]> Raphaƫl G. Git Repositories - airbundle/blobdiff - Controller/UserController.php
Rename pack and user bundle aliases
[airbundle] / Controller / UserController.php
index 6385828c59844032e0b19eabf6150bdcf5a45b19..510ae33e66065abe36ddbdad8bd9dfea282a7a43 100644 (file)
 
 namespace Rapsys\AirBundle\Controller;
 
-use Doctrine\Bundle\DoctrineBundle\Registry;
-use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Contracts\Cache\ItemInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 
-use Rapsys\PackBundle\Util\SluggerUtil;
+use Rapsys\UserBundle\Controller\UserController as BaseUserController;
 
-use Rapsys\UserBundle\Controller\DefaultController;
+use Rapsys\AirBundle\Entity\Dance;
+use Rapsys\AirBundle\Entity\GoogleCalendar;
+use Rapsys\AirBundle\Entity\GoogleToken;
+use Rapsys\AirBundle\Entity\User;
+
+/**
+ * {@inheritdoc}
+ */
+class UserController extends BaseUserController {
+       /**
+        * Set google client scopes
+        */
+       const googleScopes = [\Google\Service\Calendar::CALENDAR_EVENTS, \Google\Service\Calendar::CALENDAR, \Google\Service\Oauth2::USERINFO_EMAIL];
 
-class UserController extends DefaultController {
        /**
         * {@inheritdoc}
         */
-       public function edit(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, $mail, $hash): Response {
+       public function edit(Request $request, string $hash, string $mail): Response {
                //With invalid hash
-               if ($hash != $slugger->hash($mail)) {
+               if ($hash != $this->slugger->hash($mail)) {
                        //Throw bad request
                        throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
                }
 
                //Get mail
-               $mail = $slugger->unshort($smail = $mail);
+               $mail = $this->slugger->unshort($smail = $mail);
 
                //With existing subscriber
-               if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
+               if (empty($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
                        //Throw not found
                        //XXX: prevent slugger reverse engineering by not displaying decoded mail
                        throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
                }
 
                //Prevent access when not admin, user is not guest and not currently logged user
-               if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) {
+               if (!$this->checker->isGranted('ROLE_ADMIN') && $user != $this->security->getUser() || !$this->checker->isGranted('IS_AUTHENTICATED_FULLY')) {
                        //Throw access denied
                        //XXX: prevent slugger reverse engineering by not displaying decoded mail
                        throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
                }
 
