location: /profile.php');
    exit;
 }

--- a/web/auth/otp_setup.php
+++ b/web/auth/otp_setup.php
@ -0,0 +1,25 @@
+<?php
+require_once __DIR__ . '/../inc/config.php';
+require_once __DIR__ . '/../inc/auth.php';
+
+session_start_safe();
+require_login();
+
+$state = bin2hex(random_bytes(16));
+$nonce = bin2hex(random_bytes(16));
+$_SESSION['oidc_state'] = $state;
+$_SESSION['oidc_nonce'] = $nonce;
+$_SESSION['next_url']   = '/profile.php';
+
+$url = ALPID_AUTH_URL . '?' . http_build_query([
+    'client_id'     => ALPID_CLIENT_ID,
+    'response_type' => 'code',
+    'scope'         => 'openid profile email',
+    'redirect_uri'  => CALLBACK_URL,
+    'state'         => $state,
+    'nonce'         => $nonce,
+    'kc_action'     => 'CONFIGURE_TOTP',
+]);
+
+header('Location: ' . $url);
+exit;
--- a/web/profile.php
+++ b/web/profile.php
@ -128,8 +128,7 @@ $gps      = ($membership && is_file($gps_file))
    ? (json_decode(file_get_contents($gps_file), true)[$membership['id']] ?? null)
    : null;

-$otp         = kc_get_otp_credential($user['sub']);
-$otp_setup_url = ALPID_BASE . '/realms/' . ALPID_REALM . '/account/#/security/signingin';
+$otp = kc_get_otp_credential($user['sub']);

 $is_adherent = $user['is_adherent']
    || ($membership && $membership['status']===1 && $membership['date_fin_ts']>time());
@ -350,8 +349,7 @@ require __DIR__ . '/views/layout.php';
          <?= $otp ? 'Activée' : 'Désactivée' ?>
        </div>
      </div>
-      <a href="<?= htmlspecialchars($otp_setup_url) ?>" target="_blank" rel="noopener"
-         class="btn-outline btn-sm tile-action">
+      <a href="/auth/otp_setup.php" class="btn-<?= $otp ? 'outline' : 'primary' ?> btn-sm tile-action">
        <?= $otp ? 'Reconfigurer' : 'Activer' ?>
      </a>
    </div>