]> Raphaël G. Git Repositories - userbundle/blobdiff - Controller/DefaultController.php
Add strict
[userbundle] / Controller / DefaultController.php
index 7e163588679981e800c3c31446b37006d6a2f6df..272f7bb19615efec101f9b50661e7a4b92cb8538 100644 (file)
@@ -1,25 +1,41 @@
-<?php
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of the Rapsys UserBundle package.
+ *
+ * (c) Raphaël Gertz <symfony@rapsys.eu>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
 
 namespace Rapsys\UserBundle\Controller;
 
+use Doctrine\Bundle\DoctrineBundle\Registry;
+use Doctrine\ORM\EntityManagerInterface;
+use Psr\Log\LoggerInterface;
 use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\DependencyInjection\ContainerInterface;
-use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Form\FormError;
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
 use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Mime\Address;
+use Symfony\Component\Routing\Exception\MethodNotAllowedException;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Routing\RequestContext;
 use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
 use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 use Symfony\Component\Translation\TranslatorInterface;
-use Psr\Log\LoggerInterface;
 
 use Rapsys\PackBundle\Util\SluggerUtil;
+use Rapsys\UserBundle\RapsysUserBundle;
 
 class DefaultController extends AbstractController {
        //Config array
@@ -39,7 +55,7 @@ class DefaultController extends AbstractController {
         */
        public function __construct(ContainerInterface $container, RouterInterface $router, TranslatorInterface $translator) {
                //Retrieve config
-               $this->config = $container->getParameter($this->getAlias());
+               $this->config = $container->getParameter(self::getAlias());
 
                //Set the translator
                $this->translator = $translator;
@@ -222,20 +238,18 @@ class DefaultController extends AbstractController {
         * Confirm account from mail link
         *
         * @param Request $request The request
+        * @param Registry $manager The doctrine registry
         * @param UserPasswordEncoderInterface $encoder The password encoder
+        * @param EntityManagerInterface $manager The doctrine entity manager
         * @param SluggerUtil $slugger The slugger
         * @param MailerInterface $mailer The mailer
         * @param string $mail The shorted mail address
-        * @param string $extra The serialized then shorted extra array
         * @param string $hash The hashed password
         * @return Response The response
         */
-       public function confirm(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $extra, $hash) {
-               //Get doctrine
-               $doctrine = $this->getDoctrine();
-
+       public function confirm(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, $mail, $hash): Response {
                //With invalid hash
-               if ($hash != $slugger->hash($mail.$extra)) {
+               if ($hash != $slugger->hash($mail)) {
                        //Throw bad request
                        throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
                }
@@ -246,159 +260,95 @@ class DefaultController extends AbstractController {
                //Without valid mail
                if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
                        //Throw bad request
-                       throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail]));
+                       //XXX: prevent slugger reverse engineering by not displaying decoded mail
+                       throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
                }
 