-               //With admin
-               if ($this->isGranted('ROLE_ADMIN')) {
-                       //With pseudonym and without slug
-                       if (!empty($pseudonym = $user->getPseudonym()) && empty($user->getSlug())) {
-                               //Preset slug
-                               $user->setSlug($slugger->slug($pseudonym));
-                       }
-               }
-
                //Create the RegisterType form and give the proper parameters
-               $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [
+               $edit = $this->factory->create($this->config['edit']['view']['edit'], $user, [
                        //Set action to register route name and context
-                       'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
+                       'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $hash]+$this->config['route']['edit']['context']),
                        //Set civility class
                        'civility_class' => $this->config['class']['civility'],
                        //Set civility default
-                       'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+                       'civility_default' => $this->doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+                       //Set country class
+                       'country_class' => $this->config['class']['country'],
+                       //Set country default
+                       'country_default' => $this->doctrine->getRepository($this->config['class']['country'])->findOneByTitle($this->config['default']['country']),
+                       //Set country favorites
+                       'country_favorites' => $this->doctrine->getRepository($this->config['class']['country'])->findByTitle($this->config['default']['country_favorites']),
+                       //Set dance
+                       'dance' => $this->checker->isGranted('ROLE_ADMIN'),
+                       //Set dance choices
+                       'dance_choices' => $danceChoices = $this->doctrine->getRepository($this->config['class']['dance'])->findChoicesAsArray(),
+                       //Set dance default
+                       #'dance_default' => /*$this->doctrine->getRepository($this->config['class']['dance'])->findOneByNameType($this->config['default']['dance'])*/null,
+                       //Set dance favorites
+                       'dance_favorites' => $this->doctrine->getRepository($this->config['class']['dance'])->findIdByNameTypeAsArray($this->config['default']['dance_favorites']),
+                       //Set subscription
+                       'subscription' => $this->checker->isGranted('ROLE_ADMIN'),
+                       //Set subscription choices
+                       'subscription_choices' => $subscriptionChoices = $this->doctrine->getRepository($this->config['class']['user'])->findChoicesAsArray(),
+                       //Set subscription default
+                       #'subscription_default' => /*$this->doctrine->getRepository($this->config['class']['user'])->findOneByPseudonym($this->config['default']['subscription'])*/null,
+                       //Set subscription favorites
+                       'subscription_favorites' => $this->doctrine->getRepository($this->config['class']['user'])->findIdByPseudonymAsArray($this->config['default']['subscription_favorites']),
                        //Disable mail
-                       'mail' => $this->isGranted('ROLE_ADMIN'),
+                       'mail' => $this->checker->isGranted('ROLE_ADMIN'),
                        //Disable pseudonym
-                       'pseudonym' => $this->isGranted('ROLE_GUEST'),
-                       //Disable slug
-                       'slug' => $this->isGranted('ROLE_ADMIN'),
+                       'pseudonym' => $this->checker->isGranted('ROLE_GUEST'),
                        //Disable password
                        'password' => false,
                        //Set method
@@ -79,11 +100,11 @@ class UserController extends DefaultController {
                ]+$this->config['edit']['field']);
 
                //With admin role
-               if ($this->isGranted('ROLE_ADMIN')) {
-                       //Create the LoginType form and give the proper parameters
-                       $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [
+               if ($this->checker->isGranted('ROLE_ADMIN')) {
+                       //Create the ResetType form and give the proper parameters
+                       $reset = $this->factory->create($this->config['edit']['view']['reset'], $user, [
                                //Set action to register route name and context
-                               'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
+                               'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $hash]+$this->config['route']['edit']['context']),
                                //Disable mail
                                'mail' => false,
                                //Set method
@@ -101,29 +122,359 @@ class UserController extends DefaultController {
                                        $data = $reset->getData();
 
                                        //Set password
-                                       $data->setPassword($encoder->encodePassword($data, $data->getPassword()));
+                                       $data->setPassword($this->hasher->hashPassword($data, $data->getPassword()));
 
-                                       //Queue snippet save
-                                       $manager->persist($data);
+                                       //Queue user password save
+                                       $this->manager->persist($data);
 
                                        //Flush to get the ids
-                                       $manager->flush();
+                                       $this->manager->flush();
 
                                        //Add notice
-                                       $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
+                                       $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail]));
 
                                        //Redirect to cleanup the form
-                                       return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
+                                       return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $hash]+$this->config['route']['edit']['context']);
                                }
                        }
 
