]> Raphaƫl G. Git Repositories - userbundle/blobdiff - Controller/AbstractController.php
Remove mail and hash possible leak from failure_path context
[userbundle] / Controller / AbstractController.php
index 258ef6891cfafb93254601e5512009671726374a..d6f34a2936c475a3296d6d7fc2cb5d83937cb8eb 100644 (file)
@@ -16,14 +16,20 @@ use Doctrine\Persistence\ManagerRegistry;
 use Psr\Log\LoggerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController as BaseAbstractController;
 use Symfony\Bundle\FrameworkBundle\Controller\ControllerTrait;
 use Psr\Log\LoggerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController as BaseAbstractController;
 use Symfony\Bundle\FrameworkBundle\Controller\ControllerTrait;
+use Symfony\Bundle\SecurityBundle\Security;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Routing\RouterInterface;
-use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
-use Symfony\Contracts\Translation\TranslatorInterface;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Contracts\Service\ServiceSubscriberInterface;
 use Symfony\Contracts\Service\ServiceSubscriberInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
+use Twig\Environment;
 
 use Rapsys\PackBundle\Util\SluggerUtil;
 
 
 use Rapsys\PackBundle\Util\SluggerUtil;
 
@@ -35,45 +41,95 @@ use Rapsys\UserBundle\RapsysUserBundle;
  * {@inheritdoc}
  */
 abstract class AbstractController extends BaseAbstractController implements ServiceSubscriberInterface {
  * {@inheritdoc}
  */
 abstract class AbstractController extends BaseAbstractController implements ServiceSubscriberInterface {
-       ///Config array
-       protected $config;
+       /**
+        * Config array
+        */
+       protected array $config;
 
 
-       ///ContainerInterface instance
-       protected $container;
+       /**
+        * Context array
+        */
+       protected array $context;
 
 
-       ///Context array
-       protected $context;
+       /**
+        * Limit integer
+        */
+       protected int $limit;
 
 
-       ///ManagerRegistry
-       protected $doctrine;
+       /**
+        * Locale string
+        */
+       protected string $locale;
 
 
-       ///UserPasswordHasherInterface
-       protected $hasher;
+       /**
+        * Page integer
+        */
+       protected int $page;
 
 
-       ///LoggerInterface
-       protected $logger;
+       /**
+        * AuthorizationCheckerInterface instance
+        */
+       protected AuthorizationCheckerInterface $checker;
 
 
-       ///MailerInterface
-       protected $mailer;
+       /**
+        * ManagerRegistry instance
+        */
+       protected ManagerRegistry $doctrine;
 
 
-       ///EntityManagerInterface
-       protected $manager;
+       /**
+        * UserPasswordHasherInterface instance
+        */
+       protected UserPasswordHasherInterface $hasher;
+
+       /**
+        * LoggerInterface instance
+        */
+       protected LoggerInterface $logger;
+
+       /**
+        * MailerInterface instance
+        */
+       protected MailerInterface $mailer;
+
+       /**
+        * EntityManagerInterface instance
+        */
+       protected EntityManagerInterface $manager;
 
 
-       ///Router instance
-       protected $router;
+       /**
+        * Request instance
+        */
+       protected Request $request;
 
 
-       ///Slugger util
-       protected $slugger;
+       /**
+        * Router instance
+        */
+       protected RouterInterface $router;
 
 
-       ///Translator instance
-       protected $translator;
+       /**
+        * Security instance
+        */
+       protected Security $security;
 
 
-       ///Locale
-       protected $locale;
+       /**
+        * Slugger util instance
+        */
+       protected SluggerUtil $slugger;
+
+       /**
+        * Translator instance
+        */
+       protected TranslatorInterface $translator;
+
+       /**
+        * Twig\Environment instance
+        */
+       protected Environment $twig;
 
