X-Git-Url: https://git.rapsys.eu/userbundle/blobdiff_plain/17869e03521ae16d21e3e7d7998ec23fd5da1686..45a5c17fb68fb988c8a480015a4813ba1aec4982:/Handler/AuthenticationFailureHandler.php

diff --git a/Handler/AuthenticationFailureHandler.php b/Handler/AuthenticationFailureHandler.php
index 5945644..14d4dec 100644
--- a/Handler/AuthenticationFailureHandler.php
+++ b/Handler/AuthenticationFailureHandler.php
@@ -11,251 +11,301 @@
 
 namespace Rapsys\UserBundle\Handler;
 
+use Doctrine\Persistence\ManagerRegistry;
+
 use Psr\Log\LoggerInterface;
+
+use Rapsys\PackBundle\Util\SluggerUtil;
+
+use Rapsys\UserBundle\Exception\UnactivatedException;
+use Rapsys\UserBundle\RapsysUserBundle;
+
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpFoundation\Session\FlashBagAwareSessionInterface;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\Mime\Address;
 use Symfony\Component\Routing\Exception\ResourceNotFoundException;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Routing\RequestContext;
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 use Symfony\Component\Security\Core\Exception\DisabledException;
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
 use Symfony\Component\Security\Http\Authentication\DefaultAuthenticationFailureHandler;
 use Symfony\Component\Security\Http\HttpUtils;
-use Symfony\Component\Security\Http\ParameterBagUtils;
-
-use Rapsys\PackBundle\Util\SluggerUtil;
-use Rapsys\UserBundle\Exception\UnactivatedException;
-use Rapsys\UserBundle\RapsysUserBundle;
+use Symfony\Contracts\Translation\TranslatorInterface;
 
 /**
  * {@inheritdoc}
  */
 class AuthenticationFailureHandler extends DefaultAuthenticationFailureHandler {
 	/**
-	 * Config array
+	 * Alias string
 	 */
-	protected $config;
-    protected $options;
-    protected $defaultOptions = [
-        'failure_path' => null,
-        'failure_forward' => false,
-        'login_path' => '/login',
-        'failure_path_parameter' => '_failure_path',
-    ];
+	protected string $alias;
 
 	/**
-	 * Router instance
-	 */
-	protected $router;
-
-	/**
-	 * Slugger instance
+	 * Config array
 	 */
-	protected $slugger;
+	protected array $config;
+	protected array $defaultOptions = [
+		'failure_path' => null,
+		'failure_forward' => false,
+		'login_path' => '/login',
+		'failure_path_parameter' => '_failure_path',
+	];
 
 	/**
 	 * {@inheritdoc}
+	 *
+	 * @xxx Second argument will be replaced by security.firewalls.main.logout.target
+	 * @see vendor/symfony/security-bundle/DependencyInjection/SecurityExtension.php +360
+	 *
+	 * @param HttpKernelInterface $httpKernel The http kernel
+	 * @param HttpUtils $httpUtils The http utils
+	 * @param array $options The options
+	 * @param LoggerInterface $logger The logger instance
+	 * @param ContainerInterface $container The container instance
+	 * @param ManagerRegistry $doctrine The doctrine instance
+	 * @param MailerInterface $mailer The mailer instance
+	 * @param RouterInterface $router The router instance
+	 * @param SluggerUtil $slugger The slugger instance
+	 * @param RequestStack $stack The stack instance
+	 * @param TranslatorInterface $translator The translator instance
 	 */
-    public function __construct(HttpKernelInterface $httpKernel, HttpUtils $httpUtils, array $options = [], LoggerInterface $logger, ContainerInterface $container, RouterInterface $router, SluggerUtil $slugger) {
+	public function __construct(protected HttpKernelInterface $httpKernel, protected HttpUtils $httpUtils, protected array $options, protected ?LoggerInterface $logger, protected ContainerInterface $container, protected ManagerRegistry $doctrine, protected MailerInterface $mailer, protected RouterInterface $router, protected SluggerUtil $slugger, protected RequestStack $stack, protected TranslatorInterface $translator) {
+		//Call parent constructor
+		parent::__construct($httpKernel, $httpUtils, $options, $logger);
+
 		//Set config
-		$this->config = $container->getParameter(self::getAlias());
+		$this->config = $container->getParameter($this->alias = RapsysUserBundle::getAlias());
+	}
 
