-<?php
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of the Rapsys UserBundle package.
+ *
+ * (c) Raphaël Gertz <symfony@rapsys.eu>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
namespace Rapsys\UserBundle\Controller;
+use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
use Symfony\Bridge\Twig\Mime\TemplatedEmail;
-use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use Symfony\Component\DependencyInjection\ContainerInterface;
-use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Form\FormError;
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
-use Symfony\Component\Mailer\MailerInterface;
use Symfony\Component\Mime\Address;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
-use Symfony\Component\Routing\RouterInterface;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
-use Symfony\Component\Translation\TranslatorInterface;
-use Psr\Log\LoggerInterface;
-
-use Rapsys\PackBundle\Util\SluggerUtil;
+/**
+ * {@inheritdoc}
+ */
class DefaultController extends AbstractController {
- //Config array
- protected $config;
-
- //Translator instance
- protected $translator;
-
- /**
- * Constructor
- *
- * @TODO: move all canonical and other view related stuff in an user AbstractController like in RapsysAir render feature !!!!
- *
- * @param ContainerInterface $container The containter instance
- * @param RouterInterface $router The router instance
- * @param TranslatorInterface $translator The translator instance
- */
- public function __construct(ContainerInterface $container, RouterInterface $router, TranslatorInterface $translator) {
- //Retrieve config
- $this->config = $container->getParameter($this->getAlias());
-
- //Set the translator
- $this->translator = $translator;
-
- //Get request stack
- $stack = $container->get('request_stack');
-
- //Get current request
- $request = $stack->getCurrentRequest();
-
- //Get current locale
- $currentLocale = $request->getLocale();
-
- //Set locale
- $this->config['context']['locale'] = str_replace('_', '-', $currentLocale);
-
- //Set translate array
- $translates = [];
-
- //Look for keys to translate
- if (!empty($this->config['translate'])) {
- //Iterate on keys to translate
- foreach($this->config['translate'] as $translate) {
- //Set tmp
- $tmp = null;
- //Iterate on keys
- foreach(array_reverse(explode('.', $translate)) as $curkey) {
- $tmp = array_combine([$curkey], [$tmp]);
- }
- //Append tree
- $translates = array_replace_recursive($translates, $tmp);
- }
- }
-
- //Inject every requested route in view and mail context
- foreach($this->config as $tag => $current) {
- //Look for entry with title subkey
- if (!empty($current['title'])) {
- //Translate title value
- $this->config[$tag]['title'] = $translator->trans($current['title']);
- }
-
- //Look for entry with route subkey
- if (!empty($current['route'])) {
- //Generate url for both view and mail
- foreach(['view', 'mail'] as $view) {
- //Check that context key is usable
- if (isset($current[$view]['context']) && is_array($current[$view]['context'])) {
- //Merge with global context
- $this->config[$tag][$view]['context'] = array_replace_recursive($this->config['context'], $this->config[$tag][$view]['context']);
-
- //Process every routes
- foreach($current['route'] as $route => $key) {
- //With confirm route
- if ($route == 'confirm') {
- //Skip route as it requires some parameters
- continue;
- }
-
- //Set value
- $value = $router->generate(
- $this->config['route'][$route]['name'],
- $this->config['route'][$route]['context'],
- //Generate absolute url for mails
- $view=='mail'?UrlGeneratorInterface::ABSOLUTE_URL:UrlGeneratorInterface::ABSOLUTE_PATH
- );
-
- //Multi level key
- if (strpos($key, '.') !== false) {
- //Set tmp
- $tmp = $value;
-
- //Iterate on key
- foreach(array_reverse(explode('.', $key)) as $curkey) {
- $tmp = array_combine([$curkey], [$tmp]);
- }
-
- //Set value
- $this->config[$tag][$view]['context'] = array_replace_recursive($this->config[$tag][$view]['context'], $tmp);
- //Single level key
- } else {
- //Set value
- $this->config[$tag][$view]['context'][$key] = $value;
- }
- }
-
- //Look for successful intersections
- if (!empty(array_intersect_key($translates, $this->config[$tag][$view]['context']))) {
- //Iterate on keys to translate
- foreach($this->config['translate'] as $translate) {
- //Set keys
- $keys = explode('.', $translate);
-
- //Set tmp
- $tmp = $this->config[$tag][$view]['context'];
-
- //Iterate on keys
- foreach($keys as $curkey) {
- //Without child key
- if (!isset($tmp[$curkey])) {
- //Skip to next key
- continue(2);
- }
-
- //Get child key
- $tmp = $tmp[$curkey];
- }
-
- //Translate tmp value