        /**
         * Abstract constructor
         *
 
        /**
         * Abstract constructor
         *
+        * @param AuthorizationCheckerInterface $checker The checker instance
         * @param ContainerInterface $container The container instance
         * @param ManagerRegistry $doctrine The doctrine instance
         * @param UserPasswordHasherInterface $hasher The password hasher instance
         * @param ContainerInterface $container The container instance
         * @param ManagerRegistry $doctrine The doctrine instance
         * @param UserPasswordHasherInterface $hasher The password hasher instance
@@ -81,14 +137,20 @@ abstract class AbstractController extends BaseAbstractController implements Serv
         * @param MailerInterface $mailer The mailer instance
         * @param EntityManagerInterface $manager The manager instance
         * @param RouterInterface $router The router instance
         * @param MailerInterface $mailer The mailer instance
         * @param EntityManagerInterface $manager The manager instance
         * @param RouterInterface $router The router instance
+        * @param Security $security The security instance
         * @param SluggerUtil $slugger The slugger instance
         * @param RequestStack $stack The stack instance
         * @param TranslatorInterface $translator The translator instance
         * @param SluggerUtil $slugger The slugger instance
         * @param RequestStack $stack The stack instance
         * @param TranslatorInterface $translator The translator instance
+        * @param Environment $twig The twig environment instance
+        * @param integer $limit The page limit
         */
         */
-       public function __construct(ContainerInterface $container, ManagerRegistry $doctrine, UserPasswordHasherInterface $hasher, LoggerInterface $logger, MailerInterface $mailer, EntityManagerInterface $manager, RouterInterface $router, SluggerUtil $slugger, RequestStack $stack, TranslatorInterface $translator) {
+       public function __construct(AuthorizationCheckerInterface $checker, ContainerInterface $container, ManagerRegistry $doctrine, UserPasswordHasherInterface $hasher, LoggerInterface $logger, MailerInterface $mailer, EntityManagerInterface $manager, RouterInterface $router, Security $security, SluggerUtil $slugger, RequestStack $stack, TranslatorInterface $translator, Environment $twig, int $limit = 5) {
                //Retrieve config
                $this->config = $container->getParameter(RapsysUserBundle::getAlias());
 
                //Retrieve config
                $this->config = $container->getParameter(RapsysUserBundle::getAlias());
 
+               //Set checker
+               $this->checker = $checker;
+
                //Set container
                $this->container = $container;
 
                //Set container
                $this->container = $container;
 
@@ -101,6 +163,9 @@ abstract class AbstractController extends BaseAbstractController implements Serv
                //Set logger
                $this->logger = $logger;
 
                //Set logger
                $this->logger = $logger;
 
+               //Set limit
+               $this->limit = $limit;
+
                //Set mailer
                $this->mailer = $mailer;
 
                //Set mailer
                $this->mailer = $mailer;
 
@@ -110,20 +175,31 @@ abstract class AbstractController extends BaseAbstractController implements Serv
                //Set router
                $this->router = $router;
 
                //Set router
                $this->router = $router;
 
+               //Set security
+               $this->security = $security;
+
                //Set slugger
                $this->slugger = $slugger;
 
                //Set translator
                $this->translator = $translator;
 
                //Set slugger
                $this->slugger = $slugger;
 
                //Set translator
                $this->translator = $translator;
 
+               //Set twig
+               $this->twig = $twig;
+
                //Get current request
                //Get current request
-               $request = $stack->getCurrentRequest();
+               $this->request = $stack->getCurrentRequest();
 
 
-               //Get current locale
-               $this->locale = $request->getLocale();
+               //Get current page
+               $this->page = (int) $this->request->query->get('page');
 
 
-               //Set locale
-               $this->config['context']['locale'] = str_replace('_', '-', $this->locale);
+               //With negative page
+               if ($this->page < 0) {
+                       $this->page = 0;
+               }
+
+               //Get current locale
+               $this->locale = $this->request->getLocale();
 
                //Set translate array
                $translates = [];
 