-               //With existing subscriber
-               if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) {
+               //Without existing registrant
+               if (!($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
                        //Add error message mail already exists
-                       $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
-
-                       //Redirect to user view
-                       return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
-               }
-
-               //Get extra
-               $extra = $slugger->unserialize($sextra = $extra);
-
-               //Without valid extra
-               if (!is_array($extra)) {
-                       //Throw bad request
-                       throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'extra', '%value%' => $sextra]));
-               }
-
-               //Extract names and pseudonym from mail
-               $names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $mail))))));
-
-               //Get manager
-               $manager = $doctrine->getManager();
-
-               //Init reflection
-               $reflection = new \ReflectionClass($this->config['class']['user']);
-
-               //Create new user
-               $user = $reflection->newInstance();
-
-               //Set mail
-               $user->setMail($mail);
-
-               //Set default value
-               $default = [
-                       'civility(title)' => $this->config['default']['civility'],
-                       'pseudonym' => $pseudonym,
-                       'forename' => $names[0]??$pseudonym,
-                       'surname' => $names[1]??$pseudonym,
-                       'password' => $encoder->encodePassword($user, $mail),
-                       'active' => true
-               ];
-
-               //Iterate on each default value
-               //TODO: store add/set action between [] ???
-               foreach($extra+$default as $key => $value) {
-                       //Set member
-                       $member = $key;
-
-                       //With title entity
-                       if (substr($key, -strlen('(title)')) === '(title)') {
-                               //Remove field info
-                               $member = substr($member, 0, -strlen('(title)'));
-
-                               //Get object as value
-                               $value = $doctrine->getRepository($this->config['class'][$member])->findOneByTitle($value);
-                       //With id entity
-                       } elseif (substr($key, -strlen('(id)')) === '(id)') {
-                               //Remove field info
-                               $member = substr($member, 0, -strlen('(id)'));
-
-                               //Get object as value
-                               $value = $doctrine->getRepository($this->config['class'][$key])->findOneById($value);
-                       }
-
-                       //Set value
-                       $user->{'set'.ucfirst($member)}($value);
+                       //XXX: prevent slugger reverse engineering by not displaying decoded mail
+                       $this->addFlash('error', $this->translator->trans('Account %mail% do not exists', ['%mail%' => $smail]));
 
-                       //Unset extra value
-                       unset($extra[$key]);
+                       //Redirect to register view
+                       return $this->redirectToRoute($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield = $slugger->serialize([]), 'hash' => $slugger->hash($smail.$sfield)]+$this->config['route']['register']['context']);
                }
 
-               //Iterate on default group
-               foreach($this->config['default']['group'] as $i => $groupTitle) {
-                       //Fetch group
-                       if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) {
-                               //Set default group
-                               //XXX: see vendor/symfony/security-core/Role/Role.php
-                               $user->addGroup($group);
-                       //Group not found
-                       } else {
-                               //Throw exception
-                               //XXX: consider missing group as fatal
-                               throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle));
-                       }
-               }
+               //Set active
+               $user->setActive(true);
 
-               $user->setCreated(new \DateTime('now'));
+               //Set updated
                $user->setUpdated(new \DateTime('now'));
 
                //Persist user
                $manager->persist($user);
 
-               //Try saving in database
-               try {
-                       //Send to database
-                       $manager->flush();
+               //Send to database
+               $manager->flush();
 
-                       //Add error message mail already exists
-                       $this->addFlash('notice', $this->translator->trans('Your account has been created'));
-               //Catch double subscription
-               } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) {
-                       //Add error message mail already exists
-                       $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
-               }
+               //Add error message mail already exists
+               $this->addFlash('notice', $this->translator->trans('Your account has been activated'));
 
                //Redirect to user view
-               return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
+               return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
        }
 
        /**
         * Edit account by shorted mail
         *
         * @param Request $request The request
+        * @param Registry $manager The doctrine registry
+        * @param UserPasswordEncoderInterface $encoder The password encoder
+        * @param EntityManagerInterface $manager The doctrine entity manager
         * @param SluggerUtil $slugger The slugger
         * @param string $mail The shorted mail address
+        * @param string $hash The hashed password
         * @return Response The response
         */
-       public function edit(Request $request, SluggerUtil $slugger, $mail) {
-               //Get doctrine
-               $doctrine = $this->getDoctrine();
+       public function edit(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, $mail, $hash): Response {
+               //With invalid hash
+               if ($hash != $slugger->hash($mail)) {
+                       //Throw bad request
+                       throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+               }
 
                //Get mail
                $mail = $slugger->unshort($smail = $mail);
 
                //With existing subscriber
                if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
-                       var_dump($mail);
                        //Throw not found
                        //XXX: prevent slugger reverse engineering by not displaying decoded mail
                        throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
                }
 