                        //Add reset view
                        $this->config['edit']['view']['context']['reset'] = $reset->createView();
-               //Without admin role
-               //XXX: prefer a reset on login to force user unspam action
-               } else {
-                       //Add notice
-                       $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
+
+                       //Add google calendar array
+                       $this->config['edit']['view']['context']['calendar'] = [
+                               //Form by mail
+                               'form' => [],
+                               //Uri to link account
+                               'link' => null,
+                               //Logo
+                               'logo' => [
+                                       'png' => '@RapsysAir/png/calendar.png',
+                                       'svg' => '@RapsysAir/svg/calendar.svg'
+                               ]
+                       ];
+
+                       //Get google client
+                       $googleClient = new \Google\Client(
+                               [
+                                       'application_name' => $request->server->get('GOOGLE_PROJECT'),
+                                       'client_id' => $request->server->get('GOOGLE_CLIENT'),
+                                       'client_secret' => $request->server->get('GOOGLE_SECRET'),
+                                       'redirect_uri' => $this->generateUrl('rapsys_air_google_callback', [], UrlGeneratorInterface::ABSOLUTE_URL),
+                                       'scopes' => self::googleScopes,
+                                       'access_type' => 'offline',
+                                       'login_hint' => $user->getMail(),
+                                       //XXX: see https://stackoverflow.com/questions/10827920/not-receiving-google-oauth-refresh-token
+                                       #'approval_prompt' => 'force'
+                                       'prompt' => 'consent'
+                               ]
+                       );
+
+                       //With user tokens
+                       if (!($googleTokens = $user->getGoogleTokens())->isEmpty()) {
+                               //Iterate on each google token
+                               //XXX: either we finish with a valid token set or a logic exception after token removal
+                               foreach($googleTokens as $googleToken) {
+                                       //Clear client cache before changing access token
+                                       //TODO: set a per token cache ?
+                                       $googleClient->getCache()->clear();
+
+                                       //Set access token
+                                       $googleClient->setAccessToken(
+                                               [
+                                                       'access_token' => $googleToken->getAccess(),
+                                                       'refresh_token' => $googleToken->getRefresh(),
+                                                       'created' => $googleToken->getCreated()->getTimestamp(),
+                                                       'expires_in' => $googleToken->getExpired()->getTimestamp() - (new \DateTime('now'))->getTimestamp(),
+                                               ]
+                                       );
+
+                                       //With expired token
+                                       if ($googleClient->isAccessTokenExpired()) {
+                                               //Refresh token
+                                               if (($refresh = $googleClient->getRefreshToken()) && ($token = $googleClient->fetchAccessTokenWithRefreshToken($refresh)) && empty($token['error'])) {
+                                                       //Set access token
+                                                       $googleToken->setAccess($token['access_token']);
+
+                                                       //Set expires
+                                                       $googleToken->setExpired(new \DateTime('+'.$token['expires_in'].' second'));
+
+                                                       //Set refresh
+                                                       $googleToken->setRefresh($token['refresh_token']);
+
+                                                       //Queue google token save
+                                                       $this->manager->persist($googleToken);
+
+                                                       //Flush to get the ids
+                                                       $this->manager->flush();
+                                               //Refresh failed
+                                               } else {
+                                                       //Add error in flash message
+                                                       $this->addFlash(
+                                                               'error',
+                                                               $this->translator->trans(
+                                                                       empty($token['error'])?'Unable to refresh token':'Unable to refresh token: %error%',
+                                                                       empty($token['error'])?[]:['%error%' => str_replace('_', ' ', $token['error'])]
+                                                               )
+                                                       );
+
+                                                       //Remove user token
+                                                       $this->manager->remove($googleToken);
+
+                                                       //Flush to delete it
+                                                       $this->manager->flush();
+
+                                                       //Skip to next token
+                                                       continue;
+                                               }
+                                       }
+
+                                       //XXX: TODO: remove DEBUG
+                                       #$this->cache->delete('user.edit.calendar.'.$this->slugger->short($googleToken->getMail()));
+
+                                       //Get calendars
+                                       $calendars = $this->cache->get(