-		//Set router
-		$this->router = $router;
+	/**
+	 * Adds a flash message to the current session for type.
+	 *
+	 * @throws \LogicException
+	 */
+	protected function addFlash(string $type, mixed $message): void {
+		try {
+			$session = $this->stack->getSession();
+		} catch (SessionNotFoundException $e) {
+			throw new \LogicException('You cannot use the addFlash method if sessions are disabled. Enable them in "config/packages/framework.yaml".', 0, $e);
+		}
 
-		//Set slugger
-		$this->slugger = $slugger;
+		if (!$session instanceof FlashBagAwareSessionInterface) {
+			throw new \LogicException(sprintf('You cannot use the addFlash method because class "%s" doesn\'t implement "%s".', get_debug_type($session), FlashBagAwareSessionInterface::class));
+		}
 
-		//Call parent constructor
-		parent::__construct($httpKernel, $httpUtils, $options, $logger);
+		$session->getFlashBag()->add($type, $message);
 	}
 
-    /**
-	 * This is called when an interactive authentication attempt fails
-	 *
-	 * User may retrieve mail + field + hash for each unactivated/locked accounts
-	 *
+	/**
 	 * {@inheritdoc}
+	 *
+	 * This is called when an interactive authentication attempt fails
 	 */
 	public function onAuthenticationFailure(Request $request, AuthenticationException $exception): Response {
 		//With bad credential exception
 		if ($exception instanceof BadCredentialsException) {
 			//With parent exception
-			if ($parent = $exception->getPrevious()) {
-				//Retrieve login
-				//TODO: check form _token validity ???
-				if (
-					$request->request->has('login') &&
-					!empty($login = $request->request->get('login')) &&
-					!empty($mail = $login['mail'])
-				) {
-					//Redirect on register
-					if ($parent instanceof UnactivatedException || $parent instanceof DisabledException) {
-						//Set extra parameters
-						$extra = ['mail' => $smail = $this->slugger->short($mail), 'field' => $sfield = $this->slugger->serialize([]), 'hash' => $this->slugger->hash($smail.$sfield)];
-
-						//With failure target path option
-						if (!empty($failurePath = $this->options['failure_path'])) {
-							//With path
-							if ($failurePath[0] == '/') {
-								//Create login path request instance
-								$req = Request::create($failurePath);
-
-								//Get login path pathinfo
-								$path = $req->getPathInfo();
-
-								//Remove script name
-								$path = str_replace($request->getScriptName(), '', $path);
-
-								//Try with login path path
-								try {
-									//Save old context
-									$oldContext = $this->router->getContext();
-
-									//Force clean context
-									//XXX: prevent MethodNotAllowedException on GET only routes because our context method is POST
-									//XXX: see vendor/symfony/routing/Matcher/Dumper/CompiledUrlMatcherTrait.php +42
-									$this->router->setContext(new RequestContext());
-
-									//Retrieve route matching path
-									$route = $this->router->match($path);
-
-									//Reset context
-									$this->router->setContext($oldContext);
-
-									//Clear old context
-									unset($oldContext);
-
-									//With route name
-									if ($name = $route['_route']) {
-										//Remove route and controller from route defaults
-										unset($route['_route'], $route['_controller'], $route['_canonical_route']);
-
-										//Generate url
-										$url = $this->router->generate($name, $extra+$route);
-
-										//Return redirect to url response
-										return new RedirectResponse($url, 302);
-									}
-								//No route matched
-								} catch (ResourceNotFoundException $e) {
-									//Unset default path, name and route
-									unset($failurePath, $name, $route);
-								}
+			if (($parent = $exception->getPrevious()) instanceof UserNotFoundException) {
+				/** Disabled to prevent user mail + hash retrieval for each unactivated/locked accounts
+
+				//Get user identifier
+				$mail = $parent->getUserIdentifier();
+
+				//Set extra parameters
+				$extra = ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)];*/
+
+				//With failure target path option
+				if (!empty($failurePath = $this->options['failure_path'])) {
+					//With path
+					if ($failurePath[0] == '/') {
+						//Create login path request instance
+						$req = Request::create($failurePath);
+
+						//Get login path pathinfo
+						$path = $req->getPathInfo();
+
+						//Remove script name
+						$path = str_replace($request->getScriptName(), '', $path);
+
+						//Try with login path path
+						try {
+							//Save old context
+							$oldContext = $this->router->getContext();
+
+							//Force clean context
+							//XXX: prevent MethodNotAllowedException on GET only routes because our context method is POST
+							//XXX: see vendor/symfony/routing/Matcher/Dumper/CompiledUrlMatcherTrait.php +42
+							$this->router->setContext(new RequestContext());
+
+							//Retrieve route matching path
+							$route = $this->router->match($path);
+
+							//Reset context
+							$this->router->setContext($oldContext);
+
+							//Clear old context
+							unset($oldContext);
+
 							//With route name
-							} else {
-								//Try with login path route
-								try {
-									//Retrieve route matching path
-									$url = $this->router->generate($failurePath, $extra);
-
-									//Return redirect to url response
-									return new RedirectResponse($url, 302);
-								//Route not found, missing parameter or invalid parameter
-								} catch (RouteNotFoundException|MissingMandatoryParametersException|InvalidParameterException $e) {
-									//Unset default path and url
-									unset($failurePath, $url);
-								}
-							}
-						}
+							if ($name = $route['_route']) {
+								//Remove route and controller from route defaults
+								unset($route['_route'], $route['_controller'], $route['_canonical_route']);
 
