1 <?php
declare(strict_types
=1);
4 * This file is part of the Rapsys UserBundle package.
6 * (c) Raphaël Gertz <symfony@rapsys.eu>
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
12 namespace Rapsys\AirBundle\Controller
;
14 use Doctrine\Bundle\DoctrineBundle\Registry
;
15 use Doctrine\ORM\EntityManagerInterface
;
16 use Symfony\Component\HttpFoundation\Request
;
17 use Symfony\Component\HttpFoundation\Response
;
18 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface
;
20 use Rapsys\PackBundle\Util\SluggerUtil
;
22 use Rapsys\UserBundle\Controller\DefaultController
;
24 class UserController
extends DefaultController
{
28 public function edit(Request
$request, Registry
$doctrine, UserPasswordEncoderInterface
$encoder, EntityManagerInterface
$manager, SluggerUtil
$slugger, $mail, $hash): Response
{
30 if ($hash != $slugger->hash($mail)) {
32 throw new BadRequestHttpException($this->translator
->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
36 $mail = $slugger->unshort($smail = $mail);
38 //With existing subscriber
39 if (empty($user = $doctrine->getRepository($this->config
['class']['user'])->findOneByMail($mail))) {
41 //XXX: prevent slugger reverse engineering by not displaying decoded mail
42 throw $this->createNotFoundException($this->translator
->trans('Unable to find account %mail%', ['%mail%' => $smail]));
45 //Prevent access when not admin, user is not guest and not currently logged user
46 if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) {
48 //XXX: prevent slugger reverse engineering by not displaying decoded mail
49 throw $this->createAccessDeniedException($this->translator
->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
53 if ($this->isGranted('ROLE_ADMIN')) {
54 //With pseudonym and without slug
55 if (!empty($pseudonym = $user->getPseudonym()) && empty($user->getSlug())) {
57 $user->setSlug($slugger->slug($pseudonym));
61 //Create the RegisterType form and give the proper parameters
62 $edit = $this->createForm($this->config
['edit']['view']['edit'], $user, [
63 //Set action to register route name and context
64 'action' => $this->generateUrl($this->config
['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+
$this->config
['route']['edit']['context']),
66 'civility_class' => $this->config
['class']['civility'],
67 //Set civility default
68 'civility_default' => $doctrine->getRepository($this->config
['class']['civility'])->findOneByTitle($this->config
['default']['civility']),
70 'mail' => $this->isGranted('ROLE_ADMIN'),
72 'pseudonym' => $this->isGranted('ROLE_GUEST'),
74 'slug' => $this->isGranted('ROLE_ADMIN'),
79 ]+
$this->config
['edit']['field']);
82 if ($this->isGranted('ROLE_ADMIN')) {
83 //Create the LoginType form and give the proper parameters
84 $reset = $this->createForm($this->config
['edit']['view']['reset'], $user, [
85 //Set action to register route name and context
86 'action' => $this->generateUrl($this->config
['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+
$this->config
['route']['edit']['context']),
94 if ($request->isMethod('POST')) {
95 //Refill the fields in case the form is not valid.
96 $reset->handleRequest($request);
98 //With reset submitted and valid
99 if ($reset->isSubmitted() && $reset->isValid()) {
101 $data = $reset->getData();
104 $data->setPassword($encoder->encodePassword($data, $data->getPassword()));
107 $manager->persist($data);
109 //Flush to get the ids
113 $this->addFlash('notice', $this->translator
->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
115 //Redirect to cleanup the form
116 return $this->redirectToRoute($this->config
['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+
$this->config
['route']['edit']['context']);
121 $this->config
['edit']['view']['context']['reset'] = $reset->createView();
123 //XXX: prefer a reset on login to force user unspam action
126 $this->addFlash('notice', $this->translator
->trans('To change your password login with your mail and any password then follow the procedure'));
130 if ($request->isMethod('POST')) {
131 //Refill the fields in case the form is not valid.
132 $edit->handleRequest($request);
134 //With edit submitted and valid
135 if ($edit->isSubmitted() && $edit->isValid()) {
137 $data = $edit->getData();
140 $manager->persist($data);
142 //Try saving in database
144 //Flush to get the ids
148 $this->addFlash('notice', $this->translator
->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
150 //Redirect to cleanup the form
151 return $this->redirectToRoute($this->config
['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+
$this->config
['route']['edit']['context']);
152 //Catch double slug or mail
153 } catch (UniqueConstraintViolationException
$e) {
154 //Add error message mail already exists
155 $this->addFlash('error', $this->translator
->trans('Account %mail% or with slug %slug% already exists', ['%mail%' => $data->getMail(), '%slug%' => $slug]));
161 return $this->render(
163 $this->config
['edit']['view']['name'],
165 ['edit' => $edit->createView(), 'sent' => $request->query
->get('sent', 0)]+
$this->config
['edit']['view']['context']