-               //Get user token
-               $token = new UsernamePasswordToken($user, null, 'none', $user->getRoles());
-
-               //Check if guest
-               $isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']);
-
                //Prevent access when not admin, user is not guest and not currently logged user
-               if (!$this->isGranted('ROLE_ADMIN') && empty($isGuest) && $user != $this->getUser()) {
+               if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) {
                        //Throw access denied
                        //XXX: prevent slugger reverse engineering by not displaying decoded mail
                        throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
                }
 
                //Create the RegisterType form and give the proper parameters
-               $form = $this->createForm($this->config['register']['view']['form'], $user, [
+               $editForm = $this->createForm($this->config['register']['view']['form'], $user, [
+                       //Set action to register route name and context
+                       'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
+                       //Set civility class
+                       'civility_class' => $this->config['class']['civility'],
+                       //Set civility default
+                       'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+                       //Disable mail
+                       'mail' => $this->isGranted('ROLE_ADMIN'),
+                       //Disable password
+                       'password' => false,
+                       //Set method
+                       'method' => 'POST'
+               ]);
+
+               //Create the RegisterType form and give the proper parameters
+               $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [
                        //Set action to register route name and context
-                       'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']),
+                       'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
                        //Set civility class
                        'civility_class' => $this->config['class']['civility'],
                        //Set civility default
@@ -406,22 +356,75 @@ class DefaultController extends AbstractController {
                        //Disable mail
                        'mail' => $this->isGranted('ROLE_ADMIN'),
                        //Disable password
-                       //XXX: prefer a reset on login to force user unspam action
                        'password' => false,
                        //Set method
                        'method' => 'POST'
                ]);
 
+               //With admin role
+               if ($this->isGranted('ROLE_ADMIN')) {
+                       //Create the LoginType form and give the proper parameters
+                       $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [
+                               //Set action to register route name and context
+                               'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
+                               //Disable mail
+                               'mail' => false,
+                               //Set method
+                               'method' => 'POST'
+                       ]);
+
+                       //With post method
+                       if ($request->isMethod('POST')) {
+                               //Refill the fields in case the form is not valid.
+                               $reset->handleRequest($request);
+
+                               //With reset submitted and valid
+                               if ($reset->isSubmitted() && $reset->isValid()) {
+                                       //Set data
+                                       $data = $reset->getData();
+
+                                       //Set password
+                                       $data->setPassword($encoder->encodePassword($data, $data->getPassword()));
+
+                                       //Set updated
+                                       $data->setUpdated(new \DateTime('now'));
+
+                                       //Queue snippet save
+                                       $manager->persist($data);
+
+                                       //Flush to get the ids
+                                       $manager->flush();
+
+                                       //Add notice
+                                       $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
+
+                                       //Redirect to cleanup the form
+                                       //TODO: extract referer ??? or useless ???
+                                       return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
+                               }
+                       }
+
+                       //Add reset view
+                       $this->config['edit']['view']['context']['reset'] = $reset->createView();
+               //Without admin role
+               //XXX: prefer a reset on login to force user unspam action
+               } else {
+                       //Add notice
+                       $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
+               }
+
+               //With post method
                if ($request->isMethod('POST')) {
                        //Refill the fields in case the form is not valid.
-                       $form->handleRequest($request);
+                       $edit->handleRequest($request);
 
-                       if ($form->isValid()) {
+                       //With edit submitted and valid
+                       if ($edit->isSubmitted() && $edit->isValid()) {
                                //Set data
-                               $data = $form->getData();
+                               $data = $edit->getData();
 
-                               //Get manager
-                               $manager = $doctrine->getManager();
+                               //Set updated
+                               $data->setUpdated(new \DateTime('now'));
 
                                //Queue snippet save
                                $manager->persist($data);
@@ -430,18 +433,12 @@ class DefaultController extends AbstractController {
                                $manager->flush();
 
                                //Add notice
-                               $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail]));
-
-                               //Redirect to user view
-                               //TODO: extract referer ??? or useless ???
-                               return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
+                               $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
 