- $tmp = $translator->trans($tmp);
-
- //Iterate on keys
- foreach(array_reverse($keys) as $curkey) {
- //Set parent key
- $tmp = array_combine([$curkey], [$tmp]);
- }
-
- //Set value
- $this->config[$tag][$view]['context'] = array_replace_recursive($this->config[$tag][$view]['context'], $tmp);
- }
- }
-
- //With view context
- if ($view == 'view') {
- //Get context path
- $pathInfo = $router->getContext()->getPathInfo();
-
- //Iterate on locales excluding current one
- foreach($this->config['locales'] as $locale) {
- //Set titles
- $titles = [];
-
- //Iterate on other locales
- foreach(array_diff($this->config['locales'], [$locale]) as $other) {
- $titles[$other] = $translator->trans($this->config['languages'][$locale], [], null, $other);
- }
-
- //Retrieve route matching path
- $route = $router->match($pathInfo);
-
- //Get route name
- $name = $route['_route'];
-
- //Unset route name
- unset($route['_route']);
-
- //With current locale
- if ($locale == $currentLocale) {
- //Set locale locales context
- $this->config[$tag][$view]['context']['canonical'] = $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL);
- } else {
- //Set locale locales context
- $this->config[$tag][$view]['context']['alternates'][$locale] = [
- 'absolute' => $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL),
- 'relative' => $router->generate($name, ['_locale' => $locale]+$route),
- 'title' => implode('/', $titles),
- 'translated' => $translator->trans($this->config['languages'][$locale], [], null, $locale)
- ];
- }
-
- //Add shorter locale
- if (empty($this->config[$tag][$view]['context']['alternates'][$slocale = substr($locale, 0, 2)])) {
- //Add shorter locale
- $this->config[$tag][$view]['context']['alternates'][$slocale] = [
- 'absolute' => $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL),
- 'relative' => $router->generate($name, ['_locale' => $locale]+$route),
- 'title' => implode('/', $titles),
- 'translated' => $translator->trans($this->config['languages'][$locale], [], null, $locale)
- ];
- }
- }
- }
- }
- }
- }
- }
- }
-
/**
* Confirm account from mail link
*
* @param Request $request The request
- * @param UserPasswordEncoderInterface $encoder The password encoder
- * @param SluggerUtil $slugger The slugger
- * @param MailerInterface $mailer The mailer
- * @param string $mail The shorted mail address
- * @param string $extra The serialized then shorted extra array
* @param string $hash The hashed password
+ * @param string $mail The shorted mail address
* @return Response The response
*/
- public function confirm(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $extra, $hash) {
- //Get doctrine
- $doctrine = $this->getDoctrine();
-
+ public function confirm(Request $request, string $hash, string $mail): Response {
//With invalid hash
- if ($hash != $slugger->hash($mail.$extra)) {
+ if ($hash != $this->slugger->hash($mail)) {
//Throw bad request
throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
}
//Get mail
- $mail = $slugger->unshort($smail = $mail);
+ $mail = $this->slugger->unshort($smail = $mail);
//Without valid mail
if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
//Throw bad request
- throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail]));
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
}
- //With existing subscriber
- if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) {
+ //Without existing registrant
+ if (!($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
//Add error message mail already exists
- $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
-
- //Redirect to user view
- return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
- }
-
- //Get extra
- $extra = $slugger->unserialize($sextra = $extra);
-
- //Without valid extra
- if (!is_array($extra)) {
- //Throw bad request
- throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'extra', '%value%' => $sextra]));
- }
-
- //Extract names and pseudonym from mail
- $names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $mail))))));
-
- //Get manager
- $manager = $doctrine->getManager();
-
- //Init reflection
- $reflection = new \ReflectionClass($this->config['class']['user']);
-
- //Create new user
- $user = $reflection->newInstance();
-
- //Set mail
- $user->setMail($mail);
-
- //Set default value
- $default = [
- 'civility(title)' => $this->config['default']['civility'],
- 'pseudonym' => $pseudonym,
- 'forename' => $names[0]??$pseudonym,
- 'surname' => $names[1]??$pseudonym,
- 'password' => $encoder->encodePassword($user, $mail),
- 'active' => true
- ];
-
- //Iterate on each default value
- //TODO: store add/set action between [] ???