+                                               //Set key to user.edit.$mail
+                                               ($calendarKey = 'user.edit.calendar.'.($googleShortMail = $this->slugger->short($googleMail = $googleToken->getMail()))),
+                                               //Fetch mail calendar list
+                                               function (ItemInterface $item) use ($googleClient): array {
+                                                       //Expire after 1h
+                                                       $item->expiresAfter(3600);
+
+                                                       //Get google calendar service
+                                                       $service = new \Google\Service\Calendar($googleClient);
+
+                                                       //Init calendars
+                                                       $calendars = [];
+
+                                                       //Init counter
+                                                       $count = 0;
+
+                                                       //Retrieve calendar
+                                                       try {
+                                                               //Set page token
+                                                               $pageToken = null;
+
+                                                               //Iterate until next page token is null
+                                                               do {
+                                                                       //Get token calendar list
+                                                                       //XXX: require permission to read and write events
+                                                                       $calendarList = $service->calendarList->listCalendarList(['pageToken' => $pageToken, 'minAccessRole' => 'writer', 'showHidden' => true]);
+
+                                                                       //Iterate on items
+                                                                       foreach($calendarList->getItems() as $calendarItem) {
+                                                                               //With primary calendar
+                                                                               if ($calendarItem->getPrimary()) {
+                                                                                       //Add primary calendar
+                                                                                       //XXX: use primary as key as described in google api documentation
+                                                                                       $calendars = ['primary' => $this->translator->trans('Primary') /*$calendarItem->getSummary()*/] + $calendars;
+                                                                               //With secondary calendar
+                                                                               } else {
+                                                                                       //Add secondary calendar
+                                                                                       //XXX: Append counter to make sure summary is unique for later array_flip call
+                                                                                       $calendars += [$calendarItem->getId() => $calendarItem->getSummary().' ('.++$count.')'];
+                                                                               }
+                                                                       }
+                                                               } while ($pageToken = $calendarList->getNextPageToken());
+                                                       //Catch exception
+                                                       } catch(\Google\Service\Exception $e) {
+                                                               //Throw error
+                                                               throw new \LogicException('Calendar list failed', 0, $e);
+                                                       }
+
+                                                       //Cache calendars
+                                                       return $calendars;
+                                               }
+                                       );
+
+                                       //Set formData array
+                                       $formData = ['calendar' => []];
+
+                                       //With google calendars
+                                       if (!($googleCalendars = $googleToken->getGoogleCalendars())->isEmpty()) {
+                                               //Iterate on each google calendars
+                                               foreach($googleCalendars as $googleCalendar) {
+                                                       //With existing google calendar
+                                                       if (isset($calendars[$googleCalendar->getMail()])) {
+                                                               //Add google calendar to form data
+                                                               $formData['calendar'][] = $googleCalendar->getMail();
+                                                       } else {
+                                                               //Remove google calendar from database
+                                                               $this->manager->remove($googleCalendar);
+
+                                                               //Flush to persist ids
+                                                               $this->manager->flush();
+                                                       }
+                                               }
+                                       }
+
+                                       //XXX: TODO: remove DEBUG
+                                       #header('Content-Type: text/plain');
+
+                                       //TODO: add feature to filter synchronized data (OrganizerId/DanceId)
+                                       //TODO: add feature for alerts (-30min/-1h) ?
+                                       //[Direct link to calendar ?][Direct link to calendar settings ?][Alerts][Remove]
+
+                                       //Create the CalendarType form and give the proper parameters