                                //Redirect to cleanup the form
-                               return $this->redirectToRoute('rapsys_air', ['user' => $data->getId()]);
+                               //TODO: extract referer ??? or useless ???
+                               return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
                        }
-               } else {
-                       //Add notice
-                       $this->addFlash('notice', $this->translator->trans('To change your password login with your mail %mail% and any password then follow the procedure', ['%mail%' => $mail]));
                }
 
                //Render view
@@ -449,7 +446,7 @@ class DefaultController extends AbstractController {
                        //Template
                        $this->config['edit']['view']['name'],
                        //Context
-                       ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
+                       ['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
                );
        }
 
@@ -458,21 +455,47 @@ class DefaultController extends AbstractController {
         *
         * @param Request $request The request
         * @param AuthenticationUtils $authenticationUtils The authentication utils
+        * @param RouterInterface $router The router instance
+        * @param SluggerUtil $slugger The slugger
+        * @param string $mail The shorted mail address
+        * @param string $hash The hashed password
         * @return Response The response
         */
-       public function login(Request $request, AuthenticationUtils $authenticationUtils) {
+       public function login(Request $request, AuthenticationUtils $authenticationUtils, RouterInterface $router, SluggerUtil $slugger, $mail, $hash): Response {
                //Create the LoginType form and give the proper parameters
                $login = $this->createForm($this->config['login']['view']['form'], null, [
                        //Set action to login route name and context
                        'action' => $this->generateUrl($this->config['route']['login']['name'], $this->config['route']['login']['context']),
+                       //Disable repeated password
+                       'password_repeated' => false,
+                       //Set method
                        'method' => 'POST'
                ]);
 
                //Init context
                $context = [];
 
+               //With mail
+               if (!empty($mail) && !empty($hash)) {
+                       //With invalid hash
+                       if ($hash != $slugger->hash($mail)) {
+                               //Throw bad request
+                               throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+                       }
+
+                       //Get mail
+                       $mail = $slugger->unshort($smail = $mail);
+
+                       //Without valid mail
+                       if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+                               //Throw bad request
+                               throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
+                       }
+
+                       //Prefilled mail
+                       $login->get('mail')->setData($mail);
                //Last username entered by the user
-               if ($lastUsername = $authenticationUtils->getLastUsername()) {
+               } elseif ($lastUsername = $authenticationUtils->getLastUsername()) {
                        $login->get('mail')->setData($lastUsername);
                }
 
@@ -484,7 +507,7 @@ class DefaultController extends AbstractController {
                        //Add error message to mail field
                        $login->get('mail')->addError(new FormError($error));
 
-                       //Create the RecoverType form and give the proper parameters
+                       //Create the LoginType form and give the proper parameters
                        $recover = $this->createForm($this->config['recover']['view']['form'], null, [
                                //Set action to recover route name and context
                                'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']),
@@ -505,6 +528,7 @@ class DefaultController extends AbstractController {
                        $context['recover'] = $recover->createView();
                } else {
                        //Add notice
+                       //TODO: drop it if referer route is recover ?
                        $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
                }
 
@@ -521,7 +545,9 @@ class DefaultController extends AbstractController {
         * Recover account
         *
         * @param Request $request The request
+        * @param Registry $manager The doctrine registry
         * @param UserPasswordEncoderInterface $encoder The password encoder
+        * @param EntityManagerInterface $manager The doctrine entity manager
         * @param SluggerUtil $slugger The slugger
         * @param MailerInterface $mailer The mailer
         * @param string $mail The shorted mail address
@@ -529,13 +555,10 @@ class DefaultController extends AbstractController {
         * @param string $hash The hashed password
         * @return Response The response
         */
-       public function recover(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash) {
-               //Get doctrine
-               $doctrine = $this->getDoctrine();
-
+       public function recover(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash): Response {
                //Without mail, pass and hash
                if (empty($mail) && empty($pass) && empty($hash)) {
-                       //Create the RecoverType form and give the proper parameters
+                       //Create the LoginType form and give the proper parameters
                        $form = $this->createForm($this->config['recover']['view']['form'], null, [
                                //Set action to recover route name and context
                                'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']),
@@ -658,7 +681,8 @@ class DefaultController extends AbstractController {
                //Without valid mail
                if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
                        //Throw bad request
-                       throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail]));
+                       //XXX: prevent slugger reverse engineering by not displaying decoded mail
+                       throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
                }
 