- foreach($extra+$default as $key => $value) {
- //Set member
- $member = $key;
-
- //With title entity
- if (substr($key, -strlen('(title)')) === '(title)') {
- //Remove field info
- $member = substr($member, 0, -strlen('(title)'));
-
- //Get object as value
- $value = $doctrine->getRepository($this->config['class'][$member])->findOneByTitle($value);
- //With id entity
- } elseif (substr($key, -strlen('(id)')) === '(id)') {
- //Remove field info
- $member = substr($member, 0, -strlen('(id)'));
-
- //Get object as value
- $value = $doctrine->getRepository($this->config['class'][$key])->findOneById($value);
- }
-
- //Set value
- $user->{'set'.ucfirst($member)}($value);
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ $this->addFlash('error', $this->translator->trans('Account %mail% do not exists', ['%mail%' => $smail]));
- //Unset extra value
- unset($extra[$key]);
+ //Redirect to register view
+ return $this->redirectToRoute($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield = $this->slugger->serialize([]), 'hash' => $this->slugger->hash($smail.$sfield)]+$this->config['route']['register']['context']);
}
- //Iterate on default group
- foreach($this->config['default']['group'] as $i => $groupTitle) {
- //Fetch group
- if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) {
- //Set default group
- //XXX: see vendor/symfony/security-core/Role/Role.php
- $user->addGroup($group);
- //Group not found
- } else {
- //Throw exception
- //XXX: consider missing group as fatal
- throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle));
- }
- }
-
- $user->setCreated(new \DateTime('now'));
- $user->setUpdated(new \DateTime('now'));
+ //Set active
+ $user->setActive(true);
//Persist user
- $manager->persist($user);
+ $this->manager->persist($user);
- //Try saving in database
- try {
- //Send to database
- $manager->flush();
+ //Send to database
+ $this->manager->flush();
- //Add error message mail already exists
- $this->addFlash('notice', $this->translator->trans('Your account has been created'));
- //Catch double subscription
- } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) {
- //Add error message mail already exists
- $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
- }
+ //Add error message mail already exists
+ $this->addFlash('notice', $this->translator->trans('Your account has been activated'));
//Redirect to user view
- return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
+ return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']);
}
/**
* Edit account by shorted mail
*
* @param Request $request The request
- * @param SluggerUtil $slugger The slugger
+ * @param string $hash The hashed password
* @param string $mail The shorted mail address
* @return Response The response
*/
- public function edit(Request $request, SluggerUtil $slugger, $mail) {
- //Get doctrine
- $doctrine = $this->getDoctrine();
+ public function edit(Request $request, string $hash, string $mail): Response {
+ //With invalid hash
+ if ($hash != $this->slugger->hash($mail)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+ }
//Get mail
- $mail = $slugger->unshort($smail = $mail);
+ $mail = $this->slugger->unshort($smail = $mail);
//With existing subscriber
- if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
- var_dump($mail);
+ if (empty($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
//Throw not found
//XXX: prevent slugger reverse engineering by not displaying decoded mail
throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
}
- //Get user token
- $token = new UsernamePasswordToken($user, null, 'none', $user->getRoles());
-
- //Check if guest
- $isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']);
-
//Prevent access when not admin, user is not guest and not currently logged user
- if (!$this->isGranted('ROLE_ADMIN') && empty($isGuest) && $user != $this->getUser()) {
+ if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) {
//Throw access denied
//XXX: prevent slugger reverse engineering by not displaying decoded mail
throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
}
//Create the RegisterType form and give the proper parameters
- $form = $this->createForm($this->config['register']['view']['form'], $user, [
+ $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [
//Set action to register route name and context
- 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']),
+ 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']),
//Set civility class
'civility_class' => $this->config['class']['civility'],
//Set civility default
- 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+ 'civility_default' => $this->doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
//Disable mail
'mail' => $this->isGranted('ROLE_ADMIN'),
//Disable password
- //XXX: prefer a reset on login to force user unspam action
'password' => false,
//Set method
'method' => 'POST'
- ]);
+ ]+$this->config['edit']['field']);
+
+ //With admin role
+ if ($this->isGranted('ROLE_ADMIN')) {
+ //Create the LoginType form and give the proper parameters
+ $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [
+ //Set action to register route name and context
+ 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']),
+ //Disable mail
+ 'mail' => false,
+ //Set method
+ 'method' => 'POST'
+ ]);
- if ($request->isMethod('POST')) {
- //Refill the fields in case the form is not valid.
- $form->handleRequest($request);
+ //With post method
+ if ($request->isMethod('POST')) {
+ //Refill the fields in case the form is not valid.
