Set slug with pseudonym and empty slug
[airbundle] / Controller / UserController.php
1 <?php declare(strict_types=1);
2
3 /*
4 * This file is part of the Rapsys AirBundle package.
5 *
6 * (c) Raphaël Gertz <symfony@rapsys.eu>
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
10 */
11
12 namespace Rapsys\AirBundle\Controller;
13
14 use Doctrine\Bundle\DoctrineBundle\Registry;
15 use Doctrine\ORM\EntityManagerInterface;
16 use Symfony\Component\HttpFoundation\Request;
17 use Symfony\Component\HttpFoundation\Response;
18 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
19
20 use Rapsys\PackBundle\Util\SluggerUtil;
21
22 use Rapsys\UserBundle\Controller\DefaultController;
23
24 class UserController extends DefaultController {
25 /**
26 * {@inheritdoc}
27 */
28 public function edit(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, $mail, $hash): Response {
29 //With invalid hash
30 if ($hash != $slugger->hash($mail)) {
31 //Throw bad request
32 throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
33 }
34
35 //Get mail
36 $mail = $slugger->unshort($smail = $mail);
37
38 //With existing subscriber
39 if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
40 //Throw not found
41 //XXX: prevent slugger reverse engineering by not displaying decoded mail
42 throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
43 }
44
45 //Prevent access when not admin, user is not guest and not currently logged user
46 if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) {
47 //Throw access denied
48 //XXX: prevent slugger reverse engineering by not displaying decoded mail
49 throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
50 }
51
52 //Create the RegisterType form and give the proper parameters
53 $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [
54 //Set action to register route name and context
55 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
56 //Set civility class
57 'civility_class' => $this->config['class']['civility'],
58 //Set civility default
59 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
60 //Disable mail
61 'mail' => $this->isGranted('ROLE_ADMIN'),
62 //Disable pseudonym
63 'pseudonym' => $this->isGranted('ROLE_GUEST'),
64 //Disable slug
65 'slug' => $this->isGranted('ROLE_ADMIN'),
66 //Disable password
67 'password' => false,
68 //Set method
69 'method' => 'POST'
70 ]+$this->config['edit']['field']);
71
72 //With admin role
73 if ($this->isGranted('ROLE_ADMIN')) {
74 //Create the LoginType form and give the proper parameters
75 $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [
76 //Set action to register route name and context
77 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
78 //Disable mail
79 'mail' => false,
80 //Set method
81 'method' => 'POST'
82 ]);
83
84 //With post method
85 if ($request->isMethod('POST')) {
86 //Refill the fields in case the form is not valid.
87 $reset->handleRequest($request);
88
89 //With reset submitted and valid
90 if ($reset->isSubmitted() && $reset->isValid()) {
91 //Set data
92 $data = $reset->getData();
93
94 //Set password
95 $data->setPassword($encoder->encodePassword($data, $data->getPassword()));
96
97 //Queue snippet save
98 $manager->persist($data);
99
100 //Flush to get the ids
101 $manager->flush();
102
103 //Add notice
104 $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
105
106 //Redirect to cleanup the form
107 return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
108 }
109 }
110
111 //Add reset view
112 $this->config['edit']['view']['context']['reset'] = $reset->createView();
113 }
114
115 //With post method
116 if ($request->isMethod('POST')) {
117 //Refill the fields in case the form is not valid.
118 $edit->handleRequest($request);
119
120 //With edit submitted and valid
121 if ($edit->isSubmitted() && $edit->isValid()) {
122 //Set data
123 $data = $edit->getData();
124
125 //With admin
126 if ($this->isGranted('ROLE_ADMIN')) {
127 //With pseudonym and without slug
128 if (!empty($pseudonym = $data->getPseudonym()) && empty($data->getSlug())) {
129 //Set slug
130 $data->setSlug($slugger->slug($pseudonym));
131 }
132 }
133
134 //Queue snippet save
135 $manager->persist($data);
136
137 //Try saving in database
138 try {
139 //Flush to get the ids
140 $manager->flush();
141
142 //Add notice
143 $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
144
145 //Redirect to cleanup the form
146 return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
147 //Catch double slug or mail
148 } catch (UniqueConstraintViolationException $e) {
149 //Add error message mail already exists
150 $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $data->getMail()]));
151 }
152 }
153 //Without admin role
154 //XXX: prefer a reset on login to force user unspam action
155 } elseif (!$this->isGranted('ROLE_ADMIN')) {
156 //Add notice
157 $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
158 }
159
160 //Render view
161 return $this->render(
162 //Template
163 $this->config['edit']['view']['name'],
164 //Context
165 ['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
166 );
167 }
168 }