                //With existing subscriber
@@ -675,7 +699,7 @@ class DefaultController extends AbstractController {
                        throw $this->createNotFoundException($this->translator->trans('Outdated recover link'));
                }
 
-               //Create the RecoverType form and give the proper parameters
+               //Create the LoginType form and give the proper parameters
                $form = $this->createForm($this->config['recover']['view']['form'], $user, [
                        //Set action to recover route name and context
                        'action' => $this->generateUrl($this->config['route']['recover']['name'], ['mail' => $smail, 'pass' => $pass, 'hash' => $hash]+$this->config['route']['recover']['context']),
@@ -705,9 +729,6 @@ class DefaultController extends AbstractController {
                                //Set updated
                                $user->setUpdated(new \DateTime('now'));
 
-                               //Get manager
-                               $manager = $doctrine->getManager();
-
                                //Persist user
                                $manager->persist($user);
 
@@ -735,30 +756,56 @@ class DefaultController extends AbstractController {
         * Register an account
         *
         * @param Request $request The request
+        * @param Registry $manager The doctrine registry
         * @param UserPasswordEncoderInterface $encoder The password encoder
+        * @param EntityManagerInterface $manager The doctrine entity manager
         * @param SluggerUtil $slugger The slugger
         * @param MailerInterface $mailer The mailer
         * @param LoggerInterface $logger The logger
+        * @param string $mail The shorted mail address
         * @param string $field The serialized then shorted form field array
         * @param string $hash The hashed serialized field array
         * @return Response The response
         */
-       public function register(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $field, $hash) {
-               //Get doctrine
-               $doctrine = $this->getDoctrine();
+       public function register(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $mail, $field, $hash): Response {
+               //Init reflection
+               $reflection = new \ReflectionClass($this->config['class']['user']);
+
+               //Create new user
+               $user = $reflection->newInstance();
 
-               //With field
+               //With mail and field
                if (!empty($field) && !empty($hash)) {
                        //With invalid hash
-                       if ($hash != $slugger->hash($field)) {
+                       if ($hash != $slugger->hash($mail.$field)) {
                                //Throw bad request
                                throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
                        }
 
+                       //With mail
+                       if (!empty($mail)) {
+                               //Get mail
+                               $mail = $slugger->unshort($smail = $mail);
+
+                               //Without valid mail
+                               if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+                                       //Throw bad request
+                                       //XXX: prevent slugger reverse engineering by not displaying decoded mail
+                                       throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
+                               }
+
+                               //Set mail
+                               $user->setMail($mail);
+                       //Without mail
+                       } else {
+                               //Set smail
+                               $smail = $mail;
+                       }
+
                        //Try
                        try {
                                //Unshort then unserialize field
-                               $field = $slugger->unserialize($field);
+                               $field = $slugger->unserialize($sfield = $field);
                        //Catch type error
                        } catch (\Error|\Exception $e) {
                                //Throw bad request
@@ -772,14 +819,20 @@ class DefaultController extends AbstractController {
                        }
                //Without field and hash
                } else {
+                       //Set smail
+                       $smail = $mail;
+
+                       //Set smail
+                       $sfield = $sfield;
+
                        //Reset field
                        $field = [];
                }
 