+ $reset->handleRequest($request);
- if ($form->isValid()) {
- //Set data
- $data = $form->getData();
+ //With reset submitted and valid
+ if ($reset->isSubmitted() && $reset->isValid()) {
+ //Set data
+ $data = $reset->getData();
- //Get manager
- $manager = $doctrine->getManager();
+ //Set password
+ $data->setPassword($this->hasher->hashPassword($data, $data->getPassword()));
- //Queue snippet save
- $manager->persist($data);
+ //Queue snippet save
+ $this->manager->persist($data);
- //Flush to get the ids
- $manager->flush();
+ //Flush to get the ids
+ $this->manager->flush();
- //Add notice
- $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail]));
+ //Add notice
+ $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
+
+ //Redirect to cleanup the form
+ return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']);
+ }
+ }
+
+ //Add reset view
+ $this->config['edit']['view']['context']['reset'] = $reset->createView();
+ }
- //Redirect to user view
- //TODO: extract referer ??? or useless ???
- return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
+ //With post method
+ if ($request->isMethod('POST')) {
+ //Refill the fields in case the form is not valid.
+ $edit->handleRequest($request);
+
+ //With edit submitted and valid
+ if ($edit->isSubmitted() && $edit->isValid()) {
+ //Set data
+ $data = $edit->getData();
- //Redirect to cleanup the form
- return $this->redirectToRoute('rapsys_air', ['user' => $data->getId()]);
+ //Queue snippet save
+ $this->manager->persist($data);
+
+ //Try saving in database
+ try {
+ //Flush to get the ids
+ $this->manager->flush();
+
+ //Add notice
+ $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
+
+ //Redirect to cleanup the form
+ return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']);
+ //Catch double slug or mail
+ } catch (UniqueConstraintViolationException $e) {
+ //Add error message mail already exists
+ $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $data->getMail()]));
+ }
}
- } else {
+ //Without admin role
+ //XXX: prefer a reset on login to force user unspam action
+ } elseif (!$this->isGranted('ROLE_ADMIN')) {
//Add notice
- $this->addFlash('notice', $this->translator->trans('To change your password login with your mail %mail% and any password then follow the procedure', ['%mail%' => $mail]));
+ $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
}
//Render view
//Template
$this->config['edit']['view']['name'],
//Context
- ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
+ ['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
);
}
*
* @param Request $request The request
* @param AuthenticationUtils $authenticationUtils The authentication utils
+ * @param ?string $hash The hashed password
+ * @param ?string $mail The shorted mail address
* @return Response The response
*/
- public function login(Request $request, AuthenticationUtils $authenticationUtils) {
+ public function login(Request $request, AuthenticationUtils $authenticationUtils, ?string $hash, ?string $mail): Response {
//Create the LoginType form and give the proper parameters
$login = $this->createForm($this->config['login']['view']['form'], null, [
//Set action to login route name and context
'action' => $this->generateUrl($this->config['route']['login']['name'], $this->config['route']['login']['context']),
+ //Disable repeated password
+ 'password_repeated' => false,
+ //Set method
'method' => 'POST'
]);
//Init context
$context = [];
+ //With mail
+ if (!empty($mail) && !empty($hash)) {
+ //With invalid hash
+ if ($hash != $this->slugger->hash($mail)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+ }
+
+ //Get mail
+ $mail = $this->slugger->unshort($smail = $mail);
+
+ //Without valid mail
+ if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
+ }
+
+ //Prefilled mail
+ $login->get('mail')->setData($mail);
//Last username entered by the user
- if ($lastUsername = $authenticationUtils->getLastUsername()) {
+ } elseif ($lastUsername = $authenticationUtils->getLastUsername()) {
$login->get('mail')->setData($lastUsername);
}
//Add error message to mail field
$login->get('mail')->addError(new FormError($error));
- //Create the RecoverType form and give the proper parameters
+ //Create the LoginType form and give the proper parameters
$recover = $this->createForm($this->config['recover']['view']['form'], null, [
//Set action to recover route name and context
'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']),
* Recover account
*
* @param Request $request The request
- * @param UserPasswordEncoderInterface $encoder The password encoder
- * @param SluggerUtil $slugger The slugger
- * @param MailerInterface $mailer The mailer
- * @param string $mail The shorted mail address
- * @param string $pass The shorted password
- * @param string $hash The hashed password
+ * @param ?string $hash The hashed password
+ * @param ?string $pass The shorted password
+ * @param ?string $mail The shorted mail address
* @return Response The response
*/
- public function recover(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash) {
- //Get doctrine
- $doctrine = $this->getDoctrine();
-
+ public function recover(Request $request, ?string $hash, ?string $pass, ?string $mail): Response {
//Without mail, pass and hash
if (empty($mail) && empty($pass) && empty($hash)) {
- //Create the RecoverType form and give the proper parameters
+ //Create the LoginType form and give the proper parameters
$form = $this->createForm($this->config['recover']['view']['form'], null, [
//Set action to recover route name and context
'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']),
'method' => 'POST'
]);
+ //With post method
if ($request->isMethod('POST')) {
//Refill the fields in case the form is not valid.