+                                       $form = $this->factory->createNamed('calendar_'.$googleShortMail, 'Rapsys\AirBundle\Form\CalendarType', $formData, [
+                                               //Set action to register route name and context
+                                               'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $hash]+$this->config['route']['edit']['context']),
+                                               //Set calendar choices
+                                               //XXX: unique calendar summary required by choice widget is guaranteed by appending ' (x)' to secondary calendars earlier
+                                               'calendar_choices' => array_flip($calendars),
+                                               //Set method
+                                               'method' => 'POST'
+                                       ]);
+
+                                       //With post method
+                                       if ($request->isMethod('POST')) {
+                                               //Refill the fields in case the form is not valid.
+                                               $form->handleRequest($request);
+
+                                               //With reset submitted and valid
+                                               if ($form->isSubmitted() && $form->isValid()) {
+                                                       //Set data
+                                                       $data = $form->getData();
+
+                                                       //Refresh button
+                                                       if (($clicked = $form->getClickedButton()->getName()) == 'refresh') {
+                                                               //Remove calendar key
+                                                               $this->cache->delete($calendarKey);
+
+                                                               //Add notice
+                                                               $this->addFlash('notice', $this->translator->trans('Account %mail% calendars updated', ['%mail%' => $googleMail]));
+                                                       //Add button
+                                                       } elseif ($clicked == 'add') {
+                                                               //Get google calendar service
+                                                               $service = new \Google\Service\Calendar($googleClient);
+
+                                                               //Add calendar
+                                                               try {
+                                                                       //Instantiate calendar
+                                                                       $calendar = new \Google\Service\Calendar\Calendar(
+                                                                               [
+                                                                                       'summary' => $this->translator->trans($this->config['context']['site']['title']),
+                                                                                       'timeZone' => date_default_timezone_get()
+                                                                               ]
+                                                                       );
+
+                                                                       //Insert calendar
+                                                                       $service->calendars->insert($calendar);
+                                                               //Catch exception
+                                                               } catch(\Google\Service\Exception $e) {
+                                                                       //Throw error
+                                                                       throw new \LogicException('Calendar insert failed', 0, $e);
+                                                               }
+
+                                                               //Remove calendar key
+                                                               $this->cache->delete($calendarKey);
+
+                                                               //Add notice
+                                                               $this->addFlash('notice', $this->translator->trans('Account %mail% calendar added', ['%mail%' => $googleMail]));
+                                                       //Delete button
+                                                       } elseif ($clicked == 'delete') {
+                                                               //Get google calendar service
+                                                               $service = new \Google\Service\Calendar($googleClient);
+
+                                                               //Remove calendar
+                                                               try {
+                                                                       //Set site title
+                                                                       $siteTitle = $this->translator->trans($this->config['context']['site']['title']);
+
+                                                                       //Iterate on calendars
+                                                                       foreach($calendars as $calendarId => $calendarSummary) {
+                                                                               //With calendar matching site title
+                                                                               if (substr($calendarSummary, 0, strlen($siteTitle)) == $siteTitle) {
+                                                                                       //Delete the calendar
+                                                                                       $service->calendars->delete($calendarId);
+                                                                               }
+                                                                       }
+                                                               //Catch exception
+                                                               } catch(\Google\Service\Exception $e) {
+                                                                       //Throw error
+                                                                       throw new \LogicException('Calendar delete failed', 0, $e);