                //Create the RegisterType form and give the proper parameters
-               $form = $this->createForm($this->config['register']['view']['form'], null, $field+[
+               $form = $this->createForm($this->config['register']['view']['form'], $user, $field+[
                        //Set action to register route name and context
-                       'action' => $this->generateUrl($this->config['route']['register']['name'], $this->config['route']['register']['context']),
+                       'action' => $this->generateUrl($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield, 'hash' => $hash]+$this->config['route']['register']['context']),
                        //Set civility class
                        'civility_class' => $this->config['class']['civility'],
                        //Set civility default
@@ -798,44 +851,62 @@ class DefaultController extends AbstractController {
                                //Set data
                                $data = $form->getData();
 
+                               //With existing registrant
+                               if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail = $data->getMail())) {
+                                       //Add error message mail already exists
+                                       $this->addFlash('warning', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
+
+                                       //Redirect to user view
+                                       return $this->redirectToRoute(
+                                               $this->config['route']['edit']['name'],
+                                               [
+                                                       'mail' => $smail = $slugger->short($mail),
+                                                       'hash' => $slugger->hash($smail)
+                                               ]+$this->config['route']['edit']['context']
+                                       );
+                               }
+
                                //Set mail shortcut
                                $registerMail =& $this->config['register']['mail'];
 
-                               //Set extra
-                               $extra = [];
-
-                               //Init reflection
-                               $reflection = new \ReflectionClass($this->config['class']['user']);
-
-                               //Create new user
-                               $user = $reflection->newInstance();
-
-                               //Iterate on each entry
-                               //TODO: store add/set action between [] ???
-                               foreach($data as $key => $value) {
-                                       //Skip mail
-                                       if ($key == 'mail') {
-                                               continue;
-                                       //Store shorted title
-                                       } elseif (is_callable([$value, 'getTitle'])) {
-                                               $extra[$key.'(title)'] = $value->getTitle();
-                                       //Store shorted id
-                                       } elseif (is_callable([$value, 'getId'])) {
-                                               $extra[$key.'(id)'] = $value->getId();
-                                       //Store encoded password
-                                       } elseif(!empty($value) && $key == 'password') {
-                                               $extra['password'] = $encoder->encodePassword($user, $value);
-                                       //Store shorted value
-                                       } elseif (!empty($value)) {
-                                               $extra[$key] = $value;
-                                       }
-                               }
+                               //Extract names and pseudonym from mail
+                               $names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $data->getMail()))))));
 
-                               //Set mail
-                               $mail = $slugger->short($data['mail']);
+                               //Set pseudonym
+                               $user->setPseudonym($user->getPseudonym()??$pseudonym);
+
+                               //Set forename
+                               $user->setForename($user->getForename()??$names[0]);
+
+                               //Set surname
+                               $user->setSurname($user->getSurname()??$names[1]??$names[0]);
+
+                               //Set password
+                               $user->setPassword($encoder->encodePassword($user, $user->getPassword()??$data->getMail()));
+
+                               //Set created
+                               $user->setCreated(new \DateTime('now'));
+
+                               //Set updated
+                               $user->setUpdated(new \DateTime('now'));
+
+                               //Persist user
+                               $manager->persist($user);
 
-                               //Set extra
-                               $extra = $slugger->serialize($extra);
+                               //Iterate on default group
+                               foreach($this->config['default']['group'] as $i => $groupTitle) {
+                                       //Fetch group
+                                       if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) {
+                                               //Set default group
+                                               //XXX: see vendor/symfony/security-core/Role/Role.php
+                                               $user->addGroup($group);
+                                       //Group not found
+                                       } else {
+                                               //Throw exception
+                                               //XXX: consider missing group as fatal
+                                               throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle));
+                                       }
+                               }
 
                                //Generate each route route
                                foreach($this->config['register']['route'] as $route => $tag) {
@@ -848,9 +919,8 @@ class DefaultController extends AbstractController {
                                                                $this->config['route'][$route]['name'],
                                                                //Prepend subscribe context with tag
                                                                [
-                                                                       'mail' => $mail,
-                                                                       'extra' => $extra,
-                                                                       'hash' => $slugger->hash($mail.$extra)
+                                                                       'mail' => $smail = $slugger->short($data->getMail()),
+                                                                       'hash' => $slugger->hash($smail)
                                                                ]+$this->config['route'][$route]['context'],
                                                                UrlGeneratorInterface::ABSOLUTE_URL
                                                        );
@@ -858,12 +928,16 @@ class DefaultController extends AbstractController {
                                        }
                                }
 
