1 <?php
declare(strict_types
=1);
4 * This file is part of the Rapsys AirBundle package.
6 * (c) Raphaël Gertz <symfony@rapsys.eu>
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
12 namespace Rapsys\AirBundle\Controller
;
14 use Symfony\Component\HttpFoundation\Request
;
15 use Symfony\Component\HttpFoundation\Response
;
17 use Rapsys\UserBundle\Controller\UserController
as BaseUserController
;
19 class UserController
extends BaseUserController
{
23 public function edit(Request
$request, string $hash, string $mail): Response
{
25 if ($hash != $this->slugger
->hash($mail)) {
27 throw new BadRequestHttpException($this->translator
->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
31 $mail = $this->slugger
->unshort($smail = $mail);
33 //With existing subscriber
34 if (empty($user = $this->doctrine
->getRepository($this->config
['class']['user'])->findOneByMail($mail))) {
36 //XXX: prevent slugger reverse engineering by not displaying decoded mail
37 throw $this->createNotFoundException($this->translator
->trans('Unable to find account %mail%', ['%mail%' => $smail]));
40 //Prevent access when not admin, user is not guest and not currently logged user
41 if (!$this->checker
->isGranted('ROLE_ADMIN') && $user != $this->security
->getUser() || !$this->checker
->isGranted('IS_AUTHENTICATED_FULLY')) {
43 //XXX: prevent slugger reverse engineering by not displaying decoded mail
44 throw $this->createAccessDeniedException($this->translator
->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
47 //Create the RegisterType form and give the proper parameters
48 $edit = $this->factory
->create($this->config
['edit']['view']['edit'], $user, [
49 //Set action to register route name and context
50 'action' => $this->generateUrl($this->config
['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger
->hash($smail)]+
$this->config
['route']['edit']['context']),
52 'civility_class' => $this->config
['class']['civility'],
53 //Set civility default
54 'civility_default' => $this->doctrine
->getRepository($this->config
['class']['civility'])->findOneByTitle($this->config
['default']['civility']),
56 'country_class' => $this->config
['class']['country'],
58 'country_default' => $this->doctrine
->getRepository($this->config
['class']['country'])->findOneByTitle($this->config
['default']['country']),
59 //Set country favorites
60 'country_favorites' => $this->doctrine
->getRepository($this->config
['class']['country'])->findByTitle($this->config
['default']['country_favorites']),
62 'mail' => $this->checker
->isGranted('ROLE_ADMIN'),
64 'pseudonym' => $this->checker
->isGranted('ROLE_GUEST'),
69 ]+
$this->config
['edit']['field']);
72 if ($this->checker
->isGranted('ROLE_ADMIN')) {
73 //Create the LoginType form and give the proper parameters
74 $reset = $this->factory
->create($this->config
['edit']['view']['reset'], $user, [
75 //Set action to register route name and context
76 'action' => $this->generateUrl($this->config
['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger
->hash($smail)]+
$this->config
['route']['edit']['context']),
84 if ($request->isMethod('POST')) {
85 //Refill the fields in case the form is not valid.
86 $reset->handleRequest($request);
88 //With reset submitted and valid
89 if ($reset->isSubmitted() && $reset->isValid()) {
91 $data = $reset->getData();
94 $data->setPassword($this->hasher
->hashPassword($data, $data->getPassword()));
97 $this->manager
->persist($data);
99 //Flush to get the ids
100 $this->manager
->flush();
103 $this->addFlash('notice', $this->translator
->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
105 //Redirect to cleanup the form
106 return $this->redirectToRoute($this->config
['route']['edit']['name'], ['mail' => $smail = $this->slugger
->short($mail), 'hash' => $this->slugger
->hash($smail)]+
$this->config
['route']['edit']['context']);
111 $this->config
['edit']['view']['context']['reset'] = $reset->createView();
115 if ($request->isMethod('POST')) {
116 //Refill the fields in case the form is not valid.
117 $edit->handleRequest($request);
119 //With edit submitted and valid
120 if ($edit->isSubmitted() && $edit->isValid()) {
122 $data = $edit->getData();
125 $this->manager
->persist($data);
127 //Try saving in database
129 //Flush to get the ids
130 $this->manager
->flush();
133 $this->addFlash('notice', $this->translator
->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
135 //Redirect to cleanup the form
136 return $this->redirectToRoute($this->config
['route']['edit']['name'], ['mail' => $smail = $this->slugger
->short($mail), 'hash' => $this->slugger
->hash($smail)]+
$this->config
['route']['edit']['context']);
137 //Catch double slug or mail
138 } catch (UniqueConstraintViolationException
$e) {
139 //Add error message mail already exists
140 $this->addFlash('error', $this->translator
->trans('Account %mail% already exists', ['%mail%' => $data->getMail()]));
144 //XXX: prefer a reset on login to force user unspam action
145 } elseif (!$this->checker
->isGranted('ROLE_ADMIN')) {
147 $this->addFlash('notice', $this->translator
->trans('To change your password login with your mail and any password then follow the procedure'));
151 return $this->render(
153 $this->config
['edit']['view']['name'],
155 ['edit' => $edit->createView(), 'sent' => $request->query
->get('sent', 0)]+
$this->config
['edit']['view']['context']