$form->handleRequest($request);
- if ($form->isValid()) {
+ //With form submitted and valid
+ if ($form->isSubmitted() && $form->isValid()) {
//Set data
$data = $form->getData();
//Find user by data mail
- if ($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($data['mail'])) {
+ if ($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($data['mail'])) {
//Set mail shortcut
$recoverMail =& $this->config['recover']['mail'];
//Set mail
- $mail = $slugger->short($user->getMail());
+ $mail = $this->slugger->short($user->getMail());
//Set pass
- $pass = $slugger->hash($user->getPassword());
+ $pass = $this->slugger->hash($user->getPassword());
//Generate each route route
foreach($this->config['recover']['route'] as $route => $tag) {
//Process for recover mail url
if ($route == 'recover') {
//Set the url in context
- $recoverMail['context'][$tag] = $this->get('router')->generate(
+ $recoverMail['context'][$tag] = $this->router->generate(
$this->config['route'][$route]['name'],
//Prepend recover context with tag
[
'mail' => $mail,
'pass' => $pass,
- 'hash' => $slugger->hash($mail.$pass)
+ 'hash' => $this->slugger->hash($mail.$pass)
]+$this->config['route'][$route]['context'],
UrlGeneratorInterface::ABSOLUTE_URL
);
$recoverMail['context']['recipient_mail'] = $user->getMail();
//Set recipient_name
- $recoverMail['context']['recipient_name'] = trim($user->getForename().' '.$user->getSurname().($user->getPseudonym()?' ('.$user->getPseudonym().')':''));
+ $recoverMail['context']['recipient_name'] = $user->getRecipientName();
//Init subject context
- $subjectContext = $slugger->flatten(array_replace_recursive($this->config['recover']['view']['context'], $recoverMail['context']), null, '.', '%', '%');
+ $subjectContext = $this->slugger->flatten(array_replace_recursive($this->config['recover']['view']['context'], $recoverMail['context']), null, '.', '%', '%');
//Translate subject
$recoverMail['subject'] = ucfirst($this->translator->trans($recoverMail['subject'], $subjectContext));
//XXX: mail delivery may silently fail
try {
//Send message
- $mailer->send($message);
+ $this->mailer->send($message);
//Redirect on the same route with sent=1 to cleanup form
return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
}
//With invalid hash
- if ($hash != $slugger->hash($mail.$pass)) {
+ if ($hash != $this->slugger->hash($mail.$pass)) {
//Throw bad request
throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
}
//Get mail
- $mail = $slugger->unshort($smail = $mail);
+ $mail = $this->slugger->unshort($smail = $mail);
//Without valid mail
if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
//Throw bad request
- throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail]));
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
}
//With existing subscriber
- if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
+ if (empty($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
//Throw not found
//XXX: prevent slugger reverse engineering by not displaying decoded mail
throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
}
//With unmatched pass
- if ($pass != $slugger->hash($user->getPassword())) {
+ if ($pass != $this->slugger->hash($user->getPassword())) {
//Throw not found
//XXX: prevent use of outdated recover link
throw $this->createNotFoundException($this->translator->trans('Outdated recover link'));
}
- //Create the RecoverType form and give the proper parameters
+ //Create the LoginType form and give the proper parameters
$form = $this->createForm($this->config['recover']['view']['form'], $user, [
//Set action to recover route name and context
'action' => $this->generateUrl($this->config['route']['recover']['name'], ['mail' => $smail, 'pass' => $pass, 'hash' => $hash]+$this->config['route']['recover']['context']),
'method' => 'POST'
]);
+ //With post method
if ($request->isMethod('POST')) {
//Refill the fields in case the form is not valid.
