X-Git-Url: https://git.rapsys.eu/airbundle/blobdiff_plain/afb6e7e11fa379a1afbcf8f67f3eaa25888171d2..6837354b99f6ba9815f43b81f501e6b876008506:/Controller/UserController.php diff --git a/Controller/UserController.php b/Controller/UserController.php index 6385828..d4cdc7a 100644 --- a/Controller/UserController.php +++ b/Controller/UserController.php @@ -11,13 +11,8 @@ namespace Rapsys\AirBundle\Controller; -use Doctrine\Bundle\DoctrineBundle\Registry; -use Doctrine\ORM\EntityManagerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; -use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; - -use Rapsys\PackBundle\Util\SluggerUtil; use Rapsys\UserBundle\Controller\DefaultController; @@ -25,18 +20,18 @@ class UserController extends DefaultController { /** * {@inheritdoc} */ - public function edit(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, $mail, $hash): Response { + public function edit(Request $request, string $hash, string $mail): Response { //With invalid hash - if ($hash != $slugger->hash($mail)) { + if ($hash != $this->slugger->hash($mail)) { //Throw bad request throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); } //Get mail - $mail = $slugger->unshort($smail = $mail); + $mail = $this->slugger->unshort($smail = $mail); //With existing subscriber - if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { + if (empty($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { //Throw not found //XXX: prevent slugger reverse engineering by not displaying decoded mail throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail])); @@ -49,29 +44,24 @@ class UserController extends DefaultController { throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail])); } - //With admin - if ($this->isGranted('ROLE_ADMIN')) { - //With pseudonym and without slug - if (!empty($pseudonym = $user->getPseudonym()) && empty($user->getSlug())) { - //Preset slug - $user->setSlug($slugger->slug($pseudonym)); - } - } - //Create the RegisterType form and give the proper parameters $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [ //Set action to register route name and context - 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']), + 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']), //Set civility class 'civility_class' => $this->config['class']['civility'], //Set civility default - 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']), + 'civility_default' => $this->doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']), + //Set country class + 'country_class' => $this->config['class']['country'], + //Set country default + 'country_default' => $this->doctrine->getRepository($this->config['class']['country'])->findOneByTitle($this->config['default']['country']), + //Set country favorites + 'country_favorites' => $this->doctrine->getRepository($this->config['class']['country'])->findByTitle($this->config['default']['country_favorites']), //Disable mail 'mail' => $this->isGranted('ROLE_ADMIN'), //Disable pseudonym 'pseudonym' => $this->isGranted('ROLE_GUEST'), - //Disable slug - 'slug' => $this->isGranted('ROLE_ADMIN'), //Disable password 'password' => false, //Set method @@ -83,7 +73,7 @@ class UserController extends DefaultController { //Create the LoginType form and give the proper parameters $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [ //Set action to register route name and context - 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']), + 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']), //Disable mail 'mail' => false, //Set method @@ -101,29 +91,24 @@ class UserController extends DefaultController { $data = $reset->getData(); //Set password - $data->setPassword($encoder->encodePassword($data, $data->getPassword())); + $data->setPassword($this->hasher->hashPassword($data, $data->getPassword())); //Queue snippet save - $manager->persist($data); + $this->manager->persist($data); //Flush to get the ids - $manager->flush(); + $this->manager->flush(); //Add notice $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()])); //Redirect to cleanup the form - return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']); + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']); } } //Add reset view $this->config['edit']['view']['context']['reset'] = $reset->createView(); - //Without admin role - //XXX: prefer a reset on login to force user unspam action - } else { - //Add notice - $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure')); } //With post method @@ -137,24 +122,29 @@ class UserController extends DefaultController { $data = $edit->getData(); //Queue snippet save - $manager->persist($data); + $this->manager->persist($data); //Try saving in database try { //Flush to get the ids - $manager->flush(); + $this->manager->flush(); //Add notice $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()])); //Redirect to cleanup the form - return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']); + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']); //Catch double slug or mail } catch (UniqueConstraintViolationException $e) { //Add error message mail already exists - $this->addFlash('error', $this->translator->trans('Account %mail% or with slug %slug% already exists', ['%mail%' => $data->getMail(), '%slug%' => $slug])); + $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $data->getMail()])); } } + //Without admin role + //XXX: prefer a reset on login to force user unspam action + } elseif (!$this->isGranted('ROLE_ADMIN')) { + //Add notice + $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure')); } //Render view