- //Config array
- protected $config;
-
- //Translator instance
- protected $translator;
-
- public function __construct(ContainerInterface $container, TranslatorInterface $translator, RouterInterface $router) {
- //Retrieve config
- $this->config = $container->getParameter($this->getAlias());
-
- //Set the translator
- $this->translator = $translator;
-
- //Get current action
- //XXX: we don't use this as it would be too slow, maybe ???
- #$action = str_replace(self::getAlias().'_', '', $container->get('request_stack')->getCurrentRequest()->get('_route'));
-
- //Inject every requested route in view and mail context
- foreach($this->config as $tag => $current) {
- //Look for entry with route subkey
- if (!empty($current['route'])) {
- //Generate url for both view and mail
- foreach(['view', 'mail'] as $view) {
- //Check that context key is usable
- if (isset($current[$view]['context']) && is_array($current[$view]['context'])) {
- //Process every routes
- foreach($current['route'] as $route => $key) {
- //Skip recover_mail route as it requires some parameters
- if ($route == 'recover_mail') {
- continue;
- }
- //Check that key is empty
- if (!isset($current[$view]['context'][$key])) {
- //Generate the route
- $this->config[$tag][$view]['context'][$key] = $router->generate(
- $this->config['route'][$route]['name'],
- $this->config['route'][$route]['context'],
- //Generate absolute url for mails
- $view=='mail'?UrlGeneratorInterface::ABSOLUTE_URL:UrlGeneratorInterface::ABSOLUTE_PATH
- );
- }
- }
+ /**
+ * Confirm account from mail link
+ *
+ * @param Request $request The request
+ * @param Registry $manager The doctrine registry
+ * @param UserPasswordEncoderInterface $encoder The password encoder
+ * @param EntityManagerInterface $manager The doctrine entity manager
+ * @param SluggerUtil $slugger The slugger
+ * @param MailerInterface $mailer The mailer
+ * @param string $mail The shorted mail address
+ * @param string $hash The hashed password
+ * @return Response The response
+ */
+ public function confirm(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, $mail, $hash): Response {
+ //With invalid hash
+ if ($hash != $slugger->hash($mail)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+ }
+
+ //Get mail
+ $mail = $slugger->unshort($smail = $mail);
+
+ //Without valid mail
+ if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+ //Throw bad request
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
+ }
+
+ //Without existing registrant
+ if (!($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
+ //Add error message mail already exists
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ $this->addFlash('error', $this->translator->trans('Account %mail% do not exists', ['%mail%' => $smail]));
+
+ //Redirect to register view
+ return $this->redirectToRoute($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield = $slugger->serialize([]), 'hash' => $slugger->hash($smail.$sfield)]+$this->config['route']['register']['context']);
+ }
+
+ //Set active
+ $user->setActive(true);
+
+ //Persist user
+ $manager->persist($user);
+
+ //Send to database
+ $manager->flush();
+
+ //Add error message mail already exists
+ $this->addFlash('notice', $this->translator->trans('Your account has been activated'));
+
+ //Redirect to user view
+ return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
+ }
+
+ /**
+ * Edit account by shorted mail
+ *
+ * @param Request $request The request
+ * @param Registry $manager The doctrine registry
+ * @param UserPasswordEncoderInterface $encoder The password encoder
+ * @param EntityManagerInterface $manager The doctrine entity manager
+ * @param SluggerUtil $slugger The slugger
+ * @param string $mail The shorted mail address
+ * @param string $hash The hashed password
+ * @return Response The response
+ */
+ public function edit(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, $mail, $hash): Response {
+ //With invalid hash
+ if ($hash != $slugger->hash($mail)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+ }
+
+ //Get mail
+ $mail = $slugger->unshort($smail = $mail);
+
+ //With existing subscriber
+ if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
+ //Throw not found
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
+ }
+
+ //Prevent access when not admin, user is not guest and not currently logged user
+ if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) {
+ //Throw access denied
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
+ }
+
+ //Create the RegisterType form and give the proper parameters
+ $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [
+ //Set action to register route name and context
+ 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
+ //Set civility class
+ 'civility_class' => $this->config['class']['civility'],
+ //Set civility default
+ 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+ //Disable mail
+ 'mail' => $this->isGranted('ROLE_ADMIN'),
+ //Disable slug
+ 'slug' => $this->isGranted('ROLE_ADMIN'),
+ //Disable password
+ 'password' => false,
+ //Set method
+ 'method' => 'POST'
+ ]);
+
+ //With admin role
+ if ($this->isGranted('ROLE_ADMIN')) {
+ //Create the LoginType form and give the proper parameters
+ $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [
+ //Set action to register route name and context
+ 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
+ //Disable mail
+ 'mail' => false,
+ //Set method
+ 'method' => 'POST'
+ ]);
+
+ //With post method
+ if ($request->isMethod('POST')) {
+ //Refill the fields in case the form is not valid.
+ $reset->handleRequest($request);
+
+ //With reset submitted and valid
+ if ($reset->isSubmitted() && $reset->isValid()) {
+ //Set data
+ $data = $reset->getData();
+
+ //Set password
+ $data->setPassword($encoder->encodePassword($data, $data->getPassword()));
+
+ //Queue snippet save
+ $manager->persist($data);
+
+ //Flush to get the ids
+ $manager->flush();
+
+ //Add notice
+ $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
+
+ //Redirect to cleanup the form
+ return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
+ }
+ }
+
+ //Add reset view
+ $this->config['edit']['view']['context']['reset'] = $reset->createView();
+ //Without admin role
+ //XXX: prefer a reset on login to force user unspam action
+ } else {
+ //Add notice
+ $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
+ }
+
+ //With post method
+ if ($request->isMethod('POST')) {
+ //Refill the fields in case the form is not valid.
+ $edit->handleRequest($request);
+
+ //With edit submitted and valid
+ if ($edit->isSubmitted() && $edit->isValid()) {
+ //Set data
+ $data = $edit->getData();
+
+ //Set slug
+ $slug = null;
+
+ //With admin
+ if ($this->isGranted('ROLE_ADMIN')) {
+ //With slug
+ if (!empty($data->getSlug())) {
+ //Set slug
+ $slug = $slugger->slug($data->getPseudonym());
Rapsys Git / userbundle / blobdiff