                //Set translate array
                $translates = [];
@@ -134,10 +210,12 @@ abstract class AbstractController extends BaseAbstractController implements Serv
                        foreach($this->config['translate'] as $translate) {
                                //Set tmp
                                $tmp = null;
                        foreach($this->config['translate'] as $translate) {
                                //Set tmp
                                $tmp = null;
+
                                //Iterate on keys
                                foreach(array_reverse(explode('.', $translate)) as $curkey) {
                                        $tmp = array_combine([$curkey], [$tmp]);
                                }
                                //Iterate on keys
                                foreach(array_reverse(explode('.', $translate)) as $curkey) {
                                        $tmp = array_combine([$curkey], [$tmp]);
                                }
+
                                //Append tree
                                $translates = array_replace_recursive($translates, $tmp);
                        }
                                //Append tree
                                $translates = array_replace_recursive($translates, $tmp);
                        }
@@ -145,12 +223,6 @@ abstract class AbstractController extends BaseAbstractController implements Serv
 
                //Inject every requested route in view and mail context
                foreach($this->config as $tag => $current) {
 
                //Inject every requested route in view and mail context
                foreach($this->config as $tag => $current) {
-                       //Look for entry with title subkey
-                       if (!empty($current['title'])) {
-                               //Translate title value
-                               $this->config[$tag]['title'] = $this->translator->trans($current['title']);
-                       }
-
                        //Look for entry with route subkey
                        if (!empty($current['route'])) {
                                //Generate url for both view and mail
                        //Look for entry with route subkey
                        if (!empty($current['route'])) {
                                //Generate url for both view and mail
@@ -237,12 +309,12 @@ abstract class AbstractController extends BaseAbstractController implements Serv
                                                        $pathInfo = $this->router->getContext()->getPathInfo();
 
                                                        //Iterate on locales excluding current one
                                                        $pathInfo = $this->router->getContext()->getPathInfo();
 
                                                        //Iterate on locales excluding current one
-                                                       foreach($this->config['locales'] as $locale) {
+                                                       foreach(($locales = array_keys($this->config['languages'])) as $locale) {
                                                                //Set titles
                                                                $titles = [];
 
                                                                //Iterate on other locales
                                                                //Set titles
                                                                $titles = [];
 
                                                                //Iterate on other locales
-                                                               foreach(array_diff($this->config['locales'], [$locale]) as $other) {
+                                                               foreach(array_diff($locales, [$locale]) as $other) {
                                                                        $titles[$other] = $this->translator->trans($this->config['languages'][$locale], [], null, $other);
                                                                }
 
                                                                        $titles[$other] = $this->translator->trans($this->config['languages'][$locale], [], null, $other);
                                                                }
 
@@ -258,10 +330,10 @@ abstract class AbstractController extends BaseAbstractController implements Serv
                                                                //With current locale
                                                                if ($locale == $this->locale) {
                                                                        //Set locale locales context
                                                                //With current locale
                                                                if ($locale == $this->locale) {
                                                                        //Set locale locales context
-                                                                       $this->config[$tag][$view]['context']['canonical'] = $this->router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL);
+                                                                       $this->config[$tag][$view]['context']['head']['canonical'] = $this->router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL);
                                                                } else {
                                                                        //Set locale locales context
                                                                } else {
                                                                        //Set locale locales context
-                                                                       $this->config[$tag][$view]['context']['alternates'][$locale] = [
+                                                                       $this->config[$tag][$view]['context']['head']['alternates'][$locale] = [
                                                                                'absolute' => $this->router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL),
                                                                                'relative' => $this->router->generate($name, ['_locale' => $locale]+$route),
                                                                                'title' => implode('/', $titles),
                                                                                'absolute' => $this->router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL),
                                                                                'relative' => $this->router->generate($name, ['_locale' => $locale]+$route),
                                                                                'title' => implode('/', $titles),
@@ -270,9 +342,9 @@ abstract class AbstractController extends BaseAbstractController implements Serv
                                                                }
 
                                                                //Add shorter locale
                                                                }
 