$form->handleRequest($request);
- if ($form->isValid()) {
+ //With form submitted and valid
+ if ($form->isSubmitted() && $form->isValid()) {
//Set data
$data = $form->getData();
- //Set encoded password
- $encoded = $encoder->encodePassword($user, $user->getPassword());
+ //Set hashed password
+ $hashed = $this->hasher->hashPassword($user, $user->getPassword());
//Update pass
- $pass = $slugger->hash($encoded);
+ $pass = $this->slugger->hash($hashed);
//Set user password
- $user->setPassword($encoded);
-
- //Set updated
- $user->setUpdated(new \DateTime('now'));
-
- //Get manager
- $manager = $doctrine->getManager();
+ $user->setPassword($hashed);
//Persist user
- $manager->persist($user);
+ $this->manager->persist($user);
//Send to database
- $manager->flush();
+ $this->manager->flush();
//Add notice
$this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail]));
//Redirect to user login
- return $this->redirectToRoute($this->config['route']['login']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['login']['context']);
+ return $this->redirectToRoute($this->config['route']['login']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['login']['context']);
}
}
* Register an account
*
* @param Request $request The request
- * @param UserPasswordEncoderInterface $encoder The password encoder
- * @param SluggerUtil $slugger The slugger
- * @param MailerInterface $mailer The mailer
- * @param LoggerInterface $logger The logger
- * @param string $field The serialized then shorted form field array
- * @param string $hash The hashed serialized field array
+ * @param ?string $hash The hashed serialized field array
+ * @param ?string $field The serialized then shorted form field array
+ * @param ?string $mail The shorted mail address
* @return Response The response
*/
- public function register(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $field, $hash) {
- //Get doctrine
- $doctrine = $this->getDoctrine();
+ public function register(Request $request, ?string $hash, ?string $field, ?string $mail): Response {
+ //With mail
+ if (!empty($_POST['register']['mail'])) {
+ //Log new user infos
+ $this->logger->emergency(
+ $this->translator->trans(
+ 'register: mail=%mail% locale=%locale% confirm=%confirm%',
+ [
+ '%mail%' => $postMail = $_POST['register']['mail'],
+ '%locale%' => $request->getLocale(),
+ '%confirm%' => $this->router->generate(
+ $this->config['route']['confirm']['name'],
+ //Prepend subscribe context with tag
+ [
+ 'mail' => $postSmail = $this->slugger->short($postMail),
+ 'hash' => $this->slugger->hash($postSmail)
+ ]+$this->config['route']['confirm']['context'],
+ UrlGeneratorInterface::ABSOLUTE_URL
+ )
+ ]
+ )
+ );
+ }
- //With field
+ //With mail and field
if (!empty($field) && !empty($hash)) {
//With invalid hash
- if ($hash != $slugger->hash($field)) {
+ if ($hash != $this->slugger->hash($mail.$field)) {
//Throw bad request
throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
}
+ //With mail
+ if (!empty($mail)) {
+ //Get mail
+ $mail = $this->slugger->unshort($smail = $mail);
+
+ //Without valid mail
+ if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+ //Throw bad request
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
+ }
+
+ //With existing registrant
+ if ($existing = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) {
+ //With disabled existing
+ if ($existing->isDisabled()) {
+ //Render view
+ $response = $this->render(
+ //Template
+ $this->config['register']['view']['name'],
+ //Context
+ ['title' => $this->translator->trans('Access denied'), 'disabled' => 1]+$this->config['register']['view']['context']
+ );
+
+ //Set 403
+ $response->setStatusCode(403);
+
+ //Return response
+ return $response;
+ //With unactivated existing
+ } elseif (!$existing->isActivated()) {
+ //Set mail shortcut
+ $activateMail =& $this->config['register']['mail'];
+
+ //Generate each route route
+ foreach($this->config['register']['route'] as $route => $tag) {
+ //Only process defined routes
+ if (!empty($this->config['route'][$route])) {
+ //Process for confirm url
+ if ($route == 'confirm') {
+ //Set the url in context
+ $activateMail['context'][$tag] = $this->router->generate(
+ $this->config['route'][$route]['name'],
+ //Prepend subscribe context with tag
+ [
+ 'mail' => $smail = $this->slugger->short($existing->getMail()),
+ 'hash' => $this->slugger->hash($smail)
+ ]+$this->config['route'][$route]['context'],
+ UrlGeneratorInterface::ABSOLUTE_URL
+ );
+ }
+ }
+ }
+
+ //Set recipient_name
+ $activateMail['context']['recipient_mail'] = $existing->getMail();
+
+ //Set recipient name
+ $activateMail['context']['recipient_name'] = $existing->getRecipientName();