-						//With index route from config
-						if (!empty($name = $this->config['route']['register']['name']) && is_array($context = $this->config['route']['register']['context'])) {
-							//Try index route
-							try {
 								//Generate url
-								$url = $this->router->generate($name, $extra+$context);
+								$url = $this->router->generate($name, /*$extra+*/$route);
 
-								//Return generated route
+								//Return redirect to url response
 								return new RedirectResponse($url, 302);
-							//No route matched
-							} catch (ResourceNotFoundException $e) {
-								//Unset name and context
-								unset($name, $context);
-							}
-						} 
-
-						//With login target path option
-						if (!empty($loginPath = $this->options['login_path'])) {
-							//With path
-							if ($loginPath[0] == '/') {
-								//Create login path request instance
-								$req = Request::create($loginPath);
-
-								//Get login path pathinfo
-								$path = $req->getPathInfo();
-
-								//Remove script name
-								$path = str_replace($request->getScriptName(), '', $path);
-
-								//Try with login path path
-								try {
-									//Save old context
-									$oldContext = $this->router->getContext();
-
-									//Force clean context
-									//XXX: prevent MethodNotAllowedException on GET only routes because our context method is POST
-									//XXX: see vendor/symfony/routing/Matcher/Dumper/CompiledUrlMatcherTrait.php +42
-									$this->router->setContext(new RequestContext());
-
-									//Retrieve route matching path
-									$route = $this->router->match($path);
-
-									//Reset context
-									$this->router->setContext($oldContext);
-
-									//Clear old context
-									unset($oldContext);
-
-									//With route name
-									if ($name = $route['_route']) {
-										//Remove route and controller from route defaults
-										unset($route['_route'], $route['_controller'], $route['_canonical_route']);
-
-										//Generate url
-										$url = $this->router->generate($name, $extra+$route);
-
-										//Return redirect to url response
-										return new RedirectResponse($url, 302);
-									}
-								//No route matched
-								} catch (ResourceNotFoundException $e) {
-									//Unset default path, name and route
-									unset($loginPath, $name, $route);
-								}
-							//With route name
-							} else {
-								//Try with login path route
-								try {
-									//Retrieve route matching path
-									$url = $this->router->generate($loginPath, $extra);
-
-									//Return redirect to url response
-									return new RedirectResponse($url, 302);
-								//Route not found, missing parameter or invalid parameter
-								} catch (RouteNotFoundException|MissingMandatoryParametersException|InvalidParameterException $e) {
-									//Unset default path and url
-									unset($loginPath, $url);
-								}
 							}
+						//No route matched
+						} catch (ResourceNotFoundException $e) {
+							//Unset default path, name and route
+							unset($failurePath, $name, $route);
+						}
+					//With route name
+					} else {
+						//Try with login path route
+						try {
+							//Retrieve route matching path
+							$url = $this->router->generate($failurePath/*, $extra*/);
+
+							//Return redirect to url response
+							return new RedirectResponse($url, 302);
+						//Route not found, missing parameter or invalid parameter
+						} catch (RouteNotFoundException|MissingMandatoryParametersException|InvalidParameterException $e) {
+							//Unset default path and url
+							unset($failurePath, $url);
+						}
+					}
+				}
+			//With not enabled user
+			} elseif ($parent instanceof DisabledException) {
+				//Add error message account is not enabled
+				$this->addFlash('error', $this->translator->trans('Account not enabled', [], $this->alias));
+
+				//Redirect on the same route with sent=1 to cleanup form