+                               //XXX: DEBUG: remove me
+                               //die($registerMail['context']['confirm_url']);
+
                                //Log new user infos
+                               //XXX: useless ???
                                $logger->emergency(
                                        $this->translator->trans(
                                                'newuser:mail=%mail%|locale=%locale%|confirm=%confirm%',
                                                [
-                                                       '%mail%' => $data['mail'],
+                                                       '%mail%' => $data->getMail(),
                                                        '%locale%' => $request->getLocale(),
                                                        '%confirm%' => $registerMail['context'][$this->config['register']['route']['confirm']]
                                                ]
@@ -871,20 +945,13 @@ class DefaultController extends AbstractController {
                                );
 
                                //Set recipient_name
-                               $registerMail['context']['recipient_mail'] = $data['mail'];
+                               $registerMail['context']['recipient_mail'] = $data->getMail();
 
                                //Set recipient name
                                $registerMail['context']['recipient_name'] = '';
 
-                               //With forename, surname and pseudonym
-                               if (isset($data['forename']) && isset($data['surname']) && isset($data['pseudonym'])) {
-                                       //Set recipient name
-                                       $registerMail['context']['recipient_name'] = implode(' ', [$data['forename'], $data['surname'], $data['pseudonym']?'('.$data['pseudonym'].')':'']);
-                               //With pseudonym
-                               } elseif (isset($data['pseudonym'])) {
-                                       //Set recipient name
-                                       $registerMail['context']['recipient_name'] = $data['pseudonym'];
-                               }
+                               //Set recipient name
+                               $registerMail['context']['recipient_name'] = implode(' ', [$data->getForename(), $data->getSurname(), $data->getPseudonym()?'('.$data->getPseudonym().')':'']);
 
                                //Init subject context
                                $subjectContext = $slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $registerMail['context']), null, '.', '%', '%');
@@ -909,18 +976,31 @@ class DefaultController extends AbstractController {
                                        //Set context
                                        ->context(['subject' => $registerMail['subject']]+$registerMail['context']);
 
-                               //Try sending message
-                               //XXX: mail delivery may silently fail
+                               //Try saving in database
                                try {
-                                       //Send message
-                                       $mailer->send($message);
-
-                                       //Redirect on the same route with sent=1 to cleanup form
-                                       return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
-                               //Catch obvious transport exception
-                               } catch(TransportExceptionInterface $e) {
-                                       //Add error message mail unreachable
-                                       $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', array('%mail%' => $data['mail']))));
+                                       //Send to database
+                                       $manager->flush();
+
+                                       //Add error message mail already exists
+                                       $this->addFlash('notice', $this->translator->trans('Your account has been created'));
+
+                                       //Try sending message
+                                       //XXX: mail delivery may silently fail
+                                       try {
+                                               //Send message
+                                               $mailer->send($message);
+
+                                               //Redirect on the same route with sent=1 to cleanup form
+                                               return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
+                                       //Catch obvious transport exception
+                                       } catch(TransportExceptionInterface $e) {
+                                               //Add error message mail unreachable
+                                               $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', ['%mail%' => $data->getMail()])));
+                                       }
+                               //Catch double subscription
+                               } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) {
+                                       //Add error message mail already exists
+                                       $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
                                }
                        }
                }
@@ -937,7 +1017,7 @@ class DefaultController extends AbstractController {
        /**
         * {@inheritdoc}
         */
-       public function getAlias() {
-               return 'rapsys_user';
+       public function getAlias(): string {
+               return RapsysUserBundle::getAlias();
        }
 }