+                                                               }
+
+                                                               //Remove calendar key
+                                                               $this->cache->delete($calendarKey);
+
+                                                               //Add notice
+                                                               $this->addFlash('notice', $this->translator->trans('Account %mail% calendars deleted', ['%mail%' => $googleMail]));
+                                                       //Unlink button
+                                                       } elseif ($clicked == 'unlink') {
+                                                               //Iterate on each google calendars
+                                                               foreach($googleCalendars as $googleCalendar) {
+                                                                       //Remove google calendar from database
+                                                                       $this->manager->remove($googleCalendar);
+                                                               }
+
+                                                               //Remove google token from database
+                                                               $this->manager->remove($googleToken);
+
+                                                               //Flush to persist
+                                                               $this->manager->flush();
+
+                                                               //Revoke access token
+                                                               $googleClient->revokeToken($googleToken->getAccess());
+
+                                                               //With refresh token
+                                                               if ($refresh = $googleToken->getRefresh()) {
+                                                                       //Revoke refresh token
+                                                                       $googleClient->revokeToken($googleToken->getRefresh());
+                                                               }
+
+                                                               //Remove calendar key
+                                                               $this->cache->delete($calendarKey);
+
+                                                               //Add notice
+                                                               $this->addFlash('notice', $this->translator->trans('Account %mail% calendars unlinked', ['%mail%' => $googleMail]));
+                                                       //Submit button
+                                                       } else {
+                                                               //Flipped calendar data
+                                                               $dataCalendarFlip = array_flip($data['calendar']);
+
+                                                               //Iterate on each google calendars
+                                                               foreach($googleCalendars as $googleCalendar) {
+                                                                       //Without calendar in flipped data
+                                                                       if (!isset($dataCalendarFlip[$googleCalendarMail = $googleCalendar->getMail()])) {
+                                                                               //Remove google calendar from database
+                                                                               $this->manager->remove($googleCalendar);
+                                                                       //With calendar in flipped data
+                                                                       } else {
+                                                                               //Remove google calendar from calendar data
+                                                                               unset($data['calendar'][$dataCalendarFlip[$googleCalendarMail]]);
+                                                                       }
+                                                               }
+
+                                                               //Iterate on remaining calendar data
+                                                               foreach($data['calendar'] as $googleCalendarMail) {
+                                                                       //Create new google calendar
+                                                                       //XXX: remove trailing ' (x)' from summary
+                                                                       $googleCalendar = new GoogleCalendar($googleToken, $googleCalendarMail, preg_replace('/ \([0-9]\)$/', '', $calendars[$googleCalendarMail]));
+
+                                                                       //Queue google calendar save
+                                                                       $this->manager->persist($googleCalendar);
+                                                               }
+
+                                                               //Flush to persist ids
+                                                               $this->manager->flush();
+
+                                                               //Add notice
+                                                               $this->addFlash('notice', $this->translator->trans('Account %mail% calendars updated', ['%mail%' => $googleMail]));
+                                                       }
+
+                                                       //Redirect to cleanup the form
+                                                       return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $hash]+$this->config['route']['edit']['context']);
+                                               }
+                                       }
+
+                                       //Add form view
+                                       $this->config['edit']['view']['context']['calendar']['form'][$googleToken->getMail()] = $form->createView();
+                               }
+                       }
+
+                       //Add google calendar auth url
+                       $this->config['edit']['view']['context']['calendar']['link'] = $googleClient->createAuthUrl();
                }
 