+				return new RedirectResponse($this->router->generate($request->get('_route'), $request->get('_route_params')), 302);
+			//With not activated user
+			} elseif ($parent instanceof UnactivatedException) {
+				//Set user
+				$user = $parent->getUser();
+
+				//Set context
+				$context = [
+					'recipient_mail' => $user->getMail(),
+					'recipient_name' => $user->getRecipientName()
+				] + array_replace_recursive(
+					$this->config['context'],
+					$this->config['register']['view']['context'],
+					$this->config['register']['mail']['context']
+				);
+
+				//Generate each route route
+				foreach($this->config['register']['route'] as $route => $tag) {
+					//Only process defined routes
+					if (!empty($this->config['route'][$route])) {
+						//Process for confirm url
+						if ($route == 'confirm') {
+							//Set the url in context
+							$context[$tag] = $this->router->generate(
+								$this->config['route'][$route]['name'],
+								//Prepend confirm context with tag
+								[
+									'mail' => $smail = $this->slugger->short($context['recipient_mail']),
+									'hash' => $this->slugger->hash($smail)
+								]+$this->config['route'][$route]['context'],
+								UrlGeneratorInterface::ABSOLUTE_URL
+							);
 						}
 					}
 				}
+
+				//Iterate on keys to translate
+				foreach($this->config['translate'] as $translate) {
+					//Extract keys
+					$keys = explode('.', $translate);
+
+					//Set current
+					$current =& $context;
+
+					//Iterate on each subkey
+					do {
+						//Skip unset translation keys
+						if (!isset($current[current($keys)])) {
+							continue(2);
+						}
+
+						//Set current to subkey
+						$current =& $current[current($keys)];
+					} while(next($keys));
+
+					//Set translation
+					$current = $this->translator->trans($current, [], $this->alias);
+
+					//Remove reference
+					unset($current);
+				}
+
+				//Translate subject
+				$context['subject'] = $subject = ucfirst(
+					$this->translator->trans(
+						$this->config['register']['mail']['subject'],
+						$this->slugger->flatten($context, null, '.', '%', '%'),
+						$this->alias
+					)
+				);
+
+				//Create message
+				$message = (new TemplatedEmail())
+					//Set sender
+					->from(new Address($this->config['contact']['address'], $this->config['contact']['name']))
+					//Set recipient
+					//XXX: remove the debug set in vendor/symfony/mime/Address.php +46
+					->to(new Address($context['recipient_mail'], $context['recipient_name']))
+					//Set subject
+					->subject($context['subject'])
+
+					//Set path to twig templates
+					->htmlTemplate($this->config['register']['mail']['html'])
+					->textTemplate($this->config['register']['mail']['text'])
+
+					//Set context
+					->context($context);
+
+				//Try sending message
+				//XXX: mail delivery may silently fail
+				try {
+					//Send message
+					$this->mailer->send($message);
+				//Catch obvious transport exception
+				} catch(TransportExceptionInterface $e) {
+					//Add error message mail unreachable
+					$this->addFlash('error', $this->translator->trans('Unable to reach account', [], $this->alias));
+				}
+
+				//Add notice
+				$this->addFlash('notice', $this->translator->trans('Your verification mail has been sent, to activate your account follow the confirmation link inside', [], $this->alias));
+
+				//Add junk warning
+				$this->addFlash('warning', $this->translator->trans('If you did not receive a verification mail, check your Spam or Junk mail folder', [], $this->alias));
+
+				//Redirect on the same route with sent=1 to cleanup form
+				return new RedirectResponse($this->router->generate($request->get('_route'), $request->get('_route_params')), 302);
 			}
 		}
 
 		//Call parent function
 		return parent::onAuthenticationFailure($request, $exception);
 	}
-
-	/**
-	 * {@inheritdoc}
-	 */
-	public function getAlias(): string {
-		return RapsysUserBundle::getAlias();
-	}
 }