+
+ //Init subject context
+ $subjectContext = $this->slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $activateMail['context']), null, '.', '%', '%');
+
+ //Translate subject
+ $activateMail['subject'] = ucfirst($this->translator->trans($activateMail['subject'], $subjectContext));
+
+ //Create message
+ $message = (new TemplatedEmail())
+ //Set sender
+ ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title']))
+ //Set recipient
+ //XXX: remove the debug set in vendor/symfony/mime/Address.php +46
+ ->to(new Address($activateMail['context']['recipient_mail'], $activateMail['context']['recipient_name']))
+ //Set subject
+ ->subject($activateMail['subject'])
+
+ //Set path to twig templates
+ ->htmlTemplate($activateMail['html'])
+ ->textTemplate($activateMail['text'])
+
+ //Set context
+ ->context(['subject' => $activateMail['subject']]+$activateMail['context']);
+
+ //Try sending message
+ //XXX: mail delivery may silently fail
+ try {
+ //Send message
+ $this->mailer->send($message);
+ //Catch obvious transport exception
+ } catch(TransportExceptionInterface $e) {
+ //Add error message mail unreachable
+ $this->addFlash('error', $this->translator->trans('Account %mail% tried activate but unable to contact', ['%mail%' => $existing->getMail()]));
+ }
+
+ //Get route params
+ $routeParams = $request->get('_route_params');
+
+ //Remove mail, field and hash from route params
+ unset($routeParams['mail'], $routeParams['field'], $routeParams['hash']);
+
+ //Redirect on the same route with sent=1 to cleanup form
+ return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$routeParams);
+ }
+
+ //Add error message mail already exists
+ $this->addFlash('warning', $this->translator->trans('Account %mail% already exists', ['%mail%' => $existing->getMail()]));
+
+ //Redirect to user view
+ return $this->redirectToRoute(
+ $this->config['route']['edit']['name'],
+ [
+ 'mail' => $smail = $this->slugger->short($existing->getMail()),
+ 'hash' => $this->slugger->hash($smail)
+ ]+$this->config['route']['edit']['context']
+ );
+ }
+ //Without mail
+ } else {
+ //Set smail
+ $smail = $mail;
+ }
+
//Try
try {
//Unshort then unserialize field
- $field = $slugger->unserialize($field);
+ $field = $this->slugger->unserialize($sfield = $field);
//Catch type error
} catch (\Error|\Exception $e) {
//Throw bad request
}
//Without field and hash
} else {
+ //Set smail
+ $smail = $mail;
+
+ //Set smail
+ $sfield = $field;
+
//Reset field
$field = [];
}
+ //Init reflection
+ $reflection = new \ReflectionClass($this->config['class']['user']);
+
+ //Create new user
+ $user = $reflection->newInstance(strval($mail));
+
//Create the RegisterType form and give the proper parameters
- $form = $this->createForm($this->config['register']['view']['form'], null, $field+[
+ $form = $this->createForm($this->config['register']['view']['form'], $user, $field+[
//Set action to register route name and context
- 'action' => $this->generateUrl($this->config['route']['register']['name'], $this->config['route']['register']['context']),
+ 'action' => $this->generateUrl($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield, 'hash' => $hash]+$this->config['route']['register']['context']),
//Set civility class
'civility_class' => $this->config['class']['civility'],
//Set civility default
- 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+ 'civility_default' => $this->doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
//With mail
'mail' => true,
//Set method
'method' => 'POST'
- ]);
+ ]+$this->config['register']['field']);
+ //With post method
if ($request->isMethod('POST')) {
//Refill the fields in case the form is not valid.
$form->handleRequest($request);
- if ($form->isValid()) {
+ //With form submitted and valid
+ if ($form->isSubmitted() && $form->isValid()) {
//Set data
$data = $form->getData();
+ //With existing registrant
+ if ($this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail = $data->getMail())) {
+ //Add error message mail already exists
+ $this->addFlash('warning', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
+
+ //Redirect to user view
+ return $this->redirectToRoute(
+ $this->config['route']['edit']['name'],
+ [
+ 'mail' => $smail = $this->slugger->short($mail),
+ 'hash' => $this->slugger->hash($smail)
+ ]+$this->config['route']['edit']['context']
+ );
+ }
+
//Set mail shortcut
$registerMail =& $this->config['register']['mail'];
- //Set extra
- $extra = [];
-
- //Init reflection
- $reflection = new \ReflectionClass($this->config['class']['user']);
-
- //Create new user
- $user = $reflection->newInstance();
-
- //Iterate on each entry
- //TODO: store add/set action between [] ???