                //With post method
@@ -136,25 +487,31 @@ class UserController extends DefaultController {
                                //Set data
                                $data = $edit->getData();
 
-                               //Queue snippet save
-                               $manager->persist($data);
+                               //Queue user save
+                               $this->manager->persist($data);
 
                                //Try saving in database
                                try {
                                        //Flush to get the ids
-                                       $manager->flush();
+                                       $this->manager->flush();
 
                                        //Add notice
+                                       //XXX: get mail from data as it may change
                                        $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
 
                                        //Redirect to cleanup the form
-                                       return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
+                                       return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']);
                                //Catch double slug or mail
                                } catch (UniqueConstraintViolationException $e) {
                                        //Add error message mail already exists
-                                       $this->addFlash('error', $this->translator->trans('Account %mail% or with slug %slug% already exists', ['%mail%' => $data->getMail(), '%slug%' => $slug]));
+                                       $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $data->getMail()]));
                                }
                        }
+               //Without admin role
+               //XXX: prefer a reset on login to force user unspam action
+               } elseif (!$this->checker->isGranted('ROLE_ADMIN')) {
+                       //Add notice
+                       $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
                }
 
                //Render view
@@ -165,4 +522,124 @@ class UserController extends DefaultController {
                        ['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
                );
        }
+
+       /**
+        * Handle google callback
+        *
+        * @param Request $request The request
+        * @return Response The response
+        */
+       public function googleCallback(Request $request): Response {
+               //Without code
+               if (empty($code = $request->query->get('code', ''))) {
+                       throw new \InvalidArgumentException('Query parameter code is empty');
+               }
+
+               //Without user
+               if (empty($user = $this->getUser())) {
+                       throw new \LogicException('User is empty');
+               }
+
+               //Get google client
+               $googleClient = new \Google\Client(
+                       [
+                               'application_name' => $request->server->get('GOOGLE_PROJECT'),
+                               'client_id' => $request->server->get('GOOGLE_CLIENT'),
+                               'client_secret' => $request->server->get('GOOGLE_SECRET'),
+                               'redirect_uri' => $this->generateUrl('rapsys_air_google_callback', [], UrlGeneratorInterface::ABSOLUTE_URL),
+                               'scopes' => self::googleScopes,
+                               'access_type' => 'offline',
+                               'login_hint' => $user->getMail(),
+                               #'approval_prompt' => 'force'
+                               'prompt' => 'consent'
+                       ]
+               );
+
+               //Protect to extract failure
+               try {
+                       //Authenticate with code
+                       if (!empty($token = $googleClient->authenticate($code))) {
+                               //With error
+                               if (!empty($token['error'])) {
+                                       throw new \LogicException('Client authenticate failed: '.str_replace('_', ' ', $token['error']));
+                               //Without refresh token
+                               } elseif (empty($token['refresh_token'])) {
+                                       throw new \LogicException('Refresh token is empty');
+                               //Without expires in
+                               } elseif (empty($token['expires_in'])) {
+                                       throw new \LogicException('Expires in is empty');
+                               //Without scope
+                               } elseif (empty($token['scope'])) {
+                                       throw new \LogicException('Scope in is empty');
+                               //Without valid scope
+                               } elseif (array_intersect(self::googleScopes, explode(' ', $token['scope'])) != self::googleScopes) {
+                                       throw new \LogicException('Scope in is not valid');
+                               }
+
+                               //Get Oauth2 object
+                               $oauth2 = new \Google\Service\Oauth2($googleClient);
+
+                               //Protect user info get call
+                               try {
+                                       //Retrieve user info
+                                       $userInfo = $oauth2->userinfo->get();
+                               //Catch exception
+                               } catch(\Google\Service\Exception $e) {
+                                       //Throw error
+                                       throw new \LogicException('Userinfo get failed', 0, $e);
+                               }
+
+                               //With existing token
+                               if (
+                                       //If available retrieve google token with matching mail
+                                       $googleToken = array_reduce(
+                                               $user->getGoogleTokens()->getValues(),
+                                               function ($c, $i) use ($userInfo) {
+                                                       if ($i->getMail() == $userInfo['email']) {
+                                                               return $i;
+                                                       }
+                                               },
+                                               (object)[]
+                                       )
+                               ) {
+                                       //Set mail
+                                       //XXX: TODO: should already be set and not change, remove ?
+                                       //XXX: TODO: store picture as well ?
+                                       $googleToken->setMail($userInfo['email']);
+
+                                       //Set access token
+                                       $googleToken->setAccess($token['access_token']);
+
+                                       //Set expires
+                                       $googleToken->setExpired(new \DateTime('+'.$token['expires_in'].' second'));
+
+                                       //Set refresh
+                                       $googleToken->setRefresh($token['refresh_token']);
+                               } else {
+                                       //Create new token
+                                       //XXX: TODO: store picture as well ?
+                                       $googleToken = new GoogleToken($user, $userInfo['email'], $token['access_token'], new \DateTime('+'.$token['expires_in'].' second'), $token['refresh_token']);
+                               }
+
+                               //Queue google token save
+                               $this->manager->persist($googleToken);
+
+                               //Flush to get the ids
+                               $this->manager->flush();
+
+                               //Add notice
+                               $this->addFlash('notice', $this->translator->trans('Account %mail% google token updated', ['%mail%' => $user->getMail()]));
+                       //With failed authenticate
+                       } else {
+                               throw new \LogicException('Client authenticate failed');
+                       }
+               //Catch exception
+               } catch(\Exception $e) {
+                       //Add notice
+                       $this->addFlash('error', $this->translator->trans('Account %mail% google token rejected: %error%', ['%mail%' => $user->getMail(), '%error%' => $e->getMessage()]));
+               }
+
+               //Redirect to user
+               return $this->redirectToRoute('rapsys_user_edit', ['mail' => $short = $this->slugger->short($user->getMail()), 'hash' => $this->slugger->hash($short)]);
+       }
 }