Raphaël G. Git Repositories - airbundle/blob - Controller/UserController.php

   1 <?php declare(strict_types=1);
   2
   3 /*
   4  * This file is part of the Rapsys AirBundle package.
   5  *
   6  * (c) Raphaël Gertz <symfony@rapsys.eu>
   7  *
   8  * For the full copyright and license information, please view the LICENSE
   9  * file that was distributed with this source code.
  10  */
  11
  12 namespace Rapsys\AirBundle\Controller;
  13
  14 use Symfony\Component\HttpFoundation\Request;
  15 use Symfony\Component\HttpFoundation\Response;
  16
  17 use Rapsys\UserBundle\Controller\UserController as BaseUserController;
  18
  19 class UserController extends BaseUserController {
  20         /**
  21          * {@inheritdoc}
  22          */
  23         public function edit(Request $request, string $hash, string $mail): Response {
  24                 //With invalid hash
  25                 if ($hash != $this->slugger->hash($mail)) {
  26                         //Throw bad request
  27                         throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
  28                 }
  29
  30                 //Get mail
  31                 $mail = $this->slugger->unshort($smail = $mail);
  32
  33                 //With existing subscriber
  34                 if (empty($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
  35                         //Throw not found
  36                         //XXX: prevent slugger reverse engineering by not displaying decoded mail
  37                         throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
  38                 }
  39
  40                 //Prevent access when not admin, user is not guest and not currently logged user
  41                 if (!$this->checker->isGranted('ROLE_ADMIN') && $user != $this->security->getUser() || !$this->checker->isGranted('IS_AUTHENTICATED_FULLY')) {
  42                         //Throw access denied
  43                         //XXX: prevent slugger reverse engineering by not displaying decoded mail
  44                         throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
  45                 }
  46
  47                 //Create the RegisterType form and give the proper parameters
  48                 $edit = $this->factory->create($this->config['edit']['view']['edit'], $user, [
  49                         //Set action to register route name and context
  50                         'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']),
  51                         //Set civility class
  52                         'civility_class' => $this->config['class']['civility'],
  53                         //Set civility default
  54                         'civility_default' => $this->doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
  55                         //Set country class
  56                         'country_class' => $this->config['class']['country'],
  57                         //Set country default
  58                         'country_default' => $this->doctrine->getRepository($this->config['class']['country'])->findOneByTitle($this->config['default']['country']),
  59                         //Set country favorites
  60                         'country_favorites' => $this->doctrine->getRepository($this->config['class']['country'])->findByTitle($this->config['default']['country_favorites']),
  61                         //Disable mail
  62                         'mail' => $this->checker->isGranted('ROLE_ADMIN'),
  63                         //Disable pseudonym
  64                         'pseudonym' => $this->checker->isGranted('ROLE_GUEST'),
  65                         //Disable password
  66                         'password' => false,
  67                         //Set method
  68                         'method' => 'POST'
  69                 ]+$this->config['edit']['field']);
  70
  71                 //With admin role
  72                 if ($this->checker->isGranted('ROLE_ADMIN')) {
  73                         //Create the LoginType form and give the proper parameters
  74                         $reset = $this->factory->create($this->config['edit']['view']['reset'], $user, [
  75                                 //Set action to register route name and context
  76                                 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']),
  77                                 //Disable mail
  78                                 'mail' => false,
  79                                 //Set method
  80                                 'method' => 'POST'
  81                         ]);
  82
  83                         //With post method
  84                         if ($request->isMethod('POST')) {
  85                                 //Refill the fields in case the form is not valid.
  86                                 $reset->handleRequest($request);
  87
  88                                 //With reset submitted and valid
  89                                 if ($reset->isSubmitted() && $reset->isValid()) {
  90                                         //Set data
  91                                         $data = $reset->getData();
  92
  93                                         //Set password
  94                                         $data->setPassword($this->hasher->hashPassword($data, $data->getPassword()));
  95
  96                                         //Queue snippet save
  97                                         $this->manager->persist($data);
  98
  99                                         //Flush to get the ids
 100                                         $this->manager->flush();
 101
 102                                         //Add notice
 103                                         $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
 104
 105                                         //Redirect to cleanup the form
 106                                         return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']);
 107                                 }
 108                         }
 109
 110                         //Add reset view
 111                         $this->config['edit']['view']['context']['reset'] = $reset->createView();
 112                 }
 113
 114                 //With post method
 115                 if ($request->isMethod('POST')) {
 116                         //Refill the fields in case the form is not valid.
 117                         $edit->handleRequest($request);
 118
 119                         //With edit submitted and valid
 120                         if ($edit->isSubmitted() && $edit->isValid()) {
 121                                 //Set data
 122                                 $data = $edit->getData();
 123
 124                                 //Queue snippet save
 125                                 $this->manager->persist($data);
 126
 127                                 //Try saving in database
 128                                 try {
 129                                         //Flush to get the ids
 130                                         $this->manager->flush();
 131
 132                                         //Add notice
 133                                         $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
 134
 135                                         //Redirect to cleanup the form
 136                                         return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']);
 137                                 //Catch double slug or mail
 138                                 } catch (UniqueConstraintViolationException $e) {
 139                                         //Add error message mail already exists
 140                                         $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $data->getMail()]));
 141                                 }
 142                         }
 143                 //Without admin role
 144                 //XXX: prefer a reset on login to force user unspam action
 145                 } elseif (!$this->checker->isGranted('ROLE_ADMIN')) {
 146                         //Add notice
 147                         $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
 148                 }
 149
 150                 //Render view
 151                 return $this->render(
 152                         //Template
 153                         $this->config['edit']['view']['name'],
 154                         //Context
 155                         ['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
 156                 );
 157         }
 158 }