                                                                //Add shorter locale
-                                                               if (empty($this->config[$tag][$view]['context']['alternates'][$slocale = substr($locale, 0, 2)])) {
+                                                               if (empty($this->config[$tag][$view]['context']['head']['alternates'][$slocale = substr($locale, 0, 2)])) {
                                                                        //Add shorter locale
                                                                        //Add shorter locale
-                                                                       $this->config[$tag][$view]['context']['alternates'][$slocale] = [
+                                                                       $this->config[$tag][$view]['context']['head']['alternates'][$slocale] = [
                                                                                'absolute' => $this->router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL),
                                                                                'relative' => $this->router->generate($name, ['_locale' => $locale]+$route),
                                                                                'title' => implode('/', $titles),
                                                                                'absolute' => $this->router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL),
                                                                                'relative' => $this->router->generate($name, ['_locale' => $locale]+$route),
                                                                                'title' => implode('/', $titles),
@@ -287,6 +359,51 @@ abstract class AbstractController extends BaseAbstractController implements Serv
                }
        }
 
                }
        }
 
+       /**
+        * Renders a view
+        *
+        * {@inheritdoc}
+        */
+       protected function render(string $view, array $parameters = [], Response $response = null): Response {
+               //Create response when null
+               $response ??= new Response();
+
+               //With empty head locale
+               if (empty($parameters['head']['locale'])) {
+                       //Set head locale
+                       $parameters['head']['locale'] = $this->locale;
+               }
+
+               //With empty head title and section
+               if (empty($parameters['head']['title']) && !empty($parameters['section'])) {
+                       //Set head title
+                       $parameters['head']['title'] = implode(' - ', [$parameters['title'], $parameters['section'], $parameters['head']['site']]);
+               //With empty head title
+               } elseif (empty($parameters['head']['title'])) {
+                       //Set head title
+                       $parameters['head']['title'] = implode(' - ', [$parameters['title'], $parameters['head']['site']]);
+               }
+
+               //Call twig render method
+               $content = $this->twig->render($view, $parameters);
+
+               //Invalidate OK response on invalid form
+               if (200 === $response->getStatusCode()) {
+                       foreach ($parameters as $v) {
+                               if ($v instanceof FormInterface && $v->isSubmitted() && !$v->isValid()) {
+                                       $response->setStatusCode(422);
+                                       break;
+                               }
+                       }
+               }
+
+               //Store content in response
+               $response->setContent($content);
+
+               //Return response
+               return $response;
+       }
+
        /**
         * {@inheritdoc}
         *
        /**
         * {@inheritdoc}
         *
@@ -295,7 +412,6 @@ abstract class AbstractController extends BaseAbstractController implements Serv
        public static function getSubscribedServices(): array {
                //Return subscribed services
                return [
        public static function getSubscribedServices(): array {
                //Return subscribed services
                return [
-                       'service_container' => ContainerInterface::class,
                        'doctrine' => ManagerRegistry::class,
                        'doctrine.orm.default_entity_manager' => EntityManagerInterface::class,
                        'logger' => LoggerInterface::class,
                        'doctrine' => ManagerRegistry::class,
                        'doctrine.orm.default_entity_manager' => EntityManagerInterface::class,
                        'logger' => LoggerInterface::class,
@@ -303,7 +419,10 @@ abstract class AbstractController extends BaseAbstractController implements Serv
                        'rapsys_pack.slugger_util' => SluggerUtil::class,
                        'request_stack' => RequestStack::class,
                        'router' => RouterInterface::class,
                        'rapsys_pack.slugger_util' => SluggerUtil::class,
                        'request_stack' => RequestStack::class,
                        'router' => RouterInterface::class,
+                       'security.authorization_checker' => AuthorizationCheckerInterface::class,
+                       'security' => Security::class,
                        'security.user_password_hasher' => UserPasswordHasherInterface::class,
                        'security.user_password_hasher' => UserPasswordHasherInterface::class,
+                       'service_container' => ContainerInterface::class,
                        'translator' => TranslatorInterface::class
                ];
        }
                        'translator' => TranslatorInterface::class
                ];
        }