Raphaël G. Git Repositories - airbundle/blob - Controller/UserController.php

   1 <?php declare(strict_types=1);
   2
   3 /*
   4  * This file is part of the Rapsys AirBundle package.
   5  *
   6  * (c) Raphaël Gertz <symfony@rapsys.eu>
   7  *
   8  * For the full copyright and license information, please view the LICENSE
   9  * file that was distributed with this source code.
  10  */
  11
  12 namespace Rapsys\AirBundle\Controller;
  13
  14 use Doctrine\Bundle\DoctrineBundle\Registry;
  15 use Doctrine\ORM\EntityManagerInterface;
  16 use Symfony\Component\HttpFoundation\Request;
  17 use Symfony\Component\HttpFoundation\Response;
  18 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  19
  20 use Rapsys\PackBundle\Util\SluggerUtil;
  21
  22 use Rapsys\UserBundle\Controller\DefaultController;
  23
  24 class UserController extends DefaultController {
  25         /**
  26          * {@inheritdoc}
  27          */
  28         public function edit(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, $mail, $hash): Response {
  29                 //With invalid hash
  30                 if ($hash != $slugger->hash($mail)) {
  31                         //Throw bad request
  32                         throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
  33                 }
  34
  35                 //Get mail
  36                 $mail = $slugger->unshort($smail = $mail);
  37
  38                 //With existing subscriber
  39                 if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
  40                         //Throw not found
  41                         //XXX: prevent slugger reverse engineering by not displaying decoded mail
  42                         throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
  43                 }
  44
  45                 //Prevent access when not admin, user is not guest and not currently logged user
  46                 if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) {
  47                         //Throw access denied
  48                         //XXX: prevent slugger reverse engineering by not displaying decoded mail
  49                         throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
  50                 }
  51
  52                 //Create the RegisterType form and give the proper parameters
  53                 $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [
  54                         //Set action to register route name and context
  55                         'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
  56                         //Set civility class
  57                         'civility_class' => $this->config['class']['civility'],
  58                         //Set civility default
  59                         'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
  60                         //Disable mail
  61                         'mail' => $this->isGranted('ROLE_ADMIN'),
  62                         //Disable pseudonym
  63                         'pseudonym' => $this->isGranted('ROLE_GUEST'),
  64                         //Disable slug
  65                         'slug' => $this->isGranted('ROLE_ADMIN'),
  66                         //Disable password
  67                         'password' => false,
  68                         //Set method
  69                         'method' => 'POST'
  70                 ]+$this->config['edit']['field']);
  71
  72                 //With admin role
  73                 if ($this->isGranted('ROLE_ADMIN')) {
  74                         //Create the LoginType form and give the proper parameters
  75                         $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [
  76                                 //Set action to register route name and context
  77                                 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
  78                                 //Disable mail
  79                                 'mail' => false,
  80                                 //Set method
  81                                 'method' => 'POST'
  82                         ]);
  83
  84                         //With post method
  85                         if ($request->isMethod('POST')) {
  86                                 //Refill the fields in case the form is not valid.
  87                                 $reset->handleRequest($request);
  88
  89                                 //With reset submitted and valid
  90                                 if ($reset->isSubmitted() && $reset->isValid()) {
  91                                         //Set data
  92                                         $data = $reset->getData();
  93
  94                                         //Set password
  95                                         $data->setPassword($encoder->encodePassword($data, $data->getPassword()));
  96
  97                                         //Queue snippet save
  98                                         $manager->persist($data);
  99
 100                                         //Flush to get the ids
 101                                         $manager->flush();
 102
 103                                         //Add notice
 104                                         $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
 105
 106                                         //Redirect to cleanup the form
 107                                         return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
 108                                 }
 109                         }
 110
 111                         //Add reset view
 112                         $this->config['edit']['view']['context']['reset'] = $reset->createView();
 113                 }
 114
 115                 //With post method
 116                 if ($request->isMethod('POST')) {
 117                         //Refill the fields in case the form is not valid.
 118                         $edit->handleRequest($request);
 119
 120                         //With edit submitted and valid
 121                         if ($edit->isSubmitted() && $edit->isValid()) {
 122                                 //Set data
 123                                 $data = $edit->getData();
 124
 125                                 //With admin
 126                                 if ($this->isGranted('ROLE_ADMIN')) {
 127                                         //With pseudonym and without slug
 128                                         if (!empty($pseudonym = $data->getPseudonym()) && empty($data->getSlug())) {
 129                                                 //Set slug
 130                                                 $data->setSlug($slugger->slug($pseudonym));
 131                                         }
 132                                 }
 133
 134                                 //Queue snippet save
 135                                 $manager->persist($data);
 136
 137                                 //Try saving in database
 138                                 try {
 139                                         //Flush to get the ids
 140                                         $manager->flush();
 141
 142                                         //Add notice
 143                                         $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
 144
 145                                         //Redirect to cleanup the form
 146                                         return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
 147                                 //Catch double slug or mail
 148                                 } catch (UniqueConstraintViolationException $e) {
 149                                         //Add error message mail already exists
 150                                         $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $data->getMail()]));
 151                                 }
 152                         }
 153                 //Without admin role
 154                 //XXX: prefer a reset on login to force user unspam action
 155                 } elseif (!$this->isGranted('ROLE_ADMIN')) {
 156                         //Add notice
 157                         $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
 158                 }
 159
 160                 //Render view
 161                 return $this->render(
 162                         //Template
 163                         $this->config['edit']['view']['name'],
 164                         //Context
 165                         ['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
 166                 );
 167         }
 168 }