- foreach($data as $key => $value) {
- //Skip mail
- if ($key == 'mail') {
- continue;
- //Store shorted title
- } elseif (is_callable([$value, 'getTitle'])) {
- $extra[$key.'(title)'] = $value->getTitle();
- //Store shorted id
- } elseif (is_callable([$value, 'getId'])) {
- $extra[$key.'(id)'] = $value->getId();
- //Store encoded password
- } elseif(!empty($value) && $key == 'password') {
- $extra['password'] = $encoder->encodePassword($user, $value);
- //Store shorted value
- } elseif (!empty($value)) {
- $extra[$key] = $value;
+ //Set password
+ $user->setPassword($this->hasher->hashPassword($user, $user->getPassword()));
+
+ //Persist user
+ $this->manager->persist($user);
+
+ //Iterate on default group
+ foreach($this->config['default']['group'] as $i => $groupTitle) {
+ //Fetch group
+ if (($group = $this->doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) {
+ //Set default group
+ //XXX: see vendor/symfony/security-core/Role/Role.php
+ $user->addGroup($group);
+ //Group not found
+ } else {
+ //Throw exception
+ //XXX: consider missing group as fatal
+ throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle));
}
}
- //Set mail
- $mail = $slugger->short($data['mail']);
-
- //Set extra
- $extra = $slugger->serialize($extra);
-
//Generate each route route
foreach($this->config['register']['route'] as $route => $tag) {
//Only process defined routes
//Process for confirm url
if ($route == 'confirm') {
//Set the url in context
- $registerMail['context'][$tag] = $this->get('router')->generate(
+ $registerMail['context'][$tag] = $this->router->generate(
$this->config['route'][$route]['name'],
//Prepend subscribe context with tag
[
- 'mail' => $mail,
- 'extra' => $extra,
- 'hash' => $slugger->hash($mail.$extra)
+ 'mail' => $smail = $this->slugger->short($data->getMail()),
+ 'hash' => $this->slugger->hash($smail)
]+$this->config['route'][$route]['context'],
UrlGeneratorInterface::ABSOLUTE_URL
);
}
}
- //Log new user infos
- $logger->emergency(
- $this->translator->trans(
- 'newuser:mail=%mail%|locale=%locale%|confirm=%confirm%',
- [
- '%mail%' => $data['mail'],
- '%locale%' => $request->getLocale(),
- '%confirm%' => $registerMail['context'][$this->config['register']['route']['confirm']]
- ]
- )
- );
-
//Set recipient_name
- $registerMail['context']['recipient_mail'] = $data['mail'];
+ $registerMail['context']['recipient_mail'] = $data->getMail();
//Set recipient name
- $registerMail['context']['recipient_name'] = '';
-
- //With forename, surname and pseudonym
- if (isset($data['forename']) && isset($data['surname']) && isset($data['pseudonym'])) {
- //Set recipient name
- $registerMail['context']['recipient_name'] = implode(' ', [$data['forename'], $data['surname'], $data['pseudonym']?'('.$data['pseudonym'].')':'']);
- //With pseudonym
- } elseif (isset($data['pseudonym'])) {
- //Set recipient name
- $registerMail['context']['recipient_name'] = $data['pseudonym'];
- }
+ $registerMail['context']['recipient_name'] = $data->getRecipientName();
//Init subject context
- $subjectContext = $slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $registerMail['context']), null, '.', '%', '%');
+ $subjectContext = $this->slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $registerMail['context']), null, '.', '%', '%');
//Translate subject
$registerMail['subject'] = ucfirst($this->translator->trans($registerMail['subject'], $subjectContext));
//Set context
->context(['subject' => $registerMail['subject']]+$registerMail['context']);
- //Try sending message
- //XXX: mail delivery may silently fail
+ //Try saving in database
try {
- //Send message
- $mailer->send($message);
-
- //Redirect on the same route with sent=1 to cleanup form
- return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
- //Catch obvious transport exception
- } catch(TransportExceptionInterface $e) {
- //Add error message mail unreachable
- $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', array('%mail%' => $data['mail']))));
+ //Send to database
+ $this->manager->flush();
+
+ //Add error message mail already exists
+ $this->addFlash('notice', $this->translator->trans('Your account has been created'));
+
+ //Try sending message
+ //XXX: mail delivery may silently fail
+ try {
+ //Send message
+ $this->mailer->send($message);
+
+ //Redirect on the same route with sent=1 to cleanup form
+ return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
+ //Catch obvious transport exception
+ } catch(TransportExceptionInterface $e) {
+ //Add error message mail unreachable
+ $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', ['%mail%' => $data->getMail()])));
+ }
+ //Catch double subscription
+ } catch (UniqueConstraintViolationException $e) {
+ //Add error message mail already exists
+ $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
}
}
}
['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['register']['view']['context']
);
}
-
- /**
- * {@inheritdoc}
- */
- public function getAlias() {
- return 'rapsys_user';
- }
}